Merge pull request #115283 from MicrosoftDocs/release-build-virtual-network

Build 2020 Release Virtual Networks

Author: SyntaxC4

articles/networking/TOC.yml

@@ -47,6 +47,8 @@
       items:
       - name: Azure network latency
         href: azure-network-latency.md
+      - name: Internet routing preference in Azure
+        href: ../virtual-network/routing-preference-overview.md
     - name: Virtual networks
       href: ../virtual-network/virtual-networks-overview.md?toc=%2fazure%2fnetworking%2ftoc.json
     - name: Network load balancing

articles/storage/blobs/TOC.yml

@@ -150,6 +150,8 @@
         href: ../common/storage-security-controls.md?toc=%2fazure%2fstorage%2fblobs%2ftoc.json
       - name: Use Azure Private Endpoints
         href: ../common/storage-private-endpoints.md?toc=%2fazure%2fstorage%2fblobs%2ftoc.json
+      - name: Configure network routing preference
+        href: ../common/network-routing-preference.md?toc=%2fazure%2fstorage%2fblobs%2ftoc.json        
     - name: Data redundancy
       href: ../common/storage-redundancy.md?toc=%2fazure%2fstorage%2fblobs%2ftoc.json
     - name: Data protection

articles/storage/common/media/network-routing-preference/routing-options-diagram.png

@@ -0,0 +1,80 @@
+---
+title: Configure network routing preference (preview)
+titleSuffix: Azure Storage
+description: Configure network routing preference (preview) for your Azure storage account to specify how network traffic is routed to your account from clients over the Internet.
+services: storage
+author: santoshc
+
+ms.service: storage
+ms.topic: article
+ms.date: 05/12/2020
+ms.author: santoshc
+ms.reviewer: tamram
+ms.subservice: common
+---
+
+# Configure network routing preference for Azure Storage (preview)
+
+You can configure network [routing preference](../../virtual-network/routing-preference-overview.md) (preview) for your Azure storage account to specify how network traffic is routed to your account from clients over the Internet. By default, traffic from the Internet is routed to the public endpoint of your storage account over the [Microsoft global network](../../networking/microsoft-global-network.md). Azure Storage provides additional options for configuring how traffic is routed to your storage account.
+
+Configuring routing preference gives you the flexibility to optimize your traffic either for premium network performance or for cost. When you configure a routing preference, you specify how traffic will be directed to the public endpoint for your storage account by default. You can also publish route-specific endpoints for your storage account.
+
+## Microsoft global network versus Internet routing
+
+By default, clients outside of the Azure environment access your storage account over the Microsoft global network. The Microsoft global network is optimized for low-latency path selection to deliver premium network performance with high reliability. Both inbound and outbound traffic are routed through the point of presence (POP) that is closest to the client. This default routing configuration ensures that traffic to and from your storage account traverses over the Microsoft global network for the bulk of its path, maximizing network performance.
+
+You can change the routing configuration for your storage account so that both inbound and outbound traffic are routed to and from clients outside of the Azure environment through the POP closest to the storage account. This route minimizes the traversal of your traffic over the Microsoft global network, handing it off to the transit ISP at the earliest opportunity. Utilizing this routing configuration lowers networking costs.
+
+The following diagram shows how traffic flows between the client and the storage account for each routing preference:
+
+![Overview of routing options for Azure Storage](media/network-routing-preference/routing-options-diagram.png)
+
+For more information on routing preference in Azure, see [What is routing preference (preview)?](../../virtual-network/routing-preference-overview.md).
+
+## Routing configuration
+
+You can choose between the Microsoft global network and Internet routing as the default routing preference for the public endpoint of your storage account. The default routing preference applies to all traffic from clients outside Azure and affects the endpoints for Azure Data Lake Storage Gen2, Blob storage, Azure Files, and static websites. Configuring routing preference is not supported for Azure Queues or Azure Tables.
+
+You can also publish route-specific endpoints for your storage account. When you publish route-specific endpoints, Azure Storage creates new public endpoints for your storage account that route traffic over the desired path. This flexibility enables you to direct traffic to your storage account over a specific route without changing your default routing preference.
+
+For example, publishing an Internet route-specific endpoint for the 'StorageAccountA' will publish the following endpoints for your storage account:
+
+| Storage service        | Route-specific endpoint                                  |
+| :--------------------- | :------------------------------------------------------- |
+| Blob service           | `StorageAccountA-internetrouting.blob.core.windows.net`  |
+| Data Lake Storage Gen2 | `StorageAccountA-internetrouting.dfs.core.windows.net`   |
+| File service           | `StorageAccountA-internetrouting.file.core.windows.net`  |
+| Static Websites        | `StorageAccountA-internetrouting.web.core.windows.net`   |
+
+If you have a read-access geo-redundant storage (RA-GRS) or a read-access geo-zone-redundant storage (RA-GZRS) storage account, publishing route-specific endpoints also automatically creates the corresponding endpoints in the secondary region for read access.
+
+| Storage service        | Route-specific read-only secondary endpoint                        |
+| :--------------------- | :----------------------------------------------------------------- |
+| Blob service           | `StorageAccountA-internetrouting-secondary.blob.core.windows.net`  |
+| Data Lake Storage Gen2 | `StorageAccountA-internetrouting-secondary.dfs.core.windows.net`   |
+| File service           | `StorageAccountA-internetrouting-secondary.file.core.windows.net`  |
+| Static Websites        | `StorageAccountA-internetrouting-secondary.web.core.windows.net`   |
+
+The connection strings for the published route-specific endpoints can be copied via the [Azure portal](https://portal.azure.com). These connection strings can be used for Shared Key authorization with all existing Azure Storage SDKs and APIs.
+
+## About the preview
+
+Routing preference for Azure Storage is available in the following regions:
+
+- France South
+- North Central US
+- West Central US
+
+The following known issues affect the routing preference preview for Azure Storage:
+
+- Access requests for the route-specific endpoint for the Microsoft global network fail with HTTP error 404 or equivalent. Routing over the Microsoft global network works as expected when it is set as the default routing preference for the public endpoint.
+
+## Pricing and billing
+
+For pricing and billing details, see the **Pricing** section in [What is routing preference (preview)?](../../virtual-network/routing-preference-overview.md#pricing).
+
+## Next steps
+
+- [What is routing preference (preview)?](../../virtual-network/routing-preference-overview.md)
+- [Configure Azure Storage firewalls and virtual networks](storage-network-security.md)
+- [Security recommendations for Blob storage](../blobs/security-recommendations.md)

articles/storage/common/network-routing-preference.md

@@ -48,6 +48,8 @@
     items:
     - name: Customer-managed keys with Azure Key Vault
       href: ../common/encryption-customer-managed-keys.md?toc=%2fazure%2fstorage%2ffiles%2ftoc.json
+  - name: Configure network routing preference
+    href: ../common/network-routing-preference.md?toc=%2fazure%2fstorage%2ffiles%2ftoc.json      
   - name: Compliance offerings
     href: ../common/storage-compliance-offerings.md?toc=%2fazure%2fstorage%2ffiles%2ftoc.json
   - name: Development

articles/storage/files/TOC.yml

@@ -0,0 +1,132 @@
+---
+title: Configure routing preference for a VM - Azure CLI
+description: Learn how to create a VM with a public IP address with routing preference choice using the Azure command-line interface (CLI).
+services: virtual-network
+documentationcenter: na
+author: KumudD
+manager: mtillman
+ms.service: virtual-network
+ms.devlang: na
+ms.topic: conceptual
+ms.tgt_pltfrm: na
+ms.workload: infrastructure-services
+ms.date: 05/18/2020
+ms.author: mnayak
+
+---
+# Configure routing preference for a VM using Azure CLI
+
+This article shows you how to configure routing preference for a virtual machine. Internet bound traffic from the VM will be routed via the ISP network when you choose **Internet** as your routing preference option . The default routing is via the Microsoft global network.
+
+This article shows you how to create a virtual machine with a public IP that is set to route traffic via the public internet using Azure CLI.
+
+> [!IMPORTANT]
+> Routing preference is currently in public preview.
+> This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. 
+> For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
+
+## Register the feature for your subscription
+The Routing Preference feature is currently in preview. Register the feature for your subscription as follows:
+```azurecli
+az feature register --namespace Microsoft.Network --name AllowRoutingPreferenceFeature
+```
+## Create a resource group
+1. If using the Cloud Shell, skip to step 2. Open a command session and sign into Azure with `az login`.
+2. Create a resource group with the [az group create](/cli/azure/group#az-group-create) command. The following example creates a resource group in the East US Azure region:
+
+    ```azurecli
+    az group create --name myResourceGroup --location eastus
+    ```
+
+## Create a public IP address
+To access your virtual machines from the Internet, you need to create a public IP address. Create a public IP address with [az network public-ip create](/cli/azure/network/public-ip). The following example creates a public ip of routing preference type *Internet* in the *East US* region:
+
+```azurecli
+az network public-ip create \
+--name MyRoutingPrefIP \
+--resource-group MyResourceGroup \
+--location eastus \
+--ip-tags 'RoutingPreference=Internet' \
+--sku STANDARD \
+--allocation-method static \
+--version IPv4
+```
+
+## Create network resources
+
+Before you deploy a VM, you must create supporting network resources - network security group, virtual network, and virtual NIC.
+
+### Create a network security group
+
+Create a network security group for the rules that will govern inbound and outbound communication in your VNet with [az network nsg create](https://docs.microsoft.com/cli/azure/network/nsg?view=azure-cli-latest#az-network-nsg-create)
+
+```azurecli
+az network nsg create \
+--name myNSG  \
+--resource-group MyResourceGroup \
+--location eastus
+```
+
+### Create a virtual network
+
+Create a virtual network with [az network vnet create](https://docs.microsoft.com/cli/azure/network/vnet?view=azure-cli-latest#az-network-vnet-create). The following example creates a virtual network named *myVNET* with subnets *mySubNet*:
+
+```azurecli
+# Create a virtual network
+az network vnet create \
+--name myVNET \
+--resource-group MyResourceGroup \
+--location eastus
+
+# Create a subnet
+az network vnet subnet create \
+--name mySubNet \
+--resource-group MyResourceGroup \
+--vnet-name myVNET \
+--address-prefixes "10.0.0.0/24" \
+--network-security-group myNSG
+```
+
+### Create a NIC
+
+Create a virtual NIC for the VM with [az network nic create](https://docs.microsoft.com/cli/azure/network/nic?view=azure-cli-latest#az-network-nic-create). The following example creates a virtual NIC, which will be attached to the VM.
+
+```azurecli-interactive
+# Create a NIC
+az network nic create \
+--name mynic  \
+--resource-group MyResourceGroup \
+--network-security-group myNSG  \
+--vnet-name myVNET \
+--subnet mySubNet  \
+--private-ip-address-version IPv4 \
+--public-ip-address MyRoutingPrefIP
+```
+
+## Create a virtual machine
+
+Create a VM with [az vm create](https://docs.microsoft.com/cli/azure/vm?view=azure-cli-latest#az-vm-create). The following example creates a windows server 2019 VM and the required virtual network components if they do not already exist.
+
+```azurecli
+az vm create \
+--name myVM \
+--resource-group MyResourceGroup \
+--nics mynic \
+--size Standard_A2 \
+--image MicrosoftWindowsServer:WindowsServer:2019-Datacenter:latest \
+--admin-username myUserName
+```
+
+## Clean up resources
+
+When no longer needed, you can use [az group delete](/cli/azure/group#az-group-delete) to remove the resource group and all of the resources it contains:
+
+```azurecli
+az group delete --name myResourceGroup --yes
+```
+
+## Next steps
+
+- Learn more about [routing preference in public IP addresses](routing-preference-overview.md).
+- Learn more about [public IP addresses](virtual-network-ip-addresses-overview-arm.md#public-ip-addresses) in Azure.
+- Learn more about [public IP address settings](virtual-network-public-ip-address.md#create-a-public-ip-address).

articles/virtual-network/configure-routing-preference-virtual-machine-cli.md

@@ -0,0 +1,156 @@
+---
+title: Configure routing preference for a VM - Azure PowerShell
+description: Learn how to create a VM with a public IP address with routing preference choice using the Azure PowerShell.
+services: virtual-network
+documentationcenter: na
+author: KumudD
+manager: mtillman
+ms.service: virtual-network
+ms.devlang: na
+ms.topic: conceptual
+ms.tgt_pltfrm: na
+ms.workload: infrastructure-services
+ms.date: 05/18/2020
+ms.author: mnayak
+
+---
+# Configure routing preference for a VM using Azure PowerShell
+
+This article shows you how to configure routing preference for a virtual machine. Internet bound traffic from the VM will be routed via the ISP network when you choose **Internet** as your routing preference option . The default routing is via the Microsoft global network.
+
+This article shows you how to create a virtual machine with a public IP that is set to route traffic via the ISP network using Azure PowerShell.
+
+> [!IMPORTANT]
+> Routing preference is currently in public preview.
+> This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. 
+> For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
+
+## Register the feature for your subscription
+The Routing Preference feature is currently in preview. Register the feature for your subscription as follows:
+```azurepowershell
+Register-AzProviderFeature -FeatureName AllowRoutingPreferenceFeature ProviderNamespace Microsoft.Network
+```
+
+## Create a resource group
+1. If using the Cloud Shell, skip to step 2. Open a command session and sign into Azure with `Connect-AzAccount`.
+2. Create a resource group with the [New-AzResourceGroup](/powershell/module/az.resources/new-azresourcegroup) command. The following example creates a resource group in the East US Azure region:
+
+    ```azurepowershell
+    $rg = New-AzResourceGroup -Name MyResourceGroup -Location EastUS
+    ```
+
+## Create a public IP address
+
+To access your virtual machines from the Internet, you need a public IP addresses. Create public IP addresses with [New-AzPublicIpAddress](/powershell/module/az.network/new-azpublicipaddress). The following example creates a IPv4 public IP address named *MyPublicIP* routing preference type *Internet* in the *MyResourceGroup* resource group in *East US* region:
+
+```azurepowershell-interactive
+$iptagtype="RoutingPreference"
+$tagName = "Internet"
+$ipTag = New-AzPublicIpTag -IpTagType $iptagtype -Tag $tagName 
+# attach the tag
+$publicIp = New-AzPublicIpAddress  `
+-Name "MyPublicIP" `
+-ResourceGroupName $rg.ResourceGroupName `
+-Location $rg.Location `
+-IpTag $ipTag `
+-AllocationMethod Static `
+-Sku Standard `
+-IpAddressVersion IPv4
+```
+
+## Create network resources
+
+Before you deploy a VM, you must create supporting network resources - network security group, virtual network, and virtual NIC.
+
+### Create a network security group
+
+Create a network security group with [New-AzNetworkSecurityGroup](/powershell/module/az.network/new-aznetworksecuritygroup). The following example creates a NSG named *myNSG*
+
+```azurepowershell
+$nsg = New-AzNetworkSecurityGroup `
+-ResourceGroupName $rg.ResourceGroupName `
+-Location $rg.Location  `
+-Name "myNSG"
+```
+
+### Create a virtual network
+
+Create a virtual network with [New-AzVirtualNetwork](/powershell/module/az.network/new-azvirtualnetwork). The following example creates a virtual network named *myVNET* with *mySubNet*:
+
+### Create a subnet
+
+```azurepowershell
+$subnet = New-AzVirtualNetworkSubnetConfig `
+-Name "mySubnet" `
+-AddressPrefix "10.0.0.0/24"
+```
+
+```azurepowershell
+# Create a virtual network
+$vnet = New-AzVirtualNetwork `
+-ResourceGroupName $rg.ResourceGroupName `
+-Location $rg.Location  `
+-Name "myVNET" `
+-AddressPrefix "10.0.0.0/16" `
+-Subnet $subnet
+```
+
+### Create a NIC
+
+Create virtual NICs with [New-AzNetworkInterface](/powershell/module/az.network/new-aznetworkinterface. The following example creates a virtual NIC.
+
+```azurepowershell
+# Create an IP Config
+$ipconfig=New-AzNetworkInterfaceIpConfig `
+-Name myIpConfig `
+-Subnet $vnet.subnets[0] `
+-PrivateIpAddressVersion IPv4 `
+-PublicIpAddress  $publicIp
+
+# Create a NIC
+$nic = New-AzNetworkInterface `
+-Name "mynic" `
+-ResourceGroupName $rg.ResourceGroupName `
+-Location $rg.Location  `
+-NetworkSecurityGroupId $nsg.Id `
+-IpConfiguration $ipconfig 
+```
+
+## Create a virtual machine
+
+Set an administrator username and password for the VMs with [Get-Credential](https://msdn.microsoft.com/powershell/reference/5.1/microsoft.powershell.security/Get-Credential):
+
+```azurepowershell
+ $cred = get-credential -Message "Routing Preference SAMPLE:  Please enter the Administrator credential to log into the VM."
+```
+
+Now you can create the VM with [New-AzVM](/powershell/module/az.compute/new-azvm). The following example creates two VMs and the required virtual network components if they do not already exist.
+
+```azurepowershell
+ $vmsize = "Standard_A2"
+ $ImagePublisher = "MicrosoftWindowsServer"
+ $imageOffer = "WindowsServer"
+ $imageSKU = "2019-Datacenter"
+
+ $vmName= "myVM"
+ $vmconfig = New-AzVMConfig -VMName $vmName -VMSize $vmsize | Set-AzVMOperatingSystem -Windows -ComputerName $vmName -Credential $cred -ProvisionVMAgent -EnableAutoUpdate | Set-AzVMSourceImage -PublisherName $ImagePublisher -Offer $imageOffer -Skus $imageSKU -Version "latest" | Set-AzVMOSDisk -Name "$vmName.vhd" -CreateOption "FromImage" | Add-AzVMNetworkInterface -Id $nic.Id 
+ $VM1 = New-AzVM -ResourceGroupName $rg.ResourceGroupName  -Location $rg.Location  -VM $vmconfig
+```
+
+## Allow network traffic to the VM
+
+Before you can connect to the public IP address from the internet, ensure that you have the necessary ports open in any network security group that you might have associated to the network interface, the subnet the network interface is in, or both. You can view the effective security rules for a network interface and its subnet using the [Portal](diagnose-network-traffic-filter-problem.md#diagnose-using-azure-portal), [CLI](diagnose-network-traffic-filter-problem.md#diagnose-using-azure-cli), or [PowerShell](diagnose-network-traffic-filter-problem.md#diagnose-using-powershell).
+
+## Clean up resources
+
+When no longer needed, you can use the [Remove-AzResourceGroup](/powershell/module/az.resources/remove-azresourcegroup) command to remove the resource group, VM, and all related resources.
+
+ ```azurepowershell
+ Remove-AzResourceGroup -Name MyResourceGroup
+```
+
+## Next steps
+
+* Learn more about [routing preference in public IP addresses](routing-preference-overview.md).
+* Learn more about [public IP addresses](virtual-network-ip-addresses-overview-arm.md#public-ip-addresses) in Azure.
+* Learn more about [public IP address settings](virtual-network-public-ip-address.md#create-a-public-ip-address).