Merge pull request #273202 from akarshprabhu/main

PMEds28 · web-flow · commit 1d6415adab8a · 2024-04-29T10:40:59.000+01:00
Removing private end point documentation
diff --git a/articles/sap/monitor/provider-ha-pacemaker-cluster.md b/articles/sap/monitor/provider-ha-pacemaker-cluster.md
@@ -45,11 +45,11 @@ For SUSE-based Pacemaker clusters, Please follow below steps to install in each
     sudo systemctl enable prometheus-ha_cluster_exporter
     ```
 
-1. Data is then collected in the system by ha_cluster_exporter. You can export the data via URL `http://<ip address of the server>:9644/metrics`. 
+1. Data is then collected in the system by ha_cluster_exporter. You can export the data via URL `http://<ip address of the server>:9664/metrics`. 
 To check if the metrics are fetched via URL on the server where the ha_cluster_exporter is installed, Run below command on the server.
 
     ```bash
-     curl http://localhost:9644/metrics
+     curl http://localhost:9664/metrics
     ```
 
 For RHEL-based clusters, install **performance co-pilot (PCP)** and the **pcp-pmda-hacluster** subpackage in each node. For more information, see the [PCP HACLUSTER agent installation guide](https://access.redhat.com/articles/6139852). Supported RHEL versions include 8.2, 8.4, and later versions.
diff --git a/articles/sap/monitor/set-up-network.md b/articles/sap/monitor/set-up-network.md
@@ -45,7 +45,6 @@ There are multiple methods to address restricted or blocked outbound internet ac
 
 - [Use the Route All feature in Azure Functions](#use-route-all)
 - [Use service tags with an NSG in your virtual network](#use-service-tags)
-- [Use a private endpoint for your subnet](#use-a-private-endpoint)
 
 ### Use Route All
 
@@ -101,126 +100,6 @@ The Azure Monitor for SAP solution's subnet IP address refers to the IP of the s
 
 For the rules that you create, **allow_vnet** must have a lower priority than **deny_internet**. All other rules also need to have a lower priority than **allow_vnet**. The remaining order of these other rules is interchangeable.
 
-### Use a private endpoint
-
-You can enable a private endpoint by creating a new subnet in the same virtual network as the system that you want to monitor. No other resources can use this subnet. It's not possible to use the same subnet as Azure Functions for your private endpoint.
-
-To create a private endpoint for Azure Monitor for SAP solutions:
-
-1. Create an Azure Private DNS zone to contain the private endpoint records. Follow the steps in [Create a private DNS zone](../../dns/private-dns-getstarted-portal.md) to create a private DNS zone. Make sure to link the private DNS zone to the virtual networks that contain your SAP system and Azure Monitor for SAP solutions resources.
-
-      > [!div class="mx-imgBorder"]
-      > ![Screenshot that shows adding a virtual network link to a private DNS zone.]([../../media/set-up-network/dns-add-private-link.png)
-
-1. Create a subnet in the virtual network that will be used for the private endpoint. Note the subnet ID and private IP address for these subnets.
-1. To find the resources in the Azure portal, go to your Azure Monitor for SAP solutions resource.
-1. On the **Overview** page for the Azure Monitor for SAP solutions resource, select the **Managed resource group**.
-
-#### Create a key vault endpoint
-
-Follow the steps in [Create a private endpoint for Azure Key Vault](../../key-vault/general/private-link-service.md) to configure the endpoint and test the connectivity to a key vault.
-
-#### Create a storage endpoint
-
-It's necessary to create a separate private endpoint for each Azure Storage account resource, including the queue, table, storage blob, and file. If you create a private endpoint for the storage queue, it's not possible to access the resource from systems outside the virtual networking, including the Azure portal. Other resources in the same storage account are accessible.
-
-Repeat the following process for each type of storage subresource (table, queue, blob, and file):
-
-1. On the storage account's menu, under **Settings**, select **Networking**.
-1. Select the **Private endpoint connections** tab.
-1. Select **Create** to open the endpoint creation page.
-1. On the **Basics** tab, enter or select all required information.
-1. On the **Resource** tab, enter or select all required information. For the **Target sub-resource**, select one of the subresource types (table, queue, blob, or file).
-1. On the **Virtual Network** tab, select the virtual network and the subnet that you created specifically for the endpoint. It's not possible to use the same subnet as the Azure Functions app.
-
-      > [!div class="mx-imgBorder"]
-      > ![Screenshot that shows creating a private endpoint on the Virtual Network tab.]([../../media/set-up-network/private-endpoint-vnet-step.png)
-
-1. On the **DNS** tab, for **Integrate with private DNS zone**, select **Yes**.
-1. On the **Tags** tab, add tags if necessary.
-1. Select **Review + create** to create the private endpoint.
-1. After the deployment is complete, go back to your storage account. On the **Networking** page, select the **Firewalls and virtual networks** tab.
-    1. For **Public network access**, select **Enable from all networks**.
-    1. Select **Apply** to save the changes.
-1. Make sure to create private endpoints for all storage subresources (table, queue, blob, and file).
-
-#### Create a Log Analytics endpoint
-
-It's not possible to create a private endpoint directly for a Log Analytics workspace. To enable a private endpoint for this resource, connect the resource to an [Azure Monitor Private Link Scope (AMPLS)](../../azure-monitor/logs/private-link-security.md). Then, you can create a private endpoint for the AMPLS resource.
-
-If possible, create the private endpoint before you allow any system to access the Log Analytics workspace through a public endpoint. Otherwise, you must restart the function app before you can access the Log Analytics workspace through the private endpoint.
-
-Select a scope for the private endpoint:
-
-1. Go to the Log Analytics workspace in the Azure portal.
-1. In the resource menu, under **Settings**, select **Network isolation**.
-1. Select **Add** to create a new AMPLS setting.
-1. Select the appropriate scope for the endpoint. Then select **Apply**.
-
-Create the private endpoint:
-
-1. Go to the AMPLS resource in the Azure portal.
-1. On the resource menu, under **Configure**, select **Private Endpoint connections**.
-1. Select **Private Endpoint** to create a new endpoint.
-1. On the **Basics** tab, enter or select all required information.
-1. On the **Resource** tab, enter or select all required information.
-1. On the **Virtual Network** tab, select the virtual network and the subnet that you created specifically for the endpoint. It's not possible to use the same subnet as the function app.
-1. On the **DNS** tab, for **Integrate with private DNS zone**, select **Yes**. If necessary, add tags.
-1. Select **Review + create** to create the private endpoint.
-
-Configure the scope:
-
-1. Go to the Log Analytics workspace in the Azure portal.
-1. On the resource's menu, under **Settings**, select **Network Isolation**.
-1. Under **Virtual networks access configuration**:
-    1. Set **Accept data ingestion from public networks not connected through a Private Link Scope** to **No**. This setting disables data ingestion from any system outside the virtual network.
-    1. Set **Accept queries from public networks not connected through a Private Link Scope** to **Yes**. This setting allows workbooks to display data.
-1. Select **Save**.
-
-If you enable a private endpoint after any system accessed the Log Analytics workspace through a public endpoint, restart the function app before you move forward. Otherwise, you can't access the Log Analytics workspace through the private endpoint.
-
-1. Go to the Azure Monitor for SAP solutions resource in the Azure portal.
-1. On the **Overview** page, select the name of the **Managed resource group**.
-1. On the managed resource group's page, select the function app.
-1. On the function app's **Overview** page, select **Restart**.
-
-Find and note important IP address ranges:
-
-1. Find the Azure Monitor for SAP solutions resource's IP address range.
-    1. Go to the Azure Monitor for SAP solutions resource in the Azure portal.
-    1. On the resource's **Overview** page, select the **vNet/subnet** to go to the virtual network.
-    1. Note the IPv4 address range, which belongs to the source system.
-1. Find the IP address range for the key vault and storage account.
-    1. Go to the resource group that contains the Azure Monitor for SAP solutions resource in the Azure portal.
-    1. On the **Overview** page, note the **Private endpoint** in the resource group.
-    1. On the resource group's menu, under **Settings**, select **DNS configuration**.
-    1. On the **DNS configuration** page, note the **IP addresses** for the private endpoint.
-1. Find the subnet for the Log Analytics private endpoint.
-    1. Go to the private endpoint created for the AMPLS resource.
-    1. On the private endpoint's menu, under **Settings**, select **DNS configuration**.
-    1. On the **DNS configuration** page, note the associated IP addresses.
-    1. Go to the Azure Monitor for SAP solutions resource in the Azure portal.
-    1. On the **Overview** page, select the **vNet/subnet** to go to that resource.
-    1. On the virtual network page, select the subnet that you used to create the Azure Monitor for SAP solutions resource.
-
-Add outbound security rules:
-
-1. Go to the NSG resource in the Azure portal.
-1. On the NSG menu, under **Settings**, select **Outbound security rules**.
-1. Add the following required security rules.
-
-    | Priority | Description |
-    | -------- | ------------- |
-    | 550 | Allow the source IP for making calls to a source system to be monitored. |
-    | 600 | Allow the source IP for making calls to an Azure Resource Manager service tag. |
-    | 650 | Allow the source IP to access the key vault resource by using a private endpoint IP. |
-    | 700 | Allow the source IP to access storage account resources by using a private endpoint IP. (Include IPs for each of the storage account subresources: table, queue, file, and blob.)  |
-    | 800 | Allow the source IP to access a Log Analytics workspace resource by using a private endpoint IP.  |
-
-### DNS configuration for private endpoints
-
-After you create the private endpoints, you need to configure DNS to resolve the private endpoint IP addresses. You can use either Azure Private DNS or custom DNS servers. For more information, see [Configure DNS for private endpoints](../../private-link/private-endpoint-dns.md).
-
 ## Next steps
 
 - [Quickstart: Set up Azure Monitor for SAP solutions through the Azure portal](quickstart-portal.md)
