You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/payment-hsm/create-payment-hsm.md
+3Lines changed: 3 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -58,6 +58,9 @@ In this tutorial, you learn how to:
58
58
59
59
- You must register the "Microsoft.HardwareSecurityModules" and "Microsoft.Network" resource providers, as well as the Azure Payment HSM features. Steps for doing so are at [Register the Azure Payment HSM resource provider and resource provider features](register-payment-hsm-resource-providers.md).
60
60
61
+
> [!WARNING]
62
+
> You must apply the "FastPathEnabled" feature flag to **every** subscription ID, and add the "fastpathenabled" tag to **every** virtual network. For more details, see [Fastpathenabled](fastpathenabled.md).
63
+
61
64
To quickly ascertain if the resource providers and features are already registered, use the Azure PowerShell [Get-AzProviderFeature](/powershell/module/az.resources/get-azproviderfeature) cmdlet:
Copy file name to clipboardExpand all lines: articles/payment-hsm/fastpathenabled.md
+10-8Lines changed: 10 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -17,23 +17,25 @@ ms.author: mbaldwin
17
17
18
18
Azure Payment HSM uses the term "Fastpathenabled" in two related but distinct ways:
19
19
20
-
- "FastPathEnabled" (capitalized) is an Azure Feature Exposure Control (AFEC) flag. It must be applied to **every** subscription ID that wants to connect to a payment HSM.
21
-
- "fastpathenabled" (lowercased) is a virtual network tag. It must be added to **every** virtual network (and NAT gateway, when applicable) that interacts with a payment HSM.
20
+
- "FastPathEnabled" is an Azure Feature Exposure Control (AFEC) flag. It must be applied to **every** subscription ID that wants to connect to a payment HSM.
21
+
- "fastpathenabled" (always lowercased) is a virtual network tag. . It must be added to the virtual network hosting the payment HSM's delegated subnet, as well as to **every** peered VNet requiring connectivity to the payment HSM.
22
22
23
-
### Subscriptions
23
+
Adding the “FastPathEnabled” feature flag and enabling the “fastpathenabled” tag don't cause any downtime.
24
24
25
-
The "FastPathEnabled" feature flag must be added/registered to all subscriptions IDs that connect to a payment HSM. Applying the "FastPathEnabled" feature flag to a subscription that already has resources has **no** effect on existing resources--existing resources must be subsequently registered.
25
+
### Subscriptions
26
26
27
-
To apply the "FastPathEnabled" feature flag, see [Register the resource providers and features](register-payment-hsm-resource-providers.md).
27
+
The "FastPathEnabled" feature flag must be added/registered to all subscriptions IDs that need access to Azure Payment HSM. To apply the "FastPathEnabled" feature flag, see [Register the resource providers and features](register-payment-hsm-resource-providers.md).
28
28
29
29
> [!IMPORTANT]
30
-
> After registering the "FastPathEnabled" feature flag, you **must** contact the [Azure Payment HSM support team](support-guide.md#microsoft-support) team to have your registration approved. In your message to Microsoft support, include the subscription IDs of **every** subscription you want to connect to the payment HSM.
30
+
> After registering the "FastPathEnabled" feature flag, you **must** contact the [Azure Payment HSM support team](support-guide.md#microsoft-support) team to have your registration approved. In your message to Microsoft support, include the subscription IDs of **every** subscription that needs access to Azure Payment HSM.
31
31
32
32
### Virtual networks
33
33
34
-
The "fastpathenabled" tag must be added to every virtual networks that the payment HSM uses, peered or otherwise. For instance, to peer a virtual network of a payment HSM with a virtual network of a VM, you must first add the "fastpathenabled" tag to the latter.
34
+
The "fastpathenabled" tag must be added to every virtual networks connecting to Azure Payment HSM usesIn a Hub and Spoke topology, the "fastpathenabled" tag must be added to both the central Hub VNet and the peered Spoke VNet containing Payment HSM. In a Hub and Spoke topology, the "fastpathenabled" tag must be added to both the central Hub VNet and the peered Spoke VNet containing Azure Payment HSM.
35
+
36
+
The "fastpathenabled" tag is not required on non-directly peered VNets reaching the Payment HSM's VNet via a Central hub.
35
37
36
-
Unfortunately, adding the "fastpathenabled" tag through the Azure portal is insufficient—it must be done from the commandline. To do so, follow the steps outlined in [How to peer Azure Payment HSM virtual networks](peer-vnets.md?tabs=azure-cli).
38
+
Adding the "fastpathenabled" tag through the Azure portal is insufficient—it must be done from the commandline. To do so, follow the steps outlined in [How to peer Azure Payment HSM virtual networks](peer-vnets.md?tabs=azure-cli).
0 commit comments