Update register-existing-system.md

Updates for trusted access

Author: kalyaninamuduri

articles/sap/center-sap-solutions/register-existing-system.md

@@ -11,7 +11,7 @@ author: kalyaninamuduri
 ---
 
 # Register existing SAP system
-In this how-to guide, you'll learn how to register an existing SAP system with *Azure Center for SAP solutions*. After you register an SAP system with Azure Center for SAP solutions, you can use its visualization, management and monitoring capabilities through the Azure portal. For example, you can:
+In this how-to guide, you learn how to register an existing SAP system with *Azure Center for SAP solutions*. After you register an SAP system with Azure Center for SAP solutions, you can use its visualization, management and monitoring capabilities through the Azure portal. For example, you can:
 
 - View and track the SAP system as an Azure resource, called the *Virtual Instance for SAP solutions (VIS)*.
 - Get recommendations for your SAP infrastructure, Operating System configurations etc. based on quality checks that evaluate best practices for SAP on Azure.
@@ -23,14 +23,14 @@ In this how-to guide, you'll learn how to register an existing SAP system with *
 
 When you register a system with Azure Center for SAP solutions, the following resources are created in your Subscription:
 - Virtual Instance for SAP solutions, Central service instance for SAP solutions, App server instance for SAP solutions and Database for SAP solutions. These resource types are created to represent the SAP system on Azure. These resources do not have any billing or cost associated with them.
-- A managed resource group which is used by Azure Center for SAP solutions service.
-- A Storage account within the managed resource group which contains blobs that have scripts and logs necessary for the service to provide the various capabilities including discovering and registering all components of SAP system.
+- A managed resource group that is used by Azure Center for SAP solutions service.
+- A Storage account within the managed resource group that contains blobs. These blobs are scripts and logs necessary for the service to provide various capabilities that include discovering and registering all components of SAP system.
 
 > [!NOTE]
-> You can customize the names of the Managed resource group and the Storage account which get deployed as part of the registration process by using Azure Portal, [Azure PowerShell](quickstart-register-system-powershell.md) or [Azure CLI](quickstart-register-system-cli.md) interfaces, when you register your systems.
+> You can customize the names of the **Managed resource group** and the **Storage account** which get deployed as part of the registration process by using **Azure Portal**, [Azure PowerShell](quickstart-register-system-powershell.md) or [Azure CLI](quickstart-register-system-cli.md) interfaces, when you register your systems.
 
 > [!NOTE]
-> You can now enable secure access to the ACSS managed storage account from specific virtual networks using the [new option in the registration experience](#managed-storage-account-network-access-settings).
+> You can now enable **secure access** from specific virtual networks to the ACSS **managed storage account** using the [new option in the registration experience](#managed-storage-account-network-access-settings).
 
 ## Prerequisites
 
@@ -56,8 +56,8 @@ When you register a system with Azure Center for SAP solutions, the following re
     - File path on Linux VMs: /usr/sap/hostctrl/exe
     - File path on Windows VMs: C:\Program Files\SAP\hostctrl\exe\
 - Make sure the **sapstartsrv** process is running on all **SAP instances** and for **SAP hostctrl agent** on all the VMs in the SAP system.
-    - To start hostctrl sapstartsrv use this command for Linux VMs: 'hostexecstart -start'
-    - To start instance sapstartsrv use the command: 'sapcontrol -nr 'instanceNr' -function StartService S0S'
+    - To start hostctrl sapstartsrv, use this command for Linux VMs: 'hostexecstart -start'
+    - To start instance sapstartsrv, use the command: 'sapcontrol -nr 'instanceNr' -function StartService S0S'
     - To check status of hostctrl sapstartsrv use this command for Windows VMs: C:\Program Files\SAP\hostctrl\exe\saphostexec –status
 - For successful discovery and registration of the SAP system, ensure there is network connectivity between ASCS, App and DB VMs. 'ping' command for App instance hostname must be successful from ASCS VM. 'ping' for Database hostname must be successful from App server VM.
 - On App server profile, SAPDBHOST, DBTYPE, DBID parameters must have the right values configured for the discovery and registration of Database instance details.
@@ -84,7 +84,7 @@ The following SAP system configurations aren't supported in Azure Center for SAP
 
 ## Enable resource permissions
 
-When you register an existing SAP system as a VIS, Azure Center for SAP solutions service needs a **User-assigned managed identity** which has **Azure Center for SAP solutions service role** access on the Compute (VMs, Disks, Load balancers) resource group and **Reader** role access on the Virtual Network resource group of the SAP system. Before you register an SAP system with Azure Center for SAP solutions, either [create a new user-assigned managed identity or update role access for an existing managed identity](#setup-user-assigned-managed-identity).
+When you register an existing SAP system as a VIS, Azure Center for SAP solutions service needs a **User-assigned managed identity** that has **Azure Center for SAP solutions service role** access on the Compute (VMs, Disks, Load balancers) resource group and **Reader** role access on the Virtual Network resource group of the SAP system. Before you register an SAP system with Azure Center for SAP solutions, either [create a new user-assigned managed identity or update role access for an existing managed identity](#setup-user-assigned-managed-identity).
 
 Azure Center for SAP solutions uses this user-assigned managed identity to install VM extensions on the ASCS, Application Server and DB VMs. This step allows Azure Center for SAP solutions to discover the SAP system components, and other SAP system metadata. User-assigned managed identity is required to enable SAP system monitoring and management capabilities.
 
@@ -93,11 +93,11 @@ Azure Center for SAP solutions uses this user-assigned managed identity to insta
 To provide permissions to the SAP system resources to a user-assigned managed identity:
 
 1. [Create a new user-assigned managed identity](../../active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities.md#create-a-user-assigned-managed-identity) if needed or use an existing one.
-1. [Assign **Azure Center for SAP solutions service role**](../../active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities.md#manage-access-to-user-assigned-managed-identities) role access to the user-assigned managed identity on the resource group(s) which have the Virtual Machines, Disks and Load Balancers of the SAP system and **Reader** role on the resource group(s) which have the Virtual Network components of the SAP system.
+1. [Assign **Azure Center for SAP solutions service role**](../../active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities.md#manage-access-to-user-assigned-managed-identities) role access to the user-assigned managed identity on the resource group(s) that have the Virtual Machines, Disks and Load Balancers of the SAP system and **Reader** role on the resource group(s) which have the Virtual Network components of the SAP system.
 1. Once the permissions are assigned, this managed identity can be used in Azure Center for SAP solutions to register and manage SAP systems.
 
 ## Managed storage account network access settings
-ACSS deploys a **managed storage account** into your subscription, for each SAP system being registered. When you register your SAP system using Azure Portal, PowerShell or REST API, you have the option to choose **network access** setting for the storage account.
+ACSS deploys a **managed storage account** into your subscription, for each SAP system being registered. When you register your SAP system using Azure Portal, PowerShell or REST API, you have the option to choose **network access** setting for the storage account. You can choose either public network access or access from specific virtual networks. 
 
 To secure the managed storage account and limit access to only the virtual network that has your SAP virtual machines, you can choose the network access setting as **Enable access from specific Virtual Networks**. You can learn more about storage account network security in [this documentation](../../storage/common/storage-network-security.md). 
 
@@ -123,6 +123,9 @@ To register an existing SAP system in Azure Center for SAP solutions:
     1. For **Environment**, select the environment type from the drop-down menu. For example, production or non-production environments.
     1. For **Managed identity source**, select **Use existing user-assigned managed identity** option.
     1. For **Managed identity name**, select a **User-assigned managed identity** which has **Azure Center for SAP solutions service role** and **Reader** role access to the [respective resources of this SAP system.](#enable-resource-permissions)
+    1. For **Managed resource group name**, optionally enter a resource group name as per your organization's naming policies. This resource group is managed by ACSS service.
+    1. For **Managed storage account name**, optionally enter a storage account name as per your organization's naming policies. This storage account is managed by ACSS service.
+    1. For **Storage account network access**, select **Enable access from specific virtual network** for enhanced network security access for the managed storage account. 
     1. Select **Review + register** to discover the SAP system and begin the registration process.
 
         :::image type="content" source="media/register-existing-system/registration-page.png" alt-text="Screenshot of Azure Center for SAP solutions registration page, highlighting mandatory fields to identify the existing SAP system." lightbox="media/register-existing-system/registration-page.png":::