Merge pull request #193917 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)

Author: huypub

articles/active-directory/app-proxy/application-proxy-add-on-premises-application.md

@@ -127,7 +127,7 @@ Allow access to the following URLs:
 | `*.msappproxy.net` <br> `*.servicebus.windows.net` | 443/HTTPS | Communication between the connector and the Application Proxy cloud service |
 | `crl3.digicert.com` <br> `crl4.digicert.com` <br> `ocsp.digicert.com` <br> `crl.microsoft.com` <br> `oneocsp.microsoft.com` <br> `ocsp.msocsp.com`<br> | 80/HTTP   | The connector uses these URLs to verify certificates.        |
 | `login.windows.net` <br> `secure.aadcdn.microsoftonline-p.com` <br> `*.microsoftonline.com` <br> `*.microsoftonline-p.com` <br> `*.msauth.net` <br> `*.msauthimages.net` <br> `*.msecnd.net` <br> `*.msftauth.net` <br> `*.msftauthimages.net` <br> `*.phonefactor.net` <br> `enterpriseregistration.windows.net` <br> `management.azure.com` <br> `policykeyservice.dc.ad.msft.net` <br> `ctldl.windowsupdate.com` <br> `www.microsoft.com/pkiops` | 443/HTTPS | The connector uses these URLs during the registration process. |
-| `ctldl.windowsupdate.com` | 80/HTTP | The connector uses this URL during the registration process. |
+| `ctldl.windowsupdate.com` <br> `www.microsoft.com/pkiops` | 80/HTTP | The connector uses this URL during the registration process. |
 
 You can allow connections to `*.msappproxy.net`, `*.servicebus.windows.net`, and other URLs above if your firewall or proxy lets you configure access rules based on domain suffixes. If not, you need to allow access to the [Azure IP ranges and Service Tags - Public Cloud](https://www.microsoft.com/download/details.aspx?id=56519). The IP ranges are updated each week.
 

articles/active-directory/app-proxy/application-proxy-configure-connectors-with-proxy-servers.md

@@ -113,7 +113,7 @@ Allow access to the following URLs:
 | &ast;.msappproxy.net<br>&ast;.servicebus.windows.net | 443/HTTPS | Communication between the connector and the Application Proxy cloud service |
 | crl3.digicert.com<br>crl4.digicert.com<br>ocsp.digicert.com<br>crl.microsoft.com<br>oneocsp.microsoft.com<br>ocsp.msocsp.com<br> | 80/HTTP | The connector uses these URLs to verify certificates. |
 | login.windows.net<br>secure.aadcdn.microsoftonline-p.com<br>&ast;.microsoftonline.com<br>&ast;.microsoftonline-p.com<br>&ast;.msauth.net<br>&ast;.msauthimages.net<br>&ast;.msecnd.net<br>&ast;.msftauth.net<br>&ast;.msftauthimages.net<br>&ast;.phonefactor.net<br>enterpriseregistration.windows.net<br>management.azure.com<br>policykeyservice.dc.ad.msft.net<br>ctldl.windowsupdate.com | 443/HTTPS | The connector uses these URLs during the registration process. |
-| ctldl.windowsupdate.com | 80/HTTP | The connector uses this URL during the registration process. |
+| ctldl.windowsupdate.com<br>www.microsoft.com/pkiops | 80/HTTP | The connector uses this URL during the registration process. |
 
 If your firewall or proxy allows you to configure DNS allow lists, you can allow connections to \*.msappproxy.net and \*.servicebus.windows.net.
 

articles/azure-video-analyzer/video-analyzer-for-media-docs/upload-index-videos.md

@@ -175,17 +175,19 @@ public async Task Sample()
     client.DefaultRequestHeaders.Remove("Ocp-Apim-Subscription-Key");
 
     // Upload a video
-    var content = new MultipartFormDataContent();
+    MultipartFormDataContent content = null;
     Console.WriteLine("Uploading...");
+    
     // Get the video from URL
     var videoUrl = "VIDEO_URL"; // Replace with the video URL
 
     // As an alternative to specifying video URL, you can upload a file.
     // Remove the videoUrl parameter from the query parameters below and add the following lines:
-    //FileStream video =File.OpenRead(Globals.VIDEOFILE_PATH);
-    //byte[] buffer =new byte[video.Length];
+    //content = new MultipartFormDataContent();
+    //FileStream video = File.OpenRead(@"c:\videos\democratic3.mp4");
+    //byte[] buffer = new byte[video.Length];
     //video.Read(buffer, 0, buffer.Length);
-    //content.Add(new ByteArrayContent(buffer));
+    //content.Add(new ByteArrayContent(buffer), "MyVideo", "MyVideo");
 
     queryParams = CreateQueryString(
         new Dictionary<string, string>()
@@ -398,16 +400,16 @@ namespace VideoIndexerArm
             var client = new HttpClient(handler);
 
             // Upload a video
-            var content = new MultipartFormDataContent();
+            MultipartFormDataContent content = null;
             Console.WriteLine("Uploading...");
-            // Get the video from URL
 
             // As an alternative to specifying video URL, you can upload a file.
             // Remove the videoUrl parameter from the query parameters below and add the following lines:
-            // FileStream video =File.OpenRead(Globals.VIDEOFILE_PATH);
-            // byte[] buffer =new byte[video.Length];
-            // video.Read(buffer, 0, buffer.Length);
-            // content.Add(new ByteArrayContent(buffer));
+            //content = new MultipartFormDataContent();
+            //FileStream video = File.OpenRead(@"c:\videos\democratic3.mp4");
+            //byte[] buffer = new byte[video.Length];
+            //video.Read(buffer, 0, buffer.Length);
+            //content.Add(new ByteArrayContent(buffer), "MyVideo", "MyVideo");
 
             var queryParams = CreateQueryString(
                 new Dictionary<string, string>()

articles/azure-vmware/concepts-api-management.md

@@ -23,7 +23,7 @@ The external deployment diagram shows the entire process and the actors involved
 
 The traffic flow goes through the API Management instance, which abstracts the backend services, plugged into the Hub virtual network. The ExpressRoute Gateway routes the traffic to the ExpressRoute Global Reach channel and reaches an NSX Load Balancer distributing the incoming traffic to the different backend service instances.
 
-API Management has an Azure Public API, and activating Azure DDOS Protection Service is recommended. 
+API Management has an Azure Public API, and activating Azure DDoS Protection Service is recommended. 
 
 :::image type="content" source="media/api-management/api-management-external-deployment.png" alt-text="Diagram showing an external API Management deployment for Azure VMware Solution" border="false":::
 

articles/azure-vmware/concepts-identity.md

@@ -7,14 +7,14 @@ ms.date: 07/29/2021
 
 # Azure VMware Solution identity concepts
 
-Azure VMware Solution private clouds are provisioned with a vCenter Server and NSX-T Manager. You'll use vCenter to manage virtual machine (VM) workloads and NSX-T Manager to manage and extend the private cloud. The CloudAdmin role is used for vCenter and restricted administrator rights for NSX-T Manager. 
+Azure VMware Solution private clouds are provisioned with a vCenter Server and NSX-T Manager. You'll use vCenter to manage virtual machine (VM) workloads and NSX-T Manager to manage and extend the private cloud. The CloudAdmin role is used for vCenter Server and restricted administrator rights for NSX-T Manager. 
 
-## vCenter access and identity
+## vCenter Server access and identity
 
 [!INCLUDE [vcenter-access-identity-description](includes/vcenter-access-identity-description.md)]
 
 > [!IMPORTANT]
-> Azure VMware Solution offers custom roles on vCenter but currently doesn't offer them on the Azure VMware Solution portal. For more information, see the [Create custom roles on vCenter](#create-custom-roles-on-vcenter) section later in this article. 
+> Azure VMware Solution offers custom roles on vCenter Server but currently doesn't offer them on the Azure VMware Solution portal. For more information, see the [Create custom roles on vCenter Server](#create-custom-roles-on-vcenter-server) section later in this article. 
 
 ### View the vCenter privileges
 
@@ -28,7 +28,7 @@ You can view the privileges granted to the Azure VMware Solution CloudAdmin role
 
    :::image type="content" source="media/concepts/role-based-access-control-cloudadmin-privileges.png" alt-text="Screenshot showing the roles and privileges for CloudAdmin in the vSphere Client.":::
 
-The CloudAdmin role in Azure VMware Solution has the following privileges on vCenter. For more information, see the [VMware product documentation](https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-ED56F3C4-77D0-49E3-88B6-B99B8B437B62.html).
+The CloudAdmin role in Azure VMware Solution has the following privileges on vCenter Server. For more information, see the [VMware product documentation](https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-ED56F3C4-77D0-49E3-88B6-B99B8B437B62.html).
 
 | Privilege | Description |
 | --------- | ----------- |
@@ -51,7 +51,7 @@ The CloudAdmin role in Azure VMware Solution has the following privileges on vCe
 | **vService** | Create dependency<br />Destroy dependency<br />Reconfigure dependency configuration<br />Update dependency |
 | **vSphere tagging** | Assign and unassign vSphere tag<br />Create vSphere tag<br />Create vSphere tag category<br />Delete vSphere tag<br />Delete vSphere tag category<br />Edit vSphere tag<br />Edit vSphere tag category<br />Modify UsedBy field for category<br />Modify UsedBy field for tag |
 
-### Create custom roles on vCenter
+### Create custom roles on vCenter Server
 
 Azure VMware Solution supports the use of custom roles with equal or lesser privileges than the CloudAdmin role. 
 
@@ -60,7 +60,7 @@ You'll use the CloudAdmin role to create, modify, or delete custom roles with pr
 To prevent creating roles that can't be assigned or deleted, clone the CloudAdmin role as the basis for creating new custom roles.
 
 #### Create a custom role
-1. Sign in to vCenter with cloudadmin\@vsphere.local or a user with the CloudAdmin role.
+1. Sign in to vCenter Server with cloudadmin\@vsphere.local or a user with the CloudAdmin role.
 
 1. Navigate to the **Roles** configuration section and select **Menu** > **Administration** > **Access Control** > **Roles**.
 

articles/azure-vmware/concepts-network-design-considerations.md

@@ -26,13 +26,13 @@ If you’re using BGP AS-Path Prepend to dedicate a circuit from Azure towards o
 ## Management VMs and default routes from on-premises 
 
 > [!IMPORTANT]
-> Azure Vmware Solution Management VMs don't honor a default route from On-Premises.
+> Azure VMware Solution Management VMs don't honor a default route from On-Premises.
 
-If you’re routing back to your on-premises networks using only a default route advertised towards Azure, the vCenter and NSX manager VMs won't honor that route.  
+If you’re routing back to your on-premises networks using only a default route advertised towards Azure, the vCenter Server and NSX Manager VMs won't honor that route.  
 
 **Solution**
 
-To reach vCenter and NSX manager, more specific routes from on-prem need to be provided to allow traffic to have a return path route to those networks. 
+To reach vCenter Server and NSX Manager, more specific routes from on-prem need to be provided to allow traffic to have a return path route to those networks. 
 
 ## Next steps
 

articles/azure-vmware/concepts-networking.md

@@ -20,7 +20,7 @@ This article covers the key concepts that establish networking and interconnecti
 ## Azure VMware Solution private cloud use cases
 
 The use cases for Azure VMware Solution private clouds include:
-- New VMware VM workloads in the cloud
+- New VMware vSphere VM workloads in the cloud
 - VM workload bursting to the cloud (on-premises to Azure VMware Solution only)
 - VM workload migration to the cloud (on-premises to Azure VMware Solution only)
 - Disaster recovery (Azure VMware Solution to Azure VMware Solution or on-premises to Azure VMware Solution)
@@ -35,7 +35,7 @@ You can interconnect your Azure virtual network with the Azure VMware Solution p
 
 The diagram below shows the basic network interconnectivity established at the time of a private cloud deployment. It shows the logical networking between a virtual network in Azure and a private cloud. This connectivity is established via a backend ExpressRoute that is part of the Azure VMware Solution service. The interconnectivity fulfills the following primary use cases:
 
-- Inbound access to vCenter server and NSX-T manager that is accessible from VMs in your Azure subscription.
+- Inbound access to vCenter Server and NSX-T Manager that is accessible from VMs in your Azure subscription.
 - Outbound access from VMs on the private cloud to Azure services.
 - Inbound access of workloads running in the private cloud.
 
@@ -48,7 +48,7 @@ In the fully interconnected scenario, you can access the Azure VMware Solution f
 
 The diagram below shows the on-premises to private cloud interconnectivity, which enables the following use cases:
 
-- Hot/Cold vCenter vMotion between on-premises and Azure VMware Solution.
+- Hot/Cold vSphere vMotion between on-premises and Azure VMware Solution.
 - On-Premises to Azure VMware Solution private cloud management access.
 
 :::image type="content" source="media/concepts/adjacency-overview-drawing-double.png" alt-text="Diagram showing the virtual network and on-premises to private cloud interconnectivity." border="false":::

articles/azure-vmware/concepts-run-command.md

@@ -8,7 +8,7 @@ ms.date: 09/17/2021
 
 # Run command in Azure VMware Solution 
 
-In Azure VMware Solution, vCenter has a built-in local user called *cloudadmin* assigned to the CloudAdmin role. The CloudAdmin role has vCenter [privileges](concepts-identity.md#view-the-vcenter-privileges) that differ from other VMware cloud solutions and on-premises deployments. The Run command  feature lets you perform operations that would normally require elevated privileges through a collection of PowerShell cmdlets. 
+In Azure VMware Solution, vCenter Server has a built-in local user called *cloudadmin* assigned to the CloudAdmin role. The CloudAdmin role has vCenter Server [privileges](concepts-identity.md#view-the-vcenter-privileges) that differ from other VMware cloud solutions and on-premises deployments. The Run command feature lets you perform operations that would normally require elevated privileges through a collection of PowerShell cmdlets. 
 
 Azure VMware Solution supports the following operations:
 
@@ -97,6 +97,6 @@ Now that you've learned about the Run command concepts, you can use the Run comm
 
 - [Configure storage policy](configure-storage-policy.md) - Each VM deployed to a vSAN datastore is assigned a vSAN storage policy. You can assign a vSAN storage policy in an initial deployment of a VM or when you do other VM operations, such as cloning or migrating.
 
-- [Configure external identity source for vCenter (Run command)](configure-identity-source-vcenter.md) - Configure Active Directory over LDAP or LDAPS for vCenter, which enables the use of an external identity source as an Active Directory. Then, you can add groups from the external identity source to the CloudAdmin role.
+- [Configure external identity source for vCenter (Run command)](configure-identity-source-vcenter.md) - Configure Active Directory over LDAP or LDAPS for vCenter Server, which enables the use of an external identity source as an Active Directory. Then, you can add groups from the external identity source to the CloudAdmin role.
 
-- [Deploy disaster recovery using JetStream](deploy-disaster-recovery-using-jetstream.md) - Store data directly to a recovery cluster in vSAN. The data gets captured through I/O filters that run within vSphere. The underlying data store can be VMFS, VSAN, vVol, or any HCI platform. 
+- [Deploy disaster recovery using JetStream](deploy-disaster-recovery-using-jetstream.md) - Store data directly to a recovery cluster in vSAN. The data gets captured through I/O filters that run within vSphere. The underlying data store can be VMFS, VSAN, vVol, or any HCI platform. 

articles/azure-vmware/concepts-security-recommendations.md

@@ -29,7 +29,7 @@ The following are network-related security recommendations for Azure VMware Solu
 
 | **Recommendation** | **Comments** |
 | :-- | :-- |
-| Only allow trusted networks | Only allow access to your environments over ExpressRoute or other secured networks. Avoid exposing your management services like vCenter, for example, on the internet. |
+| Only allow trusted networks | Only allow access to your environments over ExpressRoute or other secured networks. Avoid exposing your management services like vCenter Server, for example, on the internet. |
 | Use Azure Firewall Premium | If you must expose management services on the internet, use [Azure Firewall Premium](../firewall/premium-migrate.md) with both IDPS Alert and Deny mode along with TLS inspection for proactive threat detection. |
 | Deploy and configure Network Security Groups on VNET | Ensure any VNET deployed has [Network Security Groups](../virtual-network/network-security-groups-overview.md) configured to control ingress and egress to your environment. |
 | Review and implement recommendations within the Azure security baseline for Azure VMware Solution | [Azure security baseline for Azure VMware Solution](/security/benchmark/azure/baselines/vmware-solution-security-baseline/) |