Adding new content for private link

Author: kummanish

articles/mariadb/concepts-data-access-security-private-link.md

@@ -5,12 +5,12 @@ author: kummanish
 ms.author: manishku
 ms.service: mariadb
 ms.topic: conceptual
-ms.date: 01/05/2020
+ms.date: 01/09/2020
 ---
 
 # Private Link for Azure Database for MariaDB (Preview)
 
-Private Link allows you to connect to various PaaS services in Azure via a private endpoint. Azure Private Link essentially brings Azure services inside the customer’s private VNet. The PaaS resources can be accessed using the private IP address just like any other resource in the VNet. This significantly simplifies the network configuration by keeping access rules private.
+Private Link allows you to connect to various PaaS services in Azure via a private endpoint. Azure Private Link essentially brings Azure services inside the customer’s private VNet. The PaaS resources can be accessed using the private IP address just like any other resource in the VNet. 
 
 For a list to PaaS services that support Private Link functionality, go to the [Private Link Documentation page](https://docs.microsoft.com/azure/private-link/index). A private endpoint is a private IP address within a specific [VNet](https://docs.microsoft.com/azure/virtual-network/virtual-networks-overview) and Subnet.
 
@@ -19,15 +19,16 @@ For a list to PaaS services that support Private Link functionality, go to the [
 
 ## Data exfiltration prevention
 
-Data ex-filtration in Azure Database for MariaDB is when an authorized user, such as a database admin is able extract data from one system and move it another location or system outside the organization. For example, the user moves the data to a storage account owned by a third party.
+Data ex-filtration in Azure Database for MariaDB is when an authorized user, such as a database admin is able to extract data from one system and move it to another location or system outside the organization. For example, the user moves the data to a storage account owned by a third party.
 
 Consider a scenario with a user running MariaDB workbench inside an Azure VM connecting to an Azure Database for MariaDB instance. This MariaDB instance is in the West US data center. The example below shows how to limit access with public endpoints on Azure Database for MariaDB using network access controls.
 
 * Disable all Azure service traffic to Azure Database for MariaDB via the public endpoint by setting Allow Azure Services to OFF. Ensure no IP addresses are allowed in the server either via [firewall rules](https://docs.microsoft.com/azure/mariadb/concepts-firewall-rules) or [virtual network service endpoints](https://docs.microsoft.com/azure/mariadb/concepts-data-access-and-security-vnet).
 
-* Only allow traffic to the Azure Database for MariaDB using the Private IP address of the VM. For more information, see the articles on Service Endpoint and VNet firewall rules.
+* Only allow traffic to the Azure Database for MariaDB using the Private IP address of the VM. For more information, see the articles on [Service Endpoint](concepts-data-access-security-vnet.md) and [VNet firewall rules](howto-manage-vnet-portal.md).
+
+* On the Azure VM, narrow down the scope of outgoing connection by using Network Security Groups (NSGs) and Service Tags as follows:
 
-    * On the Azure VM, narrow down the scope of outgoing connection by using Network Security Groups (NSGs) and Service Tags as follows
     * Specify an NSG rule to allow traffic for Service Tag = SQL.WestUs - only allowing connection to Azure Database for MariaDB in West US
     * Specify an NSG rule (with a higher priority) to deny traffic for Service Tag = SQL - denying connections to MariaDB Database in all regions</br></br>
 
@@ -41,7 +42,7 @@ When customers connect to the public endpoint from on-premises machines, their I
 
 With Private Link, customers can enable cross-premises access to the private endpoint using ExpressRoute, private peering, or VPN tunneling. Customers can then disable all access via the public endpoint and not use the IP-based firewall to allow any IP addresses.
 
-With Private Link, customers can enable cross-premises access to the private endpoint using Express Route (ER) private peering or VPN tunnel. They can subsequently disable all access via public endpoint and not use the IP-based firewall.
+With Private Link, customers can enable cross-premises access to the private endpoint using [Express Route](https://azure.microsoft.com/services/expressroute/) (ER), private peering or [VPN tunnel](https://docs.microsoft.com/azure/vpn-gateway/). They can subsequently disable all access via public endpoint and not use the IP-based firewall.
 
 ## How to set up Private Link for Azure Database for MariaDB
 

articles/mariadb/howto-configure-privatelink-cli.md

@@ -5,7 +5,7 @@ author: kummanish
 ms.author: manishku
 ms.service: mariadb
 ms.topic: conceptual
-ms.date: 01/05/2020
+ms.date: 01/09/2020
 ---
 
 # Create and manage Private Link for Azure Database for MariaDB (Preview) using CLI

articles/mariadb/howto-configure-privatelink-portal.md

@@ -5,7 +5,7 @@ author: kummanish
 ms.author: manishku
 ms.service: mariadb
 ms.topic: conceptual
-ms.date: 01/05/2020
+ms.date: 01/09/2020
 ---
 
 # Create and manage Private Link for Azure Database for MariaDB (Preview) using Portal
@@ -90,7 +90,7 @@ In this section, you will create a Virtual Network and the subnet to host the VM
 
 1. When you see the **Validation passed** message, select **Create**.
 
-## Create an Azure Database for MariaDB Single server
+## Create an Azure Database for MariaDB
 
 In this section, you will create an Azure Database for MariaDB server in Azure. 
 

articles/mysql/concepts-data-access-security-private-link.md

@@ -5,12 +5,12 @@ author: kummanish
 ms.author: manishku
 ms.service: mysql
 ms.topic: conceptual
-ms.date: 01/05/2020
+ms.date: 01/09/2020
 ---
 
 # Private Link for Azure Database for MySQL (Preview)
 
-Private Link allows you to connect to various PaaS services in Azure via a private endpoint. Azure Private Link essentially brings Azure services inside the customer’s private VNet. The PaaS resources can be accessed using the private IP address just like any other resource in the VNet. This significantly simplifies the network configuration by keeping access rules private.
+Private Link allows you to connect to various PaaS services in Azure via a private endpoint. Azure Private Link essentially brings Azure services inside the customer’s private VNet. The PaaS resources can be accessed using the private IP address just like any other resource in the VNet.
 
 For a list to PaaS services that support Private Link functionality, go to the [Private Link Documentation page](https://docs.microsoft.com/azure/private-link/index). A private endpoint is a private IP address within a specific [VNet](https://docs.microsoft.com/azure/virtual-network/virtual-networks-overview) and Subnet.
 
@@ -19,29 +19,30 @@ For a list to PaaS services that support Private Link functionality, go to the [
 
 ## Data exfiltration prevention
 
-Data ex-filtration in Azure Database for MySQL is when an authorized user, such as a database admin is able extract data from one system and move it another location or system outside the organization. For example, the user moves the data to a storage account owned by a third party.
+Data ex-filtration in Azure Database for MySQL is when an authorized user, such as a database admin is able to extract data from one system and move it to another location or system outside the organization. For example, the user moves the data to a storage account owned by a third party.
 
 Consider a scenario with a user running MySQL workbench inside an Azure VM connecting to an Azure Database for MySQL. This MySQL instance is in the West US data center. The example below shows how to limit access with public endpoints on Azure Database for MySQL using network access controls.
 
 * Disable all Azure service traffic to Azure Database for MySQL via the public endpoint by setting Allow Azure Services to OFF. Ensure no IP addresses are allowed in the server either via [firewall rules](https://docs.microsoft.com/azure/mysql/concepts-firewall-rules) or [virtual network service endpoints](https://docs.microsoft.com/azure/mysql/concepts-data-access-and-security-vnet).
 
-* Only allow traffic to the Azure Database for MySQL using the Private IP address of the VM. For more information, see the articles on Service Endpoint and VNet firewall rules.
+* Only allow traffic to the Azure Database for MySQL using the Private IP address of the VM. For more information, see the articles on [Service Endpoint](concepts-data-access-and-security-vnet.md) and [VNet firewall rules](howto-manage-vnet-using-portal.md).
+
+* On the Azure VM, narrow down the scope of outgoing connection by using Network Security Groups (NSGs) and Service Tags as follows
 
-    * On the Azure VM, narrow down the scope of outgoing connection by using Network Security Groups (NSGs) and Service Tags as follows
     * Specify an NSG rule to allow traffic for Service Tag = SQL.WestUs - only allowing connection to Azure Database for MySQL in West US
     * Specify an NSG rule (with a higher priority) to deny traffic for Service Tag = SQL - denying connections to MySQL Database in all regions</br></br>
 
-At the end of this setup, the Azure VM can connect only to Azure Database for MySQL in the West US region. However, the connectivity isn't restricted to a single Azure Database for MySQL Single server. The VM can still connect to any Azure Database for MySQL in the West US region, including the databases that aren't part of the subscription. While we've reduced the scope of data exfiltration in the above scenario to a specific region, we haven't eliminated it altogether.</br>
+At the end of this setup, the Azure VM can connect only to Azure Database for MySQL in the West US region. However, the connectivity isn't restricted to a single Azure Database for MySQL. The VM can still connect to any Azure Database for MySQL in the West US region, including the databases that aren't part of the subscription. While we've reduced the scope of data exfiltration in the above scenario to a specific region, we haven't eliminated it altogether.</br>
 
-With Private Link, customers can now set up network access controls like NSGs to restrict access to the private endpoint. Individual Azure PaaS resources are then mapped to specific private endpoints. A malicious insider can only access the mapped PaaS resource (for example an Azure Database for MySQL Single server) and no other resource.
+With Private Link, customers can now set up network access controls like NSGs to restrict access to the private endpoint. Individual Azure PaaS resources are then mapped to specific private endpoints. A malicious insider can only access the mapped PaaS resource (for example an Azure Database for MySQL) and no other resource.
 
 ## On-premises connectivity over private peering
 
 When customers connect to the public endpoint from on-premises machines, their IP address needs to be added to the IP-based firewall using a Server-level firewall rule. While this model works well for allowing access to individual machines for dev or test workloads, it's difficult to manage in a production environment.
 
 With Private Link, customers can enable cross-premises access to the private endpoint using ExpressRoute, private peering, or VPN tunneling. Customers can then disable all access via the public endpoint and not use the IP-based firewall to allow any IP addresses.
 
-With Private Link, customers can enable cross-premises access to the private endpoint using Express Route (ER) private peering or VPN tunnel. They can subsequently disable all access via public endpoint and not use the IP-based firewall.
+With Private Link, customers can enable cross-premises access to the private endpoint using [Express Route](https://azure.microsoft.com/services/expressroute/) (ER), private peering or [VPN tunnel](https://docs.microsoft.com/azure/vpn-gateway/). They can subsequently disable all access via public endpoint and not use the IP-based firewall.
 
 ## How to set up Private Link for Azure Database for MySQL
 

articles/mysql/howto-configure-privatelink-cli.md

@@ -5,7 +5,7 @@ author: kummanish
 ms.author: manishku
 ms.service: mysql
 ms.topic: conceptual
-ms.date: 01/05/2020
+ms.date: 01/09/2020
 ---
 
 # Create and manage Private Link for Azure Database for MySQL (Preview) using CLI
@@ -163,9 +163,9 @@ Connect to the VM *myVm* from the internet as follows:
     | Setting | Value |
     | ------- | ----- |
     | Connection Name| Select the connection name of your choice.|
-    | Hostname | Select *mydemoserver.mariadb.privatelink.database.azure.com* |
-    | Username | Enter username as *username@servername* which is provided during the MariaDB server creation. |
-    | Password | Enter a password provided during the MariaDB server creation. |
+    | Hostname | Select *mydemoserver.mysql.privatelink.database.azure.com* |
+    | Username | Enter username as *username@servername* which is provided during the MySQL server creation. |
+    | Password | Enter a password provided during the MySQL server creation. |
     ||
 
 5. Select Connect.

articles/mysql/howto-configure-privatelink-portal.md

@@ -5,7 +5,7 @@ author: kummanish
 ms.author: manishku
 ms.service: mysql
 ms.topic: conceptual
-ms.date: 01/05/2020
+ms.date: 01/09/2020
 ---
 
 # Create and manage Private Link for Azure Database for MySQL (Preview) using Portal
@@ -90,7 +90,7 @@ In this section, you will create a Virtual Network and the subnet to host the VM
 
 1. When you see the **Validation passed** message, select **Create**.
 
-## Create an Azure Database for MySQL Single server
+## Create an Azure Database for MySQL
 
 In this section, you will create an Azure Database for MySQL server in Azure. 
 

articles/postgresql/concepts-data-access-and-security-private-link.md

@@ -5,12 +5,12 @@ author: kummanish
 ms.author: manishku
 ms.service: postgresql
 ms.topic: conceptual
-ms.date: 12/23/2019
+ms.date: 01/09/2020
 ---
 
 # Private Link for Azure Database for PostgreSQL-Single server (Preview)
 
-Private Link allows you to connect to various PaaS services in Azure via a private endpoint. Azure Private Link essentially brings Azure services inside the customer’s private VNet. The PaaS resources can be accessed using the private IP address just like any other resource in the VNet. This significantly simplifies the network configuration by keeping access rules private.
+Private Link allows you to connect to various PaaS services in Azure via a private endpoint. Azure Private Link essentially brings Azure services inside the customer’s private VNet. The PaaS resources can be accessed using the private IP address just like any other resource in the VNet.
 
 For a list to PaaS services that support Private Link functionality, go to the [Private Link Documentation page](https://docs.microsoft.com/azure/private-link/index). A private endpoint is a private IP address within a specific [VNet](https://docs.microsoft.com/azure/virtual-network/virtual-networks-overview) and Subnet.
 
@@ -19,15 +19,16 @@ For a list to PaaS services that support Private Link functionality, go to the [
 
 ## Data exfiltration prevention
 
-Data ex-filtration in Azure Database for PostgreSQL Single server is when an authorized user, such as a database admin is able extract data from one system and move it another location or system outside the organization. For example, the user moves the data to a storage account owned by a third party.
+Data ex-filtration in Azure Database for PostgreSQL Single server is when an authorized user, such as a database admin is able to extract data from one system and move it to another location or system outside the organization. For example, the user moves the data to a storage account owned by a third party.
 
 Consider a scenario with a user running PostgreSQL Single server workbench inside an Azure VM connecting to an Azure Database for PostgreSQL Single server instance. This PostgreSQL Single server instance is in the West US data center. The example below shows how to limit access with public endpoints on Azure Database for PostgreSQL Single server using network access controls.
 
 * Disable all Azure service traffic to Azure Database for PostgreSQL Single server via the public endpoint by setting Allow Azure Services to OFF. Ensure no IP addresses are allowed in the server either via [firewall rules](https://docs.microsoft.com/azure/postgresql/concepts-firewall-rules) or [virtual network service endpoints](https://docs.microsoft.com/azure/postgresql/concepts-data-access-and-security-vnet).
 
-* Only allow traffic to the Azure Database for PostgreSQL Single server using the Private IP address of the VM. For more information, see the articles on Service Endpoint and VNet firewall rules.
+* Only allow traffic to the Azure Database for PostgreSQL Single server using the Private IP address of the VM. For more information, see the articles on [Service Endpoint](concepts-data-access-and-security-vnet.md) and [VNet firewall rules.](howto-manage-vnet-using-portal.md)
+
+* On the Azure VM, narrow down the scope of outgoing connection by using Network Security Groups (NSGs) and Service Tags as follows
 
-    * On the Azure VM, narrow down the scope of outgoing connection by using Network Security Groups (NSGs) and Service Tags as follows
     * Specify an NSG rule to allow traffic for Service Tag = SQL.WestUs - only allowing connection to Azure Database for PostgreSQL Single server in West US
     * Specify an NSG rule (with a higher priority) to deny traffic for Service Tag = SQL - denying connections to PostgreSQL Database in all regions</br></br>
 
@@ -39,7 +40,8 @@ With Private Link, customers can now set up network access controls like NSGs to
 
 When customers connect to the public endpoint from on-premises machines, their IP address needs to be added to the IP-based firewall using a Server-level firewall rule. While this model works well for allowing access to individual machines for dev or test workloads, it's difficult to manage in a production environment.
 
-With Private Link, customers can enable cross-premises access to the private endpoint using ExpressRoute, private peering, or VPN tunneling. Customers can then disable all access via the public endpoint and not use the IP-based firewall to allow any IP addresses.
+With Private Link, customers can enable cross-premises access to the private endpoint using [Express Route](https://azure.microsoft.com/services/expressroute/) (ER), private peering or [VPN tunnel](https://docs.microsoft.com/azure/vpn-gateway/). They can subsequently disable all access via public endpoint and not use the IP-based firewall.
+
 
 With Private Link, customers can enable cross-premises access to the private endpoint using Express Route (ER) private peering or VPN tunnel. They can subsequently disable all access via public endpoint and not use the IP-based firewall.
 

articles/postgresql/howto-configure-privatelink-cli.md

@@ -5,7 +5,7 @@ author: kummanish
 ms.author: manishku
 ms.service: postgresql
 ms.topic: conceptual
-ms.date: 01/04/2020
+ms.date: 01/09/2020
 ---
 
 # Create and manage Private Link for Azure Database for PostgreSQL - Single server (Preview) using CLI

articles/postgresql/howto-configure-privatelink-portal.md

@@ -5,7 +5,7 @@ author: kummanish
 ms.author: manishku
 ms.service: postgresql
 ms.topic: conceptual
-ms.date: 01/04/2020
+ms.date: 01/09/2020
 ---
 
 # Create and manage Private Link for Azure Database for PostgreSQL - Single server (Preview) using Portal

articles/private-link/private-endpoint-overview.md

@@ -7,7 +7,7 @@ author: malopMSFT
 
 ms.service: private-link
 ms.topic: conceptual
-ms.date: 09/16/2019
+ms.date: 01/09/2020
 ms.author: allensu
 ---
 # What is Azure Private Endpoint?