From cccfe89a7d7147dbdd3161801be4032cddb8b866 Mon Sep 17 00:00:00 2001 From: Darren Small Date: Wed, 30 Oct 2024 15:50:46 +0000 Subject: [PATCH] Update eastus-hci-endpoints.md Adding additional information to ensure that customers dont literally use the URL endpoints we state for Arc Gateway and KeyVault. If they do literally add "yourhcikeyvaultname.vault.azure.net" then we could have many customers out there with potentially risky firewall rules open. --- HCI/EastUSendpoints/eastus-hci-endpoints.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/HCI/EastUSendpoints/eastus-hci-endpoints.md b/HCI/EastUSendpoints/eastus-hci-endpoints.md index 56c1d10c..e8dc6f99 100644 --- a/HCI/EastUSendpoints/eastus-hci-endpoints.md +++ b/HCI/EastUSendpoints/eastus-hci-endpoints.md @@ -46,7 +46,7 @@ This page provides a comprehensive overview of the necessary endpoints for deplo | 38 |Azure Stack HCI Arc agent | azgn*.servicebus.windows.net | 443 | Not required if endpoint 41 below is whitelisted. | Yes. 2408 or later new deployment | Deployment & Post deployment | | 39 |Azure Stack HCI Arc agent | *.servicebus.windows.net | 443 | For multiple HCI components. | Yes. 2408 or later new deployment | Deployment & Post deployment | | 40 |Azure Stack HCI WAC | *.waconazure.com | 443 | For Windows Admin Center management after deployment. | Yes. 2408 or later new deployment | Post deployment | -| 41 |Azure Stack HCI Arc gateway | yourarcgatewayendpointid.gw.arc.azure.net | 443 | Manage cluster from Azure portal. | No. Arc registration required | Deployment & Post deployment | +| 41 |Azure Stack HCI Arc gateway | yourarcgatewayendpointid.gw.arc.azure.net | 443 | Manage cluster from Azure portal. ENSURE THIS IS YOUR UNIQUE GATEWAY NAME | No. Arc registration required | Deployment & Post deployment | | 42 |Azure Stack HCI authentication | login.microsoftonline.com | 443 | For Active Directory Authority and authentication, token fetch, and validation. | No. Arc registration required | Deployment & Post deployment | | 43 |Azure Stack HCI authentication | graph.windows.net | 443 | For Graph authentication, token fetch, and validation. | Yes. 2408 or later new deployment | Deployment & Post deployment | | 44 |Azure Stack HCI authentication | graph.microsoft.com | 443 | For Graph authentication and Azure Resource Bridge RBAC. | Yes. 2408 or later new deployment | Deployment & Post deployment | @@ -61,7 +61,7 @@ This page provides a comprehensive overview of the necessary endpoints for deplo | 53 |Azure Stack HCI deployment | *.blob.core.windows.net | 443 | For multiple HCI components. | Yes. 2408 or later new deployment | Deployment & Post deployment | | 54 |Azure Stack HCI deployment | hciarcvmscontainerregistry.azurecr.io | 443 | For Arc VM container registry on Azure Stack HCI 23H2. | Yes. 2408 or later new deployment | Deployment & Post deployment | | 55 |Azure Stack HCI deployment | azurestackreleases.download.prss.microsoft.com | 443 | For Azure Stack HCI Arc extensions deployment. | No. Arc registration required | Deployment & Post deployment | -| 56 |Azure Stack HCI authentication | yourhcikeyvaultname.vault.azure.net | 443 | Access to key vault to access Azure Stack HCI deployment secrets. | No | Deployment & Post deployment | +| 56 |Azure Stack HCI authentication | yourhcikeyvaultname.vault.azure.net | 443 | Access to key vault to access Azure Stack HCI deployment secrets. ENSURE THIS IS YOUR UNIQUE KEYVAULT NAME | No | Deployment & Post deployment | | 57 |Azure Stack HCI deployment | settings-win.data.microsoft.com | 443 | For Azure Stack HCI deployment | Yes. 2408 or later new deployment | Deployment & Post deployment | | 58 |Azure Stack HCI diag & billing | dp.stackhci.azure.com | 443 | For Data plane diagnostics and billing data. | Yes. 2408 or later new deployment | Deployment & Post deployment | | 59 |Azure Stack HCI diag & billing | licensing.platform.edge.azure.com | 443 | For Data plane licensing billing data. Required only for Azure Stack HCI, version 23H2.| Yes. 2408 or later new deployment | Deployment & Post deployment | @@ -107,4 +107,4 @@ This page provides a comprehensive overview of the necessary endpoints for deplo | 99 |Azure Stack HCI AKS infra | hciarcvmsstorage.z13.web.core.windows.net | 443 | Storage account for stack-hci-vm CLI extension files. | No | Deployment & Post deployment | | 100 |Azure Stack HCI AKS infra | www.msftconnecttest.com/connecttest.txt | 80 | Bootstrap Windows outbound connectivity validation | No | Deployment | | 101 |Azure Stack HCI AKS infra | edgesupprd.trafficmanager.net | 443 | Remote Support Extension | Yes. 2408 or later new deployment | Deployment & Post deployment | -| 102 |Azure Stack HCI AKS infra | azurewatsonanalysis-prod.core.windows.net | 443 | Used for metrics and monitoring telemetry traffic. | No | Deployment & Post deployment | \ No newline at end of file +| 102 |Azure Stack HCI AKS infra | azurewatsonanalysis-prod.core.windows.net | 443 | Used for metrics and monitoring telemetry traffic. | No | Deployment & Post deployment |