Merge pull request #229284 from b-ahibbard/anf-minor-edits-3223

cmk diagram. large volume update

Author: Stacyrch140

articles/azure-netapp-files/configure-customer-managed-keys.md

@@ -21,6 +21,16 @@ ms.author: anfdocs
 
 Customer-managed keys in Azure NetApp Files volume encryption enable you to use your own keys rather than a Microsoft-managed key when creating a new volume. With customer-managed keys, you can fully manage the relationship between a key's life cycle, key usage permissions, and auditing operations on keys. 
 
+The following diagram demonstrates how customer-managed keys work with Azure NetApp Files:
+
+:::image type="content" source="../media/azure-netapp-files/customer-managed-keys-diagram.png" alt-text="Conceptual diagram of customer-managed keys." lightbox="../media/azure-netapp-files/customer-managed-keys-diagram.png":::
+
+1. Azure NetApp Files grants permissions to encryption keys to a managed identity. The managed identity is either a user-assigned managed identity that you create and manage or a system-assigned managed identity associated with the NetApp account.
+2. You configure encryption with a customer-managed key for the NetApp account.
+3. You use the managed identity to which the Azure Key Vault admin granted permissions in step one to authenticate access to Azure Key Vault via Azure Active Directory.
+4. Azure NetApp Files wraps the account encryption key with the customer-managed key in Azure Key Vault.
+5. For read/write operations, Azure NetApp Files sends requests to Azure Key Vault to unwrap the account encryption key to perform encryption and decryption operations.
+
 ## Considerations
 
 > [!IMPORTANT]

articles/azure-netapp-files/large-volumes-requirements-considerations.md

@@ -13,7 +13,7 @@ ms.workload: storage
 ms.custom: references_regions
 ms.tgt_pltfrm: na
 ms.topic: conceptual
-ms.date: 02/23/2023
+ms.date: 03/02/2023
 ms.author: anfdocs
 ---
 # Requirements and considerations for large volumes (preview)
@@ -28,15 +28,17 @@ To enroll in the preview for large volumes, use the [large volumes preview sign-
 
 ## Requirements and considerations
 
-* Existing regular volumes can't be resized over 100 TiB. You can't convert regular Azure NetApp Files volumes to large volumes.
+* Existing regular volumes can't be resized over 100 TiB.
+    * You cannot convert regular Azure NetApp Files volumes to large volumes.
 * You must create a large volume at a size greater than 100 TiB. A single volume can't exceed 500 TiB.  
-* You can't resize a large volume to less than 100 TiB. You can only resize a large volume can up to 30% of lowest provisioned size. 
-* Large volumes are currently not supported with Azure NetApp Files backup.
-* Large volumes are not currently supported with cross-region replication.
+* You can't resize a large volume to less than 100 TiB.
+    * You can only resize a large volume up to 30% of lowest provisioned size. 
+* Large volumes aren't currently supported with Azure NetApp Files backup.
+* Large volumes aren't currently supported with cross-region replication.
 * You can't create a large volume with application volume groups.
 * Large volumes aren't currently supported with cross-zone replication.
 * The SDK for large volumes isn't currently available. 
-* Throughput ceilings for the three performance tiers (Standard, Premium, and Ultra) of large volumes are based on the existing 100-TiB maximum capacity targets. You'll be able to grow to 500 TiB with the throughput ceiling as per the table below. 
+* Throughput ceilings for the three performance tiers (Standard, Premium, and Ultra) of large volumes are based on the existing 100-TiB maximum capacity targets. You're able to grow to 500 TiB with the throughput ceiling per the following table:
 
 | Capacity tier | Volume size (TiB) | Throughput (MiB/s) |
 | --- | --- | --- |