MicrosoftDocs
diff --git a/‎articles/azure-signalr/TOC.yml
Lines changed: 1 addition & 1 deletion b/‎articles/azure-signalr/TOC.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/azure-signalr/concept-connection-string.md
Lines changed: 88 additions & 96 deletions b/‎articles/azure-signalr/concept-connection-string.md
Lines changed: 88 additions & 96 deletions
diff --git a/‎articles/azure-signalr/howto-network-access-control.md
Lines changed: 12 additions & 15 deletions b/‎articles/azure-signalr/howto-network-access-control.md
Lines changed: 12 additions & 15 deletions
diff --git a/‎articles/azure-signalr/signalr-concept-internals.md
Lines changed: 40 additions & 28 deletions b/‎articles/azure-signalr/signalr-concept-internals.md
Lines changed: 40 additions & 28 deletions
@@ -123,7 +123,7 @@
       href: howto-shared-private-endpoints-key-vault.md
     - name: Use managed identity
       href: howto-use-managed-identity.md
-    - name: Authorize from Azure Application
+    - name: Authorize from Azure Applications
       href: signalr-howto-authorize-application.md
     - name: Authorize from Managed Identity
       href: signalr-howto-authorize-managed-identity.md
 
@@ -6,44 +6,41 @@ services: signalr
 author: vicancy
 ms.service: signalr
 ms.topic: conceptual
-ms.date: 05/06/2020
+ms.date: 03/29/2023
 ms.author: lianwei
 ---
 
 # Configure network access control
 
-Azure SignalR Service enables you to secure and control the level of access to your service endpoint, based on the request type and subset of networks used. When network rules are configured, only applications requesting data over the specified set of networks can access your Azure SignalR Service.
+Azure SignalR Service enables you to secure and control the level of access to your service endpoint based on the request type and subset of networks. When network rules are configured, only applications requesting data over the specified set of networks can access your SignalR Service.
 
-Azure SignalR Service has a public endpoint that is accessible through the internet. You can also create [Private Endpoints for your Azure SignalR Service](howto-private-endpoints.md). Private Endpoint assigns a private IP address from your VNet to the Azure SignalR Service, and secures all traffic between your VNet and the Azure SignalR Service over a private link. The Azure SignalR Service network access control provides access control for both public endpoint and private endpoints.
+SignalR Service has a public endpoint that is accessible through the internet. You can also create [private endpoints for your Azure SignalR Service](howto-private-endpoints.md). A private endpoint assigns a private IP address from your VNet to the SignalR Service, and secures all traffic between your VNet and the SignalR Service over a private link. The SignalR Service network access control provides access control for both public and private endpoints.
 
-Optionally, you can choose to allow or deny certain types of requests for public endpoint and each private endpoint. For example, you can block all [Server Connections](signalr-concept-internals.md#server-connections) from public endpoint and make sure they only originate from a specific VNet.
+Optionally, you can choose to allow or deny certain types of requests for the public endpoint and each private endpoint. For example, you can block all [Server Connections](signalr-concept-internals.md#application-server-connections) from public endpoint and make sure they only originate from a specific VNet.
 
-An application that accesses an Azure SignalR Service when network access control rules are in effect still requires proper authorization for the request.
+An application that accesses a SignalR Service when network access control rules are in effect still requires proper authorization for the request.
 
 ## Scenario A - No public traffic
 
-To completely deny all public traffic, you should first configure the public network rule to allow no request type. Then, you should configure rules that grant access to traffic from specific VNets. This configuration enables you to build a secure network boundary for your applications.
+To completely deny all public traffic, first configure the public network rule to allow no request type. Then, you can configure rules that grant access to traffic from specific VNets. This configuration enables you to build a secure network boundary for your applications.
 
 ## Scenario B - Only client connections from public network
 
-In this scenario, you can configure the public network rule to only allow [Client Connections](signalr-concept-internals.md#client-connections) from public network. You can then configure private network rules to allow other types of requests originating from a specific VNet. This configuration hides your app servers from public network and establishes secure connections between your app servers and Azure SignalR Service.
+In this scenario, you can configure the public network rule to only allow [Client Connections](signalr-concept-internals.md#client-connections) from the public network. You can then configure private network rules to allow other types of requests originating from a specific VNet. This configuration hides your app servers from the public network and establishes secure connections between your app servers and SignalR Service.
 
 ## Managing network access control
 
-You can manage network access control for Azure SignalR Service through the Azure portal.
+You can manage network access control for SignalR Service through the Azure portal.
 
-### Azure portal
-
-1. Go to the Azure SignalR Service you want to secure.
-
-1. Click on the settings menu called **Network access control**.
+1. Go to the SignalR Service instance you want to secure.
+1. Select **Network access control** from the left side menu.
 
     ![Network ACL on portal](media/howto-network-access-control/portal.png)
 
 1. To edit default action, toggle the **Allow/Deny** button.
 
     > [!TIP]
-    > Default action is the action we take when there is no ACL rule matches. For example, if the default action is **Deny**, then request types that are not explicitly approved below will be denied.
+    > The default action is the action the service takes when no access control rule matches a request. For example, if the default action is **Deny**, then the request types that are not explicitly approved will be denied.
 
 1. To edit public network rule, select allowed types of requests under **Public network**.
 
@@ -53,7 +50,7 @@ You can manage network access control for Azure SignalR Service through the Azur
 
     ![Edit private endpoint ACL on portal ](media/howto-network-access-control/portal-private-endpoint.png)
 
-1. Click **Save** to apply your changes.
+1. Select **Save** to apply your changes.
 
 ## Next steps
 
 
@@ -6,51 +6,55 @@ ms.service: signalr
 ms.topic: conceptual
 ms.devlang: csharp
 ms.custom: devx-track-csharp
-ms.date: 11/13/2019
+ms.date: 03/29/2023
 ms.author: lianwei
 ---
 # Azure SignalR Service internals
 
 Azure SignalR Service is built on top of ASP.NET Core SignalR framework. It also supports ASP.NET SignalR by reimplementing ASP.NET SignalR's data protocol on top of the ASP.NET Core framework.
 
-You can easily migrate a local ASP.NET Core SignalR application or ASP.NET SignalR application to work with SignalR Service, with a few lines of code change.
+You can easily migrate a local ASP.NET Core SignalR or an ASP.NET SignalR application to work with SignalR Service, with by changing few lines of code.
 
-The diagram below describes the typical architecture when you use the SignalR Service with your application server.
+The diagram describes the typical architecture when you use the SignalR Service with your application server.
 
 The differences from self-hosted ASP.NET Core SignalR application are discussed as well.
 
 ![Architecture](./media/signalr-concept-internals/arch.png)
 
-## Server connections
+## Application server connections
 
-Self-hosted ASP.NET Core SignalR application server listens to and connects clients directly.
+A self-hosted ASP.NET Core SignalR application server listens to and connects clients directly.
 
-With SignalR Service, the application server is no longer accepting persistent client connections, instead:
+With SignalR Service, the application server no longer accepts persistent client connections, instead:
 
 1. A `negotiate` endpoint is exposed by Azure SignalR Service SDK for each hub.
-1. This endpoint will respond to client's negotiation requests and redirect clients to SignalR Service.
-1. Eventually, clients will be connected to SignalR Service.
+1. The endpoint responds to client negotiation requests and redirect clients to SignalR Service.
+1. The clients connect to SignalR Service.
 
 For more information, see [Client connections](#client-connections).
 
-Once the application server is started, 
-- For ASP.NET Core SignalR, Azure SignalR Service SDK opens 5 WebSocket connections per hub to SignalR Service. 
-- For ASP.NET SignalR, Azure SignalR Service SDK opens 5 WebSocket connections per hub to SignalR Service, and one per application WebSocket connection.
+Once the application server is started:
 
-5 WebSocket connections is the default value that can be changed in [configuration](https://github.com/Azure/azure-signalr/blob/dev/docs/run-asp-net-core.md#connectioncount). Please note that this configures the initial server connection count the SDK starts. While the app server is connected to the SignalR service, the Azure SignalR service might send load-balancing messages to the server and the SDK will start new server connections to the service for better performance. 
+- For ASP.NET Core SignalR: Azure SignalR Service SDK opens five WebSocket connections per hub to SignalR Service. 
+- For ASP.NET SignalR: Azure SignalR Service SDK opens five WebSocket connections per hub to SignalR Service, and one per application WebSocket connection.
 
-Messages to and from clients will be multiplexed into these connections.
 
-These connections will remain connected to the SignalR Service all the time. If a server connection is disconnected for network issue,
-- all clients that are served by this server connection disconnect (for more information about it, see [Data transmit between client and server](#data-transmit-between-client-and-server));
-- the server connection starts reconnecting automatically.
+The initial number of connections defaults to 5 and is configurable using the `InitialHubServerConnectionCount` option in the SignalR Service SDK.  For more information, see  [configuration](https://github.com/Azure/azure-signalr/blob/dev/docs/run-asp-net-core.md#maxhubserverconnectioncount). 
+
+While the application server is connected to the SignalR service, the Azure SignalR service may send load-balancing messages to the server.  Then, the SDK starts new server connections to the service for better performance. Messages to and from clients are multiplexed into these connections.
+
+Server connections are persistently connected to the SignalR Service. If a server connection is disconnected due to a network issue:
+
+- All clients served by this server connection disconnect. For more information, see [Data transmission between client and server](#data-transmission-between-client-and-server).
+- The server automatically reconnects the clients.
 
 ## Client connections
 
-When you use the SignalR Service, clients connect to SignalR Service instead of application server.
-There are two steps to establish persistent connections between the client and the SignalR Service.
+When you use the SignalR Service, clients connect to the service instead of the application server.
+There are three steps to establish persistent connections between the client and the SignalR Service.
 
-1. Client sends a negotiate request to the application server. With Azure SignalR Service SDK, application server returns a redirect response with SignalR Service's URL and access token.
+1. A client sends a negotiate request to the application server. 
+1. The application server uses Azure SignalR Service SDK to return a redirect response containing the SignalR Service URL and access token.
 
     - For ASP.NET Core SignalR, a typical redirect response looks like:
         ```
@@ -68,21 +72,29 @@ There are two steps to establish persistent connections between the client and t
         }
         ```
 
-1. After receiving the redirect response, client uses the new URL and access token to start the normal process to connect to SignalR Service.
+1. After the client receives the redirect response, it uses the URL and access token to connect to SignalR Service.
+
+To learn more about ASP.NET Core SignalR's, see [Transport Protocols](https://github.com/aspnet/SignalR/blob/release/2.2/specs/TransportProtocols.md).
 
-Learn more about ASP.NET Core SignalR's [transport protocols](https://github.com/aspnet/SignalR/blob/release/2.2/specs/TransportProtocols.md).
+## Data transmission between client and server
 
-## Data transmit between client and server
+When a client is connected to the SignalR Service, the service runtime finds a server connection to serve this client.
 
-When a client is connected to the SignalR Service, service runtime will find a server connection to serve this client
-- This step happens only once, and is a one-to-one mapping between the client and server connections.
+- This step happens only once, and is a one-to-one mapping between the client and server connection.
 - The mapping is maintained in SignalR Service until the client or server disconnects.
 
 At this point, the application server receives an event with information from the new client. A logical connection to the client is created in the application server. The data channel is established from client to application server, via SignalR Service.
 
-SignalR Service transmits data from the client to the pairing application server. And data from the application server will be sent to the mapped clients.
+SignalR Service transmits data from the client to the pairing application server. Data from the application server is sent to the mapped clients.
+
+SignalR Service doesn't save or store customer data, all customer data received is transmitted to the target server or clients in real-time.
+
+The Azure SignalR Service acts as a logical transport layer between  application server and clients. All persistent connections are offloaded to SignalR Service.  As a result, the application server only needs to handle the business logic in the hub class, without worrying about client connections.
+
+## Next steps
 
-SignalR Service does not save or store customer data, all customer data received is transmitted to target server or clients in real-time.
+To learn more about Azure SignalR SDKs, see:
 
-As you can see, the Azure SignalR Service is essentially a logical transport layer between  application server and clients. All persistent connections are offloaded to SignalR Service.
-Application server only needs to handle the business logic in hub class, without worrying about client connections.
+- [ASP.NET Core SignalR](/aspnet/core/signalr/introduction)
+- [ASP.NET SignalR](/aspnet/signalr/overview/getting-started/introduction-to-signalr)
+- [ASP.NET code samples](https://github.com/aspnet/AzureSignalR-samples)