Merge pull request #300791 from v-stsavell/435958

Pipeline: [UPDATE] Reliability Virtual Network

Author: JillGrant615

articles/reliability/includes/reliability-availability-zone-description-include.md

@@ -11,4 +11,4 @@
 
 Availability zones are physically separate groups of datacenters within each Azure region. When one zone fails, services can fail over to one of the remaining zones.
 
-For more information on availability zones in Azure, see [What are availability zones?](/azure/reliability/availability-zones-overview)
+For more information, see [What are availability zones?](/azure/reliability/availability-zones-overview).

articles/reliability/includes/reliability-shared-responsibility-include.md

@@ -9,4 +9,4 @@
  ms.custom: include file
 ---
 
-Reliability is a shared responsibility between you and Microsoft. You can use this guide to find out which reliability options fulfill your specific business objectives and uptime goals. 
+Reliability is a shared responsibility between you and Microsoft. You can use this guide to determine which reliability options fulfill your specific business objectives and uptime goals. 

articles/reliability/includes/reliability-transient-fault-description-include.md

@@ -11,4 +11,4 @@
 
 Transient faults are short, intermittent failures in components. They occur frequently in a distributed environment like the cloud, and they're a normal part of operations. They correct themselves after a short period of time. It's important that your applications handle transient faults, usually by retrying affected requests.
 
-All cloud-hosted applications should follow the Azure transient fault handling guidance when communicating with any cloud-hosted APIs, databases, and other components. For more information, see [Recommendations for handing transient faults](/azure/well-architected/reliability/handle-transient-faults).
+All cloud-hosted applications should follow the Azure transient fault handling guidance when communicating with any cloud-hosted APIs, databases, and other components. For more information, see [Recommendations for handling transient faults](/azure/well-architected/reliability/handle-transient-faults).

articles/reliability/reliability-virtual-network.md

@@ -7,7 +7,8 @@ ms.topic: reliability-article
 ms.custom: subject-reliability
 ms.service: azure-virtual-network
 ms.date: 05/20/2025
-#Customer intent: As an engineer responsible for business continuity, I want to understand who need to understand the details of how Azure Virtual Network works from a reliability perspective and plan disaster recovery strategies in alignment with the exact processes that Azure services follow during different kinds of situations.
+#Customer intent: As an engineer responsible for business continuity, I want to understand who needs to understand the details of how Azure Virtual Network works from a reliability perspective and plan disaster recovery strategies in alignment with the exact processes that Azure services follow during different kinds of situations.
+
 ---
 
 # Reliability in Azure Virtual Network
@@ -16,111 +17,121 @@ This article describes reliability support in Azure Virtual Network, covering in
 
 [!INCLUDE [Shared responsibility description](includes/reliability-shared-responsibility-include.md)]
 
-A virtual network is a logical representation of your network in the cloud. With a virtual network, you can define your own private IP address space and segment the network into subnets. Virtual networks serve as a trust boundary to host your compute resources such as Azure Virtual Machines and load balancers. A virtual network allows direct private IP communication between the resources that are hosted in it.  To enable hybrid cloud scenarios and securely extend your datacenter into Azure, you can link a virtual network to an on-premises network through a VPN Gateway or ExpressRoute, 
+A virtual network is a logical representation of your network in the cloud. You can use a virtual network to define your own private IP address space and segment the network into subnets. Virtual networks serve as a trust boundary to host your compute resources such as Azure Virtual Machines and load balancers. A virtual network enables direct private IP communication between the resources that it hosts. To enable hybrid cloud scenarios and securely extend your datacenter into Azure, you can link a virtual network to an on-premises network through Azure VPN Gateway or Azure ExpressRoute. 
 
 ## Production deployment recommendations
 
-As you build your virtual network in Azure, it's important to improve the reliability of your solution, by keeping in mind the following universal design principles:
+As you build your virtual network in Azure, it's important to improve the reliability of your solution by keeping in mind the following universal design principles:
+
+- **Avoid overlapping address spaces.** Ensure that your virtual network address space, defined as a Classless Inter-Domain Routing (CIDR) block, doesn't overlap with your organization's other network ranges.
+
+- **Reserve address space for future growth.** Your subnets shouldn't cover the entire address space of the virtual network. Plan ahead and reserve some address space for the future.
 
-- Ensure address spaces don't overlap. Make sure your virtual network address space (CIDR block) doesn't overlap with your organization's other network ranges.
-- Your subnets shouldn't cover the entire address space of the virtual network. Plan ahead and reserve some address space for the future.
-- To reduce management overhead, use a few large virtual networks instead of multiple small ones.
-- Secure your virtual networks by assigning Network Security Groups (NSGs) to the subnets beneath them.
+- **Consolidate your networks.** To reduce management overhead, use a few large virtual networks instead of multiple small virtual networks.
 
-To learn more about how to design your Azure virtual network with reliability principles in mind, as well as other important best practices, see [Architecture best practices for Azure Virtual Network](/azure/well-architected/service-guides/virtual-network).
+- **Secure your networks.** Secure your virtual networks by assigning network security groups (NSGs) to the subnets beneath them.
+
+For more information about how to design your Azure virtual network with reliability principles in mind, see [Architecture best practices for Virtual Network](/azure/well-architected/service-guides/virtual-network).
 
 ## Reliability architecture overview
 
-A virtual network is one of several core networking components in Azure. When you create a virtual network, you create a set of resources that collectively define your networking configuration. These resources include:
+A virtual network is one of several core networking components in Azure. When you create a virtual network, you create a set of resources that collectively define your networking configuration. These resources include the following network components:
+
+- NSGs and application security groups, which restrict communication between parts of your network
+
+- User-defined routes, which control how traffic flows
 
-- Network security groups (NSGs) and application security groups (ASGs), which restrict communication between parts of your network.
-- User-defined routes, which control how traffic flows.
-- Load balancers, which distribute traffic within your network.
-- Public IP addresses, which provide connectivity to and from the internet.
-- Network interface cards (NICs), which provide network connectivity to Azure virtual machines.
-- Private endpoints, which provide private connectivity to Azure services and to resources outside of your own virtual network.
+- Load balancers, which distribute traffic within your network
+
+- Public IP addresses, which provide connectivity to and from the internet
+
+- Network interface cards, which provide network connectivity to Azure virtual machines (VMs)
+
+- Private endpoints, which provide private connectivity to Azure services and to resources outside of your virtual network
 
 You might also deploy *appliances*, such as ExpressRoute gateways, VPN gateways, and firewalls. Appliances provide services to support your networking requirements, such as connecting to on-premises environments or providing sophisticated controls on traffic flow.
 
-Finally, you deploy your own components, like virtual machines that run applications or databases, as well as other Azure services that provide virtual network integration.
+Finally, you deploy your own components, like VMs that run applications or databases, and other Azure services that provide virtual network integration.
 
 > [!IMPORTANT]
-> This guide focuses on Azure virtual networks, which are just one component in your network architecture.
+> This guide focuses on Azure virtual networks, which are only one component in your network architecture.
 >
-> From a reliability perspective, it's important that you consider each component in your solution individually as well as how they behave together. Many core Azure networking services provide high resiliency by default, but you might need to consider how other network appliances, virtual machines, and other components can support your reliability needs. Review the [reliability guides for each Azure service](./overview-reliability-guidance.md) you use to understand how that service supports reliability.
+> From a reliability perspective, it's important that you consider each component in your solution individually and how they operate together. Many core Azure networking services provide high resiliency by default. However, you might need to consider how other network appliances, VMs, and other components can support your reliability needs. For more information about how services support reliability, see [Azure service reliability guides](./overview-reliability-guidance.md).
 
-To learn more about networking in Azure, see [Networking architecture design](/azure/architecture/networking/).
+For more information about networking in Azure, see [Networking architecture design](/azure/architecture/networking/).
 
 ## Transient faults
 
 [!INCLUDE [Transient fault description](includes/reliability-transient-fault-description-include.md)]
 
-Virtual networks themselves aren't usually affected by transient faults. However, transient faults might affect resources deployed within a virtual network. Review the [reliability guide for each resource](./overview-reliability-guidance.md) you use to understand their transient fault handling behaviors.
+Transient faults don't usually affect virtual networks. However, transient faults might affect resources deployed within a virtual network. Review the [reliability guide for each resource](./overview-reliability-guidance.md) that you use to understand their transient fault handling behaviors.
 
 ## Availability zone support
 
 [!INCLUDE [AZ support description](includes/reliability-availability-zone-description-include.md)]
 
-A virtual network, as well as the subnets within that virtual network, spans across all availability zones within the region in which it's deployed. You do not have to configure anything to enable this support.
-You don't need to divide your virtual networks or subnets by availability zones to accommodate zonal resources. For example, if you configure a zonal VM, you don't have to take into consideration the virtual network when selecting the availability zone for the VM. The same is true for other zonal resources.
+A virtual network and its subnets span all availability zones within the region where it's deployed. You don't have to configure anything to enable this support.
+
+You don't need to divide your virtual networks or subnets by availability zones to accommodate zonal resources. For example, if you configure a zonal VM, you don't have to consider the virtual network when you select the availability zone for the VM. The same is true for other zonal resources.
 
 ### Region support
 
-Zone-redundant virtual networks can be deployed in [any region that supports availability zones](./regions-list.md).
+Zone-redundant virtual networks can be deployed into any [region that supports availability zones](./regions-list.md).
 
 ### Cost
 
-There is no extra cost for zone redundancy for Azure Virtual Networks.
+There's no extra cost for zone redundancy for Azure virtual networks.
 
 ### Configure availability zone support
 
 Zone redundancy is configured automatically when a virtual network is deployed in a region that supports availability zones.
 
 ### Zone-down experience
 
-Azure virtual networks are designed to be resilient to zone failures. When a zone becomes unavailable, Azure Virtual Network automatically reroutes virtual network requests to the remaining zones. This process is seamless and doesn't require any action from you.
+Azure virtual networks are designed to be resilient to zone failures. When a zone becomes unavailable, Virtual Network automatically reroutes virtual network requests to the remaining zones. This process is seamless and doesn't require any action from you.
 
-However, any resources within the virtual network need to be considered individually, because each resource might have a different set of behaviors during the loss of an availability zone. Consult the [reliability guide for each resource(./overview-reliability-guidance.md) you use to understand their availability zone support and behavior when a zone is unavailable.
+However, any resources within the virtual network need to be considered individually, because each resource might have a different set of behaviors during the loss of an availability zone. Review the [reliability guide for each resource](./overview-reliability-guidance.md) that you use to understand their availability zone support and behavior when a zone is unavailable.
 
 ### Failback
 
 When the zone recovers, Microsoft initiates a failback process to ensure that virtual networks continue to work in the recovered zone. The failback process is automatic and doesn't require any action from you.
 
-However, you should verify the failback behaviors of any resources you deploy within the virtual network. For more information, consult the [reliability guide for each resource(./overview-reliability-guidance.md).
+However, you should verify the failback behaviors of any resources that you deploy within the virtual network. For more information, see the [reliability guide for each resource](./overview-reliability-guidance.md).
 
 ### Testing for zone failures
 
-The Azure Virtual Network platform manages traffic routing, failover, and failback for virtual networks across availability zones.  Because this feature is fully managed, you don't need to validate availability zone failure processes.
+The Virtual Network platform manages traffic routing, failover, and failback for virtual networks across availability zones. Because this feature is fully managed, you don't need to validate availability zone failure processes.
 
 ## Multi-region support
 
-Azure Virtual Network is a single-region service. If the region becomes unavailable, your virtual network is also unavailable.
+Virtual Network is a single-region service. If the region becomes unavailable, your virtual network is also unavailable.
 
 ### Alternative multi-region approaches
 
 You can create virtual networks in multiple regions. You can also choose to connect those networks by *peering* them together.
 
-By creating virtual networks and other resources in multiple regions, you can be resilient to regional outages. However, you need to consider many factors, including:
+By creating virtual networks and other resources in multiple regions, you can be resilient to regional outages. However, you need to consider the following factors:
 
-- **Traffic routing:** If you host internet-facing services in the virtual network, you need to decide how to route incoming traffic among your regions and components. With services such as Azure Traffic Manager and Azure Front Door, you can route internet traffic based on rules you specify.
+- **Traffic routing:** If you host internet-facing services in the virtual network, you need to decide how to route incoming traffic among your regions and components. With services such as Azure Traffic Manager and Azure Front Door, you can route internet traffic based on rules that you specify.
 
-- **Failover:** If an Azure region is unavailable, you typically need to *fail over* by processing traffic in healthy regions. Azure Traffic Manager and Azure Front Door provide failover capabilities for internet applications.      
+- **Failover:** If an Azure region is unavailable, you typically need to fail over by processing traffic in healthy regions. Traffic Manager and Azure Front Door provide failover capabilities for internet applications.      
 
 - **Management:** Each virtual network is a separate resource and needs to be configured and managed independently from other virtual networks.
 
-- **IP address space:** You need to decide how to allocate IP addresses when you create multiple virtual networks. You can create multiple virtual networks using the same private IP address space in different regions. However, you can't peer (connect) two virtual networks with the same address space to your on-premises network, as it would cause routing issues. If you plan to create a multi-network design, IP address planning is an important consideration.
+- **IP address space:** Determine how to allocate IP addresses when you create multiple virtual networks. You can create multiple virtual networks by using the same private IP address space in different regions. However, you can't peer, or connect, two virtual networks with the same address space to your on-premises network because it causes routing problems. If you plan to create a multi-network design, IP address planning is an important consideration.
 
-Virtual networks are fairly lightweight resources. You can invoke Azure APIs to create a virtual network with the same address space in a different region. However, to recreate the same environment that was present in the affected region, you must redeploy the virtual machines and other resources. If you have on-premises connectivity, such as in a hybrid deployment, you have to deploy a new VPN Gateway, and connect to your on-premises network.
+Virtual networks don't require a lot of resources to run. You can invoke Azure APIs to create a virtual network with the same address space in a different region. However, to recreate a similar environment to the one that exists in the affected region, you must redeploy the VMs and other resources. If you have on-premises connectivity, such as in a hybrid deployment, you have to deploy a new VPN Gateway instance and connect to your on-premises network.
 
-For an example of a multi-region networking architecture for web applications, see [Multi-region load balancing with Traffic Manager, Azure Firewall, and Application Gateway](/azure/architecture/high-availability/reference-architecture-traffic-manager-application-gateway).
+For more information about a multi-region networking architecture for web applications, see [Multi-region load balancing with Traffic Manager, Azure Firewall, and Azure Application Gateway](/azure/architecture/high-availability/reference-architecture-traffic-manager-application-gateway).
 
 ## Backups
 
-Azure virtual networks don't store any data that would require backup. However, you can use Bicep, ARM templates, or Terraform to take a snapshot of the configuration of a virtual network in case you need to recreate it. To learn more, see [Quickstart: Create an Azure Virtual Network](../virtual-network/quickstart-create-virtual-network.md).
+Azure virtual networks don't store any data that requires backup. However, you can use Bicep, Azure Resource Manager templates, or Terraform to take a snapshot of the configuration of a virtual network if you need to recreate it. For more information, see [Create an Azure virtual network](../virtual-network/quickstart-create-virtual-network.md).
+
 ## Service-level agreement
 
-Due to the nature of the service provided, there isn't a defined SLA for Azure Virtual Network.
+Because of the nature of the service provided, there isn't a defined service-level agreement for Virtual Network.
 
 ## Related content
 
-[What are availability zones?](/azure/reliability/availability-zones-overview)
+- [Availability zones](availability-zones-overview.md)