Merge pull request #177274 from zeinab-mk/zeinam-purview2

updated self-hosted ir article

Author: ttorble

articles/purview/how-to-create-and-manage-collections.md

@@ -6,7 +6,7 @@ ms.author: viseshag
 ms.service: purview
 ms.subservice: purview-data-map
 ms.topic: how-to
-ms.date: 08/18/2021
+ms.date: 10/22/2021
 ms.custom: template-how-to
 ---
 
@@ -90,14 +90,28 @@ You will need to be a collection admin in order to create a collection. If you a
 
     :::image type="content" source="./media/how-to-create-and-manage-collections/filter-collections.png" alt-text="Screenshot of Purview studio collection window, with the filter above the collections highlighted." border="true":::
 
-1. Select **Refresh** in Root collection’s contextual menu to reload the collection list.
+1. Select **Refresh** in Root collection's contextual menu to reload the collection list.
 
     :::image type="content" source="./media/how-to-create-and-manage-collections/refresh-collections.png" alt-text="Screenshot of Purview studio collection window, with the button next to the Resource name selected, and the refresh button highlighted." border="true":::
 
 1. Select **Refresh** in collection detail page to reload the single collection.
 
     :::image type="content" source="./media/how-to-create-and-manage-collections/refresh-single-collection.png" alt-text="Screenshot of Purview studio collection window, with the refresh button under the collection window highlighted." border="true":::
 
+### Delete a collection
+
+You will need to be a collection admin in order to delete a collection. If you are not sure, follow the guide above to check permissions. Collection can be deleted only if no child collections, assets, data sources or scans are associated with it. 
+
+1. Select **Delete** from the collection detail page.
+   
+   :::image type="content" source="./media/how-to-create-and-manage-collections/delete-collections.png" alt-text="Screenshot of Purview studio window to delete a collection" border="true":::
+
+2. Select **Confirm** when prompted, **Are you sure you want to delete this collection?**
+
+   :::image type="content" source="./media/how-to-create-and-manage-collections/delete-collection-confirmation.png" alt-text="Screenshot of Purview studio window showing confirmation message to delete a collection" border="true":::
+
+3. Verify deletion of the collection from your Purview Data Map.
+
 ## Add roles and restrict access through collections
 
 Since permissions are managed through collections in Purview, it is important to understand the roles and what permissions they will give your users. A user granted permissions on a collection will have access to sources and assets associated with that collection, as well as inherit permissions to subcollections. Inheritance [can be restricted](#restrict-inheritance), but is allowed by default.
@@ -135,7 +149,7 @@ All assigned roles apply to sources, assets, and other objects within the collec
 
     :::image type="content" source="./media/how-to-create-and-manage-collections/remove-role-assignment.png" alt-text="Screenshot of Purview studio collection window, with the role assignments tab selected, and the x button beside one of the names highlighted." border="true":::
 
-1. Select **Confirm** if you’re sure to remove the user.
+1. Select **Confirm** if you're sure to remove the user.
 
     :::image type="content" source="./media/how-to-create-and-manage-collections/confirm-remove.png" alt-text="Screenshot of a confirmation pop-up, with the confirm button highlighted." border="true":::
 
@@ -146,7 +160,7 @@ Collection permissions are inherited automatically from the parent collection. F
 Once you restrict inheritance, you will need to add users directly to the restricted collection to grant them access.
 
 1. Navigate to the collection where you want to restrict inheritance and select the **Role assignments** tab.
-1. Select **Restrict inherited permissions** and select **Restrict access** in the popup dialog to remove inherited permissions from this collection and any subcollections. Note that collection admin permissions won’t be affected.
+1. Select **Restrict inherited permissions** and select **Restrict access** in the popup dialog to remove inherited permissions from this collection and any subcollections. Note that collection admin permissions won't be affected.
 
     :::image type="content" source="./media/how-to-create-and-manage-collections/restrict-access-inheritance.png" alt-text="Screenshot of Purview studio collection window, with the role assignments tab selected, and the restrict inherited permissions slide button highlighted." border="true":::
 
@@ -196,7 +210,7 @@ Assets and sources are also associated with collections. During a scan, if the s
 
         :::image type="content" source="./media/how-to-create-and-manage-collections/no-access.png" alt-text="Screenshot of Purview studio asset window where the user has no permissions, and has no access to information or options." border="true":::
 
-    1. If you have the read permission to one collection but don’t have the write permission, you can browse the asset details page, but the following operations are disabled:
+    1. If you have the read permission to one collection but don't have the write permission, you can browse the asset details page, but the following operations are disabled:
         * Edit the asset. The **Edit** button will be disabled.
         * Delete the asset. The **Delete** button will be disabled.
         * Move asset to another collection. The ellipsis button on the right-top corner of Collection path section will be hidden.

articles/purview/manage-integration-runtimes.md

@@ -6,7 +6,7 @@ ms.author: viseshag
 ms.service: purview
 ms.subservice: purview-data-map
 ms.topic: how-to
-ms.date: 09/27/2021
+ms.date: 10/22/2021
 ---
 
 # Create and manage a self-hosted integration runtime
@@ -77,6 +77,61 @@ To create and set up a self-hosted integration runtime, use the following proced
 
    :::image type="content" source="media/manage-integration-runtimes/successfully-registered.png" alt-text="successfully registered.":::
 
+### Configure proxy server settings
+
+If you select the **Use system proxy** option for the HTTP proxy, the self-hosted integration runtime uses the proxy settings in diahost.exe.config and diawp.exe.config. When these files specify no proxy, the self-hosted integration runtime connects to the cloud service directly without going through a proxy. The following procedure provides instructions for updating the diahost.exe.config file:
+
+1. In File Explorer, make a safe copy of C:\Program Files\Microsoft Integration Runtime\5.0\Shared\diahost.exe.config as a backup of the original file.
+1. Open Notepad running as administrator.
+1. In Notepad, open the text file C:\Program Files\Microsoft Integration Runtime\5.0\Shared\diahost.exe.config.
+1. Find the default **system.net** tag as shown in the following code:
+
+    ```xml
+    <system.net>
+        <defaultProxy useDefaultCredentials="true" />
+    </system.net>
+    ```
+
+    You can then add proxy server details as shown in the following example:
+
+    ```xml
+    <system.net>
+        <defaultProxy enabled="true">
+              <proxy bypassonlocal="true" proxyaddress="http://proxy.domain.org:8888/" />
+        </defaultProxy>
+    </system.net>
+    ```
+
+    The proxy tag allows additional properties to specify required settings like `scriptLocation`. See [\<proxy\> Element (Network Settings)](/dotnet/framework/configure-apps/file-schema/network/proxy-element-network-settings) for syntax.
+
+    ```xml
+    <proxy autoDetect="true|false|unspecified" bypassonlocal="true|false|unspecified" proxyaddress="uriString" scriptLocation="uriString" usesystemdefault="true|false|unspecified "/>
+    ```
+
+1. Save the configuration file in its original location. Then restart the self-hosted integration runtime host service, which picks up the changes.
+
+   To restart the service, use the services applet from Control Panel. Or from Integration Runtime Configuration Manager, select the **Stop Service** button, and then select **Start Service**.
+
+   If the service doesn't start, you likely added incorrect XML tag syntax in the application configuration file that you edited.
+
+> [!IMPORTANT]
+> Don't forget to update both diahost.exe.config and diawp.exe.config.
+
+You also need to make sure that Microsoft Azure is in your company's allowlist. You can download the list of valid Azure IP addresses. IP Ranges for each cloud, broken down by region and by the tagged services in that cloud are now available on MS Download: 
+   - Public: https://www.microsoft.com/download/details.aspx?id=56519
+
+### Possible symptoms for issues related to the firewall and proxy server
+
+If you see error messages like the following ones, the likely reason is improper configuration of the firewall or proxy server. Such configuration prevents the self-hosted integration runtime from connecting to Azure managed storage accounts or data sources. To ensure that your firewall and proxy server are properly configured, refer to the previous section.
+
+- When you try to register the self-hosted integration runtime, you receive the following error message: "Failed to register this Integration Runtime node! Confirm that the Authentication key is valid and the integration service host service is running on this machine."
+- When you open Integration Runtime Configuration Manager, you see a status of **Disconnected** or **Connecting**. When you view Windows event logs, under **Event Viewer** > **Application and Services Logs** > **Microsoft Integration Runtime**, you see error messages like this one:
+
+  ```output
+  Unable to connect to the remote server
+  A component of Integration Runtime has become unresponsive and restarts automatically. Component name: Integration Runtime (Self-hosted).
+  ```
+
 ## Networking requirements
 
 Your self-hosted integration runtime machine will need to connect to several resources to work correctly:
@@ -136,6 +191,41 @@ When scanning Parquet files using the Self-hosted IR, the service locates the Ja
 - **To use JRE**: The 64-bit IR requires 64-bit JRE. You can find it from [here](https://go.microsoft.com/fwlink/?LinkId=808605).
 - **To use OpenJDK**: It's supported since IR version 3.13. Package the jvm.dll with all other required assemblies of OpenJDK into Self-hosted IR machine, and set system environment variable JAVA_HOME accordingly.
 
+## Proxy server considerations
+
+If your corporate network environment uses a proxy server to access the internet, configure the self-hosted integration runtime to use appropriate proxy settings. You can set the proxy during the initial registration phase.
+
+:::image type="content" source="media/manage-integration-runtimes/self-hosted-proxy.png" alt-text="Specify the proxy":::
+
+When configured, the self-hosted integration runtime uses the proxy server to connect to the cloud service's source and destination (which use the HTTP or HTTPS protocol). This is why you select **Change link** during initial setup.
+
+:::image type="content" source="media/manage-integration-runtimes/set-http-proxy.png" alt-text="Set the proxy":::
+
+There are three configuration options:
+
+- **Do not use proxy**: The self-hosted integration runtime doesn't explicitly use any proxy to connect to cloud services.
+- **Use system proxy**: The self-hosted integration runtime uses the proxy setting that is configured in diahost.exe.config and diawp.exe.config. If these files specify no proxy configuration, the self-hosted integration runtime connects to the cloud service directly without going through a proxy.
+- **Use custom proxy**: Configure the HTTP proxy setting to use for the self-hosted integration runtime, instead of using configurations in diahost.exe.config and diawp.exe.config. **Address** and **Port** values are required. **User Name** and **Password** values are optional, depending on your proxy's authentication setting. All settings are encrypted with Windows DPAPI on the self-hosted integration runtime and stored locally on the machine.
+
+The integration runtime host service restarts automatically after you save the updated proxy settings.
+
+After you register the self-hosted integration runtime, if you want to view or update proxy settings, use Microsoft Integration Runtime Configuration Manager.
+
+1. Open **Microsoft Integration Runtime Configuration Manager**.
+3. Under **HTTP Proxy**, select the **Change** link to open the **Set HTTP Proxy** dialog box.
+4. Select **Next**. You then see a warning that asks for your permission to save the proxy setting and restart the integration runtime host service.
+
+You can use the configuration manager tool to view and update the HTTP proxy.
+
+> [!NOTE]
+> If you set up a proxy server with NTLM authentication, the integration runtime host service runs under the domain account. If you later change the password for the domain account, remember to update the configuration settings for the service and restart the service. Because of this requirement, we suggest that you access the proxy server by using a dedicated domain account that doesn't require you to update the password frequently.
+
+## Installation best practices
+
+You can install the self-hosted integration runtime by downloading a Managed Identity setup package from [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=39717).
+
+- Configure a power plan on the host machine for the self-hosted integration runtime so that the machine doesn't hibernate. If the host machine hibernates, the self-hosted integration runtime goes offline.
+- Regularly back up the credentials associated with the self-hosted integration runtime.
 
 ## Next steps
 

articles/purview/media/how-to-create-and-manage-collections/delete-collection-confirmation.png

@@ -80,7 +80,7 @@ items:
     href: concept-account-upgrade.md
 - name: How-to guides
   items:
-  - name: Create and manage collections
+  - name: Manage collections
     href: how-to-create-and-manage-collections.md
   - name: Manage sources
     items: