Merge branch 'MicrosoftDocs:main' into main

Author: Ajsalemo

articles/confidential-computing/quick-create-confidential-vm-arm.md

@@ -216,7 +216,7 @@ Use this example to create a custom parameter file for a Linux-based confidentia
 
 1. Create a new key using Azure Key Vault. For how to use an Azure Managed HSM instead, see the next step.
 
-    1. Prepare and download the [key release policy](https://cvmprivatepreviewsa.blob.core.windows.net/cvmpublicpreviewcontainer/skr-policy.json) to your local disk.
+    1. Prepare and download the key release policy to your local disk.
     1. Create a new key.
 
         ```azurecli-interactive
@@ -232,7 +232,7 @@ Use this example to create a custom parameter file for a Linux-based confidentia
         $encryptionKeyURL= ((az keyvault key show --vault-name $KeyVault --name $KeyName) | ConvertFrom-Json).key.kid
         ```
 
-    1. Deploy a Disk Encryption Set (DES) using a [DES ARM template](https://cvmprivatepreviewsa.blob.core.windows.net/cvmpublicpreviewcontainer/deploymentTemplate/deployDES.json) (`deployDES.json`).
+    1. Deploy a Disk Encryption Set (DES) using a DES ARM template (`deployDES.json`).
 
         ```azurecli-interactive
         $desName = <name of DES>
@@ -260,7 +260,7 @@ Use this example to create a custom parameter file for a Linux-based confidentia
         ```
 
  1. (Optional) Create a new key from an Azure Managed HSM.
-    1. Prepare and download the [key release policy](https://cvmprivatepreviewsa.blob.core.windows.net/cvmpublicpreviewcontainer/skr-policy.json) to your local disk.
+    1. Prepare and download the key release policy to your local disk.
     1. Create the new key.
 
         ```azurecli-interactive
@@ -302,7 +302,7 @@ Use this example to create a custom parameter file for a Linux-based confidentia
         $desID = (az disk-encryption-set show -n $desName -g $resourceGroup --query [id] -o tsv)
         ```
 
-    1. Deploy your confidential VM using a confidential VM ARM template for [AMD SEV-SNP](https://cvmprivatepreviewsa.blob.core.windows.net/cvmpublicpreviewcontainer/deploymentTemplate/deployCPSCVM_cmk.json) or Intel TDX and a [deployment parameter file](#example-windows-parameter-file) (for example, `azuredeploy.parameters.win2022.json`) with the customer-managed key.
+    1. Deploy your confidential VM using a confidential VM ARM template for Intel TDX and a [deployment parameter file](#example-windows-parameter-file) (for example, `azuredeploy.parameters.win2022.json`) with the customer-managed key.
 
         ```azurecli-interactive
         $deployName = <name of deployment>

articles/operator-nexus/.openpublishing.redirection.operator-nexus.json

@@ -43,6 +43,12 @@
         {
             "source_path": "howto-use-azure-policy-for-aks-cluster-security.md",
             "redirect_url": "howto-use-azure-policy",
+            "redirect_document_id": false
+        },
+        {
+            "source_path": "troubleshoot-enable-node-down-cleaner.md",
+            "redirect_url": "concepts-storage",
+
             "redirect_document_id": false
         }
     ]

articles/operator-nexus/TOC.yml

@@ -302,8 +302,6 @@
     - name: Storage Array
       expanded: false
       items:
-        - name: Enable node down cleaner
-          href: troubleshoot-enable-node-down-cleaner.md
     - name: Tenant Workload
       expanded: false
       items:

articles/operator-nexus/concepts-storage.md

@@ -53,7 +53,7 @@ status:
 
 ### StorageClass: nexus-shared
 
-In situations where a shared file system is required, the *nexus-shared* storage class is available. This storage class provides a highly available shared storage solution by enabling multiple pods in the same Nexus Kubernetes cluster to concurrently access and share the same volume. The *nexus-shared* storage class is backed by a highly available NFS storage service. This NFS storage service (storage pool currently limited to a maximum size of 1TiB) is available per Cloud Service Network (CSN). The NFS storage service is deployed automatically on creation of a CSN resource. Any Nexus Kubernetes cluster attached to the CSN can provision persistent volumes from this shared storage pool. Nexus-shared supports both Read Write Once (RWO) and Read Write Many (RWX) access modes. What that means is that the workload applications can make use of either of these access modes to access the shared storage.
+In situations where a shared file system is required, the *nexus-shared* storage class is available. This storage class provides a highly available shared storage solution by enabling multiple pods in the same Nexus Kubernetes cluster to concurrently access and share the same volume. The *nexus-shared* storage class is backed by a highly available NFS storage service. This NFS storage service (storage pool currently limited to a maximum size of 1 TiB) is available per Cloud Service Network (CSN). The NFS storage service is deployed automatically on creation of a CSN resource. Any Nexus Kubernetes cluster attached to the CSN can provision persistent volumes from this shared storage pool. Nexus-shared supports both Read Write Once (RWO) and Read Write Many (RWX) access modes. What that means is that the workload applications can make use of either of these access modes to access the shared storage.
 
 <!--- IMG ![Nexus Shared Volume](Docs/media/nexus-shared-volume.png) IMG --->
 :::image type="content" source="media/nexus-shared-volume.png" alt-text="Diagram depicting how nexus-shared provisions a volume for a workload in Nexus Kubernetes Cluster":::
@@ -64,7 +64,7 @@ Although the performance and availability of *nexus-shared* are sufficient for m
 
 #### Read Write Once (RWO)
 
-In Read Write Once (RWO) mode, the nexus-shared volume can be mounted by only one node or claimant at a time. ReadWriteOnce access mode still allows multiple pods to access the volume when the pods are running on the same node.
+In Read Write Once (RWO) mode, only one node or claimant can mount the nexus-shared volume at a time. ReadWriteOnce access mode still allows multiple pods to access the volume when the pods are running on the same node.
 ```
 apiVersion: v1
 items:
@@ -92,7 +92,7 @@ items:
 
 #### Read Write Many (RWX)
 
-In Read Write Many (RWX) mode, the nexus-shared volume can be mounted by multiple nodes or claimants at the same time.
+In the Read Write Many (RWX) mode, multiple nodes or claimants can mount the nexus-shared volume at the same time.
 ```
 apiVersion: v1
 items:
@@ -119,7 +119,7 @@ items:
 ```
 ### Examples
 #### Read Write Once (RWO) with nexus-volume storage class
-The below manifest creates a StatefulSet with PersistentVolumeClaimTemplate using nexus-volume storage class in ReadWriteOnce mode.
+This example manifest creates a StatefulSet with PersistentVolumeClaimTemplate using nexus-volume storage class in ReadWriteOnce mode.
 ```
 apiVersion: apps/v1
 kind: StatefulSet
@@ -158,7 +158,7 @@ spec:
             storage: 10Gi
         storageClassName: nexus-volume
 ```
-Each pod of the StatefulSet will have one PersistentVolumeClaim created.
+Each pod of the StatefulSet has one PersistentVolumeClaim created.
 ```
 # kubectl get pvc
 NAME                             STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
@@ -247,7 +247,7 @@ spec:
           claimName: test-volume-rwx
 ...
 ```
-Once applied, there will be three replicas of the deployment sharing the same PVC.
+Once applied, there are three replicas of the deployment sharing the same PVC.
 ```
 # kubectl get pvc
 NAME                             STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
@@ -281,6 +281,25 @@ Thu Nov  9 21:51:41 UTC 2023 -- test-deploy-rwx-fdb8f49c-wdgw7
 Thu Nov  9 21:51:42 UTC 2023 -- test-deploy-rwx-fdb8f49c-86pv4
 ```
 
+## Volume size limits and capacity management
+
+PVCs created using the nexus-volume and nexus-shared have minimum and maximum claim sizes.
+
+| Storage Class | Minimum PVC Size | Maximum PVC Size |
+|---------------|------------------|------------------|
+| nexus-volume  | 1 MiB | 12 TiB |
+| nexus-shared  | None | 1 TiB |
+
+> [!IMPORTANT]
+> Volumes that reach their consumption limit will cause out of disk space errors on the workloads that consume them. You must make sure that you provision suitable volume sizes for your workload requirements. You must monitor both the storage appliance and all NFS servers for their percentage storage consumption. You can do this using the metrics documented in the [list of available metrics](./list-of-metrics-collected.md).
+
+- Both nexus-volume and nexus-shared PVCs have their requested storage capacity enforced as a consumption limit. A volume can't consume more storage than the associated PVC request.
+- All physical volumes are thin-provisioned. You must monitor the total storage consumption on your storage appliance and perform maintenance operations to free up storage space if necessary.
+- A nexus-volume PVC provisioning request fails if the requested size is less than the minimum or more than the maximum supported volume size.
+- Nexus-shared volumes are logically thin-provisioned on the backing NFS server. This NFS server has a fixed capacity of 1 TiB.
+  - A nexus-shared PVC can be provisioned despite requesting more than 1 TiB of storage, however, only 1 TiB can be consumed.
+  - It is possible to provision a set of PVCs where the sum of capacity requests is greater than 1 TiB. However, the consumption limit of 1 TiB applies; the set of associated PVs may not consume more than 1 TiB of storage.
+
 ## Storage appliance status
 
 The following properties reflect the operational state of a storage appliance:

articles/operator-nexus/reference-nexus-kubernetes-cluster-supported-versions.md

@@ -99,6 +99,7 @@ Note the following important changes to make before you upgrade to any of the av
 |--------------------|----------------|-----------------|
 | Volume orchestration connectivity is TLS encrypted | Beginning from 1.28.9-1, 1.28.0-5, 1.27.9-1, 1.27.3-5, 1.26.12-1, 1.26.6-5, 1.25.11-5 and 1.25.6-7  | |
 | Cluster nodes are Azure Arc-enabled | Beginning from 1.25.6-4, 1.25.11-2, 1.26.3-4, 1.26.6-2, 1.27.1-4, 1.27.3-2 and 1.28.0-2 | |
+| nexus-shared volumes have their capacity attribute enforced as a volume size limit | Beginning from v1.27.13-3, v1.27.9-5, v1.28.11-4, v1.28.12-3, v1.29.6-4, v1.29.7-3, v1.30.3-1 | |
 
 ## Upgrading Kubernetes versions
 
@@ -233,7 +234,7 @@ Nexus Kubernetes clusters don't support direct upgrades between LTS versions. To
 
 ### How does Microsoft notify me of new Kubernetes versions?
 
-This document is updated periodically with planned dates of the new Kubernetes versions. 
+This document is updated periodically with planned dates of the new Kubernetes versions.
 
 ### How often should I expect to upgrade Kubernetes versions to stay in support?
 

articles/operator-nexus/troubleshoot-enable-node-down-cleaner.md

@@ -68,7 +68,7 @@ This data connector was developed using Cisco Stealthwatch version 7.3.2
 >
 > Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.
 >
-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **CiscoUCS**. Alternatively, directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cisco%20UCS/Parsers/CiscoUCS.txt). It might take about 15-minutes post-installation to update.
+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **CiscoUCS**. Alternatively, directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cisco%20UCS/Parsers/CiscoUCS.yaml). It might take about 15-minutes post-installation to update.
 
 ## Cisco Web Security Appliance (WSA)
 
@@ -90,7 +90,7 @@ Configure Citrix ADC (former NetScaler) to forward logs via Syslog.
 5. For more information, see the [Citrix ADC (former NetScaler) documentation](https://docs.netscaler.com/).
 
 > [!NOTE]
-> The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed  as part of the solution installation. To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **CitrixADCEvent**. Alternatively, you can directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Citrix%20ADC/Parsers/CitrixADCEvent.txt). It might take about 15 minutes post-installation to update.
+> The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed  as part of the solution installation. To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **CitrixADCEvent**. Alternatively, you can directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Citrix%20ADC/Parsers/CitrixADCEvent.yaml). It might take about 15 minutes post-installation to update.
 >
 > This parser requires a watchlist named `Sources_by_SourceType`.
 >
@@ -161,7 +161,7 @@ This data connector was developed using Forescout Syslog Plugin version: v3.6
 > [!NOTE]
 > The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed  as part of the solution installation.
 >
-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **Infoblox**. Alternatively, you can directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Infoblox%20NIOS/Parser/Infoblox.txt). It might take about 15 minutes post-installation to update.
+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **Infoblox**. Alternatively, you can directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Infoblox%20NIOS/Parsers/Infoblox.yaml). It might take about 15 minutes post-installation to update.
 > 
 > This parser requires a watchlist named **`Sources_by_SourceType`**.
 >
@@ -315,7 +315,7 @@ This data connector was developed using RSA SecurID Authentication Manager versi
 >
 > Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line. 
 >
-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **SymantecVIP**. Alternatively, directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Symantec%20VIP/Parsers/SymantecVIP.txt). It might take about 15 minutes post-installation to update.
+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **SymantecVIP**. Alternatively, directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Symantec%20VIP/Parsers/SymantecVIP.yaml). It might take about 15 minutes post-installation to update.
 
 ## VMware ESXi
 

articles/sentinel/unified-connector-syslog-device.md

@@ -434,7 +434,7 @@
         href: apply-windows-license.md
       - name: Session host update
         items:
-        - name: Update session hosts using a session host configuration
+        - name: Update session hosts
           displayName: session host update, shc, shu
           href: session-host-update-configure.md
         - name: Session host update diagnostic queries

articles/virtual-desktop/TOC.yml

@@ -7,7 +7,7 @@ ms.author: daknappe
 ms.date: 10/01/2024
 ---
 
-# Update session hosts in host pool with a session host configuration using session host update in Azure Virtual Desktop (preview)
+# Update session hosts using session host update in Azure Virtual Desktop (preview)
 
 > [!IMPORTANT]
 > Session host update for Azure Virtual Desktop is currently in PREVIEW. This limited preview is provided as-is, with all faults and as available, and are excluded from the service-level agreements (SLAs) or any limited warranties Microsoft provides for Azure services in general availability. To register for the limited preview, complete this form: [https://forms.office.com/r/ZziQRGR1Lz](https://forms.office.com/r/ZziQRGR1Lz).