more

Author: v-thepet

articles/devtest-labs/devtest-lab-reference-architecture.md

@@ -17,42 +17,35 @@ This article provides a reference architecture for deploying Azure DevTest Labs
 
 ## Architecture
 
-![Diagram that shows a reference architecture for an enterprise DevTest Labs deployment.](./media/devtest-lab-reference-architecture/reference-architecture.png)
-
-This DevTest Labs enterprise reference architecture has the following components:
-
-- DevTest Labs. DevTest Labs makes it easy and fast for enterprises to provide access to Azure resources. For more information, see [About DevTest Labs](devtest-lab-overview.md).
+The following diagram shows a typical DevTest Labs enterprise deployment. This architecture connects many labs in several Azure subscriptions to the company's on-premises network.
 
-- VMs and other software-as-a-service (SaaS), infrastructure-as-a-service (IaaS), and PaaS resources.
-
-  DevTest Labs instances contain VMs and other Azure resources like PaaS environments and VM artifacts. Artifacts are actions to take or tools and software to add to lab VMs.
+![Diagram that shows a reference architecture for an enterprise DevTest Labs deployment.](./media/devtest-lab-reference-architecture/reference-architecture.png)
 
-- [Azure Active Directory (Azure AD)](/azure/active-directory/fundamentals/active-directory-whatis) for identity management.
+### DevTest Labs components
 
-  Lab VMs usually have a local administrative account. If there's an Azure AD, on-premises, or [Azure AD Domain Services](../active-directory-domain-services/overview.md) domain available, you can join lab VMs to the domain. Users can then use their domain-based identities to connect to the VMs.
+DevTest Labs makes it easy and fast for enterprises to provide access to Azure resources. Each lab contains software-as-a-service (SaaS), infrastructure-as-a-service (IaaS), and PaaS resources. Lab users can create and configure VMs, PaaS environments, and VM [artifacts](). In the preceding diagram, **Team Lab 1** in **Azure Subscription 1** shows an example of Azure components that labs can access and use. For more information, see [About DevTest Labs](devtest-lab-overview.md).
 
-- [ExpressRoute](../expressroute/expressroute-introduction.md) for on-premises connectivity. You can also use a [site-to-site VPN](../vpn-gateway/vpn-gateway-about-vpn-gateway-settings.md). You need on-premises connectivity only if your labs need access to on-premises corporate resources.
+### Connectivity components
 
-  Common scenarios are:
+You need on-premises connectivity if your labs need access to on-premises corporate resources. Common scenarios are:
 
-  - Some on-premises data can't move to the cloud.
-  - You want to join lab VMs to an on-premises domain.
-  - You want to force all cloud network traffic through an on-premises firewall for security or compliance reasons.
+- Some on-premises data can't move to the cloud.
+- You want to join lab VMs to an on-premises domain.
+- You want to force all cloud network traffic through an on-premises firewall for security or compliance reasons.
 
-- A [remote desktop gateway](/windows-server/remote/remote-desktop-services/desktop-hosting-logical-architecture) to enable outgoing remote desktop protocol (RDP) connections to DevTest Labs.
+This architecture uses [ExpressRoute](../expressroute/expressroute-introduction.md) for connectivity to the on-premises network. You can also use a [site-to-site VPN](../vpn-gateway/vpn-gateway-about-vpn-gateway-settings.md).
+On-premises, a [remote desktop gateway](/windows-server/remote/remote-desktop-services/desktop-hosting-logical-architecture) enables outgoing remote desktop protocol (RDP) connections to DevTest Labs. Enterprise corporate firewalls usually block outgoing connections at the corporate firewall. To enable connectivity, you can:
 
-  Enterprise corporate firewalls usually block outgoing connections at the corporate firewall. To enable connectivity, you can:
-  
-  - Use a remote desktop gateway, and allow the static IP address of the gateway load balancer.
-  - Use [forced tunneling](../vpn-gateway/vpn-gateway-forced-tunneling-rm.md) to redirect all RDP traffic back over the ExpressRoute or site-to-site VPN connection. Forced tunneling is common functionality for enterprise-scale DevTest Labs deployments.
+- Use a remote desktop gateway, and allow the static IP address of the gateway load balancer.
+- Use [forced tunneling](../vpn-gateway/vpn-gateway-forced-tunneling-rm.md) to redirect all RDP traffic back over the ExpressRoute or site-to-site VPN connection. Forced tunneling is common functionality for enterprise-scale DevTest Labs deployments.
 
-- [Azure networking topology](../networking/fundamentals/networking-overview.md) to control how lab resources access and communicate with on-premises networks and the internet.
+### Networking components
 
-  This architecture shows a common way that enterprises network DevTest Labs. The labs connect via [peered virtual networks](../virtual-network/virtual-network-peering-overview.md) in a [hub-spoke configuration](/azure/architecture/reference-architectures/hybrid-networking/hub-spoke), through the ExpressRoute or site-to-site VPN connection, to the on-premises network.
+In this architecture, [Azure Active Directory (Azure AD)](/azure/active-directory/fundamentals/active-directory-whatis) provides identity and access management. Lab VMs usually have a local administrative account. If there's an Azure AD, on-premises, or [Azure AD Domain Services](../active-directory-domain-services/overview.md) domain available, you can join lab VMs to the domain. Users can then use their domain-based identities to connect to the VMs.
 
-  Because DevTest Labs uses Azure Virtual Network directly, there are no restrictions on how you set up the networking infrastructure.
+[Azure networking topology](../networking/fundamentals/networking-overview.md) controls how lab resources access and communicate with on-premises networks and the internet. This architecture shows a common way that enterprises network DevTest Labs. The labs connect with [peered virtual networks](../virtual-network/virtual-network-peering-overview.md) in a [hub-spoke configuration](/azure/architecture/reference-architectures/hybrid-networking/hub-spoke), through the ExpressRoute or site-to-site VPN connection, to the on-premises network.
 
-- A [network security group](../virtual-network/network-security-groups-overview.md) to restrict cloud traffic based on source and destination IP addresses. For example, you can allow only traffic that originates from the corporate network into the lab's networks.
+Because DevTest Labs uses Azure Virtual Network directly, there are no restrictions on how you set up the networking infrastructure. You can set up a [network security group](../virtual-network/network-security-groups-overview.md) to restrict cloud traffic based on source and destination IP addresses. For example, you can allow only traffic that originates from the corporate network into the lab's networks.
 
 ## Scalability considerations
 

articles/devtest-labs/start-machines-use-automation-runbooks.md

@@ -128,7 +128,7 @@ While ($current -le 10) {
 }
 ```
 
-## Run the PowerShell script
+## Run the script
 
 - To run this script daily, [create a schedule](../automation/shared-resources/schedules.md#create-a-schedule) in the Automation Account, and [link the schedule to the runbook](../automation/shared-resources/schedules.md#link-a-schedule-to-a-runbook).