Quickstart: Connect VMware vCenter Server to Azure Arc by using the helper script
To start using the Azure Arc-enabled VMware vSphere features, you need to connect your VMware vCenter Server instance to Azure Arc. This quickstart shows you how to connect your VMware vCenter Server instance to Azure Arc by using a helper script.
First, the script deploys a virtual appliance called Azure Arc resource bridge in your vCenter environment. Then, it installs a VMware cluster extension to provide a continuous connection between vCenter Server and Azure Arc.
Important
This article describes a way to connect a generic vCenter Server to Azure Arc. If you're trying to enable Arc for Azure VMware Solution (AVS) private cloud, follow this guide instead - Deploy Arc-enabled VMware vSphere for Azure VMware Solution private cloud. With the Arc for AVS onboarding process you need to provide fewer inputs and Arc capabilities are better integrated into the AVS private cloud portal experience.
Prerequisites
Azure
An Azure subscription.
A resource group in the subscription where you have the Owner, Contributor, or Azure Arc VMware Private Clouds Onboarding role for onboarding.
Azure Arc Resource Bridge
- Azure Arc resource bridge IP needs access to the URLs listed here.
vCenter Server
vCenter Server version 7 or 8.
A virtual network that can provide internet access, directly or through a proxy. It must also be possible for VMs on this network to communicate with the vCenter server on TCP port (usually 443).
At least three free static IP addresses on the above network.
A resource pool or a cluster with a minimum capacity of 8 GB of RAM and 4 vCPUs.
A datastore with a minimum of 200 GB of free disk space or 400 GB for High Availability deployment, available through the resource pool or cluster.
Note
Azure Arc-enabled VMware vSphere supports vCenter Server instances with a maximum of 9,500 virtual machines (VMs). If your vCenter Server instance has more than 9,500 VMs, we don't recommend that you use Azure Arc-enabled VMware vSphere with it at this point.
vSphere account
You need a vSphere account that can:
- Read all inventory.
- Deploy and update VMs to all the resource pools (or clusters), networks, and VM templates that you want to use with Azure Arc.
Important
As part of the Azure Arc-enabled VMware onboarding script, you will be prompted to provide a vSphere account to deploy the Azure Arc resouce bridge VM on the ESXi host. This account will be stored locally within the Azure Arc resource bridge VM and encrypted as a Kubernetes secret at rest. The vSphere account allows Azure Arc-enabled VMware to interact with VMware vSphere. If your organization practices routine credential rotation, you must update the credentials in Azure Arc-enabled VMware to maintain the connection between Azure Arc-enabled VMware and VMware vSphere.
Workstation
You need a Windows or Linux machine that can access both your vCenter Server instance and the internet, directly or through a proxy. The workstation must also have outbound network connectivity to the ESXi host backing the datastore. Datastore connectivity is needed for uploading the Arc resource bridge image to the datastore as part of the onboarding.
Prepare vCenter Server
Create a resource pool with a reservation of at least 16 GB of RAM and four vCPUs. It should also have access to a datastore with at least 100 GB of free disk space.
Ensure that the vSphere accounts have the appropriate permissions.
Download the onboarding script
Go to the Azure portal.
Search for Azure Arc and select it.
On the Overview page, select Add under Add your infrastructure for free or move to the Infrastructure tab.
In the Platform section, select Add under VMware vCenter.
Select Create a new resource bridge, and then select Next.
Provide a name of your choice for the Azure Arc resource bridge. For example: contoso-nyc-resourcebridge.
Select a subscription and resource group where the resource bridge will be created.
Under Region, select an Azure location where the resource metadata will be stored. Currently, the supported regions are East US, West Europe, Australia East, and Canada Central.
Provide a name for Custom location. You'll see this name when you deploy VMs. Name it for the datacenter or the physical location of your datacenter. For example: contoso-nyc-dc.
Leave Use the same subscription and resource group as your resource bridge selected.
Provide a name for your vCenter Server instance in Azure. For example: contoso-nyc-vcenter.
You can choose to Enable Kubernetes Service on VMware [Preview]. If you choose to do so, please ensure you update the namespace of your custom location to "default" in the onboarding script: $customLocationNamespace = ("default".ToLower() -replace '[^a-z0-9-]', ''). For more details about this update, refer to the known issues from AKS on VMware (preview)
Select Next: Download and run script.
If your subscription isn't registered with all the required resource providers, a Register button will appear. Select the button before you proceed to the next step.
Based on the operating system of your workstation, download the PowerShell or Bash script and copy it to the workstation.
If you want to see the status of your onboarding after you run the script on your workstation, select Next: Verification. Closing this page won't affect the onboarding.
Run the script
Use the following instructions to run the script, depending on which operating system your machine is using.
Windows
Open a PowerShell window as an Administrator and go to the folder where you've downloaded the PowerShell script.
Note
On Windows workstations, the script must be run in PowerShell window and not in PowerShell Integrated Script Editor (ISE) as PowerShell ISE doesn't display the input prompts from Azure CLI commands. If the script is run on PowerShell ISE, it could appear as though the script is stuck while it is waiting for input.
Run the following command to allow the script to run, because it's an unsigned script. (If you close the session before you complete all the steps, run this command again for the new session.)
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass
Run the script:
./resource-bridge-onboarding-script.ps1
Linux
Open the terminal and go to the folder where you've downloaded the Bash script.
Run the script by using the following command:
bash resource-bridge-onboarding-script.sh
Inputs for the script
A typical onboarding that uses the script takes 30 to 60 minutes. During the process, you're prompted for the following details:
Requirement | Details |
---|---|
Azure login | When you're prompted, go to the device sign-in page, enter the authorization code shown in the terminal, and sign in to Azure. |
vCenter FQDN/Address | Enter the fully qualified domain name for the vCenter Server instance (or an IP address). For example: 10.160.0.1 or nyc-vcenter.contoso.com. |
vCenter Username | Enter the username for the vSphere account. The required permissions for the account are listed in the prerequisites. |
vCenter password | Enter the password for the vSphere account. |
Data center selection | Select the name of the datacenter (as shown in the vSphere client) where the Azure Arc resource bridge VM should be deployed. |
Network selection | Select the name of the virtual network or segment to which the Azure Arc resource bridge VM must be connected. This network should allow the appliance to communicate with vCenter Server and the Azure endpoints (or internet). |
Static IP | Arc Resource Bridge requires static IP address assignment and DHCP isn't supported. 1. Static IP address prefix: Network address in CIDR notation. For example: 192.168.0.0/24. 2. Static gateway: Gateway address. For example: 192.168.0.0. 3. DNS servers: IP address(es) of DNS server(s) used by Azure Arc resource bridge VM for DNS resolution. Azure Arc resource bridge VM must be able to resolve external sites, like mcr.microsoft.com and the vCenter server. 4. Start range IP: Minimum size of two available IP addresses is required. One IP address is for the Azure Arc resource bridge VM, and the other is reserved for upgrade scenarios. Provide the starting IP address of that range. Ensure the Start range IP has internet access. 5. End range IP: Last IP address of the IP range requested in the previous field. Ensure the End range IP has internet access. |
Control Plane IP address | Azure Arc resource bridge runs a Kubernetes cluster, and its control plane always requires a static IP address. Provide an IP address that meets the following requirements: - The IP address must have internet access. - The IP address must be within the subnet defined by IP address prefix. - If you're using static IP address option for resource bridge VM IP address, the control plane IP address must be outside of the IP address range provided for the VM (Start range IP - End range IP). |
Resource pool | Select the name of the resource pool to which the Azure Arc resource bridge VM will be deployed. |
Data store | Select the name of the datastore to be used for the Azure Arc resource bridge VM. |
Folder | Select the name of the vSphere VM and the template folder where the Azure Arc resource bridge's VM will be deployed. |
Appliance proxy settings | Enter y if there's a proxy in your appliance network. Otherwise, enter n. You need to populate the following boxes when you have a proxy set up: 1. Http: Address of the HTTP proxy server. 2. Https: Address of the HTTPS proxy server. 3. NoProxy: Addresses to be excluded from the proxy. 4. CertificateFilePath: For SSL-based proxies, the path to the certificate to be used. |
After the command finishes running, your setup is complete. You can now use the capabilities of Azure Arc-enabled VMware vSphere.
Important
After the successful installation of Azure Arc Resource Bridge, it's recommended to retain a copy of the resource bridge config.yaml files in a place that facilitates easy retrieval. These files could be needed later to run commands to perform management operations (e.g. az arcappliance upgrade) on the resource bridge. You can find the three .yaml files (config files) in the same folder where you ran the script.
Recovering from failed deployments
If the Azure Arc resource bridge deployment fails, consult the Azure Arc resource bridge troubleshooting document. While there can be many reasons why the Azure Arc resource bridge deployment fails, one of them is KVA timeout error. For more information about the KVA timeout error and how to troubleshoot it, see KVA timeout error.
To clean up the installation and retry the deployment, use the following commands.
Retry command - Windows
Run the command with -Force
to clean up the installation and onboard again.
./resource-bridge-onboarding-script.ps1 -Force
Retry command - Linux
Run the command with --force
to clean up the installation and onboard again.
bash resource-bridge-onboarding-script.sh --force