Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into migrate

Author: markingmyname

articles/ai-services/document-intelligence/sdk-overview-v4-0.md

@@ -18,7 +18,7 @@ items:
       - name: Changelog and release history
         displayName: latest, update, beta, package, preview, version
         href: changelog-release-history.md
-      - name: "SDK targets: REST API 2023–10–31-preview"
+      - name: "SDK targets: REST API 2024–02–29-preview"
         displayName: get started, installation, downloads, documentAnalysisClient, document analysis client, Azure AD, Azure Active Directory, identity, changelog, package, version,AzureKeyCredential, Azure key credential, key, endpoint
         href: sdk-overview-v4-0.md
       - name: "SDK targets: REST API 2023–7–31 latest (GA)"

articles/ai-services/document-intelligence/toc.yml

@@ -186,33 +186,37 @@ You can use the `nodeSelector` field in your pod specification to specify the no
 The following example pod definition file shows how to use pod anti-affinity to ensure that pods are spread across nodes:
 
 ```yaml
-apiVersion: v1
-kind: Pod
+apiVersion: apps/v1
+kind: Deployment
 metadata:
-  name: with-node-affinity
+  name: multi-zone-deployment
+  labels:
+    app: myapp
 spec:
-  affinity:
-    nodeAffinity:
-      requiredDuringSchedulingIgnoredDuringExecution:
-        nodeSelectorTerms:
-        - matchExpressions:
-          - key: topology.kubernetes.io/zone
-            operator: In
-            values:
-            - 0 # Azure Availability Zone 0
-            - 1 # Azure Availability Zone 1
-            - 2 # Azure Availability Zone 2
-      preferredDuringSchedulingIgnoredDuringExecution:
-      - weight: 1
-        preference:
-          matchExpressions:
-          - key: another-node-label-key
-            operator: In
-            values:
-            - another-node-label-value
-  containers:
-  - name: with-node-affinity
-    image: registry.k8s.io/pause:2.0
+  replicas: 3
+  selector:
+    matchLabels:
+      app: myapp
+  template:
+    metadata:
+      labels:
+        app: myapp
+    spec:
+      containers:
+      - name: myapp-container
+        image: nginx
+        ports:
+        - containerPort: 80
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchExpressions:
+              - key: app
+                operator: In
+                values:
+                - myapp
+            topologyKey: topology.kubernetes.io/zone
 ```
 
 For more information, see [Affinity and anti-affinity in Kubernetes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity).

articles/aks/best-practices-app-cluster-reliability.md

@@ -4,7 +4,7 @@ description: Learn how to quickly deploy a Kubernetes cluster and deploy an appl
 ms.author: schaffererin
 author: schaffererin
 ms.topic: quickstart
-ms.date: 03/15/2024
+ms.date: 03/21/2024
 ms.custom: H1Hack27Feb2017, mvc, devcenter, seo-javascript-september2019, seo-javascript-october2019, seo-python-october2019, contperf-fy21q1, mode-api, devx-track-extended-azdevcli
 #Customer intent: As a developer or cluster operator, I want to deploy an AKS cluster and deploy an application so I can see how to run applications using the managed Kubernetes service in Azure.
 ---
@@ -67,7 +67,7 @@ The quickstart application includes the following Kubernetes deployments and ser
 
 The `azd` template contains all the code needed to create the services, but you need to sign in to your Azure account in order to host the application on AKS.
 
-1. Sign in to your account using the [`azd auth login`][az-auth-login] command.
+1. Sign in to your account using the [`azd auth login`][azd-auth-login] command.
 
     ```azdeveloper
     azd auth login
@@ -97,7 +97,7 @@ The `azd` template contains all the code needed to create the services, but you
 
 ## Create and deploy resources for your cluster
 
-`azd` runs all the hooks inside of the [`azd-hooks` folder](https://github.com/Azure-Samples/aks-store-demo/tree/main/azd-hooks) to preregister, provision, and deploy the application services.
+`azd` runs all the hooks inside of the [`azd-hooks` folder][azd-hooks-folder] to preregister, provision, and deploy the application services.
 
 The `azd` template for this quickstart creates a new resource group with an AKS cluster and an Azure key vault. The key vault stores client secrets and runs the services in the `pets` namespace
 
@@ -135,15 +135,19 @@ The `azd` template for this quickstart creates a new resource group with an AKS
 
 ## Test the application
 
-When the application runs, a Kubernetes service exposes the application front end to the internet. This process can take a few minutes to complete.
+When the application runs, a Kubernetes service exposes the application front end to the internet. This process can take a few minutes to complete. To manage a Kubernetes cluster, use the Kubernetes command-line client, [kubectl][kubectl]. `kubectl` is already installed during `azd up`.
 
 1. Set your namespace as the demo namespace `pets` using the [`kubectl set-context`][kubectl-set-context] command.
 
     ```console
     kubectl config set-context --current --namespace=pets
     ```
 
-2. Check the status of the deployed pods using the [`kubectl get pods`][kubectl-get-pods] command. Make sure all pods are `Running` before proceeding.
+2. Check the status of the deployed pods using the [`kubectl get pods`][kubectl-get] command. Make sure all pods are `Running` before proceeding.
+
+    ```console
+    kubectl get pods
+    ```
 
 3. Check for a public IP address for the store-front application and monitor progress using the [`kubectl get service`][kubectl-get] command with the `--watch` argument.
 
@@ -175,7 +179,7 @@ When the application runs, a Kubernetes service exposes the application front en
 
 Once you're finished with the quickstart, clean up unnecessary resources to avoid Azure charges.
 
-1. Delete all the resources created in the quickstart using the [`azd down`][az-down] command.
+1. Delete all the resources created in the quickstart using the [`azd down`][azd-down] command.
 
     ```azdeveloper
     azd down
@@ -215,26 +219,18 @@ To learn more about AKS and walk through a complete code-to-deployment example,
 > [AKS tutorial][aks-tutorial]
 
 <!-- LINKS - external -->
+[azd-hooks-folder]: https://github.com/Azure-Samples/aks-store-demo/tree/main/azd-hooks
 [kubectl]: https://kubernetes.io/docs/reference/kubectl/
-[kubectl-apply]: https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#apply
 [kubectl-get]: https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#get
 [kubectl-set-context]: https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#config-set-context
-[kubectl-get-pods]: https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#get-pods
 
 <!-- LINKS - internal -->
 [aks-tutorial]: ../tutorial-kubernetes-prepare-app.md
-[azure-resource-group]: ../../azure-resource-manager/management/overview.md
-[az-aks-create]: /cli/azure/aks#az-aks-create
-[az-aks-get-credentials]: /cli/azure/aks#az-aks-get-credentials
-[install-azure-cli]: /cli/azure/install-azure-cli
-[az-aks-install-cli]: /cli/azure/aks#az-aks-install-cli
-[az-group-create]: /cli/azure/group#az-group-create
-[az-group-delete]: /cli/azure/group#az-group-delete
 [azd-init]: /azure/developer/azure-developer-cli/reference#azd-init
 [azd-up]: /azure/developer/azure-developer-cli/reference#azd-up
-[az-auth-login]: /azure/developer/azure-developer-cli/reference#azd-auth-login
+[azd-down]: /azure/developer/azure-developer-cli/reference#azd-down
+[azd-auth-login]: /azure/developer/azure-developer-cli/reference#azd-auth-login
 [azd-install]: /azure/developer/azure-developer-cli/install-azd
 [kubernetes-concepts]: ../concepts-clusters-workloads.md
-[kubernetes-deployment]: ../concepts-clusters-workloads.md#deployments-and-yaml-manifests
 [aks-solution-guidance]: /azure/architecture/reference-architectures/containers/aks-start-here?toc=/azure/aks/toc.json&bc=/azure/aks/breadcrumb/toc.json
 [baseline-reference-architecture]: /azure/architecture/reference-architectures/containers/aks/baseline-aks?toc=/azure/aks/toc.json&bc=/azure/aks/breadcrumb/toc.json

articles/aks/learn/quick-kubernetes-deploy-azd.md

@@ -2,8 +2,8 @@
 title: How to secure an Azure Maps application with a SAS token
 titleSuffix: Azure Maps
 description: Create an Azure Maps account secured with SAS token authentication.
-author: stack111
-ms.author: dstack
+author: eriklindeman
+ms.author: eriklind
 ms.date: 06/08/2022
 ms.topic: how-to
 ms.service: azure-maps

articles/azure-maps/how-to-secure-sas-app.md

@@ -16,9 +16,9 @@ The diagram shows the deployment of VMware HCX from on-premises VMware vSphere t
    :::image type="content" source="./media/disaster-recovery-virtual-machines/hcx-disaster-recovery-scenario-1-diagram.png" alt-text="Diagram shows the VMware HCX manual disaster recovery solution in Azure VMware Solution with on-premises VMware vSphere." border="true" lightbox="./media/disaster-recovery-virtual-machines/hcx-disaster-recovery-scenario-1-diagram.png":::
 
 >[!IMPORTANT]
->Although part of VMware HCX, VMware HCX Disaster Recovery (DR) is not recommended for large deployments. The disaster recovery orchestration is 100% manual, and Azure VMware Solution currently doesn't have runbooks or features to support manual VMware HCX DR failover. For enterprise-class disaster recovery, refer to VMware Site Recovery Manager (SRM) or VMware business continuity and disaster recovery (BCDR) solutions.
+>Although part of VMware HCX, VMware HCX Disaster Recovery (DR) is not recommended for large deployments. The disaster recovery orchestration is 100% manual, and Azure VMware Solution currently doesn't have runbooks or features to support manual VMware HCX DR failover. For enterprise-class disaster recovery, refer to VMware Site Recovery Manager (SRM) or VMware Business Continuity and Disaster Recovery (BCDR) solutions.
 
-VMware HCX provides various operations that provide fine control and granularity in replication policies. Available Operations include:
+VMware HCX provides various operations for fine control and granularity in replication policies. Available Operations include:
 
 - **Reverse** – After a disaster occurs, reverse helps make Site B the source site and Site A, where the protected VM now lives.
 

articles/azure-vmware/deploy-disaster-recovery-using-vmware-hcx.md

@@ -90,7 +90,7 @@ A Source Network Address Translation (SNAT) service with Port Address Translatio
 
 #### Create a SNAT rule
 
-1. In your Azure VMware Solution private cloud, select **vCenter Server Credentials**.
+1. In your Azure VMware Solution private cloud, select **VMware credentials**.
 1. Locate your NSX Manager URL and credentials.
 1. Sign in to VMware NSX Manager.
 1. Go to **NAT Rules**.
@@ -116,7 +116,8 @@ For more information on NSX-T Data Center NAT configuration and options, see the
 
 You can create a No-NAT or No-SNAT rule in NSX Manager to exclude certain matches from performing NAT. This policy can be used to allow private IP address traffic to bypass existing network translation rules.
 
-1. In your Azure VMware Solution private cloud, select **vCenter Server Credentials**.
+1. In your Azure VMware Solution private cloud, select **VMware credentials**.
+1. Locate your NSX Manager URL and credentials.
 1. Sign in to NSX Manager, and then select **NAT Rules**.
 1. Select the T1 router, and then select **Add NAT Rule**.
 1. Select **No SNAT** rule as the type of NAT rule.
@@ -129,7 +130,8 @@ A Destination Network Translation (DNAT) service is used to expose a VM on a spe
 
 #### Create a DNAT rule
 
-1. In your Azure VMware Solution private cloud, select **vCenter Server Credentials**.
+1. In your Azure VMware Solution private cloud, select **VMware credentials**.
+1. Locate your NSX Manager URL and credentials.
 1. Sign in to NSX Manager, and then select **NAT Rules**.
 1. Select the T1 router, and then select **Add DNAT Rule**.
 1. Enter a name for the rule.
@@ -147,6 +149,7 @@ The VM is now exposed to the internet on the specific public IP address or on sp
 You can provide security protection for your network traffic in and out of the public internet through your gateway firewall.
 
 1. In your Azure VMware Solution private cloud, select **VMware credentials**.
+1. Locate your NSX Manager URL and credentials.
 1. Sign in to NSX Manager.
 1. On the NSX-T overview page, select **Gateway Policies**.
 1. Select **Gateway Specific Rules**, choose the T1 gateway, and then select **Add Policy**.

articles/azure-vmware/enable-public-ip-nsx-edge.md

@@ -158,7 +158,7 @@ The following table provides a detailed list of roles and responsibilities betwe
 | -------- | ---------------- |
 | Microsoft - Azure VMware Solution | Physical infrastructure<ul><li>Azure regions</li><li>Azure availability zones</li><li>Express Route/Global Reach</ul></li>Compute/Network/Storage<ul><li>Rack and power Bare Metal hosts</li><li>Rack and power network equipment</ul></li>Private cloud deploy/lifecycle<ul><li>VMware ESXi deploy, patch, and upgrade</li><li>VMware vCenter Servers deploy, patch, and upgrade</li><li>VMware NSX-T Data Centers deploy, patch, and upgrade</li><li>VMware vSAN deploy, patch, and upgrade</ul></li>Private cloud Networking - VMware NSX-T Data Center provider config<ul><li>Microsoft Edge node/cluster, VMware NSX-T Data Center host preparation</li><li>Provider Tier-0 and Tenant Tier-1 Gateway</li><li>Connectivity from Tier-0 (using BGP) to Azure Network via ExpressRoute</ul></li>Private cloud compute - VMware vCenter Server provider config<ul><li>Create default cluster</li><li>Configure virtual networking for vMotion, Management, vSAN, and others</ul></li>Private cloud backup/restore<ul><li>Back up and restore VMware vCenter Server</li><li>Back up and restore VMware NSX-T Data Center NSX-T Manager</ul></li>Private cloud health monitoring and corrective actions, for example: replace failed hosts</br><br>(optional) VMware HCX deploys with fully configured compute profile on cloud side as add-on</br><br>(optional) VMware SRM deploys, upgrade, and scale up/down</br><br>Support - Private cloud platforms and VMware HCX      |
 | Customer | Request Azure VMware Solution host quote with Microsoft<br>Plan and create a request for private clouds on Azure portal with:<ul><li>Host count</li><li>Management network range</li><li>Other information</ul></li>Configure private cloud network and security (VMware NSX-T Data Center)<ul><li>Network segments to host applications</li><li>More Tier -1 routers</li><li>Firewall</li><li>VMware NSX-T Data Center LB</li><li>IPsec VPN</li><li>NAT</li><li>Public IP addresses</li><li>Distributed firewall/gateway firewall</li><li>Network extension using VMware HCX or VMware NSX-T Data Center</li><li>AD/LDAP config for RBAC</ul></li>Configure private cloud - VMware vCenter Server<ul><li>AD/LDAP config for RBAC</li><li>Deploy and lifecycle management of Virtual Machines (VMs) and application<ul><li>Install operating systems</li><li>Patch operating systems</li><li>Install antivirus software</li><li>Install backup software</li><li>Install configuration management software</li><li>Install application components</li><li>VM networking using VMware NSX-T Data Center segments</ul></li><li>Migrate Virtual Machines (VMs)<ul><li>VMware HCX configuration</li><li>Live vMotion</li><li>Cold migration</li><li>Content library sync</ul></li></ul></li>Configure private cloud - vSAN<ul><li>Define and maintain vSAN VM policies</li><li>Add hosts to maintain adequate 'slack space'</ul></li>Configure VMware HCX<ul><li>Download and deploy HCA connector OVA in on-premises</li><li>Pairing on-premises VMware HCX connector</li><li>Configure the network profile, compute profile, and service mesh</li><li>Configure VMware HCX network extension/MON</li><li>Upgrade/updates</ul></li>Network configuration to connect to on-premises, virtual network, or internet</br><br>Add or delete hosts requests to cluster from Portal</br><br>Deploy/lifecycle management of partner (third party) solutions      |
-| Partner ecosystem | Support for their product/solution. For reference, the following are some of the supported Azure VMware Solution partner solution/product:<ul><li>BCDR - VMware SRM, JetStream, Zerto, and others</li><li>Backup - Veeam, Commvault, Rubrik, and others</li><li>VDI - Horizon/Citrix</li><li>Multitenancy for enterprises - VMware Cloud Director Service (CDS), VMware vCloud Director Availability (VCDA)</li><li>Security solutions - BitDefender, TrendMicro, Checkpoint</li><li>Other VMware products - Aria Suite, NSX Advanced Load Balancer     |
+| Partner ecosystem | Support for their product/solution. For reference, the following are some of the supported Azure VMware Solution partner solution/product:<ul><li>BCDR - VMware SRM, JetStream, Zerto, and others</li><li>Backup - Veeam, Commvault, Rubrik, and others</li><li>VDI - Horizon, Citrix</li><li>Multitenancy for enterprises - VMware Cloud Director Service (CDS), VMware vCloud Director Availability (VCDA)</li><li>Security solutions - BitDefender, TrendMicro, Checkpoint</li><li>Other VMware products - Aria Suite, NSX Advanced Load Balancer     |
 
 
 ## Next steps

articles/azure-vmware/introduction.md

@@ -22,7 +22,7 @@ Consider and determine which services connect to vCenter Server as *cloudadmin@v
 
 One way to determine which services authenticate to vCenter Server with the cloudadmin user is to inspect vSphere events using the vSphere Client for your private cloud. After you identify such services, and before rotating the password, you must stop these services. Otherwise, the services won't work after you rotate the password. You can also experience temporary locks on your vCenter Server CloudAdmin account, as these services continuously attempt to authenticate using a cached version of the old credentials. 
 
-Instead of using the cloudadmin user to connect services to vCenter Server or NSX-T Data Center, we recommend individual accounts for each service. For more information about setting up separate accounts for connected services, see [Access and Identity Concepts](./concepts-identity.md).
+Instead of using the cloudadmin user to connect services to vCenter Server or NSX-T, we recommend individual accounts for each service. For more information about setting up separate accounts for connected services, see [Access and Identity Concepts](./concepts-identity.md).
 
 ## Reset your vCenter Server credentials