Connect Azure Arc-enabled servers from an Azure IoT Layered Network Management Preview isolated network
Important
Azure IoT Operations Preview – enabled by Azure Arc is currently in PREVIEW. You shouldn't use this preview software in production environments.
See the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
This walkthrough is an example of connecting your host machine to Azure Arc as an Arc-enabled server from an isolated network environment. For example, level 3 of the Purdue Network. You connect the host machine to Azure IoT Layered Network Management Preview at the parent level as a proxy to reach Azure endpoints for the service. You can integrate these steps into your procedure to set up your cluster for Azure IoT Operations Preview. Don't use this guidance independently. For more information, see Configure Layered Network Management service to enable Azure IoT Operations Preview in an isolated network.
Important
Arc-enabled servers aren't a requirement for the Azure IoT Operations experiences. You should evaluate your own design and only enable this service if it suits your needs. Before proceeding with these steps, you should also get familiar with the Arc-enabled servers by trying this service with a machine that has direct internet access.
Note
Layered Network Management for Arc-enabled servers does not support Azure VMs.
Configuration for Layered Network Management Preview
To support the Arc-enabled servers, the level 4 Layered Network Management instance needs to include the following endpoints in the allowlist when applying the custom resource:
- destinationUrl: "gbl.his.arc.azure.com"
destinationType: external
- destinationUrl: "gbl.his.arc.azure.us"
destinationType: external
- destinationUrl: "gbl.his.arc.azure.cn"
destinationType: external
- destinationUrl: "packages.microsoft.com"
destinationType: external
- destinationUrl: "aka.ms"
destinationType: external
- destinationUrl: "ppa.launchpadcontent.net"
destinationType: external
- destinationUrl: "mirror.enzu.com"
destinationType: external
- destinationUrl: "*.guestconfiguration.azure.com"
destinationType: external
- destinationUrl: "agentserviceapi.guestconfiguration.azure.com"
destinationType: external
- destinationUrl: "pas.windows.net"
destinationType: external
- destinationUrl: "download.microsoft.com"
destinationType: external
Note
If you plan to onboard an Ubuntu machine, you also need to add the domain name of the software and update repository of your choice to the allowlist. For more information selecting the repository, see Configuration Ubuntu host machine.
If you want to enable optional features, add the appropriate endpoint from the following table. For more information, see Connected Machine agent network requirements.
| Endpoint | Optional feature |
|---|---|
| *.waconazure.com | Windows Admin Center connectivity |
| san-af-[REGION]-prod.azurewebsites.net | SQL Server enabled by Azure Arc. The Azure extension for SQL Server uploads inventory and billing information to the data processing service. |
| telemetry.[REGION].arcdataservices.com | For Arc SQL Server. Sends service telemetry and performance monitoring to Azure. |
Configure Windows host machine
If you prepared your host machine and cluster to be Arc-enabled by following the Configure level 3 cluster article, you can proceed to onboard your Arc-enabled server. Otherwise at a minimum, point the host machine to your custom DNS. For more information, see Configure the DNS server.
After properly setting up the parent level Layered Network Management instance and custom DNS, see Quickstart: Connect hybrid machines with Azure Arc-enabled servers.
- After downloading the
OnboardingScript.ps1, open it with a text editor. find the following section and add the parameter--use-device-codeat the end of the command.# Run connect command & "$env:ProgramW6432\AzureConnectedMachineAgent\azcmagent.exe" connect --resource-group "$env:RESOURCE_GROUP" --tenant-id "$env:TENANT_ID" --location "$env:LOCATION" --subscription-id "$env:SUBSCRIPTION_ID" --cloud "$env:CLOUD" --correlation-id "$env:CORRELATION_ID"; - Proceed with the steps in Quickstart: Connect hybrid machines with Azure Arc-enabled servers to complete the onboarding.
Configure Ubuntu host machine
If you prepared your host machine and cluster to be Arc-enabled by following the Configure level 3 cluster article, you can proceed to onboard your Arc-enabled server. Otherwise at a minimum, point the host machine to your custom DNS. For more information, see Configure the DNS server.
Before starting the onboarding process, you need to assign an https address for the Ubuntu OS software and update repository.
- Visit https://launchpad.net/ubuntu/+archivemirrors and identify a repository that is close to your location and supports the https protocol.
- Modify
/etc/apt/sources.listto replace the address with the URL from the previous step. - Add the domain name of this repository to the Layered Network Management allowlist.
- Run
apt updateto confirm the update is pulling packages from the new repository with https protocol.
See Quickstart: Connect hybrid machines with Azure Arc-enabled servers to complete the Arc-enabled Servers onboarding.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for