You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/modeling-simulation-workbench/concept-network.md
+13-9Lines changed: 13 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,43 +12,47 @@ ms.date: 10/13/2024
12
12
13
13
# Networking overview
14
14
15
-
The Azure Modeling and Simulation Workbench is a managed, cloud-based platform-as-a-service (PaaS) with an isolated network infrastructure. [Chambers](./concept-chamber.md) are designed for confidentiality and each is a self-contained, private work environment. No connections to the internet, to other chambers are possible. The network architecture allows only remote desktop connection to chamber virtual machines (VM). No file mounts, SSH, or custom connections are possible from outside a chamber.
15
+
The Modeling and Simulation Workbench is a managed, cloud-based platform-as-a-service (PaaS) with an isolated network infrastructure. [Chambers](./concept-chamber.md) are designed for confidentiality and each is a self-contained, private work environment. No connections to the internet or to other chambers are possible. The network allows only remote desktop connections to chamber virtual machines (VM). No file mounts, SSH, or custom connections are possible from or into a chamber.
16
16
17
17
This article provides an overview of the Modeling and Simulation Workbench network architecture and provides references to guides for managing those resources.
18
18
19
19
## Chamber networking
20
20
21
-
[Chambers](./concept-chamber.md) are isolated environments where users in the same enterprise or organization can freely collaborate. Every virtual machine in the same chamber is deployed to the same subnet as and can directly communicate to other VMs in the same chamber. Chamber VMs can't communicate with the internet or other chambers or any on-premises infrastructure. Chamber-to-chamber communication is only possible using [shared storage](./concept-storage.md#workbench-tier-shared-storage). Virtual machines (VM) can only be reached using a remote desktop connection by users who provisioned for the chamber.
21
+
[Chambers](./concept-chamber.md) are isolated environments where users in the same enterprise or organization can collaborate. Every virtual machine in the same chamber is connected to the same subnet and can directly communicate to other VMs in the same chamber. Chamber VMs can't communicate with the internet, VMs in other chambers, or on-premises infrastructure. Chamber-to-chamber communication is only achieved using [shared storage](./concept-storage.md#workbench-tier-shared-storage). Virtual machines can only be connected to using a specially provisioned remote desktop client.
22
22
23
23
### Desktop service
24
24
25
-
A remote desktop client is required to communicate with chamber VMs. Only the approved solution is able to make a connection to chamber VMs and must be started from the connector. Refer to the [Quickstart: Connect to desktop](quickstart-connect-desktop.md) article to learn how to connect to a VM. VMs aren't exposed outside of a chamber and therefore can't be accessed via SSH. You can SSH to another VM once in the desktop environment.
25
+
A remote desktop client is required to communicate with chamber VMs. Users can't initiate SSH connections to VMs from outside a chamber, but can SSH between VMs after connecting to the desktop service. The desktop client prohibits file shares, printer, and removable storage access. Refer to the [Quickstart: Connect to desktop](quickstart-connect-desktop.md) article to learn how to connect to a VM.
26
26
27
27
### Chamber license service
28
28
29
-
Every chamber has its own [license service](./concept-license-service.md). License servers for the major Electronic Design Automation (EDA) vendors are preinstalled and configured in each chamber. The license servers are only accessible to VMs in the same chamber and can't be accessed or integrated with other license servers in other chambers or on-premises infrastructure.
29
+
Every chamber has its own [license service](./concept-license-service.md). License servers are automatically provisioned with each chamber for the four major Electronic Design Automation (EDA) vendors. The license servers are only accessible by VMs from within the chamber and can't integrate with license servers in other chambers or on-premises license servers.
30
30
31
31
### Red Hat package repository
32
32
33
-
Azure maintains a private mirror of the official Red Hat Update Infrastructure (RHUI). Chamber VMs can access the Azure RHUI using the Red Hat's `yum` and `dnf` package managers.
33
+
Azure maintains a private mirror of the official Red Hat Update Infrastructure (RHUI). Chamber VMs can access the Azure RHUI using the Red Hat's `yum` and `dnf` package managers to install packages distributed in the official mirrors. Learn more about Red Hat package management at [Linux package management with YUM and RPM](https://www.redhat.com/sysadmin/how-manage-packages) on the Red Hat site.
34
34
35
35
### Firewalls
36
36
37
-
The Modeling and Simulation Workbench offers the standard Azure image of Red Hat Enterprise Linux (RHEL) 8.8, with only a few modifications. The `firewalld` daemon, shipped and enabled by default on all RHEL 8.8 images, is also enabled in Modeling and Simulation Workbench chamber VMs.
37
+
The Modeling and Simulation Workbench provides the standard Azure Red Hat Enterprise Linux (RHEL) 8.8 image, with only a few modifications. The `firewalld` daemon, shipped and enabled by default on all RHEL 8.8 images, remains enabled in Modeling and Simulation Workbench chamber VMs.
38
38
39
39
> [!IMPORTANT]
40
40
> The `firewalld` service might block communications for applications and services not installed via a Red Hat package or package manager. Refer to the application's documentation and the guide to [configure firewalls](how-to-guide-configure-firewall-red-hat.md) on how to manage firewall rules. Modifying firewalls on individual VMs won't enable access to VMs located in the other chambers or on-premises infrastructure.
41
41
42
42
## Connectors
43
43
44
-
[Connectors](concept-connector.md) are resources associated with chambers and configure networking access to a chamber from outside a workbench. Connectors are created either as public IP or private network connector. [Public IP](./how-to-guide-public-network.md) connectors are accessible from the internet and access is controlled with an allowlist. [Private network](./how-to-guide-private-network.md) connectors are deployed to a private virtual network in your subscription.
44
+
[Connectors](concept-connector.md) are connectivity resources associated with chambers and configure networking access to a chamber from outside a workbench. Connectors are created either as public IP or private network connector. [Public IP](./how-to-guide-public-network.md) connectors allow access to your chamber from the internet and control access via an IP address allowlist. [Private network](./how-to-guide-private-network.md) connectors create network endpoints on virtual network in your subscription and require you to peer with another virtual network, such as virtual private network (VPN) gateway.
45
45
46
46
## Storage and data pipelines
47
47
48
48
There are several types and tiers of [storage](./concept-storage.md) in the Modeling and Simulation Workbench. Storage local to a VM, [chamber storage](./how-to-guide-manage-chamber-storage.md), and [shared storage](./how-to-guide-manage-shared-storage.md) are accessible outside of a chamber. Storage volumes can't be mounted or accessed from the internet or on-premises infrastructure.
49
49
50
-
The [data pipeline](./concept-data-pipeline.md) is the only means of [exporting](./how-to-guide-download-data.md) or [importing](./how-to-guide-upload-data.md) into a workbench.
50
+
The [data pipeline](./concept-data-pipeline.md) is the only means of [exporting](./how-to-guide-download-data.md) or [importing](./how-to-guide-upload-data.md) into a workbench. With public networking connectors, the connector defines what IP addresses can use the data pipeline.
51
51
52
52
## Related content
53
53
54
-
-[Write concepts](article-concept.md)
54
+
*[Import data into Azure Modeling and Simulation Workbench](how-to-guide-upload-data.md)
55
+
*[Export data from Azure Modeling and Simulation Workbench](how-to-guide-download-data.md)
56
+
*[Configure firewalls in Red Hat](how-to-guide-configure-firewall-red-hat.md)
57
+
*[Set up a public IP network connector](how-to-guide-public-network.md)
58
+
*[Set up a private networking connector](how-to-guide-private-network.md)
0 commit comments