Merge pull request #278346 from ShawnJackson/tutorial-configure-networking-2

ktoliver · web-flow · commit bb49478ba617 · 2024-06-20T11:42:23.000-07:00
[AQ] edit pass: tutorial-configure-networking
diff --git a/articles/azure-vmware/deploy-azure-vmware-solution.md b/articles/azure-vmware/deploy-azure-vmware-solution.md
@@ -42,7 +42,7 @@ In the planning phase, you defined whether to use an *existing* or *new* Express
 
 | If | Then  |
 | --- | --- |
-| You don't already have a virtual network...     |  Create the following:<ol><li><a href="tutorial-configure-networking.md#create-a-vnet-manually">Virtual network</a></li><li><a href="../expressroute/expressroute-howto-add-gateway-portal-resource-manager.md#create-the-gateway-subnet">GatewaySubnet</a></li><li><a href="tutorial-configure-networking.md#create-a-virtual-network-gateway">Virtual network gateway</a></li><li><a href="tutorial-configure-networking.md#connect-expressroute-to-the-virtual-network-gateway">Connect ExpressRoute to the gateway</a></li></ol>        |
+| You don't already have a virtual network...     |  Create the following:<ol><li><a href="tutorial-configure-networking.md#create-a-virtual-network-manually">Virtual network</a></li><li><a href="../expressroute/expressroute-howto-add-gateway-portal-resource-manager.md#create-the-gateway-subnet">GatewaySubnet</a></li><li><a href="tutorial-configure-networking.md#create-a-virtual-network-gateway">Virtual network gateway</a></li><li><a href="tutorial-configure-networking.md#connect-expressroute-to-the-virtual-network-gateway">Connect ExpressRoute to the gateway</a></li></ol>        |
 | You already have a virtual network **without** a GatewaySubnet...   | Create the following: <ol><li><a href="../expressroute/expressroute-howto-add-gateway-portal-resource-manager.md#create-the-gateway-subnet">GatewaySubnet</a></li><li><a href="tutorial-configure-networking.md#create-a-virtual-network-gateway">Virtual network gateway</a></li><li><a href="tutorial-configure-networking.md#connect-expressroute-to-the-virtual-network-gateway">Connect ExpressRoute to the gateway</a></li></ol>          |
 | You already have a virtual network **with** a GatewaySubnet... | Create the following: <ol><li><a href="tutorial-configure-networking.md#create-a-virtual-network-gateway">Virtual network gateway</a></li><li><a href="tutorial-configure-networking.md#connect-expressroute-to-the-virtual-network-gateway">Connect ExpressRoute to the gateway</a></li></ol>    |
 
diff --git a/articles/azure-vmware/enable-vmware-cds-with-azure.md b/articles/azure-vmware/enable-vmware-cds-with-azure.md
@@ -20,7 +20,7 @@ The following diagram shows typical architecture for Cloud Director services wit
 
 :::image type="content" source="media/vmware-cds/reference-architecture-diagram.png" alt-text="Diagram showing typical architecture and how VMware Cloud Director service is connected with Azure VMware Solution." border="false" lightbox="media/vmware-cds/reference-architecture-diagram.png":::
 
-VMware Cloud Director supports multi-tenancy by using organizations. A single organization can have multiple organization virtual data centers (VDC). Each Organization’s VDC can have their own dedicated Tier-1 router (Edge Gateway) which is further connected with the provider managed shared Tier-0 router.
+VMware Cloud Director supports multi-tenancy by using organizations. A single organization can have multiple organization virtual data centers (VDC). Each Organization's VDC can have their own dedicated Tier-1 router (Edge Gateway) which is further connected with the provider managed shared Tier-0 router.
 
 [Learn more about CDs on Azure VMware Solutions reference architecture](https://cloudsolutions.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/docs/cloud-director-service-reference-architecture-for-azure-vmware-solution.pdf)
 
@@ -37,17 +37,17 @@ Organization VDCs can be part of a single organization and still provide isolati
 
 ### Prerequisites  
 - Organization VDC is configured with an Edge gateway and has Public IPs assigned to it to establish IPSEC VPN by provider.
-- Tenants created a routed Organization VDC network in tenant’s virtual datacenter.
+- Tenants created a routed Organization VDC network in tenant's virtual datacenter.
 - Test VM1 and VM2 are created in the Organization VDC1 and VDC2 respectively. Both VMs are connected to the routed orgVDC network in their respective VDCs.
-- Have a dedicated [Azure VNet](tutorial-configure-networking.md#create-a-vnet-manually) configured for each tenant. For this example, we created Tenant1-VNet and Tenant2-VNet for tenant1 and tenant2 respectively.
+- Have a dedicated [Azure VNet](tutorial-configure-networking.md#create-a-virtual-network-manually) configured for each tenant. For this example, we created Tenant1-VNet and Tenant2-VNet for tenant1 and tenant2 respectively.
 - Create an [Azure Virtual network gateway](tutorial-configure-networking.md#create-a-virtual-network-gateway) for VNETs created earlier.
 - Deploy Azure VMs JSVM1 and JSVM2 for tenant1 and tenant2 for test purposes.
 
 > [!Note]
 > VMware Cloud Director service supports a policy-based VPN.  Azure VPN gateway configures route-based VPN by default and to configure policy-based VPN policy-based selector needs to be enabled.
 
 ### Configure Azure VNet 
-Create the following components in tenant’s dedicated Azure VNet to establish IPSEC tunnel connection with the tenant’s ORG VDC Edge gateway. 
+Create the following components in tenant's dedicated Azure VNet to establish IPSEC tunnel connection with the tenant's ORG VDC Edge gateway. 
 - Azure Virtual network gateway 
 - Local network gateway. 
 - Add IPSEC connection on VPN gateway.
@@ -57,12 +57,12 @@ Create the following components in tenant’s dedicated Azure VNet to establish
 To create an Azure virtual network gateway, see the [create-a-virtual-network-gateway tutorial](tutorial-configure-networking.md#create-a-virtual-network-gateway).
 
 ### Create local network gateway
-1.	Sign in to the Azure portal and select **Local network gateway** from marketplace and then select **Create**.
-1.	Local Network Gateway represents remote end site details. Therefore provide tenant1 OrgVDC public IP address and orgVDC Network details to create local end point for tenant1. 
-1.	Under **Instance details**, select **Endpoint** as IP address
-1.	Add IP address (add Public IP address from tenant’s OrgVDC Edge gateway).
-1.	Under **Address space** add **Tenants Org VDC Network**.
-1.	Repeat steps 1-5 to create a local network gateway for tenant 2.
+1.  Sign in to the Azure portal and select **Local network gateway** from marketplace and then select **Create**.
+1.  Local Network Gateway represents remote end site details. Therefore provide tenant1 OrgVDC public IP address and orgVDC Network details to create local end point for tenant1. 
+1.  Under **Instance details**, select **Endpoint** as IP address
+1.  Add IP address (add Public IP address from tenant's OrgVDC Edge gateway).
+1.  Under **Address space** add **Tenants Org VDC Network**.
+1.  Repeat steps 1-5 to create a local network gateway for tenant 2.
 
 ### Create IPSEC connection on VPN gateway
 1. Select tenant1 VPN Gateway (created earlier) and then select **Connection** (in left pane) to add new IPSEC connection with tenant1 orgVDC Edge gateway.  
@@ -71,8 +71,8 @@ To create an Azure virtual network gateway, see the [create-a-virtual-network-ga
      | **Name** | **Connection** |
      |:---------- | :--------------| 
      | Connection Type | Site to Site |
-     | VPN Gateway | Tenant’s VPN Gateway |
-     | Local Network Gateway | Tenant’s Local Gateway |
+     | VPN Gateway | Tenant's VPN Gateway |
+     | Local Network Gateway | Tenant's Local Gateway |
      | PSK | Shared Key (provide a password) |   
      | IKE Protocol | IKEV2 (ORG-VDC is using IKEv2) |
 
@@ -98,31 +98,31 @@ VMware Cloud Director service supports a policy-based VPN. Azure VPN gateway con
    >[!Note]
    > VPN tunnel won't establish if these settings were mismatched.
 1. Under **Peer Authentication Mode**, provide the same preshared key that is used at the Azure VPN gateway.
-1. Under **Endpoint configuration**, add the Organization’s public IP and network details in local endpoint and Azure VNet details in remote endpoint configuration.
+1. Under **Endpoint configuration**, add the Organization's public IP and network details in local endpoint and Azure VNet details in remote endpoint configuration.
 1. Under **Ready to complete**, review applied configuration.
 1. Select **Finish** to apply configuration.
 
 ### Apply firewall configuration
 Organization VDC Edge router firewall denies traffic by default. You need to apply specific rules to enable connectivity. Use the following steps to apply firewall rules.
 
-1.	Add IP set in VMware Cloud Director service portal 
-     1.	Sign in to Edge router then select **IP SETS** under the **Security** tab in left plane.
+1.  Add IP set in VMware Cloud Director service portal 
+     1.  Sign in to Edge router then select **IP SETS** under the **Security** tab in left plane.
      1. Select **New** to create IP sets.
-     1.	Enter **Name** and **IP address** of test VM deployed in orgVDC.
-     1.	Create another IP set for Azure VNet for this tenant.
-2.	Apply firewall rules on ORG VDC Edge router.
+     1.  Enter **Name** and **IP address** of test VM deployed in orgVDC.
+     1.  Create another IP set for Azure VNet for this tenant.
+2.  Apply firewall rules on ORG VDC Edge router.
       1. Under **Edge gateway**, select **Edge gateway** and then select **firewall** under **services**.
-     1.	Select **Edit rules**. 
-     1.	Select **NEW ON TOP** and enter rule name.
+     1.  Select **Edit rules**. 
+     1.  Select **NEW ON TOP** and enter rule name.
      1. Add **source** and **destination** details. Use created IPSET in source and destination.  
      1. Under **Action**, select **Allow**.
-     1.	Select **Save** to apply configuration.
-3.	Verify tunnel status
-     1.	Under **Edge gateway** select **Service**, then select **IPSEC VPN**, 
+     1.  Select **Save** to apply configuration.
+3.  Verify tunnel status
+     1.  Under **Edge gateway** select **Service**, then select **IPSEC VPN**, 
      1. Select **View statistics**.  
      Status of tunnel should show **UP**.
-4.	Verify IPsec connection
-     1.	Sign in to Azure VM deployed in tenants VNet and ping tenant’s test VM IP address in tenant’s OrgVDC.  
+4.  Verify IPsec connection
+     1.  Sign in to Azure VM deployed in tenants VNet and ping tenant's test VM IP address in tenant's OrgVDC.  
      For example, ping VM1 from JSVM1. Similarly, you should be able to ping VM2 from JSVM2.
 You can verify isolation between tenants Azure VNets. Tenant 1 VM1 can't ping Tenant 2 Azure VM JSVM2 in tenant 2 Azure VNets. 
 
@@ -135,21 +135,21 @@ You can verify isolation between tenants Azure VNets. Tenant 1 VM1 can't ping Te
 - OrgVDC Edge has default DENY ALL firewall rule. Organization administrators need to open appropriate ports to allow access through the firewall by adding a new firewall rule. Virtual machines configured on such OrgVDC network used in SNAT configuration should be able to access the Internet. 
 
 ### Prerequisites
-1.	Public IP is assigned to the organization VDC Edge router. 
+1.  Public IP is assigned to the organization VDC Edge router. 
      To verify, sign in to the organization's VDC. Under **Networking**> **Edges**, select **Edge Gateway**, then select **IP allocations** under **IP management**. You should see a range of assigned IP address  there.
-2.	Create a routed Organization VDC network. (Connect OrgvDC network to the Edge gateway with public IP address assigned)
-	
+2.  Create a routed Organization VDC network. (Connect OrgvDC network to the Edge gateway with public IP address assigned)
+  
 ### Apply SNAT configuration
-1.	Sign in to Organization VDC. Navigate to your Edge gateway and then select **NAT** under **Services**.
-2.	Select **New** to add new SNAT rule.
-3.	Provide **Name** and select **Interface type** as SNAT.
-4.	Under **External IP**, enter public IP address from public IP pool assigned to your orgVDC Edge router.
-5.	Under **Internal IP**, enter IP address for your test VM. 
+1.  Sign in to Organization VDC. Navigate to your Edge gateway and then select **NAT** under **Services**.
+2.  Select **New** to add new SNAT rule.
+3.  Provide **Name** and select **Interface type** as SNAT.
+4.  Under **External IP**, enter public IP address from public IP pool assigned to your orgVDC Edge router.
+5.  Under **Internal IP**, enter IP address for your test VM. 
       This IP address is one of the orgVDC network IP assigned to the VM.
-6.	**State** should be enabled.
-7.	Under **Priority**, select a higher number.
+6.  **State** should be enabled.
+7.  Under **Priority**, select a higher number.
       For example, 4096.
-8.	Select **Save** to save the configuration.
+8.  Select **Save** to save the configuration.
 
 ### Apply firewall rule
 1. Sign in to Organization VDC and navigate to **Edge Gateway**, then select **IP set** under security.
diff --git a/articles/azure-vmware/includes/connect-expressroute-vnet.md b/articles/azure-vmware/includes/connect-expressroute-vnet.md
@@ -1,6 +1,6 @@
 ---
-title: Connect ExpressRoute to the virtual network gateway
-description: Steps to connect ExpressRoute to the virtual network gateway.
+title: Connect ExpressRoute to a virtual network gateway
+description: Steps to connect ExpressRoute to a virtual network gateway.
 ms.topic: include
 ms.service: azure-vmware
 ms.date: 1/03/2024
@@ -11,26 +11,25 @@ ms.custom: engagement-fy23
 
 <!-- Used in deploy-azure-vmware-solution.md and tutorial-configure-networking.md -->
 
-
 1. Request an ExpressRoute authorization key:
 
    [!INCLUDE [request-authorization-key](request-authorization-key.md)]
 
-1. Navigate to the virtual network gateway you plan to use and select **Connections** > **+ Add**.
+1. Go to the virtual network gateway that you plan to use, and then select **Connections** > **+ Add**.
 
-1. On the **Add connection** page, provide values for the fields, and select **OK**. 
+1. On the **Add connection** pane, provide the following values, and then select **OK**.
 
    | Field | Value |
    | --- | --- |
    | **Name**  | Enter a name for the connection.  |
    | **Connection type**  | Select **ExpressRoute**.  |
-   | **Redeem authorization**  | Ensure this box is selected.  |
-   | **Virtual network gateway** | The virtual network gateway you intend to use.  |
-   | **Authorization key**  | Paste the authorization key you copied earlier. |
-   | **Peer circuit URI**  | Paste the ExpressRoute ID you copied earlier.  |
+   | **Redeem authorization**  | Ensure that this checkbox is selected.  |
+   | **Virtual network gateway** | The value is prepopulated with the virtual network gateway that you intend to use.  |
+   | **Authorization key**  | Paste the authorization key that you copied earlier. |
+   | **Peer circuit URI**  | Paste the ExpressRoute ID that you copied earlier.  |
 
-   :::image type="content" source="../media/tutorial-configure-networking/add-connection.png" alt-text="Screenshot shows the Add connection page to connect ExpressRoute to the virtual network gateway.":::
+   :::image type="content" source="../media/tutorial-configure-networking/add-connection.png" alt-text="Screenshot that shows the pane for adding an ExpressRoute connection to a virtual network gateway.":::
 
-The connection between your ExpressRoute circuit and your Virtual Network is created.
+A status of **Succeeded** indicates that you finished creating the connection between your ExpressRoute circuit and your virtual network.
 
-:::image type="content" source="../media/expressroute-global-reach/virtual-network-gateway-connections.png" alt-text="Screenshot shows a successful virtual network gateway connection.":::
+:::image type="content" source="../media/expressroute-global-reach/virtual-network-gateway-connections.png" alt-text="Screenshot that shows a successful virtual network gateway connection.":::
diff --git a/articles/azure-vmware/includes/disk-pool-planning-note.md b/articles/azure-vmware/includes/disk-pool-planning-note.md
@@ -1,6 +1,6 @@
 ---
-title: Disk pool planning note for vNet
-description: Important note about the importance of deploying a vNet closer to Azure VMware Solution hosts.
+title: Disk pool planning note for virtual networks
+description: Information about the importance of deploying a virtual network closer to Azure VMware Solution hosts.
 ms.topic: include
 ms.service: azure-vmware
 ms.date: 1/03/2024
@@ -15,4 +15,4 @@ ms.custom: engagement-fy23
 ---
 
 
-If you plan to scale your Azure VMware Solution hosts using [Azure NetApp Files datastores](../attach-azure-netapp-files-to-azure-vmware-solution-hosts.md), deploying the vNet close to your hosts with an ExpressRoute virtual network gateway is crucial. The closer the storage is to your hosts, the better the performance.
+If you plan to scale your Azure VMware Solution hosts by using [Azure NetApp Files datastores](../attach-azure-netapp-files-to-azure-vmware-solution-hosts.md), deploying the virtual network close to your hosts with an ExpressRoute virtual network gateway is crucial. The closer the storage is to your hosts, the better the performance.
diff --git a/articles/azure-vmware/includes/request-authorization-key.md b/articles/azure-vmware/includes/request-authorization-key.md
@@ -1,5 +1,5 @@
 ---
-title: Request authorization key for ExpressRoute
+title: Request an authorization key for ExpressRoute
 description: Steps to request an authorization key for ExpressRoute.
 ms.topic: include
 ms.service: azure-vmware
@@ -11,15 +11,18 @@ ms.custom: engagement-fy23
 
 <!-- used in tutorial-expressroute-global-reach-private-cloud.md and create-ipsec-tunnel.md -->
 
-1. In the Azure portal, navigate to the Azure VMware Solution private cloud. Select **Manage** > **Connectivity** > **ExpressRoute** and then select **+ Request an authorization key**.
+1. In the Azure portal, go to the Azure VMware Solution private cloud.
 
-   :::image type="content" source="../media/expressroute-global-reach/start-request-authorization-key.png" alt-text="Screenshot shows how to request an ExpressRoute authorization key." border="true" lightbox="../media/expressroute-global-reach/start-request-authorization-key.png":::
+1. Under **Manage**, select **Connectivity**.
 
-1. Provide a name for it and select **Create**.
+1. Select the **ExpressRoute** tab, and then select **+ Request an authorization key**.
 
-   It can take about 30 seconds to create the key. Once created, the new key appears in the list of authorization keys for the private cloud.
+   :::image type="content" source="../media/expressroute-global-reach/start-request-authorization-key.png" alt-text="Screenshot that shows selections for requesting an ExpressRoute authorization key." border="true" lightbox="../media/expressroute-global-reach/start-request-authorization-key.png":::
 
-   :::image type="content" source="../media/expressroute-global-reach/show-global-reach-auth-key.png" alt-text="Screenshot shows the ExpressRoute Global Reach authorization key." lightbox="../media/expressroute-global-reach/show-global-reach-auth-key.png":::
-  
-1. Copy the authorization key and ExpressRoute ID. You need them to complete the peering. The authorization key disappears after some time, so copy it as soon as it appears.
+1. Provide a name for the authorization key, and then select **Create**.
 
+   It can take about 30 seconds to create the key. After the key is created, it appears in the list of authorization keys for the private cloud.
+
+   :::image type="content" source="../media/expressroute-global-reach/show-global-reach-auth-key.png" alt-text="Screenshot that shows the ExpressRoute Global Reach authorization key." lightbox="../media/expressroute-global-reach/show-global-reach-auth-key.png":::
+
+1. Copy the authorization key and the ExpressRoute ID. You need them to complete the peering. The authorization key disappears after some time, so copy it as soon as it appears.
diff --git a/articles/azure-vmware/tutorial-configure-networking.md b/articles/azure-vmware/tutorial-configure-networking.md
