Merge pull request #274888 from wtnlee/3pupdates

fixed updates

Author: American-Dipper

articles/virtual-wan/TOC.yml

@@ -42,16 +42,20 @@
       href: work-remotely-support.md
   - name: Virtual WAN FAQ
     href: virtual-wan-faq.md
-  - name: NVA in a Virtual WAN hub
-    href: about-nva-hub.md
-  - name: Locations and Partners
+  - name: Virtual Hub third-party integrations
     items:
-    - name: Hub locations and partners
-      href: virtual-wan-locations-partners.md
-    - name: Automation guidelines for partners
-      href: virtual-wan-configure-automation-providers.md
-    - name: Software-as-a-service (SaaS)
+    - name: Overview of third-party integrations  
+      href: third-party-integrations.md
+    - name: Integrated NVAs in the Virtual Hub
+      href: about-nva-hub.md
+    - name: Software-as-a-service(SaaS)
       href: how-to-palo-alto-cloud-ngfw.md
+    - name: Branch IPSEC connectivity automation 
+      items:
+        - name: About branch IPSEC connectivity automation
+          href: virtual-wan-locations-partners.md
+        - name: Automation guidelines for partners
+          href: virtual-wan-configure-automation-providers.md
   - name: Architecture
     items: 
     - name: Migrate to Virtual WAN

articles/virtual-wan/about-nva-hub.md

@@ -31,7 +31,7 @@ Deploying NVAs into a Virtual WAN hub provides the following benefits:
 > [!IMPORTANT]
 > To ensure you get the best support for this integrated solution, make sure you have similar levels of support entitlement with both Microsoft and your Network Virtual Appliance provider.
 
-## Partners
+## <a name="partners"></a> Partners
 
 The following tables describe the Network Virtual Appliances that are eligible to be deployed in the Virtual WAN hub and the relevant use cases (connectivity and/or firewall). The Virtual WAN NVA Vendor Identifier column corresponds to the NVA Vendor that is displayed in Azure portal when you deploy a new NVA or view existing NVAs deployed in the Virtual hub.
 
@@ -55,7 +55,7 @@ Customers can deploy an Azure Firewall along side their connectivity-based NVAs.
 
 ### Security provided by NVA firewalls
 
-Customers can also deploy NVAs into a Virtual WAN hub that perform both SD-WAN connectivity and Next-Generation Firewall capabilities. Customers can connect on-premises devices to the NVA in the hub and also use the same appliance to inspect all North-South, East-West, and Internet-bound traffic. Routing to enable these scenarios can be configured via [Routing Intent and Routing Policies](./how-to-routing-policies.md).
+Customers can also deploy NVAs into a Virtual WAN hub that performs both SD-WAN connectivity and Next-Generation Firewall capabilities. Customers can connect on-premises devices to the NVA in the hub and also use the same appliance to inspect all North-South, East-West, and Internet-bound traffic. Routing to enable these scenarios can be configured via [Routing Intent and Routing Policies](./how-to-routing-policies.md).
 
 Partners that support these traffic flows are listed as **dual-role SD-WAN connectivity and security (Next-Generation Firewall) Network Virtual Appliances** in the [Partners section](#partners).
 

articles/virtual-wan/media/third-party-solutions/integrated-network-virtual-appliances.png

@@ -0,0 +1,60 @@
+---
+title: 'About Third Party Integrations - Virtual WAN hub'
+titleSuffix: Azure Virtual WAN
+description: Learn about third-party integrations available in a Virtual WAN hub.
+author: wtnlee
+ms.service: virtual-wan
+ms.topic: conceptual
+ms.date: 04/26/2024
+ms.author: wellee
+# Customer intent: As someone with a networking background, I want to learn about third-party integrations in a Virtual WAN hub.
+---
+# Third-party integrations with Virtual WAN Hub
+
+Virtual WAN hubs offer integrations with third-party networking software solutions, providing connectivity through SD-WAN or VPN and next-generation firewall (NGFW) functionalities. There are three primary deployment models within Virtual WAN for these solutions: **Integrated Network Virtual Appliances (Integrated NVAs)**,  **software-as-a-service (SaaS) networking and security solutions** and **Azure Firewall Manager security providers**.
+
+This article focuses on third-party integrations with the Virtual Hub. To facilitate connecting from on-premises to Azure Virtual WAN, certain devices that connect to Azure Virtual WAN have automated features to program both Site-to-site VPN Gateways in Virtual WAN and on-premises devices. This set-up  is usually managed through the device's management UI. For detailed guidance on IPsec connectivity automation, see [IPsec automation documentation.](virtual-wan-locations-partners.md)
+
+## Integrated Network Virtual Appliances
+
+Integrated Network Virtual Appliances (NVAs) are Microsoft-managed infrastructure-as-a-service solutions that Microsoft and select NVA providers jointly develop and offer. Integrated Network Virtual Appliances are typically deployed through Azure Marketplace Managed Applications or directly from  NVA orchestration software. The backing infrastructure of Network Virtual Appliances is deployed into the Virtual WAN Hub as a Microsoft-owned and managed virtual machine scale-set with Azure Load Balancers directly into the Virtual WAN hub. A subset of Azure infrastructure configurations are available for you to manage, scale, and troubleshoot your NVA deployments in the Virtual WAN hub.
+
+:::image type="content" source="./media/third-party-solutions/integrated-network-virtual-appliances.png" alt-text="Integrated NVA architecture diagram." lightbox="./media/third-party-solutions/integrated-network-virtual-appliances.png":::
+
+As a user of Integrated NVAs, you have the option to choose a scale unit for the NVA infrastructure scale unit up-front that dictates the aggregate throughput of the NVA (see provider documentation for expected throughput at each scale unit). You maintain full control over the software version and settings within the Integrated NVA operating system, as well as full control of software lifecycle management. Depending on the NVA provider, you may use the command-line or NVA-provider orchestration and management software to implement changes to the software version and configuration.
+
+Integrated NVAs typically fall into three categories based on their capabilities:
+
+* **Connectivity**: These NVAs acts as a  gateway in the Virtual WAN hub, enabling connections from on-premises data centers or sites using SD-WAN or IPSEC.
+* **Next-generation Firewall**: These NVAs function as a security device within the Virtual WAN hub, allowing you to inspect traffic between on-premises, Azure Virtual Networks and the Internet.
+* **Dual-role connectivity and Firewall**: These NVAs provide both connectivity and next-generation firewall capabilities on the same device.  
+
+For more information on  Integrated NVAs in the Virtual WAN hub, see [NVA in the hub documentation](about-nva-hub.md).
+
+The following solutions are currently available as Integrated NVA partners:
+
+|Capability Type(s)| Available Partners|
+|--|--|
+|Connectivity|Barracuda, VMware (formerly known as Velocloud), Cisco Viptela, Aruba, Versa |
+|Next-Generation Firewall (NGFW)|Check Point, Fortinet, Cisco FTDV|
+| Dual-role connectivity and NGFW | Fortinet |
+
+For more information and resources on each Integrated NVA solution, see [NVA in the hub partners](about-nva-hub.md#partners).
+
+## Software-as-a-service (SaaS) solutions
+
+Softeware-as-a-service (SaaS) solutions in Virtual WAN are managed by SaaS providers and are deployed directly into your Virtual WAN hub. Software-as-a-service solutions are deployed and transacted through Azure Marketplace. SaaS solutions abstract the underlying infrastructure required to run networking and security software in Virtual WAN,  providing customers with a cloud-native operational interface for programming and customizing SaaS configurations.
+
+The SaaS provider handles the complete lifecycle management of the SaaS software, management, and configuration of Azure infrastructure, as well as scalability of the SaaS solution. For specifics on  configurations and architecture of Virtual WAN SaaS solutions, consult your SaaS provider's documentation.
+
+:::image type="content" source="./media/third-party-solutions/software-as-a-service.png" alt-text="SaaS architecture diagram." lightbox="./media/third-party-solutions/software-as-a-service.png":::
+
+Currently, Palo Alto Networks Cloud NGFW is the only SaaS solution available in Virtual WAN today, focusing on next-generation firewall inspection use cases. For more information on the SaaS offering provided by Palo Alto Networks, see [Palo Alto Networks Cloud NGFW documentation](how-to-palo-alto-cloud-ngfw.md)
+
+## Azure Firewall Manager security partners providers
+
+Azure Firewall Manager's security partner integrations simplify the process of connecting Virtual WAN to a third-party security-as-a-service (SECaaS) offering, ensuring protected Internet access for users. Unlike SaaS solutions, SECaaS infrastructure isn't deployed directly into the Virtual WAN hub but is still hosted by the SECaaS provider. Deploying a SECaaS solution through Azure Firewall Manager automatically establishes a Site-to-site VPN tunnel between the third-party security infrastructure and the Virtual WAN hub's Site-to-site VPN Gateway.
+
+:::image type="content" source="./media/third-party-solutions/security-as-a-service.png" alt-text="SECaaS architecture diagram." lightbox="./media/third-party-solutions/security-as-a-service.png":::
+
+Management and configuration of the SECaaS solution are accessible through tools provided by the SECaaS provider. Currently, Virtual WAN's SECaaS solutions include the following partners: Check Point, iBoss and zScalar. For more information about Azure Firewall Manager's security partner providers, refer to both [Azure Firewall Manager documentation](../firewall-manager/trusted-security-partners.md) and your preferred provider's documentation.

articles/virtual-wan/media/third-party-solutions/security-as-a-service.png

@@ -18,7 +18,7 @@ Yes, Azure Virtual WAN is Generally Available (GA). However, Virtual WAN consist
 
 ### Which locations and regions are available?
 
-For information, see [Available locations and regions](virtual-wan-locations-partners.md#locations).
+To view the available regions for Virtual WAN, see [Products available by region](https://azure.microsoft.com/explore/global-infrastructure/products-by-region/?products=virtual-wan). Specify **Virtual WAN** as the product name.
 
 ### Does the user need to have hub and spoke with SD-WAN/VPN devices to use Azure Virtual WAN?
 
@@ -405,7 +405,7 @@ Yes, BGP communities generated by on-premises will be preserved in Virtual WAN.
 
 Yes, BGP communities generated by BGP Peers will be preserved in Virtual WAN. Communities are preserved across the same hub, and across interhub connections. This also applies to Virtual WAN scenarios using Routing Intent Policies.
 
-### What ASN numbers are supported for remotely attached On-Premises networks running BGP?
+### What ASN numbers are supported for remotely attached on-premises networks running BGP?
 
 You can use your own public ASNs or private ASNs for your on-premises networks. You can't use the ranges reserved by Azure or IANA:
 

articles/virtual-wan/media/third-party-solutions/software-as-a-service.png

@@ -8,11 +8,11 @@ ms.topic: conceptual
 ms.date: 03/05/2024
 ms.author: cherylmc
 ms.custom: references_regions
-# Customer intent: As someone with a networking background, I want to find a Virtual WAN partner
+# Customer intent: As someone with a networking background, I want to learn more aobut Branch IPsec connectivity automation
 ---
-# Virtual WAN partners, regions, and virtual hub locations
+# Virtual WAN Branch IPsec connectivity automation 
 
-This article provides information on Virtual WAN supported regions and partners for connectivity into a Virtual WAN hub.
+This article provides information on Virtual WAN partners for connectivity into a Virtual WAN hub.
 
 There are two types of offerings that make connecting to Azure easier:
 
@@ -23,9 +23,9 @@ There are two types of offerings that make connecting to Azure easier:
 
 Some partners offer Network Virtual Appliances (NVAs) that can be deployed directly into the Azure Virtual WAN hub through a solution that is jointly managed by Microsoft Azure and third-party Network Virtual Appliance solution providers.
 
-When a Network Virtual Appliance is deployed into a Virtual WAN hub, it can serve as a third-party gateway with various functionalities. It could serve as an SD-WAN gateway, Firewall or a combination of both. For more information about the benefits of deploying an NVA into a Virtual WAN hub, see [About NVAs in a Virtual WAN hub](about-nva-hub.md).
+When a Network Virtual Appliance is deployed into a Virtual WAN hub, it can serve as a third-party gateway with various functionalities. It could serve as an SD-WAN gateway, Firewall or a combination of both. For more information about  deploying an NVA into a Virtual WAN hub and available partners, see [About NVAs in a Virtual WAN hub](about-nva-hub.md).
+
 
-[!INCLUDE [NVA partners](../../includes/virtual-wan-nva-hub-partners.md)]
 
 ## <a name="automation"></a>Branch IPsec connectivity automation from partners
 
@@ -46,10 +46,6 @@ Some connectivity partners may extend the automation to include creating the Azu
 
 The following partners are slated on our roadmap based on a terms sheet signed between the companies indicating the scope of work to automate IPsec connectivity between the partner device and Azure Virtual WAN VPN gateways: 128 Technologies, Arista, F5 Networks, Oracle SD-WAN (Talari), and SharpLink.
 
-## <a name="locations"></a>Available regions
-
-To view the available regions for Virtual WAN, see [Products available by region](https://azure.microsoft.com/explore/global-infrastructure/products-by-region/?products=virtual-wan). Specify **Virtual WAN** as the product name.
-
 ## Next steps
 
 * For more information about Virtual WAN, see the [Virtual WAN FAQ](virtual-wan-faq.md).