Skip to content

Commit 029c57d

Browse files
committed
Adjust accoridng to score cards.
1 parent 40e1dc7 commit 029c57d

File tree

1 file changed

+8
-8
lines changed

1 file changed

+8
-8
lines changed

articles/batch/network-security-perimeter.md

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -12,26 +12,26 @@ The [network security perimeter (NSP)](/azure/private-link/network-security-peri
1212

1313
With a network security perimeter:
1414
- PaaS resources associated with a specific perimeter are, by default, only able to communicate with other PaaS resources within the same perimeter.
15-
- External inboound and outbound communication can be allowed by explicit access rules.
15+
- Explicit access rules can actively permit external inbound and outbound communication.
1616
- [Diagnostic Logs](/azure/private-link/network-security-perimeter-diagnostic-logs.md) are enabled for PaaS resources within perimeter for Audit and Compliance.
1717

1818
> [!IMPORTANT]
19-
> Network security perimeter rules will not govern the private link with the [private endpoint](/azure/private-link/private-endpoint-overview.md).
19+
> Network security perimeter rules do not govern the private link with the [private endpoint](/azure/private-link/private-endpoint-overview.md).
2020
2121
## Network Security Perimeter Scenarios in Batch service
2222

2323
Azure Batch service is designed to support various scenarios that necessitate access to other PaaS resources:
2424

25-
- **Application packages**: This requires communication with Azure Storage. For more details refer to [batch-application-packages](./batch-application-packages.md).
26-
- **Customer-managed Keys**: This requires communication with Azure KeyVault. For more details refer to [batch-customer-managed-key](./batch-customer-managed-key.md).
25+
- Application packages requires communication with Azure Storage. For more information, see [batch-application-packages](./batch-application-packages.md).
26+
- Customer managed key requires communication with Azure KeyVault. For more information, see [batch-customer-managed-key](./batch-customer-managed-key.md).
2727

28-
Using network security perimeter, network administrators can create a network isolation boundary for their PaaS services. This security perimeter permits the setting up of public access controls for various PaaS resources, providing a consistent user experience and a uniform API. Regarding the PaaS communications supported by Batch, Azure Storage and Azure KeyVault have incorporated network security perimeters. For more information, please refer to the [Network security perimeter in Azure Storage](/azure/storage/common/storage-network-security?tabs=azure-portal#network-security-perimeter-preview) and [Network security perimeter in Azure Key Vault](/azure/key-vault/general/network-security#network-security-perimeter-preview).
28+
Network administrators can use the network security perimeter feature to create an isolation boundary for their PaaS services. This security perimeter permits the setting up of public access controls for various PaaS resources, providing a consistent user experience and a uniform API. Setting up network security perimeter for PaaS communications supported by Batch, refer to the [Network security perimeter in Azure Storage](/azure/storage/common/storage-network-security?tabs=azure-portal#network-security-perimeter-preview) and [Network security perimeter in Azure Key Vault](/azure/key-vault/general/network-security#network-security-perimeter-preview) for more details.
2929

3030
Network security perimeter provides several methods to enable Batch to interact with other PaaS services if the target PaaS service is in network security perimeter:
3131
- Associate the Batch account with the same perimeter as the target resource and assign the necessary permissions to the Managed Identity used across these resources.
3232
- Create the profile with appropriate inbound access rules (for example, creating an inbound access rule for the Batch account's fully qualified domain name) and apply it to the target PaaS resource. This profile is used to evaluate inbound traffic (sent from Batch) from outside the perimeter traffic.
3333

34-
Note that Batch users can also use the network security perimeter to secure inbound traffic, not just the outbound traffic scenarios with Azure Storage and Azure Key Vault.
34+
Batch users can also use the network security perimeter to secure inbound traffic, not just the outbound traffic scenarios with Azure Storage and Azure Key Vault.
3535

3636
> [!NOTE]
3737
> Network security perimeters do not regulate nodes within Batch pools. To ensure network isolation for the pool, you may still need to create a **nodeManagement** private endpoint for [the Batch pool without public ip addresses](./simplified-node-communication-pool-no-public-ip.md).
@@ -44,7 +44,7 @@ Note that Batch users can also use the network security perimeter to secure inbo
4444
1. Set up your Batch account by using a user-assigned managed identity.
4545
2. It's optional but recommended to change the public network access of your Batch account to `SecuredByPerimeter`.
4646

47-
This guarantees that both inbound and outbound connectivity of the resource is restricted to those resources within the same perimeter, and the related perimeter profile determines the access rules that govern public access.
47+
This public network access value guarantees that the resource's inbound and outbound connectivity is restricted to resources within the same perimeter. The associated perimeter profile sets the rules that control public access.
4848

4949
This Batch account modification can be made using the [Batch management Account API](/rest/api/batchmanagement/batch-account/update?#publicnetworkaccesstype) or [SDK BatchPublicNetworkAccess Enum value](/dotnet/api/azure.resourcemanager.batch.models.batchpublicnetworkaccess).
5050

@@ -57,7 +57,7 @@ Create your own network security perimeter resource using [Azure portal](/azure/
5757
### Associate Batch account with the Network Security Perimeter
5858

5959
#### Using Azure portal
60-
1. Navigate to your network security perimeter resource in the Azure portal, where you should establish a profile for your Batch account to associate with. If you have not created the profile, go to **Settings** -> **Profiles** to create a network security perimeter profile initially.
60+
1. Navigate to your network security perimeter resource in the Azure portal, where you should establish a profile for your Batch account to associate with. If you do not create the profile, go to **Settings** -> **Profiles** to create a network security perimeter profile initially.
6161

6262
![Profiles](./media/network-security-perimeter/create-profile.png)
6363

0 commit comments

Comments
 (0)