Other incremental updates, replacing outdated screenshots.

Author: roygara

articles/storage/elastic-san/elastic-san-configure-private-endpoints.md

@@ -1,6 +1,6 @@
 ---
-title: Configure Private Endpoints for Azure Elastic SAN
-description: Learn how to configure Private Endpoint connections to Azure Elastic SAN volumes.
+title: Configure private endpoints for Azure Elastic SAN
+description: Learn how to configure private endpoint connections to Azure Elastic SAN volumes.
 author: roygara
 ms.service: azure-elastic-san-storage
 ms.topic: how-to
@@ -9,11 +9,11 @@ ms.author: rogarana
 ms.custom: devx-track-azurecli, devx-track-azurepowershell
 ---
 
-# Configure Private Endpoints for Azure Elastic SAN
+# Configure private endpoints for Azure Elastic SAN
 
 A private endpoint allows you to connect to your Elastic SAN volume group over a private IP address within your virtual network. When you use a private endpoint, traffic between your virtual network and the Elastic SAN remains entirely on Azure’s private backbone, without traversing the public internet. Once a private endpoint is configured and approved, access is granted automatically to the subnet where it resides. This configuration provides strong network isolation and is ideal for production or security-sensitive workloads. 
 
-This article covers configuring your Elastic SAN volume group to use Private Endpoints.
+This article covers configuring your Elastic SAN volume group to use private endpoints.
 
 ## Prerequisites
 
@@ -47,7 +47,7 @@ Fill out the values in the menu that pops up, select the virtual network and the
 
 ### [PowerShell](#tab/azure-powershell)
 
-The following script creates a Private Endpoint for your Elastic SAN volume group. Replace the values of `RgName`, `VnetName`, `SubnetName`, `EsanName`, `EsanVgName`, `PLSvcConnectionName`, `EndpointName`, and `Location`(Region) with your own values, and uncomment `-ByManualRequest` if you're following the two step process, then run the script.
+The following script creates a private endpoint for your Elastic SAN volume group. Replace the values of `RgName`, `VnetName`, `SubnetName`, `EsanName`, `EsanVgName`, `PLSvcConnectionName`, `EndpointName`, and `Location`(Region) with your own values, and uncomment `-ByManualRequest` if you're following the two step process, then run the script.
 
 Afterwards, if you don't have all necessary permissions and need the network admin to approve the connection, make sure to also run the script in [Approve connection](#approve-connection).
 
@@ -112,7 +112,7 @@ $EndpointConnection.PrivateLinkServiceConnectionState
 
 ### [Azure CLI](#tab/azure-cli)
 
-The following script creates a Private Endpoint for your Elastic SAN volume group. Uncomment the `--manual-request` parameter if you're using the two-step process. Replace all example variable values with your own, then run the script.
+The following script creates a private endpoint for your Elastic SAN volume group. Uncomment the `--manual-request` parameter if you're using the two-step process. Replace all example variable values with your own, then run the script.
 
 Afterwards, if you don't have all necessary permissions and need the network admin to approve the connection, make sure to also run the script in [Approve connection](#approve-connection-1).
 

articles/storage/elastic-san/elastic-san-connect-linux.md

@@ -13,28 +13,23 @@ ms.custom: references_regions, linux-related-content
 
 This article explains how to connect to an Elastic SAN volume from an individual Linux client. For details on connecting from a Windows client, see [Connect to Elastic SAN volumes - Windows](elastic-san-connect-windows.md).
 
-In this article, you'll add the Storage service endpoint to an Azure virtual network's subnet, then you'll configure your volume group to allow connections from your subnet. Finally, you'll configure your client environment to connect to an Elastic SAN volume and establish a connection.
+In this article, you'll configure your volume group to allow connections from your subnet and then you'll configure your client environment to connect to an Elastic SAN volume and establish a connection.
 
 You must use a cluster manager when connecting an individual elastic SAN volume to multiple clients. For details, see [Use clustered applications on Azure Elastic SAN](elastic-san-shared-volumes.md).
 
 ## Prerequisites
 
 - Use either the [latest Azure CLI](/cli/azure/install-azure-cli) or install the [latest Azure PowerShell module](/powershell/azure/install-azure-powershell)
 - [Deploy an Elastic SAN](elastic-san-create.md)
-- [Configure a virtual network endpoint](elastic-san-networking.md)
-- [Configure virtual network rules](elastic-san-networking.md#configure-virtual-network-rules)
+- Either [configure private endpoints](elastic-san-configure-private-endpoints.md) or [configure service endpoints](elastic-san-configure-service-endpoints.md)
 
-## Connect to volumes
-
-### Set up your client environment
-
-#### Enable iSCSI Initiator
+## Enable iSCSI Initiator
 
 To create iSCSI connections from a Linux client, install the iSCSI initiator package. The exact command might vary depending on your distribution, and you should consult their documentation if necessary.
 
 As an example, with Ubuntu you'd use `sudo apt install open-iscsi`, with SUSE Linux Enterprise Server (SLES) you'd use `sudo zypper install open-iscsi` and with Red Hat Enterprise Linux (RHEL) you'd use `sudo yum install iscsi-initiator-utils`.
 
-#### Install Multipath I/O
+## Install Multipath I/O
 
 To achieve higher IOPS and throughput to a volume and reach its maximum limits, you need to create multiple-sessions from the iSCSI initiator to the target volume based on your application's multi-threaded capabilities and performance requirements. You need Multipath I/O to aggregate these multiple paths into a single device, and to improve performance by optimally distributing I/O over all available paths based on a load balancing policy.
 
@@ -64,7 +59,7 @@ devices {
 After creating or modifying the file, restart Multipath I/O. On Ubuntu, the command is `sudo systemctl restart multipath-tools.service` and on RHEL and SLES the command is `sudo systemctl restart multipathd`.
 
 
-### Attach Volumes to the client
+## Attach Volumes to the client
 
 You can use the following script to create your connections. To execute it, you will require the following parameters:
 - subscription: Subscription ID
@@ -82,7 +77,7 @@ Copy the script from [here](https://github.com/Azure-Samples/azure-elastic-san/b
 
 You can verify the number of sessions using `sudo multipath -ll`
 
-#### Number of sessions
+### Number of sessions
 You need to use 32 sessions to each target volume to achieve its maximum IOPS and/or throughput limits.
 
 You can customize the session count by following the instructions below:  

articles/storage/elastic-san/elastic-san-connect-windows.md

@@ -21,8 +21,7 @@ You must use a cluster manager when connecting an individual Elastic SAN volume
 
 - Use either the [latest Azure CLI](/cli/azure/install-azure-cli) or install the [latest Azure PowerShell module](/powershell/azure/install-azure-powershell)
 - [Deploy an Elastic SAN](elastic-san-create.md)
-- [Configure a virtual network endpoint](elastic-san-networking.md)
-- [Configure virtual network rules](elastic-san-networking.md#configure-virtual-network-rules)
+- Either [configure private endpoints](elastic-san-configure-private-endpoints.md) or [configure service endpoints](elastic-san-configure-service-endpoints.md)
 
 ## Enable iSCSI Initiator
 
@@ -79,11 +78,13 @@ Copy the script from [here](https://github.com/Azure-Samples/azure-elastic-san/b
 
 Verify the number of sessions your volume has with either `iscsicli SessionList` or `mpclaim -s -d`
 
-## Set session number
+### Set session number
 
 You need to use 32 sessions to each target volume to achieve its maximum IOPS and/or throughput limits. Windows iSCSI initiator has a limit of maximum 256 sessions. If you need to connect more than 8 volumes to a Windows client, reduce the number of sessions to each volume. 
 
-You can customize the number of sessions by using the optional `-NumSession parameter` when running the `connect.ps1` script. 
+> [!NOTE]
+> Use the `-NumSession` parameter to customize the number of sessions. The parameter accepts values from 1 to 32, and has a default value of 32.
+
 
 ```bash
 .\connect.ps1 ` 
@@ -99,9 +100,6 @@ You can customize the number of sessions by using the optional `-NumSession para
   -NumSession “<value>”
 ```
 
-> [!NOTE]
-> The `-NumSession` parameter accepts values from 1 to 32, and has a default value of 32.
-
 ## Next steps
 
 [Configure Elastic SAN networking](elastic-san-networking.md)

articles/storage/elastic-san/elastic-san-create.md

@@ -125,14 +125,15 @@ Use one of these sets of sample code to create an Elastic SAN that uses locally
 | `<ElasticSanVolumeGroupName>`    | The name of the Elastic SAN Volume Group to be created. |
 | `<VolumeName>`                   | The name of the Elastic SAN Volume to be created. |
 | `<Location>`                     | The region where the new resources will be created. |
-| `<Zone>`                         | The availability zone where the Elastic SAN will be created.<br> *Specify the same availability zone as the zone that will host your workload.*<br>*Use only if the Elastic SAN uses locally redundant storage.*<br> *Must be a zone supported in the target location such as `1`, `2`, or `3`.*  |
+| `<Zone>`                         | The availability zone where the Elastic SAN will be created.<br> Specify the same availability zone as the zone that will host your workload.<br>Use only if the Elastic SAN uses locally redundant storage.<br> Must be a zone supported in the target location such as `1`, `2`, or `3`.  |
 | `<BaseSizeTib>`                  | The amount of base units to provision. For Azure CLI extension elastic-san versions 1.3.0 and newer, this is an optional parameter with default value 20. |
 | `<ExtendedCapacitySizeTiB>`      | The amount of capacity-only units to provision. For Azure CLI extension elastic-san versions 1.3.0 and newer, this is an optional parameter with default value 0. |
-| `<AutoScalePolicyEnforcement>`   | The setting that determines whether or not autoscaling is enabled for the Elastic SAN. <br>*This value is optional but if passed in, must be 'Enabled' or 'Disabled'* |
+| `<AutoScalePolicyEnforcement>`   | The setting that determines whether or not autoscaling is enabled for the Elastic SAN. <br>This value is optional but if passed in, must be 'Enabled' or 'Disabled' |
 | `<UnusedSizeTiB>`                | The capacity (in TiB) on your Elastic SAN that you want to keep free and unused. If you use more space than this amount, the scale-up operation is automatically triggered, increasing the size of your SAN. This parameter is optional but is required to enable autoscaling. |
 |`<IncreaseCapacityUnitByTiB>`     | This parameter sets the TiB of additional capacity units that your SAN scales up by when autoscale gets triggered. This parameter is optional but is required to enable autoscaling. |
 |`<CapacityUnitScaleUpLimit>`      | This parameter sets the maximum capacity (size) that your SAN can grow to using autoscaling. Your SAN won't automatically scale past this size. This parameter is optional but is required to enable autoscaling. |
-
+|`<CapacityUnitScaleUpLimit>`      | This parameter sets the maximum capacity (size) that your SAN can grow to using autoscaling. Your SAN won't automatically scale past this size. This parameter is optional but is required to enable autoscaling. |
+|`<public-network-access>`         | This parameter allows or disallows public network access to ElasticSan. Optional, but if passed in must be `Enabled` or `Disabled`. Enable if you're using service endpoints, disable if you're only using private endpoints.|
 
 The following command creates an Elastic SAN that uses locally redundant storage without autoscaling enabled.
 

articles/storage/elastic-san/elastic-san-networking-concepts.md

@@ -35,11 +35,11 @@ Private endpoints have several advantages over service endpoints. For a complete
 
 Traffic between the virtual network and the Elastic SAN is routed over an optimal path on the Azure backbone network. Unlike service endpoints, you don't need to configure network rules to allow traffic from a private endpoint since the storage firewall only controls access through public endpoints.
 
-For details on how to configure private endpoints, see [Enable private endpoint](elastic-san-networking.md#configure-a-private-endpoint).
+For details on how to configure private endpoints, see [Configure private endpoints for Azure Elastic SAN](elastic-san-configure-private-endpoints.md).
 
 ## Public network access
 
-When you create a SAN, you can enable or disable public internet access to your Elastic SAN endpoints at the SAN level. If you're using private endpoints, you should disable public network access, and only enable it if you're using service endpoints. Enabling public network access for an Elastic SAN allows you to configure public access to individual volume groups in that SAN over storage service endpoints. By default, public access to individual volume groups is denied even if you allow it at the SAN level. If you disable public access at the SAN level, access to the volume groups within that SAN is only available over private endpoints.
+When you create a SAN, you can enable or disable public internet access to your Elastic SAN endpoints at the SAN level. If you're exclusively using private endpoints, disable public network access, only enable it if you're using service endpoints. Enabling public network access for an Elastic SAN allows you to configure public access to individual volume groups in that SAN over storage service endpoints. By default, public access to individual volume groups is denied even if you allow it at the SAN level. If you disable public access at the SAN level, access to the volume groups within that SAN is only available over private endpoints.
 
 ## Storage service endpoints
 
@@ -48,9 +48,9 @@ When you create a SAN, you can enable or disable public internet access to your
 [Cross-region service endpoints for Azure Storage](../common/storage-network-security.md#azure-storage-cross-region-service-endpoints) work between virtual networks and storage service instances in any region. With cross-region service endpoints, subnets no longer use a public IP address to communicate with any storage account, including those in another region. Instead, all the traffic from a subnet to a storage account uses a private IP address as a source IP.
 
 > [!TIP]
-> The original local service endpoints, identified as **Microsoft.Storage**, are still supported for backward compatibility, but you should create cross-region endpoints, identified as **Microsoft.Storage.Global**, for new deployments.
+> The original local service endpoints, identified as **Microsoft.Storage**, are supported for backward compatibility, but you should create cross-region endpoints, identified as **Microsoft.Storage.Global**, for new deployments.
 >
-> Cross-region service endpoints and local ones can't coexist on the same subnet. To use cross-region service endpoints, you might have to delete existing **Microsoft.Storage** endpoints and recreate them as **Microsoft.Storage.Global**.
+> Cross-region service endpoints and local ones can't coexist on the same subnet. To use cross-region service endpoints, delete existing **Microsoft.Storage** endpoints and recreate them as **Microsoft.Storage.Global**.
 
 ## Virtual network rules