Sync release-aks-2503 with main

sethmanheim · web-flow · commit 9d3f8e5ff6f0 · 2025-03-25T09:45:44.000-07:00
diff --git a/AKS-Arc/TOC.yml b/AKS-Arc/TOC.yml
@@ -99,6 +99,7 @@
       - name: Deploy and configure Workload Identity
         href: workload-identity.md     
     - name: Storage
+      href: concepts-storage.md
       items:
       - name: CSI storage drivers
         items: 
@@ -403,8 +404,6 @@
           href: concepts-node-networking.md
         - name: Kubernetes container networking
           href: concepts-container-networking.md
-    - name: Storage
-      href: concepts-storage.md
     - name: Application availability
       href: app-availability.md
     - name: Scale
diff --git a/AKS-Arc/aks-edge-howto-deploy-azure-iot.md b/AKS-Arc/aks-edge-howto-deploy-azure-iot.md
@@ -4,13 +4,13 @@ description: Learn how to run the quickstart script that creates an Arc-enabled
 author: rcheeran
 ms.author: rcheeran
 ms.topic: how-to
-ms.date: 01/13/2025
+ms.date: 03/24/2025
 ms.custom: template-how-to
 ---
 
 # Create and configure an AKS Edge Essentials cluster that can run Azure IoT Operations
 
-Azure Kubernetes Service (AKS) Edge Essentials is one of the supported cluster platforms for [Azure IoT Operations](/azure/iot-operations/overview-iot-operations). You can use AKS Edge Essentials to create a Microsoft-managed Kubernetes cluster and deploy Azure IoT Operations on it as a workload. This article describes the steps to run a script that creates an AKS Edge Essentials Kubernetes cluster with the required configurations for Azure IoT Operations and then connects that cluster to Azure Arc. 
+Azure Kubernetes Service (AKS) Edge Essentials is one of the supported cluster platforms for [Azure IoT Operations](/azure/iot-operations/overview-iot-operations). You can use AKS Edge Essentials to create a Microsoft-managed Kubernetes cluster and deploy Azure IoT Operations on it as a workload. This article describes the steps to run a script that creates an AKS Edge Essentials Kubernetes cluster with the required configurations for Azure IoT Operations and then connects that cluster to Azure Arc.
 
 > [!NOTE]
 > Azure IoT Operations supports AKS Edge Essentials when deployed on k3s single machine clusters only. K8s clusters are not supported for AIO and deploying clusters on multiple machines is an experimental feature.
@@ -58,61 +58,62 @@ To run the quickstart script, perform the following steps:
 1. Run the following commands:
 
    ```powershell
-   $url = "https://raw.githubusercontent.com/Azure/AKS-Edge/main/tools/scripts/AksEdgeQuickStart/AksEdgeQuickStartForAio.ps1"
-   Invoke-WebRequest -Uri $url -OutFile .\AksEdgeQuickStartForAio.ps1
+   $giturl = "https://raw.githubusercontent.com/Azure/AKS-Edge/main/tools"
+   $url = "$giturl/scripts/AksEdgeQuickStart/AksEdgeQuickStartForAio.ps1"
+   Invoke-WebRequest -Uri $url -OutFile .\AksEdgeQuickStartForAio.ps1 -UseBasicParsing
+   Invoke-WebRequest -Uri "$giturl/aio-aide-userconfig.json" -OutFile .\aio-aide-userconfig.json -UseBasicParsing
+   Invoke-WebRequest -Uri "$giturl/aio-aksedge-config.json" -OutFile .\aio-aksedge-config.json -UseBasicParsing
    Unblock-File .\AksEdgeQuickStartForAio.ps1
    Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process -Force
    ```
 
-1. [Optional] [Azure Arc gateway (preview)](/azure/azure-arc/servers/arc-gateway?tabs=portal) lets you onboard infrastructure to Azure Arc using only 7 endpoints. To use Azure Arc Gateway with Azure IoT Operations on AKS Edge Essentials:
+1. Add the required parameter values in the **aio-aide-userconfig.json** and **aio-aksedge-config.json** files:
 
-   - [Follow step 1 to create an Arc gateway resource](/azure/azure-arc/servers/arc-gateway?tabs=portal#step-1-create-an-arc-gateway-resource).
-   - Note the [URLs listed in step 2](/azure/azure-arc/servers/arc-gateway?tabs=portal#step-2-ensure-the-required-urls-are-allowed-in-your-environment) to add to the `proxy-skip-range` in step 2.
-   - Follow [step 3a in the Arc gateway documentation](/azure/azure-arc/servers/arc-gateway?tabs=portal#step-3a-onboard-azure-arc-resources-with-your-arc-gateway-resource) and save the gateway ID.
-   - In **AksEdgeQuickStartForAio.ps1**, find the `$aideuserConfig` definition. Set the value of `GatewayResourceId` to the gateway ID saved from the previous step.
+   In **aio-aide-userconfig.json**, fill in the following values:
 
-1. Run the following command, and replace the placeholder values with your information:
+   |Flag|Value  |
+   |---------|---------|
+   |SubscriptionId    |      The ID of your Azure subscription. If you don't know your subscription ID, see [Find your Azure subscription](/azure/azure-portal/get-subscription-tenant-id#find-your-azure-subscription). |
+   |TenantId  |    The ID of your Microsoft Entra tenant. If you don't know your tenant ID, see [Find your Microsoft Entra tenant](/azure/azure-portal/get-subscription-tenant-id#find-your-microsoft-entra-tenant).     |
+   |ResourceGroupName     |   The name of an existing resource group or a name for a new resource group to be created. Only one Azure IoT Operations instance is supported per resource group.     |
+   |Location     |      An Azure region close to you. For a list of the Azure IoT Operations's supported Azure regions, see [Supported regions](/azure/iot-operations/overview-iot-operations#supported-regions).   |
+   |CustomLocationOID     |     The object ID value that you retrieved in step 2.     |
+   |EnableWorkloadIdentity (preview) | Enabled by default. While you can opt out before deploying the cluster, you cannot enable it after cluster creation. Workload identity federation lets you configure a user-assigned managed identity or app registration in Microsoft Entra ID to trust tokens from external identity providers (IdPs) such as Kubernetes. To configure workload identity federation, [see this article](aks-edge-workload-identity.md). |
 
-   ```powershell
-   .\AksEdgeQuickStartForAio.ps1 -SubscriptionId "<SUBSCRIPTION_ID>" -TenantId "<TENANT_ID>" -ResourceGroupName "<RESOURCE_GROUP_NAME>"  -Location "<LOCATION>"  -ClusterName "<CLUSTER_NAME>" -CustomLocationOid "<ARC_APP_OBJECT_ID>"
-   ```
+   In **aio-aksedge-config.json**, add the required **ClusterName** field and other optional fields, as follows:
 
-   |Placeholder|Value  |
+   |Flag | Value  |
    |---------|---------|
-   |SUBSCRIPTION_ID     |      The ID of your Azure subscription. If you don't know your subscription ID, see [Find your Azure subscription](/azure/azure-portal/get-subscription-tenant-id#find-your-azure-subscription).   |
-   |TENANT_ID  |    The ID of your Microsoft Entra tenant. If you don't know your tenant ID, see [Find your Microsoft Entra tenant](/azure/azure-portal/get-subscription-tenant-id#find-your-microsoft-entra-tenant).     |
-   |RESOURCE_GROUP_NAME     |   The name of an existing resource group or a name for a new resource group to be created. Only one Azure IoT Operations instance is supported per resource group.     |
-   |LOCATION     |      An Azure region close to you. For the list of Azure IoT Operations's supported Azure regions, see [Supported regions](/azure/iot-operations/overview-iot-operations#supported-regions).   |
-   |CLUSTER_NAME     |    A name for the new cluster to be created.     |
-   |ARC_APP_OBJECT_ID     |  The object ID value that you retrieved in step 2.       |
+   | ClusterName  |    A name for the new cluster to be created.     |
+   | `Proxy-Https` | Provide the proxy value: `https://<proxy-server-ip-address>:<port>`. |
+   | `Proxy-Http` | Provide the proxy value: `http://<proxy-server-ip-address>:<port>`. |
+   | `Proxy-No` | Provide the proxy skip range: `<excludedIP>`,`<excludedCIDR>`. If the `http(s)_proxy` is provided, then `No` should also be updated to `localhost,127.0.0.0/8,192.168.0.0/16,172.17.0.0/16,10.42.0.0/16,10.43.0.0/16,10.96.0.0/12,10.244.0.0/16,.svc,169.254.169.254`. |
 
-   There are other optional flags that you can include when you run **AksEdgeQuickStartForAio.ps1**. The optional flags are as follows: 
+   > [!IMPORTANT]
+   > Preview features are available on a self-service, opt-in basis. Previews are provided "as is" and "as available," and they're excluded from the service-level agreements and limited warranty. AKS Edge Essentials previews are partially covered by customer support on a best-effort basis.
 
-   |Optional flags|Value  |
-   |---------|---------|
-   | `enableWorkloadIdentity` (preview) | Enabled by default. While you can opt out before deploying the cluster, you cannot enable it after cluster creation. Workload identity federation lets you configure a user-assigned managed identity or app registration in Microsoft Entra ID to trust tokens from external identity providers (IdPs) such as Kubernetes. To configure workload identity federation, [see this article](aks-edge-workload-identity.md). |
-   | `proxy-https` | Provide the proxy value: `https://<proxy-server-ip-address>:<port>`. |
-   | `proxy-http` | Provide the proxy value: `http://<proxy-server-ip-address>:<port>`. |
-   | `proxy-skip-range` | Provide the proxy skip range: `<excludedIP>`,`<excludedCIDR>`. If the `http(s)_proxy` is provided, then `no_proxy` should also be updated to `localhost,127.0.0.0/8,192.168.0.0/16,172.17.0.0/16,10.42.0.0/16,10.43.0.0/16,10.96.0.0/12,10.244.0.0/16,.svc,169.254.169.254`. |
+1. [Optional] [Azure Arc gateway (preview)](/azure/azure-arc/servers/arc-gateway?tabs=portal) lets you onboard infrastructure to Azure Arc using only 7 endpoints. To use Azure Arc Gateway with Azure IoT Operations on AKS Edge Essentials:
 
-   You can add these flags as shown in the following example:
+   - [Follow step 1 to create an Arc gateway resource](/azure/azure-arc/servers/arc-gateway?tabs=portal#step-1-create-an-arc-gateway-resource).
+   - Note [the URLs listed in step 2](/azure/azure-arc/servers/arc-gateway?tabs=portal#step-2-ensure-the-required-urls-are-allowed-in-your-environment) to add to the `proxy-no` in **aio-aksedge-config.json**.
+   - Follow [step 3a in the Arc gateway documentation](/azure/azure-arc/servers/arc-gateway?tabs=portal#step-3a-onboard-azure-arc-resources-with-your-arc-gateway-resource) and save the gateway ID.
+   - In **aio-aide-userconfig.json**, set the value of `GatewayResourceId` to the gateway ID saved from the previous step.
 
-   ```powershell
-   .\AksEdgeQuickStartForAio.ps1 -SubscriptionId "<SUBSCRIPTION_ID>" -TenantId "<TENANT_ID>" -ResourceGroupName "<RESOURCE_GROUP_NAME>"  -Location "<LOCATION>"  -ClusterName "<CLUSTER_NAME>" -CustomLocationOid "<ARC_APP_OBJECT_ID>" --enableWorkloadIdentity:false
-   ``` 
+1. Run the following command:
 
-   > [!IMPORTANT]
-   > Preview features are available on a self-service, opt-in basis. Previews are provided "as is" and "as available," and they're excluded from the service-level agreements and limited warranty. AKS Edge Essentials previews are partially covered by customer support on a best-effort basis.
+   ```powershell
+   .\AksEdgeQuickStartForAio.ps1 -aideUserConfigfile .\aio-aide-userconfig.json -aksedgeConfigFile .\aio-aksedge-config.json
+   ```
 
    If there are issues during deployment; for example, if your machine reboots as part of this process, run the set of commands again.
-
+  
    Run the following commands to check that the deployment was successful:
-
+  
    ```powershell
    Import-Module AksEdge
    Get-AksEdgeDeploymentInfo
    ```
-
+  
    In the output of the `Get-AksEdgeDeploymentInfo` command, you should see that the cluster's Arc status is **Connected**.
 
 ## Verify your cluster
diff --git a/AKS-Arc/concepts-storage.md b/AKS-Arc/concepts-storage.md
@@ -15,6 +15,7 @@ ms.reviewer: abha
 
 # Storage options for applications in AKS enabled by Azure Arc
 
+[!INCLUDE [hci-applies-to-23h2](includes/hci-applies-to-23h2.md)]
 [!INCLUDE [applies-to-azure stack-hci-and-windows-server-skus](includes/aks-hci-applies-to-skus/aks-hybrid-applies-to-azure-stack-hci-windows-server-sku.md)]
 
 Applications that run in AKS deployments using Azure Kubernetes Service enabled by Azure Arc might need to store and retrieve data. For some application workloads, the data can use local, fast storage on an unneeded node when the pods are deleted (Kubernetes uses _pods_ to run an instance of an application).
diff --git a/AKS-Arc/scale-requirements.md b/AKS-Arc/scale-requirements.md
@@ -2,7 +2,7 @@
 title: Scale requirements for AKS on Azure Local
 description: Learn about scale requirements for AKS on Azure Local.
 ms.topic: conceptual
-ms.date: 03/21/2025
+ms.date: 03/24/2025
 author: sethmanheim
 ms.author: sethm 
 ms.reviewer: abha
@@ -93,17 +93,17 @@ The following VM sizes for each GPU models are supported by AKS on Azure Local,
 |-------------------|---|----|----|----|
 | Standard_NC4_A2   | 1 | 16 | 4  | 8  |
 | Standard_NC8_A2   | 1 | 16 | 8  | 16 |
-| Standard_NC16_A2  | 2 | 48 | 16 | 64 |
-| Standard_NC32_A2  | 2 | 48 | 32 | 128 | 
+| Standard_NC16_A2  | 2 | 32 | 16 | 64 |
+| Standard_NC32_A2  | 2 | 32 | 32 | 128 | 
 
 ### Nvidia A16 is supported by NC2 A16 SKUs
 
 | VM size | GPUs | GPU Memory: GiB | vCPU | Memory: GiB |
 |--------------------|---|----|----|----|
 | Standard_NC4_A16   | 1 | 16 | 4  | 8  |
 | Standard_NC8_A16   | 1 | 16 | 8  | 16 |
-| Standard_NC16_A16  | 2 | 48 | 16 | 64 |
-| Standard_NC32_A16  | 2 | 48 | 32 | 128 | 
+| Standard_NC16_A16  | 2 | 32 | 16 | 64 |
+| Standard_NC32_A16  | 2 | 32 | 32 | 128 | 
 
 ## Next steps
 
diff --git a/azure-local/known-issues.md b/azure-local/known-issues.md
@@ -43,6 +43,7 @@ The following table lists the known issues in this release:
 
 |Feature  |Issue  |Workaround  |
 |---------|---------|---------|
+| Deployment  | During Azure Local deployment via portal, **Validate selected machines** fails with this error emssage: `Mandatory extension [Lcm controller] installed version [30.2503.0.907] is not equal to the required version [30.2411.2.789] for Arc machine [Name of the machine]. Please create EdgeDevice resource again for this machine to fix the issue.`   | Reinstall the correct version of `AzureEdgeLifecycleManager` extension. Follow these steps: <br> 1. Select the machine and then select **Install extensions**. <br> 2. Repeat this step for each machine you intend to cluster. It takes roughly 15 minutes for the installation to complete. <br> 3. Verify that the `AzureEdgeLifecycleManager` extension version is 30.2411.2.789. <br> 4. After the extensions are installed on all the machines in the list, select **Add machines** to refresh the list. <br> 5. Select **Validate selected machines**. The validation should succeed. |
 | Deployment | During the Azure Local deployment, `DeviceManagementExtension` fails to install when a proxy is configured. | Install previous `DeviceManangementExtension` version 1.2502.0.3012 when using a proxy. |
 | Operating system  | Restoring the registry using *RegBack* isn't supported on Azure Local. This operation can remove the Lifecycle Manager (LCM) and Microsoft On-premises Cloud (MOC) settings on your Azure Local instance, which can corrupt the solution.  | |
 
diff --git a/azure-local/manage/add-server.md b/azure-local/manage/add-server.md
@@ -4,7 +4,7 @@ description: Learn how to manage capacity on your Azure Local, version 23H2 syst
 ms.topic: article
 author: alkohli
 ms.author: alkohli
-ms.date: 01/28/2025
+ms.date: 03/25/2025
 ---
 
 # Add a node on Azure Local
@@ -173,6 +173,10 @@ If you experience failures or errors while adding a node, you can capture the ou
     Add-Server -Rerun
     ```
 
+If you encounter an issue during the add node operation and need help from Microsoft Support, you can follow the steps in [Collect diagnostic logs for Azure Local (preview)](collect-logs.md) to collect and send the diagnostic logs to Microsoft. 
+
+You might need to provide diagnostic logs from the new node that's to be added to the cluster. Make sure you run the `Send-DiagnosticData` cmdlet from the new node.
+
 ## Next steps
 
 - Learn more about how to [Repair a node](./repair-server.md).
diff --git a/azure-local/manage/azure-arc-vm-management-prerequisites.md b/azure-local/manage/azure-arc-vm-management-prerequisites.md
@@ -1,36 +1,36 @@
 ---
-title: Azure Arc VM management prerequisites
-description: Learn about the prerequisites for deploying Azure Arc VM management for Azure Local.
+title: Azure Local VM management prerequisites
+description: Learn about the prerequisites for deploying Azure Local VMs enabled by Azure Arc.
 author: alkohli
 ms.author: alkohli
 ms.topic: how-to
 ms.service: azure-local
-ms.date: 02/03/2025
+ms.date: 03/21/2025
 
 ---
 
-# Azure Arc VM management prerequisites
+# Review prerequisites for Azure Local VMs enabled by Azure Arc
 
 [!INCLUDE [hci-applies-to-23h2](../includes/hci-applies-to-23h2.md)]
 
-This article lists the requirements and prerequisites for Azure Arc VM management on Azure Local. We recommend that you review the requirements and complete the prerequisites before you manage your Arc VMs.
+This article lists the requirements and prerequisites for Azure Local VMs enabled by Azure Arc. We recommend that you review the requirements and complete the prerequisites before you manage your Azure Local VMs.
 
 ## Azure requirements
 
 The Azure requirements include:
 
-- To provision Arc VMs and VM resources such as virtual disks, logical network, network interfaces, and VM images through the Azure portal, you must have access to an Azure subscription with the appropriate RBAC role and permissions assigned. For more information, see [RBAC roles for Azure Local Arc VM management](./assign-vm-rbac-roles.md#about-builtin-rbac-roles).
+- To provision Azure Local VMs and VM resources such as virtual disks, logical network, network interfaces, and VM images through the Azure portal, you must have access to an Azure subscription with the appropriate RBAC role and permissions assigned. For more information, see [RBAC roles for Azure Local VMs](./assign-vm-rbac-roles.md#about-builtin-rbac-roles).
 
-- Arc VM management infrastructure is supported in the regions documented in the [Azure requirements](../concepts//system-requirements-23h2.md#azure-requirements). For Arc VM management on Azure Local, all entities must be registered, enabled, or created in the same region.
+- Azure Local VM infrastructure is supported in the regions documented in the [Azure requirements](../concepts//system-requirements-23h2.md#azure-requirements). For Azure Local VMs, all entities must be registered, enabled, or created in the same region.
 
-  The entities include your Azure Local instance, Arc Resource Bridge, Custom Location, VM operator, virtual machines created from Arc and Azure Arc for Servers guest management. These entities can be in different or same resource groups as long as all resource groups are in the same region.
+  The entities include your Azure Local instance, Azure Arc resource bridge, Custom Location, VM operator, virtual machines created from Arc and Azure Arc for Servers guest management. These entities can be in different or same resource groups as long as all resource groups are in the same region.
 
 
 ## Azure Local requirements
 
-- You have access to an Azure Local instance that is deployed, has an Arc Resource Bridge, and a custom location.
+- You have access to an Azure Local instance that is deployed, has an Azure Arc resource bridge, and a custom location.
 
-  - Go to the **Overview > Server** page in the Azure Local resource. Verify that **Azure Arc** shows as **Connected**. You should also see a custom location and an Arc Resource Bridge for your system.
+  - Go to the **Overview > Server** page in the Azure Local resource. Verify that **Azure Arc** shows as **Connected**. You should also see a custom location and an Azure Arc resource bridge for your system.
     
       :::image type="content" source="./media/azure-arc-vm-management-prerequisites/azure-arc-connected.png" alt-text="Screenshot of the Overview page in the Azure Local resource showing Azure Arc as connected." lightbox="./media/azure-arc-vm-management-prerequisites/azure-arc-connected.png":::
 
@@ -58,7 +58,7 @@ For information on Azure CLI commands for Azure Local VMs, see [az stack-hci-vm]
 
 If you're accessing your Azure Local directly, no steps are needed on your part.
 
-During the system deployment, an Arc Resource Bridge is created and the Azure CLI extension `stack-hci-vm` is installed on the system. You can connect to and manage the system using the Azure CLI extension.
+During the system deployment, an Azure Arc resource bridge is created and the Azure CLI extension `stack-hci-vm` is installed on the system. You can connect to and manage the system using the Azure CLI extension.
 
 ### Connect to the system remotely
 
@@ -103,4 +103,4 @@ If you're accessing your Azure Local remotely, the following requirements must b
 
 ## Next steps
 
-- [Assign RBAC role for Arc VM management](./assign-vm-rbac-roles.md).
+- [Assign RBAC role for Azure Local VMs](./assign-vm-rbac-roles.md).
diff --git a/azure-local/manage/create-arc-virtual-machines.md b/azure-local/manage/create-arc-virtual-machines.md
diff --git a/azure-local/manage/repair-server.md b/azure-local/manage/repair-server.md
diff --git a/azure-local/manage/virtual-machine-manage-extension.md b/azure-local/manage/virtual-machine-manage-extension.md
