Perform ongoing administration for Azure Arc-enabled System Center Virtual Machine Manager
In this article, you learn how to perform various administrative operations related to Azure Arc-enabled System Center Virtual Machine Manager (SCVMM):
- Upgrade the Azure Arc resource bridge manually
- Update the SCVMM account credentials
- Collect logs from the Arc resource bridge
Each of these operations requires either SSH key to the resource bridge VM or the kubeconfig file that provides access to the Kubernetes cluster on the resource bridge VM.
Upgrade the Arc resource bridge manually
Azure Arc-enabled SCVMM requires the Arc resource bridge to connect your SCVMM environment with Azure. Periodically, new images of Arc resource bridge are released to include security and feature updates. The Arc resource bridge can be manually upgraded from the SCVMM server. You must meet all upgrade prerequisites before attempting to upgrade. The SCVMM server must have the kubeconfig and appliance configuration .yaml files stored locally. If the SCVMM account credentials changed after the initial deployment of the Azure Arc resource bridge, update the new account credentials before attempting manual upgrade.
The manual upgrade generally takes between 30-90 minutes, depending on the network speed. The upgrade command takes your Azure Arc resource bridge to the immediate next version, which might not be the latest available version. Multiple upgrades could be needed to reach a supported version. You can check your resource bridge version by checking the Azure resource of your Arc resource bridge.
To manually upgrade your Arc resource bridge, make sure you've installed the latest az arcappliance
CLI extension by running the following extension upgrade command from the SCVMM server:
az extension add --upgrade --name arcappliance
To manually upgrade your resource bridge, use the following command:
az arcappliance upgrade scvmm --config-file C:\Users\admin\contosoARB01-appliance.yaml
Update the SCVMM account credentials (using a new password or a new SCVMM account after onboarding)
Azure Arc-enabled SCVMM uses the SCVMM account credentials you provided during the onboarding to communicate with your SCVMM management server. These credentials are only persisted locally on the Arc resource bridge VM.
As part of your security practices, you might need to rotate credentials for your SCVMM accounts. As credentials are rotated, you must also update the credentials provided to Azure Arc to ensure the functioning of Azure Arc-enabled SCVMM. You can also use the same steps in case you need to use a different SCVMM account after onboarding. You must ensure the new account also has all the required SCVMM permissions.
There are two different sets of credentials stored on the Arc resource bridge. You can use the same account credentials for both.
- Account for Arc resource bridge. This account is used for deploying the Arc resource bridge VM and will be used for upgrade.
- Account for SCVMM cluster extension. This account is used to discover inventory and perform all the VM operations through Azure Arc-enabled SCVMM.
To update the credentials of the account for Arc resource bridge, run the following Azure CLI commands. Run the commands from a workstation that can access cluster configuration IP address of the Arc resource bridge locally:
az account set -s <subscription id>
az arcappliance get-credentials -n <name of the appliance> -g <resource group name>
az arcappliance update-infracredentials scvmm --kubeconfig kubeconfig
For more information on the commands, see az arcappliance get-credentials
and az arcappliance update-infracredentials scvmm
.
To update the credentials used by the SCVMM cluster extension on the resource bridge, run the following command. This command can be run from anywhere with the connectedscvmm
CLI extension installed.
az connectedscvmm scvmm connect --custom-location <name of the custom location> --location <Azure region> --name <name of the SCVMM resource in Azure> --resource-group <resource group for the SCVMM resource> --username <username for the SCVMM account> --password <password to the SCVMM account>
Collect logs from the Arc resource bridge
For any issues encountered with the Azure Arc resource bridge, you can collect logs for further investigation. To collect the logs, use the Azure CLI Az arcappliance log
command.
To save the logs to a destination folder, run the following commands. These commands need connectivity to cluster configuration IP address.
az account set -s <subscription id>
az arcappliance get-credentials -n <name of the appliance> -g <resource group name>
az arcappliance logs scvmm --kubeconfig kubeconfig --out-dir <path to specified output directory>
If the Kubernetes cluster on the Azure Arc resource bridge isn't in functional state, you can use the following commands. These commands require connectivity to IP address of the Azure Arc resource bridge VM via SSH.
az account set -s <subscription id>
az arcappliance get-credentials -n <name of the appliance> -g <resource group name>
az arcappliance logs scvmm --out-dir <path to specified output directory> --ip XXX.XXX.XXX.XXX