You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/hdinsight/network-virtual-appliance.md
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,17 +1,17 @@
1
1
---
2
2
title: Configure network virtual appliance in Azure HDInsight
3
-
description: Learn how to configure a number of additional features for your network virtual appliance in Azure HDInsight.
3
+
description: Learn how to configure extra features for your network virtual appliance in Azure HDInsight.
4
4
ms.service: hdinsight
5
5
ms.topic: how-to
6
-
ms.date: 08/30/2022
6
+
ms.date: 09/20/2023
7
7
---
8
8
9
9
# Configure network virtual appliance in Azure HDInsight
10
10
11
11
> [!Important]
12
12
> The following information is **only** required if you wish to configure a network virtual appliance (NVA) other than [Azure Firewall](./hdinsight-restrict-outbound-traffic.md).
13
13
14
-
Azure Firewall FQDN tag is automatically configured to allow traffic for many of the common important FQDNs. Using another network virtual appliance will require you to configure a number of additional features. Keep the following factors in mind as you configure your network virtual appliance:
14
+
Azure Firewall FQDN tag is automatically configured to allow traffic for many of the common important FQDNs. Using another network virtual appliance requires you to configure extra features. Keep the following factors in mind as you configure your network virtual appliance:
15
15
16
16
* Service Endpoint capable services can be configured with service endpoints that results in bypassing the NVA, usually for cost or performance considerations.
17
17
* If ResourceProviderConnection is set to *outbound*, you can use private endpoints for the storage and SQL servers for metastores and there is no need to add them to the NVA.
@@ -21,7 +21,7 @@ Azure Firewall FQDN tag is automatically configured to allow traffic for many of
21
21
22
22
## Service endpoint capable dependencies
23
23
24
-
You can optionally enable one or more of the following service endpoints which will result in bypassing the NVA. This option can be useful for large amounts of data transfers to save on cost and also for performance optimizations.
24
+
You can optionally enable one or more of the following service endpoints, which result in bypassing the NVA. This option can be useful for large amounts of data transfers to save on cost and also for performance optimizations.
25
25
26
26
|**Endpoint**|
27
27
|---|
@@ -33,15 +33,15 @@ You can optionally enable one or more of the following service endpoints which w
33
33
34
34
|**Endpoint**|**Details**|
35
35
|---|---|
36
-
| IPs published [here](hdinsight-management-ip-addresses.md)| These IPs are for HDInsight resource provider and should be included in the UDR to avoid asymmetric routing. This rule is only needed if the ResourceProviderConnection is set to *Inbound*. If the ResourceProviderConnection is set to *Outbound* then these IPs are not needed in the UDR. |
37
-
| AAD-DS private IPs | Only needed for ESP clusters, if the VNETs are not peered.|
36
+
| IPs published [here](hdinsight-management-ip-addresses.md)| These IPs are for HDInsight resource provider and should be included in the UDR to avoid asymmetric routing. This rule is only needed if the ResourceProviderConnection is set to *Inbound*. If the ResourceProviderConnection is set to *Outbound*, then these IPs are not needed in the UDR. |
37
+
| AAD-DS private IPs | Only need for ESP clusters, if the VNETs are not peered.|
38
38
39
39
40
40
### FQDN HTTP/HTTPS dependencies
41
41
42
-
You can get the list of dependent FQDNs (mostly Azure Storage and Azure Service Bus) for configuring your network virtual appliance [in this repo](https://github.com/Azure-Samples/hdinsight-fqdn-lists/). For the regional list see [here](https://github.com/Azure-Samples/hdinsight-fqdn-lists/tree/main/Public). These dependencies are used by HDInsight resource provider(RP) to create and monitor/manage clusters successfully. These include telemetry/diagnostic logs, provisioning metadata, cluster-related configurations, scripts, etc. This FQDN dependency list might change with releasing future HDInsight updates.
42
+
You can get the list of dependent FQDNs (mostly Azure Storage and Azure Service Bus) for configuring your network virtual appliance [in this repo](https://github.com/Azure-Samples/hdinsight-fqdn-lists/). For the regional list, see [here](https://github.com/Azure-Samples/hdinsight-fqdn-lists/tree/main/Public). These dependencies are used by HDInsight resource provider(RP) to create and monitor/manage clusters successfully. These include telemetry/diagnostic logs, provisioning metadata, cluster-related configurations, scripts, etc. This FQDN dependency list might change with releasing future HDInsight updates.
43
43
44
-
The list below only gives a few FQDNs that may be needed for OS and security patching or certificate validations during the cluster create process and during the lifetime of cluster operations:
44
+
The following list gives a few FQDNs that may be needed for OS and security patching or certificate validations during the cluster create process and during the lifetime of cluster operations:
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments