Incorporate feedback.

Author: TimShererWithAquent

articles/app-service/environment/app-service-web-configure-an-app-service-environment.md

@@ -125,7 +125,7 @@ Within the ASE blade, there is a **Settings** section that contains several impo
 
 ![Settings blade and Properties][4]
 
-**Settings** > **IP Addresses**: When you create an IP Transport Layer Security (TLS), previously known as Secure Sockets Layer (SSL), app in your ASE, you need an IP TLS address. In order to obtain one, your ASE needs IP TLS addresses that it owns that can be allocated. When an ASE is created, it has one IP TLS address for this purpose, but you can add more. There is a charge for additional IP TLS addresses, as shown in [App Service pricing][AppServicePricing] (in the section on TLS connections). The additional price is the IP TLS price.
+**Settings** > **IP Addresses**: When you create an IP Secure Sockets Layer (SSL) app in your ASE, you need an IP SSL address. In order to obtain one, your ASE needs IP SSL addresses that it owns that can be allocated. When an ASE is created, it has one IP SSL address for this purpose, but you can add more. There is a charge for additional IP SSL addresses, as shown in [App Service pricing][AppServicePricing] (in the section on SSL connections). The additional price is the IP SSL price.
 
 **Settings** > **Front End Pool** / **Worker Pools**: Each of these resource pool blades offers the ability to see information only on that resource pool, in addition to providing controls to fully scale that resource pool.  
 
@@ -136,7 +136,7 @@ The base blade for each resource pool provides a chart with metrics for that res
 ### Portal scale capabilities
 There are three scale operations:
 
-* Changing the number of IP addresses in the ASE that are available for IP TLS usage.
+* Changing the number of IP addresses in the ASE that are available for IP SSL usage.
 * Changing the size of the compute resource that is used in a resource pool.
 * Changing the number of compute resources that are used in a resource pool, either manually or through autoscaling.
 

articles/app-service/environment/app-service-web-how-to-create-an-app-service-environment.md

@@ -41,7 +41,7 @@ To create an App Service Environment v1, you can search the Azure Marketplace fo
 3. Select or specify a new resource group. The resource group used for your ASE must be the same that is used for your VNet. If you select a pre-existing VNet, the resource group selection for your ASE will be updated to reflect that of your VNet.
 
     ![][2]
-4. Make your Virtual Network and Location selections. You can choose to create a new VNet or select a pre-existing VNet. If you select a new VNet then you can specify a name and location. The new VNet will have the address range 192.168.250.0/23 and a subnet named **default** that is defined as 192.168.250.0/24. You can also simply select a pre-existing Classic or Resource Manager VNet. The VIP Type selection determines if your ASE can be directly accessed from the internet (External) or if it uses an Internal Load Balancer (ILB). To learn more about them read [Using an Internal Load Balancer with an App Service Environment][ILBASE]. If you select a VIP type of External then you can select how many external IP addresses the system is created with for IP TLS purposes. If you select Internal then you need to specify the subdomain that your ASE will use. ASEs can be deployed into virtual networks that use *either* public address ranges, *or* RFC1918 address spaces (i.e. private addresses). In order to use a virtual network with a public address range, you will need to create the VNet ahead of time. When you select a pre-existing VNet you will need to create a new subnet during ASE creation. **You cannot use a pre-created subnet in the portal. You can create an ASE with a pre-existing subnet if you create your ASE using a resource manager template.** To create an ASE from a template use the information here, [Creating an App Service Environment from template][ILBAseTemplate] and here, [Creating an ILB App Service Environment from template][ASEfromTemplate].
+4. Make your Virtual Network and Location selections. You can choose to create a new VNet or select a pre-existing VNet. If you select a new VNet then you can specify a name and location. The new VNet will have the address range 192.168.250.0/23 and a subnet named **default** that is defined as 192.168.250.0/24. You can also simply select a pre-existing Classic or Resource Manager VNet. The VIP Type selection determines if your ASE can be directly accessed from the internet (External) or if it uses an Internal Load Balancer (ILB). To learn more about them read [Using an Internal Load Balancer with an App Service Environment][ILBASE]. If you select a VIP type of External then you can select how many external IP addresses the system is created with for IP SSL purposes. If you select Internal then you need to specify the subdomain that your ASE will use. ASEs can be deployed into virtual networks that use *either* public address ranges, *or* RFC1918 address spaces (i.e. private addresses). In order to use a virtual network with a public address range, you will need to create the VNet ahead of time. When you select a pre-existing VNet you will need to create a new subnet during ASE creation. **You cannot use a pre-created subnet in the portal. You can create an ASE with a pre-existing subnet if you create your ASE using a resource manager template.** To create an ASE from a template use the information here, [Creating an App Service Environment from template][ILBAseTemplate] and here, [Creating an ILB App Service Environment from template][ASEfromTemplate].
 
 ### Details
 An ASE is created with 2 Front Ends and 2 Workers. The Front Ends act as the HTTP/HTTPS endpoints and send traffic to the Workers which are the roles that host your apps. You can adjust the quantity after ASE creation and can even set up autoscale rules on these resource pools. For more details around manual scaling, management and monitoring of an App Service Environment go here: [How to configure an App Service Environment][ASEConfig] 
@@ -53,7 +53,7 @@ After ASE creation you can adjust:
 
 * Quantity of Front Ends (minimum: 2)
 * Quantity of Workers (minimum: 2)
-* Quantity of IP addresses available for IP TLS
+* Quantity of IP addresses available for IP SSL
 * Compute resource sizes used by the Front Ends or Workers (Front End minimum size is P2)
 
 There are more details around manual scaling, management and monitoring of App Service Environments here: [How to configure an App Service Environment][ASEConfig] 

articles/app-service/environment/certificates.md

@@ -51,7 +51,7 @@ When creating a self signed cert, you will need to ensure the subject name has t
 Apps that are hosted in an ASE can use the app-centric certificate features that are available in the multi-tenant App Service. Those features include:  
 
 - SNI certificates 
-- IP-based TLS, which is only supported with an External ASE.  An ILB ASE does not support IP-based TLS.
+- IP-based SSL, which is only supported with an External ASE.  An ILB ASE does not support IP-based SSL.
 - KeyVault hosted certificates 
 
 The instructions for uploading and managing those certificates are available in [Add a TLS/SSL certificate in Azure App Service](../configure-ssl-certificate.md).  If you are simply configuring certificates to match a custom domain name that you have assigned to your web app, then those instructions will suffice. If you are uploading the certificate for an ILB ASE web app with the default domain name, then specify the scm site in the SAN of the certificate as noted earlier. 

articles/app-service/environment/create-external-ase.md

@@ -155,7 +155,7 @@ If you create an ASE standalone, it has nothing in it. An empty ASE still incurs
 
     * The new VNet has the address range 192.168.250.0/23 and a subnet named default. The subnet is defined as 192.168.250.0/24. You can only select a Resource Manager VNet. The **VIP Type** selection determines if your ASE can be directly accessed from the internet (External) or if it uses an ILB. To learn more about these options, see [Create and use an internal load balancer with an App Service environment][MakeILBASE]. 
 
-      * If you select **External** for the **VIP Type**, you can select how many external IP addresses the system is created with for IP-based TLS purposes. 
+      * If you select **External** for the **VIP Type**, you can select how many external IP addresses the system is created with for IP-based SSL purposes. 
 
       * If you select **Internal** for the **VIP Type**, you must specify the domain that your ASE uses. You can deploy an ASE into a VNet that uses public or private address ranges. To use a VNet with a public address range, you need to create the VNet ahead of time. 
 

articles/app-service/environment/create-from-template.md

@@ -43,7 +43,7 @@ If you want to make an ILB ASE, use these Resource Manager template [examples][q
 
 * *internalLoadBalancingMode*: In most cases, set this to 3, which means both HTTP/HTTPS traffic on ports 80/443, and the control/data channel ports listened to by the FTP service on the ASE, will be bound to an ILB-allocated virtual network internal address. If this property is set to 2, only the FTP service-related ports (both control and data channels) are bound to an ILB address. The HTTP/HTTPS traffic remains on the public VIP.
 * *dnsSuffix*: This parameter defines the default root domain that's assigned to the ASE. In the public variation of Azure App Service, the default root domain for all web apps is *azurewebsites.net*. Because an ILB ASE is internal to a customer's virtual network, it doesn't make sense to use the public service's default root domain. Instead, an ILB ASE should have a default root domain that makes sense for use within a company's internal virtual network. For example, Contoso Corporation might use a default root domain of *internal-contoso.com* for apps that are intended to be resolvable and accessible only within Contoso's virtual network. 
-* *ipSslAddressCount*: This parameter automatically defaults to a value of 0 in the *azuredeploy.json* file because ILB ASEs only have a single ILB address. There are no explicit IP-TLS addresses for an ILB ASE. Hence, the IP-TLS address pool for an ILB ASE must be set to zero. Otherwise, a provisioning error occurs. 
+* *ipSslAddressCount*: This parameter automatically defaults to a value of 0 in the *azuredeploy.json* file because ILB ASEs only have a single ILB address. There are no explicit IP-SSL addresses for an ILB ASE. Hence, the IP-SSL address pool for an ILB ASE must be set to zero. Otherwise, a provisioning error occurs. 
 
 After the *azuredeploy.parameters.json* file is filled in, create the ASE by using the PowerShell code snippet. Change the file paths to match the Resource Manager template-file locations on your machine. Remember to supply your own values for the Resource Manager deployment name and the resource group name:
 
@@ -149,7 +149,7 @@ However, just like apps that run on the public multitenant service, developers c
 ## App Service Environment v1 ##
 App Service Environment has two versions: ASEv1 and ASEv2. The preceding information was based on ASEv2. This section shows you the differences between ASEv1 and ASEv2.
 
-In ASEv1, you manage all of the resources manually. That includes the front ends, workers, and IP addresses used for IP-based TLS. Before you can scale out your App Service plan, you must scale out the worker pool that you want to host it.
+In ASEv1, you manage all of the resources manually. That includes the front ends, workers, and IP addresses used for IP-based SSL. Before you can scale out your App Service plan, you must scale out the worker pool that you want to host it.
 
 ASEv1 uses a different pricing model from ASEv2. In ASEv1, you pay for each vCPU allocated. That includes vCPUs that are used for front ends or workers that aren't hosting any workloads. In ASEv1, the default maximum-scale size of an ASE is 55 total hosts. That includes workers and front ends. One advantage to ASEv1 is that it can be deployed in a classic virtual network and a Resource Manager virtual network. To learn more about ASEv1, see [App Service Environment v1 introduction][ASEv1Intro].
 

articles/app-service/environment/create-ilb-ase.md

@@ -36,7 +36,7 @@ With an ILB ASE, you can do things such as:
 
 There are some things that you can't do when you use an ILB ASE:
 
--   Use IP-based TLS.
+-   Use IP-based SSL.
 -   Assign IP addresses to specific apps.
 -   Buy and use a certificate with an app through the Azure portal. You can obtain certificates directly from a certificate authority and use them with your apps. You can't obtain them through the Azure portal.
 

articles/app-service/environment/integrate-with-application-gateway.md

@@ -15,7 +15,7 @@ The [App Service Environment](./intro.md) is a deployment of Azure App Service i
 
 Web application firewalls help secure your web applications by inspecting inbound web traffic to block SQL injections, Cross-Site Scripting, malware uploads & application DDoS and other attacks. It also inspects the responses from the back-end web servers for Data Loss Prevention (DLP). You can get a WAF device from the Azure marketplace or you can use the [Azure Application Gateway][appgw].
 
-The Azure Application Gateway is a virtual appliance that provides layer 7 load balancing, TLS offloading, and web application firewall (WAF) protection. It can listen on a public IP address and route traffic to your application endpoint. The following information describes how to integrate a WAF-configured application gateway with an app in an ILB App Service Environment.  
+The Azure Application Gateway is a virtual appliance that provides layer 7 load balancing, TLS/SSL offloading, and web application firewall (WAF) protection. It can listen on a public IP address and route traffic to your application endpoint. The following information describes how to integrate a WAF-configured application gateway with an app in an ILB App Service Environment.  
 
 The integration of the application gateway with the ILB App Service Environment is at an app level. When you configure the application gateway with your ILB App Service Environment, you're doing it for specific apps in your ILB App Service Environment. This technique enables hosting secure multitenant applications in a single ILB App Service Environment.  
 

articles/app-service/environment/intro.md

@@ -73,7 +73,7 @@ For more information on how ASEs work with virtual networks and on-premises netw
 
 App Service Environment has two versions: ASEv1 and ASEv2. The preceding information was based on ASEv2. This section shows you the differences between ASEv1 and ASEv2. 
 
-In ASEv1, you need to manage all of the resources manually. That includes the front ends, workers, and IP addresses used for IP-based TLS. Before you can scale out your App Service plan, you need to first scale out the worker pool where you want to host it.
+In ASEv1, you need to manage all of the resources manually. That includes the front ends, workers, and IP addresses used for IP-based SSL. Before you can scale out your App Service plan, you need to first scale out the worker pool where you want to host it.
 
 ASEv1 uses a different pricing model from ASEv2. In ASEv1, you pay for each vCPU allocated. That includes vCPUs used for front ends or workers that aren't hosting any workloads. In ASEv1, the default maximum-scale size of an ASE is 55 total hosts. That includes workers and front ends. One advantage to ASEv1 is that it can be deployed in a classic virtual network and a Resource Manager virtual network. To learn more about ASEv1, see [App Service Environment v1 introduction][ASEv1Intro].
 

articles/app-service/environment/network-info.md

@@ -122,7 +122,7 @@ An ASE has a few IP addresses to be aware of. They are:
 - **Public inbound IP address**: Used for app traffic in an External ASE, and management traffic in both an External ASE and an ILB ASE.
 - **Outbound public IP**: Used as the "from" IP for outbound connections from the ASE that leave the VNet, which aren't routed down a VPN.
 - **ILB IP address**: The ILB IP address only exists in an ILB ASE.
-- **App-assigned IP-based TLS addresses**: Only possible with an External ASE and when IP-based TLS is configured.
+- **App-assigned IP-based SSL addresses**: Only possible with an External ASE and when IP-based SSL is configured.
 
 All these IP addresses are visible in the Azure portal from the ASE UI. If you have an ILB ASE, the IP for the ILB is listed.
 
@@ -133,9 +133,9 @@ All these IP addresses are visible in the Azure portal from the ASE UI. If you h
 
 ### App-assigned IP addresses ###
 
-With an External ASE, you can assign IP addresses to individual apps. You can't do that with an ILB ASE. For more information on how to configure your app to have its own IP address, see [Secure a custom DNS name with a TLS binding in Azure App Service](../configure-ssl-bindings.md).
+With an External ASE, you can assign IP addresses to individual apps. You can't do that with an ILB ASE. For more information on how to configure your app to have its own IP address, see [Secure a custom DNS name with a TLS/SSL binding in Azure App Service](../configure-ssl-bindings.md).
 
-When an app has its own IP-based TLS address, the ASE reserves two ports to map to that IP address. One port is for HTTP traffic, and the other port is for HTTPS. Those ports are listed in the ASE UI in the IP addresses section. Traffic must be able to reach those ports from the VIP or the apps are inaccessible. This requirement is important to remember when you configure Network Security Groups (NSGs).
+When an app has its own IP-based SSL address, the ASE reserves two ports to map to that IP address. One port is for HTTP traffic, and the other port is for HTTPS. Those ports are listed in the ASE UI in the IP addresses section. Traffic must be able to reach those ports from the VIP or the apps are inaccessible. This requirement is important to remember when you configure Network Security Groups (NSGs).
 
 ## Network Security Groups ##
 

articles/app-service/environment/using-an-ase.md

@@ -83,9 +83,9 @@ In an ASE, you can scale an App Service plan up to 100 instances. An ASE can hav
 
 ## IP addresses
 
-App Service can allocate a dedicated IP address to an app. This capability is available after you configure IP-based TLS, as described in [Bind an existing custom TLS/SSL certificate to Azure App Service][ConfigureSSL]. In an ILB ASE, you can't add more IP addresses to be used for IP-based TLS.
+App Service can allocate a dedicated IP address to an app. This capability is available after you configure IP-based SSL, as described in [Bind an existing custom TLS/SSL certificate to Azure App Service][ConfigureSSL]. In an ILB ASE, you can't add more IP addresses to be used for IP-based SSL.
 
-With an External ASE, you can configure IP-based TLS for your app in the same way as in the multitenant App Service. There's always one spare address in the ASE, up to 30 IP addresses. Each time you use one, another is added so that an address is always readily available. A time delay is required to allocate another IP address. That delay prevents adding IP addresses in quick succession.
+With an External ASE, you can configure IP-based SSL for your app in the same way as in the multitenant App Service. There's always one spare address in the ASE, up to 30 IP addresses. Each time you use one, another is added so that an address is always readily available. A time delay is required to allocate another IP address. That delay prevents adding IP addresses in quick succession.
 
 ## Front-end scaling