Merge pull request #103598 from MicrosoftDocs/repo_sync_working_branch

huypub · web-flow · commit 0b5f36ed8a07 · 2020-02-07T09:38:35.000-08:00
Confirm merge from repo_sync_working_branch to master to sync with https://github.com/Microsoft/azure-docs (branch master)
diff --git a/articles/active-directory/develop/authentication-scenarios.md b/articles/active-directory/develop/authentication-scenarios.md
@@ -21,7 +21,7 @@ ms.custom: aaddev, identityplatformtop40, scenarios:getting-started
 
 ## What is authentication
 
-This article covers many of the authentication concepts you'll need to understand to create protected web apps, web APIs, or apps calling protected Web APIs. If you see a term you aren't familiar with, try our (glossary)[developer-glossary.md].
+This article covers many of the authentication concepts you'll need to understand to create protected web apps, web APIs, or apps calling protected Web APIs. If you see a term you aren't familiar with, try our [glossary](developer-glossary.md).
 
 **Authentication** is the process of proving you are who you say you are. Authentication is sometimes shortened to AuthN.
 
diff --git a/articles/active-directory/develop/quickstart-v2-java-webapp.md b/articles/active-directory/develop/quickstart-v2-java-webapp.md
@@ -57,7 +57,7 @@ To run this sample you will need:
 >    - Leave **Redirect URI** blank for now, and select **Register**.
 > 1. On the **Overview** page, find the **Application (client) ID** and the **Directory (tenant) ID** values of the application. Copy these values for later.
 > 1. Select the **Authentication** from the menu, and then add the following information:
->    - In **Redirect URIs**, add `http://localhost:8080/msal4jsample/secure/aad` and `http://localhost:8080/msal4jsample/graph/me`.
+>    - In **Redirect URIs**, add `https://localhost:8080/msal4jsample/secure/aad` and `https://localhost:8080/msal4jsample/graph/me`.
 >    - Select **Save**.
 > 1. Select the **Certificates & secrets** from the menu and in the **Client secrets** section, click on **New client secret**:
 >
@@ -71,7 +71,7 @@ To run this sample you will need:
 >
 > For the code sample for this quickstart to work, you need to:
 >
-> 1. Add reply URLs as `http://localhost:8080/msal4jsamples/secure/aad` and `http://localhost:8080/msal4jsamples/graph/me`.
+> 1. Add reply URLs as `https://localhost:8080/msal4jsamples/secure/aad` and `https://localhost:8080/msal4jsamples/graph/me`.
 > 1. Create a Client Secret.
 > > [!div renderon="portal" id="makechanges" class="nextstepaction"]
 > > [Make these changes for me]()
@@ -87,23 +87,36 @@ To run this sample you will need:
 
  1. Extract the zip file to a local folder.
  1. If you use an integrated development environment, open the sample in your favorite IDE (optional).
-
  1. Open the application.properties file, which can be found in src/main/resources/ folder and replace the value of the fields *aad.clientId*, *aad.authority* and *aad.secretKey* with the respective values of **Application Id**, **Tenant Id** and **Client Secret** as the following:
 
     ```file
     aad.clientId=Enter_the_Application_Id_here
     aad.authority=https://login.microsoftonline.com/Enter_the_Tenant_Info_Here/
     aad.secretKey=Enter_the_Client_Secret_Here
-    aad.redirectUriSignin=http://localhost:8080/msal4jsample/secure/aad
-    aad.redirectUriGraph=http://localhost:8080/msal4jsample/graph/me
+    aad.redirectUriSignin=https://localhost:8080/msal4jsample/secure/aad
+    aad.redirectUriGraph=https://localhost:8080/msal4jsample/graph/me
     ```
 
-> [!div renderon="docs"]
-> Where:
->
-> - `Enter_the_Application_Id_here` - is the Application Id for the application you registered.
-> - `Enter_the_Client_Secret_Here` - is the **Client Secret** you created in **Certificates & Secrets** for the application you registered.
-> - `Enter_the_Tenant_Info_Here` - is the **Directory (tenant) ID** value of the application you registered.
+    > [!div renderon="docs"]
+    > Where:
+    >
+    > - `Enter_the_Application_Id_here` - is the Application Id for the application you registered.
+    > - `Enter_the_Client_Secret_Here` - is the **Client Secret** you created in **Certificates & Secrets** for the application you registered.
+    > - `Enter_the_Tenant_Info_Here` - is the **Directory (tenant) ID** value of the application you registered.
+
+ 1. To use https with localhost, fill in the server.ssl.key properties. To generate a self-signed certificate, use the keytool utility (included in JRE).
+
+   ```
+   Example: 
+   keytool -genkeypair -alias testCert -keyalg RSA -storetype PKCS12 -keystore keystore.p12 -storepass password
+
+   server.ssl.key-store-type=PKCS12  
+   server.ssl.key-store=classpath:keystore.p12  
+   server.ssl.key-store-password=password  
+   server.ssl.key-alias=testCert 
+   ```
+
+   Put the generated keystore file in the "resources" folder.
 
 #### Step 4: Run the code sample
 
@@ -113,11 +126,11 @@ Run it directly from your IDE by using the embedded spring boot server or packag
 
 ##### Running from IDE
 
-If you are running the web application from an IDE, click on run, then navigate to the home page of the project. For this sample, the standard home page URL is http://localhost:8080
+If you are running the web application from an IDE, click on run, then navigate to the home page of the project. For this sample, the standard home page URL is https://localhost:8080.
 
 1. On the front page, select the **Login** button to redirect to Azure Active Directory and prompt the user for their credentials.
 
-1. After the user is authenticated, they are redirected to *http://localhost:8080/msal4jsample/secure/aad*. They are now signed in, and the page will show information about the signed-in account. The sample UI has the following buttons:
+1. After the user is authenticated, they are redirected to *https://localhost:8080/msal4jsample/secure/aad*. They are now signed in, and the page will show information about the signed-in account. The sample UI has the following buttons:
     - *Sign Out*: Signs the current user out of the application and redirects them to the home page.
     - *Show User Info*: Acquires a token for Microsoft Graph and calls Microsoft Graph with a request containing the token, which returns basic information about the signed-in user.
 
diff --git a/articles/azure-databricks/quickstart-create-databricks-workspace-vnet-injection.md b/articles/azure-databricks/quickstart-create-databricks-workspace-vnet-injection.md
@@ -14,7 +14,7 @@ ms.date: 12/04/2019
 
 The default deployment of Azure Databricks creates a new virtual network that is managed by Databricks. This quickstart shows how to create an Azure Databricks workspace in your own virtual network instead. You also create an Apache Spark cluster within that workspace. 
 
-For more information about why you might choose to create an Azure Databricks workspace in your own virtual network, see [Deploy Azure Databricks in your Azure Virtual Network (VNet Injection)] (/databricks/administration-guide/cloud-configurations/azure/vnet-inject).
+For more information about why you might choose to create an Azure Databricks workspace in your own virtual network, see [Deploy Azure Databricks in your Azure Virtual Network (VNet Injection)](https://docs.microsoft.com/azure/databricks/administration-guide/cloud-configurations/azure/vnet-inject).
 
 If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/databricks/).
 
diff --git a/articles/cosmos-db/high-availability.md b/articles/cosmos-db/high-availability.md
@@ -101,7 +101,7 @@ The following table summarizes the high availability capability of various accou
 |Zone failures – availability | Availability loss | No availability loss | No availability loss |
 |Read latency | Cross region | Cross region | Low |
 |Write latency | Cross region | Cross region | Low |
-|Regional outage – data loss | Data loss |  Data loss | Data loss <br/><br/> When using bounded staleness consistency with multi master and more than one region, data loss is limited to the bounded staleness configured on your account. <br/><br/> Data loss during regional outage can be avoided by configuring strong consistency with multiple regions. This option comes with tradeoffs that impact availability and performance.      |
+|Regional outage – data loss | Data loss |  Data loss | Data loss <br/><br/> When using bounded staleness consistency with multi master and more than one region, data loss is limited to the bounded staleness configured on your account <br /><br />You can avoid data loss during a regional outage by configuring strong consistency with multiple regions. This option comes with trade-offs that affect availability and performance. It can be configured only on accounts that are configured for single-region writes. |
 |Regional outage – availability | Availability loss | Availability loss | No availability loss |
 |Throughput | X RU/s provisioned throughput | X RU/s provisioned throughput | 2X RU/s provisioned throughput <br/><br/> This configuration mode requires twice the amount of throughput when compared to a single region with Availability Zones because there are two regions. |
 
diff --git a/articles/cosmos-db/how-to-configure-cross-origin-resource-sharing.md b/articles/cosmos-db/how-to-configure-cross-origin-resource-sharing.md
@@ -37,23 +37,21 @@ To enable CORS by using a Resource Manager template, add the “cors” section
 
 ```json
 {
-    {
-      "type": "Microsoft.DocumentDB/databaseAccounts",
-      "name": "[variables('accountName')]",
-      "apiVersion": "2019-08-01",
-      "location": "[parameters('location')]",
-      "kind": "GlobalDocumentDB",
-      "properties": {
-        "consistencyPolicy": "[variables('consistencyPolicy')[parameters('defaultConsistencyLevel')]]",
-        "locations": "[variables('locations')]",
-        "databaseAccountOfferType": "Standard",
-        "cors": [
-                    {
-                        "allowedOrigins": "*"
-                    }
-                ]
-        }
-    }
+  "type": "Microsoft.DocumentDB/databaseAccounts",
+  "name": "[variables('accountName')]",
+  "apiVersion": "2019-08-01",
+  "location": "[parameters('location')]",
+  "kind": "GlobalDocumentDB",
+  "properties": {
+    "consistencyPolicy": "[variables('consistencyPolicy')[parameters('defaultConsistencyLevel')]]",
+    "locations": "[variables('locations')]",
+    "databaseAccountOfferType": "Standard",
+    "cors": [
+      {
+        "allowedOrigins": "*"
+      }
+    ]
+  }
 }
 ```
 
diff --git a/articles/private-link/private-link-overview.md b/articles/private-link/private-link-overview.md
@@ -47,6 +47,7 @@ Azure Private Link provides the following benefits:
 |  |  Azure Database for PostgreSQL - Single server         | All public regions      |   Preview      |
 |  |  Azure Database for MySQL         | All public regions      |   Preview      |
 |  |  Azure Database for MariaDB         | All public regions      |   Preview      |
+|  |  Azure Key Vault         | All public regions      |   Preview      |
 
 For the most up-to-date notifications, check the [Azure Virtual Network updates page](https://azure.microsoft.com/updates/?product=virtual-network).
 
diff --git a/articles/service-bus-messaging/media/service-bus-amqp-protocol-guide/amqp4.png b/articles/service-bus-messaging/media/service-bus-amqp-protocol-guide/amqp4.png
diff --git a/articles/service-bus-messaging/service-bus-amqp-protocol-guide.md b/articles/service-bus-messaging/service-bus-amqp-protocol-guide.md
@@ -78,6 +78,15 @@ Azure Service Bus currently uses exactly one session for each connection. The Se
 
 Connections, channels, and sessions are ephemeral. If the underlying connection collapses, connections, TLS tunnel, SASL authorization context, and sessions must be reestablished.
 
+### AMQP outbound port requirements
+
+Clients that use AMQP connections over TCP require ports 5671 and 5672 to be opened in the local firewall. Along with these ports, it might be necessary to open additional ports if the [EnableLinkRedirect](https://docs.microsoft.com/dotnet/api/microsoft.servicebus.messaging.amqp.amqptransportsettings.enablelinkredirect?view=azure-dotnet) feature is enabled. `EnableLinkRedirect` is a new messaging feature that helps skip one-hop while receiving messages, thus helping to boost throughput. The client would start communicating directly with the back-end service over port range 104XX as shown in the following image. 
+
+![List of destination ports][4]
+
+A .NET client would fail with a SocketException ("An attempt was made to access a socket in a way forbidden by its access permissions") if these ports are blocked by the firewall. The feature can be disabled by setting `EnableAmqpLinkRedirect=false` in the connectiong string, which forces the clients to communicate with the remote service over port 5671.
+
+
 ### Links
 
 AMQP transfers messages over links. A link is a communication path created over a session that enables transferring messages in one direction; the transfer status negotiation is over the link and bi-directional between the connected parties.
diff --git a/articles/vmware-cloudsimple/disaster-recovery-site-recovery-manager.md b/articles/vmware-cloudsimple/disaster-recovery-site-recovery-manager.md
@@ -96,7 +96,7 @@ You can add an external identity provider as described in [Use Azure AD as an id
 
 To provide IP address lookup, IP address management, and name resolution services for your workloads in the AVS Private Cloud, set up a DHCP and DNS server as described in [Set up DNS and DHCP applications and workloads in your AVS Private Cloud](dns-dhcp-setup.md).
 
-The *.avs.io domain is used by management VMs and hosts in your AVS Private Cloud. To resolve requests to this domain, configure DNS forwarding on the DNS server as described in [Create a Conditional Forwarder](on-premises-dns-setup.md#create-a-conditional-forwarder).
+The *.cloudsimple.io domain is used by management VMs and hosts in your AVS Private Cloud. To resolve requests to this domain, configure DNS forwarding on the DNS server as described in [Create a Conditional Forwarder](on-premises-dns-setup.md#create-a-conditional-forwarder).
 
 ### Install vSphere Replication Appliance in your on-premises environment
 
diff --git a/articles/vmware-cloudsimple/disaster-recovery-zerto.md b/articles/vmware-cloudsimple/disaster-recovery-zerto.md
@@ -46,7 +46,7 @@ The following sections describe how to deploy a DR solution using Zerto Virtual
 To enable Zerto Virtual Replication from your on-premises environment to your AVS Private Cloud, complete the following prerequisites.
 
 1. [Set up a Site-to-Site VPN connection between your on-premises network and your AVS Private Cloud](set-up-vpn.md).
-2. [Set up DNS lookup so that your AVS Private Cloud management components are forwarded to AVS Private Cloud DNS servers](on-premises-dns-setup.md). To enable forwarding of DNS lookup, create a forwarding zone entry in your on-premises DNS server for `*.AVS.io` to AVS DNS servers.
+2. [Set up DNS lookup so that your AVS Private Cloud management components are forwarded to AVS Private Cloud DNS servers](on-premises-dns-setup.md). To enable forwarding of DNS lookup, create a forwarding zone entry in your on-premises DNS server for `*.cloudsimple.io` to AVS DNS servers.
 3. Set up DNS lookup so that on-premises vCenter components are forwarded to on-premises DNS servers. The DNS servers must be reachable from your AVS Private Cloud over Site-to-Site VPN. For assistance, submit a [support request](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/newsupportrequest), providing the following information. 
 
     * On-premises DNS domain name
diff --git a/articles/vmware-cloudsimple/migration-layer-2-vpn.md b/articles/vmware-cloudsimple/migration-layer-2-vpn.md
@@ -43,7 +43,7 @@ Verify that the following are in place before deploying and configuring the solu
 * The version of the standalone NSX-T Edge appliance is compatible with the NSX-T Manager version (NSX-T 2.3.0) used in your AVS Private Cloud environment.
 * A trunk port group has been created in the on-premises vCenter with forged transmits enabled.
 * A public IP address has been reserved to use for the NSX-T standalone client uplink IP  address, and 1:1 NAT is in place for translation between the two addresses.
-* DNS forwarding is set on the on-premises DNS servers for the az.AVS.io domain to point to the AVS Private Cloud DNS servers.
+* DNS forwarding is set on the on-premises DNS servers for the az.cloudsimple.io domain to point to the AVS Private Cloud DNS servers.
 * RTT latency is less than or equal to 150 ms, as required for vMotion to work across the two sites.
 
 ## Limitations and considerations
diff --git a/articles/vmware-cloudsimple/on-premises-dns-setup.md b/articles/vmware-cloudsimple/on-premises-dns-setup.md
@@ -26,10 +26,10 @@ To access the vCenter server on an AVS Private Cloud from on-premises workstatio
 
 Use either of these options for the DNS configuration.
 
-* [Create a zone on the DNS server for *.AVS.io](#create-a-zone-on-a-microsoft-windows-dns-server)
-* [Create a conditional forwarder on your on-premises DNS server to resolve *.AVS.io](#create-a-conditional-forwarder)
+* [Create a zone on the DNS server for *.cloudsimple.io](#create-a-zone-on-a-microsoft-windows-dns-server)
+* [Create a conditional forwarder on your on-premises DNS server to resolve *.cloudsimple.io](#create-a-conditional-forwarder)
 
-## Create a zone on the DNS server for *.AVS.io
+## Create a zone on the DNS server for *.cloudsimple.io
 
 You can set up a zone up as a stub zone and point to the DNS servers on the Private
 Cloud for name resolution. This section provides information on using a BIND DNS server or a Microsoft Windows DNS server.
@@ -76,7 +76,7 @@ from the AVS portal.
 
 ## Create a conditional forwarder
 
-A conditional forwarder forwards all DNS name resolution requests to the designated server. With this setup, any request to *.AVS.io is forwarded to the DNS servers located on the AVS Private Cloud. The following examples show how to set up
+A conditional forwarder forwards all DNS name resolution requests to the designated server. With this setup, any request to *.cloudsimple.io is forwarded to the DNS servers located on the AVS Private Cloud. The following examples show how to set up
 forwarders on different types of DNS servers.
 
 ### Create a conditional forwarder on a BIND DNS server
diff --git a/articles/vmware-cloudsimple/on-premises-firewall-configuration.md b/articles/vmware-cloudsimple/on-premises-firewall-configuration.md
@@ -22,7 +22,7 @@ To access your AVS Private Cloud vCenter and NSX-T manager, ports defined in the
 
 | Port       | Source                           | Destination                      | Purpose                                                                                                                |
 |------------|----------------------------------|----------------------------------|------------------------------------------------------------------------------------------------------------------------|
-| 53 (UDP)   | On-premises DNS servers          | AVS Private Cloud DNS servers        | Required for forwarding DNS lookup of *az.AVS.io* to AVS Private Cloud DNS servers from on-premises network.     |
+| 53 (UDP)   | On-premises DNS servers          | AVS Private Cloud DNS servers        | Required for forwarding DNS lookup of *az.cloudsimple.io* to AVS Private Cloud DNS servers from on-premises network.     |
 | 53 (UDP)   | AVS Private Cloud DNS servers        | On-premises DNS servers          | Required for forwarding DNS look up of on-premises domain names from AVS Private Cloud vCenter to on-premises DNS servers. |
 | 80 (TCP)   | On-premises network              | AVS Private Cloud management network | Required for redirecting vCenter URL from *http* to *https*.                                                         |
 | 443 (TCP)  | On-premises network              | AVS Private Cloud management network | Required for accessing vCenter and NSX-T manager from on-premises network.                                           |
diff --git a/articles/vmware-cloudsimple/set-up-vpn.md b/articles/vmware-cloudsimple/set-up-vpn.md
@@ -92,7 +92,7 @@ A Point-to-Site VPN connection resolves the DNS names of the first AVS Private C
 
     ![Edit VPN Connection](media/viscosity-edit-connection.png)
 
-7. Click the **Networking** tab and enter the AVS Private Cloud DNS server IP addresses separated by a comma or space and the domain as ```AVS.io```. Select **Ignore DNS settings sent by VPN server**.
+7. Click the **Networking** tab and enter the AVS Private Cloud DNS server IP addresses separated by a comma or space and the domain as ```az.cloudsimple.io```. Select **Ignore DNS settings sent by VPN server**.
 
     ![VPN Networking](media/viscosity-edit-connection-networking.png)
 
@@ -112,4 +112,4 @@ To set up your on-premises VPN gateway in high-availability mode, see [Configure
 
 > [!IMPORTANT]
 >    1. Set TCP MSS Clamping at 1200 on your VPN device. Or if your VPN devices do not support MSS clamping, you can alternatively set the MTU on the tunnel interface to 1240 bytes instead.
-> 2. After Site-to-Site VPN is set up, forward the DNS requests for *.AVS.io to the AVS Private Cloud DNS servers. Follow the instructions in [On-Premises DNS Setup](on-premises-dns-setup.md).
+> 2. After Site-to-Site VPN is set up, forward the DNS requests for *.cloudsimple.io to the AVS Private Cloud DNS servers. Follow the instructions in [On-Premises DNS Setup](on-premises-dns-setup.md).
