diff --git a/windows/application-management/manage-windows-mixed-reality.md b/windows/application-management/manage-windows-mixed-reality.md index 98fff77da2..122ffdd4f1 100644 --- a/windows/application-management/manage-windows-mixed-reality.md +++ b/windows/application-management/manage-windows-mixed-reality.md @@ -31,7 +31,7 @@ Organizations that use Windows Server Update Services (WSUS) must take action to 1. Download the FOD .cab file: - [Windows 11, version 21H2](https://software-download.microsoft.com/download/sg/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd_64~~.cab) - - [Windows 10, version 2004](https://software-download.microsoft.com/download/pr/6cf73b63/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab) + - [Windows 10, version 2004](https://software-static.download.prss.microsoft.com/pr/download/6cf73b63/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab) - [Windows 10, version 1903 and 1909](https://software-download.microsoft.com/download/pr/Microsoft-Windows-Holographic-Desktop-FOD-Package-31bf3856ad364e35-amd64.cab) - [Windows 10, version 1809](https://software-download.microsoft.com/download/pr/microsoft-windows-holographic-desktop-fod-package31bf3856ad364e35amd64_1.cab) - [Windows 10, version 1803](https://download.microsoft.com/download/9/9/3/9934B163-FA01-4108-A38A-851B4ACD1244/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab) diff --git a/windows/client-management/mdm/config-lock.md b/windows/client-management/mdm/config-lock.md index be7b22d518..a2167e456e 100644 --- a/windows/client-management/mdm/config-lock.md +++ b/windows/client-management/mdm/config-lock.md @@ -1,93 +1,90 @@ --- -title: Secured-Core Configuration Lock -description: A Secured-Core PC (SCPC) feature that prevents configuration drift from Secured-Core PC features (shown below) caused by unintentional misconfiguration. +title: Secured-core configuration lock +description: A secured-core PC (SCPC) feature that prevents configuration drift from secured-core PC features caused by unintentional misconfiguration. manager: dansimp -keywords: mdm,management,administrator,config lock ms.author: v-lsaldanha ms.topic: article ms.prod: w11 ms.technology: windows author: lovina-saldanha -ms.date: 03/14/2022 +ms.date: 05/24/2022 --- -# Secured-Core PC Configuration Lock +# Secured-core PC configuration lock **Applies to** -- Windows 11 +- Windows 11 -In an enterprise organization, IT administrators enforce policies on their corporate devices to keep the devices in a compliant state and protect the OS by preventing users from changing configurations and creating config drift. Config drift occurs when users with local admin rights change settings and put the device out of sync with security policies. Devices in a non-compliant state can be vulnerable until the next sync and configuration reset with the MDM. Windows 11 with Config Lock enables IT administrators to prevent config drift and keep the OS configuration in the desired state. With config lock, the OS monitors the registry keys that configure each feature and when it detects a drift, reverts to the IT-desired state in seconds. +In an enterprise organization, IT administrators enforce policies on their corporate devices to keep the devices in a compliant state and protect the OS by preventing users from changing configurations and creating config drift. Config drift occurs when users with local admin rights change settings and put the device out of sync with security policies. Devices in a non-compliant state can be vulnerable until the next sync and configuration reset with the MDM. Windows 11 with config lock enables IT administrators to prevent config drift and keep the OS configuration in the desired state. With config lock, the OS monitors the registry keys that configure each feature and when it detects a drift, reverts to the IT-desired state in seconds. -Secured-Core Configuration Lock (Config Lock) is a new [Secured-Core PC (SCPC)](/windows-hardware/design/device-experiences/oem-highly-secure) feature that prevents configuration drift from Secured-Core PC features caused by unintentional misconfiguration. In short, it ensures a device intended to be a Secured-Core PC remains a Secured-Core PC. +Secured-core configuration lock (config lock) is a new [secured-core PC (SCPC)](/windows-hardware/design/device-experiences/oem-highly-secure) feature that prevents configuration drift from secured-core PC features caused by unintentional misconfiguration. In short, it ensures a device intended to be a secured-core PC remains a secured-core PC. -To summarize, Config Lock: +To summarize, config lock: -- Enables IT to “lock” Secured-Core PC features when managed through MDM +- Enables IT to "lock" secured-core PC features when managed through MDM - Detects drift remediates within seconds -- DOES NOT prevent malicious attacks +- Doesn't prevent malicious attacks ## Configuration Flow -After a Secured-Core PC reaches the desktop, Config Lock will prevent configuration drift by detecting if the device is a Secured-Core PC or not. When the device isn't a Secured-Core PC, the lock won't apply. If the device is a Secured-Core PC, config lock will lock the policies listed under [List of locked policies](#list-of-locked-policies). +After a secured-core PC reaches the desktop, config lock will prevent configuration drift by detecting if the device is a secured-core PC or not. When the device isn't a secured-core PC, the lock won't apply. If the device is a secured-core PC, config lock will lock the policies listed under [List of locked policies](#list-of-locked-policies). ## System Requirements -Config Lock will be available for all Windows Professional and Enterprise Editions running on [Secured-Core PCs](/windows-hardware/design/device-experiences/oem-highly-secure). +Config lock will be available for all Windows Professional and Enterprise Editions running on [secured-core PCs](/windows-hardware/design/device-experiences/oem-highly-secure). -## Enabling Config Lock using Microsoft Intune +## Enabling config lock using Microsoft Intune -Config Lock isn't enabled by default (or turned on by the OS during boot). Rather, an IT Admin must intentionally turn it on. - -The steps to turn on Config Lock using Microsoft Endpoint Manager (Microsoft Intune) are as follows: +Config lock isn't enabled by default, or turned on by the OS during boot. Rather, you need to turn it on. -1. Ensure that the device to turn on Config Lock is enrolled in Microsoft Intune. +The steps to turn on config lock using Microsoft Endpoint Manager (Microsoft Intune) are as follows: + +1. Ensure that the device to turn on config lock is enrolled in Microsoft Intune. 1. From the Microsoft Intune portal main page, select **Devices** > **Configuration Profiles** > **Create a profile**. 1. Select the following and press **Create**: - **Platform**: Windows 10 and later - **Profile type**: Templates - **Template name**: Custom - :::image type="content" source="images/configlock-mem-createprofile.png" alt-text="In Configuration profiles, the Create a profile page is showing, with the Platform set to Windows 10 and later, and a Profile Type of Templates"::: + :::image type="content" source="images/configlock-mem-createprofile.png" alt-text="In Configuration profiles, the Create a profile page is showing, with the Platform set to Windows 10 and later, and a Profile Type of Templates."::: 1. Name your profile. -1. When you reach the Configuration Settings step, select “Add” and add the following information: +1. When you reach the Configuration Settings step, select "Add" and add the following information: - **OMA-URI**: ./Vendor/MSFT/DMClient/Provider/MS%20DM%20Server/ConfigLock/Lock - **Data type**: Integer - **Value**: 1
- To turn off Config Lock, change the value to 0. + To turn off config lock, change the value to 0. - :::image type="content" source="images/configlock-mem-editrow.png" alt-text="In the Configuration settings step, the Edit Row page is shown with a Name of Config Lock, a Description of Turn on Config Lock and the OMA-URI set as above, along with a Data type of Integer set to a Value of 1"::: + :::image type="content" source="images/configlock-mem-editrow.png" alt-text="In the Configuration settings step, the Edit Row page is shown with a Name of config lock, a Description of Turn on config lock and the OMA-URI set as above, along with a Data type of Integer set to a Value of 1."::: -1. Select the devices to turn on Config Lock. If you're using a test tenant, you can select “+ Add all devices”. +1. Select the devices to turn on config lock. If you're using a test tenant, you can select "+ Add all devices". 1. You'll not need to set any applicability rules for test purposes. -1. Review the Configuration and select “Create” if everything is correct. -1. After the device syncs with the Microsoft Intune server, you can confirm if the Config Lock was successfully enabled. +1. Review the Configuration and select "Create" if everything is correct. +1. After the device syncs with the Microsoft Intune server, you can confirm if the config lock was successfully enabled. - :::image type="content" source="images/configlock-mem-dev.png" alt-text="The Profile assignment status dashboard when viewing the Config Lock device configuration profile, showing one device has succeeded in having this profile applied"::: + :::image type="content" source="images/configlock-mem-dev.png" alt-text="The Profile assignment status dashboard when viewing the config lock device configuration profile, showing one device has succeeded in having this profile applied."::: - :::image type="content" source="images/configlock-mem-devstatus.png" alt-text="The Device Status for the Config Lock Device Configuration Profile, showing one device with a Deployment Status as Succeeded and two with Pending"::: + :::image type="content" source="images/configlock-mem-devstatus.png" alt-text="The Device Status for the config lock Device Configuration Profile, showing one device with a Deployment Status as Succeeded and two with Pending."::: -## Configuring Secured-Core PC features +## Configuring secured-core PC features -Config Lock is designed to ensure that a Secured-Core PC isn't unintentionally misconfigured. IT Admins retain the ability to change (enable/disable) SCPC features (for example Firmware protection) via Group Policies and/or mobile device management (MDM) tools, such as Microsoft Intune. +Config lock is designed to ensure that a secured-core PC isn't unintentionally misconfigured. You keep the ability to enable or disable SCPC features, for example, firmware protection. You can make these changes with group policies or MDM services like Microsoft Intune. + +:::image type="content" source="images/configlock-mem-firmwareprotect.png" alt-text="The Defender Firmware protection setting, with a description of Windows Defender System Guard protects your device from compromised firmware. The setting is set to Off."::: -:::image type="content" source="images/configlock-mem-firmwareprotect.png" alt-text="The Defender Firmware protection setting, with a description of Windows Defender System Guard protects your device from compromised firmware. The setting is set to Off"::: - ## FAQ -**Can an IT admins disable Config Lock ?**
- Yes. IT admins can use MDM to turn off Config Lock completely or put it in temporary unlock mode for helpdesk activities.
+- Can I disable config lock? Yes. You can use MDM to turn off config lock completely or put it in temporary unlock mode for helpdesk activities. ### List of locked policies |**CSPs** | |-----| -|[BitLocker ](bitlocker-csp.md) | +|[BitLocker](bitlocker-csp.md) | |[PassportForWork](passportforwork-csp.md) | |[WindowsDefenderApplicationGuard](windowsdefenderapplicationguard-csp.md) | -|[ApplicationControl](applicationcontrol-csp.md) - +|[ApplicationControl](applicationcontrol-csp.md) |**MDM policies** | **Supported by Group Policy** | |-----|-----| diff --git a/windows/client-management/mdm/images/configlock-mem-firmwareprotect.png b/windows/client-management/mdm/images/configlock-mem-firmwareprotect.png index 1e315bc4b1..d134a5fcb2 100644 Binary files a/windows/client-management/mdm/images/configlock-mem-firmwareprotect.png and b/windows/client-management/mdm/images/configlock-mem-firmwareprotect.png differ diff --git a/windows/client-management/quick-assist.md b/windows/client-management/quick-assist.md index 120ac4d165..9591465cfc 100644 --- a/windows/client-management/quick-assist.md +++ b/windows/client-management/quick-assist.md @@ -1,30 +1,31 @@ --- title: Use Quick Assist to help users -description: How IT Pros can use Quick Assist to help users +description: How IT Pros can use Quick Assist to help users. ms.prod: w10 -ms.sitesec: library -ms.topic: article -author: aczechowski +ms.technology: windows +ms.topic: how-to ms.localizationpriority: medium +author: aczechowski ms.author: aaroncz manager: dougeby +ms.reviewer: pmadrigal ms.collection: highpri --- # Use Quick Assist to help users -Quick Assist is a Windows application that enables a person to share their device with another person over a remote connection. Your support staff can use it to remotely connect to a user’s device and then view its display, make annotations, or take full control. In this way, they can troubleshoot, diagnose technological issues, and provide instructions to users directly on their devices. +Quick Assist is a Windows application that enables a person to share their device with another person over a remote connection. Your support staff can use it to remotely connect to a user's device and then view its display, make annotations, or take full control. In this way, they can troubleshoot, diagnose technological issues, and provide instructions to users directly on their devices. ## Before you begin -All that's required to use Quick Assist is suitable network and internet connectivity. No particular roles, permissions, or policies are involved. Neither party needs to be in a domain. The helper must have a Microsoft account. The sharer doesn’t have to authenticate. +All that's required to use Quick Assist is suitable network and internet connectivity. No particular roles, permissions, or policies are involved. Neither party needs to be in a domain. The helper must have a Microsoft account. The sharer doesn't have to authenticate. > [!NOTE] > In case the helper and sharer use different keyboard layouts or mouse settings, the ones from the sharer are used during the session. ### Authentication -The helper can authenticate when they sign in by using a Microsoft Account (MSA) or Azure Active Directory. Local Active Directory authentication is not supported at this time. +The helper can authenticate when they sign in by using a Microsoft Account (MSA) or Azure Active Directory (Azure AD). Local Active Directory authentication isn't currently supported. ### Network considerations @@ -32,18 +33,21 @@ Quick Assist communicates over port 443 (https) and connects to the Remote Assis Both the helper and sharer must be able to reach these endpoints over port 443: -| Domain/Name | Description | -|-----------------------------------|-------------------------------------------------------| -| \*.support.services.microsoft.com | Primary endpoint used for Quick Assist application | -| \*.resources.lync.com | Required for the Skype framework used by Quick Assist | -| \*.infra.lync.com | Required for the Skype framework used by Quick Assist | -| \*.latest-swx.cdn.skype.com | Required for the Skype framework used by Quick Assist | -| \*.login.microsoftonline.com | Required for logging in to the application (MSA) | -| \*.channelwebsdks.azureedge.net | Used for chat services within Quick Assist | -| \*.aria.microsoft.com | Used for accessibility features within the app | -| \*.api.support.microsoft.com | API access for Quick Assist | -| \*.vortex.data.microsoft.com | Used for diagnostic data | -| \*.channelservices.microsoft.com | Required for chat services within Quick Assist | +| Domain/Name | Description | +|--|--| +| `*.support.services.microsoft.com` | Primary endpoint used for Quick Assist application | +| `*.login.microsoftonline.com` | Required for logging in to the application (MSA) | +| `*.channelwebsdks.azureedge.net` | Used for chat services within Quick Assist | +| `*.aria.microsoft.com` | Used for accessibility features within the app | +| `*.api.support.microsoft.com` | API access for Quick Assist | +| `*.vortex.data.microsoft.com` | Used for diagnostic data | +| `*.channelservices.microsoft.com` | Required for chat services within Quick Assist | +| `*.skype.com` | Skype requests may vary based on geography. If connection issues persist, test this endpoint. | +| `*.remoteassistanceprodacs.communication.azure.com` | Azure Communication Services (ACS) technology the Quick Assist app uses. | +| `*.turn.azure.com` | Protocol used to help endpoint. | +| `browser.pipe.aria.microsoft.com` | Required diagnostic data for client and services used by Quick Assist. | +| `browser.events.data.microsoft.com` | Required diagnostic data for client and services used by Quick Assist. | +| `ic3.events.data.microsoft.com` | Required diagnostic data for client and services used by Quick Assist. | ## How it works @@ -73,9 +77,9 @@ Microsoft logs a small amount of session data to monitor the health of the Quick - Features used inside the app such as view only, annotation, and session pause -No logs are created on either the helper’s or sharer’s device. Microsoft cannot access a session or view any actions or keystrokes that occur in the session. +No logs are created on either the helper's or sharer's device. Microsoft can't access a session or view any actions or keystrokes that occur in the session. -The sharer sees only an abbreviated version of the helper’s name (first name, last initial) and no other information about them. Microsoft does not store any data about either the sharer or the helper for longer than three days. +The sharer sees only an abbreviated version of the helper's name (first name, last initial) and no other information about them. Microsoft doesn't store any data about either the sharer or the helper for longer than three days. In some scenarios, the helper does require the sharer to respond to application permission prompts (User Account Control), but otherwise the helper has the same permissions as the sharer on the device. @@ -83,8 +87,7 @@ In some scenarios, the helper does require the sharer to respond to application Either the support staff or a user can start a Quick Assist session. - -1. Support staff (“helper”) starts Quick Assist in any of a few ways: +1. Support staff ("helper") starts Quick Assist in any of a few ways: - Type *Quick Assist* in the search box and press ENTER. - From the Start menu, select **Windows Accessories**, and then select **Quick Assist**. @@ -94,15 +97,15 @@ Either the support staff or a user can start a Quick Assist session. 3. Helper shares the security code with the user over the phone or with a messaging system. -4. Quick Assist opens on the sharer’s device. The user enters the provided code in the **Code from assistant** box, and then selects **Share screen**. +4. Quick Assist opens on the sharer's device. The user enters the provided code in the **Code from assistant** box, and then selects **Share screen**. -5. The helper receives a dialog offering the opportunity to take full control of the device or just view its screen. After choosing, the helper selects **Continue**. +5. The helper receives a dialog offering the opportunity to take full control of the device or just view its screen. After they choose an option, the helper selects **Continue**. 6. The sharer receives a dialog asking for permission to show their screen or allow access. The sharer gives permission by selecting the **Allow** button. ## If Quick Assist is missing -If for some reason a user doesn't have Quick Assist on their system or it's not working properly, they might need to uninstall and reinstall it. +If for some reason a user doesn't have Quick Assist on their system or it's not working properly, try to uninstall and reinstall it. ### Uninstall Quick Assist @@ -122,4 +125,4 @@ If for some reason a user doesn't have Quick Assist on their system or it's not ## Next steps -If you have any problems, questions, or suggestions for Quick Assist, contact us by using the [Feedback Hub app](https://www.microsoft.com/p/feedback-hub/9nblggh4r32n?SilentAuth=1&wa=wsignin1.0&rtc=1#activetab=pivot:overviewtab). +If you have any problems, questions, or suggestions for Quick Assist, contact us by using the [Feedback Hub app](https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332). diff --git a/windows/deployment/do/images/imcc02.png b/windows/deployment/do/images/imcc02.png index 351dad7325..151fa69ed7 100644 Binary files a/windows/deployment/do/images/imcc02.png and b/windows/deployment/do/images/imcc02.png differ diff --git a/windows/deployment/do/images/imcc10.png b/windows/deployment/do/images/imcc10.png index e5da041358..53d2773ce6 100644 Binary files a/windows/deployment/do/images/imcc10.png and b/windows/deployment/do/images/imcc10.png differ diff --git a/windows/deployment/do/images/imcc11.png b/windows/deployment/do/images/imcc11.png index 9ffaac6072..bf45500aba 100644 Binary files a/windows/deployment/do/images/imcc11.png and b/windows/deployment/do/images/imcc11.png differ diff --git a/windows/deployment/do/images/imcc12.png b/windows/deployment/do/images/imcc12.png index fcb5d40a45..d776cb5913 100644 Binary files a/windows/deployment/do/images/imcc12.png and b/windows/deployment/do/images/imcc12.png differ diff --git a/windows/deployment/do/images/imcc13.png b/windows/deployment/do/images/imcc13.png index 3d2a566c8b..feee2d0e9c 100644 Binary files a/windows/deployment/do/images/imcc13.png and b/windows/deployment/do/images/imcc13.png differ diff --git a/windows/deployment/do/images/imcc14.png b/windows/deployment/do/images/imcc14.png index 627d496b4c..59dc405046 100644 Binary files a/windows/deployment/do/images/imcc14.png and b/windows/deployment/do/images/imcc14.png differ diff --git a/windows/deployment/do/images/imcc17.png b/windows/deployment/do/images/imcc17.png index ac6b5be124..f6b0ffcad7 100644 Binary files a/windows/deployment/do/images/imcc17.png and b/windows/deployment/do/images/imcc17.png differ diff --git a/windows/deployment/do/images/imcc18.png b/windows/deployment/do/images/imcc18.png index aa818361eb..5b89bfe31a 100644 Binary files a/windows/deployment/do/images/imcc18.png and b/windows/deployment/do/images/imcc18.png differ diff --git a/windows/deployment/do/images/imcc19.png b/windows/deployment/do/images/imcc19.png index 2a70b46b11..ead9d1c383 100644 Binary files a/windows/deployment/do/images/imcc19.png and b/windows/deployment/do/images/imcc19.png differ diff --git a/windows/deployment/do/images/imcc26.png b/windows/deployment/do/images/imcc26.png index c46a7e6363..b64e3849dc 100644 Binary files a/windows/deployment/do/images/imcc26.png and b/windows/deployment/do/images/imcc26.png differ diff --git a/windows/deployment/do/images/imcc27.png b/windows/deployment/do/images/imcc27.png index 01076b3ae5..c37713364f 100644 Binary files a/windows/deployment/do/images/imcc27.png and b/windows/deployment/do/images/imcc27.png differ diff --git a/windows/deployment/do/images/imcc28.png b/windows/deployment/do/images/imcc28.png index a7aa7eecd7..cc99b61638 100644 Binary files a/windows/deployment/do/images/imcc28.png and b/windows/deployment/do/images/imcc28.png differ diff --git a/windows/deployment/do/images/imcc29.png b/windows/deployment/do/images/imcc29.png deleted file mode 100644 index 2291487e5b..0000000000 Binary files a/windows/deployment/do/images/imcc29.png and /dev/null differ diff --git a/windows/deployment/do/images/imcc30.png b/windows/deployment/do/images/imcc30.png index 8cabce52c8..42301d5c4c 100644 Binary files a/windows/deployment/do/images/imcc30.png and b/windows/deployment/do/images/imcc30.png differ diff --git a/windows/deployment/do/images/imcc54.png b/windows/deployment/do/images/imcc54.png new file mode 100644 index 0000000000..c40ab0c5c9 Binary files /dev/null and b/windows/deployment/do/images/imcc54.png differ diff --git a/windows/deployment/do/images/imcc55.PNG b/windows/deployment/do/images/imcc55.PNG new file mode 100644 index 0000000000..2875d4d56e Binary files /dev/null and b/windows/deployment/do/images/imcc55.PNG differ diff --git a/windows/deployment/do/mcc-isp.md b/windows/deployment/do/mcc-isp.md index dd4a7afbbc..458c5af1b4 100644 --- a/windows/deployment/do/mcc-isp.md +++ b/windows/deployment/do/mcc-isp.md @@ -1,593 +1,740 @@ --- title: Microsoft Connected Cache for Internet Service Providers (ISPs) -manager: dougeby description: Details on Microsoft Connected Cache (MCC) for Internet Service Providers (ISPs). -keywords: updates, downloads, network, bandwidth ms.prod: w10 -ms.mktglfcycl: deploy -audience: itpro -author: carmenf +ms.technology: windows ms.localizationpriority: medium -ms.author: carmenf +author: amymzhou +ms.author: aaroncz +ms.reviewer: carmenf +manager: dougeby ms.collection: M365-modern-desktop -ms.topic: article +ms.topic: how-to +ms.date: 05/20/2022 --- # Microsoft Connected Cache for Internet Service Providers (ISPs) -**Applies to** +_Applies to_ -- Windows 10 +- Windows 10 - Windows 11 ## Overview > [!IMPORTANT] -> Microsoft Connected Cache is currently a private preview feature. During this phase we invite customers to take part in early access for testing purposes. This phase does not include formal support, and should not be used for production workloads. For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/). +> Microsoft Connected Cache is currently a private preview feature. During this phase we invite customers to take part in early access for testing purposes. This phase doesn't include formal support. Instead, you'll be working directly with the product team to provide feedback on Microsoft Connected Cache. For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/). -Microsoft Connected Cache (MCC) preview is a software-only caching solution that delivers Microsoft content within Enterprise networks. MCC can be deployed to as many physical servers or VMs as needed, and is managed from a cloud portal. Microsoft cloud services handle routing of consumer devices to the cache server for content downloads. +Microsoft Connected Cache (MCC) preview is a software-only caching solution that delivers Microsoft content within operator networks. MCC can be deployed to as many physical servers or VMs as needed and is managed from a cloud portal. Microsoft cloud services handle routing of consumer devices to the cache server for content downloads. -Microsoft Connected Cache is a Hybrid (mix of on-prem and cloud resources) solution composed of a Docker compatible Linux container deployed to your server and a cloud management portal. Microsoft chose Azure IoT Edge (more information on IoT Edge [in the appendix](#iot-edge-runtime)) as a secure and reliable control plane, and even though your scenario is not related to IoT, Azure IoT Edge is our secure Linux container deployment and management infrastructure. Azure IoT Edge consists of three components that the Microsoft Connected Cache infrastructure will utilize: - -1. A cloud-based interface that enables secure, remote installation, monitoring, and management of MCC nodes. -2. A runtime that securely manages the modules deployed to each device. -3. Modules/containers that run the MCC functionality on your device. +Microsoft Connected Cache is a hybrid application, in that it's a mix of on-premises and cloud resources. It's composed of a Docker-compatible Linux container deployed to your server and a cloud management portal. Microsoft chose Azure IoT Edge as a secure and reliable control plane. For more information on IoT Edge, see the [Appendix](#appendix). Even though your scenario isn't related to IoT, Azure IoT Edge is our secure Linux container deployment and management infrastructure. ## How MCC works -The following steps describe how MCC is provisioned and used. +:::image type="content" source="images/imcc01.png" alt-text="Data flow diagram of how Microsoft Connected Cache works." lightbox="images/imcc01.png"::: -1. The Azure Management Portal used to create and manage MCC nodes. -2. The MCC container is deployed and provisioned to the server. -3. The Azure Management Portal is used to configure Microsoft Delivery Optimization Services to route traffic to the MCC server by providing two pieces of information: - - The publicly accessible IPv4 address of the server hosting the MCC container. - - The CIDR blocks that represent the client IP address space, which should be routed to the MCC node. -4. Microsoft end-user devices periodically connect with Microsoft Delivery Optimization Services, and the services match the IP address of the client with the IP address of the corresponding MCC node. -5. Microsoft end-user devices make the range requests for content from the MCC node. -6. An MCC node pulls content from the CDN, seeds its local cache stored on disk, and delivers the content to the client. -7. Subsequent requests from end-user devices for content will now come from cache. -8. If the MCC node is unavailable, the client will pull content from CDN to ensure uninterrupted service for your subscribers. +The following steps describe how MCC is provisioned and used: - ![MCC overview 1](images/imcc01.png) +1. The Azure Management Portal is used to create and manage MCC nodes. -## ISP Requirements for MCC +2. A shell script is used to provision the server and deploy the MCC application. -1. **Azure subscription**: The MCC management portal is hosted within Azure, and is used to create the Connected Cache Azure resource and IoT Hub resource. Both are free services. +3. A combination of the Azure Management Portal and shell script is used to configure Microsoft Delivery Optimization Services to route traffic to the MCC server. - Your Azure subscription ID is first used to provision MCC services, and enable access to the preview. The MCC server requirement for an Azure subscription will cost you nothing. If you don't have an Azure subscription already, you can create an Azure [Pay-As-You-Go](https://azure.microsoft.com/offers/ms-azr-0003p/) account which requires a credit card for verification purposes. For more information, see the [Azure Free Account FAQ](https://azure.microsoft.com/free/free-account-faq/). + - The publicly accessible IPv4 address of the server is configured on the portal. - The resources used for the preview, and in the future when this product is ready for production, will be completely free to you - like other caching solutions. - - > [!NOTE] - > If you request Exchange or Public peering in the future, business email addresses must be used to register ASN's, because Microsoft does not accept gmail or other non-business email addresses. + - **Manual Routing:** Providing the CIDR blocks that represent the client IP address space, which should be routed to the MCC node. -2. **Hardware to host MCC**: The recommended configuration will serve approximately 35,000 consumer devices, downloading a 2GB payload in 24-hour timeframe at a sustained rate of 6.5 Gbps. + - **BGP Routing:** A shell script is used to initiate a peering session with a router in the operator network, and the operator initiates a session with the MCC node. + + > [!NOTE] + > Only IPv4 addresses are supported at this time. Entering IPv6 addresses will result in an error. + +4. Microsoft end-user devices (clients) periodically connect with Microsoft Delivery Optimization Services, and the services match the IP address of the client with the IP address of the corresponding MCC node. + +5. Microsoft clients make the range requests for content from the MCC node. + +6. A MCC node gets content from the CDN, seeds its local cache stored on disk, and delivers the content to the client. + +7. Subsequent requests from end-user devices for content will be served from cache. + +8. If the MCC node is unavailable, the client gets content from the CDN to ensure uninterrupted service for your subscribers. + +## ISP requirements for MCC + +### Azure subscription + +The MCC management portal is hosted within Azure. It's used to create the Connected Cache Azure resource and IoT Hub resource. Both are _free_ services. + +> [!NOTE] +> If you request Exchange or Public peering in the future, business email addresses must be used to register ASNs. Microsoft doesn't accept Gmail or other non-business email addresses. + +Your Azure subscription ID is first used to provision MCC services and enable access to the preview. The MCC server requirement for an Azure subscription will cost you nothing. If you don't have an Azure subscription already, you can create an Azure [Pay-As-You-Go](https://azure.microsoft.com/offers/ms-azr-0003p/) account, which requires a credit card for verification purposes. For more information, see the [Azure free account FAQ](https://azure.microsoft.com/free/free-account-faq/). _Don't submit a trial subscription_ as you'll lose access to your Azure resources after the trial period ends. + +The resources used for the preview, and in the future when this product is ready for production, will be free to you - like other caching solutions. + +> [!IMPORTANT] +> To join the Microsoft Connected Cache private preview, provide your Azure subscription ID by filling out [this survey](https://aka.ms/MCCForISPSurvey). + +### Hardware to host the MCC + +This recommended configuration can egress at a rate of 9 Gbps with a 10 Gbps NIC. + +#### Disk requirements -Disk requirements: - SSDs are recommended due to improved cache read speeds of SSD, compared to HDD. - Using multiple disks is recommended to improve cache performance. - RAID disk configurations are discouraged because cache performance will be impacted. If you're using RAID disk configurations, ensure striping. - The maximum number of disks supported is 10. -NIC requirements: -- Multiple NICs on a single MCC instance are not supported. -- 10Gbps NIC is the minimum speed recommended, but any NIC is supported. +#### NIC requirements + +- Multiple NICs on a single MCC instance are supported using a _link aggregated_ configuration. +- 10 Gbps NIC is the minimum speed recommended, but any NIC is supported. ### Sizing recommendations +The MCC module is optimized for Ubuntu 20.04 LTS. Install Ubuntu 20.04 LTS on a physical server or VM of your choice. The following recommended configuration can egress at a rate of 9 Gbps with a 10 Gbps NIC. + | Component | Minimum | Recommended | | -- | --- | --- | | OS | Ubuntu 20.04 LTS VM or physical server | Ubuntu 20.04 LTS VM or physical server (preferred) | | NIC | 10 Gbps| at least 10 Gbps | -| Disk | SSD
1 drive
2TB each |SSD
2-4 drives
at least 2TB each | -| Memory | 8GB | 32GB or greater | +| Disk | SSD
1 drive
2 TB each |SSD
2-4 drives
at least 2 TB each | +| Memory | 8 GB | 32 GB or greater | | Cores | 4 | 8 or more | ## Steps to deploy MCC To deploy MCC: -1. [Provide Microsoft with the Azure subscription ID](#provide-microsoft-with-the-azure-subscription-id) +1. [Provide Microsoft with your Azure subscription ID](#provide-microsoft-with-your-azure-subscription-id) 2. [Create the MCC Resource in Azure](#create-the-mcc-resource-in-azure) -3. [Create an MCC Node](#create-an-mcc-node-in-azure): IP address space approval information is required for this step. -4. [Edit Cache Node Information](#edit-cache-node-information) -5. [Set up your server](#set-up-a-server-with-sr-or-an-ubuntu) -6. [Install MCC on a physical server or VM](#install-mcc) -7. [Verify proper functioning MCC server](#verify-proper-functioning-mcc-server) -8. [Review the MCC summary report](#verify-server-side) -9. [Review common issues](#common-issues) if needed. +3. [Create a Cache Node](#create-a-mcc-node-in-azure) +4. [Configure Cache Node Routing](#edit-cache-node-information) +5. [Install MCC on a physical server or VM](#install-mcc) +6. [Verify properly functioning MCC server](#verify-properly-functioning-mcc-server) +7. [Review common issues if needed](#common-issues) -For questions regarding these instructions contact [msconnectedcache@microsoft.com](mailto:msconnectedcache@microsoft.com) +For questions regarding these instructions, contact [msconnectedcache@microsoft.com](mailto:msconnectedcache@microsoft.com). -## Provide Microsoft with the Azure Subscription ID +## Provide Microsoft with your Azure subscription ID -As part of the MCC preview onboarding process an Azure subscription ID must be provided to Microsoft. +As part of the MCC preview onboarding process, an Azure subscription ID must be provided to Microsoft. > [!IMPORTANT] -> [Contact Microsoft](mailto:mccforenterprise@microsoft.com?subject=[MCC%20for%20Enterprise]%20Please%20add%20our%20Azure%20subscription%20to%20the%20allow%20list) and provide your Azure subscription ID if you have not already. You'll not be able to proceed if you skip this step. +> If you haven't already, provide your Azure subscription ID by filling out [this survey](https://aka.ms/MCCForISPSurvey). You can't continue if you skip this step. - -For information about creating or locating your subscription ID, see [Steps to obtain an Azure Subscription ID](#steps-to-obtain-an-azure-subscription-id). +For information about creating or locating your subscription ID, see [Steps to obtain an Azure subscription ID](#steps-to-obtain-an-azure-subscription-id). ### Create the MCC resource in Azure -The MCC Azure management portal is used to create and manage MCC nodes. An Azure Subscription ID is used to grant access to the preview and to create the MCC resource in Azure and Cache nodes. +The MCC Azure management portal is used to create and manage MCC nodes. An Azure subscription ID is used to grant access to the preview and to create the MCC resource in Azure and cache nodes. -Send email to the MCC team ([msconnectedcache@microsoft.com](mailto:msconnectedcache@microsoft.com)) with your Azure subscription ID to get access to the preview. The team will send you a link to the Azure portal, which will allow you to create the resource described below. +Operators who have been given access to the program will be sent a link to the Azure portal, which will allow you to create this resource. -1. Choose **Create a resource** +1. Choose **Create a resource**. - ![eMCC img02](images/imcc02.png) + :::image type="content" source="images/imcc02.png" alt-text="Select the option to 'Create a resource' in the Azure portal."::: -2. Type **Microsoft Connected Cache** into the search box, and hit **Enter** to show search results. +1. Type **Microsoft Connected Cache** into the search box and press **Enter** to show the search results. -3. Select **Microsoft Connected Cache** and choose **Create** on the next screen to start the process of creating the MCC resource. +1. Select **Microsoft Connected Cache**. - ![iMCC img03](images/imcc03.png) - ![iMCC img04](images/imcc04.png) + :::image type="content" source="images/imcc03.png" alt-text="Search the Azure Marketplace for 'Microsoft Connected Cache'."::: -4. Fill in the required fields to create the MCC resource. + > [!IMPORTANT] + > Don't select _Connected Cache Resources_, which is different from **Microsoft Connected Cache**. - - Choose the subscription that you provided to Microsoft. - - Azure resource groups are logical groups of resources. Create a new resource group and choose a name for your resource group. - - Choose **(US) West US**” for the location of the resource. This choice will not impact MCC if the physical location isn't in the West US, it is just a limitation of the preview. +1. Select **Create** on the next screen to start the process of creating the MCC resource. - > [!NOTE] - > Your MCC resource will not be created properly if you don't select **(US) West US** + :::image type="content" source="images/imcc04.png" alt-text="Select the option to Create the Microsoft Connected Cache service."::: - - Choose a name for the MCC resource. +1. Fill in the following required fields to create the MCC resource: - ![iMCC emg05](images/imcc05.png) + - Choose the **Subscription** that you provided to Microsoft. -5. Once all the information has been entered, click the **Review + Create** button. Once validation is complete, click the **Create** button to start the - resource creation. + - Azure resource groups are logical groups of resources. Create a new **Resource group** and choose a name for it. - ![iMCC img06](images/imcc06.png) + - Choose **(US) West US** for the **Location** of the resource. This choice won't impact MCC if the physical location isn't in the West US, it's just a limitation of the preview. -#### Error: Validation failed + > [!NOTE] + > Your MCC resource won't create properly if you don't select **(US) West US**. -- If you get a Validation failed error message on your portal, it is likely because you selected the **Location** as **US West 2** or some other location that isn't **(US) West US**. -- To resolve this error, go to the previous step and choose **(US) West US**. + - Specify a **Connected Cache Resource Name**. - ![iMCC img07](images/imcc07.png) + :::image type="content" source="images/imcc05.png" alt-text="Enter the required information to create a Connected Cache in Azure."::: -### Create an MCC node in Azure +1. Select **Review + Create**. Once validation is complete, select **Create** to start the resource creation. -Creating a MCC node is a multi-step process and the first step is to access the MCC private preview management portal. + :::image type="content" source="images/imcc06.png" alt-text="'Your deployment is complete' message displaying deployment details."::: -1. After the successful resource creation click on the **Go to resource**. -2. Under **Cache Node Management** section on the leftmost panel, click on **Cache Nodes**. +#### Common Resource Creation Errors - ![iMCC img08](images/imcc08.png) +##### Error: Validation failed -3. On the **Cache Nodes** blade, click on the **Create Cache Node** button. +If you get the error message "Validation failed" in the Azure portal, it's likely because you selected the **Location** as **US West 2** or another unsupported location. To resolve this error, go to the previous step and choose **(US) West US** for the **Location**. - ![iMCC img09](images/imcc09.png) +:::image type="content" source="images/imcc07.png" alt-text="'Validation failed' error message for Connected Cache in an unsupported location."::: -4. Clicking the **Create Cache Node** button will open the **Create Cache Node** page; **Cache Node Name** is the only field required for cache node creation. +##### Error: Could not create Marketplace item -| **Field Name** | **Expected Value** | **Description** | -|-------------------------------|--------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **Cache Node Name** | Alphanumeric name that includes no spaces. | The name of the cache node. You may choose names based on location like Seattle-1. This name must be unique and can't be changed later. | -| **Server II Address** | Ipv4 Address | IP address of your MCC server. This is used to route end-user devices in your network to the server for Microsoft content downloads. **The IP address must be publicly accessible.** | -| **Address Range/CIDR Blocks** | IPv4 CIDR notation | IP Address range/CIDR blocks that should be routed to the MCC server as a comma separated list. For example: 2.21.234.0/24 , 3.22.235.0/24 , 4.23.236.0/24 | -| **Enable Cache Node** | Enable/Disable Radio Button | **Enable** permits the cache node to receive content requests.
**Disable** prevents the cache node from receiving content requests.
Cache nodes are enabled by default. | +If you get the error message "Could not create marketplace item" in the Azure portal, use the following steps to troubleshoot: - ![iMCC img10](images/imcc10.png) +- Make sure that you've selected **Microsoft Connected Cache** and not _Connected Cache resources_ while trying to create a MCC resource. -Hovering your cursor next to each field will populate the details of that field. +- Make sure that you're using the same subscription that you provided to Microsoft and you have privileges to create an Azure resource. - ![iMCC img11](images/imcc11.png) +- If the issue persists, clear your browser cache and start in a new window. -There are two other read-only fields on this page that are populated after the cache node is created: +### Create a MCC node in Azure -| **Field Name** | **Description** | -|---------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **IP Space** | Number of IP addresses that will be routed to your cache server. | -| **Activation Keys** | Set of keys to activate your cache node with the MCC services. Copy the keys for use during install. The CustomerID is your Azure subscripiton ID. | +1. After you successfully create the resource, select **Go to resource**. -5. Enter the information for the Cache Node and click on the Create button. In the screenshot below only the Cache Node Name is provided, but all information can be included if desired. +1. Under the **Cache Node Management** section in the left panel, select **Cache Nodes**. - ![iMCC img12](images/imcc12.png) + :::image type="content" source="images/imcc08.png" alt-text="The 'Cache Nodes' option in the Cache Node Management menu section."::: - If there are errors the form will provide guidance on how to correct the errors. For example: +1. On the **Cache Nodes** section, select **Create Cache Node**. - - The cache node name is in use in the resource or is an incorrect format. - - If the CIDR block notation or list is incorrect. - - The server IP address or CIDR block are already in use. + :::image type="content" source="images/imcc09.png" alt-text="Select the 'Create Cache Node' option."::: - See the following example with all information entered: +1. This action opens the **Create Cache Node** page. The only required fields are **Cache Node Name** and **Max Allowable Egress (Mbps)**. - ![iMCC img13](images/imcc13.png) + | Field name | Expected value | Description | + |--|--|--| + | **Cache Node Name** | Alphanumeric name that includes no spaces. | The name of the cache node. You may choose names based on location like Seattle-1. This name must be unique and can't be changed later. | + | **Server IP Address** | IPv4 Address | IP address of your MCC server. This address is used to route end-user devices in your network to the server for Microsoft content downloads. _The IP address must be publicly accessible._ | + | **Max Allowable Egress (Mbps)** | Integer in Mbps | The maximum egress (Mbps) of your MCC based on the specifications of your hardware. For example, `10,000` Mbps. | + | **Address Range/CIDR Blocks** | IPv4 CIDR notation | The IP address range (CIDR blocks) that should be routed to the MCC server as a comma separated list. For example: `2.21.234.0/24, 3.22.235.0/24, 4.23.236.0/24` | + | **Enable Cache Node** | Enable or Disable | **Enable** permits the cache node to receive content requests.
**Disable** prevents the cache node from receiving content requests.
Cache nodes are enabled by default. | - Once the MCC Node has been created, the installer instructions will be exposed. More details on the installer instructions will be addressed later in this doc can be found at the [Install Connected Cache](#install-mcc) section. + :::image type="content" source="images/imcc10.png" alt-text="Available fields on the Create Cache Node page."::: - ![iMCC img14](images/imcc14.png) + > [!TIP] + > The information icon next to each field provides a description. + > + > :::image type="content" source="images/imcc11.png" alt-text="Create Cache Node page showing the description for the Server IP Address field."::: + + > [!NOTE] + > After you create the cache node, if you return to this page, it populates the values for the two read-only fields: + > + > | Field name | Description | + > |--|--| + > | **IP Space** | Number of IP addresses that will be routed to your cache server. | + > | **Activation Keys** | Set of keys to activate your cache node with the MCC services. Copy the keys for use during install. The CustomerID is your Azure subscription ID. | + +1. Enter the information to create the cache node, and then select **Create**. + + :::image type="content" source="images/imcc12.png" alt-text="Select 'Create' on the Create Cache Node page."::: + +If there are errors, the page gives you guidance on how to correct the errors. For example: + +- The cache node name is already in use in the resource or is an incorrect format. +- The CIDR block notation or list is incorrect. +- The server IP address or CIDR block is already in use. + +See the following example with all information entered: + +:::image type="content" source="images/imcc13.png" alt-text="Create Cache Node page with all information entered."::: + +Once you create the MCC node, it will display the installer instructions. For more information on the installer instructions, see the [Install Connected Cache](#install-mcc) section. + +:::image type="content" source="images/imcc14.png" alt-text="Cache node successfully created with Connected Cache installer instructions."::: ### IP address space approval -There are three states for IP address space that are explained in the table below. The preview will require approval from Microsoft CIDR block ranges that contain more than 50,000 IP addresses. In the future, MCC configuration will support BGP and will therefore have automatic routing capabilities. +There are three states for IP address space. MCC configuration supports BGP and has automatic routing capabilities. -| **IP address space status** | **Description** | -|------------------------|------------------------------------| -| **Valid** | The IP address space is below the 50,000 IP address space threshold and the space does not overlap with existing cache nodes. | -| **In Review** | The IP address space exceeds the 50,000 IP address space and is under review with Microsoft to ensure valid IP address space. | -| **Attention Required** | The IP address space has been reviewed and an issue was discovered. Some examples include: IP address space overlap with existing cache node belonging to another customer. IP address space was exceedingly large. Contact Microsoft for more information if your IP address space has this status. | +- **Valid**: The IP address space is approved. -See the following example: +- **In Review**: The IP address space is under review with Microsoft to ensure valid IP address space. -![iMCC img15](images/imcc15.png) +- **Attention Required**: The IP address space has been reviewed and an issue was discovered. For example: -## Edit Cache Node Information + - The IP address space overlaps with an existing cache node that belongs to another customer -IP address or CIDR information can be modified for existing MCC nodes in the portal. + - The IP address space was exceedingly large. -To edit IP address or CIDR information, click on the Cache Node Name which will open the Cache Node Configuration page. Cache nodes can be deleted here by clicking the check box to the left of a Cache Node Name and then clicking the delete toolbar item. Be aware that if a cache node is deleted, there is no way to recover the cache node or any of the information related to the cache node. + If your IP address space has this status, contact Microsoft for more information. -![iMCC img16](images/imcc16.png) +:::image type="content" source="images/imcc15.png" alt-text="A list of cache node names with example IP address space statuses."::: -The Server IP Address, Address Range/CIDR Blocks, and Enable Cache Node are all editable as show below: +## Edit cache node information -![iMCC img17](images/imcc17.png) +:::image type="content" source="images/imcc16.png" alt-text="Cache Nodes list in the Azure portal."::: -## Set up a server with SR or an Ubuntu +To modify the configuration for existing MCC nodes in the portal, select the cache node name in the cache nodes list. This action opens the **Cache Node Configuration** page. You can edit the **Server IP Address** or **Address Range/CIDR Blocks** field. You can also enable or disable the cache node. -The MCC module is optimized for Ubuntu 20.04 LTS. Install Ubuntu 20.04 LTS on a physical server or VM of your choice. As discussed earlier, the recommended configuration (details below) will serve approximately 35,000 consumer devices downloading a 2GB payload in 24-hour timeframe at a sustained rate of 6.5 Gbps. +:::image type="content" source="images/imcc17.png" alt-text="Cache Node Configuration page, highlighting editable fields."::: -| | **Minimum** | **Recommended** | -|-------------|---------------------------------------------|----------------------------------------------------| -| **Server** | Ubuntu 20.04 LTS VM or physical server | Ubuntu 20.04 LTS VM or physical server (preferred) | -| **NIC** | 10 Gbps | 10 Gbps | -| **Disk** | SSD 1 – 2 drives minimum 2 TB each minimum | SSD 2 – 4 drives minimum 2 TB each minimum | -| **Memory** | 8 GB | 32 GB or more | -| **Cores** | 4 | 8 or more | +To delete a cache node, select it in the cache nodes list, and then select **Delete** in the toolbar. If you delete a cache node, there's no way to recover it or any of the information related to the cache node. ## Install MCC -Installing MCC on your physical server or VM is a straightforward process. A Bash script installer performs the following tasks: +To install MCC on your physical server or VM, you use a Bash script installer, which runs the following tasks: -- Azure IoT Edge relies on an OCI-compatible container runtime. The script - will install the Moby engine and CLI. -- Installs IoT Edge. -- Installs SSH to support remote access to the server -- Enables the firewall and opens port 80 for inbound and outbound traffic. Port 80 is used by MCC. -- Configures Connected Cache tuning settings. -- Creates the necessary *FREE* Azure resource - IoT Hub/IoT Edge. -- Deploys the MCC container to server. +- Installs the Moby engine and CLI. +- Installs IoT Edge. +- Installs SSH to support remote access to the server. +- Enables the firewall and opens port 80 for inbound and outbound traffic. The MCC uses port 80. +- Configures Connected Cache tuning settings. +- Creates the necessary free Azure resource: IoT Hub/IoT Edge. +- Deploys the MCC container to the server. > [!IMPORTANT] -> Ensure that port 5000 is open so Microsoft can verify proper functioning of the cache server +> Make sure that the following ports are open so that Microsoft can verify proper functionality of the cache server: +> +> - 80: content delivery +> - 179: BGP session +> - 443: IoT Edge secure communication +> - 5000: (optional) used to view locally running report +> - 5671: IoT Edge communication/container management +> - 8883: IoT Edge communication/container management ### Steps to install MCC -1. Download and unzip mccinstaller.zip from the create cache node page or cache node configuration page which contains the necessary installation files. +Before you start, make sure that you have a data drive configured on your server. You'll need to specify the location for this cache drive during this process. The minimum size for the data drive is 100 GB. For instructions to mount a disk on a Linux VM, see [Attach a data disk to a Linux VM](/azure/virtual-machines/linux/attach-disk-portal#find-the-disk). - ![iMCC img18](images/imcc18.png) +1. From either **Create Cache Node** or **Cache Node Configuration** pages, select **Download Installer** to download the installer file. - Files contained in the mccinstaller.zip file: + :::image type="content" source="images/imcc18.png" alt-text="The Create Cache Node page highlighting the Download Installer action."::: - - **installmcc.sh** – main installer file. - - **installIotEdge.sh** – Installs the necessary prerequisites like IoT Edge runtime and Docker and makes necessary host OS settings to optimization caching performance. - - **resourceDeploymentForConnectedCache.sh** – Creates Azure cloud resources required to support MCC control plane. - - **mccdeployment.json** – Deployment manifest used by IoT Edge to deploy the MCC container and configure settings on the container like cache drives location sizes. + Unzip the **mccinstaller.zip** file, which includes the following installation files and folders: -2. Copy all 4 installation files to your Linux server (physical or VM) + - Diagnostics folder: Used to create diagnostics support bundle. + - **installmcc.sh**: Main installer file. + - **installIotEdge.sh**: Installs the necessary prerequisites. For example, IoT Edge runtime and Docker. It also makes necessary host OS settings to optimize caching performance. + - **resourceDeploymentForConnectedCache.sh**: Creates Azure cloud resources required to support the MCC control plane. + - **mccdeployment.json**: Deployment manifest used by IoT Edge to deploy the MCC container. It also configures settings on the container like cache drives location and sizes. + - **mccupdate.json** + - **packagever.txt** + - **uninstallmcc.sh**: Main uninstaller file. + - **updatemcc.sh**: Main update file. -3. Before proceeding, ensure that you have a data drive configured on your server. You'll need to specify the location for this cache drive on step 9. Mimimum size for the data drive is 100GB. For instructions to mount a disk on a Linux VM, see [Attach a data disk to a Linux VM](/azure/virtual-machines/linux/attach-disk-portal#find-the-disk) +1. Copy all files to your Linux server. -4. Open a terminal and change the access permissions to execute on the **installmcc.sh** Bash script file using chmod. +1. Open a terminal window. Change the access permissions to execute on the **installmcc.sh** Bash script file using `chmod`. ```bash sudo chmod +x installmcc.sh ``` -5. Copy the Bash script line provided and run the Bash script from the terminal. +1. In the Azure portal, in the Connected Cache installer instructions, copy the cache node installer Bash script command. Run the Bash script from the terminal. - ![iMCC img19](images/imcc19.png) + :::image type="content" source="images/imcc19.png" alt-text="Copy the cache node installer Bash script in the Connected Cache installer instructions."::: -6. You'll be prompted to sign in to the Azure Portal using a device code. +1. Sign in to the Azure portal with a device code. - ![iMCC img20](images/imcc20.png) + :::image type="content" source="images/imcc20.png" alt-text="Bash script prompt to sign in to the Azure portal with a device code."::: -7. You'll be prompted to enter the Azure Container Registry (ACR) password for access to the MCC container. +1. Specify the number of drives to configure. Use an integer value less than 10. - ![iMCC img21](images/imcc21.png) + :::image type="content" source="images/imcc22.png" alt-text="Bash script prompt to enter the number of cache drives to configure."::: -8. You'll then be prompted with the number of drives to configure. +1. Specify the location of the cache drives. For example, `/datadrive/` - ![iMCC img22](images/imcc22.png) + :::image type="content" source="images/imcc23.png" alt-text="Bash script prompt to enter the location for cache drive."::: -9. The script will prompt for location and size of the cache drives. + > [!IMPORTANT] + > The script changes the permission and ownership on the cache drive to **everyone** with the command `chmod 777`. + > + > Don't point the cache drive to any of the following locations: + > + > - `.` + > - `./var` + > - `/` + > - `` + > + > Specifying any of these will corrupt the OS, and you'll need to re-install the image again. - ![iMCC img23](images/imcc23.png) +1. Specify an integer value as the size in GB for each cache drive. The minimum is `100` GB. -> [!IMPORTANT] -> The permissions / ownerships on the cache drive location will be changed to everyone via chmod 777
-> **Don't** point the cache drive location to any of the following: “**.**”, “**./var**”, “**/**”, “**\**” + :::image type="content" source="images/imcc24.png" alt-text="Bash script prompt to enter the amount of space to allocate to the cache drive."::: -Specifying any of the directories mentioned above will corrupt the VM and you -will need to provision a new one. +1. Specify whether you have an existing IoT Hub. -![iMCC img24](images/imcc24.png) + - If this process is for your _first MCC deployment_, enter `n`. -1. If this is your first MCC deployment, select “n” when - prompted for an IoT Hub. If this is **not** your first MCC deployment, you - can use an existing IoT hub from your previous MCC installation. After - selecting “Y”, we will display your existing IoT Hubs, you can copy and - paste the resulting IoT Hub name to continue. + - If you already have a MCC deployment, you can use an existing IoT Hub from your previous installation. Select `Y` to see your existing IoT Hubs. You can copy and paste the resulting IoT Hub name to continue. - ![iMCC img25](images/imcc25.png) + :::image type="content" source="images/imcc25.png" alt-text="Bash script output with steps for existing IoT Hub."::: -2. If there are no errors go to the next step. +1. If you want to configure BGP, enter `y`. If you want to use manual entered prefixes for routing, enter `n` and skip to Step 16. You can always configure BGP at a later time using the Update Script. - - If there are errors, inspect the installer logs which are under /etc/mccresourcecreation/. - - If there were follow the instructions to [Troubleshoot your IoT Edge device(/azure/iot-edge/troubleshoot). + 1. Enter the number of BGP neighbors you want to configure. + 1. Enter the IP address for the neighbor. + 1. Enter the ASN corresponding to that neighbor. This value should be the same ASN as the MCC -iBGP connection. + 1. Repeat these steps for each neighbor you need to configure. -## Verify Proper Functioning MCC Server + > [!NOTE] + > With the BGP configuration, you're essentially setting up an iBGP neighbor in your public ASN. For example, when you initiate the BGP session from the router to the cache node, you would use your own ASN. + +1. BGP is now configured from the MCC side. From your end, establish a neighborship from your router to MCC's host machine. Use the IP address of the host machine that's running the MCC container. + + 1. Make sure there aren't any firewall rules blocking this connection. + 1. Verify that the BGP connection has been established and that you're advertising routes to the MCC. + 1. Wait five minutes to refresh the cache node page in the Azure portal to see the BGP routes. + +1. Confirm the update is complete by running the following command. + + ```bash + sudo iotedge list + ``` + + Make sure MCC is running on the latest version. If you only see **edgeAgent** and **edgeHub**, wait five minutes and run this command again. + +1. Make sure MCC is reachable. Replace `` with the IP address of your MCC or localhost. + + ```bash + wget http:///mscomtest/wuidt.gif?cacheHostOrigin=au.download.windowsupdate.com + ``` + +1. After you successfully complete the update, go to the Azure portal. To check the routes being reported, select **Download JSON**. + +1. To start routing using BGP, change the **Prefix Source** from **Manually Entered** to **Use BGP**. + + :::image type="content" source="images/imcc55.PNG" alt-text="Cache node configuration with the Prefix Source set to Use BGP."::: + + +1. If there are no errors, go to the next section to verify the MCC server. + + If there are errors: + + - Inspect the installer logs, which are in the following path: `/etc/mccresourcecreation/` + + - For more information, see [Troubleshoot your IoT Edge device](/azure/iot-edge/troubleshoot). + +## Verify properly functioning MCC server ### Verify client side -Sign in to the Connected Cache server or ssh and run the following command from a terminal to see the running modules (containers): +Sign in to the Connected Cache server or use SSH. Run the following command from a terminal to see the running modules (containers): ```bash -sudo iotedge list​ +sudo iotedge list ``` -![iMCC img26](images/imcc26.png) +:::image type="content" source="images/imcc26.png" alt-text="Terminal output of iotedge list command, showing the running containers."::: -If **edgeAgent** and **8edgeHub** containers are listed, but not “MCC”, you may view the status of the IoTEdge security manager using the command: +If it lists the **edgeAgent** and **edgeHub** containers, but doesn't include **MCC**, view the status of the IoT Edge security manager using the command: ```bash sudo journalctl -u iotedge -f ``` -For example, this command provides the current status of the starting, stopping of a container, or the container pull and start as is shown in the sample below: +For example, this command provides the current status of the starting and stopping of a container, or the container pull and start: -![iMCC img27](images/imcc27.png) +:::image type="content" source="images/imcc27.png" alt-text="Terminal output of journalctl command for iotedge."::: ### Verify server side It can take a few minutes for the container to deploy. -For a validation of properly functioning MCC, run the following command in the terminal of the cache server or any device in the network. Replace \ with the IP address of the cache server. +To validate a properly functioning MCC, run the following command in the terminal of the cache server or any device in the network. Replace `` with the IP address of the cache server. ```bash wget http:///mscomtest/wuidt.gif?cacheHostOrigin=au.download.windowsupdate.com ``` -A successful test result will look like this: +The following screenshot shows a successful test result: -![iMCC img28](images/imcc28.png) +:::image type="content" source="images/imcc28.png" alt-text="Terminal output of successful test result with wget command to validate a MCC."::: -Similarly, enter the following URL into a web browser on the network: +Similarly, enter the following URL into a web browser on any device on the network: ```http http:///mscomtest/wuidt.gif?cacheHostOrigin=au.download.windowsupdate.com ``` -If the test fails, see the [common issues](#common-issues) section below for more information. +If the test fails, for more information, see the [common issues](#common-issues) section. ## Common Issues > [!NOTE] -> Consult the [IoT Edge troubleshooting guide](/azure/iot-edge/troubleshoot) for any issues you may encounter configuring IoT Edge. A few common issues are listed below. +> This section only lists common issues. For more information on additional issues you may encounter when configuring IoT Edge, see the [IoT Edge troubleshooting guide](/azure/iot-edge/troubleshoot). -Use the following command to check the IoT Edge Journal: +Use the following command to check the IoT Edge journal: ```bash -sudo journalctl -u iotedge –f +sudo journalctl -u iotedge -f ``` -## DNS needs to be configured +### DNS needs to be configured -Run the following IoT Edge setup/install state check: +Run the following IoT Edge install state check: ```bash sudo iotedge check --verbose ``` -If you see issues with ports 5671, 443, and 8883 similar to the screenshot below, it means that your IoT Edge device needs to update the DNS for Docker. +If you see issues with ports 5671, 443, and 8883, your IoT Edge device needs to update the DNS for Docker. -![iMCC img29](images/imcc29.png) +To configure the device to work with your DNS, use the following steps: -Follow the steps below to configure the device to work with your DNS: - -1. Use ifconfig to find appropriate NIC adapter name. +1. Use `ifconfig` to find the appropriate NIC adapter name. ```bash - ifconfig​ + ifconfig ``` -2. Run nmcli device show \ to show you the DNS name for Ethernet adapter. For example to show DNS - information for eno1: + +1. Run `nmcli device show ` to show the DNS name for the ethernet adapter. For example, to show DNS information for **eno1**: ```bash nmcli device show eno1 - ``` - - ![iMCC img30](images/imcc30.png) - -3. Open/create the Docker configuration file used to configure the DNS server - - ```bash - sudo nano /etc/docker/daemon.json​ ``` -4. Paste the following into the daemon.json file (In the example above IP4.DNS[1] is used) + :::image type="content" source="images/imcc30.png" alt-text="Sample output of nmcli command to show network adapter information."::: + +1. Open or create the Docker configuration file used to configure the DNS server. + + ```bash + sudo nano /etc/docker/daemon.json + ``` + +1. Paste the following string into the **daemon.json** file, and include the appropriate DNS server address. For example, in the previous screenshot, `IP4.DNS[1]` is `10.50.10.50`. ```bash { "dns": ["x.x.x.x"]} ``` -5. Save the file changes to daemon.json. **Note**: You might need to change permissions on this file. For example: + +1. Save the changes to daemon.json. If you need to change permissions on this file, use the following command: ```bash - sudo chmod 555 /etc/docker/daemon.json​ + sudo chmod 555 /etc/docker/daemon.json ``` -6. Restart Docker (to pick up the new DNS) and restart IoTEdge - +1. Restart Docker to pick up the new DNS setting. Then restart IoT Edge. + ```bash - sudo systemctl restart dockersudo systemctl daemon-reloadsudo restart IoTEdge + sudo systemctl restart docker + sudo systemctl daemon-reload + sudo restart IoTEdge ``` -## Diagnostics Script +### Diagnostics script -If you're having issues with your MCC, we included a diagnostics script which will collect all your logs and zip them into a single file. You can then send us these logs via email for the MCC team to debug. +If you're having issues with your MCC, the installer file includes a diagnostics script. The script collects all logs and zips them into a single file. You can then email these logs to Microsoft. -To run this script: +To run the script: -1. Navigate to the following folder in the MCC installation files: +1. Navigate to the following folder in the MCC installation files: -**mccinstaller** \> **MccResourceInstall** \> **Diagnostics** + `mccinstaller > MccResourceInstall > Diagnostics` -2. Run the following commands: +1. Run the following commands: ```bash sudo chmod +x collectMccDiagnostics.sh sudo ./collectMccDiagnostics.sh ``` -3. The script stores all the debug files into a folder and the creates a tar file. After the script is finished running, it will output the path of the tar file that you can share with the MCC team. The file should be **/etc/mccdiagnostics/support_bundle_\$timestamp.tar.gz**. -4. [Email the MCC team](mailto:msconnectedcache@microsoft.com?subject=Debugging%20Support%20Request%20for%20MCC) and attach this tar file, asking for debugging support. Screenshots of the error along with any other warnings you saw will be helpful during out debugging process. +1. The script stores all the debug files into a folder and creates a tar file. After the script is finished running, it displays the path of the tar file that you can share with the MCC team. The file should be `/etc/mccdiagnostics/support_bundle_\$timestamp.tar.gz` + +1. [Email the MCC team](mailto:msconnectedcache@microsoft.com?subject=Debugging%20Support%20Request%20for%20MCC) and attach this tar file, asking for debugging support. Screenshots of the error along with any other warnings you saw will be helpful during the debugging process. ## Updating your MCC -Throughout the private preview phase, we will send you security and feature updates for MCC. Please follow these steps to perform the update. +Throughout the private preview phase, Microsoft will release security and feature updates for MCC. Follow these steps to update your MCC. -Run the following commands with the **arguments** we provided in the email to update your MCC: +Run the following commands, replacing the variables with the values provided in the email to update your MCC: ```bash sudo chmod +x updatemcc.sh sudo chmod +x installIoTEdge.sh -sudo ./updatemcc.sh version="\<**VERSION**\>" tenantid="\<**TENANTID**\>" customerid="\<**CUSTOMERID**\>" cachenodeid="\<**CACHENODEID**\>" customerkey="\<**CUSTOMERKEY**\>" +sudo ./updatemcc.sh version="" tenantid="" customerid="" cachenodeid="" customerkey="" ``` For example: + ```bash -sudo ./updatemcc.sh version="msconnectedcacheprod.azurecr.io/mcc/linux/iot/mcc-ubuntu-iot-amd64:1.2.1.981" tenantid="799a999aa-99a1-99aa-99aa-9a9aa099db99" customerid="99a999aa-99a1-99aa-99aa-9aaa9aaa0saa" cachenodeid=" aa99aaaa-999a-9aas-99aa99daaa99 " customerkey="a99d999a-aaaa-aa99-0999aaaa99aa” +sudo ./updatemcc.sh version="msconnectedcacheprod.azurecr.io/mcc/linux/iot/mcc-ubuntu-iot-amd64:1.2.1.981" tenantid="799a999aa-99a1-99aa-99aa-9a9aa099db99" customerid="99a999aa-99a1-99aa-99aa-9aaa9aaa0saa" cachenodeid=" aa99aaaa-999a-9aas-99aa99daaa99 " customerkey="a99d999a-aaaa-aa99-0999aaaa99aa" ``` +### Configure BGP on an Existing MCC + +If you have a MCC that's already active and running, follow the steps below to configure BGP. + +1. Run the Update commands as described above. + +1. Sign in with your Azure credentials using the device code. + +1. To finish configuring your MCC with BGP routing, continue from Step 10 of [Steps to Install MCC](#steps-to-install-mcc). + ## Uninstalling MCC -In the zip file, you'll find the file **uninstallmcc.sh** which uninstalls MCC and all the related components. Please contact the MCC Team before running this script and only run this script if you're facing issues with MCC installation. **Exercise caution before running this script as existing IoT workflows in this VM will also be erased.** +In the installer zip file, you'll find the file **uninstallmcc.sh**. This script uninstalls MCC and all the related components. Before you run this script, contact the MCC team. Only run it if you're facing issues with MCC installation. -The **uninstallmcc.sh** script will remove the following: +> [!WARNING] +> Be cautious before running this script. It will also erase existing IoT workflows in this VM. + +The **uninstallmcc.sh** script removes the following components: - IoT Edge - Edge Agent - Edge Hub - MCC - Moby CLI -- Moby Engine +- Moby engine -To run the script, enter the following commands: +To run the script, use the following commands: ```bash sudo chmod +x uninstallmcc.sh sudo ./uninstallmcc.sh ``` + ## Appendix -### Steps to obtain an Azure Subscription ID +### Steps to obtain an Azure subscription ID -1. Sign in to https://portal.azure.com/ and navigate to the Azure services section. -2. Click on **Subscriptions**. If you don't see **Subscriptions**, click on the **More Services** arrow and search for **Subscriptions**. -3. If you already have an Azure Subscription, skip to step 5. If you don't have an Azure Subscription, select **+ Add** on the top left. -4. Select the **Pay-As-You-Go** subscription. You'll be asked to enter credit card information, but you'll not be charged for using the MCC service. -5. On the **Subscriptions** blade, you'll find details about your current subscription. Click on the subscription name. -6. After you select the subscription name, you'll find the subscription ID in the **Overview** tab. Click on the **Copy to clipboard** icon next to your Subscription ID to copy the value. +1. Sign in to the [Azure portal](https://portal.azure.com/) and go to the **Azure services** section. -### Performance of MCC in Hypervisor environments +2. Select **Subscriptions**. If you don't see **Subscriptions**, select the **More Services** arrow and search for **Subscriptions**. -We have observed in hypervisor environments the cache server peak egress at around 1.1 Gbps. If you wish to maximize the egress in hypervisor environments it is critical to make two settings changes. +3. If you already have an Azure subscription, skip to step 5. If you don't have an Azure Subscription, select **+ Add** on the top left. -1. Enable **SR-IOV** in the BIOS AND enable **SR-IOV** in the NIC properties, and finally, enable **SR-IOV** in the hypervisors for the MCC VM. Microsoft has found these settings to double egress when using a Microsoft Hyper-V deployment. +4. Select the **Pay-As-You-Go** subscription. You'll be asked to enter credit card information, but you won't be charged for using the MCC service. -2. Enable “high performance” in the BIOS as opposed to energy savings. Microsoft has found this setting nearly doubled egress a Microsoft Hyper-V deployment. +5. On the **Subscriptions** section, you'll find details about your current subscription. Select the subscription name. + +6. After you select the subscription name, you'll find the subscription ID in the **Overview** tab. To copy the value, select the **Copy to clipboard** icon next to your subscription ID. + +### Performance of MCC in virtual environments + +In virtual environments, the cache server egress peaks at around 1.1 Gbps. If you want to maximize the egress in virtual environments, it's critical to change the following two settings: + +1. Enable **SR-IOV** in the following three locations: + + - The BIOS of the MCC VM + - The MCC VM's network card properties + - The hypervisor for the MCC VM + + Microsoft has found these settings to double egress when using a Microsoft Hyper-V deployment. + +2. Enable "high performance" in the BIOS instead of energy savings. Microsoft has found this setting nearly doubled egress in a Microsoft Hyper-V deployment. + +### Grant other users access to manage your MCC + +More users can be given access to manage Microsoft Connected Cache, even if they don't have an Azure account. Once you've created the first cache node in the portal, you can add other users as **Owners** of the Microsoft Connected Cache resource group and the Microsoft Connected Cache resource. + +For more information on how to add other users as an owner, see [Grant a user access to Azure resources using the Azure portal](/azure/role-based-access-control/quickstart-assign-role-user-portal). Make sure to do this action for both the _MCC resource_ and _MCC resource group_. ### Setting up a VM on Windows Server You can use hardware that will natively run Ubuntu 20.04 LTS, or you can run an Ubuntu VM. The following steps describe how to set up a VM on Hyper-V. -1. Download the ISO. You can use either Ubuntu Desktop or Ubuntu Server. +1. Download the ISO. You can use either Ubuntu Desktop or Ubuntu Server. - 1. [Download Ubuntu Desktop](https://ubuntu.com/download/desktop) - 2. [Download Ubuntu Server](https://mirror.cs.jmu.edu/pub/ubuntu-iso/20.04.2/ubuntu-20.04.2-live-server-amd64.iso) + - [Download Ubuntu Desktop](https://ubuntu.com/download/desktop) + - [Download Ubuntu Server](https://mirror.cs.jmu.edu/pub/ubuntu-iso/20.04.2/ubuntu-20.04.2-live-server-amd64.iso) -2. Start the **New Virtual Machine Wizard**, give your VM a name, and choose a location. - - ![iMCC img31](images/imcc31.png) - ![iMCC img32](images/imcc32.png) +1. Start the **New Virtual Machine Wizard** in Hyper-V. -3. Choose a **Generation 2** VM, and specify the startup memory. You can't change the VM generation 2 later. - - ![iMCC img33](images/imcc33.png) - ![iMCC img34](images/imcc34.png) + :::image type="content" source="images/imcc31.png" alt-text="The Before You Begin page of the Hyper-V New Virtual Machine Wizard."::: -4. Choose the network adapter. - - ![iMCC img35](images/imcc35.png) +1. Specify a name and choose a location. -5. Set the virtual hard disk parameters. You should specify enough space for the OS and the content that will be cached. That example below allocates one terabyte. - - ![iMCC img36](images/imcc36.png) + :::image type="content" source="images/imcc32.png" alt-text="The Specify Name and Location page of the Hyper-V New Virtual Machine Wizard."::: -6. Install from the ISO for Ubuntu 20.04 LTS that you downloaded. - - ![iMCC img37](images/imcc37.png) +1. Select **Generation 2**. You can't change this setting later. -7. Finish the creation of the Ubuntu VM. - - ![iMCC img38](images/imcc38.png) + :::image type="content" source="images/imcc33.png" alt-text="The Specify Generation page of the Hyper-V New Virtual Machine Wizard."::: -8. Before you start the Ubuntu VM make sure secure boot is **disabled** and that you have allocated multiple cores to the VM. The example below has allocated 12, but your configuration may vary. - - ![iMCC img39](images/imcc39.png) - ![iMCC img40](images/imcc40.png) - ![iMCC img41](images/imcc41.png) +1. Specify the startup memory. -9. Start the VM and choose the option that will Install Ubuntu. Choose your default language. - - ![iMCC img42](images/imcc42.png) - ![iMCC img43](images/imcc43.png) + :::image type="content" source="images/imcc34.png" alt-text="The Assign Memory page of the Hyper-V New Virtual Machine Wizard."::: -10. Choose the options you wish for installing updates and third party hardware. In the example below, we have chosen to download updates and install - third party software drivers. - - ![iMCC img44](images/imcc44.png) +1. Choose the network adapter connection. -11. If you had a previous version of Ubuntu installed, we recommend erasing and installing Ubuntu 16.04. Choose your time zone, and keyboard layout. - - ![iMCC img45](images/imcc45.png) - ![iMCC img46](images/imcc46.png) - ![iMCC img47](images/imcc47.png) - ![iMCC img48](images/imcc48.png) + :::image type="content" source="images/imcc35.png" alt-text="The Configure Networking page of the Hyper-V New Virtual Machine Wizard."::: -12. Choose your username, a name for your computer, and a password. Remember, everything is case sensitive in Linux. You'll be asked to reboot in order to complete the installation. - - ![iMCC img49](images/imcc49.png) - ![iMCC img50](images/imcc50.png) +1. Set the virtual hard disk parameters. You should specify enough space for the OS and the content that will be cached. For example, `1024` GB is 1 terabyte. -13. **Important**: When prompted with the option to upgrade, decline. + :::image type="content" source="images/imcc36.png" alt-text="The Connect Virtual Hard Disk page of the Hyper-V New Virtual Machine Wizard."::: - ![iMCC img51](images/imcc51.png) - ![iMCC img52](images/imcc52.png) +1. Select **Install an OS from a bootable image file** and browse to the ISO for Ubuntu 20.04 LTS that you previously downloaded. -Your Ubuntu VM should now be ready to [Install MCC](#install-mcc). + :::image type="content" source="images/imcc37.png" alt-text="The Installation Options page of the Hyper-V New Virtual Machine Wizard."::: + +1. Review the settings and select **Finish** to create the Ubuntu VM. + + :::image type="content" source="images/imcc38.png" alt-text="Completing the New Virtual Machine Wizard on Hyper-V."::: + +1. Before you start the Ubuntu VM, disable **Secure Boot** and allocate multiple cores to the VM. + + 1. In Hyper-V Manager, open the **Settings** for the VM. + + :::image type="content" source="images/imcc39.png" alt-text="Open Settings for a VM in Hyper-V Manager."::: + + 1. Select **Security**. Disable the option to **Enable Secure Boot**. + + :::image type="content" source="images/imcc40.png" alt-text="Security page of VM settings in Hyper-V Manager."::: + + 1. Select **Processor**. Increase the number of virtual processors. This example shows `12`, but your configuration may vary. + + :::image type="content" source="images/imcc41.png" alt-text="Processor page of VM settings in Hyper-V Manager."::: + +1. Start the VM and select **Install Ubuntu**. + + :::image type="content" source="images/imcc42.png" alt-text="GNU GRUB screen, select Install Ubuntu."::: + +1. Choose your default language. + + :::image type="content" source="images/imcc43.png" alt-text="Ubuntu install, Welcome page, select language."::: + +1. Choose the options for installing updates and third party hardware. For example, download updates and install third party software drivers. + +1. Select **Erase disk and install Ubuntu**. If you had a previous version of Ubuntu installed, we recommend erasing and installing Ubuntu 16.04. + + :::image type="content" source="images/imcc45.png" alt-text="Ubuntu install, Installation type page, Erase disk and install Ubuntu."::: + + Review the warning about writing changes to disk, and select **Continue**. + + :::image type="content" source="images/imcc46.png" alt-text="Ubuntu install, 'Write the changes to disks' warning."::: + +1. Choose the time zone. + + :::image type="content" source="images/imcc47.png" alt-text="Ubuntu install, 'Where are you page' to specify time zone."::: + +1. Choose the keyboard layout. + + :::image type="content" source="images/imcc48.png" alt-text="Ubuntu install, Keyboard layout page."::: + +1. Specify your name, a name for the computer, a username, and a strong password. Select the option to **Require my password to log in**. + + > [!TIP] + > Everything is case sensitive in Linux. + + :::image type="content" source="images/imcc50.png" alt-text="Ubuntu install, 'Who are you' screen."::: + +1. To complete the installation, select **Restart now**. + + :::image type="content" source="images/imcc51.png" alt-text="Ubuntu install, installation complete, restart now."::: + +1. After the computer restarts, sign in with the username and password. + + > [!IMPORTANT] + > If it shows that an upgrade is available, select **Don't upgrade**. + > + > :::image type="content" source="images/imcc52.png" alt-text="Ubuntu install, Upgrade Available prompt, Don't Upgrade."::: + +Your Ubuntu VM is now ready to [Install MCC](#install-mcc). ### IoT Edge runtime -The Azure IoT Edge runtime enables custom and cloud logic on IoT Edge devices. The runtime sits on the IoT Edge device, and performs management and communication operations. The runtime performs several functions: +The Azure IoT Edge runtime enables custom and cloud logic on IoT Edge devices. The runtime sits on the IoT Edge device, and does management and communication operations. The runtime does the following functions: -- Installs and update workloads (Docker containers) on the device. -- Maintains Azure IoT Edge security standards on the device. -- Ensures that IoT Edge modules (Docker containers) are always running. -- Reports module (Docker containers) health to the cloud for remote - monitoring. -- Manages communication between an IoT Edge device and the cloud. +- Installs and updates workloads (Docker containers) on the device. +- Maintains Azure IoT Edge security standards on the device. +- Makes sure that IoT Edge modules (Docker containers) are always running. +- Reports module (Docker containers) health to the cloud for remote monitoring. +- Manages communication between an IoT Edge device and the cloud. -For more information on Azure IoT Edge, please see the [Azure IoT Edge documentation](/azure/iot-edge/about-iot-edge). +For more information on Azure IoT Edge, see the [Azure IoT Edge documentation](/azure/iot-edge/about-iot-edge). -## Also see +## Related articles + +[Microsoft Connected Cache for enterprise and education](mcc-enterprise.md) -[Microsoft Connected Cache for Enterprise and Education](mcc-enterprise.md)
[Introducing Microsoft Connected Cache](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/introducing-microsoft-connected-cache-microsoft-s-cloud-managed/ba-p/963898) diff --git a/windows/deployment/planning/windows-10-deprecated-features.md b/windows/deployment/planning/windows-10-deprecated-features.md index febbb80275..af0aa65af5 100644 --- a/windows/deployment/planning/windows-10-deprecated-features.md +++ b/windows/deployment/planning/windows-10-deprecated-features.md @@ -40,7 +40,7 @@ The features described below are no longer being actively developed, and might b | Dynamic Disks | The [Dynamic Disks](/windows/win32/fileio/basic-and-dynamic-disks#dynamic-disks) feature is no longer being developed. This feature will be fully replaced by [Storage Spaces](/windows-server/storage/storage-spaces/overview) in a future release.| 2004 | | Language Community tab in Feedback Hub | The Language Community tab will be removed from the Feedback Hub. The standard feedback process: [Feedback Hub - Feedback](feedback-hub://?newFeedback=true&feedbackType=2) is the recommended way to provide translation feedback. | 1909 | | My People / People in the Shell | My People is no longer being developed. It may be removed in a future update. | 1909 | -| Package State Roaming (PSR) | PSR will be removed in a future update. PSR allows non-Microsoft developers to access roaming data on devices, enabling developers of UWP applications to write data to Windows and synchronize it to other instantiations of Windows for that user.
 
The recommended replacement for PSR is [Azure App Service](/azure/app-service/). Azure App Service is widely supported, well documented, reliable, and supports cross-platform/cross-ecosystem scenarios such as iOS, Android and web. | 1909 | +| Package State Roaming (PSR) | PSR will be removed in a future update. PSR allows non-Microsoft developers to access roaming data on devices, enabling developers of UWP applications to write data to Windows and synchronize it to other instantiations of Windows for that user.
 
The recommended replacement for PSR is [Azure App Service](/azure/app-service/). Azure App Service is widely supported, well documented, reliable, and supports cross-platform/cross-ecosystem scenarios such as iOS, Android and web.
 
PSR was removed in Windows 11.| 1909 | | XDDM-based remote display driver | Starting with this release, the Remote Desktop Services uses a Windows Display Driver Model (WDDM) based Indirect Display Driver (IDD) for a single session remote desktop. The support for Windows 2000 Display Driver Model (XDDM) based remote display drivers will be removed in a future release. Independent Software Vendors that use an XDDM-based remote display driver should plan a migration to the WDDM driver model. For more information on implementing remote display indirect display driver, check out [Updates for IddCx versions 1.4 and later](/windows-hardware/drivers/display/iddcx1.4-updates). | 1903 | | Taskbar settings roaming | Roaming of taskbar settings is no longer being developed and we plan to remove this capability in a future release. | 1903 | | Wi-Fi WEP and TKIP | Since the 1903 release, a warning message has appeared when connecting to Wi-Fi networks secured with WEP or TKIP (which are not as secure as those using WPA2 or WPA3). In a future release, any connection to a Wi-Fi network using these old ciphers will be disallowed. Wi-Fi routers should be updated to use AES ciphers, available with WPA2 or WPA3. | 1903 | diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-network-unlock-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-network-unlock-issues.md index f5f495064d..a7b6b17446 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-network-unlock-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-network-unlock-issues.md @@ -12,7 +12,6 @@ manager: kaushika audience: ITPro ms.collection: Windows Security Technologies\BitLocker ms.topic: troubleshooting -ms.date: 10/7/2019 ms.custom: bitlocker --- @@ -36,7 +35,11 @@ You can use the following steps on computers that have either x64 or x32 UEFI sy 1. Open an elevated Command Prompt window and run the following command: ```cmd - manage-bde protectors get + manage-bde -protectors -get + ``` + + ```cmd + manage-bde -protectors -get C: ``` where \<*Drive*> is the drive letter, followed by a colon (:), of the bootable drive. @@ -86,4 +89,4 @@ For more information about DHCP and BitLocker Network Unlock, see [BitLocker: Ho ### Resolution -To resolve this issue, change the configuration of the DHCP server by changing the **DHCP** option from **DHCP and BOOTP** to **DHCP**. \ No newline at end of file +To resolve this issue, change the configuration of the DHCP server by changing the **DHCP** option from **DHCP and BOOTP** to **DHCP**. diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md index 8024e0f03b..c48dac6be9 100644 --- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md +++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md @@ -15,7 +15,6 @@ ms.reviewer: isbrahm ms.author: dansimp manager: dansimp ms.topic: conceptual -ms.date: 10/14/2020 ms.technology: windows-sec --- @@ -30,26 +29,26 @@ ms.technology: windows-sec > [!NOTE] > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). -The Windows Defender Application Control (WDAC) policy Wizard is an open-source Windows desktop application written in C# and bundled as an MSIX package. The Wizard was built to provide security architects with security, and system administrators with a more user-friendly means to create, edit, and merge WDAC policies. The Wizard desktop application uses the [ConfigCI PowerShell Cmdlets](/powershell/module/configci) in the backend so the output policy of the Wizard and PowerShell cmdlets is identical. +The Windows Defender Application Control (WDAC) policy wizard is an open-source Windows desktop application written in C# and bundled as an MSIX package. The wizard was built to provide security architects with security, and system administrators with a more user-friendly means to create, edit, and merge WDAC policies. The wizard desktop application uses the [ConfigCI PowerShell Cmdlets](/powershell/module/configci) in the backend so the output policy of the wizard and PowerShell cmdlets is identical. ## Downloading the application -The WDAC Wizard can be downloaded from the official [Wizard installer website](https://bit.ly/3koHwYs) as an MSIX packaged application. The Wizard's source code is available as part of Microsoft's Open Source Software offerings on GitHub at the [WDAC Wizard Repo](https://github.com/MicrosoftDocs/WDAC-Toolkit). +The WDAC wizard can be downloaded from the official [WDAC Wizard installer website](https://webapp-wdac-wizard.azurewebsites.net) as an MSIX packaged application. The wizard's source code is available as part of Microsoft's Open Source Software offerings on GitHub at the [WDAC Wizard Repo](https://github.com/MicrosoftDocs/WDAC-Toolkit). **Supported Clients** -As the WDAC Wizard uses the cmdlets in the background, the Wizard is functional on clients only where the cmdlets are supported as outlined in [WDAC feature availability](feature-availability.md). Specifically, the tool will verify that the client meets one of the following requirements: +As the WDAC wizard uses the cmdlets in the background, the wizard is functional on clients only where the cmdlets are supported as outlined in [WDAC feature availability](feature-availability.md). Specifically, the tool will verify that the client meets one of the following requirements: - Windows builds 1909+ - For pre-1909 builds, the Enterprise SKU of Windows is installed -If neither requirement is satisfied, the Wizard will throw an error as the cmdlets are not available. +If neither requirement is satisfied, the wizard will throw an error as the cmdlets are not available. -## In this section +## Resources to learn more | Topic | Description | | - | - | | [Creating a new base policy](wdac-wizard-create-base-policy.md) | This article describes how to create a new base policy using one of the supplied policy templates. | | [Creating a new supplemental policy](wdac-wizard-create-supplemental-policy.md) | This article describes the steps necessary to create a supplemental policy, from one of the supplied templates, for an existing base policy. | -| [Editing a base or supplemental policy](wdac-wizard-editing-policy.md) | This article demonstrates how to modify an existing policy and the Wizard's editing capabilities. | -| [Merging policies](wdac-wizard-merging-policies.md) | This article describes how to merge policies into a single application control policy. | \ No newline at end of file +| [Editing a base or supplemental policy](wdac-wizard-editing-policy.md) | This article demonstrates how to modify an existing policy and the wizard's editing capabilities. | +| [Merging policies](wdac-wizard-merging-policies.md) | This article describes how to merge policies into a single application control policy. |