Merge pull request #306475 from SoniaLopezBravo/howto-iot-ops-clone

v-ccolin · web-flow · commit 7e959a013497 · 2025-10-06T15:36:35.000+01:00
Adding how to clone an AIO instance
diff --git a/articles/iot-operations/deploy-iot-ops/howto-clone-instance.md b/articles/iot-operations/deploy-iot-ops/howto-clone-instance.md
@@ -0,0 +1,140 @@
+---
+title: Clone an IoT Operations instance
+description: Use the Azure CLI to clone your Azure IoT Operations instances.
+author: SoniaLopezBravo
+ms.author: sonialopez
+ms.topic: how-to
+ms.date: 10/02/2025
+
+#CustomerIntent: As an IT professional, I want to know how to clone an IoT Operations instance so that I can create a copy of my existing instance for testing or backup purposes.
+---
+
+# Clone an IoT Operations instance (preview)
+
+You can clone an existing Azure IoT Operations instance to create a new instance with the same configuration and settings. Cloning is useful for creating a backup of your instance or for setting up a new instance with the same configuration for testing or development purposes.
+
+Use-case scenarios for clone include:
+
+- **Disaster recovery**: Create a backup of your Azure IoT Operations instance that can be used to restore the instance if there's a disaster.
+- **Testing and development**: Set up a new Azure IoT Operations instance with the same configuration as an existing instance for testing or development purposes.
+- **Migration**: Move your Azure IoT Operations instance to a new cluster or resource group by cloning the instance to the new location.
+- **Scaling**: Create multiple instances of your Azure IoT Operations instance to handle increased workload or to distribute the load across multiple instances.
+
+> [!NOTE]
+> The clone feature is in preview and under development.
+
+## Prerequisites
+
+* An Azure IoT Operations instance deployed to a cluster. For more information, see [Deploy Azure IoT Operations](./howto-deploy-iot-operations.md).
+
+* Azure CLI installed on your development machine. This scenario requires Azure CLI version 2.53.0 or higher. Use `az --version` to check your version and `az upgrade` to update if necessary. For more information, see [How to install the Azure CLI](/cli/azure/install-azure-cli).
+
+* The Azure IoT Operations extension for Azure CLI. Clone is currently compatible with the following IoT Operations instance version range: `1.0.34>=,<1.2.0`. Use the following command to update or install the extension. Replace `<VERSION_NUMBER>` with a version that is compatible with your instance.
+
+    ```azurecli
+    az extension add --upgrade --name azure-iot-ops --version <VERSION_NUMBER>
+    ```
+
+## Clone command overview
+
+Use the [`az iot ops clone`](/cli/azure/iot/ops#az-iot-ops-clone) command to create a new Azure IoT Operations instance based on an existing one.
+
+The `clone` command analyzes an Azure IoT Operations instance and reproduces it in an infrastructure-as-code manner via ARM templates. You can apply the output of clone to another connected cluster, which is referred to as replication. You can also save the clone to a local directory for later use and perform some configuration changes before applying it to a cluster.
+
+The clone operation consists of three main components: the model, which is the source instance, the target, which is the destination instance, and the template. The following diagram illustrates the clone flow. The `clone` command analyzes the source instance and replicates it via IaC/ARM template. The replicated definition is applied to one or more destination clusters.
+
+:::image type="content" source="./media/howto-clone-instance/clone-flow.png" alt-text="A diagram of a subset of all instance related resources. showing how the clone command works for Azure IoT Operations instances. ":::
+
+### Clone model
+
+The model is the instance you are cloning from. It is the source of truth for the clone operation. To identify the model, enter the following parameters:
+
+- `--name/-n`: The model instance name.
+- `--resource-group/-g`: The resource group that contains the model instance.
+
+### Clone target
+
+The target is where you want to replicate or save the clone definition. You can apply a clone to one, all, or no targets. If you don't provide any target options, the process terminates after outputting a summary of in-scope resources. To identify the target, enter one of the following parameters:
+
+- `--to-cluster-id`: Provide the full Azure resource ID of the target cluster where you want to replicate the cloned instance. When you use this option, the clone command deploys the version of Azure IoT Operations specified in the clone definition to the target cluster, and then applies all relevant resources to complete the deployment. Automatic federation of user-assigned managed identity (UAMI) credentials is currently supported only when cloning to a cluster target.
+
+- `--to-dir`: Provide a local directory path to replicate the clone definition to disk, where it can be deployed with existing ARM deployment tools with or without modification. If you inspect the clone definition, you see various parameterization in play to ease some customization.
+
+> [!IMPORTANT]
+> When selecting a target resource group, consider using a resource group that doesn't contain an existing IoT Operations installation and is separate from the model's resource group. By default, the clone definition preserves resource names from the model instance. If the target and model share the same resource group and you change the custom location, resource name conflicts may occur.
+
+### Clone template
+
+The clone command generates an ARM template that describes the resources to be created in the target. The template is generated based on the resources in the model instance and their configuration. Enter the following optional parameters to customize the template:
+
+#### Clone template customization parameters
+
+You can use the following optional parameters to customize the generated ARM template:
+
+- `--mode`: Specifies how sub-deployments are organized in the template.  
+  - When `nested` mode is used (the default), all sub-deployments are self-contained within the root deployment file.  
+  - When `linked` mode is used, asset-related sub-deployments are split out and stored as separate files, which are then linked by the root deployment. Use `linked` mode if your instance contains a large number of namespace devices, namespace assets, root assets, and asset endpoint profiles to improve scalability and manageability. You don't need to specify this parameter unless you require this separation for large deployments.
+
+- `--param`: Allows you to override built-in default parameters, such as `location`, `instanceName`, or `adrNamespaceId`, using the format `key=value`. Use `--help` to display the full list of keys. 
+
+## Clone an instance
+
+To clone an instance, use the `az iot ops clone` command with the appropriate parameters to specify the source instance and the target location.
+
+1. Before you begin, set your default subscription to the same subscription the model instance is in. Otherwise, you need to append `--subscription` every time you run an `az iot ops clone` command.
+
+    ```azurecli
+    az account set -s $MODEL_SUBSCRIPTION_ID
+    ```
+
+1. To get your cluster resource ID, run:
+
+    ```azurecli
+    az resource show --name <CLUSTER_NAME> --resource-group <RESOURCE_GROUP> --resource-type "Microsoft.Kubernetes/connectedClusters" --query id --output tsv
+    ```
+
+1. To clone an instance and replicate to a target arc-connected cluster using default options, run:
+
+    ```azurecli
+    az iot ops clone --name <INSTANCE_NAME> --resource-group <RESOURCE_GROUP> --to-cluster-id <CLUSTER_ID> 
+    ```
+
+1. To customize the replication to another cluster, use `--param` and specify the parameters you want to change in the format `key=value`. For example, to change the location of the cloned instance, run:
+
+    ```azurecli
+    az iot ops clone --name <INSTANCE_NAME> --resource-group <RESOURCE_GROUP> --to-cluster-id <CLUSTER_ID> --param location=eastus
+    ```
+
+1. To clone an instance to a local disk, use the `--to-dir` parameter to specify the directory where you want to save the clone definition. This option produces a standard ARM template to be manipulated or deployed at your discretion.
+
+    ```azurecli
+    az iot ops clone --name <INSTANCE_NAME> --resource-group <RESOURCE_GROUP> --to-dir <DIRECTORY>
+    ```
+
+    > [!TIP]
+    > To clone an instance to the current directory, run `--to-dir .`
+
+1. To clone and replicate an instance to a target cluster and save to file in the same operation, run: 
+
+    ```azurecli
+    az iot ops clone --name <INSTANCE_NAME> --resource-group <RESOURCE_GROUP> --to-cluster-id <CLUSTER_ID> --to-dir <DIRECTORY>
+    ```   
+
+1. To clone an instance to a cluster, but splitting and serially applying asset related sub-deployments, use `--mode linked.` The parameter offers the highest degree of scale when the model instance contains a significant number of asset related resources.
+
+    ```azurecli
+    az iot ops clone --name <INSTANCE_NAME> --resource-group <RESOURCE_GROUP> --to-cluster-id <CLUSTER_ID> --mode linked
+    ```
+
+1. To clone an instance to disk in linked mode, where each linked asset and/or asset endpoint profile template can be deployed separately from the root template.
+
+    ```azurecli
+    az iot ops clone --name <INSTANCE_NAME> --resource-group <RESOURCE_GROUP> --to-dir . --mode linked
+    ```
+
+## Considerations and limitations
+
+- Automatic identity federation is currently supported with `--to-cluster-id` option only.
+- Resource sync rules aren't captured.
+- While the required role assignment between the IoT Operations system managed identity and target schema registry is handled by clone, any other system managed identity role assignments aren't covered.
+- Clone is a cloud-side operation. The cluster isn't directly interacted with. Cluster secrets are synced from cloud via secure settings, which encompass secret provider classes and secret sync cloud resources. If the model cluster has user created elements such as configmaps that are referenced in the model IoT Operations solution, those elements need to be re-applied against the target cluster.
diff --git a/articles/iot-operations/deploy-iot-ops/howto-manage-update-uninstall.md b/articles/iot-operations/deploy-iot-ops/howto-manage-update-uninstall.md
@@ -4,7 +4,7 @@ description: Use the Azure CLI or Azure portal to manage your Azure IoT Operatio
 author: SoniaLopezBravo
 ms.author: sonialopez
 ms.topic: how-to
-ms.date: 05/20/2025
+ms.date: 10/02/2025
 ms.custom:
   - devx-track-azurecli
   - sfi-image-nochange
@@ -139,7 +139,7 @@ You can also view the details of an existing namespace in the resource group tha
 
 The previous screenshot also shows the other resources in Azure Device Registry such as the **IoT Schema Registry**, **IoT Namespace Assets**, and **Devices** in the context of the resource group that contains your Azure IoT Operations instance.
 
-#### Migrate existing assets to namespace assets
+### Migrate existing assets to namespace assets
 
 If you have existing assets in your Azure IoT Operations instance that you want to move to a namespace, you can use the `az iot ops migrate-assets` command. This command migrates top-level (or root-level) assets to namespace assets in Azure Device Registry. 
 
@@ -166,62 +166,17 @@ To migrate all root assets associated with an instance that match glob-style pat
 az iot ops migrate-assets -n <INSTANCE_NAME> --resource-group <RESOURCE_GROUP> --pattern asset-pl-* asset-eng?-01
 ```
 
-> [!IMPORTANT]    
-> Before migrating assets, make sure to take a snapshot of your instance using the `az iot ops clone` command. This allows you to restore your instance to its previous state if needed. 
+> [!IMPORTANT]
+> Before migrating assets, make sure to take a snapshot of your instance using the [`az iot ops clone`](/cli/azure/iot/ops#az-iot-ops-clone) command. This allows you to restore your instance to its previous state if needed. For more information, see [Clone an IoT Operations instance](./howto-clone-instance.md).
 
 Once the migration is complete, you can use `az iot ops ns asset` and `az iot ops ns device` commands to manage the namespace assets and devices in your Azure IoT Operations instance. 
 
-
 ### Configure connector templates
 
 In the Azure portal, you can configure *connector templates* for your Azure IoT Operations instance. Connector templates define the configuration of connectors, such as the connector for OPC UA, that are deployed to your cluster. When you create a connector template, it enables an OT user to create a device that uses the connector type in the operations experience web UI.
 
 To learn more about connector templates, see [Deploy the connector for ONVIF](../discover-manage-assets/howto-use-onvif-connector.md#deploy-the-connector-for-onvif).
 
-### Clone instance (preview)
-
-> [!NOTE]
-> The clone feature is in preview and under development.
-
-#### [Azure portal](#tab/portal)
-
-Currently, the Azure portal doesn't support cloning an Azure IoT Operations instance. You can use the Azure CLI to clone an instance.
-
-#### [Azure CLI](#tab/cli)
-
-Use the [`az iot ops clone`](/cli/azure/iot/ops#az-iot-ops-clone) command to create a new Azure IoT Operations instance based on an existing one. You can apply the output of clone to another connected cluster, which is referred to as replication. You can also save the clone to a local directory for later use and perform some configuration changes before applying it to a cluster. 
-
-For more information, see the [clone command wiki page](https://aka.ms/aio-clone).
-
-To clone an instance to another cluster, run:
-
-```azurecli
-az iot ops clone --name <INSTANCE_NAME> --resource-group <RESOURCE_GROUP> --to-cluster-id <CLUSTER_ID> 
-```
-
-To customize the replication to another cluster, use `--param` and specify the parameters you want to change in the format `key=value`. For example, to change the location of the cloned instance, run:
-
-```azurecli
-az iot ops clone --name <INSTANCE_NAME> --resource-group <RESOURCE_GROUP> --to-cluster-id <CLUSTER_ID> --param location=eastus
-```
-
-To clone an instance to a local directory, run:
-
-```azurecli
-az iot ops clone --name <INSTANCE_NAME> --resource-group <RESOURCE_GROUP> --to-dir <DIRECTORY>
-```
-
-> [!TIP]
-> To clone an instance to the current directory, run `--to-dir .`
-
-To clone an instance to a cluster, but splitting and serially applying asset related sub-deployments, run:
-
-```azurecli
-az iot ops clone --name <INSTANCE_NAME> --resource-group <RESOURCE_GROUP> --to-cluster-id <CLUSTER_ID> --mode linked
-```
-
----
-
 ### Manage instance components
 
 Each Azure IoT Operations instance includes several components, like the MQTT broker, connector for OPC UA, and data flows. To learn more about managing these components, see their respective articles. For example, to manage the MQTT broker, start with [Broker overview](../manage-mqtt-broker/overview-broker.md).
diff --git a/articles/iot-operations/deploy-iot-ops/media/howto-clone-instance/clone-flow.png b/articles/iot-operations/deploy-iot-ops/media/howto-clone-instance/clone-flow.png
diff --git a/articles/iot-operations/toc.yml b/articles/iot-operations/toc.yml
@@ -37,6 +37,9 @@ items:
           - name: Manage, update, or uninstall
             href: deploy-iot-ops/howto-manage-update-uninstall.md
             displayName: Kubernetes, deployment manifest, delete
+          - name: Clone an instance
+            href: deploy-iot-ops/howto-clone-instance.md
+            displayName: Kubernetes, instance, clone, snapshot, backup, restore
           - name: Upgrade
             href: deploy-iot-ops/howto-upgrade.md
             displayName: Kubernetes, version
