Merge pull request #251946 from MicrosoftDocs/main

9/18/2023 PM Publish

Author: Taojunshen

.openpublishing.redirection.json

@@ -23591,13 +23591,27 @@
             "source_path_from_root": "/articles/devtest-labs/how-to-move-schedule-to-new-region.md",
             "redirect_url": "/azure/devtest-labs/how-to-move-labs",
             "redirect_document_id": false
-        },
+        },       
         {
             "source_path_from_root": "/articles/devtest-labs/devtest-lab-guidance-prescriptive-adoption.md",
             "redirect_url": "/azure/devtest-labs/deliver-proof-of-concept",
             "redirect_document_id": false
         },        
         {
+            "source_path_from_root": "/articles/devtest-labs/devtest-lab-guidance-governance-cost-ownership.md",
+            "redirect_url": "/azure/devtest-labs/devtest-lab-guidance-governance-resources",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/devtest-labs/devtest-lab-guidance-governance-policy-compliance.md",
+            "redirect_url": "/azure/devtest-labs/devtest-lab-guidance-governance-resources",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/devtest-labs/devtest-lab-guidance-governance-application-migration-integration.md",
+            "redirect_url": "/azure/devtest-labs/devtest-lab-guidance-governance-resources",
+            "redirect_document_id": false
+        },        {
             "source_path_from_root": "/articles/azure/virtual-desktop/azure-advisor.md",
             "redirect_url": "/azure/advisor/advisor-overview",
             "redirect_document_id": false

articles/active-directory/governance/apps.md

@@ -188,7 +188,7 @@ You can deploy a DaemonSet for the NVIDIA device plugin, which runs a pod on eac
             value: "gpu"
             effect: "NoSchedule"
           containers:
-          - image: mcr.microsoft.com/oss/nvidia/k8s-device-plugin:1.11
+          - image: mcr.microsoft.com/oss/nvidia/k8s-device-plugin:v0.14.1
             name: nvidia-device-plugin-ctr
             securityContext:
               allowPrivilegeEscalation: false

articles/aks/gpu-cluster.md

@@ -5,7 +5,7 @@ ms.subservice: aks-networking
 ms.custom: devx-track-arm-template, devx-track-azurecli
 author: asudbring
 ms.topic: how-to
-ms.date: 02/01/2023
+ms.date: 09/18/2023
 ms.author: allensu
 ---
 
@@ -22,7 +22,6 @@ Some more complex solutions may require creating a chain of trust to establish s
 The following scenarios are **not** supported:
 
 - Different proxy configurations per node pool
-- Updating HTTP/HTTPS proxy settings post cluster creation
 - User/Password authentication
 - Custom CAs for API server communication
 - Windows-based clusters
@@ -109,7 +108,10 @@ In your template, provide values for *httpProxy*, *httpsProxy*, and *noProxy*. I
 
 ## Updating Proxy configurations
 
-Values for *httpProxy*, and *httpsProxy* can't be changed after cluster creation. However, the values for *trustedCa* and *NoProxy* can be changed and applied to the cluster with the [az aks update][az-aks-update] command. An aks update for *NoProxy* will automatically inject new environment variables into pods with the new *NoProxy* values.  Pods must be rotated for the apps to pick it up.  For components under kubernetes, like containerd and the node itself, this won't take effect until a node image upgrade is performed.
+> [!NOTE]
+> If switching to a new proxy, the new proxy must already exist for the update to be successful.  Then, after the upgrade is completed the old proxy can be deleted.
+
+Values for *httpProxy*, *httpsProxy*, *trustedCa* and *NoProxy* can be changed and applied to the cluster with the [az aks update][az-aks-update] command. An aks update for *httpProxy*, *httpsProxy*, and/or *NoProxy* will automatically inject new environment variables into pods with the new *httpProxy*, *httpsProxy*, or *NoProxy* values.  Pods must be rotated for the apps to pick it up.  For components under kubernetes, like containerd and the node itself, this won't take effect until a node image upgrade is performed.
 
 For example, assuming a new file has been created with the base64 encoded string of the new CA cert called *aks-proxy-config-2.json*, the following action updates the cluster.  Or, you need to add new endpoint urls for your applications to No Proxy:
 

articles/aks/http-proxy.md

@@ -27,11 +27,11 @@ If the virtual network is in a different subscription than the app, you must ens
 
 ## Configure in the Azure portal
 
-1. Go to **Networking** in the App Service portal. Under **Outbound Traffic**, select **VNet integration**.
+1. Go to **Networking** in the App Service portal. Under **Outbound traffic configuration**, select **Virtual network integration**.
 
-1. Select **Add VNet**.
+1. Select **Add virtual network integration**.
 
-    :::image type="content" source="./media/configure-vnet-integration-enable/vnetint-app.png" alt-text="Screenshot that shows selecting VNet integration.":::
+    :::image type="content" source="./media/configure-vnet-integration-enable/vnetint-app.png" alt-text="Screenshot that shows selecting Virtual network integration.":::
 
 1. The dropdown list contains all the virtual networks in your subscription in the same region. Select an empty pre-existing subnet or create a new subnet.
 

articles/app-service/configure-vnet-integration-enable.md

@@ -9,47 +9,47 @@ ms.date: 10/20/2021
 
 # Manage Azure App Service virtual network integration routing
 
-Through application routing or configuration routing options, you can configure what traffic will be sent through the virtual network integration. See the [overview section](./overview-vnet-integration.md#routes) for more details.
+Through application routing or configuration routing options, you can configure what traffic is sent through the virtual network integration. For more information, see the [overview section](./overview-vnet-integration.md#routes).
 
 ## Prerequisites
 
 Your app is already integrated using the regional virtual network integration feature.
 
 ## Configure application routing
 
-Application routing defines what traffic is routed from your app and into the virtual network. We recommend that you use the **Route All** site setting to enable routing of all traffic. Using the configuration setting allows you to audit the behavior with [a built-in policy](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F33228571-70a4-4fa1-8ca1-26d0aba8d6ef). The existing `WEBSITE_VNET_ROUTE_ALL` app setting can still be used, and you can enable all traffic routing with either setting.
+Application routing defines what traffic is routed from your app and into the virtual network. We recommend that you use the `vnetRouteAllEnabled` site setting to enable routing of all traffic. Using the configuration setting allows you to audit the behavior with [a built-in policy](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F33228571-70a4-4fa1-8ca1-26d0aba8d6ef). The existing `WEBSITE_VNET_ROUTE_ALL` app setting can still be used, and you can enable all traffic routing with either setting.
 
 ### Configure in the Azure portal
 
-Follow these steps to disable **Route All** in your app through the portal.
+Follow these steps to disable outbound internet traffic routing in your app through the portal.
 
-:::image type="content" source="./media/configure-vnet-integration-routing/vnetint-route-all-enabled.png" alt-text="Screenshot that shows enabling Route All.":::
+:::image type="content" source="./media/configure-vnet-integration-routing/vnetint-route-all-enabled.png" alt-text="Screenshot that shows enabling outbound internet traffic.":::
 
-1. Go to **Networking** > **VNet integration** in your app portal.
-1. Set **Route All** to **Disabled**.
+1. Go to **Networking** > **Virtual network integration** in your app portal.
+1. Uncheck the **Outbound internet traffic** setting.
 
-    :::image type="content" source="./media/configure-vnet-integration-routing/vnetint-route-all-disabling.png" alt-text="Screenshot that shows disabling Route All.":::
+    :::image type="content" source="./media/configure-vnet-integration-routing/vnetint-route-all-disabling.png" alt-text="Screenshot that shows disabling outbound internet traffic.":::
 
-1. Select **Yes** to confirm.
+1. Select **Apply** to confirm.
 
 ### Configure with the Azure CLI
 
-You can also configure **Route All** by using the Azure CLI.
+You can also configure **Outbound internet traffic** by using the Azure CLI.
 
 ```azurecli-interactive
-az resource update --resource-group <group-name> --name <app-name> --resource-type "Microsoft.Web/sites" --set properties.vnetRouteAllEnabled [true|false]
+az resource update --resource-group <group-name> --name <app-name> --resource-type "Microsoft.Web/sites" --set properties.vnetRouteAllEnabled=[true|false]
 ```
 
 ## Configure configuration routing
 
-When you're using virtual network integration, you can configure how parts of the configuration traffic are managed. By default, configuration traffic will go directly over the public route, but for the mentioned individual components, you can actively configure it to be routed through the virtual network integration.
+When you're using virtual network integration, you can configure how parts of the configuration traffic are managed. By default, configuration traffic goes directly over the public route, but for the mentioned individual components, you can actively configure it to be routed through the virtual network integration.
 
 ### Container image pull
 
 Routing container image pull over virtual network integration can be configured using the Azure CLI.
 
 ```azurecli-interactive
-az resource update --resource-group <group-name> --name <app-name> --resource-type "Microsoft.Web/sites" --set properties.vnetImagePullEnabled [true|false]
+az resource update --resource-group <group-name> --name <app-name> --resource-type "Microsoft.Web/sites" --set properties.vnetImagePullEnabled=[true|false]
 ```
 
 We recommend that you use the site property to enable routing image pull traffic through the virtual network integration. Using the configuration setting allows you to audit the behavior with Azure Policy. The existing `WEBSITE_PULL_IMAGE_OVER_VNET` app setting with the value `true` can still be used, and you can enable routing through the virtual network with either setting.
@@ -59,11 +59,19 @@ We recommend that you use the site property to enable routing image pull traffic
 Routing content share over virtual network integration can be configured using the Azure CLI. In addition to enabling the feature, you must also ensure that any firewall or Network Security Group configured on traffic from the subnet allow traffic to port 443 and 445.
 
 ```azurecli-interactive
-az resource update --resource-group <group-name> --name <app-name> --resource-type "Microsoft.Web/sites" --set properties.vnetContentShareEnabled [true|false]
+az resource update --resource-group <group-name> --name <app-name> --resource-type "Microsoft.Web/sites" --set properties.vnetContentShareEnabled=[true|false]
 ```
 
 We recommend that you use the site property to enable content share traffic through the virtual network integration. Using the configuration setting allows you to audit the behavior with Azure Policy. The existing `WEBSITE_CONTENTOVERVNET` app setting with the value `1` can still be used, and you can enable routing through the virtual network with either setting.
 
+### Backup/restore
+
+Routing backup traffic over virtual network integration can be configured using the Azure CLI. Database backup isn't supported over the virtual network integration.
+
+```azurecli-interactive
+az resource update --resource-group <group-name> --name <app-name> --resource-type "Microsoft.Web/sites" --set properties.vnetBackupRestoreEnabled=[true|false]
+```
+
 ## Next steps
 
 - [Enable virtual network integration](./configure-vnet-integration-enable.md)