Merge pull request #244441 from mbender-ms/networking-fun-updates

v-regandowner · web-flow · commit f3167baf4a3b · 2023-07-10T14:43:40.000-04:00
networking fundamentals - updates to toc, overview, and index
diff --git a/articles/networking/fundamentals/index.yml b/articles/networking/fundamentals/index.yml
@@ -10,7 +10,7 @@ metadata:
   ms.collection: collection
   author: mbender-ms
   ms.author: mbender
-  ms.date: 05/11/2023
+  ms.date: 07/10/2023
   ms.custom: engagement-fy23
 
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | whats-new
diff --git a/articles/networking/fundamentals/networking-overview.md b/articles/networking/fundamentals/networking-overview.md
@@ -6,14 +6,14 @@ author: mbender-ms
 ms.service: virtual-network
 ms.topic: conceptual
 ms.workload: infrastructure-services
-ms.date: 03/09/2023
+ms.date: 07/10/2023
 ms.author: mbender
 ms.custom: template-concept, engagement-fy23
 ---
 
 # Azure networking services overview
 
-The networking services in Azure provide a variety of networking capabilities that can be used together or separately. Select any of the following key capabilities to learn more about them:
+The networking services in Azure provide various networking capabilities that can be used together or separately. Select any of the following key capabilities to learn more about them:
 - [**Connectivity services**](#connect): Connect Azure resources and on-premises resources using any or a combination of these networking services in Azure - Virtual Network (VNet), Virtual WAN, ExpressRoute, VPN Gateway, Virtual network NAT Gateway, Azure DNS, Peering service, Azure Virtual Network Manager, Route Server, and Azure Bastion.
 - [**Application protection services**](#protect): Protect your applications  using any or a combination of these networking services in Azure - Load Balancer, Private Link, DDoS protection, Firewall, Network Security Groups, Web Application Firewall, and Virtual Network Endpoints.
 - [**Application delivery services**](#deliver): Deliver applications in the Azure network using any or a combination of these networking services in Azure - Content Delivery Network (CDN), Azure Front Door Service, Traffic Manager, Application Gateway, Internet Analyzer, and Load Balancer.
@@ -32,6 +32,12 @@ Azure Virtual Network (VNet) is the fundamental building block for your private
 
 For more information, see [What is Azure Virtual Network?](../../virtual-network/virtual-networks-overview.md)
 
+### <a name="avnm"></a>Azure Virtual Network Manager
+
+Azure Virtual Network Manager is a management service that enables you to group, configure, deploy, and manage virtual networks globally across subscriptions. With Virtual Network Manager, you can define [network groups](../../virtual-network-manager/concept-network-groups.md) to identify and logically segment your virtual networks. Then you can determine the [connectivity](../../virtual-network-manager/concept-connectivity-configuration.md) and [security configurations](../../virtual-network-manager/concept-security-admins.md) you want and apply them across all the selected virtual networks in network groups at once. For more information, see [What is Azure Virtual Network Manager?](../../virtual-network-manager/overview.md).
+
+:::image type="content" source="../../virtual-network-manager/media/create-virtual-network-manager-portal/virtual-network-manager-resources-diagram.png" alt-text="Diagram of resources deployed for a mesh virtual network topology with Azure virtual network manager.":::
+
 ### <a name="expressroute"></a>ExpressRoute
 ExpressRoute enables you to extend your on-premises networks into the Microsoft cloud over a private connection facilitated by a connectivity provider. This connection is private. Traffic doesn't go over the internet. With ExpressRoute, you can establish connections to Microsoft cloud services, such as Microsoft Azure, Microsoft 365, and Dynamics 365.  For more information, see [What is ExpressRoute?](../../expressroute/expressroute-introduction.md)
 
@@ -68,7 +74,7 @@ Azure DNS is a hosting service for DNS domains that provides name resolution by
 
 ### <a name="bastion"></a>Azure Bastion
 
-Azure Bastion is a service that you can deploy to let you connect to a virtual machine using your browser and the Azure portal, or via the native SSH or RDP client already installed on your local computer. The Azure Bastion service is a fully platform-managed PaaS service that you provision inside your virtual network. It provides secure and seamless RDP/SSH connectivity to your virtual machines directly from the Azure portal over TLS. When you connect via Azure Bastion, your virtual machines don't need a public IP address, agent, or special client software. For more information, see [What is Azure Bastion?](../../bastion/bastion-overview.md)
+Azure Bastion is a service that you can deploy to let you connect to a virtual machine using your browser and the Azure portal, or via the native SSH or RDP client already installed on your local computer. The Azure Bastion service is a fully platform-managed PaaS service that you deploy inside your virtual network. It provides secure and seamless RDP/SSH connectivity to your virtual machines directly from the Azure portal over TLS. When you connect via Azure Bastion, your virtual machines don't need a public IP address, agent, or special client software. For more information, see [What is Azure Bastion?](../../bastion/bastion-overview.md)
 
 :::image type="content" source="../../bastion/media/bastion-overview/architecture.png" alt-text="Diagram showing Azure Bastion architecture.":::
 
@@ -78,10 +84,6 @@ For more information, see [What is virtual network NAT gateway?](../../virtual-n
 
 :::image type="content" source="./media/networking-overview/flow-map.png" alt-text="Virtual network NAT gateway":::
 
-### <a name="avnm"></a>Azure Virtual Network Manager
-
-Azure Virtual Network Manager is a management service that enables you to group, configure, deploy, and manage virtual networks globally across subscriptions. With Virtual Network Manager, you can define network groups to identify and logically segment your virtual networks. Then you can determine the connectivity and security configurations you want and apply them across all the selected virtual networks in network groups at once. For more information, see [What is Azure Virtual Network Manager?](../../virtual-network-manager/overview.md).
-
 ### <a name="routeserver"></a>Route Server
 
 Azure Route Server simplifies dynamic routing between your network virtual appliance (NVA) and your virtual network. It allows you to exchange routing information directly through Border Gateway Protocol (BGP) routing protocol between any NVA that supports the BGP routing protocol and the Azure Software Defined Network (SDN) in the Azure Virtual Network (VNet) without the need to manually configure or maintain route tables. For more information, see [What is Azure Route Server?](../../route-server/overview.md)
@@ -112,9 +114,9 @@ For more information about Azure Firewall, see the [Azure Firewall documentation
 :::image type="content" source="./media/networking-overview/firewall-threat.png" alt-text="Firewall overview":::
 
 ### <a name="waf"></a>Web Application Firewall
-[Azure Web Application Firewall](../../web-application-firewall/overview.md) (WAF) provides protection to your web applications from common web exploits and vulnerabilities such as SQL injection, and cross site scripting. Azure WAF provides out of box protection from OWASP top 10 vulnerabilities via managed rules. Additionally customers can also configure custom rules, which are customer managed rules to provide additional protection based on source IP range, and request attributes such as headers, cookies, form data fields or query string parameters.
+[Azure Web Application Firewall](../../web-application-firewall/overview.md) (WAF) provides protection to your web applications from common web exploits and vulnerabilities such as SQL injection, and cross site scripting. Azure WAF provides out of box protection from OWASP top 10 vulnerabilities via managed rules. Additionally customers can also configure custom rules, which are customer managed rules to provide extra protection based on source IP range, and request attributes such as headers, cookies, form data fields or query string parameters.
 
-Customers can choose to deploy [Azure WAF with Application Gateway](../../web-application-firewall/ag/ag-overview.md) which provides regional protection to entities in public and private address space. Customers can also choose to deploy [Azure WAF with Front Door](../../web-application-firewall/afds/afds-overview.md) which provides protection at the network edge to public endpoints.
+Customers can choose to deploy [Azure WAF with Application Gateway](../../web-application-firewall/ag/ag-overview.md), which provides regional protection to entities in public and private address space. Customers can also choose to deploy [Azure WAF with Front Door](../../web-application-firewall/afds/afds-overview.md) which provides protection at the network edge to public endpoints.
 
 :::image type="content" source="./media/networking-overview/waf-overview.png" alt-text="Web Application Firewall":::
 
diff --git a/articles/networking/fundamentals/toc.yml b/articles/networking/fundamentals/toc.yml
@@ -8,10 +8,18 @@
   items:
   - name: Create a virtual network
     href: ../../virtual-network/quick-create-portal.md?toc=/azure/networking/fundamentals/toc.json
+  - name: Create a public load balancer
+    href: ../../load-balancer/quickstart-load-balancer-standard-public-portal.md?toc=/azure/networking/fundamentals/toc.json
+  - name: Create a front door
+    href: ../../frontdoor/create-front-door-portal.md?toc=/azure/networking/fundamentals/toc.json
 - name: Tutorials
   items:
+  - name: Deploy and manage a VPN gateway
+    href: ../../vpn-gateway/tutorial-create-gateway-portal.md?toc=/azure/networking/fundamentals/toc.json
   - name: Restrict network access
     href: ../../virtual-network/tutorial-restrict-network-access-to-resources.md?toc=/azure/networking/fundamentals/toc.json
+  - name: Deploy and configure Azure Firewall using the Azure portal
+    href: ../../firewall/tutorial-firewall-deploy-portal-policy.md?toc=/azure/networking/fundamentals/toc.json
 - name: Samples
   items:
   - name: Azure Resource Graph queries
@@ -29,6 +37,8 @@
       href: ../working-remotely-support.md?toc=/azure/networking/fundamentals/toc.json  
     - name: Virtual networks
       href: ../../virtual-network/virtual-network-vnet-plan-design-arm.md?toc=/azure/networking/fundamentals/toc.json
+    - name: Hub-spoke network topology in Azure
+      href: /azure/architecture/reference-architectures/hybrid-networking/hub-spoke?toc=/azure/networking/fundamentals/toc.json
     - name: Cross-premises connectivity - VPN
       items:
       - name: VPN Gateway
