most questions answered

Author: ronhogue

articles/hpc-cache/hpc-cache-add-storage.md

@@ -1,12 +1,12 @@
 ---
 title: Add storage to an Azure HPC Cache
 description: How to define storage targets so that your Azure HPC Cache can use your on-premises NFS system or Azure Blob containers for long-term file storage 
-author: femila
+author: rohogue
 ms.service: hpc-cache
 ms.topic: how-to
-ms.date: 09/22/2021
+ms.date: 12/29/2021
 ms.custom: subject-rbac-steps
-ms.author: femila
+ms.author: rohogue
 ---
 
 # Add storage targets
@@ -120,7 +120,7 @@ You can do this ahead of time, or by clicking a link on the portal page where yo
 1. Select **Add** > **Add role assignment** to open the Add role assignment page.
 
 1. Assign the following roles, one at a time. For detailed steps, see [Assign Azure roles using the Azure portal](../role-based-access-control/role-assignments-portal.md).
-    
+
     | Setting | Value |
     | --- | --- |
     | Roles | [Storage Account Contributor](../role-based-access-control/built-in-roles.md#storage-account-contributor) <br/>  [Storage Blob Data Contributor](../role-based-access-control/built-in-roles.md#storage-blob-data-contributor) |
@@ -149,7 +149,7 @@ Steps to add the Azure roles:
 
 1. Click the **Save** button at the bottom.
 
-1. Repeat this process to assign the role "Storage Blob Data Contributor".  
+1. Repeat this process to assign the role "Storage Blob Data Contributor".
 
 ![screenshot of add role assignment GUI](media/hpc-cache-add-role.png) -->
 
@@ -320,6 +320,7 @@ az hpc-cache nfs-storage-target add --resource-group "hpc-cache-group" --cache-n
 ```
 
 Output:
+
 ```azurecli
 
 {- Finished ..
@@ -451,4 +452,4 @@ After creating storage targets, continue with these tasks to get your cache read
 * [Mount the Azure HPC Cache](hpc-cache-mount.md)
 * [Move data to Azure Blob storage](hpc-cache-ingest.md)
 
-If you need to update any settings, you can [edit a storage target](hpc-cache-edit-storage.md).
+If you need to update any settings, you can [edit a storage target](hpc-cache-edit-storage.md).

articles/hpc-cache/hpc-cache-prerequisites.md

@@ -4,7 +4,7 @@ description: Prerequisites for using Azure HPC Cache
 author: ekpgh
 ms.service: hpc-cache
 ms.topic: how-to
-ms.date: 11/03/2021
+ms.date: 01/03/2022
 ms.author: rohogue
 ---
 
@@ -132,6 +132,8 @@ To create a compatible storage account, use one of these combinations:
 
 The storage account must be accessible from your cache's private subnet. If your account uses a private endpoint or a public endpoint that is restricted to specific virtual networks, make sure to enable access from the cache's subnet. (An open public endpoint is not recommended.)
 
+Read [Work with private endpoints](#work-with-private-endpoints) for tips about using private endpoints with HPC Cache storage targets.
+
 It's a good practice to use a storage account in the same Azure region as your cache.
 
 You also must give the cache application access to your Azure storage account as mentioned in [Permissions](#permissions), above. Follow the procedure in [Add storage targets](hpc-cache-add-storage.md#add-the-access-control-roles-to-your-account) to give the cache the required access roles. If you are not the storage account owner, have the owner do this step.
@@ -207,6 +209,8 @@ This is a general overview of the steps. These steps might change, so always ref
    * Instead of the using the storage account settings for a standard blob storage account, follow the instructions in the [how-to document](../storage/blobs/network-file-system-protocol-support-how-to.md). The type of storage account supported might vary by Azure region.
 
    * In the Networking section, choose a private endpoint in the secure virtual network you created (recommended), or choose a public endpoint with restricted access from the secure VNet.
+  
+     Read [Work with private endpoints](#work-with-private-endpoints) for tips about using private endpoints with HPC Cache storage targets.
 
    * Do not forget to complete the Advanced section, where you enable NFS access.
 
@@ -216,10 +220,29 @@ This is a general overview of the steps. These steps might change, so always ref
 
 Learn more about using ADLS-NFS storage targets with Azure HPC Cache in [Use NFS-mounted blob storage with Azure HPC Cache](nfs-blob-considerations.md).
 
+### Work with private endpoints <!-- [Work with private endpoints](#work-with-private-endpoints) -->
+
+Azure Storage supports private endpoints to allow secure data access. You can use private endpoints with Azure Blob or NFS-mounted blob storage targets.
+
+[Learn more about private endpoints](../storage/common/storage-private-endpoints)
+
+Keep these tips in mind if you use storage targets with private endpoints:
+
+* If you need to change a private endpoint's configuration, first suspend any storage targets that use the endpoint. Follow this procedure to avoid communication problems between the storage and the HPC Cache:
+
+  1. Suspend the storage target (or all of the storage targets if more than one uses the endpoint)
+  1. Make changes to the private endpoint, and save those changes
+  1. Put the storage target back into service with the "resume" command
+  1. Refresh the storage target's DNS setting
+
+  Read [View and manage storage targets](manage-storage-targets.md) to learn how to suspend, resume, and refresh DNS for storage targets.
+
+* For NFS-mounted blob storage, you cannot delete the storage endpoint that was created with the storage subnet. You might assume that the subnet's storage endpoint is not needed after you set up a private endpoint, but some Azure processes still expect it to exist. <!--the storage endpoint that is associated with the subnet ***[??? is this the storage's subnet? And you think you should be able to delete it because you're using NFS or something? ???]*** -->
+
 ## Set up Azure CLI access (optional)
 
 If you want to create or manage Azure HPC Cache from the Azure CLI, you need to install Azure CLI and the hpc-cache extension. Follow the instructions in [Set up Azure CLI for Azure HPC Cache](az-cli-prerequisites.md).
 
 ## Next steps
 
-* [Create an Azure HPC Cache instance](hpc-cache-create.md) from the Azure portal
+* [Create an Azure HPC Cache instance](hpc-cache-create.md) from the Azure portal

articles/hpc-cache/manage-storage-targets.md

@@ -1,11 +1,11 @@
 ---
 title: Manage Azure HPC Cache storage targets
 description: How to suspend, remove, force delete, and flush Azure HPC Cache storage targets, and how to understand the storage target state
-author: femila
+author: rohogue
 ms.service: hpc-cache
 ms.topic: how-to
-ms.date: 09/27/2021
-ms.author: femila
+ms.date: 12/29/2021
+ms.author: rohogue
 ---
 
 # View and manage storage targets
@@ -35,7 +35,7 @@ These options are available:
 * **Force remove** - Delete a storage target, skipping some safety steps (**Force remove can cause data loss**)
 * **Delete** - Permanently remove a storage target
 
-Some storage targets also have a **Refresh DNS** option on this menu, which updates the storage target IP address from a custom DNS server. This configuration is uncommon.
+Some storage targets also have a **Refresh DNS** option on this menu, which updates the storage target IP address from a custom DNS server<!-- or from an Azure Storage private endpoint -->. This configuration is uncommon. <!-- is it still uncommon when we support private endpoints? --> <!-- need to update the section below also -->
 
 Read the rest of this article for more detail about these options.
 
@@ -105,13 +105,19 @@ $ az hpc-cache storage-target remove --resource-group cache-rg --cache-name doc-
 
 ---
 
-### Update IP address (custom DNS configurations only)
+### Update IP address (specific configurations only)
 
-If your cache uses a non-default DNS configuration, it's possible for your NFS storage target's IP address to change because of back-end DNS changes. If your DNS server changes the back-end storage system's IP address, Azure HPC Cache can lose access to the storage system.
+In some situations, you might need to update your storage target's IP address. This can happen in two scenarios:
 
-Ideally, you should work with the manager of your cache's custom DNS system to plan for any updates, because these changes make storage unavailable.
+* Your cache uses a custom DNS system instead of the default setup, and the network infrastructure has changed.
 
-If you need to update a storage target's DNS-provided IP address, use the **Storage targets** page. Click the **...** symbol in the right column to open the context menu. Choose **Refresh DNS** to query the custom DNS server for a new IP address.
+* Your storage target uses a private endpoint to access Azure Blob or NFS-mounted blob storage, and you have updated the endpoint's configuration. (You should suspend storage targets before modifying their private endpoints, as described in the [prerequisites article](#work-with-private-endpoints).)
+
+With a custom DNS system, it's possible for your NFS storage target's IP address to change because of back-end DNS changes. If your DNS server changes the back-end storage system's IP address, Azure HPC Cache can lose access to the storage system. Ideally, you should work with the manager of your cache's custom DNS system to plan for any updates, because these changes make storage unavailable.
+
+If you use a private endpoint for secure storage access, the endpoint's IP addresses can change if you modify its configuration. If you need to change your private endpoint configuration, you should suspend the storage target (or targets) that use the endpoint, then refresh their IP addresses when you re-activate them. Read [Work with private endpoints](#work-with-private-endpoints) for additional information.
+
+***NOTE: Need to check the GUI on this*** If you need to update a storage target's IP address, use the **Storage targets** page. Click the **...** symbol in the right column to open the context menu. Choose **Refresh DNS** to query the custom DNS server or private endpoint for a new IP address.
 
 ![Screenshot of storage target list. For one storage target, the "..." menu in the far right column is open and these options appear: Flush, Suspend, Refresh DNS, Force remove, Resume (this option is disabled), and Delete.](media/refresh-dns.png)
 
@@ -134,4 +140,4 @@ The **State** value affects which management options you can use. Here is a shor
 ## Next steps
 
 * Learn about [cache-level management actions](hpc-cache-manage.md)
-* [Edit a storage target](hpc-cache-edit-storage.md)
+* [Edit a storage target](hpc-cache-edit-storage.md)