Merge pull request #48815 from suzuber/secure-outbound-internet-connectivity-azure-vmware-solution-training-module-updates

product name updates

Author: JamesJBarnett

learn-pr/azure/azure-vmware-solution/3-exercise-configure-vmware-solution.yml

@@ -16,7 +16,7 @@ content: |
 quiz:
   title: Knowledge Check
   questions:
-    - content: "Which of the following option is suitable when you need a fixed public IP for outbound internet traffic?"
+    - content: "Which of the following options is suitable when you need a fixed public IP for outbound internet traffic?"
       choices:
         - content: "Managed SNAT."
           isCorrect: false

learn-pr/azure/azure-vmware-solution/includes/1-introduction.md

@@ -2,18 +2,18 @@
 
 ## Example Scenario
 
-You work for a healthcare industry customer – Contoso. Contoso has recently moved their applications from an on-premises VMware environment to Azure VMware Solution.
+You work for a healthcare industry customer – Contoso. Contoso recently moved their applications from an on-premises VMware environment to Azure VMware Solution.
 
 Contoso's network security team wants to implement the same network traffic inspection and control process in Azure VMware Solution as they had in their on-premises environment. Carrying forward these same processes helps Contoso to remain compliant with rigorous healthcare industry regulations while accelerating their digital transformation initiatives further.
 
-Contoso's network security team wants to control outbound network traffic using their choice of Network Virtual Appliance (NVA). They need to route all outbound traffic through a firewall where rules can be configured to allow or deny traffic based upon protocol, port and IP addresses.
+Contoso's network security team wants to control outbound network traffic using their choice of Network Virtual Appliance (NVA). They need to route all outbound traffic through a firewall where rules can be configured to allow or deny traffic based upon protocol, port, and IP addresses.
 
 :::image type="content" source="../media/1-azure-vmware-solution-network-connectivity.png" alt-text="Diagram that shows high level architecture of how Contoso wants to implement network traffic inspection." lightbox="../media/1-azure-vmware-solution-network-connectivity.png":::
 
 ### What will we be doing?
 
-You'll establish connectivity between Azure VMware Solution private cloud and Azure. You'll deploy a custom NVA, which will generate the default route with Azure Firewall as the next hop. Azure Route Server will then propagate the default route to the Azure VMware Solution private cloud. Finally, Azure Firewall controls the traffic via network rule creation.
+You'll establish connectivity between Azure VMware Solution private cloud and Azure. You'll deploy a custom NVA, which will generate the default route with Azure Firewall as the next hop. Azure Route Server propagates the default route to the Azure VMware Solution private cloud. Finally, Azure Firewall controls the traffic via network rule creation.
 
 ### What is the main goal?
 
-By the end of this module, you learn how to manage outbound internet connectivity more securely from the Azure VMware Solution private cloud using a custom NVA, Azure Route Server and Azure Firewall.
+By the end of this module, you learn how to manage outbound internet connectivity more securely from the Azure VMware Solution private cloud using a custom NVA, Azure Route Server, and Azure Firewall.

learn-pr/azure/azure-vmware-solution/includes/10-network-security-management.md

@@ -2,16 +2,16 @@
 
 ## Block by default
 
-Azure Firewall is configured in "block by default" design. It means any network traffic that is configured to pass through it will be blocked. So far, you've injected the default route through Azure Firewall for Azure VMware Solution private cloud. But Azure Firewall's "block by default" configuration won't allow any traffic. This is a good principle on which you can configure fine-grained rules, which enable tighter network controls.
+Azure Firewall is configured in "block by default" design. It means any network traffic that is configured to pass through it gets blocked. So far, you injected the default route through Azure Firewall for Azure VMware Solution private cloud. But Azure Firewall's "block by default" configuration doesn't allow any traffic. This is a good principle on which you can configure fine-grained rules, which enable tighter network controls.
 
 ## Outbound network rules
 
-While "block by default" is a good principle, you need legitimate traffic to be excluded from this principle.  You can use one of the two features provided by Azure Firewall to exclude legitimate traffic from "block by default" configuration. The first feature is called "classic rules" or just "rules." As the name suggests, each Azure Firewall instance is configured with a rule, which consists of a protocol, source IP address space, source ports, destination IP address space and destination ports. This is an excellent choice for smaller deployments. But for enterprise-grade deployments, this approach has limited scalability as the rules are defined per Azure Firewall instance. When there are multiple Azure Firewall instances, the process of defining rules becomes repetitive and difficult to manage. This is where the second feature, which uses "Azure Firewall policy", becomes handy. Using Azure Firewall policy, rules are defined only once and then applied to multiple 
+While "block by default" is a good principle, you need legitimate traffic to be excluded from this principle.  You can use one of the two features provided by Azure Firewall to exclude legitimate traffic from "block by default" configuration. The first feature is called "classic rules" or just "rules." Each Azure Firewall instance is configured with a rule, which consists of a protocol, source IP address space, source ports, destination IP address space, and destination ports. This is an excellent choice for smaller deployments. But for enterprise-grade deployments, this approach has limited scalability as the rules are defined per Azure Firewall instance. When there are multiple Azure Firewall instances, the process of defining rules becomes repetitive and difficult to manage. This is where the second feature, which uses Azure Firewall policy, becomes handy. By using Azure Firewall policy, rules are defined only once and then applied to multiple 
 Azure Firewall instances.
 
 ## Firewall rules for Azure VMware Solution
 
-In this unit, you'll use the "rule" feature instead of the "Azure Firewall policy" feature. However, using the "Azure Firewall policy" feature is recommended for enterprise-grade deployments as it offers better scalability and manageability. Defining firewall rules for Azure VMware Solution involves the workload segment IP address space, protocol, and ports. For destination type, select "IP Address". For destination address space, choose "\*" and for destination ports, choose "\*" or specific ports such as 80, 443. etc.
+In this unit, you'll use the "rule" feature instead of the "Azure Firewall policy" feature. However, using the "Azure Firewall policy" feature is recommended for enterprise-grade deployments as it offers better scalability and manageability. Defining firewall rules for Azure VMware Solution involves the workload segment IP address space, protocol, and ports. For destination type, select **IP Address**. For destination address space, choose **\*** and for destination ports, choose **\*** or specific ports such as 80, 443. etc.
 
 :::image type="content" source="../media/10-network-rules.png" alt-text="Screenshot of Azure Firewall network rule. The menu entry titled 'IP Addresses' highlight source and destination addresses." lightbox="../media/10-network-rules.png":::
 

learn-pr/azure/azure-vmware-solution/includes/11-exercise-establish-outbound-internet.md

@@ -1,22 +1,22 @@
-This unit focuses on practical implementation of enabling network controls using Azure Firewall. You'll then test if those controls are working or not from a VM in Azure VMware Solution workload segment.
+This unit focuses on practical implementation of enabling network controls using Azure Firewall. Then test to see if those controls are working or not from a virtual machine (VM) in Azure VMware Solution workload segment.
 
 ## Capture Azure VMware Solution workload segment address space
 
-Use command below to get the workload segment address space from Azure VMware Solution private cloud:
+Use the following command to get the workload segment address space from Azure VMware Solution private cloud:
 
 ```azurecli
 
 az vmware workload-network segment show --resource-group <resource-group-name>  --private-cloud <avs-private-cloud-name>
 ```
 
 ## Configure Azure Firewall Rule for Azure VMware Solution workload network segment
-Use command below to configure Firewall rule for workload segment:
+Use the following command to configure Firewall rule for workload segment:
 
 ```azurecli
 az network firewall network-rule create  --collection-name <firewall-rule-collection-name>  --destination-addresses <*-or-selective-addresses-to-be-opened>  --destination-ports <*-or-selective-ports-to-be-opened>  --firewall-name <name-of-firewall>  --name <firewall-rule-name> --protocols <*-or-selective-protocols-to-be-opened>  --resource-group <resource-group-name>  --priority <your-priority-preference>  --source-addresses <azure-vmware-solution-workload-network-segment-address-space>  --action Allow
 ```
 
 ## Test outbound internet connectivity from a VM in Azure VMware Solution workload network segment
 
-1. Log on to the VM in Azure VMware Solution workload network segment.
+1. Sign in the VM in Azure VMware Solution workload network segment.
 1. Navigate to any public URL from the VM. Any public URL should be accessible from browser.

learn-pr/azure/azure-vmware-solution/includes/12-summary.md

@@ -1,10 +1,10 @@
 Contoso needed a way to secure outbound internet connectivity from its Azure VMware Solution private cloud. Contoso also wanted to continue using their favorite NVA in Azure.
 
-Azure VMware Solution addressed both these requirements. The process involves generating and injecting a default route (0.0.0.0/0) from the NVA. Azure Route Server can be used to learn the default route from a custom or 3rd party NVAs using BGP. Azure Route Server then propagates the default route to Azure VMware Solution private cloud. Azure Firewall is used to control and inspect outbound internet traffic from Azure VMware Solution private cloud.
+Azure VMware Solution addressed both these requirements. The process involves generating and injecting a default route (0.0.0.0/0) from the NVA. Azure Route Server can be used to learn the default route from a custom or third-party NVAs using BGP. Azure Route Server then propagates the default route to Azure VMware Solution private cloud. Azure Firewall is used to control and inspect outbound internet traffic from Azure VMware Solution private cloud.
 
 Contoso was delighted with the simplicity and elegance of this solution. They felt confident to meet strict audit requirements from healthcare industry regulators.
 
-Using Azure VMware Solution provided all the flexibility Contoso needed. It included continued use of standard practices with NVAs. Contoso also took advantage of Azure native services such as Azure Route Server and Azure Firewall. Integration between Azure VMware Solution, NVA, Azure Route Server and Azure Firewall was seamless and easy to implement.
+Using Azure VMware Solution provided all the flexibility Contoso needed. It included continued use of standard practices with NVAs. Contoso also took advantage of Azure native services such as Azure Route Server and Azure Firewall. Integration between Azure VMware Solution, NVA, Azure Route Server, and Azure Firewall were seamless and easy to implement.
 
 ## References
 

learn-pr/azure/azure-vmware-solution/includes/2-outbound-internet-connectivity.md

@@ -1,15 +1,15 @@
-Azure VMware Solution enables running VMware workloads natively in Azure. You'll start with exploring current options available to such workloads for outbound internet connectivity.
+Azure VMware Solution enables running VMware workloads natively in Azure. You'll start with exploring current options available to VMware workloads for outbound internet connectivity.
 
 ## How workloads in Azure VMware Solution can be connected to internet
 
-When Azure VMware Solution private cloud is deployed, it offers multiple ways for outbound internet connectivity. If you're already using Azure Virtual WAN, then you can choose to inject the default route (0.0.0.0/0) – which denotes outbound internet connectivity from Azure Virtual WAN integrated with either Azure Firewall or a certified third party NVA. If you aren't using Azure Virtual WAN, then you can use a managed SNAT capability provided by Azure VMware Solution. If you're looking to use a fixed public IP address for connecting with the internet then you can use a public IP deployed at NSX edge of Azure VMware Solution.
+When Azure VMware Solution private cloud is deployed, it offers multiple ways for outbound internet connectivity. If you're already using Azure Virtual WAN, then you can choose to inject the default route (0.0.0.0/0) – which denotes outbound internet connectivity from Azure Virtual WAN integrated with either Azure Firewall or a certified third-party Network virtual Appliance (NVA). If you aren't using Azure Virtual WAN, then you can use a managed SNAT capability provided by Azure VMware Solution. If you're looking to use a fixed public IP address for connecting with the internet, then you can use a public IP deployed at NSX Edge of Azure VMware Solution.
 
-Choosing the right way for outbound internet connectivity depends upon whether you already have services like Azure Virtual WAN or not. Additionally, whether you require a fixed public IP address for all outbound internet connectivity or not also plays a role in choosing between Managed SNAT and public IP deployed at NSX edge.
+Choosing the right way for outbound internet connectivity depends upon whether you already have services like Azure Virtual WAN or not. Additionally, whether you require a fixed public IP address for all outbound internet connectivity or not also plays a role in choosing between Managed SNAT and public IP deployed at NSX Edge.
 
 ## Controlling internet traffic
 
 Contoso has very prescriptive requirements on how workloads should be connected to the internet. Such requirements allow Contoso to have a centralized exit for internet bound traffic from all applications running inside and outside of Azure VMware Solution.  To meet these requirements, Contoso wants to implement customized internet outbound connectivity on top of options provided by Azure VMware Solution.
 
 ### Disable outbound internet connectivity
 
-To implement customized internet outbound connectivity, Contoso first needs to prevent Azure VMware Solution private cloud from having any outbound internet connectivity. Directions to disable internet connectivity are outlined in next unit.
+To implement customized internet outbound connectivity, Contoso first needs to prevent Azure VMware Solution private cloud from having any outbound internet connectivity. Directions to disable internet connectivity are outlined in the next unit.

learn-pr/azure/azure-vmware-solution/includes/3-exercise-configure-vmware-solution.md

@@ -1,21 +1,22 @@
 Use the following process to complete Contoso's Azure VMware Solution configuration.
-1. Navigate to your Azure VMware Solution private cloud in Azure portal and select the "Internet Connectivity" menu. Select the "Don't connect or connect using default route from Azure" option.
 
-   :::image type="content" source="../media/3-internet-connectivity.png" alt-text="Screenshot of Azure portal menu. The menu entry titled 'Don't connect or connect using the default route from Azure' is highlighted." lightbox="../media/3-internet-connectivity.png":::
+1. Navigate to your Azure VMware Solution private cloud in Azure portal and select the **Internet connectivity** menu. Select option, **Do not connect or connect using default route from Azure** which is the default setting when the Azure VMware Solution private cloud is initially deployed.
 
-1. Create an NSX-T Manager network segment in the Azure portal.
+   :::image type="content" source="../media/3-internet-connectivity-selected.png" alt-text="Screenshot of Azure portal menu showing the entry titled, 'Don't connect or connect using the default route from Azure' is selected." lightbox="../media/3-internet-connectivity-selected.png":::
 
-   :::image type="content" source="../media/3-network-segment.png" alt-text="Screenshot of the Azure portal showing how to add an NSX-T Manager network segment.":::
+1. Create an NSX Manager network segment in the Azure portal.
+
+   :::image type="content" source="../media/3-create-nsx-manager-network-segments.png" alt-text="Screenshot of the Azure portal showing how to add an NSX Manager network segment."lightbox="../media/3-create-nsx-manager-network-segments.png":::
 
 1. Create a DHCP server or DHCP relay in the Azure portal.
 
    :::image type="content" source="../media/3-dhcp.png" alt-text="Screenshot of the Azure portal showing how to add either a DHCP server or a DHCP relay into the AVS private cloud.":::
 
 1. Configure a DNS forwarder in the Azure portal.
 
-   :::image type="content" source="../media/3-dns-forwarder.png" alt-text="Screenshot of the Azure portal showing where to configure DNS zones under Workload Networking.":::
+   :::image type="content" source="../media/3-configure-dns-forwarder.png" alt-text="Screenshot of the Azure portal showing where to configure DNS zones under Workload Networking."lightbox="../media/3-configure-dns-forwarder.png":::
 
-1. Deploy the VM as you would in any vSphere environment.
-1. Log on to the VM created above and ensure that the VM doesn't have any internet connectivity.
+1. Deploy the VM as you would in any VMware vSphere environment.
+1. Sign in to the VM you created, then verify the VM doesn't have internet connectivity.
 
-You've now ensured that Azure VMware Solution private cloud is configured correctly. This allows you to build the foundation for securing outbound internet connectivity as discussed in following unit.
+You ensured that Azure VMware Solution private cloud is configured correctly which allows you to build the foundation for securing outbound internet connectivity as discussed in the following unit.