First draft: update toc, add images, add public-network-guide, modify concept-connector

Author: yousefi-msft

articles/modeling-simulation-workbench/concept-connector.md

@@ -12,7 +12,7 @@ ms.date: 01/01/2023
 ---
 # Connectors in Azure Modeling and Simulation Workbench
 
-Connectors define the network access method between users and the Azure Modeling and Simulation Workbench chamber. Connectors support connectivity through allowlisted public IPs, VPN, or Azure ExpressRoute. A chamber can have only one connector configured at a time. Connectors also configure copy-paste functionality into chamber VMs. Connector types are immutable and once created can't be changed to another access model. Connectors are part of the Idle mode setting to reduce cost.
+Connectors define the network access method between users and the Azure Modeling and Simulation Workbench chamber. Connectors support connectivity through allowlisted public IPs, VPN, or Azure ExpressRoute. A chamber can have only one connector configured at a time. Connectors also configure copy-paste functionality for all workload VMs in the chamber. Connector types are immutable and once created can't be changed to another access model. Connectors are part of the Idle mode setting that reduce cost.
 
 ## Public IP access via allowlist
 
@@ -30,7 +30,7 @@ A VPN connector can be created which deploys infrastructure specifically for VPN
 
 [Azure ExpressRoute](/azure/expressroute/expressroute-introduction) provides secure, dedicated, encrypted connectivity from on-premises to an Azure landing zone. A Workbench Owner must create a connector expressly for ExpressRoute, providing the necessary virtual network, supporting network infrastructure, and peer the appropriate vnets.
 
-## Next step
+## Resources
 
-> [!div class="nextstepaction"]
-> [Create a connector](./how-to-guide-set-up-networking.md)
+* [Create a public connector](./how-to-guide-public-network.md)
+* [Create a private network connector](./how-to-guide-private-network.md)

articles/modeling-simulation-workbench/how-to-guide-private-network.md

@@ -1,6 +1,6 @@
 ---
 title: "Create a private network connector: Azure Modeling and Simulation Workbench"
-description: Learn how to deploy a connector on a private virtual network.
+description: Learn how to deploy a private connector for a virtual private network.
 author: yousefi-msft
 ms.author: yousefi
 ms.service: modeling-simulation-workbench
@@ -38,7 +38,7 @@ Before you create a [connector](./concept-connector.md) for private IP networkin
 
 ## Create the private network connector
 
-Each chamber can have only one connector. If you have a public IP connector or other type already associated with the target chamber, you must first [delete the connector](#cleaning-up-resources). In the chamber where you want to create a private network connector:
+Each chamber can have only one connector. If you have a public IP connector or other type already associated with the target chamber, you must first [delete the connector](#delete-a-connector). In the chamber where you want to create a private network connector:
 
 1. Select the **Connector** option in the **Settings** at the left.
     :::image type="content" source="media/howtoguide-private-network/chamber-select-connector.png" alt-text="Screenshot of chamber overview with Connector option outlined in red rectangle.":::
@@ -53,12 +53,10 @@ Each chamber can have only one connector. If you have a public IP connector or o
 1. Select **Review + create**.
 1. If validation passes, select **Create**. Private networking connectors take approximately 30 minutes to deploy.
 
-## Deployed resources
+## Network interfaces and private endpoints
 
 When the Modeling and Simulation Workbench creates a private connector, it deploys the following resources in the same resource group and location as the workbench.
 
-### Network interfaces and private endpoints
-
 Six [network interfaces](/azure/virtual-network/virtual-network-network-interface) (NIC) and corresponding [private endpoints](/azure/private-link/private-endpoint-overview) are created. The NICs are all joined to the private virtual network and subnet specified during setup and given an address on the subnet. The private endpoint connects the NIC to Modeling and Simulation resources hosted in the Microsoft managed environment. The resulting connection becomes part of an [Azure Private Link](/azure/private-link/private-link-overview) service.
 
 * Two connections are created for connection nodes. As users and virtual machines (VM) are added to a chamber, more connection nodes are created.
@@ -67,21 +65,46 @@ Six [network interfaces](/azure/virtual-network/virtual-network-network-interfac
 * One connection for load balancer.
 * One connection for user authentication services.
 
-### DNS zones
+## DNS zones
 
 Modeling and Simulation Workbench creates three private domain name service (DNS) zones for a private network deployment. Each zone corresponds to one of the workbench services for file uploading, file downloading, and desktop connections. No DNS server is created. Administrators must join the zones to their own services.
 
-| Zone                              | Resolves for                          |
-|:----------------------------------|:--------------------------------------|
-| mswb.azure.com                    | Connector desktop dashboard and nodes |
-| privateLink.blob.core.windows.net | Data in pipeline endpoint             |
-| privateLink.file.core.windows.net | Data out pipeline endpoint            |
+| Service                               | Public cloud DNS zone             | Azure Gov cloud DNS Zone                |
+|:--------------------------------------|:----------------------------------|-----------------------------------------|
+| Connector desktop dashboard and nodes | mswb.azure.com                    | mswb.azure.us                           |
+| Data in pipeline endpoint             | privateLink.blob.core.windows.net | privatelink.blob.core.usgovcloudapi.net |
+| Data out pipeline endpoint            | privateLink.file.core.windows.net | privatelink.blob.core.usgovcloudapi.net |
+
+## Ports and IP addresses
+
+### Ports and protocols
+
+The Azure Modeling and Simulation Workbench require certain ports to be accessible from users workstation. Firewalls and VPNs might block access on these ports to certain destinations, when accessed from certain applications, or when connected to different networks. Check with your system administrator to ensure your client can access the service from all your work locations. When using the private networking connector, all traffic will be through the virtual network gateway or peer. Administrators can choose to implement a firewall or network security group to restrict traffic.
+
+* **53/TCP** and **53/UDP**: DNS queries.
+* **443/TCP**: Standard https port for accessing the VM dashboard and any Azure portal page.
+* **5510/TCP**: Used by the ETX client to provide VDI access for both the native and web-based client.
+* **8443/TCP**: Used by the ETX client to negotiate and authenticate to ETX management nodes.
+
+### IP addresses
+
+The private network connector does not deploy any public IP network interfaces. You create your own gateway interface if connecting directly from the internet. Your choice of which region you deploy your gateway to determines which pool of Azure public IP addresses your gateway will be. Azure IP addresses are taken from Azure's IP ranges for the location in which the Workbench was deployed. A list of all Azure IP addresses and Service tags is available at [Azure IP Ranges and Service Tags – Public Cloud](https://www.microsoft.com/download/details.aspx?id=56519&msockid=1b155eb894cc6c3600a84ac5959a6d3f).
+
+The private IP addresses for the private networking connector are visible private network interface connections on the virtual network's subnet you specified during deployment.
+
+## Immediately terminate access
+
+Access to the chambers can be immediately terminated by [stopping the connector](./how-to-guide-start-stop-restart.md).
+
+## Idle the connector
+
+Idle mode sets the chambers into a preserved, but inactive state. Costs are significantly reduced while still maintaining your configuration and settings. Learn more about idle mode in the [Manage chamber idle mode](how-to-guide-chamber-idle.md) article.
 
-## Starting, stopping, or restarting a connector
+## Start, stop, or restart a connector
 
-Connectors are controllable resources that can be stopped, started, restarted as needed. Instructions on how to are included in [Start, stop, and restart chambers, connectors, and VMs](how-to-guide-start-stop-restart.md). Stopping or restarting the connector interrupts desktop services for all users of the chamber. Stopping the connector is required to [idle a chamber](how-to-guide-chamber-idle.md) to reduce consumption costs.
+Connectors are controllable resources that can be stopped, started, restarted as needed. Instructions on how to are included in [Start, stop, and restart chambers, connectors, and VMs](how-to-guide-start-stop-restart.md). Stopping or restarting the connector interrupts desktop services and data pipelines for all users of the chamber. Stopping the connector is required to [idle a chamber](how-to-guide-chamber-idle.md) to reduce consumption costs.
 
-## Cleaning up resources
+## Delete a connector
 
 If you wish to delete the workbench or change the connector type, you must first delete the connector. Child resources must be deleted first.