freshness review

duongau · duongau · commit 651cb1339dfe · 2024-11-13T09:27:55.000-08:00
diff --git a/articles/frontdoor/scenario-storage-blobs.md b/articles/frontdoor/scenario-storage-blobs.md
@@ -5,101 +5,99 @@ services: front-door
 author: duongau
 ms.service: azure-frontdoor
 ms.topic: conceptual
-ms.date: 12/28/2023
+ms.date: 11/13/2024
 ms.author: duau
 ---
 
-# Use Azure Front Door with Azure Storage blobs
+# Use Azure Front Door with Azure Storage Blobs
 
-Azure Front Door accelerates the delivery of static content from Azure Storage blobs, and enables a secure and scalable architecture. Static content delivery is useful for many different use cases, including website hosting and file delivery.
+Azure Front Door enhances the delivery of static content from Azure Storage blobs, providing a secure and scalable architecture. This setup is ideal for various use cases, such as website hosting and file delivery.
 
 ## Architecture
 
 :::image type="content" source="./media/scenario-storage-blobs/architecture-diagram.png" alt-text="Diagram of Azure Front Door with a blob storage origin." border="false":::
 
-In this reference architecture, you deploy a storage account and Front Door profile with a single origin.
+In this reference architecture, a storage account and an Azure Front Door profile with a single origin are deployed.
 
 ## Dataflow
 
-Data flows through the scenario as follows:
+The data flows through the scenario as follows:
 
-1. The client establishes a secure connection to Azure Front Door by using a custom domain name and Front Door-provided TLS certificate. The client's connection terminates at a nearby Front Door point of presence (PoP).
-1. The Front Door web application firewall (WAF) scans the request. If the WAF determines the request's risk level is too high, it blocks the request and Front Door returns an HTTP 403 error response.
-1. If the Front Door PoP's cache contains a valid response for this request, Front Door returns the response immediately.
-1. Otherwise, the PoP sends the request to the origin storage account, wherever it is in the world, by using Microsoft's backbone network. The PoP connects to the storage account by using a separate, long-lived, TCP connection. In this scenario, Private Link is used to securely connect to the storage account.
+1. The client establishes a secure connection to Azure Front Door using a custom domain name and a Front Door-provided TLS certificate. The connection terminates at a nearby Front Door point of presence (PoP).
+1. Azure Front Door web application firewall (WAF) scans the request. If the WAF determines the request is too risky, it blocks the request and returns an HTTP 403 error response.
+1. If the Front Door PoP's cache contains a valid response, Front Door returns the response immediately.
+1. If not, the PoP sends the request to the origin storage account using Microsoft's backbone network, using a separate, long-lived TCP connection. In this scenario, Private Link securely connects to the storage account.
 1. The storage account sends a response to the Front Door PoP.
-1. When the PoP receives the response, it stores it in its cache for subsequent requests.
+1. The PoP stores the response in its cache for future requests.
 1. The PoP returns the response to the client.
-1. Any requests directly to the storage account through the internet gets blocked by the Azure Storage firewall.
+1. Any direct requests to the storage account through the internet get blocked by the Azure Storage firewall.
 
 ## Components
 
-- [Azure Storage](https://azure.microsoft.com/products/storage/blobs) stores static content in blobs.
-- [Azure Front Door](https://azure.microsoft.com/services/frontdoor/) receives inbound connections from clients, scans them with the WAF, securely forwards the request to the storage account, and caches responses.
+- [Azure Storage](https://azure.microsoft.com/products/storage/blobs): Stores static content in blobs.
+- [Azure Front Door](https://azure.microsoft.com/services/frontdoor/): Receives inbound connections from clients, scans them with the WAF, securely forwards the requests to the storage account, and caches responses.
 
 ### Alternatives
 
-If you have static files in another cloud storage provider, or if you host static content on infrastructure that you own and maintain, much of this scenario continues to apply. However, you need to consider how you protect the incoming traffic to your origin server, to verify that it comes through Front Door. If your storage provider doesn't support Private Link, consider using an alternative approach like [allowlisting the Front Door service tag and inspecting the `X-Azure-FDID` header](origin-security.md).
+If you store static files with another cloud storage provider or on your own infrastructure, this scenario still largely applies. However, you need to ensure that incoming traffic to your origin server is verified to come through Front Door. If your storage provider doesn't support Private Link, consider using an alternative approach like [allowlisting the Front Door service tag and inspecting the `X-Azure-FDID` header](origin-security.md).
 
-## Scenario details
+## Scenario Details
 
-Static content delivery is useful in many situations, such as these examples:
+Static content delivery is beneficial in many situations, such as:
 - Delivering images, CSS files, and JavaScript files for a web application.
-- Serving files and documents, such as PDF files or JSON files.
+- Serving files and documents, such as PDF or JSON files.
 - Delivering nonstreaming video.
 
-By its nature, static content doesn't change frequently. Static files might also be large in size. These characteristics make it a good candidate to be cached, which improves performance and reduces the cost to serve requests.
+Static content typically doesn't change frequently and can be large in size, making it ideal for caching to improve performance and reduce costs.
 
-In a complex scenario, a single Front Door profile might serve static content and dynamic content. You can use separate origin groups for each type of origin, and use Front Door's routing capabilities to route incoming requests to the correct origin.
+In complex scenarios, a single Front Door profile can serve both static and dynamic content. You can use separate origin groups for each type of content and use the routing capabilities to direct incoming requests to the appropriate origin.
 
 ## Considerations
 
-### Scalability and performance
+### Scalability and Performance
 
-As a content delivery network (CDN), Front Door caches the content at its globally distributed network of PoPs. When a cached copy of a response is available at a PoP, Front Door can quickly respond with the cached response. Returning content from the cache improves the performance of the solution, and reduces the load on the origin. If the PoP doesn't have a valid cached response, Front Door's traffic acceleration capabilities reduce the time to serve the content from the origin.
+Azure Front Door acts as a content delivery network (CDN), caching content at its globally distributed PoPs. When a cached response is available, Azure Front Door quickly serves it, enhancing performance and reducing the load on the origin. If the PoP lacks a valid cached response, Azure Front Door's traffic acceleration capabilities expedite content delivery from the origin.
 
 ### Security
 
 #### Authentication
 
-Front Door is designed to be internet-facing, and this scenario is optimized for publicly available blobs. If you need to authenticate access to blobs, consider using [shared access signatures](../storage/common/storage-sas-overview.md), and ensure that you enable the [*Use Query String* query string behavior](front-door-caching.md#query-string-behavior) to avoid Front Door from serving requests to unauthenticated clients. However, this approach might not make effective use of the Front Door cache, because each request with a different shared access signature must be sent to the origin separately.
+Azure Front Door is designed for internet-facing scenarios and is optimized for publicly accessible blobs. To authenticate access to blobs, consider using [shared access signatures (SAS)](../storage/common/storage-sas-overview.md). Ensure you enable the [*Use Query String* behavior](front-door-caching.md#query-string-behavior) to prevent Azure Front Door from serving requests to unauthenticated clients. This approach might limit the effectiveness of caching, as each request with a different SAS must be sent to the origin.
 
-#### Origin security
+#### Origin Security
 
-Front Door securely connects to the Azure Storage account by using [Private Link](private-link.md). The storage account is configured to deny direct access from the internet, and to only allow requests through the private endpoint connection used by Front Door. This configuration ensures that every request gets processed by Front Door, and avoids exposing the contents of your storage account directly to the internet. However, this configuration requires the premium tier of Azure Front Door. If you use the standard tier, your storage account must be publicly accessible. You could use a [shared access signature](../storage/common/storage-sas-overview.md) to secure requests to the storage account, and either have the client include the signature on all of their requests, or use the Front Door [rules engine](front-door-rules-engine.md) to attach it from Front Door.
+Azure Front Door connects securely to the Azure Storage account using [Private Link](private-link.md). The storage account is configured to deny direct internet access, allowing requests only through the private endpoint used by Azure Front Door. This setup ensures all requests get processed by Azure Front Door, protecting your storage account from direct internet exposure. This configuration requires the premium tier of Azure Front Door. If using the standard tier, the storage account must be publicly accessible. You can secure requests with a [shared access signature (SAS)](../storage/common/storage-sas-overview.md) and either have clients include the SAS in their requests or use the Azure Front Door [rules engine](front-door-rules-engine.md) to attach it.
 
-#### Custom domain names
+#### Custom Domain Names
 
-Front Door supports custom domain names, and can issue and manage TLS certificates for those domains. By using custom domains, you can ensure that your clients receive files from a trusted and familiar domain name, and that TLS encrypts every connection to Front Door. When Front Door manages your TLS certificates, you avoid outages and security issues due to invalid or outdated TLS certificates.
+Azure Front Door supports custom domain names and can manage TLS certificates for these domains. Using custom domains ensures clients receive files from a trusted source, with TLS encrypting every connection to Azure Front Door. Azure Front Door's management of TLS certificates helps avoid outages and security issues from invalid or outdated certificates.
 
-Azure Storage also supports custom domain names, but doesn't support HTTPS when using a custom domain. Front Door is the best approach to use a custom domain name with a storage account.
+#### Web Application Firewall
 
-#### Web application firewall
+The Azure Front Door WAF's managed rule sets scan requests for common and emerging security threats. We recommend using the WAF and managed rules for both static and dynamic applications.
 
-The Front Door WAF's managed rule sets scan requests for common and emerging security threats. We recommend using the WAF and managed rules for both static and dynamic applications.
-
-You can also use the Front Door WAF to perform [rate limiting](../web-application-firewall/afds/waf-front-door-rate-limit.md) and [geo-filtering](../web-application-firewall/afds/waf-front-door-geo-filtering.md) if you require those capabilities.
+Additionally, the Azure Front Door WAF can perform [rate limiting](../web-application-firewall/afds/waf-front-door-rate-limit.md) and [geo-filtering](../web-application-firewall/afds/waf-front-door-geo-filtering.md) if needed.
 
 ### Resiliency
 
-Front Door is a highly available service, and because of its globally distributed architecture, it's resilient to failures of single Azure regions and PoPs.
+Azure Front Door is a highly available service with a globally distributed architecture, making it resilient to failures in individual Azure regions and PoPs.
 
-By using the Front Door cache, you reduce the load on your storage account. Additionally, if your storage account is unavailable, Front Door might be able to continue to serve cached responses until your application recovers.
+Using the Azure Front Door cache reduces the load on your storage account. If your storage account becomes unavailable, Azure Front Door might continue to serve cached responses until your application recovers.
 
-You can further improve the resiliency of the overall solution by considering the resiliency of the storage account. For more information, see [Azure Storage redundancy](../storage/common/storage-redundancy.md). Alternatively, you can deploy multiple storage accounts, and configure multiple origins in your Front Door origin group, and configure failover between the origins by configuring each origin's priority. For more information, see [Origins and origin groups in Azure Front Door](origin.md).
+To further improve resiliency, consider the redundancy of your storage account. For more information, see [Azure Storage redundancy](../storage/common/storage-redundancy.md). Alternatively, deploy multiple storage accounts and configure multiple origins in your Azure Front Door origin group. Set up fail over between origins by configuring each origin's priority. For more information, see [Origins and origin groups in Azure Front Door](origin.md).
 
-### Cost optimization
+### Cost Optimization
 
-Caching can help to reduce the cost of delivering static content. Front Door's PoPs store copies of responses, and can deliver these cached responses for any subsequent requests. Caching reduces the request load on the origin. In high-scale static content-based solutions, especially those delivering large files, caching can reduce the traffic costs considerably.
+Caching helps reduce the cost of delivering static content. Azure Front Door's PoPs store copies of responses and can deliver these cached responses for subsequent requests, reducing the request load on the origin. In high-scale static content solutions, especially those delivering large files, caching can significantly reduce traffic costs.
 
-To use Private Link in this solution, you must deploy the premium tier of Front Door. You can use the standard tier if you don't need to block traffic going directly to your storage account. For more information, see [Origin security](#origin-security).
+To use Private Link in this solution, deploy the premium tier of Azure Front Door. The standard tier can be used if you don't need to block direct traffic to your storage account. For more information, see [Origin security](#origin-security).
 
-## Deploy this scenario
+## Deploy This Scenario
 
-To deploy this scenario by using Bicep or JSON ARM templates, [see this quickstart](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.cdn/front-door-premium-storage-blobs-private-link).
+To deploy this scenario using Bicep or JSON ARM templates, [see this quickstart](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.cdn/front-door-premium-storage-blobs-private-link).
 
-To deploy this scenario by using Terraform, [see this quickstart](https://github.com/Azure/terraform/tree/master/quickstart/101-front-door-premium-storage-blobs-private-link).
+To deploy this scenario using Terraform, [see this quickstart](https://github.com/Azure/terraform/tree/master/quickstart/101-front-door-premium-storage-blobs-private-link).
 
-## Next steps
+## Next Steps
 
-Learn how to [create a Front Door profile](create-front-door-portal.md).
+Learn how to [create an Azure Front Door profile](create-front-door-portal.md).
