Merge pull request #3129 from Blackmist/360207-appgateway-ga

removing preview tag and adding link

Author: prmerger-automator[bot]

articles/ai-studio/how-to/access-on-premises-resources.md

@@ -5,14 +5,14 @@ description: Learn how to configure an Azure AI Foundry managed network to secur
 manager: scottpolly
 ms.service: azure-ai-foundry
 ms.topic: how-to
-ms.date: 02/20/2025
+ms.date: 02/27/2025
 ms.reviewer: meerakurup 
 ms.author: larryfr
 author: Blackmist
 # Customer intent: As an admin, I want to allow my developers to securely access on-premises resources from Azure AI Foundry.
 ---
 
-# Access on-premises resources from your Azure AI Foundry's managed network (preview)
+# Access on-premises resources from your Azure AI Foundry's managed network
 
 To access your non-Azure resources located in a different virtual network or located entirely on-premises from your [Azure AI Foundry](https://ai.azure.com)'s managed virtual network, an Application Gateway must be configured. Through this Application Gateway, full end to end access can be configured to your resources.
 
@@ -80,10 +80,10 @@ Follow the [Quickstart: Direct web traffic using the portal](/azure/application-
     - FQDNs: These FQDNs are the aliases that you want to use inside the Azure AI Foundry portal. They're resolved to the managed private endpoint's private IP address targeting Application Gateway. You might include multiple FQDNs depending on how many resources you would like to connect to with the Application Gateway.
 
     > [!NOTE]
-    > - If you are using HTTPS listener with certificate uploaded, make sure the FQDN alias matches with the certificate's CN (Common Name) or SAN (Subject Alternative Name) otherwise HTTPS call will fail with SNI (Server Name Indication).
-    > - The provided FQDNs must have at least three labels in the name to properly create the private DNS zone of thee private endpoint for Application Gateway.
-    > - The FQDNs field is editable after the private endpoint creation through SDK or CLI. The field is not editable in the Azure portal.
-    > - Dynamic sub-resource naming is not supported for the private Frontend IP configuration. The Frontend IP name must be `appGwPrivateFrontendIpIPv4`.
+    > - If you're using HTTPS listener with certificate uploaded, make sure the FQDN alias matches with the certificate's CN (Common Name) or SAN (Subject Alternative Name) otherwise HTTPS call fails with SNI (Server Name Indication).
+    > - The provided FQDNs must have at least three labels in the name to properly create the private DNS zone of the private endpoint for Application Gateway.
+    > - The FQDNs field is editable after the private endpoint creation through SDK or CLI. The field isn't editable in the Azure portal.
+    > - Dynamic sub-resource naming isn't supported for the private Frontend IP configuration. The Frontend IP name must be `appGwPrivateFrontendIpIPv4`.
 
 ### Configure using Python SDK and Azure CLI
 
@@ -96,6 +96,7 @@ To create a private endpoint to Application Gateway with the Azure CLI, use the
 - Application Gateway supports only HTTP(s) endpoints in the Backend pool. There's no support for non-HTTP(s) network traffic. Ensure your resources support HTTP(S) protocol.
 - To connect to Snowflake using the Application Gateway, you should add your own FQDN outbound rules to enable package/driver download and OCSP validation.
   - The Snowflake JDBC driver uses HTTPS calls, but different drivers might have different implementations. Check if your resource uses HTTP(S) protocol or not.
+- Application Gateway isn't supported for Spark scenarios, such as Spark compute or serverless Spark compute. DNS resolution (for example, nslookup) fails when trying to resolve an FQDN from the Spark compute.
 - For more information on limitations, see [Frequently asked questions about Application Gateway](/azure/application-gateway/application-gateway-faq).
 
 ## Application Gateway Errors

articles/ai-studio/how-to/configure-managed-network.md

@@ -910,3 +910,4 @@ The hub managed virtual network feature is free. However, you're charged for the
 ## Related content
 
 - [Create Azure AI Foundry hub and project using the SDK](./develop/create-hub-project-sdk.md)
+- [Access on-premises resources from Azure AI Foundry](access-on-premises-resources.md)

articles/machine-learning/how-to-access-on-premises-resources.md

@@ -5,14 +5,14 @@ description: Learn how to configure an Azure Machine Learning's managed network
 manager: scottpolly
 ms.service: azure-machine-learning
 ms.topic: how-to
-ms.date: 10/24/2024
+ms.date: 02/27/2025
 ms.reviewer: meerakurup 
 ms.author: larryfr
 author: Blackmist
 # Customer intent: As an admin, I want to allow my developers to securely access on-premises resources from Azure Machine Learning.
 ---
 
-# Access on-premises resources from your Azure Machine Learning workspace's managed network (preview)
+# Access on-premises resources from your Azure Machine Learning workspace's managed network
 
 To access your non-Azure resources located in a different virtual network or located entirely on-premises from your Azure Machine Learning workspace's managed virtual network, an Application Gateway must be configured. Through this Application Gateway, full end to end access can be configured to your resources.
 
@@ -80,10 +80,10 @@ Follow the [Quickstart: Direct web traffic using the portal](/azure/application-
     - FQDNs: These FQDNs are the aliases that you want to use inside the Azure Machine Learning workspace. They're resolved to the managed private endpoint’s private IP address targeting Application Gateway. You might include multiple FQDNs depending on how many resources you would like to connect to with the Application Gateway.
 
     > [!NOTE]
-    > - If you are using HTTPS listener with certificate uploaded, make sure the FQDN alias matches with the certificate's CN (Common Name) or SAN (Subject Alternative Name) otherwise HTTPS call will fail with SNI (Server Name Indication).
-    > - The provided FQDNs must have at least three labels in the name to properly create the private DNS zone of thee private endpoint for Application Gateway.
-    > - The FQDNs field is editable after the private endpoint creation through SDK or CLI. The field is not editable in the Azure portal.
-    > - Dyname sub-resource naming is not supported for the private Frontend IP configuration. The Frontend IP name must be `appGwPrivateFrontendIpIPv4`.
+    > - If you're using HTTPS listener with certificate uploaded, make sure the FQDN alias matches with the certificate's CN (Common Name) or SAN (Subject Alternative Name) otherwise HTTPS call fails with SNI (Server Name Indication).
+    > - The provided FQDNs must have at least three labels in the name to properly create the private DNS zone of the private endpoint for Application Gateway.
+    > - The FQDNs field is editable after the private endpoint creation through SDK or CLI. The field isn't editable in the Azure portal.
+    > - Dynamic sub-resource naming isn't supported for the private Frontend IP configuration. The Frontend IP name must be `appGwPrivateFrontendIpIPv4`.
 
 ### Configure using Python SDK and Azure CLI
 
@@ -96,6 +96,7 @@ To create a private endpoint to Application Gateway with the Azure CLI, use the
 - Application Gateway supports only HTTP(s) endpoints in the Backend pool. There's no support for non-HTTP(s) network traffic. Ensure your resources support HTTP(S) protocol.
 - To connect to Snowflake using the Application Gateway, you should add your own FQDN outbound rules to enable package/driver download and OCSP validation.
   - The Snowflake JDBC driver uses HTTPS calls, but different drivers might have different implementations. Check if your resource uses HTTP(S) protocol or not.
+- Application Gateway isn't supported for Spark scenarios, such as Spark compute or serverless Spark compute. DNS resolution (for example, nslookup) fails when trying to resolve an FQDN from the Spark compute.
 - For more information on limitations, see [Frequently asked questions about Application Gateway](/azure/application-gateway/application-gateway-faq).
 
 ## Application Gateway Errors