updates from PM

Blackmist · Blackmist · commit d38aa63167b6 · 2024-10-24T14:41:15.000-04:00
diff --git a/articles/ai-studio/how-to/access-on-premises-resources.md b/articles/ai-studio/how-to/access-on-premises-resources.md
@@ -5,7 +5,7 @@ description: Learn how to configure an Azure AI Studio managed network to secure
 manager: scottpolly
 ms.service: azure-ai-studio
 ms.topic: how-to
-ms.date: 10/22/2024
+ms.date: 10/24/2024
 ms.reviewer: meerakurup 
 ms.author: larryfr
 author: Blackmist
@@ -16,7 +16,7 @@ author: Blackmist
 
 To access your non-Azure resources located in a different virtual network or located entirely on-premises from your Azure AI Studio's managed virtual network, an Application Gateway must be configured. Through this Application Gateway, full end to end access can be configured to your resources.
 
-Azure Application Gateway is a load balancer that makes routing decisions based on the URL of an HTTPS request. Azure Machine Learning supports using an application gateway to securely communicate with the following resources. For more on Application Gateway, see [What is Azure Application Gateway](/azure/application-gateway/overview).
+Azure Application Gateway is a load balancer that makes routing decisions based on the URL of an HTTPS request. Azure Machine Learning supports using an application gateway to securely communicate with non-Azure resources. For more on Application Gateway, see [What is Azure Application Gateway](/azure/application-gateway/overview).
 
 To access on-premises or custom virtual network resources from the managed virtual network, you configure an Application Gateway on your Azure virtual network. The application gateway is used for inbound access to the AI Studio's hub. Once configured, you then create a private endpoint from the Azure AI Studio hub's managed virtual network to the Application Gateway. With the private endpoint, the full end to end path is secured and not routed through the Internet.
 
@@ -30,7 +30,7 @@ To access on-premises or custom virtual network resources from the managed virtu
 
 ## Supported resources
 
-Application Gateway is verified to support a private connection from the managed virtual network to:
+Application Gateway supports any backend target resource that uses HTTP or HTTPS protocol. Connections to the following resources from the managed virtual network are verified:
 - Jfrog Artifactory
 - Snowflake Database
 - Private APIs
@@ -43,7 +43,7 @@ Follow the [Quickstart: Direct web traffic using the portal](/azure/application-
 
     - Ensure your Application Gateway is in the same region as the selected Azure Virtual Network.
     - Azure AI Studio only supports IPv4 for Application Gateway.
-    - With your Azure Virtual Network, one subnet can only be associated with one Application Gateway.
+    - With your Azure Virtual Network, select one dedicated subnet for your Application Gateway. No other resources can be deployed in this subnet.
 
 1. From the __Frontends__ tab, Application Gateway doesn’t support private Frontend IP address only so Public IP addresses need to be selected or a new one created. Private IP addresses for the resources that the gateway connects to can be added within the range of the subnet you selected on the Basics tab.
 
@@ -56,7 +56,15 @@ Follow the [Quickstart: Direct web traffic using the portal](/azure/application-
         - If you want end-to-end TLS encryption, select HTTPS listener and upload your own certificate for Application Gateway to decrypt request received by listener. For more information, see [Enabling end to end TLS on Azure Application Gateway](/azure/application-gateway/ssl-overview#end-to-end-tls-encryption).
         - If you want a fully private backend target without any public network access, DO NOT setup a listener on the public frontend IP address and its associated routing rule. Application Gateway only forwards requests that listeners receive at the specific port. If you want to avoid adding public frontend IP listener by mistake, see [Network security rules](/azure/application-gateway/configuration-infrastructure#network-security-groups) to fully lock down public network access.
 
-    - In the __Backend targets__ section, if you want to use HTTPS and Backend server’s certificate is NOT issued by a well-known CA, you must upload the Root certificate (.CER) of the backend server. For more on configuring with a root certificate, see Configure end-to-end TLS encryption using the portal.
+    - In the __Backend targets__ section, if you want to use HTTPS and Backend server’s certificate is NOT issued by a well-known CA, you must upload the Root certificate (.CER) of the backend server. For more on configuring with a root certificate, see [Configure end-to-end TLS encryption using the portal](/azure/application-gateway/end-to-end-ssl-portal).
+
+1. Once the Application Gateway resource is created, navigate to the new Application Gateway resource in the Azure portal. Under __Settings__, select, __Private link__ to enable a virtual network to privately access the Application Gateway through a private endpoint connection. The Private link configuration isn't created by default. 
+
+    - Select __+ Add__ to add the Private Link configuration, and then use the following values to create the configuration:
+        - Name: Provide a name for your private link configuration
+        - Private link subnet: Select a subnet in your virtual network. 
+        - Frontend IP Configuration: `appGwPrivateFrontendIpIPv4`
+    - To verify the Private link is set up correctly, navigate to the __Private endpoint connections__ tab and select __+ Private endpoint__. On the __Resource__ tab, the __Target sub-resource__ should be the name of your private Frontend IP configuration, `appGwPrivateFrontendIpIPv4`. If no value appears in the __Target sub-resource__, then the Application Gateway listener wasn't configured correctly. 
 
 ## Configure private link
 
@@ -67,19 +75,21 @@ Follow the [Quickstart: Direct web traffic using the portal](/azure/application-
     - Destination Type: Private Endpoint
     - Subscription and Resource Group: Select the Subscription and Resource Group where your Application Gateway is deployed
     - Resource Type: `Microsoft.Network/applicationGateways`
-    - Resource name: `appgateway`
+    - Resource name: The name of your Application Gateway resource.
     - Sub resource: `appGwPrivateFrontendIpIPv4` 
     - FQDNs: These FQDNs are the aliases that you want to use inside the Azure AI Studio. They're resolved to the managed private endpoint’s private IP address targeting Application Gateway. You might include multiple FQDNs depending on how many resources you would like to connect to with the Application Gateway.
 
     > [!NOTE]
     > If you are using HTTPS listener with certificate uploaded, make sure the FQDN alias matches with the certificate's CN (Common Name) or SAN (Subject Alternative Name) otherwise HTTPS call will fail with SNI (Server Name Indication).
-    > The Application Gateway subresource name comes from the Application Gateway Listener which can be deleted after creation. ***
+    > The provided FQDNs must have at least three labels in the name to properly create the private DNS zone of thee private endpoint for Application Gateway.
+    > The FQDNs field is editable after the private endpoint creation through SDK or CLI. The field is not editable in the Azure portal.
+    > Dyname sub-resource naming is not supported for the private Frontend IP configuration. The Frontend IP name must be `appGwPrivateFrontendIpIPv4`.
 
 ### Configure using Python SDK and Azure CLI
 
 To create a private endpoint to Application Gateway with SDK, see [Azure SDK for Python](/python/api/azure-ai-ml/azure.ai.ml.entities.privateendpointdestination).
 
-To create a private endpoint to Application Gateway with the Azure CLI, see [Configure a managed network](configure-managed-network.md?tabs=azure-cli).
+To create a private endpoint to Application Gateway with the Azure CLI, use the `az ml workspace outbound-rule set` command. Set properties as needed for your configuration. For more information, see [Configure a managed network](configure-managed-network.md?tabs=azure-cli).
 
 ## Limitations
 
@@ -88,6 +98,15 @@ To create a private endpoint to Application Gateway with the Azure CLI, see [Con
   - The Snowflake JDBC driver uses HTTPS calls, but different drivers might have different implementations. Check if your resource uses HTTP(S) protocol or not.
 - For more information on limitations, see [Frequently asked questions about Application Gateway](/azure/application-gateway/application-gateway-faq).
 
+## Application Gateway Errors
+
+For errors related to the Application Gateway connection to your backend resources, follow the existing Application Gateway documentation based on the errors you receive:
+
+- [Troubleshoot backend health issues in Application Gateway](/azure/application-gateway/application-gateway-backend-health-troubleshooting)
+- [Troubleshooting bad gateway errors in Application Gateway](/azure/application-gateway/application-gateway-troubleshooting-502)
+- [HTTP response codes in Application Gateway](/azure/application-gateway/http-response-codes)
+- [Understanding disabled listeners](/azure/application-gateway/disabled-listeners)
+
 ## Related content
 
 - [Managed virtual network isolation](configure-managed-network.md)
diff --git a/articles/machine-learning/how-to-access-on-premises-resources.md b/articles/machine-learning/how-to-access-on-premises-resources.md
@@ -5,7 +5,7 @@ description: Learn how to configure an Azure Machine Learning's managed network
 manager: scottpolly
 ms.service: azure-machine-learning
 ms.topic: how-to
-ms.date: 10/22/2024
+ms.date: 10/24/2024
 ms.reviewer: meerakurup 
 ms.author: larryfr
 author: Blackmist
@@ -30,7 +30,7 @@ To access on-premises or custom virtual network resources from the managed virtu
 
 ## Supported resources
 
-Application Gateway supports any backend target resource that uses HTTP or HTTPS protocol. It's verified to support a private connection from the managed virtual network to:
+Application Gateway supports any backend target resource that uses HTTP or HTTPS protocol. Connections to the following resources from the managed virtual network are verified:
 - Jfrog Artifactory
 - Snowflake Database 
 - Private APIs
@@ -58,13 +58,13 @@ Follow the [Quickstart: Direct web traffic using the portal](/azure/application-
 
     - In the __Backend targets__ section, if you want to use HTTPS and Backend server’s certificate is NOT issued by a well-known CA, you must upload the Root certificate (.CER) of the backend server. For more on configuring with a root certificate, see [Configure end-to-end TLS encryption using the portal](/azure/application-gateway/end-to-end-ssl-portal).
 
-1. Once the Application Gateway resource is created, navigate to the new Application Gateway resource in the Azure portal. Under __Settings__, select, __Private link__ to enable the a virtual network to privately access the Application Gateway through a private endpoint connection. The Private link configuration is not created by default. 
+1. Once the Application Gateway resource is created, navigate to the new Application Gateway resource in the Azure portal. Under __Settings__, select, __Private link__ to enable a virtual network to privately access the Application Gateway through a private endpoint connection. The Private link configuration isn't created by default. 
 
     - Select __+ Add__ to add the Private Link configuration, and then use the following values to create the configuration:
         - Name: Provide a name for your private link configuration
         - Private link subnet: Select a subnet in your virtual network. 
         - Frontend IP Configuration: `appGwPrivateFrontendIpIPv4`
-    - To verify the Private link is set up correctly, navigate to the __Private endpoint connections__ tab and select __+ Private endpoint__. On the __Resource__ tab, the __Target sub-resource__ should be the name of your private Frontend IP configuration, `appGwPrivateFrontendIpIPv4`. If no value appears in the __Target sub-resource__ then the Application Gateway listener was not configured correctly. 
+    - To verify the Private link is set up correctly, navigate to the __Private endpoint connections__ tab and select __+ Private endpoint__. On the __Resource__ tab, the __Target sub-resource__ should be the name of your private Frontend IP configuration, `appGwPrivateFrontendIpIPv4`. If no value appears in the Target sub-resource,__ then the Application Gateway listener wasn't configured correctly. 
 
 ## Configure private link
 
@@ -89,7 +89,7 @@ Follow the [Quickstart: Direct web traffic using the portal](/azure/application-
 
 To create a private endpoint to Application Gateway with SDK, see [Azure SDK for Python](/python/api/azure-ai-ml/azure.ai.ml.entities.privateendpointdestination).
 
-To create a private endpoint to Application Gateway with the Azure CLI, use the `az ml workspace outbound-rule set` command. Set additional properties as needed for your configuration. For more information, see [Configure a managed network](how-to-managed-network.md?tabs=azure-cli).
+To create a private endpoint to Application Gateway with the Azure CLI, use the `az ml workspace outbound-rule set` command. Set properties as needed for your configuration. For more information, see [Configure a managed network](how-to-managed-network.md?tabs=azure-cli).
 
 ## Limitations
 
