Merge branch 'MicrosoftDocs:main' into 20220914-some-fog

Author: MikeRayMSFT

articles/expressroute/about-fastpath.md

@@ -30,25 +30,6 @@ To configure FastPath, the virtual network gateway must be either:
 * Ultra Performance
 * ErGw3AZ
 
-## Scenarios
-
-### Virtual network (Vnet) Peering
-FastPath will send traffic directly to any VM deployed in a virtual network peered to the one connected to ExpressRoute, bypassing the ExpressRoute virtual network gateway. This feature is available for both IPv4 and IPv6 connectivity.
-
-**FastPath support for vnet peering is only available for ExpressRoute Direct connections.**
-
-> [!NOTE]
-> * FastPath Vnet peering connectivity is not supported for Azure Dedicated Host workloads.
-
-## User Defined Routes (UDRs)
-FastPath will honor UDRs configured on the GatewaySubnet and send traffic directly to an Azure Firewall or third party NVA.
-
-**FastPath support for UDRs is only available for ExpressRoute Direct connections**
-
-> [!NOTE]
-> * FastPath UDR connectivity is not supported for Azure Dedicated Host workloads.
-> * FastPath UDR connectivity is not supported for IPv6 workloads.
-
 ## Limitations
 
 While FastPath supports most configurations, it doesn't support the following features:
@@ -72,6 +53,23 @@ While FastPath supports most configurations, it doesn't support the following fe
 
 The following FastPath features are in Public preview:
 
+### Virtual network (Vnet) Peering
+FastPath will send traffic directly to any VM deployed in a virtual network peered to the one connected to ExpressRoute, bypassing the ExpressRoute virtual network gateway. This feature is available for both IPv4 and IPv6 connectivity.
+
+**FastPath support for vnet peering is only available for ExpressRoute Direct connections.**
+
+> [!NOTE]
+> * FastPath Vnet peering connectivity is not supported for Azure Dedicated Host workloads.
+
+## User Defined Routes (UDRs)
+FastPath will honor UDRs configured on the GatewaySubnet and send traffic directly to an Azure Firewall or third party NVA.
+
+**FastPath support for UDRs is only available for ExpressRoute Direct connections**
+
+> [!NOTE]
+> * FastPath UDR connectivity is not supported for Azure Dedicated Host workloads.
+> * FastPath UDR connectivity is not supported for IPv6 workloads.
+
 **Private Link Connectivity for 10Gbps ExpressRoute Direct Connectivity** - Private Link traffic sent over ExpressRoute FastPath will bypass the ExpressRoute virtual network gateway in the data path.
 This preview is available in the following Azure Regions.
 - Australia East

articles/expressroute/expressroute-howto-linkvnet-arm.md

@@ -198,18 +198,6 @@ $connection = Get-AzVirtualNetworkGatewayConnection -Name "MyConnection" -Resour
 $connection.ExpressRouteGatewayBypass = $True
 Set-AzVirtualNetworkGatewayConnection -VirtualNetworkGatewayConnection $connection
 ``` 
-### FastPath virtual network peering and user defined routes (UDRs).
-
-With FastPath and virtual network peering, you can enable ExpressRoute connectivity directly to VMs in a local or peered virtual network, bypassing the ExpressRoute virtual network gateway in the data path.
-
-With FastPath and UDR, you can configure a UDR on the GatewaySubnet to direct ExpressRoute traffic to an Azure Firewall or third party NVA. FastPath will honor the UDR and send traffic directly to the target Azure Firewall or NVA, bypassing the ExpressRoute virtual network gateway in the data path.
-
-**FastPath support for virtual network peering and UDRs is only available for ExpressRoute Direct connections**.
-
-> [!NOTE]
-> * Virtual network peering and UDR support is enabled by default for all new FastPath connections 
-> * To enable virtual network peering and UDR support for FastPath connections configured before 9/19/2022, disable and enable FastPath on the target connection.
-
 ### FastPath and Private Link for 100 Gbps ExpressRoute Direct
 
 With FastPath and Private Link, Private Link traffic sent over ExpressRoute bypasses the ExpressRoute virtual network gateway in the data path. This is Generally Available for connections associated to 100 Gb ExpressRoute Direct circuits. To enable this, follow the below guidance:
@@ -231,6 +219,23 @@ Register-AzProviderFeature -FeatureName ExpressRoutePrivateEndpointGatewayBypass
 
 ## Enroll in ExpressRoute FastPath features (preview)
 
+### FastPath virtual network peering and user defined routes (UDRs).
+
+With FastPath and virtual network peering, you can enable ExpressRoute connectivity directly to VMs in a local or peered virtual network, bypassing the ExpressRoute virtual network gateway in the data path.
+
+With FastPath and UDR, you can configure a UDR on the GatewaySubnet to direct ExpressRoute traffic to an Azure Firewall or third party NVA. FastPath will honor the UDR and send traffic directly to the target Azure Firewall or NVA, bypassing the ExpressRoute virtual network gateway in the data path.
+
+To enroll in the preview, send an email to **[email protected]**, providing the following information: 
+* Azure Subscription ID
+* Virtual Network (VNet) Resource ID
+* ExpressRoute Circuit Resource ID
+
+**FastPath support for virtual network peering and UDRs is only available for ExpressRoute Direct connections**.
+
+> [!NOTE]
+> * Virtual network peering and UDR support is enabled by default for all new FastPath connections 
+> * To enable virtual network peering and UDR support for FastPath connections configured before 9/19/2022, disable and enable FastPath on the target connection.
+
 ### FastPath and Private Link for 10 Gbps ExpressRoute Direct
 
 With FastPath and Private Link, Private Link traffic sent over ExpressRoute bypasses the ExpressRoute virtual network gateway in the data path. This preview supports connections associated to 10 Gbps ExpressRoute Direct circuits. This preview doesn't support ExpressRoute circuits managed by an ExpressRoute partner.

articles/lab-services/administrator-guide.md

@@ -229,10 +229,7 @@ When you're assigning roles, it helps to follow these tips:
 
 Your school may need to do content filtering to prevent students from accessing inappropriate websites.  For example, to comply with the [Children's Internet Protection Act (CIPA)](https://www.fcc.gov/consumers/guides/childrens-internet-protection-act).  Lab Services doesn't offer built-in support for content filtering.
 
-There are two approaches that schools typically consider for content filtering:
-
-- Configure a firewall to filter content at the network level.
-- Install third-party software directly on each computer that performs content filtering.
+Schools typically approach content filtering by installing third-party software that performs content filtering on each computer. Azure Lab Services does not support network-level filtering.
 
 By default, Azure Lab Services hosts each lab's virtual network within a Microsoft-managed Azure subscription.  You'll need to use [advanced networking](how-to-connect-vnet-injection.md) in the lab plan.  Make sure to check known limitations of VNet injection before proceeding.
 
@@ -295,4 +292,4 @@ For more information about setting up and managing labs, see:
 
 - [Configure a lab plan](lab-plan-setup-guide.md)  
 - [Configure a lab](setup-guide.md)
-- [Manage costs for labs](cost-management-guide.md)
+- [Manage costs for labs](cost-management-guide.md)

articles/notification-hubs/TOC.yml

@@ -95,6 +95,8 @@
   items:
   - name: Availability zones
     href: availability-zones.md
+  - name: Cross-region disaster recovery
+    href: cross-region-recovery.md
   - name: Data encryption at rest
     href: encrypt-at-rest.md
   - name: Transport Layer Security (TLS)

articles/notification-hubs/cross-region-recovery.md

@@ -0,0 +1,104 @@
+---
+title: Azure Notification Hubs cross-region disaster recovery
+description: Learn about cross-region disaster recovery options in Azure Notification Hubs. 
+author: sethmanheim
+ms.author: sethm
+ms.service: notification-hubs
+ms.topic: conceptual
+ms.date: 10/07/2022
+
+---
+
+# Cross-region disaster recovery (preview)
+
+> [!NOTE]
+> The ability to edit your cross region disaster recovery options is available in preview. If you are interested in using this feature, contact your customer success manager at Microsoft, or create an Azure support ticket which will be triaged by the support team.
+
+[Azure Notification Hubs](notification-hubs-push-notification-overview.md) provides an easy-to-use and scaled-out push engine that enables you to send notifications to any platform (iOS, Android, Windows, etc.) from any back-end (cloud or on-premises). This article describes the cross-region disaster recovery configuration options currently available.
+
+Cross-region disaster recovery provides *metadata* disaster recovery coverage. This is supported in paired and flexible region recovery
+options. Each Azure region is paired with another region within the same geography. All Notification Hubs tiers support [Azure paired regions](/azure/availability-zones/cross-region-replication-azure#azure-cross-region-replication-pairings-for-all-geographies)
+(where available) or a flexible recovery region option that enables you to choose from a list of supported regions.
+
+## Enable cross region disaster recovery
+
+Cross-region disaster recovery options can be modified at any time.
+
+### Use existing namespace
+
+Use the Azure portal to edit an existing namespace:
+
+1. Sign in to the [Azure portal](https://portal.azure.com).
+
+2. Select **All services** on the left menu.
+
+3. Select **Notification Hub Namespaces** in the **Internet of Things** section.
+
+4. On the **Notification Hub Namespaces** page, select the namespace for which you want to modify the disaster recovery settings.
+
+5. On the **Notification Hub Namespace** page for your namespace, you can see the current disaster recovery setting in the **Essentials** section.
+
+6. In the following example, paired recovery region is enabled. To modify your disaster recovery region selection, select the **(edit)** link next to the current selection.
+
+   :::image type="content" source="media/cross-region-recovery/cedr1.png" alt-text="Azure portal namespace":::
+
+7. On the **Edit Disaster** recovery pop-up screen, you can change your selections. Save your changes.
+
+   :::image type="content" source="media/cross-region-recovery/cedr2.png" alt-text="Azure portal edit recovery":::
+
+### Use new namespace
+
+To create a new namespace with disaster recovery, follow these steps:
+
+1. Sign in to the [Azure portal](https://portal.azure.com).
+
+2. Select **All services** on the left menu.
+
+3. Select **Notification Hubs** in the **Mobile** section. 
+
+4. Select the star icon next to the service name to add the service to the **FAVORITES** section on the left menu. After you add **Notification Hubs** to **FAVORITES**, select it on the left menu.
+
+   :::image type="content" source="media/cross-region-recovery/cedr3.png" alt-text="Azure portal favorites":::
+
+5. On the **Notification Hubs** page, select **Create** on the toolbar.
+
+   :::image type="content" source="media/cross-region-recovery/cedr4.png" alt-text="Create notification hub":::
+
+6. In the **Basics** tab on the **Notification Hub** page, perform the following steps:
+
+   1. In **Subscription**, select the name of the Azure subscription you want to use, and then select an existing resource group, or create a
+    new one.
+   1. Enter a unique name for the new namespace in **Namespace Details**.
+   1. A namespace contains one or more notification hubs, so type a name for the hub in **Notification Hub Details**. Or, select an existing
+    namespace from the drop-down.
+   1. Select a value from the **Location** drop-down list box. This value specifies the location in which you want to create the hub.
+   1. Choose your **Disaster recovery** option – None, Paired recovery region or Flexible recovery region. If you choose **Paired recovery region**, the failover region is displayed.
+
+      :::image type="content" source="media/cross-region-recovery/cedr5.png" alt-text="Notification hub properties":::
+
+   1. If you select **Flexible recovery region**, use the drop-down to choose from a list of recovery regions.
+
+      :::image type="content" source="media/cross-region-recovery/cedr6.png" alt-text="Select region":::
+
+   1. Select **Create**.
+
+### Add resiliency
+
+Paired and flexible region recovery only backs up metadata. You must implement a solution to repopulate the registration data into your new
+hub post-recovery:
+
+1. Create a secondary notification hub in a different datacenter. We recommend creating one from the beginning, to shield you from a disaster recovery event that might affect your management capabilities. You can also create one at the time of the disaster recovery event.
+
+2. Keep the secondary notification hub in sync with the primary notification hub using one of the following options:
+    - Use an app backend that simultaneously creates and updates installations in both notification hubs. Installations allow you to specify your own unique device identifier, making it more suitable for the replication scenario. For more information, [see this sample](https://github.com/Azure/azure-notificationhubs-dotnet/tree/main/Samples/RedundantHubSample).
+    - Use an app backend that gets a regular dump of registrations from the primary notification hub as a backup. It can then perform a bulk insert into the secondary notification hub.
+
+The secondary notification hub might end up with expired installations/registrations. When the push is made to an expired handle, Notification Hubs automatically cleans the associated installation/registration record based on the response received from the PNS server. To clean expired records from a secondary notification hub, add custom logic that processes feedback from each send. Then, expire installation/registration in the secondary notification hub.
+
+If you don't have a backend, when the app starts on target devices, they perform a new registration in the secondary notification hub. Eventually the secondary notification hub will have all the active devices registered.
+
+There will be a time period when devices with unopened apps won't receive notifications.
+
+## Next steps
+
+- [Azure Notification Hubs](notification-hubs-push-notification-overview.md)