Merge pull request #212003 from tomkerkhove/shgw-edit

v-ccolin · web-flow · commit 7ae927b9d13b · 2022-09-23T09:35:23.000+01:00
docs: Provide scalable overview of SHGW configuration requirements
diff --git a/articles/api-management/self-hosted-gateway-migration-guide.md b/articles/api-management/self-hosted-gateway-migration-guide.md
@@ -29,7 +29,7 @@ Learn more about the connectivity of our gateway, our new infrastructure require
 
 ## Prerequisites
 
-Before you can migrate to self-hosted gateway v2, you need to ensure your infrastructure [meets the requirements](self-hosted-gateway-overview.md#gateway-v2-requirements).
+Before you can migrate to self-hosted gateway v2, you need to ensure your infrastructure [meets the requirements](self-hosted-gateway-overview.md#fqdn-dependencies).
 
 ## Migrating to self-hosted gateway v2
 
@@ -55,8 +55,8 @@ Currently, Azure API Management provides the following Configuration APIs for se
 
 | Configuration Service | URL | Supported | Requirements |
 | --- | --- | --- | --- |
-| v2 | `{name}.configuration.azure-api.net` | Yes | [Link](self-hosted-gateway-overview.md#gateway-v2-requirements) |
-| v1 | `{name}.management.azure-api.net/subscriptions/{sub-id}/resourceGroups/{rg-name}/providers/Microsoft.ApiManagement/service/{name}?api-version=2021-01-01-preview` | No | [Link](self-hosted-gateway-overview.md#gateway-v1-requirements) |
+| v2 | `{name}.configuration.azure-api.net` | Yes | [Link](self-hosted-gateway-overview.md#fqdn-dependencies) |
+| v1 | `{name}.management.azure-api.net/subscriptions/{sub-id}/resourceGroups/{rg-name}/providers/Microsoft.ApiManagement/service/{name}?api-version=2021-01-01-preview` | No | [Link](self-hosted-gateway-overview.md#fqdn-dependencies) |
 
 Customer must use the new Configuration API v2 by changing their deployment scripts to use the new URL and meet infrastructure requirements.
 
diff --git a/articles/api-management/self-hosted-gateway-overview.md b/articles/api-management/self-hosted-gateway-overview.md
@@ -92,43 +92,25 @@ Self-hosted gateways require outbound TCP/IP connectivity to Azure on port 443.
 
 To operate properly, each self-hosted gateway needs outbound connectivity on port 443 to the following endpoints associated with its cloud-based API Management instance:
 
-- [Gateway v2 requirements](#gateway-v2-requirements)
-- [Gateway v1 requirements](#gateway-v1-requirements)
+| Description | Required for v1 | Required for v2 | Notes |
+|:------------|:---------------------|:---------------------|:------|
+| Hostname of the configuration endpoint | `<apim-service-name>.management.azure-api.net` | `<apim-service-name>.configuration.azure-api.net` | |
+| Public IP address of the API Management instance | ✔️ | ✔️ | IP addresses of primary location is sufficient. |
+| Public IP addresses of Azure Storage [service tag](../virtual-network/service-tags-overview.md) | ✔️ | Optional<sup>1</sup> | IP addresses must correspond to primary location of API Management instance. |
+| Hostname of Azure Blob Storage account | ✔️ | Optional<sup>1</sup> | Account associated with instance (`<blob-storage-account-name>.blob.core.windows.net`) |
+| Hostname of Azure Table Storage account | ✔️ | Optional<sup>1</sup> | Account associated with instance (`<table-storage-account-name>.table.core.windows.net`) |
+| Endpoints for [Azure Application Insights integration](api-management-howto-app-insights.md) | Optional<sup>2</sup> | Optional<sup>2</sup> | Minimal required endpoints are:<ul><li>`rt.services.visualstudio.com:443`</li><li>`dc.services.visualstudio.com:443`</li><li>`{region}.livediagnostics.monitor.azure.com:443`</li></ul>Learn more in [Azure Monitor docs](../azure-monitor/app/ip-addresses.md#outgoing-ports) |
+| Endpoints for [Event Hubs integration](api-management-howto-log-event-hubs.md) | Optional<sup>2</sup> | Optional<sup>2</sup> | Learn more in [Azure Event Hubs docs](../event-hubs/network-security.md) |
+| Endpoints for [external cache integration](api-management-howto-cache-external.md) | Optional<sup>2</sup> | Optional<sup>2</sup> | This requirement depends on the external cache that is being used |
+
+<sup>1</sup> Only required in v2 when API inspector or quotas are used in policies.<br/>
+<sup>2</sup> Only required when feature is used and requires public IP address, port and hostname information.<br/>
 
 > [!IMPORTANT]
 > * DNS hostnames must be resolvable to IP addresses and the corresponding IP addresses must be reachable.
 > * The associated storage account names are listed in the service's **Network connectivity status** page in the Azure portal.
 > * Public IP addresses underlying the associated storage accounts are dynamic and can change without notice.
 
-If integrated with your API Management instance, also enable outbound connectivity to the associated public IP addresses, ports, and hostnames for:
-
-* [Event Hubs](api-management-howto-log-event-hubs.md) 
-* [Application Insights](api-management-howto-app-insights.md)  
-* [External cache](api-management-howto-cache-external.md) 
-
-#### Gateway v2 requirements
-
-The self-hosted gateway v2 requires the following:
-
-* The public IP address of the API Management instance in its primary location
-* The hostname of the instance's configuration endpoint: `<apim-service-name>.configuration.azure-api.net`
-
-Additionally, customers that use API inspector or quotas in their policies have to ensure that the following dependencies are accessible: 
-
-* The hostname of the instance's associated blob storage account: `<blob-storage-account-name>.blob.core.windows.net`
-* The hostname of the instance's associated table storage account: `<table-storage-account-name>.table.core.windows.net`
-* Public IP addresses from the Storage [service tag](../virtual-network/service-tags-overview.md) corresponding to the primary location of the API Management instance
-
-#### Gateway v1 requirements
-
-The self-hosted gateway v1 requires the following:
-
-* The public IP address of the API Management instance in its primary location
-* The hostname of the instance's management endpoint: `<apim-service-name>.management.azure-api.net`
-* The hostname of the instance's associated blob storage account: `<blob-storage-account-name>.blob.core.windows.net`
-* The hostname of the instance's associated table storage account: `<table-storage-account-name>.table.core.windows.net`
-* Public IP addresses from the Storage [service tag](../virtual-network/service-tags-overview.md) corresponding to the primary location of the API Management instance
-
 ### Connectivity failures
 
 When connectivity to Azure is lost, the self-hosted gateway is unable to receive configuration updates, report its status, or upload telemetry.
