Merge branch 'main' of https://github.com/MicrosoftDocs/azure-stack-docs-pr into azure-arc-vm-management

Author: ShawnJackson

.openpublishing.redirection.json

@@ -1674,6 +1674,11 @@
       "source_path": "azure-stack/hci/security-update/hci-security-update-apr-2024.md",
       "redirect_url": "/azure-stack/hci/security-update/security-update-apr-2024",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "azure-local/concepts/network-hud-overview.md",
+      "redirect_url": "/azure/azure-local/concepts/network-atc-overview",
+      "redirect_document_id": false
     }
   ]
 }

AKS-Arc/aks-arc-diagnostic-checker.md

@@ -105,7 +105,6 @@ $urlArray = @(
     "https://k8connecthelm.azureedge.net",
     "https://guestnotificationservice.azure.com",
     "https://sts.windows.net",
-    "https://k8sconnectcsp.azureedge.net",
     "https://graph.microsoft.com"
 )
 $urlList=$urlArray -join ","

AKS-Arc/aks-hci-network-system-requirements.md

@@ -30,7 +30,7 @@ Kubernetes nodes are deployed as specialized virtual machines in AKS enabled by
 
 The following parameters are required in order to use a logical network for AKS Arc cluster create operation:
 
-| Logical network parameter| Description| Required parameter for AKS Arc cluster|
+| [Az CLI logical networks parameter](/azure-stack/hci/manage/create-logical-networks?tabs=azurecli) | Description| Required parameter for AKS Arc cluster|
 |------------------|---------|-----------|
 | `--address-prefixes` | AddressPrefix for the network. Currently only 1 address prefix is supported. Usage: `--address-prefixes "10.220.32.16/24"`. | ![Supported](media/aks-hybrid-networks/check.png) |
 | `--dns-servers`      | Space-separated list of DNS server IP addresses. Usage: `--dns-servers 10.220.32.16 10.220.32.17`. | ![Supported](media/aks-hybrid-networks/check.png) |
@@ -76,12 +76,12 @@ You need to ensure that the DNS server of the logical network can resolve the FQ
 
 When you deploy Azure Local, you allocate a contiguous block of at least [six static IP addresses on your management network's subnet](/azure-stack/hci/deploy/deploy-via-portal#specify-network-settings), omitting addresses already used by the physical machines. These IPs are used by Azure Local and internal infrastructure (Arc Resource Bridge) for Arc VM management and AKS Arc. If your management network that provides IP addresses to Arc Resource Bridge related Azure Local services are on a different VLAN than the logical network you used to create AKS clusters, you need to ensure that the following ports are opened to successfully create and operate an AKS cluster. 
 
-| Destination Port | Destination | Source | Description | Cross VLAN networking notes |
+| Destination Port | Destination | Source | Description | Bi-directional cross VLAN networking notes |
 |------------------|-------------|--------|-------------|----------------|
-| 22 | Logical network used for AKS Arc VMs | IP addresses in management network | Required to collect logs for troubleshooting. | If you use separate VLANs, IP addresses in management network used for Azure Local and Arc Resource Bridge need to access the AKS Arc cluster VMs on this port.|
-| 6443 | Logical network used for AKS Arc VMs | IP addresses in management network | Required to communicate with Kubernetes APIs. | If you use separate VLANs, IP addresses in management network used for Azure Local and Arc Resource Bridge need to access the AKS Arc cluster VMs on this port.|
-| 55000 | IP addresses in management network | Logical network used for AKS Arc VMs | Cloud Agent gRPC server | If you use separate VLANs, the AKS Arc VMs need to access the IP addresses in management network used for cloud agent IP and cluster IP on this port. |
-| 65000 | IP addresses in management network | Logical network used for AKS Arc VMs | Cloud Agent gRPC authentication | If you use separate VLANs, the AKS Arc VMs need to access the IP addresses in management network used for cloud agent IP and cluster IP on this port. |
+| 22 | Logical network used for AKS Arc VMs | IP addresses in management network | Required to collect logs for troubleshooting. | If you use separate VLANs, IP addresses in management network used for Azure Local and Arc Resource Bridge need to access the AKS Arc cluster VMs on this port and vice-versa.|
+| 6443 | Logical network used for AKS Arc VMs | IP addresses in management network | Required to communicate with Kubernetes APIs. | If you use separate VLANs, IP addresses in management network used for Azure Local and Arc Resource Bridge need to access the AKS Arc cluster VMs on this port and vice-versa.|
+| 55000 | IP addresses in management network | Logical network used for AKS Arc VMs | Cloud Agent gRPC server | If you use separate VLANs, the AKS Arc VMs need to access the IP addresses in management network used for cloud agent IP and cluster IP on this port and vice-versa. |
+| 65000 | IP addresses in management network | Logical network used for AKS Arc VMs | Cloud Agent gRPC authentication | If you use separate VLANs, the AKS Arc VMs need to access the IP addresses in management network used for cloud agent IP and cluster IP on this port and vice-versa. |
 
 ## Next steps
 [IP address planning and considerations for Kubernetes clusters and applications](aks-hci-ip-address-planning.md)

AKS-Arc/workload-identity.md

@@ -4,7 +4,8 @@ description: Learn how to deploy and configure an AKS Arc cluster with workload
 author: sethmanheim
 ms.author: sethm
 ms.topic: how-to
-ms.date: 11/08/2024
+ms.date: 01/23/2025
+ms.reviewer: leslielin
 
 ---
 
@@ -167,16 +168,32 @@ $MSIPrincipalId=$(az identity show --resource-group $resource_group_name --name
 
 ### Create a Kubernetes service account
 
-Create a Kubernetes service account and annotate it with the client ID of the managed identity created in the previous step:
+In this step, you create a Kubernetes service account and annotate it with the client ID of the managed identity you created in the previous step.
+
+Use cluster connect to access your cluster from a client device. For more information, see [Access your cluster from a client device](/azure/azure-arc/kubernetes/cluster-connect?tabs=azure-cli%2Cagent-version#access-your-cluster-from-a-client-device):
 
 ```azurecli
 az connectedk8s proxy -n $aks_cluster_name -g $resource_group_name
 ```
 
-Open a new window. Copy and paste the following CLI commands:
+Open a new CLI command window. Copy and paste the following commands:
 
 ```azurecli
-$yaml = @" apiVersion: v1 kind: ServiceAccount metadata: annotations: azure.workload.identity/client-id: $MSIId name: $SERVICE_ACCOUNT_NAME namespace: $SERVICE_ACCOUNT_NAMESPACE "@ $yaml = $yaml -replace '\$MSIId', $MSIId ` -replace '\$SERVICE_ACCOUNT_NAME', $SERVICE_ACCOUNT_NAME ` -replace '\$SERVICE_ACCOUNT_NAMESPACE', $SERVICE_ACCOUNT_NAMESPACE $yaml | kubectl apply -f -
+$yaml = @"
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  annotations:
+    azure.workload.identity/client-id: $MSIId
+  name: $SERVICE_ACCOUNT_NAME
+  namespace: $SERVICE_ACCOUNT_NAMESPACE
+"@
+
+$yaml = $yaml -replace '\$MSIId', $MSIId `
+               -replace '\$SERVICE_ACCOUNT_NAME', $SERVICE_ACCOUNT_NAME `
+               -replace '\$SERVICE_ACCOUNT_NAMESPACE', $SERVICE_ACCOUNT_NAMESPACE
+
+$yaml | kubectl apply -f -
 ```
 
 The following output shows successful creation of the service account:

azure-local/TOC.yml

@@ -590,6 +590,8 @@ items:
         href: migrate/migrate-vmware-migrate.md
       - name: Enable guest management
         href: migrate/migrate-enable-guest-management.md
+    - name: Maintain static IP addresses
+      href: migrate/migrate-maintain-ip-addresses.md
     - name: FAQ
       href: migrate/migrate-faq.yml
     - name: Troubleshoot
@@ -824,10 +826,6 @@ items:
         href: concepts/persistent-memory-health.md
       - name: Nested virtualization
         href: concepts/nested-virtualization.md
-    - name: Host networking
-      items:
-      - name: Network HUD overview
-        href: concepts/network-hud-overview.md
     - name: Software Defined Networking (SDN)
       items:
       - name: SDN overview

azure-local/concepts/compare-windows-server.md

@@ -10,7 +10,7 @@ ms.date: 10/21/2024
 
 # Compare Azure Local to Windows Server
 
-> Applies to: Azure Local, versions 23H2 and 22H2; Windows Server 2022
+> Applies to: Azure Local 2311.2 and later; Windows Server 2022
 
 This article explains key differences between Azure Local and Windows Server and provides guidance about when to use each. Both products are actively supported and maintained by Microsoft. Many organizations choose to deploy both as they are intended for different and complementary purposes.
 

azure-local/concepts/datacenter-firewall-overview.md

@@ -10,7 +10,7 @@ ms.date: 10/25/2024
 
 # What is Datacenter Firewall?
 
-> Applies to: Azure Local, versions 23H2 and 22H2; Windows Server 2022, Windows Server 2019, Windows Server 2016
+> Applies to: Azure Local 2311.2 and later; Windows Server 2022, Windows Server 2019, Windows Server 2016
 
 Datacenter Firewall is a network layer, 5-tuple (protocol, source and destination port numbers, source and destination IP addresses), stateful, multitenant Software Defined Networking (SDN) firewall. The Datacenter Firewall protects east-west and north-south traffic flows across the network layer of virtual networks and traditional VLAN networks.
 

azure-local/concepts/gateway-overview.md

@@ -10,7 +10,7 @@ ms.custom: kr2b-contr-experiment
 ---
 # What is Remote Access Service (RAS) Gateway for Software Defined Networking?
 
-> Applies to: Azure Local, versions 23H2 and 22H2; Windows Server 2022, Windows Server 2019, Windows Server 2016
+> Applies to: Azure Local 2311.2 and later; Windows Server 2022, Windows Server 2019, Windows Server 2016
 
 This article provides an overview of Remote Access Service (RAS) Gateway for Software Defined Networking (SDN) in Azure Local and Windows Server.
 

azure-local/concepts/network-controller-overview.md

@@ -10,7 +10,7 @@ ms.date: 10/21/2024
 
 # What is Network Controller?
 
-> Applies to: Azure Local, versions 23H2 and 22H2; Windows Server 2022, Windows Server 2019, Windows Server 2016
+> Applies to: Azure Local 2311.2 and later; Windows Server 2022, Windows Server 2019, Windows Server 2016
 
 Network Controller is the cornerstone of Software Defined Networking (SDN) management. It's a highly scalable server role that provides a centralized, programmable point of automation to manage, configure, monitor, and troubleshoot virtual network infrastructure.