Merge pull request #109000 from TimShererWithAquent/us1679050at

Change SSL to TLS per 1679050

Author: PRMerger13

articles/hdinsight/domain-joined/apache-domain-joined-create-configure-enterprise-security-cluster.md

@@ -311,7 +311,7 @@ New-SelfSignedCertificate -Subject hdifabrikam.com `
 ```
 
 > [!NOTE]  
-> Any utility or application that creates a valid Public Key Cryptography Standards (PKCS) \#10 request can be used to form the SSL certificate request.
+> Any utility or application that creates a valid Public Key Cryptography Standards (PKCS) \#10 request can be used to form the TLS/SSL certificate request.
 
 Verify that the certificate is installed in the computer's **Personal** store:
 

articles/hdinsight/hadoop/apache-hadoop-connect-hive-jdbc-driver.md

@@ -26,7 +26,7 @@ For more information on the Hive JDBC Interface, see [HiveJDBCInterface](https:/
 
 ## JDBC connection string
 
-JDBC connections to an HDInsight cluster on Azure are made over port 443, and the traffic is secured using SSL. The public gateway that the clusters sit behind redirects the traffic to the port that HiveServer2 is actually listening on. The following connection string shows the format to use for HDInsight:
+JDBC connections to an HDInsight cluster on Azure are made over port 443, and the traffic is secured using TLS/SSL. The public gateway that the clusters sit behind redirects the traffic to the port that HiveServer2 is actually listening on. The following connection string shows the format to use for HDInsight:
 
     jdbc:hive2://CLUSTERNAME.azurehdinsight.net:443/default;transportMode=http;ssl=true;httpPath=/hive2
 

articles/hdinsight/hadoop/apache-hadoop-on-premises-migration-best-practices-storage.md

@@ -47,7 +47,7 @@ You can create [blob snapshots](https://docs.microsoft.com/rest/api/storageservi
 
 The following methods can be used to import certificates into the Java trust store:
 
-Download the Azure Blob SSL cert to a file
+Download the Azure Blob TLS/SSL cert to a file
 
 ```bash
 echo -n | openssl s_client -connect <storage-account>.blob.core.windows.net:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > Azure_Storage.cer

articles/hdinsight/hadoop/apache-hadoop-use-hive-beeline.md

@@ -60,7 +60,7 @@ To find the JDBC URL from Ambari:
 
 ### Over public or private endpoints
 
-When connecting to a cluster using the public or private endpoints, you must provide the cluster login account name (default `admin`) and password. For example, using Beeline from a client system to connect to the `clustername.azurehdinsight.net` address. This connection is made over port `443`, and is encrypted using SSL.
+When connecting to a cluster using the public or private endpoints, you must provide the cluster login account name (default `admin`) and password. For example, using Beeline from a client system to connect to the `clustername.azurehdinsight.net` address. This connection is made over port `443`, and is encrypted using TLS/SSL.
 
 Replace `clustername` with the name of your HDInsight cluster. Replace `admin` with the cluster login account for your cluster. For ESP clusters, use the full UPN (for example, [email protected]). Replace `password` with the password for the cluster login account.
 

articles/hdinsight/hdinsight-hadoop-use-blob-storage.md

@@ -35,7 +35,7 @@ Sharing one blob container as the default file system for multiple clusters isn'
 
 ## Access files from within cluster
 
-There are several ways you can access the files in Data Lake Storage from an HDInsight cluster. The URI scheme provides unencrypted access (with the *wasb:* prefix) and SSL encrypted access (with *wasbs*). We recommend using *wasbs* wherever possible, even when accessing data that lives inside the same region in Azure.
+There are several ways you can access the files in Data Lake Storage from an HDInsight cluster. The URI scheme provides unencrypted access (with the *wasb:* prefix) and TLS encrypted access (with *wasbs*). We recommend using *wasbs* wherever possible, even when accessing data that lives inside the same region in Azure.
 
 * **Using the fully qualified name**. With this approach, you provide the full path to the file that you want to access.
 

articles/hdinsight/kafka/apache-kafka-ssl-encryption-authentication.md

@@ -1,6 +1,6 @@
 ---
-title: Apache Kafka SSL encryption & authentication  - Azure HDInsight
-description: Set up SSL encryption for communication between Kafka clients and Kafka brokers as well as between Kafka brokers. Set up SSL authentication of clients.
+title: Apache Kafka TLS encryption & authentication  - Azure HDInsight
+description: Set up TLS encryption for communication between Kafka clients and Kafka brokers as well as between Kafka brokers. Set up SSL authentication of clients.
 author: hrasheed-msft
 ms.reviewer: jasonh
 ms.service: hdinsight
@@ -9,18 +9,18 @@ ms.topic: conceptual
 ms.date: 05/01/2019
 ms.author: hrasheed
 ---
-# Set up Secure Sockets Layer (SSL) encryption and authentication for Apache Kafka in Azure HDInsight
+# Set up TLS encryption and authentication for Apache Kafka in Azure HDInsight
 
-This article shows you how to set up SSL encryption between Apache Kafka clients and Apache Kafka brokers. It also shows you how to set up authentication of clients (sometimes referred to as two-way SSL).
+This article shows you how to set up Transport Layer Security (TLS) encryption, previously known as Secure Sockets Layer (SSL) encryption, between Apache Kafka clients and Apache Kafka brokers. It also shows you how to set up authentication of clients (sometimes referred to as two-way TLS).
 
 > [!Important]
-> There are two clients which you can use for Kafka applications: a Java client and a console client. Only the Java client `ProducerConsumer.java` can use SSL for both producing and consuming. The console producer client `console-producer.sh` does not work with SSL.
+> There are two clients which you can use for Kafka applications: a Java client and a console client. Only the Java client `ProducerConsumer.java` can use TLS for both producing and consuming. The console producer client `console-producer.sh` does not work with TLS.
 
 > [!Note] 
 > HDInsight Kafka console producer with version 1.1 does not support SSL.
 ## Apache Kafka broker setup
 
-The Kafka SSL broker setup will use four HDInsight cluster VMs in the following way:
+The Kafka TLS broker setup will use four HDInsight cluster VMs in the following way:
 
 * headnode 0 - Certificate Authority (CA)
 * worker node 0, 1, and 2 - brokers
@@ -113,7 +113,7 @@ Use the following detailed instructions to complete the broker setup:
 
     ```
 
-## Update Kafka configuration to use SSL and restart brokers
+## Update Kafka configuration to use TLS and restart brokers
 
 You have now set up each Kafka broker with a keystore and truststore, and imported the correct certificates. Next, modify related Kafka configuration properties using Ambari and then restart the Kafka brokers.
 
@@ -160,7 +160,7 @@ To complete the configuration modification, do the following steps:
 
 ## Client setup (without authentication)
 
-If you don't need authentication, the summary of the steps to set up only SSL encryption are:
+If you don't need authentication, the summary of the steps to set up only TLS encryption are:
 
 1. Sign in to the CA (active head node).
 1. Copy the CA cert to client machine from the CA machine (wn0).
@@ -213,7 +213,7 @@ These steps are detailed in the following code snippets.
 ## Client setup (with authentication)
 
 > [!Note]
-> The following steps are required only if you are setting up both SSL encryption **and** authentication. If you are only setting up encryption, then see [Client setup without authentication](apache-kafka-ssl-encryption-authentication.md#client-setup-without-authentication).
+> The following steps are required only if you are setting up both TLS encryption **and** authentication. If you are only setting up encryption, then see [Client setup without authentication](apache-kafka-ssl-encryption-authentication.md#client-setup-without-authentication).
 
 The following four steps summarize the tasks needed to complete the client setup:
 
@@ -296,7 +296,7 @@ The details of each step are given below.
 ## Verification
 
 > [!Note]
-> If HDInsight 4.0 and Kafka 2.1 is installed, you can use the console producer/consumers to verify your setup. If not, run the Kafka producer on port 9092 and send messages to the topic, and then use the Kafka consumer on port 9093 which uses SSL.
+> If HDInsight 4.0 and Kafka 2.1 is installed, you can use the console producer/consumers to verify your setup. If not, run the Kafka producer on port 9092 and send messages to the topic, and then use the Kafka consumer on port 9093 which uses TLS.
 
 ### Kafka 2.1 or above
 

articles/hdinsight/kafka/kafka-faq.md

@@ -44,7 +44,7 @@ Using [Enterprise Security Package (ESP)](../domain-joined/apache-domain-joined-
 
 ## Is my data encrypted? Can I use my own keys?
 
-All Kafka messages on the managed disks are encrypted with [Azure Storage Service Encryption (SSE)](../../storage/common/storage-service-encryption.md). Data-in-transit (for example, data being transmitted from clients to brokers and the other way around) isn't encrypted by default. It's possible to encrypt such traffic by [setting up SSL on your own](./apache-kafka-ssl-encryption-authentication.md). Additionally, HDInsight allows you to manage their own keys to encrypt the data at rest. See [Customer-managed key disk encryption](../disk-encryption.md), for more information.
+All Kafka messages on the managed disks are encrypted with [Azure Storage Service Encryption (SSE)](../../storage/common/storage-service-encryption.md). Data-in-transit (for example, data being transmitted from clients to brokers and the other way around) isn't encrypted by default. It's possible to encrypt such traffic by [setting up TLS on your own](./apache-kafka-ssl-encryption-authentication.md). Additionally, HDInsight allows you to manage their own keys to encrypt the data at rest. See [Customer-managed key disk encryption](../disk-encryption.md), for more information.
 
 ## How do I connect clients to my cluster?
 
@@ -90,5 +90,5 @@ Use Azure monitor to analyze your [Kafka logs](./apache-kafka-log-analytics-oper
 
 ## Next steps
 
-* [Set up Secure Sockets Layer (SSL) encryption and authentication for Apache Kafka in Azure HDInsight](./apache-kafka-ssl-encryption-authentication.md)
+* [Set up TLS encryption and authentication for Apache Kafka in Azure HDInsight](./apache-kafka-ssl-encryption-authentication.md)
 * [Use MirrorMaker to replicate Apache Kafka topics with Kafka on HDInsight](./apache-kafka-mirroring.md)

articles/hdinsight/kafka/migrate-versions.md

@@ -63,7 +63,7 @@ The following migration guidance assumes an Apache Kafka 1.0.0 or 1.1.0 cluster
 
 To complete the migration, do the following steps:
 
-1. **Deploy a new HDInsight 4.0 cluster and clients for test.** Deploy a new HDInsight 4.0 Kafka cluster. If multiple Kafka cluster versions can be selected, it's recommended to select the latest version. After deployment, set some parameters as needed and create a topic with the same name as your existing environment. Also, set SSL and bring-your-own-key (BYOK) encryption as needed. Then check if it works correctly with the new cluster.
+1. **Deploy a new HDInsight 4.0 cluster and clients for test.** Deploy a new HDInsight 4.0 Kafka cluster. If multiple Kafka cluster versions can be selected, it's recommended to select the latest version. After deployment, set some parameters as needed and create a topic with the same name as your existing environment. Also, set TLS and bring-your-own-key (BYOK) encryption as needed. Then check if it works correctly with the new cluster.
 
     ![Deploy new HDInsight 4.0 clusters](./media/upgrade-threesix-to-four/deploy-new-hdinsight-clusters.png)