Merge pull request #3451 from MicrosoftDocs/main638714377289178079sync_temp

For protected branch, push strategy should use PR and merge to target branch method to work around git push error

Author: learn-build-service-prod[bot]

azure-local/concepts/firewall-requirements.md

@@ -4,7 +4,7 @@ description: This topic provides guidance on firewall requirements for the Azure
 author: alkohli
 ms.author: alkohli
 ms.topic: how-to
-ms.date: 10/17/2024
+ms.date: 01/02/2025
 ---
 
 # Firewall requirements for Azure Local
@@ -31,7 +31,7 @@ Azure Local needs to periodically connect to Azure for:
 - Ports 80 (HTTP) and 443 (HTTPS)
 
 > [!IMPORTANT]
-> Azure Local doesn't support HTTPS inspection. Make sure that HTTPS inspection is disabled along your networking path for Azure Local to prevent any connectivity errors.
+> Azure Local doesn't support HTTPS inspection. Make sure that HTTPS inspection is disabled along your networking path for Azure Local to prevent any connectivity errors. This includes use of [Entra ID **tenant restrictions v1**](/entra/identity/enterprise-apps/tenant-restrictions) which is not supported for Azure Local management network communication.
 
 As shown in the following diagram, Azure Local can access Azure using more than one firewall potentially.
 
@@ -98,7 +98,6 @@ Ensure that the following firewall rules are configured in your on-premises fire
 >[!NOTE]
 > While installing Windows Admin Center, if you select the **Use WinRM over HTTPS only** setting, then port 5986 is required.
 
-
 ### Active Directory
 
 Ensure that the following firewall rules are configured in your on-premises firewall for Active Directory (local security authority).
@@ -107,6 +106,14 @@ Ensure that the following firewall rules are configured in your on-premises fire
 |:--|:--|:--|:--|:--|:--|
 | Allow inbound/outbound connectivity to the Active Directory Web services (ADWS) and Active Directory Management Gateway Service | Allow | Active Directory Services | Azure Local | TCP | 9389 |
 
+### Network Time Protocol
+
+Ensure that the following firewall rules are configured in your on-premises firewall for Network Time Protocol (NTP).
+
+| Rule | Action | Source | Destination | Service | Ports |
+|:--|:--|:--|:--|:--|:--|
+| Allow inbound/outbound connectivity to the Network Time Protocol (NTP) server. This server can be Active Directory domain controllers, or an NTP appliance. | Allow | Azure Local | Network Time Protocol (NTP/SNTP) server | UDP | 123 |
+
 ### Failover Clustering
 
 Ensure that the following firewall rules are configured in your on-premises firewall for Failover Clustering.

azure-local/concepts/system-requirements-23h2.md

@@ -6,7 +6,7 @@ ms.author: alkohli
 ms.topic: how-to
 ms.service: azure-stack-hci
 ms.custom: references_regions
-ms.date: 11/25/2024
+ms.date: 01/02/2025
 ---
 
 # System requirements for Azure Local, version 23H2
@@ -52,7 +52,7 @@ Before you begin, make sure that the physical machine and storage hardware used
 |Memory|A minimum of 32-GB RAM per machine with Error-Correcting Code (ECC). <br> If you can't meet the memory and the ECC requirements, opt for a [Virtual deployment](../deploy/deployment-virtual.md).|
 |Host network adapters|At least two network adapters listed in the Windows Server Catalog. Or dedicated network adapters per intent, which does require two separate adapters for storage intent. For more information, see [Windows Server Catalog](https://www.windowsservercatalog.com/).|
 |BIOS|Intel VT or AMD-V must be turned on.|
-|Boot drive|A minimum size of 200-GB size.|
+|Boot drive|A minimum size of 200 GB.<br>400 GB or more recommended for large memory Azure Local instances for [support and diagnosability](#support-and-diagnosability).|
 |Data drives|At least two disks with a minimum capacity of 500 GB (SSD or HDD).<br>Single machines must use only a single drive type: Nonvolatile Memory Express (NVMe) or Solid-State (SSD) drives.|
 |Trusted Platform Module (TPM)|TPM version 2.0 hardware must be present and turned on.|
 |Secure boot|Secure Boot must be present and turned on.|
@@ -69,7 +69,7 @@ For more feature-specific requirements for Hyper-V, see [System requirements for
 
 ## Networking requirements
 
-An Azure Local instance requires a reliable high-bandwidth, low-latency network connection between each machine.
+Azure Local requires connectivity to public endpoints in Azure, see [Firewall requirements](firewall-requirements.md) for details. Multi-machine deployments of Azure Local require a reliable high-bandwidth, low-latency network connection between each machine in the instance.
 
 Verify that physical switches in your network are configured to allow traffic on any VLANs you use. For more information, see [Physical network requirements for Azure Local](../concepts/physical-network-requirements.md).
 
@@ -80,14 +80,18 @@ Azure Local deployments that exceed the following specifications are not support
 | Resource | Maximum |
 | --- | --- |
 | Physical machines per system |16 |
-| Storage per system |	4 PB |
+| Storage per system | 4 PB |
 | Storage per machine | 400 TB |
-| Volumes per system |	64 |
-| Volume size |	64 TB |
-| Logical processors per host |	512 |
-| RAM per host | 24 TB
+| Volumes per system | 64 |
+| Volume size | 64 TB |
+| Logical processors per host | 512 |
+| RAM per host | 24 TB |
 | Virtual processors per host | 2,048 |
 
+## Support and diagnosability
+
+To ensure adequate support and diagnosability for large memory Azure Local instances (those with more than 768 GB of physical memory per machine), we recommend that you install OS disks with a capacity of 400 GB or more. This additional disk capacity provides sufficient space to troubleshoot hardware, driver, or software issues should they require a kernel memory dump to be written to the OS volume.
+
 ## Hardware requirements
 
 In addition to Microsoft Azure Local updates, many OEMs also release regular updates for your Azure Local hardware, such as driver and firmware updates. To ensure that OEM package update notifications, reach your organization check with your OEM about their specific notification process.

azure-local/media/oem-license/active-oem-license.png

@@ -3,7 +3,7 @@ title: Azure Stack HCI OEM license overview
 description: Learn about the Azure Stack HCI OEM license, its benefits, license requirements, activation, and more.
 author: ronmiab
 ms.topic: overview
-ms.date: 10/21/2024
+ms.date: 12/31/2024
 ms.author: robess
 ms.reviewer: alkohli
 # customer intent: As a content developer, I want to provide customers with the appropriate Azure Stack HCI OEM license information so that they can have a clear understanding of what the license is and how it can be beneficial to them.
@@ -78,8 +78,6 @@ For information on activating AKS, see [Azure Kubernetes Service on Azure Local]
 
 When a cluster or system uses different hardware models, operating system versions, or billing models this is known as a mixed-node scenario. Specifically for OEM license, if your cluster includes a mixed-node scenario where one or more of your machines don't have the OEM license, a notification in your monthly billing status details appears.
 
-:::image type="content" source="media/oem-license/warning-mixed-node.png" alt-text="Screenshot of a warning for a cluster with an unsupported mixed-node scenario." lightbox="media/oem-license/warning-mixed-node.png":::
-
 ***We have detected mixed nodes in your cluster. You will be billed monthly for each node in your cluster as one or more servers in your cluster do not have an OEM license. To see which servers do not have the OEM license, go to Overview > Nodes and check the OEM license column. Learn more.***
 
 > [!NOTE]

azure-local/media/oem-license/no-active-oem-license.png

@@ -3,7 +3,7 @@ title: Install solution upgrade on Azure Local
 description: Learn how to install the solution upgrade on your Azure Local instance.
 author: alkohli
 ms.topic: how-to
-ms.date: 12/02/2024
+ms.date: 12/31/2024
 ms.author: alkohli
 ms.reviewer: alkohli
 ms.service: azure-stack-hci
@@ -41,7 +41,7 @@ Before you install the solution upgrade, make sure that you:
 You install the solution upgrade via the Azure portal.
 
 > [!IMPORTANT]
-> Use of 3rd party tools to install updates is not supported.
+> Use of 3rd party tools to install upgrades is not supported.
 
 Follow these steps to install the solution upgrade: