Service | Microsoft Docs article | Related commit history on GitHub | Change details |
---|---|---|---|
active-directory | Users Custom Security Attributes | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/enterprise-users/users-custom-security-attributes.md | The following example assigns a custom security attribute with a string value to # [PowerShell](#tab/ms-powershell) -[Update-MgUser](/powershell/module/microsoft.graph.users/update-mguser?view=graph-powershell-beta&preserve-view=true) +[Update-MgUser](/powershell/module/microsoft.graph.users/update-mguser) ```powershell-Select-MgProfile -Name "beta" $customSecurityAttributes = @{ "Engineering" = @{ "@odata.type" = "#Microsoft.DirectoryServices.CustomSecurityAttributeValue" Update-MgUser -UserId $userId -CustomSecurityAttributes $customSecurityAttribute # [Microsoft Graph](#tab/ms-graph) -[Update user](/graph/api/user-update?view=graph-rest-beta&preserve-view=true) +[Update user](/graph/api/user-update) ```http-PATCH https://graph.microsoft.com/beta/users/{id} +PATCH https://graph.microsoft.com/v1.0/users/{id} { "customSecurityAttributes": { The following example assigns a custom security attribute with a multi-string va # [PowerShell](#tab/ms-powershell) -[Update-MgUser](/powershell/module/microsoft.graph.users/update-mguser?view=graph-powershell-beta&preserve-view=true) +[Update-MgUser](/powershell/module/microsoft.graph.users/update-mguser) ```powershell-Select-MgProfile -Name "beta" $customSecurityAttributes = @{ "Engineering" = @{ "@odata.type" = "#Microsoft.DirectoryServices.CustomSecurityAttributeValue" Update-MgUser -UserId $userId -CustomSecurityAttributes $customSecurityAttribute # [Microsoft Graph](#tab/ms-graph) -[Update user](/graph/api/user-update?view=graph-rest-beta&preserve-view=true) +[Update user](/graph/api/user-update) ```http-PATCH https://graph.microsoft.com/beta/users/{id} +PATCH https://graph.microsoft.com/v1.0/users/{id} { "customSecurityAttributes": { The following example assigns a custom security attribute with an integer value # [PowerShell](#tab/ms-powershell) -[Update-MgUser](/powershell/module/microsoft.graph.users/update-mguser?view=graph-powershell-beta&preserve-view=true) +[Update-MgUser](/powershell/module/microsoft.graph.users/update-mguser) ```powershell-Select-MgProfile -Name "beta" $customSecurityAttributes = @{ "Engineering" = @{ "@odata.type" = "#Microsoft.DirectoryServices.CustomSecurityAttributeValue" Update-MgUser -UserId $userId -CustomSecurityAttributes $customSecurityAttribute # [Microsoft Graph](#tab/ms-graph) -[Update user](/graph/api/user-update?view=graph-rest-beta&preserve-view=true) +[Update user](/graph/api/user-update) ```http-PATCH https://graph.microsoft.com/beta/users/{id} +PATCH https://graph.microsoft.com/v1.0/users/{id} { "customSecurityAttributes": { The following example assigns a custom security attribute with a multi-integer v # [PowerShell](#tab/ms-powershell) -[Update-MgUser](/powershell/module/microsoft.graph.users/update-mguser?view=graph-powershell-beta&preserve-view=true) +[Update-MgUser](/powershell/module/microsoft.graph.users/update-mguser) ```powershell-Select-MgProfile -Name "beta" $customSecurityAttributes = @{ "Engineering" = @{ "@odata.type" = "#Microsoft.DirectoryServices.CustomSecurityAttributeValue" Update-MgUser -UserId $userId -CustomSecurityAttributes $customSecurityAttribute # [Microsoft Graph](#tab/ms-graph) -[Update user](/graph/api/user-update?view=graph-rest-beta&preserve-view=true) +[Update user](/graph/api/user-update) ```http-PATCH https://graph.microsoft.com/beta/users/{id} +PATCH https://graph.microsoft.com/v1.0/users/{id} { "customSecurityAttributes": { The following example assigns a custom security attribute with a Boolean value t # [PowerShell](#tab/ms-powershell) -[Update-MgUser](/powershell/module/microsoft.graph.users/update-mguser?view=graph-powershell-beta&preserve-view=true) +[Update-MgUser](/powershell/module/microsoft.graph.users/update-mguser) ```powershell-Select-MgProfile -Name "beta" $customSecurityAttributes = @{ "Engineering" = @{ "@odata.type" = "#Microsoft.DirectoryServices.CustomSecurityAttributeValue" Update-MgUser -UserId $userId -CustomSecurityAttributes $customSecurityAttribute # [Microsoft Graph](#tab/ms-graph) -[Update user](/graph/api/user-update?view=graph-rest-beta&preserve-view=true) +[Update user](/graph/api/user-update) ```http-PATCH https://graph.microsoft.com/beta/users/{id} +PATCH https://graph.microsoft.com/v1.0/users/{id} { "customSecurityAttributes": { The following example updates a custom security attribute assignment with an int # [PowerShell](#tab/ms-powershell) -[Update-MgUser](/powershell/module/microsoft.graph.users/update-mguser?view=graph-powershell-beta&preserve-view=true) +[Update-MgUser](/powershell/module/microsoft.graph.users/update-mguser) ```powershell-Select-MgProfile -Name "beta" $customSecurityAttributes = @{ "Engineering" = @{ "@odata.type" = "#Microsoft.DirectoryServices.CustomSecurityAttributeValue" Update-MgUser -UserId $userId -CustomSecurityAttributes $customSecurityAttribute # [Microsoft Graph](#tab/ms-graph) -[Update user](/graph/api/user-update?view=graph-rest-beta&preserve-view=true) +[Update user](/graph/api/user-update) ```http-PATCH https://graph.microsoft.com/beta/users/{id} +PATCH https://graph.microsoft.com/v1.0/users/{id} { "customSecurityAttributes": { The following example updates a custom security attribute assignment with a Bool # [PowerShell](#tab/ms-powershell) -[Update-MgUser](/powershell/module/microsoft.graph.users/update-mguser?view=graph-powershell-beta&preserve-view=true) +[Update-MgUser](/powershell/module/microsoft.graph.users/update-mguser) ```powershell-Select-MgProfile -Name "beta" $customSecurityAttributes = @{ "Engineering" = @{ "@odata.type" = "#Microsoft.DirectoryServices.CustomSecurityAttributeValue" Update-MgUser -UserId $userId -CustomSecurityAttributes $customSecurityAttribute # [Microsoft Graph](#tab/ms-graph) -[Update user](/graph/api/user-update?view=graph-rest-beta&preserve-view=true) +[Update user](/graph/api/user-update) ```http-PATCH https://graph.microsoft.com/beta/users/{id} +PATCH https://graph.microsoft.com/v1.0/users/{id} { "customSecurityAttributes": { The following example updates a custom security attribute assignment with a mult # [PowerShell](#tab/ms-powershell) -[Update-MgUser](/powershell/module/microsoft.graph.users/update-mguser?view=graph-powershell-beta&preserve-view=true) +[Update-MgUser](/powershell/module/microsoft.graph.users/update-mguser) ```powershell-Select-MgProfile -Name "beta" $customSecurityAttributes = @{ "Engineering" = @{ "@odata.type" = "#Microsoft.DirectoryServices.CustomSecurityAttributeValue" Update-MgUser -UserId $userId -CustomSecurityAttributes $customSecurityAttribute # [Microsoft Graph](#tab/ms-graph) -[Update user](/graph/api/user-update?view=graph-rest-beta&preserve-view=true) +[Update user](/graph/api/user-update) ```http-PATCH https://graph.microsoft.com/beta/users/{id} +PATCH https://graph.microsoft.com/v1.0/users/{id} { "customSecurityAttributes": { The following example gets the custom security attribute assignments for a user. # [PowerShell](#tab/ms-powershell) -[Get-MgUser](/powershell/module/microsoft.graph.users/get-mguser?view=graph-powershell-beta&preserve-view=true) +[Get-MgUser](/powershell/module/microsoft.graph.users/get-mguser) ```powershell-Select-MgProfile -Name "beta" $userAttributes = Get-MgUser -UserId $userId -Property "customSecurityAttributes" $userAttributes.CustomSecurityAttributes.AdditionalProperties | Format-List $userAttributes.CustomSecurityAttributes.AdditionalProperties.Engineering If there are no custom security attributes assigned to the user or if the callin # [Microsoft Graph](#tab/ms-graph) -[Get user](/graph/api/user-get?view=graph-rest-beta&preserve-view=true) +[Get user](/graph/api/user-get) ```http-GET https://graph.microsoft.com/beta/users/{id}?$select=customSecurityAttributes +GET https://graph.microsoft.com/v1.0/users/{id}?$select=customSecurityAttributes ``` ```http {- "@odata.context": "https://graph.microsoft.com/beta/$metadata#users(customSecurityAttributes)/$entity", + "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(customSecurityAttributes)/$entity", "customSecurityAttributes": { "Engineering": { "@odata.type": "#microsoft.graph.customSecurityAttributeValue", The following example lists all users with a custom security attribute assignmen # [PowerShell](#tab/ms-powershell) -[Get-MgUser](/powershell/module/microsoft.graph.users/get-mguser?view=graph-powershell-beta&preserve-view=true) +[Get-MgUser](/powershell/module/microsoft.graph.users/get-mguser) ```powershell-Select-MgProfile -Name "beta" $userAttributes = Get-MgUser -CountVariable CountVar -Property "id,displayName,customSecurityAttributes" -Filter "customSecurityAttributes/Marketing/AppCountry eq 'Canada'" -ConsistencyLevel eventual $userAttributes | select Id,DisplayName,CustomSecurityAttributes $userAttributes.CustomSecurityAttributes.AdditionalProperties | Format-List Value : {[@odata.type, #microsoft.graph.customSecurityAttributeValue], [AppCount # [Microsoft Graph](#tab/ms-graph) -[List users](/graph/api/user-list?view=graph-rest-beta&preserve-view=true) +[List users](/graph/api/user-list) ```http-GET https://graph.microsoft.com/beta/users?$count=true&$select=id,displayName,customSecurityAttributes&$filter=customSecurityAttributes/Marketing/AppCountry eq 'Canada' +GET https://graph.microsoft.com/v1.0/users?$count=true&$select=id,displayName,customSecurityAttributes&$filter=customSecurityAttributes/Marketing/AppCountry eq 'Canada' ConsistencyLevel: eventual ``` ```http {- "@odata.context": "https://graph.microsoft.com/beta/$metadata#users(id,displayName,customSecurityAttributes)", + "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(id,displayName,customSecurityAttributes)", "@odata.count": 2, "value": [ { The following example lists all users with a custom security attribute assignmen # [PowerShell](#tab/ms-powershell) -[Get-MgUser](/powershell/module/microsoft.graph.users/get-mguser?view=graph-powershell-beta&preserve-view=true) +[Get-MgUser](/powershell/module/microsoft.graph.users/get-mguser) ```powershell-Select-MgProfile -Name "beta" $userAttributes = Get-MgUser -CountVariable CountVar -Property "id,displayName,customSecurityAttributes" -Filter "startsWith(customSecurityAttributes/Marketing/EmployeeId,'GS')" -ConsistencyLevel eventual $userAttributes | select Id,DisplayName,CustomSecurityAttributes $userAttributes.CustomSecurityAttributes.AdditionalProperties | Format-List Value : {[@odata.type, #microsoft.graph.customSecurityAttributeValue], [Employee # [Microsoft Graph](#tab/ms-graph) -[List users](/graph/api/user-list?view=graph-rest-beta&preserve-view=true) +[List users](/graph/api/user-list) ```http-GET https://graph.microsoft.com/beta/users?$count=true&$select=id,displayName,customSecurityAttributes&$filter=startsWith(customSecurityAttributes/Marketing/EmployeeId,'GS') +GET https://graph.microsoft.com/v1.0/users?$count=true&$select=id,displayName,customSecurityAttributes&$filter=startsWith(customSecurityAttributes/Marketing/EmployeeId,'GS') ConsistencyLevel: eventual ``` ```http {- "@odata.context": "https://graph.microsoft.com/beta/$metadata#users(id,displayName,customSecurityAttributes)", + "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(id,displayName,customSecurityAttributes)", "@odata.count": 3, "value": [ { The following example lists all users with a custom security attribute assignmen # [PowerShell](#tab/ms-powershell) -[Get-MgUser](/powershell/module/microsoft.graph.users/get-mguser?view=graph-powershell-beta&preserve-view=true) +[Get-MgUser](/powershell/module/microsoft.graph.users/get-mguser) ```powershell-Select-MgProfile -Name "beta" $userAttributes = Get-MgUser -CountVariable CountVar -Property "id,displayName,customSecurityAttributes" -Filter "customSecurityAttributes/Marketing/AppCountry ne 'Canada'" -ConsistencyLevel eventual $userAttributes | select Id,DisplayName,CustomSecurityAttributes ``` d5a1c025-2d79-4ad3-9217-91ac3a4ed8b8 Joe Microsoft.Graph.Po # [Microsoft Graph](#tab/ms-graph) -[List users](/graph/api/user-list?view=graph-rest-beta&preserve-view=true) +[List users](/graph/api/user-list) ```http-GET https://graph.microsoft.com/beta/users?$count=true&$select=id,displayName,customSecurityAttributes&$filter=customSecurityAttributes/Marketing/AppCountry ne 'Canada' +GET https://graph.microsoft.com/v1.0/users?$count=true&$select=id,displayName,customSecurityAttributes&$filter=customSecurityAttributes/Marketing/AppCountry ne 'Canada' ConsistencyLevel: eventual ``` ```http {- "@odata.context": "https://graph.microsoft.com/beta/$metadata#users(id,displayName,customSecurityAttributes)", + "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(id,displayName,customSecurityAttributes)", "@odata.count": 47, "value": [ { $params = @{ } } }-Invoke-MgGraphRequest -Method PATCH -Uri "https://graph.microsoft.com/beta/users/$userId" -Body $params +Invoke-MgGraphRequest -Method PATCH -Uri "https://graph.microsoft.com/v1.0/users/$userId" -Body $params ``` # [Microsoft Graph](#tab/ms-graph) -[Update user](/graph/api/user-update?view=graph-rest-beta&preserve-view=true) +[Update user](/graph/api/user-update) ```http-PATCH https://graph.microsoft.com/beta/users/{id} +PATCH https://graph.microsoft.com/v1.0/users/{id} { "customSecurityAttributes": { The following example removes a multi-valued custom security attribute assignmen # [PowerShell](#tab/ms-powershell) -[Update-MgUser](/powershell/module/microsoft.graph.users/update-mguser?view=graph-powershell-beta&preserve-view=true) +[Update-MgUser](/powershell/module/microsoft.graph.users/update-mguser) ```powershell-Select-MgProfile -Name "beta" $customSecurityAttributes = @{ "Engineering" = @{ "@odata.type" = "#Microsoft.DirectoryServices.CustomSecurityAttributeValue" Update-MgUser -UserId $userId -CustomSecurityAttributes $customSecurityAttribute # [Microsoft Graph](#tab/ms-graph) -[Update user](/graph/api/user-update?view=graph-rest-beta&preserve-view=true) +[Update user](/graph/api/user-update) ```http-PATCH https://graph.microsoft.com/beta/users/{id} +PATCH https://graph.microsoft.com/v1.0/users/{id} { "customSecurityAttributes": { |
active-directory | Custom Security Attributes Add | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/custom-security-attributes-add.md | AdditionalProperties : {} [List attributeSets](/graph/api/directory-list-attributesets) ```http-GET https://graph.microsoft.com/beta/directory/attributeSets +GET https://graph.microsoft.com/v1.0/directory/attributeSets ``` # [Azure AD PowerShell](#tab/aad-powershell) Get-MgDirectoryAttributeSet -Top 10 [List attributeSets](/graph/api/directory-list-attributesets) ```http-GET https://graph.microsoft.com/beta/directory/attributeSets?$top=10 +GET https://graph.microsoft.com/v1.0/directory/attributeSets?$top=10 ``` # [Azure AD PowerShell](#tab/aad-powershell) Get-MgDirectoryAttributeSet -Sort "Id" [List attributeSets](/graph/api/directory-list-attributesets) ```http-GET https://graph.microsoft.com/beta/directory/attributeSets?$orderBy=id +GET https://graph.microsoft.com/v1.0/directory/attributeSets?$orderBy=id ``` # [Azure AD PowerShell](#tab/aad-powershell) AdditionalProperties : {[@odata.context, https://graph.microsoft.com/v1.0/$metad [Get attributeSet](/graph/api/attributeset-get) ```http-GET https://graph.microsoft.com/beta/directory/attributeSets/Engineering +GET https://graph.microsoft.com/v1.0/directory/attributeSets/Engineering ``` # [Azure AD PowerShell](#tab/aad-powershell) Engineering Attributes for engineering team 25 [Create attributeSet](/graph/api/directory-post-attributesets) ```http-POST https://graph.microsoft.com/beta/directory/attributeSets +POST https://graph.microsoft.com/v1.0/directory/attributeSets { "id":"Engineering", "description":"Attributes for engineering team", Update-MgDirectoryAttributeSet -AttributeSetId "Engineering" -BodyParameter $par [Update attributeSet](/graph/api/attributeset-update) ```http-PATCH https://graph.microsoft.com/beta/directory/attributeSets/Engineering +PATCH https://graph.microsoft.com/v1.0/directory/attributeSets/Engineering { "description":"Attributes for engineering team", "maxAttributesPerSet":20 AdditionalProperties : {} [List customSecurityAttributeDefinitions](/graph/api/directory-list-customsecurityattributedefinitions) ```http-GET https://graph.microsoft.com/beta/directory/customSecurityAttributeDefinitions +GET https://graph.microsoft.com/v1.0/directory/customSecurityAttributeDefinitions ``` # [Azure AD PowerShell](#tab/aad-powershell) AdditionalProperties : {} [List customSecurityAttributeDefinitions](/graph/api/directory-list-customsecurityattributedefinitions) ```http-GET https://graph.microsoft.com/beta/directory/customSecurityAttributeDefinitions?$filter=name+eq+'Project'%20and%20status+eq+'Available' +GET https://graph.microsoft.com/v1.0/directory/customSecurityAttributeDefinitions?$filter=name+eq+'Project'%20and%20status+eq+'Available' ``` # [Azure AD PowerShell](#tab/aad-powershell) AdditionalProperties : {} [List customSecurityAttributeDefinitions](/graph/api/directory-list-customsecurityattributedefinitions) ```http-GET https://graph.microsoft.com/beta/directory/customSecurityAttributeDefinitions?$filter=attributeSet+eq+'Engineering'%20and%20status+eq+'Available'%20and%20type+eq+'String' +GET https://graph.microsoft.com/v1.0/directory/customSecurityAttributeDefinitions?$filter=attributeSet+eq+'Engineering'%20and%20status+eq+'Available'%20and%20type+eq+'String' ``` # [Azure AD PowerShell](#tab/aad-powershell) AdditionalProperties : {[@odata.context, https://graph.microsoft.com/v1.0/$me [Get customSecurityAttributeDefinition](/graph/api/customsecurityattributedefinition-get) ```http-GET https://graph.microsoft.com/beta/directory/customSecurityAttributeDefinitions/Engineering_ProjectDate +GET https://graph.microsoft.com/v1.0/directory/customSecurityAttributeDefinitions/Engineering_ProjectDate ``` # [Azure AD PowerShell](#tab/aad-powershell) AdditionalProperties : {[@odata.context, https://graph.microsoft.com/v1.0/$me [Create customSecurityAttributeDefinition](/graph/api/directory-post-customsecurityattributedefinitions) ```http-POST https://graph.microsoft.com/beta/directory/customSecurityAttributeDefinitions +POST https://graph.microsoft.com/v1.0/directory/customSecurityAttributeDefinitions { "attributeSet":"Engineering", "description":"Target completion date", AdditionalProperties : {[@odata.context, https://graph.microsoft.com/v1.0/$me [Create customSecurityAttributeDefinition](/graph/api/directory-post-customsecurityattributedefinitions) ```http-POST https://graph.microsoft.com/beta/directory/customSecurityAttributeDefinitions +POST https://graph.microsoft.com/v1.0/directory/customSecurityAttributeDefinitions { "attributeSet":"Engineering", "description":"Active projects for user", AdditionalProperties : {[@odata.context, https://graph.microsoft.com/v1.0/$me [Create customSecurityAttributeDefinition](/graph/api/directory-post-customsecurityattributedefinitions) ```http-POST https://graph.microsoft.com/beta/directory/customSecurityAttributeDefinitions +POST https://graph.microsoft.com/v1.0/directory/customSecurityAttributeDefinitions { "attributeSet": "Engineering", "description": "Active projects for user", Update-MgDirectoryCustomSecurityAttributeDefinition -CustomSecurityAttributeDefi [Update customSecurityAttributeDefinition](/graph/api/customsecurityattributedefinition-update) ```http-PATCH https://graph.microsoft.com/beta/directory/customSecurityAttributeDefinitions/Engineering_ProjectDate +PATCH https://graph.microsoft.com/v1.0/directory/customSecurityAttributeDefinitions/Engineering_ProjectDate { "description": "Target completion date (YYYY/MM/DD)", } Invoke-MgGraphRequest -Method PATCH -Uri "https://graph.microsoft.com/v1.0/direc > For this request, you must add the **OData-Version** header and assign it the value `4.01`. ```http-PATCH https://graph.microsoft.com/beta/directory/customSecurityAttributeDefinitions/Engineering_Project +PATCH https://graph.microsoft.com/v1.0/directory/customSecurityAttributeDefinitions/Engineering_Project { "allowedValues@delta": [ { Update-MgDirectoryCustomSecurityAttributeDefinition -CustomSecurityAttributeDefi [Update customSecurityAttributeDefinition](/graph/api/customsecurityattributedefinition-update) ```http-PATCH https://graph.microsoft.com/beta/directory/customSecurityAttributeDefinitions/Engineering_Project +PATCH https://graph.microsoft.com/v1.0/directory/customSecurityAttributeDefinitions/Engineering_Project { "status": "Deprecated" } AdditionalProperties : {} [List allowedValues](/graph/api/customsecurityattributedefinition-list-allowedvalues) ```http-GET https://graph.microsoft.com/beta/directory/customSecurityAttributeDefinitions/Engineering_Project/allowedValues +GET https://graph.microsoft.com/v1.0/directory/customSecurityAttributeDefinitions/Engineering_Project/allowedValues ``` # [Azure AD PowerShell](#tab/aad-powershell) AdditionalProperties : {[@odata.context, https://graph.microsoft.com/v1.0/$metad [Get allowedValue](/graph/api/allowedvalue-get) ```http-GET https://graph.microsoft.com/beta/directory/customSecurityAttributeDefinitions/Engineering_Project/allowedValues/Alpine +GET https://graph.microsoft.com/v1.0/directory/customSecurityAttributeDefinitions/Engineering_Project/allowedValues/Alpine ``` # [Azure AD PowerShell](#tab/aad-powershell) AdditionalProperties : {[@odata.context, https://graph.microsoft.com/v1.0/$metad [Create allowedValue](/graph/api/customsecurityattributedefinition-post-allowedvalues) ```http-POST https://graph.microsoft.com/beta/directory/customSecurityAttributeDefinitions/Engineering_Project/allowedValues +POST https://graph.microsoft.com/v1.0/directory/customSecurityAttributeDefinitions/Engineering_Project/allowedValues { "id":"Alpine", "isActive":"true" Update-MgDirectoryCustomSecurityAttributeDefinitionAllowedValue -CustomSecurityA [Update allowedValue](/graph/api/allowedvalue-update) ```http-PATCH https://graph.microsoft.com/beta/directory/customSecurityAttributeDefinitions/Engineering_Project/allowedValues/Alpine +PATCH https://graph.microsoft.com/v1.0/directory/customSecurityAttributeDefinitions/Engineering_Project/allowedValues/Alpine { "isActive":"false" } |
active-directory | Custom Security Attributes Manage | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/custom-security-attributes-manage.md | The following table provides a high-level comparison of the custom security attr | Permission | Global Administrator | Attribute Definition Admin | Attribute Assignment Admin | Attribute Definition Reader | Attribute Assignment Reader | | | :: | :: | :: | :: | :: |-| Read attribute sets | | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | -| Read attribute definitions | | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | -| Read attribute assignments for users and applications (service principals) | | | :heavy_check_mark: | | :heavy_check_mark: | -| Add or edit attribute sets | | :heavy_check_mark: | | | | -| Add, edit, or deactivate attribute definitions | | :heavy_check_mark: | | | | -| Assign attributes to users and applications (service principals) | | | :heavy_check_mark: | | | +| Read attribute sets | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | +| Read attribute definitions | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | +| Read attribute assignments for users and applications (service principals) | | | :white_check_mark: | | :white_check_mark: | +| Add or edit attribute sets | | :white_check_mark: | | | | +| Add, edit, or deactivate attribute definitions | | :white_check_mark: | | | | +| Assign attributes to users and applications (service principals) | | | :white_check_mark: | | | ## Step 4: Determine your delegation strategy $roleAssignment = New-MgRoleManagementDirectoryRoleAssignment -RoleDefinitionId [Create unifiedRoleAssignment](/graph/api/rbacapplication-post-roleassignments) ```http-POST https://graph.microsoft.com/beta/roleManagement/directory/roleAssignments +POST https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignments Content-type: application/json { $roleAssignment = New-MgRoleManagementDirectoryRoleAssignment -RoleDefinitionId [Create unifiedRoleAssignment](/graph/api/rbacapplication-post-roleassignments) ```http-POST https://graph.microsoft.com/beta/roleManagement/directory/roleAssignments +POST https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignments Content-type: application/json { |
active-directory | Custom Security Attributes Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/fundamentals/custom-security-attributes-overview.md | Custom security attributes in Microsoft Entra ID are business-specific attribute ## Why use custom security attributes? +Here are some scenarios where you could use custom security attributes: + - Extend user profiles, such as add Hourly Salary to all my employees. - Ensure only administrators can see the Hourly Salary attribute in my employees' profiles. - Categorize hundreds or thousands of applications to easily create a filterable inventory for auditing. Custom security attributes in Microsoft Entra ID are business-specific attribute ## What can I do with custom security attributes? +Custom security attributes include these capabilities: + - Define business-specific information (attributes) for your tenant.-- Add a set of custom security attributes on users, applications, Microsoft Entra resources, or Azure resources.+- Add a set of custom security attributes on users and applications. - Manage Microsoft Entra objects using custom security attributes with queries and filters. - Provide attribute governance so attributes determine who can get access. +Custom security attributes **aren't** supported in the following areas: ++- [Microsoft Entra Domain Services](../../active-directory-domain-services/overview.md) +- [SAML token claims](../develop/saml-claims-customization.md) + ## Features of custom security attributes +Custom security attributes include these features: + - Available tenant-wideΓÇï - Include a description - Support different data types: Boolean, integer, stringΓÇï The following example shows how you can specify custom security attribute values ## Objects that support custom security attributes -Currently, you can add custom security attributes for the following Microsoft Entra objects: +You can add custom security attributes for the following Microsoft Entra objects: - Microsoft Entra users - Microsoft Entra enterprise applications (service principals)-- Managed identities for Azure resources ## How do custom security attributes compare with extensions? To better understand custom security attributes, you can refer back to the follo | attribute definition | The schema of a custom security attribute or key-value pair. For example, the custom security attribute name, description, data type, and predefined values. | | attribute set | A collection of related custom security attributes. Attribute sets can be delegated to other users for defining and assigning custom security attributes. | | attribute name | A unique name of a custom security attribute within an attribute set. The combination of attribute set and attribute name forms a unique attribute for your tenant. |-| attribute assignment | The assignment of a custom security attribute to a Microsoft Entra object, such as users, enterprise applications (service principals), and managed identities. | +| attribute assignment | The assignment of a custom security attribute to a Microsoft Entra object, such as users and enterprise applications (service principals). | | predefined value | A value that is allowed for a custom security attribute. | ## Custom security attribute properties The following table lists the properties you can specify for attribute sets and | Property | Required | Can be changed later | Description | | | :: | :: | |-| Attribute set name | :heavy_check_mark: | | Name of the attribute set. Must be unique within a tenant. Cannot include spaces or special characters. | -| Attribute set description | | :heavy_check_mark: | Description of the attribute set. | -| Maximum number of attributes | | :heavy_check_mark: | Maximum number of custom security attributes that can be defined in an attribute set. Default value is `null`. If not specified, the administrator can add up to the maximum of 500 active attributes per tenant. | -| Attribute set | :heavy_check_mark: | | A collection of related custom security attributes. Every custom security attribute must be part of an attribute set. | -| Attribute name | :heavy_check_mark: | | Name of the custom security attribute. Must be unique within an attribute set. Cannot include spaces or special characters. | -| Attribute description | | :heavy_check_mark: | Description of the custom security attribute. | -| Data type | :heavy_check_mark: | | Data type for the custom security attribute values. Supported types are `Boolean`, `Integer`, and `String`. | -| Allow multiple values to be assigned | :heavy_check_mark: | | Indicates whether multiple values can be assigned to the custom security attribute. If data type is set to `Boolean`, cannot be set to Yes. | -| Only allow predefined values to be assigned | :heavy_check_mark: | | Indicates whether only predefined values can be assigned to the custom security attribute. If set to No, free-form values are allowed. Can later be changed from Yes to No, but cannot be changed from No to Yes. If data type is set to `Boolean`, cannot be set to Yes.| +| Attribute set name | :white_check_mark: | | Name of the attribute set. Must be unique within a tenant. Cannot include spaces or special characters. | +| Attribute set description | | :white_check_mark: | Description of the attribute set. | +| Maximum number of attributes | | :white_check_mark: | Maximum number of custom security attributes that can be defined in an attribute set. Default value is `null`. If not specified, the administrator can add up to the maximum of 500 active attributes per tenant. | +| Attribute set | :white_check_mark: | | A collection of related custom security attributes. Every custom security attribute must be part of an attribute set. | +| Attribute name | :white_check_mark: | | Name of the custom security attribute. Must be unique within an attribute set. Cannot include spaces or special characters. | +| Attribute description | | :white_check_mark: | Description of the custom security attribute. | +| Data type | :white_check_mark: | | Data type for the custom security attribute values. Supported types are `Boolean`, `Integer`, and `String`. | +| Allow multiple values to be assigned | :white_check_mark: | | Indicates whether multiple values can be assigned to the custom security attribute. If data type is set to `Boolean`, cannot be set to Yes. | +| Only allow predefined values to be assigned | :white_check_mark: | | Indicates whether only predefined values can be assigned to the custom security attribute. If set to No, free-form values are allowed. Can later be changed from Yes to No, but cannot be changed from No to Yes. If data type is set to `Boolean`, cannot be set to Yes.| | Predefined values | | | Predefined values for the custom security attribute of the selected data type. More predefined values can be added later. Values can include spaces, but some special characters are not allowed. |-| Predefined value is active | | :heavy_check_mark: | Specifies whether the predefined value is active or deactivated. If set to false, the predefined value cannot be assigned to any additional supported directory objects. | -| Attribute is active | | :heavy_check_mark: | Specifies whether the custom security attribute is active or deactivated. | +| Predefined value is active | | :white_check_mark: | Specifies whether the predefined value is active or deactivated. If set to false, the predefined value cannot be assigned to any additional supported directory objects. | +| Attribute is active | | :white_check_mark: | Specifies whether the custom security attribute is active or deactivated. | ## Limits and constraints Depending on whether you have a Microsoft Entra ID P1 or P2 license, here are th | Role assignment task | Premium P1 | Premium P2 | | | :: | :: |-| Permanent role assignments | :heavy_check_mark: | :heavy_check_mark: | -| Eligible role assignments | n/a | :heavy_check_mark: | -| Permanent role assignments at attribute set scope | :heavy_check_mark: | :heavy_check_mark: | +| Permanent role assignments | :white_check_mark: | :white_check_mark: | +| Eligible role assignments | n/a | :white_check_mark: | +| Permanent role assignments at attribute set scope | :white_check_mark: | :white_check_mark: | | Eligible role assignments at attribute set scope | n/a | :x: |-| **Assigned roles** page lists permanent role assignments at attribute set scope | :heavy_check_mark: | :warning:<br/>Role assignments exist, but aren't listed | +| **Assigned roles** page lists permanent role assignments at attribute set scope | :white_check_mark: | :warning:<br/>Role assignments exist, but aren't listed | ## License requirements |
active-directory | Custom Security Attributes Apps | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory/manage-apps/custom-security-attributes-apps.md | For other similar Microsoft Graph API examples for users, see [Assign, update, l ### Assign a custom security attribute with a multi-string value to an application (service principal) -Use the [Update servicePrincipal](/graph/api/serviceprincipal-update?view=graph-rest-beta&preserve-view=true) API to assign a custom security attribute with a string value to an application. +Use the [Update servicePrincipal](/graph/api/serviceprincipal-update) API to assign a custom security attribute with a string value to an application. Given the values Given the values - Attribute value: "Baker" ```http-PATCH https://graph.microsoft.com/beta/servicePrincipals/{id} +PATCH https://graph.microsoft.com/v1.0/servicePrincipals/{id} Content-type: application/json { Content-type: application/json Provide the new set of attribute values that you would like to reflect on the application. In this example, we're adding one more value for project attribute. ```http-PATCH https://graph.microsoft.com/beta/servicePrincipals/{id} +PATCH https://graph.microsoft.com/v1.0/servicePrincipals/{id} Content-type: application/json { Content-type: application/json This example filters a list of applications with a custom security attribute assignment that equals the specified value. ```http-GET https://graph.microsoft.com/beta/servicePrincipals?$count=true&$select=id,displayName,customSecurityAttributes&$filter=customSecurityAttributes/Engineering/Project eq 'Baker'ConsistencyLevel: eventual +GET https://graph.microsoft.com/v1.0/servicePrincipals?$count=true&$select=id,displayName,customSecurityAttributes&$filter=customSecurityAttributes/Engineering/Project eq 'Baker'ConsistencyLevel: eventual ``` ### Remove custom security attribute assignments from an application GET https://graph.microsoft.com/beta/servicePrincipals?$count=true&$select=id,di In this example, we remove a custom security attribute assignment that supports multiple values. ```http-PATCH https://graph.microsoft.com/beta/servicePrincipals/{id} +PATCH https://graph.microsoft.com/v1.0/servicePrincipals/{id} Content-type: application/json { |
advisor | Advisor Reference Reliability Recommendations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/advisor/advisor-reference-reliability-recommendations.md | Title: Reliability recommendations description: Full list of available reliability recommendations in Advisor.+++ - Previously updated : 02/04/2022 Last updated : 09/27/2023 # Reliability recommendations Learn more about [Azure FarmBeats - FarmBeatsPythonSdkVersion (Upgrade to the la ## API Management - ### SSL/TLS renegotiation blocked SSL/TLS renegotiation attempt blocked. Renegotiation happens when a client certificate is requested over an already established connection. When it is blocked, reading 'context.Request.Certificate' in policy expressions returns 'null'. To support client certificate authentication scenarios, enable 'Negotiate client certificate' on listed hostnames. For browser-based clients, enabling this option might result in a certificate prompt being presented to the client. Learn more about [Api Management - HostnameCertRotationFail (Hostname certificat We detected the minimal replica count set for your container app may be lower than optimal. Consider increasing the minimal replica count for better availability. -Learn more about [Resource - ContainerAppMinimalReplicaCountTooLow (Increase the minimal replica count for your container app)](https://aka.ms/containerappscalingrules). +Learn more about [Microsoft App Container App - ContainerAppMinimalReplicaCountTooLow (Increase the minimal replica count for your container app)](https://aka.ms/containerappscalingrules). ++### Renew custom domain certificate ++We detected the custom domain certificate you uploaded is near expiration. Please renew your certificate and upload the new certificate for your container apps. ++Learn more about [Microsoft App Container App - ContainerAppCustomDomainCertificateNearExpiration (Renew custom domain certificate)](https://aka.ms/containerappcustomdomaincert). ++### A potential networking issue has been identified with your Container Apps Environment that requires it to be re-created to avoid DNS issues ++A potential networking issue has been identified for your Container Apps Environments. To prevent this potential networking issue from impacting your Container Apps Environment, create a new Container Apps Environment, re-create your Container Apps in the new environment, and delete the old Container Apps Environment ++Learn more about [Managed Environment - CreateNewContainerAppsEnvironment (A potential networking issue has been identified with your Container Apps Environment that requires it to be re-created to avoid DNS issues)](https://aka.ms/createcontainerapp). ## Cache for Redis Learn more about [Front Door Profile - SwitchVersionBYOC (Switch Secret version ### Migrate Virtual Machines to Availability Zones -By migrating virtual machines to Availability Zones, you can ensure the isolation of your VMs from potential failures in other zones. With this, you can expect enhanced resiliency in your workload by avoiding downtime and business interruptions. +By migrating virtual machines to Availability Zones, you can ensure the isolation of your VMs from potential failures in other zones, and you can expect enhanced resiliency in your workload by avoiding downtime and business interruptions. Learn more about [Availability Zones](../reliability/availability-zones-overview.md). Learn more about [Virtual machine - MigrateStandardStorageAccountToPremium (Upgr ### Enable virtual machine replication to protect your applications from regional outage -Virtual machines which do not have replication enabled to another region are not resilient to regional outages. Replicating the machines drastically reduce any adverse business impact during the time of an Azure region outage. We highly recommend enabling replication of all the business critical virtual machines from the below list so that in an event of an outage, you can quickly bring up your machines in remote Azure region. +Virtual machines that do not have replication enabled to another region, are not resilient to regional outages. Replicating the machines drastically reduce any adverse business impact during the time of an Azure region outage. We highly recommend enabling replication of all the business critical virtual machines from the below list so that in an event of an outage, you can quickly bring up your machines in remote Azure region. Learn more about [Virtual machine - ASRUnprotectedVMs (Enable virtual machine replication to protect your applications from regional outage)](https://aka.ms/azure-site-recovery-dr-azure-vms). ### Upgrade VM from Premium Unmanaged Disks to Managed Disks at no extra cost Learn more about [Availability set - ManagedDisksAvSet (Use Managed Disks to imp ### Check Point Virtual Machine may lose Network Connectivity. -We have identified that your Virtual Machine might be running a version of Check Point image that has been known to lose network connectivity in the event of a platform servicing operation. It is recommended that you upgrade to a newer version of the image that addresses this issue. Contact Check Point for further instructions on how to upgrade your image. +We have identified that your Virtual Machine might be running a version of Check Point image that has been known to lose network connectivity in the event of a platform servicing operation. It is recommended that you upgrade to a newer version of the image. Contact Check Point for further instructions on how to upgrade your image. Learn more about [Virtual machine - CheckPointPlatformServicingKnownIssueA (Check Point Virtual Machine may lose Network Connectivity.)](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk151752&partition=Advanced&product=CloudGuard). ### Access to mandatory URLs missing for your Azure Virtual Desktop environment -In order for a session host to deploy and register to Azure Virtual Desktop properly, you need to add a set of URLs to allowed list in case your virtual machine runs in restricted environment. After visiting the "Learn More" link, you see the minimum list of URLs you need to unblock to have a successful deployment and functional session host. For specific URL(s) missing from allowed list, you may also search Application event log for event 3702. +In order for a session host to deploy and register to Azure Virtual Desktop properly, you need to add a set of URLs to the allowed list, in case your virtual machine runs in a restricted environment. After visiting the "Learn More" link, you see the minimum list of URLs you need to unblock to have a successful deployment and functional session host. For specific URL(s) missing from allowed list, you may also search Application event log for event 3702. Learn more about [Virtual machine - SessionHostNeedsAssistanceForUrlCheck (Access to mandatory URLs missing for your Azure Virtual Desktop environment)](../virtual-desktop/safe-url-list.md). Learn more about [Virtual machine - SessionHostNeedsAssistanceForUrlCheck (Acces ### Improve PostgreSQL availability by removing inactive logical replication slots -Our internal telemetry indicates that your PostgreSQL server may have inactive logical replication slots. THIS NEEDS IMMEDIATE ATTENTION. This can result in degraded server performance and unavailability due to WAL file retention and buildup of snapshot files. To improve performance and availability, we STRONGLY recommend that you IMMEDIATELY either delete the inactive replication slots, or start consuming the changes from these slots so that the slots' Log Sequence Number (LSN) advances and is close to the current LSN of the server. +Our internal telemetry indicates that your PostgreSQL server may have inactive logical replication slots. THIS NEEDS IMMEDIATE ATTENTION. Inactive logical replication can result in degraded server performance and unavailability due to WAL file retention and buildup of snapshot files. To improve performance and availability, we STRONGLY recommend that you IMMEDIATELY either delete the inactive replication slots, or start consuming the changes from these slots so that the slots' Log Sequence Number (LSN) advances and is close to the current LSN of the server. Learn more about [PostgreSQL server - OrcasPostgreSqlLogicalReplicationSlots (Improve PostgreSQL availability by removing inactive logical replication slots)](https://aka.ms/azure_postgresql_logical_decoding). |
ai-services | App Schema Definition | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/app-schema-definition.md | Title: App schema definition description: The LUIS app is represented in either the `.json` or `.lu` and includes all intents, entities, example utterances, features, and settings.--++ |
ai-services | Choose Natural Language Processing Service | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/choose-natural-language-processing-service.md | Title: Use NLP with QnA Maker for chat bots description: Azure AI services provides two natural language processing services, Language Understanding and QnA Maker, each with a different purpose. Understand when to use each service and how they compliment each other.--++ |
ai-services | Client Libraries Rest Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/client-libraries-rest-api.md | Title: "Quickstart: Language Understanding (LUIS) SDK client libraries and REST description: Create and query a LUIS app with the LUIS SDK client libraries and REST API. Last updated 03/07/2022-+ -+ keywords: Azure, artificial intelligence, ai, natural language processing, nlp, LUIS, azure luis, natural language understanding, ai chatbot, chatbot maker, understanding natural language ms.devlang: csharp, javascript, python |
ai-services | Application Design | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/concepts/application-design.md | |
ai-services | Entities | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/concepts/entities.md | |
ai-services | Intents | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/concepts/intents.md | |
ai-services | Patterns Features | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/concepts/patterns-features.md | |
ai-services | Utterances | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/concepts/utterances.md | Title: Utterances description: Utterances concepts-+ ms.-+ Last updated 07/19/2022 |
ai-services | Data Collection | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/data-collection.md | Title: Data collection description: Learn what example data to collect while developing your app--++ |
ai-services | Developer Reference Resource | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/developer-reference-resource.md | Title: Developer resources - Language Understanding description: SDKs, REST APIs, CLI, help you develop Language Understanding (LUIS) apps in your programming language. Manage your Azure resources and LUIS predictions.--++ |
ai-services | Encrypt Data At Rest | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/encrypt-data-at-rest.md | description: Microsoft offers Microsoft-managed encryption keys, and also lets y --++ Last updated 08/28/2020 |
ai-services | Faq | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/faq.md | Title: LUIS frequently asked questions description: Use this article to see frequently asked questions about LUIS, and troubleshooting information-+ ms.-+ Last updated 07/19/2022 |
ai-services | Get Started Get Model Rest Apis | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/get-started-get-model-rest-apis.md | |
ai-services | How To Application Settings Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/how-to-application-settings-portal.md | Title: "Application settings" description: Configure your application and version settings in the LUIS portal such as utterance normalization and app privacy.--++ |
ai-services | Entities | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/how-to/entities.md | Title: How to use entities in LUIS description: Learn how to use entities with LUIS.-+ ms.-+ Last updated 01/05/2022 |
ai-services | Improve Application | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/how-to/improve-application.md | Title: How to improve LUIS application description: Learn how to improve LUIS application-+ ms.-+ Last updated 01/07/2022 |
ai-services | Intents | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/how-to/intents.md | Title: How to use intents in LUIS description: Learn how to use intents with LUIS.-+ ms.-+ Last updated 01/07/2022 |
ai-services | Label Utterances | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/how-to/label-utterances.md | Title: How to label example utterances in LUIS description: Learn how to label example utterance in LUIS.-+ ms.-+ Last updated 01/05/2022 |
ai-services | Orchestration Projects | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/how-to/orchestration-projects.md | Title: Use LUIS and question answering description: Learn how to use LUIS and question answering using orchestration.-+ ms.-+ Last updated 05/23/2022 |
ai-services | Publish | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/how-to/publish.md | Title: Publish description: Learn how to publish.-+ ms.-+ Last updated 12/14/2021 |
ai-services | Sign In | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/how-to/sign-in.md | Title: Sign in to the LUIS portal and create an app description: Learn how to sign in to LUIS and create application.-+ ms.-+ Last updated 07/19/2022 |
ai-services | Train Test | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/how-to/train-test.md | Title: How to use train and test description: Learn how to train and test the application.-+ ms.-+ Last updated 01/10/2022 |
ai-services | Howto Add Prebuilt Models | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/howto-add-prebuilt-models.md | |
ai-services | Luis Concept Data Alteration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-concept-data-alteration.md | Title: Data alteration - LUIS description: Learn how data can be changed before predictions in Language Understanding (LUIS)--++ |
ai-services | Luis Concept Data Conversion | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-concept-data-conversion.md | |
ai-services | Luis Concept Data Extraction | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-concept-data-extraction.md | Title: Data extraction - LUIS description: Extract data from utterance text with intents and entities. Learn what kind of data can be extracted from Language Understanding (LUIS).--++ |
ai-services | Luis Concept Data Storage | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-concept-data-storage.md | |
ai-services | Luis Concept Devops Automation | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-concept-devops-automation.md | Title: Continuous Integration and Continuous Delivery workflows for LUIS apps description: How to implement CI/CD workflows for DevOps for Language Understanding (LUIS).--++ Last updated 06/01/2021 |
ai-services | Luis Concept Devops Sourcecontrol | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-concept-devops-sourcecontrol.md | Title: Source control and development branches - LUIS description: How to maintain your Language Understanding (LUIS) app under source control. How to apply updates to a LUIS app while working in a development branch.--++ Last updated 06/14/2022 |
ai-services | Luis Concept Devops Testing | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-concept-devops-testing.md | Title: Testing for DevOps for LUIS apps description: How to test your Language Understanding (LUIS) app in a DevOps environment.--++ |
ai-services | Luis Concept Model | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-concept-model.md | Title: Design with models - LUIS description: Language understanding provides several types of models. Some models can be used in more than one way.-+ ms.-+ Last updated 01/07/2022 |
ai-services | Luis Concept Prebuilt Model | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-concept-prebuilt-model.md | |
ai-services | Luis Concept Prediction Score | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-concept-prediction-score.md | Title: Prediction scores - LUIS description: A prediction score indicates the degree of confidence the LUIS API service has for prediction results, based on a user utterance.--++ |
ai-services | Luis Container Configuration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-container-configuration.md | |
ai-services | Luis Container Howto | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-container-howto.md | |
ai-services | Luis Container Limitations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-container-limitations.md | description: The LUIS container languages that are supported. --++ Last updated 10/28/2021 |
ai-services | Luis Get Started Create App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-get-started-create-app.md | Title: "Quickstart: Build your app in LUIS portal" description: This quickstart shows how to create a LUIS app that uses the prebuilt domain `HomeAutomation` for turning lights and appliances on and off. This prebuilt domain provides intents, entities, and example utterances for you. When you're finished, you'll have a LUIS endpoint running in the cloud.--++ ms. |
ai-services | Luis Get Started Get Intent From Browser | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-get-started-get-intent-from-browser.md | Title: "How to query for predictions using a browser - LUIS" description: In this article, use an available public LUIS app to determine a user's intention from conversational text in a browser.--++ |
ai-services | Luis Glossary | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-glossary.md | Title: Glossary - LUIS description: The glossary explains terms that you might encounter as you work with the LUIS API Service.--++ Last updated 03/21/2022 |
ai-services | Luis How To Azure Subscription | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-how-to-azure-subscription.md | |
ai-services | Luis How To Batch Test | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-how-to-batch-test.md | |
ai-services | Luis How To Collaborate | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-how-to-collaborate.md | |
ai-services | Luis How To Manage Versions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-how-to-manage-versions.md | |
ai-services | Luis How To Model Intent Pattern | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-how-to-model-intent-pattern.md | |
ai-services | Luis How To Use Dashboard | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-how-to-use-dashboard.md | |
ai-services | Luis Language Support | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-language-support.md | |
ai-services | Luis Limits | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-limits.md | Title: Limits - LUIS description: This article contains the known limits of Azure AI Language Understanding (LUIS). LUIS has several limits areas. Model limit controls intents, entities, and features in LUIS. Quota limits based on key type. Keyboard combination controls the LUIS website.--++ |
ai-services | Luis Migration Api V1 To V2 | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-migration-api-v1-to-v2.md | |
ai-services | Luis Migration Api V3 | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-migration-api-v3.md | Title: Prediction endpoint changes in the V3 API description: The query prediction endpoint V3 APIs have changed. Use this guide to understand how to migrate to version 3 endpoint APIs.-+ ms. -+ Last updated 05/28/2021 |
ai-services | Luis Migration Authoring Entities | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-migration-authoring-entities.md | Title: Migrate to V3 machine-learning entity description: The V3 authoring provides one new entity type, the machine-learning entity, along with the ability to add relationships to the machine-learning entity and other entities or features of the application.--++ |
ai-services | Luis Migration Authoring | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-migration-authoring.md | |
ai-services | Luis Reference Application Settings | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-reference-application-settings.md | Title: Application settings - LUIS description: Applications settings for Azure AI services language understanding apps are stored in the app and portal.--++ |
ai-services | Luis Reference Prebuilt Age | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-reference-prebuilt-age.md | |
ai-services | Luis Reference Prebuilt Currency | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-reference-prebuilt-currency.md | |
ai-services | Luis Reference Prebuilt Datetimev2 | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-reference-prebuilt-datetimev2.md | |
ai-services | Luis Reference Prebuilt Deprecated | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-reference-prebuilt-deprecated.md | |
ai-services | Luis Reference Prebuilt Dimension | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-reference-prebuilt-dimension.md | |
ai-services | Luis Reference Prebuilt Domains | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-reference-prebuilt-domains.md | |
ai-services | Luis Reference Prebuilt Email | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-reference-prebuilt-email.md | |
ai-services | Luis Reference Prebuilt Entities | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-reference-prebuilt-entities.md | |
ai-services | Luis Reference Prebuilt Geographyv2 | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-reference-prebuilt-geographyV2.md | |
ai-services | Luis Reference Prebuilt Keyphrase | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-reference-prebuilt-keyphrase.md | |
ai-services | Luis Reference Prebuilt Number | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-reference-prebuilt-number.md | |
ai-services | Luis Reference Prebuilt Ordinal V2 | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-reference-prebuilt-ordinal-v2.md | |
ai-services | Luis Reference Prebuilt Ordinal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-reference-prebuilt-ordinal.md | |
ai-services | Luis Reference Prebuilt Percentage | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-reference-prebuilt-percentage.md | |
ai-services | Luis Reference Prebuilt Person | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-reference-prebuilt-person.md | |
ai-services | Luis Reference Prebuilt Phonenumber | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-reference-prebuilt-phonenumber.md | |
ai-services | Luis Reference Prebuilt Sentiment | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-reference-prebuilt-sentiment.md | |
ai-services | Luis Reference Prebuilt Temperature | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-reference-prebuilt-temperature.md | |
ai-services | Luis Reference Prebuilt Url | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-reference-prebuilt-url.md | |
ai-services | Luis Reference Regions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-reference-regions.md | Title: Publishing regions & endpoints - LUIS description: The region specified in the Azure portal is the same where you will publish the LUIS app and an endpoint URL is generated for this same region.--++ |
ai-services | Luis Reference Response Codes | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-reference-response-codes.md | |
ai-services | Luis Traffic Manager | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-traffic-manager.md | |
ai-services | Luis Tutorial Bing Spellcheck | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-tutorial-bing-spellcheck.md | |
ai-services | Luis Tutorial Node Import Utterances Csv | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-tutorial-node-import-utterances-csv.md | |
ai-services | Luis User Privacy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-user-privacy.md | |
ai-services | Migrate From Composite Entity | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/migrate-from-composite-entity.md | Title: Upgrade composite entity - LUIS description: Upgrade composite entity to machine-learning entity with upgrade process in the LUIS portal.--++ |
ai-services | Reference Entity List | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/reference-entity-list.md | Title: List entity type - LUIS description: List entities represent a fixed, closed set of related words along with their synonyms. LUIS does not discover additional values for list entities. Use the Recommend feature to see suggestions for new words based on the current list.-+ ms. -+ Last updated 01/05/2022 |
ai-services | Reference Entity Machine Learned Entity | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/reference-entity-machine-learned-entity.md | |
ai-services | Reference Entity Pattern Any | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/reference-entity-pattern-any.md | |
ai-services | Reference Entity Regular Expression | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/reference-entity-regular-expression.md | Title: Regular expression entity type - LUIS description: A regular expression is best for raw utterance text. It ignores case and ignores cultural variant. Regular expression matching is applied after spell-check alterations at the character level, not the token level.--++ |
ai-services | Reference Entity Simple | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/reference-entity-simple.md | |
ai-services | Reference Pattern Syntax | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/reference-pattern-syntax.md | Title: Pattern syntax reference - LUIS description: Create entities to extract key data from user utterances in Language Understanding (LUIS) apps. Extracted data is used by the client application.-+ -+ Last updated 04/18/2022 |
ai-services | Role Based Access Control | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/role-based-access-control.md | description: Use this article to learn how to add access control to your LUIS re --++ Last updated 08/23/2022 |
ai-services | Schema Change Prediction Runtime | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/schema-change-prediction-runtime.md | Title: Extend app at runtime - LUIS description: Learn how to extend an already published prediction endpoint to pass new information.-+ -+ Last updated 04/14/2020 |
ai-services | Build Decomposable Application | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/tutorial/build-decomposable-application.md | Title: Build a decomposable LUIS application description: Use this tutorial to learn how to build a decomposable application.-+ ms.-+ Last updated 01/10/2022 |
ai-services | What Is Luis | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/what-is-luis.md | Title: Language Understanding (LUIS) Overview description: Language Understanding (LUIS) - a cloud-based API service using machine-learning to conversational, natural language to predict meaning and extract information. keywords: Azure, artificial intelligence, ai, natural language processing, nlp, natural language understanding, nlu, LUIS, conversational AI, ai chatbot, nlp ai, azure luis--++ Last updated 07/19/2022 |
ai-services | Whats New | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/whats-new.md | Title: What's New - Language Understanding (LUIS) description: This article is regularly updated with news about the Azure AI Language Understanding API.-+ -+ Last updated 02/24/2022 |
ai-services | Best Practices | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/question-answering/how-to/best-practices.md | Title: Project best practices description: Best practices for Question Answering--++ |
ai-services | Export Import Refresh | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/question-answering/how-to/export-import-refresh.md | Title: Export/import/refresh | question answering projects and projects description: Learn about backing up your question answering projects and projects--++ |
ai-services | Azure Resources | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/Concepts/azure-resources.md | Title: Azure resources - QnA Maker description: QnA Maker uses several Azure sources, each with a different purpose. Understanding how they are used individually allows you to plan for and select the correct pricing tier or know when to change your pricing tier. Understanding how they are used in combination allows you to find and fix problems when they occur.-+ -+ Last updated 02/02/2022 |
ai-services | Best Practices | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/Concepts/best-practices.md | Title: Best practices - QnA Maker description: Use these best practices to improve your knowledge base and provide better results to your application/chat bot's end users.-+ -+ Last updated 11/19/2021 |
ai-services | Confidence Score | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/Concepts/confidence-score.md | |
ai-services | Data Sources And Content | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/Concepts/data-sources-and-content.md | Title: Data sources and content types - QnA Maker description: Learn how to import question and answer pairs from data sources and supported content types, which include many standard structured documents such as PDF, DOCX, and TXT - QnA Maker.-+ -+ Last updated 01/11/2022 |
ai-services | Development Lifecycle Knowledge Base | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/Concepts/development-lifecycle-knowledge-base.md | Title: Lifecycle of knowledge base - QnA Maker description: QnA Maker learns best in an iterative cycle of model changes, utterance examples, publishing, and gathering data from endpoint queries.-+ -+ Last updated 09/01/2020 |
ai-services | Plan | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/Concepts/plan.md | Title: Plan your app - QnA Maker description: Learn how to plan your QnA Maker app. Understand how QnA Maker works and interacts with other Azure services and some knowledge base concepts.-+ -+ Last updated 11/02/2021 |
ai-services | Question Answer Set | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/Concepts/question-answer-set.md | Title: Design knowledge base - QnA Maker concepts description: Learn how to design a knowledge base - QnA Maker.--++ |
ai-services | Role Based Access Control | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/Concepts/role-based-access-control.md | Title: Collaborate with others - QnA Maker description: Learn how to collaborate with other authors and editors using Azure role-based access control.--++ |
ai-services | Add Sharepoint Datasources | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/How-To/add-sharepoint-datasources.md | Title: SharePoint files - QnA Maker description: Add secured SharePoint data sources to your knowledge base to enrich the knowledge base with questions and answers that may be secured with Active Directory.-+ -+ Last updated 01/25/2022 |
ai-services | Change Default Answer | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/How-To/change-default-answer.md | Title: Get default answer - QnA Maker description: The default answer is returned when there is no match to the question. You may want to change the default answer from the standard default answer.-+ -+ Last updated 11/09/2020 |
ai-services | Chit Chat Knowledge Base | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/How-To/chit-chat-knowledge-base.md | |
ai-services | Configure Qna Maker Resources | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/How-To/configure-qna-maker-resources.md | Title: Configure QnA Maker service - QnA Maker description: This document outlines advanced configurations for your QnA Maker resources.-+ -+ Last updated 08/25/2021 |
ai-services | Edit Knowledge Base | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/How-To/edit-knowledge-base.md | Title: Edit a knowledge base - QnA Maker description: QnA Maker allows you to manage the content of your knowledge base by providing an easy-to-use editing experience.-+ -+ Last updated 11/19/2021 |
ai-services | Get Analytics Knowledge Base | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/How-To/get-analytics-knowledge-base.md | |
ai-services | Improve Knowledge Base | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/How-To/improve-knowledge-base.md | Title: Active Learning suggested questions - QnA Maker description: Improve the quality of your knowledge base with active learning. Review, accept or reject, add without removing or changing existing questions.--++ Last updated 01/11/2022 |
ai-services | Manage Knowledge Bases | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/How-To/manage-knowledge-bases.md | Title: Manage knowledge bases - QnA Maker description: QnA Maker allows you to manage your knowledge bases by providing access to the knowledge base settings and content.-+ -+ Last updated 03/18/2020 |
ai-services | Manage Qna Maker App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/How-To/manage-qna-maker-app.md | Title: Manage QnA Maker App - QnA Maker description: QnA Maker allows multiple people to collaborate on a knowledge base. QnA Maker offers a capability to improve the quality of your knowledge base with active learning. One can review, accept or reject, and add without removing or changing existing questions.-+ -+ Last updated 11/09/2020 |
ai-services | Metadata Generateanswer Usage | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/How-To/metadata-generateanswer-usage.md | |
ai-services | Multi Turn | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/How-To/multi-turn.md | Title: Multi-turn conversations - QnA Maker description: Use prompts and context to manage the multiple turns, known as multi-turn, for your bot from one question to another. Multi-turn is the ability to have a back-and-forth conversation where the previous question's context influences the next question and answer.--++ |
ai-services | Network Isolation | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/How-To/network-isolation.md | Title: Network isolation description: Users can restrict public access to QnA Maker resources.-+ -+ Last updated 11/02/2021 |
ai-services | Query Knowledge Base With Metadata | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/How-To/query-knowledge-base-with-metadata.md | |
ai-services | Set Up Qnamaker Service Azure | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/How-To/set-up-qnamaker-service-azure.md | Title: Set up a QnA Maker service - QnA Maker description: Before you can create any QnA Maker knowledge bases, you must first set up a QnA Maker service in Azure. Anyone with authorization to create new resources in a subscription can set up a QnA Maker service.-+ -+ Last updated 09/14/2021 |
ai-services | Test Knowledge Base | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/How-To/test-knowledge-base.md | Title: How to test a knowledge base - QnA Maker description: Testing your QnA Maker knowledge base is an important part of an iterative process to improve the accuracy of the responses being returned. You can test the knowledge base through an enhanced chat interface that also allows you make edits.-+ -+ Last updated 11/02/2021 |
ai-services | Use Active Learning | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/How-To/use-active-learning.md | Title: Use active learning with knowledge base - QnA Maker description: Learn to improve the quality of your knowledge base with active learning. Review, accept or reject, add without removing or changing existing questions.-+ -+ Last updated 11/02/2021 |
ai-services | Using Prebuilt Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/How-To/using-prebuilt-api.md | |
ai-services | Language Support | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/Overview/language-support.md | |
ai-services | Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/Overview/overview.md | Title: What is QnA Maker service? description: QnA Maker is a cloud-based NLP service that easily creates a natural conversational layer over your data. It can be used to find the most appropriate answer for any given natural language input, from your custom knowledge base (KB) of information.-+ -+ Last updated 11/19/2021 keywords: "qna maker, low code chat bots, multi-turn conversations" |
ai-services | Add Question Metadata Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/Quickstarts/add-question-metadata-portal.md | Title: "Add questions and answer in QnA Maker portal" description: This article shows how to add question and answer pairs with metadata so your users can find the right answer to their question.-+ -+ Last updated 05/26/2020 |
ai-services | Create Publish Knowledge Base | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/Quickstarts/create-publish-knowledge-base.md | Title: "Quickstart: Create, train, and publish knowledge base - QnA Maker" description: You can create a QnA Maker knowledge base (KB) from your own content, such as FAQs or product manuals. This article includes an example of creating a QnA Maker knowledge base from a simple FAQ webpage, to answer questions QnA Maker.-+ -+ Last updated 11/02/2021 |
ai-services | Get Answer From Knowledge Base Using Url Tool | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/Quickstarts/get-answer-from-knowledge-base-using-url-tool.md | |
ai-services | Quickstart Sdk | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/Quickstarts/quickstart-sdk.md | Title: "Quickstart: Use SDK to create and manage knowledge base - QnA Maker" description: This quickstart shows you how to create and manage your knowledge base using the client SDK.--++ |
ai-services | Create Faq Bot With Azure Bot Service | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/Tutorials/create-faq-bot-with-azure-bot-service.md | Title: "Tutorial: Create an FAQ bot with Azure AI Bot Service" description: In this tutorial, create a no code FAQ Bot with QnA Maker and Azure AI Bot Service.-+ -+ Last updated 08/31/2020 |
ai-services | Export Knowledge Base | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/Tutorials/export-knowledge-base.md | Title: Export knowledge bases - QnA Maker description: Exporting a knowledge base requires exporting from one knowledge base, then importing into another.-+ -+ Last updated 11/09/2020 |
ai-services | Integrate With Power Virtual Assistant Fallback Topic | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/Tutorials/integrate-with-power-virtual-assistant-fallback-topic.md | Title: "Tutorial: Integrate with Power Virtual Agents - QnA Maker" description: In this tutorial, improve the quality of your knowledge base with active learning. Review, accept or reject, or add without removing or changing existing questions.-+ -+ Last updated 11/09/2020 |
ai-services | Choose Natural Language Processing Service | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/choose-natural-language-processing-service.md | Title: Use NLP with LUIS for chat bots description: Learn when to use Language Understanding and when to use QnA Maker and understand how they compliment each other.-+ -+ Last updated 04/16/2020 |
ai-services | Encrypt Data At Rest | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/encrypt-data-at-rest.md | |
ai-services | Limits | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/limits.md | Title: Limits and boundaries - QnA Maker description: QnA Maker has meta-limits for parts of the knowledge base and service. It is important to keep your knowledge base within those limits in order to test and publish.-+ -+ Last updated 11/02/2021 |
ai-services | Reference App Service | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/reference-app-service.md | Title: Service configuration - QnA Maker description: Understand how and where to configure resources.-+ -+ Last updated 11/02/2021 |
ai-services | Reference Document Format Guidelines | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/reference-document-format-guidelines.md | Title: Import document format guidelines - QnA Maker description: Use these guidelines for importing documents to get the best results for your content.-+ -+ Last updated 04/06/2020 |
ai-services | Reference Markdown Format | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/reference-markdown-format.md | Title: Markdown format - QnA Maker description: Following is the list of markdown formats that you can use in QnA Maker's answer text.-+ -+ Last updated 03/19/2020 |
ai-services | Reference Private Endpoint | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/reference-private-endpoint.md | Title: How to set up a Private Endpoint - QnA Maker description: Understand Private Endpoint creation available in QnA Maker managed.-+ -+ Last updated 01/12/2021 |
ai-services | Reference Tsv Format Batch Testing | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/reference-tsv-format-batch-testing.md | |
ai-services | Troubleshooting | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/troubleshooting.md | Title: Troubleshooting - QnA Maker description: The curated list of the most frequently asked questions regarding the QnA Maker service will help you adopt the service faster and with better results.-+ -+ Last updated 11/02/2021 |
ai-services | Whats New | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/qnamaker/whats-new.md | |
automation | Enable Managed Identity | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/quickstarts/enable-managed-identity.md | Title: Quickstart - Enable managed identities for your Automation account using the Azure portal description: This quickstart helps you enable managed identities for your Automation account using the Azure portal Previously updated : 09/07/2021 Last updated : 09/30/2023 |
automation | Enable From Vm | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/update-management/enable-from-vm.md | Title: Enable Azure Automation Update Management for an Azure VM description: This article tells how to enable Update Management for an Azure VM. Previously updated : 11/04/2020 Last updated : 09/30/2023 |
azure-monitor | Opentelemetry Add Modify | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/opentelemetry-add-modify.md | span_id = trace.get_current_span().get_span_context().span_id - To further configure the OpenTelemetry distro, see [Azure Monitor OpenTelemetry configuration](opentelemetry-configuration.md) - To review the source code, see the [Azure Monitor AspNetCore GitHub repository](https://github.com/Azure/azure-sdk-for-net/tree/main/sdk/monitor/Azure.Monitor.OpenTelemetry.AspNetCore).-- To install the Nuget package, check for updates, or view release notes, see the [Azure Monitor AspNetCore Nuget Package](https://www.nuget.org/packages/Azure.Monitor.OpenTelemetry.AspNetCore) page.+- To install the NuGet package, check for updates, or view release notes, see the [Azure Monitor AspNetCore NuGet Package](https://www.nuget.org/packages/Azure.Monitor.OpenTelemetry.AspNetCore) page. - To become more familiar with Azure Monitor and OpenTelemetry, see the [Azure Monitor Example Application](https://github.com/Azure/azure-sdk-for-net/tree/main/sdk/monitor/Azure.Monitor.OpenTelemetry.AspNetCore/tests/Azure.Monitor.OpenTelemetry.AspNetCore.Demo). - To learn more about OpenTelemetry and its community, see the [OpenTelemetry .NET GitHub repository](https://github.com/open-telemetry/opentelemetry-dotnet). - To enable usage experiences, [enable web or browser user monitoring](javascript.md). span_id = trace.get_current_span().get_span_context().span_id - To further configure the OpenTelemetry distro, see [Azure Monitor OpenTelemetry configuration](opentelemetry-configuration.md) - To review the source code, see the [Azure Monitor Exporter GitHub repository](https://github.com/Azure/azure-sdk-for-net/tree/main/sdk/monitor/Azure.Monitor.OpenTelemetry.Exporter).-- To install the Nuget package, check for updates, or view release notes, see the [Azure Monitor Exporter Nuget Package](https://www.nuget.org/packages/Azure.Monitor.OpenTelemetry.Exporter) page.+- To install the NuGet package, check for updates, or view release notes, see the [Azure Monitor Exporter NuGet Package](https://www.nuget.org/packages/Azure.Monitor.OpenTelemetry.Exporter) page. - To become more familiar with Azure Monitor and OpenTelemetry, see the [Azure Monitor Example Application](https://github.com/Azure/azure-sdk-for-net/tree/main/sdk/monitor/Azure.Monitor.OpenTelemetry.Exporter/tests/Azure.Monitor.OpenTelemetry.Exporter.Demo). - To learn more about OpenTelemetry and its community, see the [OpenTelemetry .NET GitHub repository](https://github.com/open-telemetry/opentelemetry-dotnet). - To enable usage experiences, [enable web or browser user monitoring](javascript.md). |
azure-monitor | Opentelemetry Enable | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/opentelemetry-enable.md | OpenTelemetry offerings are available for .NET, Node.js, Python and Java applica |Language |Release Status | |-|-|-|ASP.NET Core | :warning: <sup>[2](#PREVIEW)</sup> | |.NET (Exporter) | :white_check_mark: <sup>[1](#GA)</sup> | |Java | :white_check_mark: <sup>[1](#GA)</sup> | |Node.js | :white_check_mark: <sup>[1](#GA)</sup> | |Python | :white_check_mark: <sup>[1](#GA)</sup> |+|ASP.NET Core | :warning: <sup>[2](#PREVIEW)</sup> | **Footnotes** - <a name="GA"> :white_check_mark: 1</a>: OpenTelemetry is available to all customers with formal support. |
cosmos-db | Hierarchical Partition Keys | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/cosmos-db/hierarchical-partition-keys.md | Container container = await database.CreateContainerIfNotExistsAsync(containerPr ``` #### [Java SDK v4](#tab/java-v4)--#### [JavaScript SDK v4](#tab/javascript-v4) --```javascript +```java // List of partition keys, in hierarchical order. You can have up to three levels of keys. List<String> subpartitionKeyPaths = new ArrayList<String>(); subpartitionKeyPaths.add("/TenantId"); ThroughputProperties throughputProperties = ThroughputProperties.createManualThr // Create a container that's subpartitioned by TenantId > UserId > SessionId Mono<CosmosContainerResponse> container = database.createContainerIfNotExists(containerProperties, throughputProperties);++``` +#### [JavaScript SDK v4](#tab/javascript-v4) ++```javascript +const containerDefinition = { + id: "Test Database", + partitionKey: { + paths: ["/name", "/address/zip"], + version: PartitionKeyDefinitionVersion.V2, + kind: PartitionKeyKind.MultiHash, + }, +} +const { container } = await database.containers.createIfNotExists(containerDefinition); +console.log(container.id); + ``` |
deployment-environments | Concept Environments Key Concepts | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/deployment-environments/concept-environments-key-concepts.md | Last updated 04/25/2023 # Key concepts for Azure Deployment Environments -Learn about the key concepts and components of Azure Deployment Environments. This knowledge can help you more effectively deploy environments for your scenarios. +In this article, you'll learn about the key concepts and components of Azure Deployment Environments. This knowledge helps you more effectively deploy environments for your scenarios. ++As you learn about Deployment Environments, you'll also encounter components of [Microsoft Dev Box](../dev-box/overview-what-is-microsoft-dev-box.md), a complementary service that shares certain architectural components. Dev Box provides developers with a cloud-based development workstation, called a dev box, which is configured with the tools they need for their work. This diagram shows the key components of Deployment Environments and how they relate to each other. You can learn more about each component in the following sections. This diagram shows the key components of Deployment Environments and how they re ## Dev centers -A dev center is a collection of projects that require similar settings. Dev centers enable platform engineers to: +A dev center is a collection of [Projects](#projects) that require similar settings. Dev centers enable platform engineers to: - Use catalogs to manage infrastructure as code (IaC) templates that are available to the projects. - Use environment types to configure the types of environments that development teams can create.+ +[Microsoft Dev Box](../dev-box/concept-dev-box-concepts.md#dev-center) also uses dev centers to organize resources. An organization can use the same dev center for both services. ## Projects -A project is the point of access for the development team. When you associate a project with a dev center, all the settings for the dev center are automatically applied to the project. +In Deployment Environments, a project represents a team or business function within the organization. When you associate a project with a dev center, all the settings for the dev center are automatically applied to the project. Each project can be associated with only one dev center. Platform engineers can configure environments for a project by specifying which environment types are appropriate for the development team. +To enable developers to create their own deployment environments, you must [provide access for developers to projects](how-to-configure-deployment-environments-user.md) by assigning the Deployment Environments User role. ++You can configure projects for Deployment Environments and projects for [Microsoft Dev Box](../dev-box/concept-dev-box-concepts.md#project) resources in the same dev center. + ## Environments An environment is a collection of Azure resources on which your application is deployed. For example, to deploy a web application, you might create an environment that consists of [Azure App Service](../app-service/overview.md), [Azure Key Vault](../key-vault/general/basic-concepts.md), [Azure Cosmos DB](../cosmos-db/introduction.md), and a [storage account](../storage/common/storage-account-overview.md). An environment could consist of both Azure platform as a service (PaaS) and infrastructure as a service (IaaS) resources such as an Azure Kubernetes Service (AKS) cluster, virtual machines, and databases. |
deployment-environments | Overview What Is Azure Deployment Environments | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/deployment-environments/overview-what-is-azure-deployment-environments.md | Enable your development teams to quickly and easily create app infrastructure (P - **Integration with your existing toolchain**: Use APIs to provision environments directly from your preferred CI tool, integrated development environment (IDE), or automated release pipeline. You can also use the comprehensive command-line tool. +## Components shared with Microsoft Dev Box ++[Microsoft Dev Box](../dev-box/overview-what-is-microsoft-dev-box.md) and Azure Deployment Environments are complementary services that share certain architectural components. Dev Box provides developers with a cloud-based development workstation, called a dev box, which is configured with the tools they need for their work. Dev centers and projects are common to both services, and they help organize resources in an enterprise. ++When configuring Deployment Environments, you may see Dev Box resources and components. You may even see informational messages regarding Dev Box features. If you're not configuring any Dev Box features, you can safely ignore these messages. + ## Next steps Start using Azure Deployment Environments: |
dev-box | Concept Common Components | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/dev-box/concept-common-components.md | - Title: Components common to Microsoft Dev Box and Azure Deployment Environments -description: Discover the components shared by Microsoft Dev Box and Azure Deployment Environments. ----- Previously updated : 09/07/2023--# Components common to Microsoft Dev Box and Azure Deployment Environments --Microsoft Dev Box and Azure Deployment Environments are complementary services that share certain architectural components. Dev centers and projects are common to both services, and they help organize resources in an enterprise. You can configure dev centers and projects in the Azure portal. --## Common components --The diagram shows the components of Dev Box and Deployment Environments. Dev centers and projects are common to both services. Both use managed identities to support authentication, and both services provide access for developers through the developer portal. ---The following table lists Dev Box and Deployment Environments components: --| Component | Dev Box | Deployment Environments | -||--|-| -| Dev centers | Yes | Yes | -| Projects | Yes | Yes | -| Dev box pools | Yes | No | -| Dev box definitions | Yes | No | -| Dev boxes | Yes | No | -| Compute galleries | Yes | No | -| Managed identities | Yes | Yes | -| Environment types | No | Yes | -| Environments | No | Yes | -| Catalogs | No | Yes | -| Developer portal | Yes | Yes | --## How components appear in the Azure portal --As you work with Dev Box or Deployment Environments in the Azure portal, you can access components from both services. --In the dev center overview, you can access options to: --(1) Configure your dev boxes. --(2) Configure your environments. ---In the projects overview, you can access options to: --(1) Configure environment types for a specific project. --(2) Manage dev box pools and environments. ---You might also see informational messages that refer to a service you aren't using, like this one from the projects overview: ---If you're not configuring for the service named in the informational message, you can safely ignore it. --## Developer portal --You can access your dev boxes and deployment environments through the [developer portal](https://devportal.microsoft.com/). You see existing dev boxes and environments displayed as shown in this screenshot: ---You can create new dev boxes and environments through the developer portal menu at the top right. ---And you can manage your existing dev boxes and environments, too. Select the **more actions** menu on the relevant card. Here's an example of managing an environment: ---## Next steps --- To learn how to configure Microsoft Dev Box, see [Quickstart: Configure the Microsoft Dev Box service](../../articles/dev-box/quickstart-configure-dev-box-service.md).--- To learn how to configure Azure Deployment Environments, see [Quickstart: Create and configure a dev center](../../articles/deployment-environments/quickstart-create-and-configure-devcenter.md). |
dev-box | Concept Dev Box Concepts | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/dev-box/concept-dev-box-concepts.md | -## Dev box --A dev box is a preconfigured, ready-to-code workstation that you create through the self-service developer portal. A new dev box has all the tools, binaries, and configuration required for a dev box user to be productive immediately. You can create and manage multiple dev boxes to work on multiple workstreams. --As a dev box user, you have control over your own dev boxes. You can create more as you need them and delete them when you finish using them. +As you learn about Microsoft Dev Box, you'll also encounter components of [Azure Deployment Environments](../deployment-environments/overview-what-is-azure-deployment-environments.md), a complementary service that shares certain architectural components. Deployment Environments provides developers with preconfigured cloud-based environments for developing applications. ## Dev center -A dev center is a collection of projects that require similar settings. Dev centers enable platform engineers to: +A dev center is a collection of [Projects](#project) that require similar settings. Dev centers enable platform engineers to: -- Manage the images and SKUs available to the projects by using dev box definitions.+- Manage the images and SKUs available to the projects by using [dev box definitions](#dev-box-definition). - Configure the networks that the development teams consume by using network connections. +[Azure Deployment Environments](../deployment-environments/concept-environments-key-concepts.md#dev-centers) also uses dev centers to organize resources. An organization can use the same dev center for both services. + ## Project -A project is the point of access for development team members. When you associate a project with a dev center, all the settings at the dev center level are applied to the project automatically. +In Dev Box, a project represents a team or business function within the organization. Each project is a collection of [pools](#dev-box-pool), and each pool represents a region or workload. When you associate a project with a dev center, all the settings at the dev center level are applied to the project automatically. Each project can be associated with only one dev center. Dev managers can configure the dev boxes available for a project by specifying the dev box definitions that are appropriate for their workloads. +To enable developers to create their own dev boxes, you must [provide access to projects for developers](how-to-dev-box-user.md) by assigning the Dev Box User role. ++You can configure projects for [Deployment Environments](../deployment-environments/concept-environments-key-concepts.md#projects) and projects for Dev Box resources in the same dev center. + ## Dev box definition A dev box definition specifies a source image and size, including compute size and storage size. You can use a source image from Azure Marketplace or a custom image from your own [Azure Compute Gallery](./how-to-configure-azure-compute-gallery.md) instance. You can use dev box definitions across multiple projects in a dev center. The virtual network specified in a network connection also determines the region A dev box pool is a collection of dev boxes that you manage together and to which you apply similar settings. You can create multiple dev box pools to support the needs of hybrid teams that work in different regions or on different workloads. -## Resources shared with Azure Deployment Environments +## Dev box -Microsoft Dev Box and Azure Deployment Environments are complementary services that share certain architectural components. Dev centers and projects are common to both services, and they help organize resources in an enterprise. You can configure projects for Deployment Environments and projects for Dev Box resources in the same dev center. +A dev box is a preconfigured workstation that you create through the self-service developer portal. A new dev box has all the tools, binaries, and configuration required for a dev box user to be productive immediately. You can create and manage multiple dev boxes to work on multiple workstreams. -To learn more about the components common to Deployment Environments and Dev Box, see [Components common to Microsoft Dev Box and Azure Deployment Environments](concept-common-components.md). +As a dev box user, you have control over your own dev boxes. You can create more as you need them and delete them when you finish using them. ## Related content |
dev-box | Overview What Is Microsoft Dev Box | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/dev-box/overview-what-is-microsoft-dev-box.md | Dev Box has the following benefits for IT admins: - Manage dev boxes like any other device on your network: - Dev boxes automatically enroll in Intune. Use the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) to manage dev boxes. - Keep all Windows devices up to date by using expedited quality updates in Intune to deploy zero-day patches across your organization.- - If a dev box is compromised, isolate it while helping users get back up and running on a new dev box. + - If a dev box is compromised, isolate it while helping users get backup and running on a new dev box. - Dev Box provides secure access in a secure environment. Access controls in Azure Active Directory (Azure AD) organize access by project or user type: - Join dev boxes natively to an Azure AD or Active Directory domain. - Set conditional access policies that require users to connect via a compliant device. When the configuration of the service is complete, developers can create and man [!INCLUDE [supported accounts note](./includes/note-supported-accounts.md)] +## Components shared with Azure Deployment Environments ++Microsoft Dev Box and [Azure Deployment Environments](../deployment-environments/overview-what-is-azure-deployment-environments.md) are complementary services that share certain architectural components. Deployment Environments provides developers with preconfigured cloud-based environments for developing applications. Dev centers and projects are common to both services, and they help organize resources in an enterprise. ++When configuring Dev Box, you may see Deployment Environments resources and components. You may even see informational messages regarding Deployment Environments features. If you're not configuring any Deployment Environments features, you can safely ignore these messages. ++For example, as you create a project, you might see this informational message about catalogs: ++ ## Next steps -Start using Microsoft Dev Box : +Start using Microsoft Dev Box: - [Quickstart: Configure Microsoft Dev Box ](./quickstart-configure-dev-box-service.md) - [Quickstart: Create a dev box](./quickstart-create-dev-box.md) |
event-grid | Create View Manage System Topics | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/event-grid/create-view-manage-system-topics.md | You can create a system topic for an Azure resource (Storage account, Event Hubs ## View all system topics Follow these steps to view all existing Event Grid system topics. -1. Sign in to [Azure portal](https://portal.azure.com). -2. In the search box at the top, type **Event Grid System Topics**, and then press **ENTER**. -- ![Search for system topics](./media/create-view-manage-system-topics/search-system-topics.png) -3. On the **Event Grid System Topics** page, you see all the system topics. -- ![List of system topics](./media/create-view-manage-system-topics/list-system-topics.png) -4. Select a **system topic** from the list to see details about it. -- ![System topic details](./media/create-view-manage-system-topics/system-topic-details.png) -- This page shows you details about the system topic such as the following information: - - Source. Name of the resource on which the system topic was created. - - Source type. Type of the resource. For example: `Microsoft.Storage.StorageAccounts`, `Microsoft.EventHub.Namespaces`, `Microsoft.Resources.ResourceGroups` and so on. - - Any subscriptions created for the system topic. -- This page allows operations such as the following ones: - - Create an event subscription Select **+Event Subscription** on the toolbar. - - Delete an event subscription. Select **Delete** on the toolbar. - - Add tags for the system topic. Select **Tags** on the left menu, and specify tag names and values. ## Delete a system topic |
event-grid | Event Schema Health Resources | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/event-grid/event-schema-health-resources.md | + + Title: Azure Resource Notifications - health resources events in Azure Event Grid +description: This article provides information on Azure Event Grid events supported by Azure Resource Notifications health resources. It provides the schema and links to how-to articles. + Last updated : 09/26/2023+++# Azure Resource Notifications - Health Resources events in Azure Event Grid +HealthResources system topic provides accurate, reliable, and comprehensive health information, enabling deeper understanding of the diverse service issues impacting your Azure resources namely, single instance virtual machines (VMs), Virtual Machine Scale Set VMS, and Virtual Machine Scale Sets. Health Resources offers two event types for consumption: `AvailabilityStatusChanged` and `ResourceAnnotated`. ++This article provides the properties and the schema for Azure Resource Notifications Health Resources events. For an introduction to event schemas in general, see [Azure Event Grid event schema](event-schema.md). In addition, you can find samples of generated events and a link to a related article on how to create system topic for this topic type. ++## Event types +Health Resources offers two event types for consumption: ++| Event type | Description | +| - | -- | +| `Microsoft.ResourceNotifications.HealthResources.AvailabilityStatusChanged` | Raised when the availability status of a single instance VM, a virtual machine scale set, or a VM in a virtual machine scale set changes. <p>This information provides insight into all the times your single instance VMs, VMs in virtual machine scale sets, or virtual machine scale sets themselves have been unavailable because of Azure service issues. For more information on the various health statuses, see [Azure Resource Health overview - Azure Service Health](../service-health/resource-health-overview.md#health-status). </p>| +| `Microsoft.ResourceNotifications.HealthResources.ResourceAnnotated` | Raised when the health of a VM, a virtual machine scale set, or a VM in a virtual machine scale set, is impacted by availability impacting disruptions. The platform emits context as to why the disruption has occurred to assist you in responding appropriately. <p>This information helps you to infer the availability state of your resources by providing crucial information on the reasons and causes for changes in availability. Using this data, you can take faster and more targeted mitigation measures. For more information on the various annotations emitted, see [Resource Health virtual machine Health Annotations](../service-health/resource-health-vm-annotation.md). </p>| ++## Role-based access control +Currently, these events are exclusively emitted at the Azure subscription scope. It implies that the entity creating the event subscription for this topic type receives notifications throughout this Azure subscription. For security reasons, it's imperative to restrict the ability to create event subscriptions on this topic to principals with read access over the entire Azure subscription. To access data via this system topic, in addition to the generic permissions required by Event Grid, the following Azure Resource Notifications specific permission is necessary: `Microsoft.ResourceNotifications/systemTopics/subscribeToHealthResources/action`. ++## Event schemas ++# [Event Grid event schema](#tab/event-grid-event-schema) ++Here's the schema: ++```json +{ + "id": string, + "topic": string, + "subject": string, + "data": { + "resourceInfo": { + "id": string, + "name": string, + "type": string, + "properties": { + <<Different for AvailabilityStatusChanged event and ResourceAnnotated event>> + } + }, + "operationalInfo":{ + "resourceEventTime": date-time + }, + "apiVersion": string + }, + "eventType": "Microsoft.ResourceNotifications.HealthResources.AvailabilityStatusChanged | Microsoft.ResourceNotifications.HealthResources.ResourceAnnotated", + "dataVersion": string, + "metadataVersion": string, + "eventTime": string +} +``` ++An event has the following top-level data: ++| Property | Type | Description | +| -- | - | -- | +| `id` | String | Unique identifier of the event | +| `topic` | String | The Azure subscription for which this system topic is being created | +| `subject` | String | Publisher defined path to the base resource on which this event is emitted. | +| `data` | Object | Contains event data specific to the resource provider. For more information, see the next table. | +| `eventType` | String | Registered event type of this system topic type | +| `dataVersion` | String | The schema version of the data object | +| `metadataVersion` | String | The schema version of the event metadata | +| `eventTime` | String <br/> Format: `2022-11-07T18:43:09.2894075Z` | The time the event is generated based on the provider's UTC time | ++++# [Cloud event schema](#tab/cloud-event-schema) ++Here's the schema: ++```json +{ + "id": string, + "source": string, + "subject": string, + "type": "Microsoft.ResourceNotifications.HealthResources.AvailabilityStatusChanged | Microsoft.ResourceNotifications.HealthResources.ResourceAnnotated", + "time ": string, + "data": { + "resourceInfo": { + "id": string, + "name": string, + "type": string, + "properties": { + <<Different for AvailabilityStatusChanged event and ResourceAnnotated event>> + } + }, + "operationalInfo":{ + "resourceEventTime": date-time + }, + "apiVersion": string + }, + "specversion": string +} +``` ++An event has the following top-level data: ++| Property | Type | Description | +| -- | - | -- | +| `id` | String | Unique identifier of the event | +| `source` | String | The Azure subscription for which this system topic is being created. | +| `subject` | String | Publisher defined path to the base resource on which this event is emitted. | +| `type` | String | Registered event type of this system topic type | +| `time` | String <br/> Format: `2022-11-07T18:43:09.2894075Z` | The time the event is generated based on the provider's UTC time | +| `data` | Object | Contains event data specific to the resource provider. For more information, see the next table. | +| `specversion` | String | CloudEvents schema specification version. | ++++The `data` object has the following properties: ++| Property | Type | Description | +| -- | - | -- | +| `resourceInfo` | Object | Data specific to the resource. For more information, see the next table. | +| `apiVersion` | String | Api version of the resource properties. | +| `operationalInfo` | Object | Details of operational information pertaining to the resource. | ++The `resourceInfo` object has the following properties: ++| Property | Type | Description | +| -- | - | -- | +| `id` | String | Publisher defined path to the event subject | +| `name` | String | This field indicates the Event-id. It always takes the value of the last section of the `id` field. | +| `type` | String | The type of event that is being emitted. In this context, it's either `Microsoft.ResourceHealth/AvailabilityStatuses` or `Microsoft.ResourceHealth/ResourceAnnotated`. | +| `properties` | Object | Payload of the resource. For more information, see the next table. | +++The `operationalInfo` object has the following properties: ++| Property | Type | Description | +| -- | - | -- | +| `resourceEventTime` | DateTime | Date and time when the resource was updated. | +++The `properties` within the `data` object is different for `AvailabilityStatusChanged` and `ResourceAnnotated` events. ++### Properties for the AvailabilityStatusChanged event ++```json + "properties": { + "targetResourceId": string, + "targetResourceType": string, + "occurredTime": string, + "previousAvailabilityState": string, + "availabilityState": string + } +``` ++For the `AvailabilityStatusChanged` event, the `properties` object has the following properties: ++| Property | Type | Description | +| -- | - | -- | +| `targetResourceId` | String | The base resource for which the availability information is being emitted. | +| `targetResourceType` | String | The type of the base resource. | +| `occurredTime` | String | The time when this actual event was emitted. | +| `previousAvailabilityState` | String | Previous availability status. | +| `availabilityState` | String | Current availability status. For the list of values, see [Availability Statuses - Get By Resource - REST API (Azure Resource Health)](/rest/api/resourcehealth/2022-10-01/availability-statuses/get-by-resource). | +++### Properties for the ResourceAnnotated event ++```json + "properties": { + "targetResourceId": string, + "targetResourceType": string, + "occurredTime": string, + "annotationName": string, + "reason": string, + "summary": string, + "context": string, + "category": string, + } +``` ++For the `ResourceAnnotated` event, the `properties` object has the following properties: ++| Property | Type | Description | +| -- | - | -- | +| `targetResourceId` | String | The base resource for which the annotation information is being emitted. | +| `targetResourceType` | String | The type of the base resource. | +| `occurredTime` | String | Timestamp when the annotation was emitted by the Azure platform in response to availability-influencing event. | +| `annotationName` | String | The name of the annotation. For the list of annotations and the corresponding descriptions, see [Resource Health virtual machine Health Annotations - Azure Service Health](../service-health/resource-health-vm-annotation.md). | +| `reason` | String | Brief statement on why resource availability has changed or was influenced. | +| `summary` | String | Detailed statement on the activity and cause for resource availability to change or be influenced. | +| `context` | String | Determines whether resource availability was influenced due to Azure or user caused activity. | +| `category` | String | Determines whether resource availability was influenced due to planned or unplanned activity. This property is only applicable to `Platform-Initiated` events. | +++## Example events ++### AvailabilityStatusChanged event ++# [Event Grid event schema](#tab/event-grid-event-schema) ++```json +{ + "id": "1fb6fa94-d965-4306-abeq-4810f0774e97", + "topic": "/subscriptions/{subscription-id}", + "subject": "/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Compute/virtualMachines/{vm-name}", + "data": { + "resourceInfo": { + "id": "/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Compute/virtualMachines/{vm-name}/providers/Microsoft.ResourceHealth/availabilityStatuses/{event-id}", + "name": "{event-id}", + "type": "Microsoft.ResourceHealth/availabilityStatuses", + "properties": { + "targetResourceId": "/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Compute/virtualMachines/{vm-name}", + "targetResourceType": "Microsoft.Compute/virtualMachines", + "occurredTime": "2023-07-24T19:20:37.9245071Z", + "previousAvailabilityState": "Unavailable", + "availabilityState": "Available" + } + }, + "operationalInfo": { + "resourceEventTime": "2023-07-24T19:20:37.9245071Z" + }, + "apiVersion": "2023-12-01" + }, + "eventType": "Microsoft.ResourceNotifications.HealthResources.AvailabilityStatusChanged", + "dataVersion": "1", + "metadataVersion": "1", + "eventTime": "2023-07-24T19:20:37.9245071Z" +} +``` ++# [Cloud event schema](#tab/cloud-event-schema) ++The following example shows the schema of a key-value modified event: ++```json +{ + "id": "1fb6fa94-d965-4306-abeq-4810f0774e97", + "source": "/subscriptions/{subscription-id}", + "subject": "/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Compute/virtualMachines/{vm-name}", + "data": { + "resourceInfo": { + "id": "/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Compute/virtualMachines/{vm-name}/providers/Microsoft.ResourceHealth/availabilityStatuses/{event-id}", + "name": "{event-id}", + "type": "Microsoft.ResourceHealth/availabilityStatuses", + "properties": { + "targetResourceId": "/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Compute/virtualMachines/{vm-name}", + "targetResourceType": "Microsoft.Compute/virtualMachines", + "occurredTime": "2023-07-24T19:20:37.9245071Z", + "previousAvailabilityState": "Unavailable", + "availabilityState": "Available" + } + }, + "operationalInfo": { + "resourceEventTime": "2023-07-24T19:20:37.9245071Z" + }, + "apiVersion": "2023-12-01" + }, + "type": "Microsoft.ResourceNotifications.HealthResources.AvailabilityStatusChanged", + "specversion": "1.0", + "time": "2023-07-24T19:20:37.9245071Z" +} +``` ++++### ResourceAnnotated event ++# [Event Grid event schema](#tab/event-grid-event-schema) ++```json +{ + "id": "8945cf9b-e220-496e-ab4f-f3a239318995", + "topic": "/subscriptions/{subscription-id}", + "subject": "/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Compute/virtualMachines/{vm-name}", + "data": { + "resourceInfo": { + "id": "/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Compute/virtualMachines/{vm-name}/providers/Microsoft.ResourceHealth/resourceAnnotations/{event-id}", + "name": "{event-id}", + "type": "Microsoft.ResourceHealth/resourceAnnotations", + "properties": { + "targetResourceId": "/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Compute/virtualMachines/{vm-name}", + "targetResourceType": "Microsoft.Compute/virtualMachines", + "occurredTime": "2023-07-24T19:20:37.9245071Z", + "annotationName": "VirtualMachineDeallocationInitiated", + "reason": "Stopping and deallocating", + "summary": "This virtual machine is stopped and deallocated as requested by an authorized user or process.", + "context": "Customer Initiated", + "category": "Not Applicable" + } + }, + "operationalInfo": { + "resourceEventTime": "2023-07-24T19:20:37.9245071Z" + }, + "apiVersion": "2022-08-01" + }, + "eventType": "Microsoft.ResourceNotifications.HealthResources.ResourceAnnotated", + "dataVersion": "1", + "metadataVersion": "1", + "eventTime": "2023-07-24T19:20:37.9245071Z" +} +``` ++# [Cloud event schema](#tab/cloud-event-schema) ++The following example shows the schema of a key-value modified event: ++```json +{ + "id": "8945cf9b-e220-496e-ab4f-f3a239318995", + "source": "/subscriptions/{subscription-id}", + "subject": "/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Compute/virtualMachines/{vm-name}", + "data": { + "resourceInfo": { + "id": "/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Compute/virtualMachines/{vm-name}/providers/Microsoft.ResourceHealth/resourceAnnotations/{event-id}", + "name": "{event-id}", + "type": "Microsoft.ResourceHealth/resourceAnnotations", + "properties": { + "targetResourceId": "/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Compute/virtualMachines/{vm-name}", + "targetResourceType": "Microsoft.Compute/virtualMachines", + "occurredTime": "2023-07-24T19:20:37.9245071Z", + "annotationName": "VirtualMachineDeallocationInitiated", + "reason": "Stopping and deallocating", + "summary": "This virtual machine is stopped and deallocated as requested by an authorized user or process.", + "context": "Customer Initiated", + "category": "Not Applicable" + } + }, + "operationalInfo": { + "resourceEventTime": "2023-07-24T19:20:37.9245071Z" + }, + "apiVersion": "2022-08-01" + }, + "type": "Microsoft.ResourceNotifications.HealthResources.ResourceAnnotated", + "specversion": "1.0", + "time": "2023-07-24T19:20:37.9245071Z" +} +``` ++++## Next steps +See [Subscribe to Azure Resource Notifications - Health Resources events](subscribe-to-resource-notifications-health-resources-events.md). |
event-grid | Event Schema Resource Notifications | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/event-grid/event-schema-resource-notifications.md | + + Title: Azure Resource Notifications - Overview +description: This article provides information on Azure Event Grid events supported by Azure Resource Notifications. + Last updated : 09/26/2023+++# Azure Resource Notifications overview +Azure Resource Notifications (ARN) represent the cutting-edge unified pub/sub service catering to all Azure resources. ARN taps into a diverse range of publishers, and this wealth of data is now accessible through ARN's dedicated system topics in Azure Event Grid. ++Here are the key advantages: ++- **Comprehensive payloads:** Notifications delivered through ARN encompass the entire resource payload. This direct access leads to a reduction in read throttling, thereby enhancing your overall experience. +- **Enhanced filtering capabilities:** The availability of payloads opens up a plethora of filtering options. Use the properties within the payload to fine-tune the notifications stream, tailoring it to your specific scenarios. +- **Expanded dataset access**: ARN taps into multiple publishers, allowing it to offer datasets that may not be accessible through standard system topics. +- **Robust Role-Based Access Control (RBAC):** ARN is fortified with a robust RBAC capability. This feature empowers you to configure users or service principals to subscribe exclusively to the data they have authorization for, within the scope of their access. ++## RBAC for ARN system topics +All the events under ARN system topics are exclusively emitted at the Azure subscription scope. It implies that the entity creating the event subscription for a given topic type receives notifications for the corresponding events across the entire Azure subscription. For security reasons, it's' imperative to restrict the ability to create event subscriptions on this topic to principals with read access over the entire Azure subscription. ++As of today, you need the following generic permissions provided by Event Grid to create system topics and event subscriptions. ++- `microsoft.eventgrid/eventsubscription/write` +- `microsoft.eventgrid/systemtopic/eventsubscriptions/write` ++In addition to these permissions, you need to grant the following permissions to users or security principals for accessing ARN system topics. For each topic type, distinct permissions are exposed, ensuring precise and tailored access: ++| Topic Type | Permission | +| - | - | +| HealthResources | `Microsoft.ResourceNotifications/systemTopics/subscribeToHealthResources/action` | ++To enhance customer experience, a built-in role definition that encompasses all the requisite permissions for receiving data through any ARN system topic is available. This role includes permissions mandated by Event Grid for system topic and event subscription creation. This built-in role definition is regularly updated to incorporate more topic types as they become accessible through our service. **As a result, users assigned this built-in role automatically gains access to all future ARN topic types**. You can choose to either utilize the provided built-in role definition or craft your own custom role definitions to enforce access control. ++### Built-in role definition: ++```json +{ + "assignableScopes": [ + "/" + ], + "description": "Lets you create system topics and event subscriptions on all system topics exposed currently and in the future by Azure Resource Notifications.", + "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/[guid]", + "name": "[guid]", + "permissions": [{ + "actions": [ + "Microsoft.EventGrid/eventSubscription/write", + "Microsoft.EventGrid/systemTopics/eventSubscriptions/write", + "Microsoft.ResourceNotifications/systemTopics/subscribeToResources/action", + "Microsoft.ResourceNotifications/systemTopics/subscribeToHealthResources/action", + "Microsoft.ResourceNotifications/systemTopics/subscribeToMaintenanceResources/action" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + }], + "roleName": "Azure Resource Notifications System Topics Subscriber", + "roleType": "BuiltInRole", + "type": "Microsoft.Authorization/roleDefinitions" +} +``` +++## Next steps +See [Azure Resource Notifications - Health Resources events in Azure Event Grid](event-schema-health-resources.md). |
event-grid | Subscribe To Resource Notifications Health Resources Events | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/event-grid/subscribe-to-resource-notifications-health-resources-events.md | + + Title: Subscribe to Azure Resource Notifications - Health Resources events +description: This article explains how to subscribe to events published by Azure Resource Notifications - Health Resources. + Last updated : 09/08/2023+++# Subscribe to events raised by Azure Resource Notifications - Health Resources system topic +This article explains the steps needed to subscribe to events published by Azure Resource Notifications - Health Resources. For detailed information about these events, see [Azure Resource Notifications - Health Resources events](event-schema-health-resources.md). ++## Create Health Resources system topic ++# [Azure CLI](#tab/azure-cli) ++1. Set the account to the Azure subscription where you wish to create the system topic. ++ ```azurecli-interactive + az account set ΓÇôs AZURESUBSCRIPTIONID + ``` +2. Create a system topic of type `microsoft.resourcenotifications.healthresources` using the [`az eventgrid system-topic create`](/cli/azure/eventgrid/system-topic#az-eventgrid-system-topic-create) command. ++ ```azurecli-interactive + az eventgrid system-topic create --name SYSTEMTOPICNAME --resource-group RESOURCEGROUPNAME --source /subscriptions/AZURESUBSCRIPTIONID --topic-type microsoft.resourcenotifications.healthresources --location Global + ``` +# [Azure PowerShell](#tab/azure-powershell) ++1. Set the account to the Azure subscription where you wish to create the system topic. ++ ```azurepowershell-interactive + Set-AzContext -Subscription AZURESUBSCRIPTIONID + ``` +2. Create a system topic of type `microsoft.resourcenotifications.healthresources` using the [New-AzEventGridSystemTopic](/powershell/module/az.eventgrid/new-azeventgridsystemtopic) command. ++ ```azurepowershell-interactive + New-AzEventGridSystemTopic -name SYSTEMTOPICNAME -resourcegroup RESOURCEGROUPNAME -source /subscriptions/AZURESUBSCRIPTIONID -topictype microsoft.resourcenotifications.healthresources -location global + ``` ++# [Azure portal](#tab/azure-portal) ++1. Sign into the [Azure portal](https://portal.azure.com). +1. In the search bar, type **Event Grid System Topics**, and select it from the drop-down list. +1. On the **Event Grid system topics** page, select **+ Create** on the toolbar. +1. On the **Create Event Grid System Topic** page, select **Azure Resource Notifications - Health events** for **Topic type**. ++ :::image type="content" source="./media/subscribe-to-resource-notifications-health-resources-events/create-topic.png" alt-text="Screenshot that shows the Create topic page in the Azure portal." lightbox="./media/subscribe-to-resource-notifications-health-resources-events/create-topic.png" ::: +1. Select the **resource group** in which you want to create the system topic. +1. Enter a **name** for the system topic. +1. Select **Review + create** ++ :::image type="content" source="./media/subscribe-to-resource-notifications-health-resources-events/create-topic-full.png" alt-text="Screenshot that shows the full Create topic page with details in the Azure portal."::: +1. On the **Review + create** page, select **Create**. +1. On the successful deployment page, select **Go to resource** to navigate to the page for your system topic. You see the details about your system topic on this page. ++ :::image type="content" source="./media/subscribe-to-resource-notifications-health-resources-events/system-topic-home-page.png" alt-text="Screenshot that shows the System topic page in the Azure portal." lightbox="./media/subscribe-to-resource-notifications-health-resources-events/system-topic-home-page.png" ::: + +++## Subscribe to events ++# [Azure CLI](#tab/azure-cli) +Create an event subscription for the above topic using the [`az eventgrid system-topic event-subscription create`](/cli/azure/eventgrid/system-topic/event-subscription#az-eventgrid-system-topic-event-subscription-create) command. ++The following sample command creates an event subscription for the **AvailabilityStatusChanged** event. ++```azurecli-interactive +az eventgrid system-topic event-subscription create --name EVENTSUBSCRIPTIONNAME --resource-group RESOURCEGROUPNAME --system-topic-name SYSTEMTOPICNAME ΓÇôincluded-event-types Microsoft.ResourceNotifications.HealthResources.AvailabilityStatusChanged --endpoint /subscriptions/AZURESUBSCRIPTIONID/resourceGroups/RESOURCEGROUPNAME/providers/Microsoft.EventHub/namespaces/MYEVENTHUBSNAMESPACE/eventhubs/MYEVENTHUB --endpoint-type eventhub +``` ++The following sample command creates an event subscription for the **ResourceAnnotated** event. ++```azurecli-interactive +az eventgrid system-topic event-subscription create --name EVENTSUBSCRIPTIONNAME --resource-group RESOURCEGROUPNAME --system-topic-name SYSTEMTOPICNAME ΓÇôincluded-event-types Microsoft.ResourceNotifications.HealthResources.ResourceAnnotated --endpoint /subscriptions/AZURESUBSCRIPTIONID/resourceGroups/RESOURCEGROUPNAME/providers/Microsoft.EventHub/namespaces/MYEVENTHUBSNAMESPACE/eventhubs/MYEVENTHUB --endpoint-type eventhub +``` ++If you don't specify `included-event-types`, all the event types are included by default. ++To **filter events** from a specific resource, use the `--subject-begins-with` parameter. The example shows how to subscribe to `AvailabilityStatusChanged` events for resources in a specified resource group. ++```azurecli-interactive +az eventgrid system-topic event-subscription create --name EVENTSUBSCRIPTIONNAME --resource-group RESOURCEGROUPNAME --system-topic-name SYSTEMTOPICNAME ΓÇôincluded-event-types Microsoft.ResourceNotifications.HealthResources.AvailabilityStatusChanged --endpoint /subscriptions/AZURESUBSCRIPTIONID/resourceGroups/RESOURCEGROUPNAME/providers/Microsoft.EventHub/namespaces/MYEVENTHUBSNAMESPACE/eventhubs/MYEVENTHUB --endpoint-type eventhub --subject-begins-with /subscriptions/AZURESUBSCRIPTIONID/resourceGroups/SOURCERESOURCEGROUP/ +``` ++# [Azure PowerShell](#tab/azure-powershell) ++Create an event subscription for the above topic using the [New-AzEventGridSystemTopicEventSubscription](/powershell/module/az.eventgrid/new-azeventgridsystemtopiceventsubscription) command. ++The following sample command creates an event subscription for the **AvailabilityStatusChanged** event. ++```azurepowershell-interactive +New-AzEventGridSystemTopicEventSubscription -EventSubscriptionName EVENTSUBSCRIPTIONNAME -ResourceGroupName RESOURCEGROUPNAME -SystemtopicName SYSTEMTOPICNAME -IncludedEventType Microsoft.ResourceNotifications.HealthResources.AvailabilityStatusChanged -Endpoint /subscriptions/AZURESUBSCRIPTIONID/resourceGroups/RESOURCEGROUPNAME/providers/Microsoft.EventHub/namespaces/EVENTHUBSNAMESPACE/eventhubs/EVENTHUB -EndpointType eventhub +``` ++The following sample command creates an event subscription for the **ResourceAnnotated** event. ++```azurepowershell-interactive +New-AzEventGridSystemTopicEventSubscription -EventSubscriptionName EVENTSUBSCRIPTIONNAME -ResourceGroupName RESOURCEGROUPNAME -SystemtopicName SYSTEMTOPICNAME -IncludedEventType Microsoft.ResourceNotifications.HealthResources.ResourceAnnotated -Endpoint /subscriptions/AZURESUBSCRIPTIONID/resourceGroups/RESOURCEGROUPNAME/providers/Microsoft.EventHub/namespaces/EVENTHUBSNAMESPACE/eventhubs/EVENTHUB -EndpointType eventhub +``` ++If you don't specify `IncludedEventType`, all the event types are included by default. ++To **filter events** from a specific resource, use the `-SubjectBeginsWith` parameter. The example shows how to subscribe to `AvailabilityStatusChanged` events from resources in a specified resource group. ++```azurepowershell-interactive +New-AzEventGridSystemTopicEventSubscription -EventSubscriptionName EVENTSUBSCRIPTIONNAME -ResourceGroupName RESOURCEGROUPNAME -SystemtopicName SYSTEMTOPICNAME -IncludedEventType Microsoft.ResourceNotifications.HealthResources.AvailabilityStatusChanged -Endpoint /subscriptions/AZURESUBSCRIPTIONID/resourceGroups/RESOURCEGROUPNAME/providers/Microsoft.EventHub/namespaces/EVENTHUBSNAMESPACE/eventhubs/EVENTHUB -EndpointType eventhub -SubjectBeginsWith /subscriptions/AZURESUBSCRIPTIONID/resourceGroups/SOURCERESOURCEGROUP/ +``` ++# [Azure portal](#tab/azure-portal) ++1. On the **Event Grid System Topic** page, select **+ Event Subscription** on the toolbar. +1. Confirm that the **Topic Type**, **Source Resource**, and **Topic Name** are automatically populated. +1. Enter a name for the event subscription. +1. For **Filter to event types**, select the event, for example, **Availability status changed** or **Resource annotated**. ++ :::image type="content" source="./media/subscribe-to-resource-notifications-health-resources-events/create-event-subscription-select-event.png" alt-text="Screenshot that shows the Create Event Subscription page." lightbox="./media/subscribe-to-resource-notifications-health-resources-events/create-event-subscription-select-event.png"::: +1. Select **endpoint type**. +1. Configure event handler based no the endpoint type you selected. In the following example, an Azure event hub is selected. ++ :::image type="content" source="./media/subscribe-to-resource-notifications-health-resources-events/select-endpoint.png" alt-text="Screenshot that shows the Create Event Subscription page with an event handler." lightbox="./media/subscribe-to-resource-notifications-health-resources-events/select-endpoint.png"::: +1. Select the **Filters** tab to provide subject filtering and advanced filtering. For example, to filter for events from resources in a specific resource group, follow these steps: + 1. Select **Enable subject filtering**. + 1. In the **Subject Filters** section, for **Subject begins with**, provide the value of the resource group in this format: `/subscriptions/{subscription-id}/resourceGroups/{resourceGroup-id}`. ++ :::image type="content" source="./media/subscribe-to-resource-notifications-health-resources-events/filter.png" alt-text="Screenshot that shows the Filters tab of the Create Event Subscription page." lightbox="./media/subscribe-to-resource-notifications-health-resources-events/filter.png"::: +1. Then, select **Create** to create the event subscription. ++++## Delete event subscription and system topic ++# [Azure CLI](#tab/azure-cli) ++To delete the event subscription, use the [`az eventgrid system-topic event-subscription delete`](/cli/azure/eventgrid/system-topic/event-subscription#az-eventgrid-system-topic-event-subscription-delete) command. Here's an example: ++```azurecli-interactive +az eventgrid system-topic event-subscription delete --name firstEventSubscription --resourcegroup sampletestrg --system-topic-name arnSystemTopicHealth +``` ++To delete the system topic, use the [`az eventgrid system-topic delete`](/cli/azure/eventgrid/system-topic#az-eventgrid-system-topic-delete) command. Here's an example: ++```azurecli-interactive +az eventgrid system-topic delete --name arnsystemtopicHealth --resource-group sampletestrg +``` ++# [Azure PowerShell](#tab/azure-powershell) +To delete an event subscription, use the [`Remove-AzEventGridSystemTopicEventSubscription`](/powershell/module/az.eventgrid/remove-azeventgridsystemtopiceventsubscription) command. Here's an example: ++```azurepowershell-interactive +Remove-AzEventGridSystemTopicEventSubscription -EventSubscriptionName firstEventSubscription -ResourceGroupName sampletestrg -SystemTopicName arnSystemTopicHealth +``` ++To delete the system topic, use the [`Remove-AzEventGridSystemTopic`](/powershell/module/az.eventgrid/remove-azeventgridsystemtopic) command. Here's an example: ++```azurepowershell-interactive +Remove-AzEventGridSystemTopic -ResourceGroupName sampletestrg -Name arnsystemtopicHealth +``` +++# [Azure portal](#tab/azure-portal) ++1. Sign in to the [Azure portal](https://portal.azure.com). +1. In the search bar, type **Event Grid System Topics**, and press ENTER. +1. Select the system topic. +1. On the **Event Grid System Topic** page, select **Delete** on the toolbar. ++++## Filtering examples ++### Subscribe to Platform Initiated annotations belonging to Unplanned category. +You might want to filter to events that require an action. Near real-time alerts are critical in enabling quick mitigation actions. By filtering to Azure initiated and unplanned activity, you can become instantly aware of unanticipated activity across the workloads that requires immediate attention. You might want to redeploy or trigger communication to your end-users to notify the impact. ++# [Azure CLI](#tab/azure-cli) ++```azurecli-interactive +az eventgrid system-topic event-subscription create \ + --name firstEventSubscription \ + --resource-group sampletestrg \ + --system-topic-name arnSystemTopicHealth + --included-event-types Microsoft.ResourceNotifications.HealthResources.ResourceAnnotated \ + --endpoint /subscriptions/000000000-0000-0000-0000-000000000000/resourceGroups/sampletestrg/providers/Microsoft.EventHub/namespaces/testEventHub/eventhubs/ehforsystemtopicresources \ + --endpoint-type evenhub \ + --advanced-filter data.resourceInfo.properties.context StringEndsWith Platform Initiated \ + --advanced-filter data.resourceInfo.properties.category StringEndsWith Unplanned +``` ++# [Azure PowerShell](#tab/azure-powershell) ++```azurepowershell-interactive +New-AzEventGridSystemTopicEventSubscription -EventSubscriptionName firstEventSubscription -ResourceGroupName sampletestrg -SystemtopicName arnSystemTopicHealth -IncludedEventType Microsoft.ResourceNotifications.HealthResources.ResourceAnnotated -Endpoint /subscriptions/000000000-0000-0000-0000-000000000000/resourceGroups/sampletestrg/providers/Microsoft.EventHub/namespaces/testEventHub/eventhubs/ehforsystemtopicresources -EndpointType eventhub -AdvancedFilter @(@{operator = "StringEndsWith"; key = "data.resourceInfo.properties.context" ; value ="Platform Initiated"}, @{operator = "StringEndsWith"; key = "data.resourceInfo.properties.category" ; value ="Unplanned"}) +``` ++# [Azure portal](#tab/azure-portal) ++1. Choose **Resource Annotated** as the event type. +1. In the **Filters** tab of the event subscription, choose the following advanced filters. ++ ``` + - Key = data.resourceInfo.properties.context + - Operator = StringEndsWith + - Value = Platform Initiated ++ AND ++ - Key = data.resourceInfo.properties.category + - Operator = StringEndsWith + - Value = Unplanned + ``` ++++### Subscribe to annotations scoped to a particular target type +Having the ability to filter to the resource types that require attention or mitigation upon impact can enable you to focus on what matters. Even within VMs, perhaps you only care when health of the parent or entire virtual machine scale set is affected versus when an instance in a virtual machine scale set is affected. This filter allows you to precisely hone in on the type of resources for which you want the near real-time alerts. ++# [Azure CLI](#tab/azure-cli) ++```azurecli-interactive +az eventgrid system-topic event-subscription create \ + --name firstEventSubscription \ + --resource-group sampletestrg \ + --system-topic-name arnSystemTopicHealth \ + --included-event-types Microsoft.ResourceNotifications.HealthResources.ResourceAnnotated \ + --endpoint/subscriptions/000000000-0000-0000-0000-0000000000000/resourceGroups/sampletestrg/providers/Microsoft.EventHub/namespaces/testEventHub/eventhubs/ehforsystemtopicresources \ + --endpoint-type evenhub \ + --advanced-filter data.resourceInfo.targetResourceType StringContains Microsoft.Compute/virtualMachines +``` ++# [Azure PowerShell](#tab/azure-powershell) ++```azurepowershell-interactive +New-AzEventGridSystemTopicEventSubscription -EventSubscriptionName firstEventSubscription -ResourceGroupName sampletestrg -SystemtopicName arnSystemTopicHealth -IncludedEventType Microsoft.ResourceNotifications.HealthResources.ResourceAnnotated -Endpoint /subscriptions/000000000-0000-0000-0000-000000000000/resourceGroups/sampletestrg/providers/Microsoft.EventHub/namespaces/testEventHub/eventhubs/ehforsystemtopicresources -EndpointType eventhub -AdvancedFilter @(@{operator = "StringContains"; key = "data.resourceInfo.properties.targetResourceType" ; value ="Microsoft.Compute/virtualMachines"}) +``` ++# [Azure portal](#tab/azure-portal) ++In the **Filters** tab of the event subscription, choose the following advanced filters. ++``` +Key = data.resourceInfo.properties.targetResourceType +Operator = String contains +Value = Microsoft.Compute/virtualMachines +``` +++++## Next steps +For detailed information about these events, see [Azure Resource Notifications - Health Resources events](event-schema-health-resources.md). + |
frontdoor | How To Enable Private Link Web App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/frontdoor/standard-premium/how-to-enable-private-link-web-app.md | Title: 'Connect Azure Front Door Premium to an App Service origin with Private Link' + Title: 'Connect Azure Front Door Premium to an App Service (Web App) origin with Private Link' description: Learn how to connect your Azure Front Door Premium to a webapp privately. Last updated 08/31/2023 -# Connect Azure Front Door Premium to an App Service origin with Private Link +# Connect Azure Front Door Premium to an App Service (Web App) origin with Private Link -This article guides you through how to configure Azure Front Door Premium tier to connect to your App service privately using the Azure Private Link service. +This article guides you through how to configure Azure Front Door Premium tier to connect to your App Service (Web App) privately using the Azure Private Link service. ## Prerequisites * An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F). > [!NOTE]-> Private endpoints requires your App Service plan or function hosting plan to meet some requirements. For more information, see [Using Private Endpoints for Azure Web App](../../app-service/networking/private-endpoint.md). +> Private endpoints requires your App Service plan to meet some requirements. For more information, see [Using Private Endpoints for Azure Web App](../../app-service/networking/private-endpoint.md). ## Sign in to Azure Sign in to the [Azure portal](https://portal.azure.com). -## Enable Private Link to an App Service in Azure Front Door Premium +## Enable Private Link to an App Service (Web App) in Azure Front Door Premium In this section, you map the Private Link service to a private endpoint created in Azure Front Door's private network. 1. Within your Azure Front Door Premium profile, under *Settings*, select **Origin groups**. -1. Select the origin group that contains the App Service origin you want to enable Private Link for. +1. Select the origin group that contains the App Service (Web App) origin you want to enable Private Link for. -1. Select **+ Add an origin** to add a new app service origin or select a previously created App service origin from the list. +1. Select **+ Add an origin** to add a new App Service (Web App) origin or select a previously created App Service (Web App) origin from the list. :::image type="content" source="../media/how-to-enable-private-link-app-service/private-endpoint-app-service.png" alt-text="Screenshot of enabling private link to a Web App."::: -1. The following table has information of what values to select in the respective fields while enabling private link with Azure Front Door. Select or enter the following settings to configure the App service you want Azure Front Door Premium to connect with privately. +1. The following table has information of what values to select in the respective fields while enabling private link with Azure Front Door. Select or enter the following settings to configure the App Service (Web App) you want Azure Front Door Premium to connect with privately. | Setting | Value | | - | -- |- | Name | Enter a name to identify this app service origin. | + | Name | Enter a name to identify this App Service (Web App) origin. | | Origin Type | App services | | Host name | Select the host from the dropdown that you want as an origin. | | Origin host header | You can customize the host header of the origin or leave it as default. | In this section, you map the Private Link service to a private endpoint created 1. Select **Add** to save your configuration. Then select **Update** to save the origin group settings. -## Approve Azure Front Door Premium private endpoint connection from App Service +## Approve Azure Front Door Premium private endpoint connection from App Service (Web App) -1. Go to the App Service you configured Private Link for in the last section. Select **Networking** under **Settings**. +1. Go to the App Service (Web App) you configured Private Link for in the last section. Select **Networking** under **Settings**. 1. In **Networking**, select **Configure your private endpoint connections**. In this section, you map the Private Link service to a private endpoint created :::image type="content" source="../media/how-to-enable-private-link-app-service/private-endpoint-pending-approval.png" alt-text="Screenshot of pending private endpoint request."::: -1. Once approved, it should look like the following screenshot. It takes a few minutes for the connection to fully establish. You can now access your app service from Azure Front Door Premium. Direct access to the App Service from the public internet gets disabled after private endpoint gets enabled. +1. Once approved, it should look like the following screenshot. It takes a few minutes for the connection to fully establish. You can now access your web app from Azure Front Door Premium. Direct access to the web app from the public internet gets disabled after private endpoint gets enabled. :::image type="content" source="../media/how-to-enable-private-link-app-service/private-endpoint-approved.png" alt-text="Screenshot of approved endpoint request."::: |
frontdoor | Troubleshoot Issues | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/frontdoor/troubleshoot-issues.md | The cause of this issue can be one of three things: * Send the request to your origin directly without going through Azure Front Door. See how long your origin normally takes to respond. * Send the request through Azure Front Door and see if you're getting any 503 responses. If not, the problem may not be a timeout issue. Create a support request to troubleshoot the issue further. * If requests going through Azure Front Door result in a 503 error response code then configure the **Origin response timeout** for Azure Front Door. You can increase the default timeout to up to 4 minutes (240 seconds). To configure the setting, go to overview page of the Front Door profile. Select **Origin response timeout** and enter a value between *16* and *240* seconds.+ > [!NOTE] + > The ability to configure Origin response timeout is only available in Azure Front Door Standard/Premium. :::image type="content" source="./media/how-to-configure-endpoints/origin-timeout.png" alt-text="Screenshot of the origin timeout settings on the overview page of the Azure Front Door profile."::: |
machine-learning | How To Manage Environments In Studio | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/machine-learning/how-to-manage-environments-in-studio.md | Keep in mind that any changes to the Docker or Conda sections will create a new ## View logs -Click on the **Build log** tab within the details page to view the logs of an environment version and the environment log analysis. Environment log analysis (Preview) is a feature that provides insight and relevant troubleshooting documentation to explain environment definition issues or image build failures. If you have feedback on the feature or the documentation, file it at https://aka.ms/azureml/environment/log-analysis-feedback +Click on the **Build log** tab within the details page to view the logs of an environment version and the environment log analysis. Environment log analysis is a feature that provides insight and relevant troubleshooting documentation to explain environment definition issues or image build failures. * Build log contains the bare output from an Azure Container Registry (ACR) task or an Image Build Compute job. * Image build analysis is an analysis of the build log used to see the cause of the image build failure. * Environment definition analysis provides information about the environment definition if it goes against best practices for reproducibility, supportability, or security. -For an overview of common build failures, see https://aka.ms/azureml/environment/troubleshooting-guide +For an overview of common build failures, see [How to troubleshoot for environments](https://aka.ms/azureml/environment/troubleshooting-guide). ++If you have feedback on the environment log analysis, file a [GitHub issue](https://aka.ms/azureml/environment/log-analysis-feedback). ## Rebuild an environment |
network-watcher | Vnet Flow Logs Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/network-watcher/vnet-flow-logs-overview.md | Flow logs are the source of truth for all network activity in your cloud environ ## VNet flow logs compared to NSG flow logs -Both VNet flow logs and [NSG flow logs](network-watcher-nsg-flow-logging-overview.md) record IP traffic but they differ in their behavior & capabilities. VNet flow logs simplify the scope of traffic monitoring by allowing you to enable logging at [virtual networks](../virtual-network/virtual-networks-overview.md), ensuring that traffic through all supported workloads within a virtual network are recorded. VNet flow logs also avoids the need to enable multi-level flow logging such as in cases of [NSG flow logs](network-watcher-nsg-flow-logging-overview.md#best-practices) where network security groups are configured at both subnet & NIC. +Both VNet flow logs and [NSG flow logs](network-watcher-nsg-flow-logging-overview.md) record IP traffic but they differ in their behavior and capabilities. VNet flow logs simplify the scope of traffic monitoring by allowing you to enable logging at [virtual networks](../virtual-network/virtual-networks-overview.md), ensuring that traffic through all supported workloads within a virtual network is recorded. VNet flow logs also avoids the need to enable multi-level flow logging such as in cases of [NSG flow logs](network-watcher-nsg-flow-logging-overview.md#best-practices) where network security groups are configured at both subnet and network interface (NIC). In addition to existing support to identify allowed/denied traffic by [network security group rules](../virtual-network/network-security-groups-overview.md), VNet flow logs support identification of traffic allowed/denied by [Azure Virtual Network Manager security admin rules](../virtual-network-manager/concept-security-admins.md). VNet flow logs also support evaluating the encryption status of your network traffic in scenarios where [virtual network encryption](../virtual-network/virtual-network-encryption-overview.md) is enabled. VNet flow logs is available in the following regions during the preview: To sign up to obtain access to the public preview, see [VNet flow logs - public preview sign up](https://aka.ms/VNetflowlogspreviewsignup). -## Next steps +## Related content -- To learn how to create, change, enable, disable, or delete VNet flow logs, see [PowerShell](vnet-flow-logs-powershell.md) or [Azure CLI](vnet-flow-logs-cli.md) VNet flow logs articles.+- To learn how to manage VNet flow logs, see [Create, change, enable, disable, or delete VNet flow logs using Azure PowerShell](vnet-flow-logs-powershell.md) or [Create, change, enable, disable, or delete VNet flow logs using the Azure CLI](vnet-flow-logs-cli.md). - To learn about traffic analytics, see [Traffic analytics](traffic-analytics.md) and [Traffic analytics schema](traffic-analytics-schema.md). - To learn how to use Azure built-in policies to audit or enable traffic analytics, see [Manage traffic analytics using Azure Policy](traffic-analytics-policy-portal.md).--- |
openshift | Howto Infrastructure Nodes | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/openshift/howto-infrastructure-nodes.md | In order for Azure VMs added to an ARO cluster to be recognized as infrastructur - Standard_E4s_v5 - Standard_E8s_v5 - Standard_E16s_v5+ - Standard_E4as_v5 + - Standard_E8as_v5 + - Standard_E16as_v5 - There can be no more than three nodes. Any additional nodes are charged an OpenShift fee. |
operator-nexus | Concepts Storage | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/operator-nexus/concepts-storage.md | The Azure Operator Nexus software Kubernetes stack offers two types of storage. The default storage mechanism, *nexus-volume*, is the preferred choice for most users. It provides the highest levels of performance and availability. However, volumes can't be simultaneously shared across multiple worker nodes. Operators can access and manage these volumes by using the Azure API and portal, through the volume resource. +``` +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: testPvc + namespace: default +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 107Mi + storageClassName: nexus-volume + volumeMode: Filesystem + volumeName: testVolume +status: + accessModes: + - ReadWriteOnce + capacity: + storage: 107Mi + phase: Bound +``` + ### StorageClass: nexus-shared -In situations where a shared file system is required, the *nexus-shared* storage class is available. This storage class provides a shared storage solution by enabling multiple pods to concurrently access and share the same volume. +In situations where a shared file system is required, the *nexus-shared* storage class is available. This storage class provides a shared storage solution by enabling multiple pods to concurrently access and share the same volume. These volumes are of type NFS Storage that are accessed by the kubernetes nodes as a persistent volume. Nexus-shared supports both Read Write Once (RWO) and Read Write Many (RWX) access modes. What that means is that the workload applications can make use of either of these access modes to access the storage. Although the performance and availability of *nexus-shared* are sufficient for most applications, we recommend that workloads with heavy I/O requirements use the *nexus-volume* option for optimal performance. +#### Read Write Once (RWO) ++In Read Write Once (RWO) mode, the nexus-shared volume can be mounted by only one node or claimant at a time. ReadWriteOnce access mode still allows multiple pods to access the volume when the pods are running on the same node. +``` +apiVersion: v1 +items: +- apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: test-pvc + namespace: default + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: nexus-shared + volumeMode: Filesystem + volumeName: TestVolume + status: + accessModes: + - ReadWriteOnce + capacity: + storage: 5Gi + phase: Bound +``` ++#### Read Write Many (RWX) ++In Read Write Many (RWX) mode, the nexus-shared volume can be mounted by multiple nodes or claimants at the same time. +``` +apiVersion: v1 +items: +- apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: test-pvc + namespace: default + spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 5Gi + storageClassName: nexus-shared + volumeMode: Filesystem + volumeName: TestVolume + status: + accessModes: + - ReadWriteMany + capacity: + storage: 5Gi + phase: Bound +``` + ## Storage appliance status The following properties reflect the operational state of a storage appliance: |
operator-nexus | Howto Configure Isolation Domain | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/operator-nexus/howto-configure-isolation-domain.md | -# Configure L2 and L3 isolation domains by using a managed network fabric +# Configure L2 and L3 isolation-domains using managed network fabric services -For Azure Operator Nexus instances, isolation domains enable communication between workloads hosted on the same rack (intra-rack communication) or different racks (inter-rack communication). This article describes how you can manage Layer 2 (L2) and Layer 3 (L3) isolation domains by using the Azure CLI. You can use the commands in this article to create, update, delete, and check the status of L2 and L3 isolation domains. +The isolation-domains enable communication between workloads hosted in the same rack (intra-rack communication) or different racks (inter-rack communication). +This how-to describes how you can manage your Layer 2 and Layer 3 isolation-domains using the Azure Command Line Interface (AzureCLI). You can create, update, delete and check status of Layer 2 and Layer 3 isolation-domains. ## Prerequisites -1. Ensure that a network fabric controller (NFC) and a network fabric have been created. -1. Install the latest version of the -[Azure CLI extension for managed network fabric](./howto-install-cli-extensions.md). -1. Use the following command to sign in to your Azure account and set the subscription to your Azure subscription ID. This should be the same subscription ID that you use for all the resources in an Azure Operator Nexus instance. +1. Ensure Network Fabric Controller (NFC) and Network Fabric have been created. +2. Install latest version of the +[necessary CLI extensions](./howto-install-cli-extensions.md). - ```azurecli - az login - az account set --subscription ********-****-****-****-********* - ``` +3. Use the following command to sign in to your Azure account and set the subscription to your Azure subscription ID. This should be the same subscription ID that you use for all the resources in an Azure Operator Nexus instance. -1. Register providers for a managed network fabric: +```azurecli + az login + az account set --subscription ********-****-****-****-********* +``` ++4. Register providers for a managed network fabric: 1. In the Azure CLI, enter the command `az provider register --namespace Microsoft.ManagedNetworkFabric`. 1. Monitor the registration process by using the command `az provider show -n Microsoft.ManagedNetworkFabric -o table`. For Azure Operator Nexus instances, isolation domains enable communication betwe Isolation domains are used to enable Layer 2 or Layer 3 connectivity between workloads hosted across the Azure Operator Nexus instance and external networks. > [!NOTE]-> Azure Operator Nexus reserves VLANs up to 500 for platform use. You can't use VLANs in this range for your (tenant) workload networks. You should use VLAN values from 501 through 4095. --## Configure L2 isolation domains +> Operator Nexus reserves VLANs <=500 for Platform use, and therefore VLANs in this range can't be used for your (tenant) workload networks. You should use VLAN values between 501 and 4095. -You use an L2 isolation domain to establish Layer 2 connectivity between workloads running on Azure Operator Nexus compute nodes. --The following parameters are available for configuring isolation domains. +## Parameters for isolation-domain management | Parameter|Description|Example|Required| |||||-|`resource-group` |Resource group name specifically for the isolation domain of your choice.|`ResourceGroupName`|True -|`resource-name` |Resource name of the L2 isolation domain.|`example-l2domain`| True -|`location`|Azure Operator Nexus region used during NFC creation.|`eastus`| True -|`nf-Id` |Network fabric ID.|`/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFresourcegroupname/providers/Microsoft.ManagedNetworkFabric/NetworkFabrics/NFname`| True -|`Vlan-id` | VLAN identifier value. VLANs 1 to 500 are reserved and can't be used. The VLAN identifier value can't be changed after you specify it. You must delete and re-create the isolation domain if you need to modify the VLAN identifier value. The range is `501` to `4095`.|`501`| True -|`mtu` | Maximum transmission unit. If you don't specify a value, the default is `1500`.|`1500`| -|`administrativeState`| Administrative state of the isolation domain, which you can enable or disable.|`Enable`| -| `subscriptionId` | Azure subscription ID for your Azure Operator Nexus instance. | -| `provisioningState` | Provisioning state. | +|`resource-group` |Use an appropriate resource group name specifically for ISD of your choice|ResourceGroupName|True +|`resource-name` |Resource Name of the l2isolationDomain|example-l2domain| True +|`location`|AODS Azure Region used during NFC Creation|eastus| True +|`nf-Id` |network fabric ID|"/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFresourcegroupname/providers/Microsoft.ManagedNetworkFabric/NetworkFabrics/NFname"| True +|`Vlan-id` | VLAN identifier value. VLANs 1-500 are reserved and can't be used. The VLAN identifier value can't be changed once specified. The isolation-domain must be deleted and recreated if the VLAN identifier value needs to be modified. The range is between 501-4095|501| True +|`mtu` | maximum transmission unit is 1500 by default, if not specified|1500|| +|`administrativeState`| Enable/Disable indicate the administrative state of the isolationDomain|Enable|| +| `subscriptionId` | Your Azure subscriptionId for your Operator Nexus instance. || +| `provisioningState` | Indicates provisioning state | ++## L2 Isolation-Domain ++You use an L2 isolation-domain to establish layer 2 connectivity between workloads running on Operator Nexus compute nodes. -### Create an L2 isolation domain +### Create L2 isolation-domain -Use the following commands to create an L2 isolation domain: +Create an L2 isolation-domain: ```azurecli az networkfabric l2domain create \ az networkfabric l2domain create \ Expected output: -```output +```json {- "administrativeState": "Disabled", - "annotation": null,user - "disabledOnResources": null, - "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ResourceGroupName/providers/Microsoft.ManagedNetworkFabric/l2IsolationDomains/example-l2domain", + "administrativeState": "Disabled", + "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/l2IsolationDomains/example-l2domain", "location": "eastus", "mtu": 1501, "name": "example-l2domain",- "networkFabricId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/NFresourceGroups/resourcegroupname/providers/Microsoft.ManagedNetworkFabric/networkFabrics/NFName", + "networkFabricId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFresourcegroupname/providers/Microsoft.ManagedNetworkFabric/networkFabrics/NFName", "provisioningState": "Succeeded", "resourceGroup": "ResourceGroupName", "systemData": { Expected output: "createdBy": "email@address.com", "createdByType": "User", "lastModifiedAt": "2023-XX-XXT14:57:59.167177+00:00",- "lastModifiedBy": "email@address.com", - "lastModifiedByType": "User" - }, - "tags": null, + "lastModifiedBy": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx", + "lastModifiedByType": "Application" + }, "type": "microsoft.managednetworkfabric/l2isolationdomains", "vlanId": 750 } ``` -### Show L2 isolation domains +### Show L2 isolation-domains This command shows details about L2 isolation domains, including their administrative states: This command shows details about L2 isolation domains, including their administr az networkfabric l2domain show --resource-group "ResourceGroupName" --resource-name "example-l2domain" ``` -Expected output: +Expected Output -```output +```json {- "administrativeState": "Disabled", - "annotation": null, - "disabledOnResources": null, - "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ResourceGroupName/providers/Microsoft.ManagedNetworkFabric/l2IsolationDomains/example-l2domain", + "administrativeState": "Disabled", + "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/l2IsolationDomains/example-l2domain", "location": "eastus", "mtu": 1501, "name": "example-l2domain", Expected output: "createdBy": "email@address.com", "createdByType": "User", "lastModifiedAt": "2023-XX-XXT14:57:59.167177+00:00",- "lastModifiedBy": "email@address.com", - "lastModifiedByType": "User" - }, - "tags": null, + "lastModifiedBy": "d1bd24c7-b27f-477e-86dd-939e1078890", + "lastModifiedByType": "Application" + }, "type": "microsoft.managednetworkfabric/l2isolationdomains", "vlanId": 750 } ``` -### List all L2 isolation domains +### List all L2 isolation-domains -This command lists all L2 isolation domains available in a resource group: +This command lists all l2 isolation-domains available in resource group. ```azurecli az networkfabric l2domain list --resource-group "ResourceGroupName" ``` -Expected output: +Expected Output -```output +```json { "administrativeState": "Enabled",- "annotation": null, - "disabledOnResources": null, - "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ResourceGroupName/providers/Microsoft.ManagedNetworkFabric/l2IsolationDomains/example-l2domain", + "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/l2IsolationDomains/example-l2domain", "location": "eastus", "mtu": 1501, "name": "example-l2domain", Expected output: "lastModifiedBy": "d1bd24c7-b27f-477e-86dd-939e107873d7", "lastModifiedByType": "Application" },- "tags": null, "type": "microsoft.managednetworkfabric/l2isolationdomains", "vlanId": 750 } You must enable an isolation domain to push the configuration to the network fab az networkfabric l2domain update-admin-state --resource-group "ResourceGroupName" --resource-name "example-l2domain" --state Enable/Disable ``` -Expected output: +Expected Output -```output +```json { "administrativeState": "Enabled",- "annotation": null, - "disabledOnResources": null, - "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ResourceGroupName/providers/Microsoft.ManagedNetworkFabric/l2IsolationDomains/example-l2domain", + "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/l2IsolationDomains/example-l2domain", "location": "eastus", "mtu": 1501, "name": "example-l2domain", Expected output: "lastModifiedBy": "d1bd24c7-b27f-477e-86dd-939e107873d7", "lastModifiedByType": "Application" },- "tags": null, "type": "microsoft.managednetworkfabric/l2isolationdomains", "vlanId": 501 } ``` -### Delete an L2 isolation domain +### Delete L2 isolation-domain Use this command to delete an L2 isolation domain: az networkfabric l2domain delete --resource-group "ResourceGroupName" --resource Expected output: ```output-Please use show or list command to validate that the isolation domain is deleted. Deleted resources will not appear in the output +Please use show or list command to validate that isolation-domain is deleted. Deleted resources will not appear in result ``` -## Configure L3 isolation domains +## Configure L3 isolation-domain -A Layer 3 isolation domain enables L3 connectivity between workloads running on Azure Operator Nexus compute nodes. The L3 isolation domain enables the workloads to exchange L3 information with network fabric devices. +A Layer 3 isolation-domain enables layer 3 connectivity between workloads running on Operator Nexus compute nodes. +The L3 isolation-domain enables the workloads to exchange layer 3 information with Network fabric devices. -A Layer 3 isolation domain has two components: +Layer 3 isolation-domain has two components: - An *internal network* defines Layer 3 connectivity between network fabrics running on Azure Operator Nexus compute nodes and an optional external network. You must create at least one internal network.-- An *external network* provides connectivity between the internet and internal networks via your private endpoints.+- An *external network* provides connectivity between the internet and internal networks via your PEs. + -An L3 isolation domain enables deploying workloads that advertise service IPs to the fabric via BGP. +L3 isolation-domain enables deploying workloads that advertise service IPs to the fabric via BGP. An L3 isolation domain has two ASNs: -- The *fabric ASN* is the ASN of the network devices on the fabric. It's specified while you're creating the network fabric.-- The *peer ASN* is the ASN of the network functions in Azure Operator Nexus. It can't be the same as the fabric ASN.+- The *Fabric ASN* refers to the ASN of the network devices on the Fabric. The Fabric ASN was specified while creating the Network fabric. +- The *Peer ASN* refers to ASN of the Network Functions in Operator Nexus, and it can't be the same as Fabric ASN. ++The workflow for a successful provisioning of an L3 isolation-domain is as follows: -The workflow for a successful provisioning of an L3 isolation domain is as follows: + - Create a L3 isolation-domain + - Create one or more Internal Networks + - Enable a L3 isolation-domain -1. Create an L3 isolation domain. -1. Create one or more internal networks. -1. Enable an L3 isolation domain. +To make changes to the L3 isolation-domain, first Disable the L3 isolation-domain (Administrative state). Re-enable the L3 isolation-domain (AdministrativeState state) once the changes are completed: -To make changes to the L3 isolation domain, first disable it (administrative state). Re-enable the L3 isolation domain (administrative state) after you finish the changes. + - Disable the L3 isolation-domain + - Make changes to the L3 isolation-domain + - Re-enable the L3 isolation-domain -The procedure to show, enable/disable, and delete IPv6-based isolation domains is the same as the one that you use for IPv4. The VLAN range for creating an isolation domain is 501 to 4095. +The Procedure to show, enable/disable and delete IPv6 based isolation-domains is same as used for IPv4. the Vlan range for creation Isolation Domain 501-4095 The following parameters are available for configuring L3 isolation domains. | Parameter|Description|Example|Required| |||||-|`resource-group` |Resource group name specifically for the isolation domain of your choice|`ResourceGroupName`|True| -|`resource-name` |Resource name of the L3 isolation domain|`example-l3domain`|True| -|`location`|Azure Operator Nexus region used during NFC creation|`eastus`|True| -|`nf-Id` |Azure subscription ID used during NFC creation|`/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/NetworkFabrics/NFName`| True| +|`resource-group` |Use an appropriate resource group name specifically for ISD of your choice|ResourceGroupName|True| +|`resource-name` |Resource Name of the l3isolationDomain|example-l3domain|True| +|`location`|AODS Azure Region used during NFC Creation|eastus|True| +|`nf-Id`|Azure subscriptionId used during NFC Creation|/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/NetworkFabrics/NFName"| True| The following parameters for isolation domains are optional. | Parameter|Description|Example|Required| |||||-| `redistributeConnectedSubnet` | Advertised connected subnets, which can have a value of `True` or `False`. The default value is `True`. |`True` | | -| `redistributeStaticRoutes` |Advertised static routes, which can have a value of `True` or `False`. The default value is `False`. | `False` | | -| `aggregateRouteConfiguration`|List of IPv4 and IPv6 route configurations. | | | +| `redistributeConnectedSubnet` | Advertise connected subnets default value is True |True | | +| `redistributeStaticRoutes` |Advertise Static Routes can have value of true/False. Defualt Value is False | False | | +| `aggregateRouteConfiguration`|List of Ipv4 and Ipv6 route configurations | | | +| `connectedSubnetRoutePolicy` | Route Policy Configuration for IPv4 or Ipv6 L3 ISD connected subnets. Refer to help file for using correct syntax | | | -### Create an L3 isolation domain +### Create L3 isolation-domain Use this command to create an L3 isolation domain: az networkfabric l3domain create ``` > [!NOTE]-> For MPLS Option B connectivity to external networks via private endpoint devices, you can specify Option B parameters while creating an isolation domain. +> For MPLS Option 10 (B) connectivity to external networks via PE devices, you can specify option (B) parameters while creating an isolation-domain. -Expected output: +Expected Output -```output +```json { "administrativeState": "Disabled",- "aggregateRouteConfiguration": null, - "annotation": null, - "connectedSubnetRoutePolicy": null, - "description": null, - "disabledOnResources": null, - "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ResourceGroupName/providers/Microsoft.ManagedNetworkFabric/l3IsolationDomains/example-l3domain", + "configurationState": "Succeeded", + "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/l3IsolationDomains/example-l3domain", "location": "eastus", "name": "example-l3domain",- "networkFabricId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/NFresourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/networkFabrics/NFName", - "optionBDisabledOnResources": null, - "provisioningState": "Accepted", + "networkFabricId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/networkFabrics/NFName", + "provisioningState": "Succeeded", "redistributeConnectedSubnets": "True", "redistributeStaticRoutes": "False", "resourceGroup": "ResourceGroupName", Expected output: "createdBy": "email@example.com", "createdByType": "User", "lastModifiedAt": "2023-XX-XXT09:40:38.815959+00:00",- "lastModifiedBy": "email@example.com", - "lastModifiedByType": "User" - }, - "tags": null, + "lastModifiedBy": "d1bd24c7-b27f-477e-86dd-939e10787367", + "lastModifiedByType": "Application" + }, "type": "microsoft.managednetworkfabric/l3isolationdomains" } ``` -#### Create an untrusted L3 isolation domain +## Create an untrusted L3 isolation domain ```azurecli-az networkfabric l3domain create --resource-group "ResourceGroupName" --resource-name "l3untrust" --location "eastus" --nf-id "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/networkFabrics/NFName" +az nf l3domain create --resource-group "ResourceGroupName" --resource-name "l3untrust" --location "eastus" --nf-id "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/networkFabrics/NFName" ```--#### Create a trusted L3 isolation domain +## Create a trusted L3 isolation domain ```azurecli-az networkfabric l3domain create --resource-group "ResourceGroupName" --resource-name "l3trust" --location "eastus" --nf-id "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/networkFabrics/NFName" +az nf l3domain create --resource-group "ResourceGroupName" --resource-name "l3trust" --location "eastus" --nf-id "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/networkFabrics/NFName" ```--#### Create a management L3 isolation domain +## Create a management L3 isolation domain ```azurecli-az networkfabric l3domain create --resource-group "ResourceGroupName" --resource-name "l3mgmt" --location "eastus" --nf-id "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/networkFabrics/NFName" +az nf l3domain create --resource-group "ResourceGroupName" --resource-name "l3mgmt" --location "eastus" --nf-id "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/networkFabrics/NFName" ``` -### Show L3 isolation domains +### Show L3 isolation-domains -This command shows details about L3 isolation domains, including their administrative states: +You can get the L3 isolation-domains details and administrative state. ```azurecli az networkfabric l3domain show --resource-group "ResourceGroupName" --resource-name "example-l3domain" ``` -Expected output: +Expected Output -```output +```json { "administrativeState": "Disabled",- "aggregateRouteConfiguration": null, - "annotation": null, - "connectedSubnetRoutePolicy": null, - "description": null, - "disabledOnResources": null, - "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ResourceGroupName/providers/Microsoft.ManagedNetworkFabric/l3IsolationDomains/example-l3domain", + "configurationState": "Succeeded", + "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/l3IsolationDomains/example-l3domain", "location": "eastus", "name": "example-l3domain",- "networkFabricId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/NFresourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/networkFabrics/NFName", - "optionBDisabledOnResources": null, + "networkFabricId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/networkFabrics/NFName", "provisioningState": "Succeeded", "redistributeConnectedSubnets": "True", "redistributeStaticRoutes": "False",- "resourceGroup": "ResourceGroupName", + "resourceGroup": "2023-XX-XXT09:40:38.815959+00:00", "systemData": { "createdAt": "2023-XX-XXT09:40:38.815959+00:00", "createdBy": "email@example.com", "createdByType": "User", "lastModifiedAt": "2023-XX-XXT09:40:46.923037+00:00",- "lastModifiedBy": "d1bd24c7-b27f-477e-86dd-939e107873d7", + "lastModifiedBy": "d1bd24c7-b27f-477e-86dd-939e10787456", "lastModifiedByType": "Application"- }, - "tags": null, + }, "type": "microsoft.managednetworkfabric/l3isolationdomains" } ``` -### List all L3 isolation domains +### List all L3 isolation-domains Use this command to get a list of all L3 isolation domains available in a resource group: Use this command to get a list of all L3 isolation domains available in a resour az networkfabric l3domain list --resource-group "ResourceGroupName" ``` -Expected output: +Expected Output -```output +```json {- "administrativeState": "Disabled", - "aggregateRouteConfiguration": null, - "annotation": null, - "connectedSubnetRoutePolicy": null, - "description": null, - "disabledOnResources": null, - "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ResourceGroupName/providers/Microsoft.ManagedNetworkFabric/l3IsolationDomains/example-l3domain", + "administrativeState": "Disabled", + "configurationState": "Succeeded", + "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/l3IsolationDomains/example-l3domain", + "location": "eastus", + "name": "example-l3domain", + "networkFabricId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/networkFabrics/NFName", + "provisioningState": "Succeeded", + "redistributeConnectedSubnets": "True", + "redistributeStaticRoutes": "False", + "resourceGroup": "ResourceGroupName", + "systemData": { + "createdAt": "2023-XX-XXT09:40:38.815959+00:00", + "createdBy": "email@example.com", + "createdByType": "User", + "lastModifiedAt": "2023-XX-XXT09:40:46.923037+00:00", + "lastModifiedBy": "d1bd24c7-b27f-477e-86dd-939e10787890", + "lastModifiedByType": "Application" + }, + "type": "microsoft.managednetworkfabric/l3isolationdomains" + } +``` +### Change the administrative state of an L3 isolation domain ++Use the following command to change the administrative state of an L3 isolation domain to enabled or disabled: ++##Note: At least one internal network should be available to change the adminstrative state of an L3 Isolation Domain. ++```azurecli +az nf l3domain update-admin-state --resource-group "ResourceGroupName" --resource-name "example-l3domain" --state Enable/Disable +``` ++Expected Output ++```json +{ + "administrativeState": "Enabled", + "configurationState": "Succeeded", + "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ResourceGroupName/providers/Microsoft.ManagedNetworkFabric/l3IsolationDomains/example-l3domain", "location": "eastus", "name": "example-l3domain", "networkFabricId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/NFresourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/networkFabrics/NFName",- "optionBDisabledOnResources": null, "provisioningState": "Succeeded", "redistributeConnectedSubnets": "True", "redistributeStaticRoutes": "False",- "resourceGroup": "ResourceGroupName", + "resourceGroup": "NFResourceGroupName", "systemData": {- "createdAt": "2023-XX-XXT09:40:38.815959+00:00", - "createdBy": "email@example.com", + "createdAt": "2023-XX-XXT06:23:43.372461+00:00", + "createdBy": "email@address.com", "createdByType": "User",- "lastModifiedAt": "2023-XX-XXT09:40:46.923037+00:00", - "lastModifiedBy": "d1bd24c7-b27f-477e-86dd-939e107873d7", + "lastModifiedAt": "2023-XX-XXT06:25:53.240975+00:00", + "lastModifiedBy": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx", "lastModifiedByType": "Application"- }, - "tags": null, + }, "type": "microsoft.managednetworkfabric/l3isolationdomains" } ```--### Change the administrative state of an L3 isolation domain --Use the following command to change the administrative state of an L3 isolation domain to enabled or disabled: --```azurecli -az networkfabric l3domain update-admin-state --resource-group "ResourceGroupName" --resource-name "example-l3domain" --state Enable/Disable -``` --Expected output: --```output -{ - "administrativeState": "Enabled", - "annotation": null, - "description": null, - "disabledOnResources": null, - "external": null, - "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ResourceGroupName/providers/Microsoft.ManagedNetworkFabric/l3IsolationDomains/example-l3domain", - "internal": null, - "location": "eastus", - "name": "example-l3domain", - "networkFabricId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/NFresourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/networkFabrics/NFName", - "optionBDisabledOnResources": null, - "provisioningState": "Succeeded", - "resourceGroup": "NFResourceGroupName", - "systemData": { - "createdAt": "2022-XX-XXT06:23:43.372461+00:00", - "createdBy": "email@address.com", - "createdByType": "User", - "lastModifiedAt": "2022-XX-XXT06:25:53.240975+00:00", - "lastModifiedBy": "d1bd24c7-b27f-477e-86dd-939e107873d7", - "lastModifiedByType": "Application" - }, - "tags": null, - "type": "microsoft.managednetworkfabric/l3isolationdomains" - } -``` - Use the `az show` command to verify whether the administrative state has changed to `Enabled`. -### Delete an L3 isolation domain ++### Delete an L3 isolation-domains Use this command to delete an L3 isolation domain: ```azurecli- az networkfabric l3domain delete --resource-group "ResourceGroupName" --resource-name "example-l3domain" + az nf l3domain delete --resource-group "ResourceGroupName" --resource-name "example-l3domain" ``` -Use the `show` or `list` command to validate that the isolation domain has been deleted. +Use the `show` or `list` commands to validate that the isolation-domain has been deleted. -## Create internal networks ++## Create Internal Network After you successfully create an L3 isolation domain, the next step is to create an internal network. Internal networks enable Layer 3 inter-rack and intra-rack communication between workloads by exchanging routes with the fabric. An L3 isolation domain can support multiple internal networks, each on a separate VLAN. The following parameters are available for creating internal networks. | Parameter|Description|Example|Required| |||||-|`vlan-Id` |VLAN identifier with a range from 501 to 4095|`1001`|True| -|`resource-group`|Corresponding NFC resource group name| `NFCresourcegroupname` | True -|`l3-isolation-domain-name`|Resource name of the L3 isolation domain|`example-l3domain` | True -|`location`|Azure Operator Nexus region used during NFC creation|`eastus` | True +|`vlan-Id` |Vlan identifier with range from 501 to 4095|1001|True| +|`resource-group`|Use the corresponding NFC resource group name| NFCresourcegroupname | True +|`l3-isolation-domain-name`|Resource Name of the l3isolationDomain|example-l3domain | True +|`location`|AODS Azure Region used during NFC Creation|eastus | True + The following parameters are optional for creating internal networks. |Parameter|Description|Example|Required| |||||-|`connectedIPv4Subnets` |IPv4 subnet that the Azure Kubernetes Service hybrid (HAKS) cluster's workloads use.|`10.0.0.0/24`|| -|`connectedIPv6Subnets` |IPv6 subnet that the HAKS cluster's workloads use.|`df8:f53b:82e4::53/127`|| -|`staticRouteConfiguration` |IPv4 prefix of the static route.|`10.0.0.0/24`| -|`bgpConfiguration`|IPv4 next-hop address.|`10.0.0.0/24`| | -|`defaultRouteOriginate` | `True`/`False` parameter that enables the default route to be originated when you're advertising routes via BGP. | `True` | | -|`peerASN` |Peer ASN of a network function.|`65047`|| -|`allowAS` |Allows for routes to be received and processed even if the router detects its own ASN in the AS path. Input `0` to disable. Otherwise, possible values are `1` to `10`. The default is `2`.|`2`|| -|`allowASOverride` |Enables or disables `allowAS`.|`Enable`|| -|`ipv4ListenRangePrefixes`| BGP IPv4 listen range; maximum range allowed in /28.| `10.1.0.0/26` | | -|`ipv6ListenRangePrefixes`| BGP IPv6 listen range; maximum range allowed in /127.| `3FFE:FFFF:0:CD30::/126`| | -|`ipv4NeighborAddress`| IPv4 neighbor address.|`10.0.0.11`| | -|`ipv6NeighborAddress`| IPv6 neighbor address.|`df8:f53b:82e4::53/127`| | +|`connectedIPv4Subnets` |IPv4 subnet used by the HAKS cluster's workloads|10.0.0.0/24|| +|`connectedIPv6Subnets` |IPv6 subnet used by the HAKS cluster's workloads|10:101:1::1/64|| +|`staticRouteConfiguration` |IPv4/IPv6 Prefix of the static route |IPv4 10.0.0.0/24 and Ipv6 10:101:1::1/64| +|`staticRouteConfiguration->extension` |extension flag for internal network static route |NoExtension/NPB| +|`bgpConfiguration`|IPv4 nexthop address|10.0.0.0/24| | +|`defaultRouteOriginate` | True/False "Enables default route to be originated when advertising routes via BGP" | True | | +|`peerASN` |Peer ASN of Network Function|65047|| +|`allowAS` |Allows for routes to be received and processed even if the router detects its own ASN in the AS-Path. Input as 0 is disable, Possible values are 1-10, default is 2.|2|| +|`allowASOverride` |Enable Or Disable allowAS|Enable|| +|`extension` |extension flag for internal network|NoExtension/NPB| +|`ipv4ListenRangePrefixes`| BGP IPv4 listen range, maximum range allowed in /28| 10.1.0.0/26 | | +|`ipv6ListenRangePrefixes`| BGP IPv6 listen range, maximum range allowed in /127| 3FFE:FFFF:0:CD30::/126| | +|`ipv4ListenRangePrefixes`| BGP IPv4 listen range, maximum range allowed in /28| 10.1.0.0/26 | | +|`ipv4NeighborAddress`| IPv4 neighbor address|10.0.0.11| | +|`ipv6NeighborAddress`| IPv6 neighbor address|10:101:1::11| | +|`isMonitoringEnabled`| TO enable or disbable monitoring on internal network|False| | + You need to create an internal network before you enable an L3 isolation domain. This command creates an internal network with BGP configuration and a specified peering address: + ```azurecli az networkfabric internalnetwork create --resource-group "ResourceGroupName" --l3-isolation-domain-name "example-l3domain" --resource-name "example-internalnetwork" location "eastus" --vlan-id 805 --connected-ipv4-subnets '[{"prefix":"10.1.2.0/24"}]' --mtu 1500 az networkfabric internalnetwork create ``` -Expected output: +Expected Output -```output -{ - "administrativeState": "Enabled", - "annotation": null, - "bfdDisabledOnResources": null, - "bfdForStaticRoutesDisabledOnResources": null, - "bgpConfiguration": { - "allowAs": 2, - "allowAsOverride": "Enable", - "annotation": null, - "bfdConfiguration": null, - "defaultRouteOriginate": "True", - "fabricAsn": 65046, - "ipv4ListenRangePrefixes": [ - "10.1.2.0/28" - ], - "ipv4NeighborAddress": null, - "ipv6ListenRangePrefixes": null, - "ipv6NeighborAddress": null, - "peerAsn": 65535 - }, - "bgpDisabledOnResources": null, - "connectedIPv4Subnets": [ - { - "annotation": null, - "prefix": "10.1.2.0/24" - } - ], - "connectedIPv6Subnets": null, - "disabledOnResources": null, - "exportRoutePolicyId": null, - "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ResourceGroupName/providers/Microsoft.ManagedNetworkFabric/l3IsolationDomains/example-l3domain", - "importRoutePolicyId": null, - "mtu": 1500, - "name": "internalnetwork805", - "provisioningState": "Accepted", - "resourceGroup": "ResourceGroupName", - "staticRouteConfiguration": null, - "systemData": { - "createdAt": "2023-XX-XXT05:26:33.547816+00:00", - "createdBy": "email@example.com", - "createdByType": "User", - "lastModifiedAt": "2023-XX-XXT05:26:33.547816+00:00", - "lastModifiedBy": "email@example.com", - "lastModifiedByType": "User" - }, - "type": "microsoft.managednetworkfabric/l3isolationdomains/internalnetworks", - "vlanId": 805 +```json +{ + "administrativeState": "Enabled", + "bgpConfiguration": { + "allowAS": 2, + "allowASOverride": "Enable", + "defaultRouteOriginate": "True", + "fabricASN": 65050, + "ipv4ListenRangePrefixes": [ + "10.1.2.0/28" + ], + "peerASN": 65535 + }, + "configurationState": "Succeeded", + "connectedIPv4Subnets": [ + { + "prefix": "10.1.2.0/24" + } + ], + "extension": "NoExtension", + "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/l3IsolationDomains/example-l3domain/internalNetworks/example-internalnetwork", + "isMonitoringEnabled": "True", + "mtu": 1500, + "name": "example-internalnetwork", + "provisioningState": "Succeeded", + "resourceGroup": "ResourceGroupName", + "systemData": { + "createdAt": "2023-XX-XXT04:32:00.8159767Z", + "createdBy": "email@example.com", + "createdByType": "User", + "lastModifiedAt": "2023-XX-XXT04:32:00.8159767Z", + "lastModifiedBy": "email@example.com", + "lastModifiedByType": "User" + }, + "type": "microsoft.managednetworkfabric/l3isolationdomains/internalnetworks", + "vlanId": 805 } ``` -### Create an untrusted internal network for an L3 isolation domain +## Create an untrusted internal network for an L3 isolation domain ```azurecli-az networkfabric internalnetwork create --resource-group "ResourceGroupName" --l3-isolation-domain-name l3untrust --resource-name untrustnetwork --location "eastus" --vlan-id 502 --fabric-asn 65048 --peer-asn 65047--connected-i-pv4-subnets prefix="10.151.3.11/24" --mtu 1500 +az nf internalnetwork create --resource-group "ResourceGroupName" --l3-isolation-domain-name l3untrust --resource-name untrustnetwork --location "eastus" --vlan-id 502 --fabric-asn 65048 --peer-asn 65047--connected-i-pv4-subnets prefix="10.151.3.11/24" --mtu 1500 ```--### Create a trusted internal network for an L3 isolation domain +## Create a trusted internal network for an L3 isolation domain ```azurecli-az networkfabric internalnetwork create --resource-group "ResourceGroupName" --l3-isolation-domain-name l3trust --resource-name trustnetwork --location "eastus" --vlan-id 503 --fabric-asn 65048 --peer-asn 65047--connected-i-pv4-subnets prefix="10.151.1.11/24" --mtu 1500 +az nf internalnetwork create --resource-group "ResourceGroupName" --l3-isolation-domain-name l3trust --resource-name trustnetwork --location "eastus" --vlan-id 503 --fabric-asn 65048 --peer-asn 65047--connected-i-pv4-subnets prefix="10.151.1.11/24" --mtu 1500 ```--### Create an internal management network for an L3 isolation domain +## Create an internal management network for an L3 isolation domain ```azurecli-az networkfabric internalnetwork create --resource-group "ResourceGroupName" --l3-isolation-domain-name l3mgmt --resource-name mgmtnetwork --location "eastus" --vlan-id 504 --fabric-asn 65048 --peer-asn 65047--connected-i-pv4-subnets prefix="10.151.2.11/24" --mtu 1500 +az nf internalnetwork create --resource-group "ResourceGroupName" --l3-isolation-domain-name l3mgmt --resource-name mgmtnetwork --location "eastus" --vlan-id 504 --fabric-asn 65048 --peer-asn 65047--connected-i-pv4-subnets prefix="10.151.2.11/24" --mtu 1500 ``` -### Create multiple static routes with a single next hop +++++## Create multiple static routes with single next hop ```azurecli-az networkfabric internalnetwork create resource-name "example-internalnetwork" l3domain "example-l3domain" resource-group "ResourceGroupName" location "eastus" vlan-id "2028" mtu "1500" connected-ipv4-subnets '[{"prefix":"10.18.34.0/24","gateway":"10.18.34.2"}]' --bgp-configuration '{"defaultRouteOriginate":true,"peerASN":65510,"ipv4Prefix":"10.18.34.0/24"}'static-route-configuration '{"ipv4Routes":[{"prefix":"10.23.0.0/19","nextHop":["10.20.0.1"]},{"prefix":"10.24.0.0/19","nextHop":["10.20.0.1"]}]}'+az networkfabric internalnetwork create --resource-group "fab2nfrg180723" --l3-isolation-domain-name "example-l3domain" --resource-name "example-internalNetwork" --vlan-id 2600 --mtu 1500 --connected-ipv4-subnets "[{prefix:'10.2.0.0/24'}]" --static-route-configuration '{extension:NPB,bfdConfiguration:{multiplier:5,intervalInMilliSeconds:300},ipv4Routes:[{prefix:'10.3.0.0/24',nextHop:['10.5.0.1']},{prefix:'10.4.0.0/24',nextHop:['10.6.0.1']}]}' ``` -Expected output: +Expected Output +```json +{ + "administrativeState": "Enabled", + "configurationState": "Succeeded", + "connectedIPv4Subnets": [ + { + "prefix": "10.2.0.0/24" + } + ], + "extension": "NoExtension", + "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/l3IsolationDomains/example-l3domain/internalNetworks/example-internalnetwork", + "isMonitoringEnabled": "True", + "mtu": 1500, + "name": "example-internalNetwork", + "provisioningState": "Succeeded", + "resourceGroup": "ResourceGroupName", + "staticRouteConfiguration": { + "bfdConfiguration": { + "administrativeState": "Disabled", + "intervalInMilliSeconds": 300, + "multiplier": 5 + }, + "extension": "NoExtension", + "ipv4Routes": [ + { + "nextHop": [ + "10.5.0.1" + ], + "prefix": "10.3.0.0/24" + }, + { + "nextHop": [ + "10.6.0.1" + ], + "prefix": "10.4.0.0/24" + } + ] + }, + "systemData": { + "createdAt": "2023-XX-XXT13:46:26.394343+00:00", + "createdBy": "email@example.com", + "createdByType": "User", + "lastModifiedAt": "2023-XX-XXT13:46:26.394343+00:00", + "lastModifiedBy": "email@example.com", + "lastModifiedByType": "User" + }, + "type": "microsoft.managednetworkfabric/l3isolationdomains/internalnetworks", + "vlanId": 2600 +} +``` -```output -{ -- "administrativeState": "Enabled", - "annotation": null, - "bfdDisabledOnResources": null, - "bfdForStaticRoutesDisabledOnResources": null, - "bgpConfiguration": { - "allowAs": 2, - "allowAsOverride": "Enable", - "annotation": null, - "bfdConfiguration": null, - "defaultRouteOriginate": "True", - "fabricAsn": 65046, - "ipv4ListenRangePrefixes": null, - "ipv4NeighborAddress": null, - "ipv6ListenRangePrefixes": null, - "ipv6NeighborAddress": null, - "peerAsn": 65510 - }, -- "bgpDisabledOnResources": null, - "connectedIPv4Subnets": [ - { - "annotation": null, - "prefix": "10.18.34.0/24" - } - ], - "connectedIPv6Subnets": null, - "disabledOnResources": null, - "exportRoutePolicyId": null, - "id": "/subscriptions//xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx7/resourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/l3IsolationDomains/example-l3domain/internalNetworks/example-internalnetwor", - "importRoutePolicyId": null, - "mtu": 1500, - "name": "example-internalnetwork", - "provisioningState": "Accepted", - "resourceGroup": "ResourceGroupName", - "staticRouteConfiguration": { - "bfdConfiguration": null, - "ipv4Routes": [ - { - "nextHop": [ - "10.20.0.1" - ], - "prefix": "10.23.0.0/19" - }, - { - "nextHop": [ - "10.20.0.1" - ], - "prefix": "10.24.0.0/19" - } - ], - "ipv6Routes": null - }, - "systemData": { - "createdAt": "2023-XX-XXT13:46:26.394343+00:00", - "createdBy": "email@example.com", - "createdByType": "User", - "lastModifiedAt": "2023-XX-XXT13:46:26.394343+00:00", - "lastModifiedBy": "email@example.com", - "lastModifiedByType": "User" - }, - "type": "microsoft.managednetworkfabric/l3isolationdomains/internalnetworks", - "vlanId": 2028 -} -``` --### Create an internal network by using IPv6 +## Create Internal network using IPv6 ```azurecli-az networkfabric internalnetwork create resource-group "ResourceGroupName" l3-isolation-domain-name "example-l3domain" resource-name "example-internalipv6network" location "eastus" vlan-id 1090 connected-ipv6-subnets '[{"prefix":"10:101:1::0/64", "gateway":"10:101:1::1"}]' mtu 1500 --bgp-configuration '{"defaultRouteOriginate":true,"peerASN": 65020,"ipv6NeighborAddress":[{"address": "df8:f53b:82e4::53/127"}]}'+az networkfabric internalnetwork create --resource-group "fab2nfrg180723" --l3-isolation-domain-name "example-l3domain" --resource-name "example-internalnetwork" --vlan-id 2800 --connected-ipv6-subnets '[{"prefix":"10:101:1::0/64"}]' --mtu 1500 ``` -Expected output: +Expected Output -```output -{ - "administrativeState": "Enabled", - "annotation": null, - "bfdDisabledOnResources": null, - "bfdForStaticRoutesDisabledOnResources": null, - "bgpConfiguration": { - "allowAs": 2, - "allowAsOverride": "Enable", - "annotation": null, - "bfdConfiguration": null, - "defaultRouteOriginate": "True", - "fabricAsn": 65046, - "ipv4ListenRangePrefixes": null, - "ipv4NeighborAddress": null, - "ipv6ListenRangePrefixes": null, - "ipv6NeighborAddress": [ - { - "address": "df8:f53b:82e4::53/127", - "operationalState": "Disabled" - } - ], - "peerAsn": 65020 - }, - "bgpDisabledOnResources": null, - "connectedIPv4Subnets": null, - "connectedIPv6Subnets": [ - { - "annotation": null, - "prefix": "10:101:1::0/64" - } - ], - "disabledOnResources": null, - "exportRoutePolicyId": null, - "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/l3IsolationDomains/l3domain2/internalNetworks/internalipv6network", - "importRoutePolicyId": null, - "mtu": 1500, - "name": "internalipv6network", - "provisioningState": "Succeeded", - "resourceGroup": "ResourceGroupName", - "staticRouteConfiguration": null, - "systemData": { - "createdAt": "2023-XX-XXT10:34:33.933814+00:00", - "createdBy": "email@example.com", - "createdByType": "User", - "lastModifiedAt": "2023-XX-XXT10:34:33.933814+00:00", - "lastModifiedBy": "email@example.com", - "lastModifiedByType": "User" - }, - "type": "microsoft.managednetworkfabric/l3isolationdomains/internalnetworks", - "vlanId": 1090 +```json +{ + "administrativeState": "Enabled", + "configurationState": "Succeeded", + "connectedIPv6Subnets": [ + { + "prefix": "10:101:1::0/64" + } + ], + "extension": "NoExtension", + "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/l3IsolationDomains/l3domain2/internalNetworks/example-internalnetwork", + "isMonitoringEnabled": "True", + "mtu": 1500, + "name": "example-internalnetwork", + "provisioningState": "Succeeded", + "resourceGroup": "ResourceGroupName", + "systemData": { + "createdAt": "2023-XX-XXT10:34:33.933814+00:00", + "createdBy": "email@example.com", + "createdByType": "User", + "lastModifiedAt": "2023-XX-XXT10:34:33.933814+00:00", + "lastModifiedBy": "email@example.com", + "lastModifiedByType": "User" + }, + "type": "microsoft.managednetworkfabric/l3isolationdomains/internalnetworks", + "vlanId": 2800 } ``` The commands for creating an external network by using Azure CLI include the fol |Parameter|Description|Example|Required| |||||-|`peeringOption` |Peering that uses either Option A or Option B. Possible values are `OptionA` and `OptionB`. |`OptionB`| True| -|`optionBProperties` | Configuration of Option B properties. To specify, use `exportRouteTargets` or `importRouteTargets`.|`"exportRouteTargets": ["1234:1234"]}}`|| -|`optionAProperties` | Configuration of Option A properties. ||| -|`external`|Optional parameter to input MPLS Option B connectivity to external networks via private endpoint devices. By using this option, you can input import and export route targets as shown in the example.| || +|peeringOption |Peering using either optionA or optionb. Possible values OptionA and OptionB |OptionB| True| +|optionBProperties | OptionB properties configuration. To specify use exportIPv4/IPv6RouteTargets or importIpv4/Ipv6RouteTargets|"exportIpv4/Ipv6RouteTargets": ["1234:1234"]}}|| +|optionAProperties | Configuration of OptionA properties. Please refer to OptionA example in section below ||| +|external|This is an optional Parameter to input MPLS Option 10 (B) connectivity to external networks via Provider Edge devices. Using this Option, a user can Input Import and Export Route Targets as shown in the example| || -For Option A, you need to create an external network before you enable the L3 isolation domain. An external network is dependent on an internal network, so an external network can't be enabled without an internal network. The `vlan-id` value should be from `501` to `4095`. +For Option A You need to create an external network before you enable the L3 isolation Domain. An external is dependent on Internal network, so an external can't be enabled without an internal network. The vlan-id value should be between 501 and 4095. -### Create an external network by using Option B +## Create an external network using Option B ```azurecli-az networkfabric externalnetwork create resource-group "ResourceGroupName" l3domain "examplel3domain" resource-name "examplel3-externalnetwork" location "eastus" peering-option "OptionB" --option-b-properties '{"importRouteTargets": ["65541:2001"], "exportRouteTargets": ["65531:2001"]}'+az networkfabric externalnetwork create --resource-group "ResourceGroupName" --l3domain "examplel3-externalnetwork" --resource-name "examplel3-externalnetwork" --peering-option "OptionB" --option-b-properties "{routeTargets:{exportIpv4RouteTargets:['65045:2001'],importIpv4RouteTargets:['65045:2001']}}" ``` -Expected output: +Expected Output ++```json -```output { "administrativeState": "Enabled",- "annotation": null, - "disabledOnResources": null, - "exportRoutePolicyId": null, - "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxxX/resourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/l3IsolationDomains/examplel3isolationdomain/externalNetworks/example-externalnetwork", - "importRoutePolicyId": null, + "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/l3IsolationDomains/example-l3domain/externalNetworks/examplel3-externalnetwork", "name": "examplel3-externalnetwork",- "networkToNetworkInterconnectId": null, - "optionAProperties": null, "optionBProperties": { "exportRouteTargets": [- "65531:2001" + "65045:2001" ], "importRouteTargets": [- "65541:2001" - ] + "65045:2001" + ], + "routeTargets": { + "exportIpv4RouteTargets": [ + "65045:2001" + ], + "importIpv4RouteTargets": [ + "65045:2001" + ] + } }, "peeringOption": "OptionB", "provisioningState": "Succeeded", Expected output: "type": "microsoft.managednetworkfabric/l3isolationdomains/externalnetworks" } ```--### Create an external network by using Option A +## Create an external network with Option A ```azurecli-az networkfabric externalnetwork create resource-group "ResourceGroupName" l3domain "example-l3domain" resource-name "example-externalipv4network" location "eastus" --peering-option "OptionA" option-a-properties '{"peerASN": 65026,"vlanId": 2423, "mtu": 1500, "primaryIpv4Prefix": "10.18.0.148/30", "secondaryIpv4Prefix": "10.18.0.152/30"}'+az networkfabric externalnetwork create --resource-group "ResourceGroupName" --l3domain "example-l3domain" --resource-name "example-externalipv4network" --peering-option "OptionA" --option-a-properties '{"peerASN": 65026,"vlanId": 2423, "mtu": 1500, "primaryIpv4Prefix": "10.18.0.148/30", "secondaryIpv4Prefix": "10.18.0.152/30"}' ``` -Expected output: +Expected Output -```output -{ - "administrativeState": "Enabled", - "annotation": null, - "disabledOnResources": null, - "exportRoutePolicyId": null, - "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxxX/resourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/l3IsolationDomains/examplel3isolationdomain/externalNetworks/example-externalnetwork", - "importRoutePolicyId": null, - "name": "example-externalipv4network", - "networkToNetworkInterconnectId": null, - "optionAProperties": { - "bfdConfiguration": null, - "fabricAsn": 65026, - "mtu": 1500, - "peerAsn": 65026, - "primaryIpv4Prefix": "10.18.0.148/30", - "primaryIpv6Prefix": null, - "secondaryIpv4Prefix": "10.18.0.152/30", - "secondaryIpv6Prefix": null, - "vlanId": 2423 - }, -- "optionBProperties": null, - "peeringOption": "OptionA", - "provisioningState": "Accepted", - "resourceGroup": "ResourceGroupName", - "systemData": { +```json +{ + "administrativeState": "Enabled", + "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/l3IsolationDomains/example-l3domain/externalNetworks/example-externalipv4network", + "name": "example-externalipv4network", + "optionAProperties": { + "fabricASN": 65050, + "mtu": 1500, + "peerASN": 65026, + "primaryIpv4Prefix": "10.21.0.148/30", + "secondaryIpv4Prefix": "10.21.0.152/30", + "vlanId": 2423 + }, + "peeringOption": "OptionA", + "provisioningState": "Succeeded", + "resourceGroup": "ResourceGroupName", + "systemData": { + "createdAt": "2023-07-19T09:54:00.4244793Z", "createdAt": "2023-XX-XXT07:23:54.396679+00:00", - "createdBy": "email@address.com", - "createdByType": "User", + "createdBy": "email@address.com", "lastModifiedAt": "2023-XX-XX1T07:23:54.396679+00:00", - "lastModifiedBy": "email@address.com", - "lastModifiedByType": "User" - }, - "type": "microsoft.managednetworkfabric/l3isolationdomains/externalnetworks" + "lastModifiedBy": "email@address.com", + "lastModifiedByType": "User" + }, + "type": "microsoft.managednetworkfabric/l3isolationdomains/externalnetworks" }- ``` -### Create an external network by using IPv6 +### Create an external network creation using Ipv6 ```azurecli-az networkfabric externalnetwork create resource-group "ResourceGroupName"l3-isolation-domain-name "example-l3domain"resource-name "example-externalipv6network"location "eastus"vlan-id 506peer-asn 65022primary-ipv6-prefix "10:101:2::0/127"secondary-ipv6-prefix "10:101:3::0/127"+az networkfabric externalnetwork create --resource-group "ResourceGroupName" --l3domain "example-l3domain" --resource-name "example-externalipv6network" --peering-option "OptionA" --option-a-properties '{"peerASN": 65026,"vlanId": 2423, "mtu": 1500, "primaryIpv6Prefix": "fda0:d59c:da16::/127", "secondaryIpv6Prefix": "fda0:d59c:da17::/127"}' ``` The supported primary and secondary IPv6 prefix size is /127. -Expected output: +Expected Output -```output +```json {- "administrativeState": null, - "annotation": null, - "bfdConfiguration": null, - "bfdDisabledOnResources": null, - "bgpDisabledOnResources": null, - "disabledOnResources": null, - "exportRoutePolicyId": null, - "fabricAsn": 65026, + "administrativeState": "Enabled", "id": "/subscriptions//xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/l3IsolationDomains/example-l3domain/externalNetworks/example-externalipv6network",- "importRoutePolicyId": null, - "mtu": 1500, "name": "example-externalipv6network",- "peerAsn": 65022, - "primaryIpv4Prefix": "10:101:2::0/127", - "primaryIpv6Prefix": null, + "optionAProperties": { + "fabricASN": 65050, + "mtu": 1500, + "peerASN": 65026, + "primaryIpv6Prefix": "fda0:d59c:da16::/127", + "secondaryIpv6Prefix": "fda0:d59c:da17::/127", + "vlanId": 2423 + }, + "peeringOption": "OptionA", "provisioningState": "Succeeded", "resourceGroup": "ResourceGroupName",- "secondaryIpv4Prefix": null, - "secondaryIpv6Prefix": "10:101:3::0/127", "systemData": { "createdAt": "2022-XX-XXT07:52:26.366069+00:00", "createdBy": "email@address.com", "createdByType": "User", "lastModifiedAt": "2022-XX-XXT07:52:26.366069+00:00",- "lastModifiedBy": "", + "lastModifiedBy": "email@address.com", "lastModifiedByType": "User" },- "type": "microsoft.managednetworkfabric/l3isolationdomains/externalnetworks", - "vlanId": 506 + "type": "microsoft.managednetworkfabric/l3isolationdomains/externalnetworks" } ``` -## Enable an L2 isolation domain +## Enable an L2 Isolation Domain ```azurecli-az networkfabric l2domain update-administrative-state --resource-group "ResourceGroupName" --resource-name "l2HAnetwork" --state Enable +az nf l2domain update-administrative-state --resource-group "ResourceGroupName" --resource-name "l2HAnetwork" --state Enable ``` ## Enable an L3 isolation domain az networkfabric l2domain update-administrative-state --resource-group "Resource Use this command to enable an untrusted L3 isolation domain: ```azurecli-az networkfabric l3domain update-admin-state --resource-group "ResourceGroupName" --resource-name "l3untrust" --state Enable +az nf l3domain update-admin-state --resource-group "ResourceGroupName" --resource-name "l3untrust" --state Enable ``` + Use this command to enable a trusted L3 isolation domain: ```azurecli-az networkfabric l3domain update-admin-state --resource-group "ResourceGroupName" --resource-name "l3trust" --state Enable +az nf l3domain update-admin-state --resource-group "ResourceGroupName" --resource-name "l3trust" --state Enable ``` + Use this command to enable a management L3 isolation domain: ```azurecli-az networkfabric l3domain update-admin-state --resource-group "ResourceGroupName" --resource-name "l3mgmt" --state Enable +az nf l3domain update-admin-state --resource-group "ResourceGroupName" --resource-name "l3mgmt" --state Enable ```+++++++ |
operator-nexus | Howto Configure Network Fabric Controller | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/operator-nexus/howto-configure-network-fabric-controller.md | Title: "Azure Operator Nexus: Configure a network fabric controller" description: Learn commands to create and modify a network fabric controller in Azure Operator Nexus instances.--++ Previously updated : 02/06/2023 Last updated : 07/20/2023 -# Create and modify a network fabric controller by using the Azure CLI +# Create and modify a Network Fabric Controller using Azure CLI -This article describes how to create a network fabric controller (NFC) for Azure Operator Nexus by using the Azure CLI. This article also shows you how to check the status of and delete an NFC. +This article describes how to create a Network Fabric Controller (NFC) by using the Azure Command Line Interface (AzureCLI). +This document also shows you how to check the status, or delete a Network Fabric Controller. ## Prerequisites -* Validate Azure ExpressRoute circuits for correct connectivity (`CircuitId` and `AuthId`). NFC provisioning will fail if connectivity is incorrect. -* Make sure that names, such as for resources, don't contain the underscore (\_) character. +You must implement all the prerequisites prior to creating an NFC. -## Parameters for NFC creation +Names, such as for resources, shouldn't contain the underscore (\_) character. -| Parameter | Description | Values | Example | Required | Type | -|||-|-||| -| `Resource-Group` | A resource group is a container that holds related resources for an Azure solution. | `NFCResourceGroupName` | `XYZNFCResourceGroupName` | True | String | -| `Location` | The Azure region is mandatory to provision your deployment. | `eastus`, `westus3` | `eastus` | True | String | -| `Resource-Name` | The resource name is the name of the fabric. | `nfcname` | `XYZnfcname` | True | String | -| `NFC IP Block` | This block is the NFC IP subnet. The default subnet block is 10.0.0.0/19, and it shouldn't overlap with any of the ExpressRoute IPs. | `10.0.0.0/19` | `10.0.0.0/19` | Not required | String | -| `Express Route Circuits` | The ExpressRoute circuit is a dedicated 10G link that connects Azure and on-premises. You need to know the ExpressRoute circuit ID and authentication key to successfully provision an NFC. There are two ExpressRoute circuits: one for the infrastructure services and one for workload (tenant) services. | `--workload-er-connections '[{"expressRouteCircuitId": "xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx", "expressRouteAuthorizationKey": "xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx"}]'` <br /><br /> `--infra-er-connections '[{"expressRouteCircuitId": "xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx", "expressRouteAuthorizationKey": "xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx"}]'` | `subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-01", "expressRouteAuthorizationKey": "xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx"}]` | True | String | +### Validate ExpressRoute circuit ++Validate the ExpressRoute circuit(s) for correct connectivity (CircuitID)(AuthID); NFC provisioning would fail if connectivity is incorrect. +++## Create a Network Fabric Controller -## Create a network fabric controller +You must create a resource group before you create your NFC. -You must create a resource group before you create your NFC. Create a separate resource group for each NFC. +**Note**: You should create a separate Resource Group for each NFC. -You create a resource group by running the following command: +You create resource groups by running the following commands: ```azurecli az group create -n NFCResourceGroupName -l "East US" ``` -Here's an example of how you can create an NFC by using the Azure CLI: +## Attributes for NFC creation ++| Parameter | Description | values | Example | Required | Type | +|||-|-||| +| Resource-Group | A resource group is a container that holds related resources for an Azure solution. | NFCResourceGroupName | XYZNFCResourceGroupName | True | String | +| Location | The Azure Region is mandatory to provision your deployment. | eastus, westus3, southcentralus, eus2euap | eastus | True | String | +| Resource-Name | The Resource-name will be the name of the Fabric | nfcname | XYZnfcname | True | String | +| NFC IP Block | This Block is the NFC IP subnet, the default subnet block is 10.0.0.0/19, and it also shouldn't overlap with any of the ExpressRoute IPs | 10.0.0.0/19 | 10.0.0.0/19 | Not Required | String | +| Express Route Circuits | The ExpressRoute circuit is a dedicated 10G link that connects Azure and on-premises. You need to know the ExpressRoute Circuit ID and Auth key for an NFC to successfully provision. There are two Express Route Circuits, one for the Infrastructure services and other one for Workload (Tenant) services | --workload-er-connections '[{"expressRouteCircuitId": "xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx", "expressRouteAuthorizationKey": "xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx"}]' <br /><br /> --infra-er-connections '[{"expressRouteCircuitId": "xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx", "expressRouteAuthorizationKey": "xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx"}]' | subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-01", "expressRouteAuthorizationKey": "xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx"}] | True | string | ++Here's an example of how you can create an NFC using the Azure CLI. +For more information, see [attributes section](#attributes-for-nfc-creation). ```azurecli az networkfabric controller create \ az networkfabric controller create \ --workload-er-connections '[{"expressRouteCircuitId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-01"", "expressRouteAuthorizationKey": "<auth-key>"}]' ``` +**Note:** The NFC creation takes between 30-45 mins. +Use the `show` command to monitor NFC creation progress. +You'll see different provisioning states such as, Accepted, updating and Succeeded/Failed. +Delete and recreate the NFC if the creation fails (`Failed`). +The expected output only shows running as soon as you execute via AzureCLI + Expected output: ```json- "annotation": null, + { "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFCResourceGroupName/providers/Microsoft.ManagedNetworkFabric/networkFabricControllers/nfcname", "infrastructureExpressRouteConnections": [ {- "expressRouteAuthorizationKey": null, - "expressRouteCircuitId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-01" + "expressRouteCircuitId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-02" } ],- "infrastructureServices": null, + "infrastructureServices": { + "ipv4AddressSpaces": [ + "10.0.0.0/21" + ], + "ipv6AddressSpaces": [] + }, "ipv4AddressSpace": "10.0.0.0/19",- "ipv6AddressSpace": null, + "ipv6AddressSpace": "FC00::/59", + "isWorkloadManagementNetworkEnabled": "True", "location": "eastus",- "managedResourceGroupConfiguration": { - "location": "eastus2euap", - "name": "nfcname-HostedResources-7DE8EEC1" - }, - "name": "nfcname", - "networkFabricIds": null, - "operationalState": null, - "provisioningState": "Accepted", - "resourceGroup": "NFCresourcegroupname", + "managedResourceGroupConfiguration": {}, + "name": "NFCName", + "nfcSku": "Standard", + "provisioningState": "Succeeded", + "resourceGroup": "NFCResourceGroupName", "systemData": {- "createdAt": "2022-10-31T10:47:08.072025+00:00", + "createdAt": "2023XX-XXT18:59:41.7805324Z", "createdBy": "email@address.com", "createdByType": "User",- "lastModifiedAt": "2022-10-31T10:47:08.072025+00:00", - "lastModifiedBy": "email@address.com", + "lastModifiedAt": "2023-XX-XXT09:50:27.4598499Z", + "lastModifiedBy": "d1bd24c7-b27f-477e-86dd-939e107873d7", + "lastModifiedByType": "Application" + }, + "type": "microsoft.managednetworkfabric/networkfabriccontrollers", + "workloadExpressRouteConnections": [ + { + "expressRouteCircuitId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx//resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-03" + } + ], + "workloadManagementNetwork": true, + "workloadServices": { + "ipv4AddressSpaces": [ + "10.0.28.0/22" + ], + "ipv6AddressSpaces": [] + } +} ``` -NFC creation takes 30 to 45 minutes. Use the `show` command to monitor the progress. Provisioning states include `Accepted`, `Updating`, `Succeeded`, and `Failed`. Delete and re-create the NFC if the creation fails (`Failed`). --## Get a network fabric controller +## Get Network Fabric Controller ```azurecli az networkfabric controller show --resource-group "NFCResourceGroupName" --resource-name "nfcname" Expected output: ```json {- "annotation": null, "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFCResourceGroupName/providers/Microsoft.ManagedNetworkFabric/networkFabricControllers/nfcname", "infrastructureExpressRouteConnections": [ {- "expressRouteAuthorizationKey": null, "expressRouteCircuitId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-02" } ], "infrastructureServices": {- "ipv4AddressSpaces": ["10.0.0.0/21"], + "ipv4AddressSpaces": [ + "10.0.0.0/21" + ], "ipv6AddressSpaces": [] }, "ipv4AddressSpace": "10.0.0.0/19",- "ipv6AddressSpace": null, + "ipv6AddressSpace": "FC00::/59", + "isWorkloadManagementNetworkEnabled": "True", "location": "eastus",- "managedResourceGroupConfiguration": { - "location": "eastus", - "name": "nfcname-HostedResources-XXXXXXXX" - }, - "name": "nfcname", - "networkFabricIds": [], - "operationalState": null, + "managedResourceGroupConfiguration": {}, + "name": "NFCName", + "nfcSku": "Standard", "provisioningState": "Succeeded", "resourceGroup": "NFCResourceGroupName", "systemData": {- "createdAt": "2022-10-27T16:02:13.618823+00:00", + "createdAt": "2023XX-XXT18:59:41.7805324Z", "createdBy": "email@address.com", "createdByType": "User",- "lastModifiedAt": "2022-10-27T17:13:18.278423+00:00", + "lastModifiedAt": "2023-XX-XXT09:50:27.4598499Z", "lastModifiedBy": "d1bd24c7-b27f-477e-86dd-939e107873d7", "lastModifiedByType": "Application" },- "tags": null, "type": "microsoft.managednetworkfabric/networkfabriccontrollers", "workloadExpressRouteConnections": [ {- "expressRouteAuthorizationKey": null, - "expressRouteCircuitId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-03" + "expressRouteCircuitId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx//resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-03" } ], "workloadManagementNetwork": true, "workloadServices": {- "ipv4AddressSpaces": ["10.0.28.0/22"], + "ipv4AddressSpaces": [ + "10.0.28.0/22" + ], "ipv6AddressSpaces": [] } } ``` -## Delete a network fabric controller +## Delete Network Fabric Controller -You should delete an NFC only after deleting all associated network fabrics. Use this command to delete an NFC: +You should delete an NFC only after deleting all associated network fabrics. ```azurecli az networkfabric controller delete --resource-group "NFCResourceGroupName" --resource-name "nfcname" Expected output: "createdAt": "2022-10-31T10:47:08.072025+00:00", ``` -It takes 30 minutes for the deletion to finish. In the Azure portal, verify that the hosted resources are deleted. +> [!NOTE] +> It takes 30 mins to delete the NFC. In the Azure portal, verify that the hosted resources have been deleted. ## Next steps |
operator-nexus | Howto Configure Network Fabric | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/operator-nexus/howto-configure-network-fabric.md | -# Create and provision a network fabric by using the Azure CLI +# Create and Provision a Network Fabric using Azure CLI ++This article describes how to create a Network Fabric by using the Azure Command Line Interface (AzCLI). This document also shows you how to check the status, update, or delete a Network Fabric. -This article describes how to create a network fabric for Azure Operator Nexus by using the Azure CLI. This article also shows you how to check the status of, update, and delete a network fabric. ## Prerequisites * An Azure account with an active subscription.-* The latest version of the Azure CLI commands (2.0 or later). For more information, see [Install the Azure CLI](./howto-install-cli-extensions.md). -* A network fabric controller (NFC) that manages multiple network fabrics in the same Azure region. -* A physical Azure Operator Nexus instance with cabling, as described in the bill of materials (BoM). -* Azure ExpressRoute connectivity between NFC and Azure Operator Nexus instances. -* A terminal server [installed and configured](./howto-platform-prerequisites.md#set-up-terminal-server) with a username and password. -* Provider edge (PE) devices preconfigured with necessary VLANs, route targets, and IP addresses. --Supported SKUs for network fabric instances are: --* M4-A400-A100-C16-aa for up to four compute racks -* M8-A400-A100-C16-aa for up to eight compute racks --## Steps to provision a fabric and racks --1. Create a network fabric by providing racks, server count, SKU, and network configuration. -1. Create a network-to-network interconnect (NNI) by providing Layer 2 and Layer 3 parameters. -1. Update the serial number in the network device resource with the actual serial number on the device. The device sends the serial number as part of a DHCP request. -1. Configure the terminal server (which also hosts the DHCP server) with the serial numbers of all the devices. -1. Provision the network devices via zero-touch provisioning mode. Based on the serial number in the DHCP request, the DHCP server responds with the boot configuration file for the corresponding device. --## Configure a network fabric --The following table specifies parameters that you use to create a network fabric. In the table, `$prefix` is `/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/networkFabricControllers`. --| Parameter | Description | Example | Required | Type | -|--|-||-|| -| `resource-group` | Name of the resource group. | `NFResourceGroup` |True || -| `location` | Azure Operator Nexus region. | `eastus` |True | -| `resource-name` | Name of the fabric resource. | `NF-ResourceName` |True || -| `nf-sku` |Fabric SKU ID, which is the SKU of the ordered BoM. The two supported SKUs are M4-A400-A100-C16-aa and M8-A400-A100-C16-aa. | `M4-A400-A100-C16-aa` |True | String| -|`nfc-id`|Azure Resource Manager resource ID for the network fabric controller.|`$prefix/NFCName`|True || -|`rackcount`|Number of compute racks per fabric. Possible values are `2` to `8`.|`8`|True || -|`serverCountPerRack`|Number of compute servers per rack. Possible values are `4`, `8`, `12`, and `16`.|`16`|True || -|`ipv4Prefix`|IPv4 prefix of the management network. This prefix should be unique across all network fabrics in a network fabric controller. Prefix length should be at least 19 (/20 isn't allowed, but /18 and lower are allowed). | `10.246.0.0/19`|True || -|`ipv6Prefix`|IPv6 prefix of the management network. This prefix should be unique across all network fabrics in a network fabric controller. | `10:5:0:0::/59`|True || -|`management-network-config`| Details of the management network. ||True || -|`infrastructureVpnConfiguration`| Details of the management VPN connection between the network fabric and infrastructure services in the network fabric controller.||True|| -|`optionBProperties`| Details of MPLS Option 10B, which is used for connectivity between the network fabric and the network fabric controller.||True|| -|`importRouteTargets`|Values of import route targets to be configured on customer edges (CEs) for exchanging routes between a CE and provider edge (PE) via MPLS Option 10B.|`65048:10039`|True (if Option B is enabled)|| -|`exportRouteTargets`|Values of export route targets to be configured on CEs for exchanging routes between a CE and a PE via MPLS Option 10B.| `65048:10039`|True (if Option B is enabled)|| -|`workloadVpnConfiguration`| Details of the workload VPN connection between the network fabric and workload services in the network fabric controller.|||| -|`optionBProperties`| Details of MPLS Option 10B, which is used for connectivity between the network fabric and the network fabric controller.|||| -|`importRouteTargets`|Values of import route targets to be configured on CEs for exchanging routes between a CE and a PE via MPLS Option 10B.|`65048:10050`|True (if Option B is enabled)|| -|`exportRouteTargets`|Values of export route targets to be configured on CEs for exchanging routes between a CE and a PE via MPLS Option 10B.|`65048:10050`|True (if Option B is enabled)|| -|`ts-config`| Terminal server configuration details.||True|| -|`primaryIpv4Prefix`| IPv4 prefix for connectivity between the terminal server and the primary PE. The terminal server interface for the primary network is assigned the first usable IP from the prefix. The corresponding interface on the PE is assigned the second usable address.|`20.0.10.0/30`; the terminal server interface for the primary network is assigned `20.0.10.1`, and the PE interface is assigned `20.0.10.2`.|True|| -|`secondaryIpv4Prefix`|IPv4 prefix for connectivity between the terminal server and the secondary PE. The terminal server interface for the secondary network is assigned the first usable IP from the prefix. The corresponding interface on the PE is assigned the second usable address.|`20.0.0.4/30`; the terminal server interface for the secondary network is assigned `20.0.10.5`, and the PE interface is assigned `20.0.10.6`.|True|| -|`username`| Username that the services use to configure the terminal server.||True|| -|`password`| Password that the services use to configure the terminal server.||True|| -|`serialNumber`| Serial number of the terminal server.|||| --### Create a network fabric --You must create a resource group before you create a network fabric. We recommend that you create a separate resource group for each network fabric. You can create a resource group by using the following command: +* Install the latest version of the CLI commands (2.0 or later). For information about installing the CLI commands, see [Install Azure CLI](./howto-install-cli-extensions.md) +* A Network Fabric controller manages multiple Network Fabrics on the same Azure region. +* Physical Operator-Nexus instance with cabling as per BoM. +* Express Route connectivity between NFC and Operator-Nexus instances. +* Terminal server pre-configured with username and password [installed and configured](./howto-platform-prerequisites.md#set-up-terminal-server) +* PE devices pre-configured with necessary VLANs, Route-Targets and IP addresses. +* Supported SKUs from NFA Release 2.4 and beyond for Fabric are **M4-A400-A100-C16-ab**, **M8-A400-A100-C16-ab**, **M4-A400-A100-C16-aa** and **M8-A400-A100-C16-aa**. + * M4-A400-A100-C16-aa - up to four compute racks (BOM 1.6.2) + * M8-A400-A100-C16-aa - up to eight compute racks (BOM 1.6.2) + * M4-A400-A100-C16-ab - Up to four Compute Racks (BOM 1.7.3) + * M8-A400-A100-C16-ab - Up to eight Compute Racks (BOM 1.7.3) ++## Steps to Provision a Fabric & Racks ++* Create a Network Fabric by providing racks, server count, SKU & network configuration. +* Create a Network to Network Interconnect by providing Layer2 & Layer 3 Parameters +* Update the serial number in the networkDevice resource with the actual serial number on the device. +* Configure the terminal server with the serial numbers of all the devices. +* Provision the Network Fabric. +++## Fabric Configuration ++The following table specifies parameters used to create Network Fabric, ++**$prefix:** /subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/networkFabricControllers ++| Parameter | Description | Example | Required | Type| +|--|-||-|-| +| resource-group | Name of the resource group | "NFResourceGroup" |True | +| location | Operator-Nexus Azure region | "eastus" |True | +| resource-name | Name of the FabricResource | NF-ResourceName |True | +| nf-sku |Fabric SKU ID is the SKU of the ordered BoM. Four SKUs are supported (**M4-A400-A100-C16-aa**, **M8-A400-A100-C16-aa**, **M4-A400-A100-C16-ab** and **M8-A400-A100-C16-ab**). | M4-A400-A100-C16-ab |True | String| +|nfc-id|Network Fabric Controller "ARM resource ID"|**$prefix**/NFCName|True | | +|rackcount|Number of compute racks per fabric. Possible values are 2-8|8|True | +|serverCountPerRack|Number of compute servers per rack. Possible values are 4, 8, 12 or 16|16|True | +|ipv4Prefix|IPv4 Prefix of the management network. This Prefix should be unique across all Network Fabrics in a Network Fabric Controller. Prefix length should be at least 19 (/20 isn't allowed, /18 and lower are allowed) | 10.246.0.0/19|True | +|ipv6Prefix|IPv6 Prefix of the management network. This Prefix should be unique across all Network Fabrics in a Network Fabric Controller. | 10:5:0:0::/59|True | +|**management-network-config**| Details of management network ||True | +|**infrastructureVpnConfiguration**| Details of management VPN connection between Network Fabric and infrastructure services in Network Fabric Controller||True +|*optionBProperties*| Details of MPLS option 10B is used for connectivity between Network Fabric and Network Fabric Controller||True| +|importRouteTargets|Route targets are now defined for specific IP subnet class, such as IPv4 and IPv6. Values of import route targets to be configured on CEs for exchanging routes between CE & PE via MPLS option 10B, |e.g., 65048:10039|True(If OptionB enabled)| +|exportRouteTargets|Route targets are now defined for specific IP subnet class, such as IPv4 and IPv6. Values of export route targets to be configured on CEs for exchanging routes between CE & PE via MPLS option 10B|e.g., 65048:10039|True(If OptionB enabled)| +|**workloadVpnConfiguration**| Details of workload VPN connection between Network Fabric and workload services in Network Fabric Controller|| +|*optionBProperties*| Details of MPLS option 10B is used for connectivity between Network Fabric and Network Fabric Controller|| +|importRouteTargets|Route targets are now defined for specific IP subnet class, such as IPv4 and IPv6. Values of import route targets to be configured on CEs for exchanging routes between CE & PE via MPLS option 10B|e.g., 65048:10050|True(If OptionB enabled)| +|exportRouteTargets|Route targets are now defined for specific IP subnet class, such as IPv4 and IPv6. Values of export route targets to be configured on CEs for exchanging routes between CE & PE via MPLS option 10B|e.g., 65048:10050|True(If OptionB enabled)| +|**ts-config**| Terminal Server Configuration Details||True +|primaryIpv4Prefix| The terminal server Net1 interface should be assigned the first usable IP from the prefix and the corresponding interface on PE should be assigned the second usable address|20.0.10.0/30, TS Net1 interface should be assigned 20.0.10.1 and PE interface 20.0.10.2|True| +|secondaryIpv4Prefix|IPv4 Prefix for connectivity between TS and PE2. The terminal server Net2 interface should be assigned the first usable IP from the prefix and the corresponding interface on PE should be assigned the second usable address|20.0.0.4/30, TS Net2 interface should be assigned 20.0.10.5 and PE interface 20.0.10.6|True| +|username| Username configured on the terminal server that the services use to configure TS|username|True| +|password| Password configured on the terminal server that the services use to configure TS|password|True| +|serialNumber| Serial number of Terminal Server|SN of the Terminal Server|| +++## Create a Network Fabric ++Resource group must be created before Network Fabric creation. It's recommended to create a separate resource group for each Network Fabric. Resource group can be created by the following command: ```azurecli az group create -n NFResourceGroup -l "East US" ```--Run the following command to create the network fabric. The rack count is either `4` or `8`, depending on your setup. +Run the following command to create the Network Fabric: ```azurecli -az networkfabric fabric create \ +az nf fabric create \ --resource-group "NFResourceGroupName" --location "eastus" \ --resource-name "NFName" \ az networkfabric fabric create \ --rack-count 4 --server-count-per-rack 8 --ts-config '{"primaryIpv4Prefix":"20.0.1.0/30", "secondaryIpv4Prefix":"20.0.0.0/30", "username":"****", "password": "****", "serialNumber":"TerminalServerSerialNumber"}' managed-network-config '{"infrastructureVpnConfiguration":{"peeringOption":"OptionB","optionBProperties":{"importRouteTargets":["65048:10039"],"exportRouteTargets":["65048:10039"]}}, "workloadVpnConfiguration":{"peeringOption": "OptionB", "optionBProperties": {"importRouteTargets": ["65048:10050"], "exportRouteTargets": ["65048:10050"]}}}'+--managed-network-config '{"infrastructureVpnConfiguration":{"peeringOption":"OptionB","optionBProperties":{"routeTargets": {"importIpv4RouteTargets":["65048:10039"], "importIpv6RouteTargets":["65048:10039"], "exportIpv4RouteTargets":["65048:10039"], "exportIpv6RouteTargets":["65048:10039"]}}},"workloadVpnConfiguration":{"peeringOption":"OptionB","optionBProperties":{"routeTargets": {"importIpv4RouteTargets":["65048:10050"], "importIpv6RouteTargets":["65048:10039"], "exportIpv4RouteTargets":["65048:10039"], "exportIpv6RouteTargets":["65048:10039"]}}}} +``` +> [!Note] +> * if it's a four racks set up then the rack count would be 4 +> * if it's an eight rack set up then the rack count would be 8 ++Expected output: ++```output +{ + "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/microsoft.managednetworkfabric/networkfabrics/NFName", + "name": "NFName", + "type": "microsoft.managednetworkfabric/networkfabrics", + "location": "eastus", + "systemData": { + "createdBy": "97fdd529-68de-4ba5-aa3c-adf86bd564bf", + "createdByType": "Application", + "createdAt": "2023-XX-XXT18:29:58.3785568Z", + "lastModifiedBy": "97fdd529-68de-4ba5-aa3c-adf86bd564bf", + "lastModifiedByType": "Application", + "lastModifiedAt": "2023-XX-XXT18:29:58.3785568Z" + }, + "properties": { + "fabricVersion": "1.0.0", + "networkFabricSku": "NFSKU", + "networkFabricControllerId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFCResourceGroup/providers/microsoft.managednetworkfabric/networkfabriccontrollers/NFCName", + "terminalServerConfiguration": { + "username": "XXXX", + "serialNumber": "TerminalServerSerialNumber", + "primaryIpv4Prefix": "20.0.1.0/30", + "secondaryIpv4Prefix": "20.0.0.0/30" + }, + "managementNetworkConfiguration": { + "infrastructureVpnConfiguration": { + "administrativeState": "Enabled", + "peeringOption": "OptionB", + "optionBProperties": { + "routeTargets": { + "importIpv4RouteTargets": [ + "65048:10039" + ], + "importIpv6RouteTargets": [ + "65048:10039" + ], + "exportIpv4RouteTargets": [ + "65048:10039" + ], + "exportIpv6RouteTargets": [ + "65048:10039" + ] + } + } + }, + "workloadVpnConfiguration": { + "administrativeState": "Enabled", + "peeringOption": "OptionB", + "optionBProperties": { + "routeTargets": { + "importIpv4RouteTargets": [ + "65048:10039" + ], + "importIpv6RouteTargets": [ + "65048:10039" + ], + "exportIpv4RouteTargets": [ + "65048:10039" + ], + "exportIpv6RouteTargets": [ + "65048:10039" + ] + } + } + } + }, + "provisioningState": "Updating", + "rackCount": 4, + "serverCountPerRack": 8, + "ipv4Prefix": "10.30.0.0/19", + "ipv6Prefix": "fda0:d59c:df02::/59", + "fabricASN": 65048 + } +} + ```+## show network fabric +```azurecli +az networkfarbic fabric show --resource-group "NFResourceGroupName" --resource-name "NFName" +``` Expected output: ```output+ {- "annotation": null, - "fabricAsn": 65048, - "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkFabrics/NFName", + "configurationState": "Provisioned", + "fabricASN": 65048, + "fabricVersion": "1.0.0", + "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/microsoft.managednetworkfabric/networkfabrics/NFName", "ipv4Prefix": "10.2.0.0/19",- "ipv6Prefix": "fda0:d59c:da02::/59", - "l2IsolationDomains": null, - "l3IsolationDomains": null, + "ipv6Prefix": "fda0:d59c:df02::/59", + "l2IsolationDomains": [], + "l3IsolationDomains": [], "location": "eastus", "managementNetworkConfiguration": { "infrastructureVpnConfiguration": { "administrativeState": "Enabled",- "networkToNetworkInterconnectId": null, - "optionAProperties": null, "optionBProperties": {- "exportRouteTargets": [ - "65048:10039" - ], - "importRouteTargets": [ - "65048:10039" - ] + "routeTargets": { + "exportIpv4RouteTargets": [ + "65048:10039" + ], + "exportIpv6RouteTargets": [ + "65048:10039" + ], + "importIpv4RouteTargets": [ + "65048:10039" + ], + "importIpv6RouteTargets": [ + "65048:10039" + ] + } }, "peeringOption": "OptionB" }, "workloadVpnConfiguration": { "administrativeState": "Enabled",- "networkToNetworkInterconnectId": null, - "optionAProperties": null, "optionBProperties": {- "exportRouteTargets": [ - "65048:10050" - ], - "importRouteTargets": [ - "65048:10050" - ] + "routeTargets": { + "exportIpv4RouteTargets": [ + "65048:10039" + ], + "exportIpv6RouteTargets": [ + "65048:10039" + ], + "importIpv4RouteTargets": [ + "65048:10039" + ], + "importIpv6RouteTargets": [ + "65048:10039" + ] + } }, "peeringOption": "OptionB" } }, "name": "NFName",- "networkFabricControllerId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFCResourceGroupName/providers/Microsoft.ManagedNetworkFabric/networkFabricControllers/NFCName", + "networkFabricControllerId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFCResourceGroupName/providers/microsoft.managednetworkfabric/networkfabriccontrollers/NFCName", "networkFabricSku": "NFSKU",- "operationalState": null, - "provisioningState": "Accepted", + "provisioningState": "Succeeded", "rackCount": 4,- "racks": null, - "resourceGroup": "NFResourceGroupName", - "routerId": null, + "racks": [ + "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourcegroups/NFResourceGroup/providers/microsoft.managednetworkfabric/networkracks/NFName-aggrack", + "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourcegroups/NFResourceGroup/providers/microsoft.managednetworkfabric/networkracks/NFName-comprack1", + "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourcegroups/NFResourceGroup/providers/microsoft.managednetworkfabric/networkracks/NFName-comprack2", + "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourcegroups/NFResourceGroup/providers/microsoft.managednetworkfabric/networkracks/NFName-comprack3", + "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourcegroups/NFResourceGroup/providers/microsoft.managednetworkfabric/networkracks/NFName-comprack4" + ], + "resourceGroup": "NFResourceGroup", "serverCountPerRack": 8, "systemData": {- "createdAt": "2023-XX-X-6T12:52:11.769525+00:00", - "createdBy": "email@address.com", - "createdByType": "User", - "lastModifiedAt": "2023-XX-XX-6T12:52:11.769525+00:00", - "lastModifiedBy": "email@address.com", - "lastModifiedByType": "User" + "createdAt": "2023-XX-XXT18:29:58.3785568Z", + "createdBy": "97fdd529-68de-4ba5-aa3c-adf86bd564bf", + "createdByType": "Application", + "lastModifiedAt": "2023-XX-XXT04:32:02.7129198Z", + "lastModifiedBy": "d1bd24c7-b27f-477e-86dd-939e107873d7", + "lastModifiedByType": "Application" },- "tags": null, "terminalServerConfiguration": {- "networkDeviceId": null, - "password": null, "primaryIpv4Prefix": "20.0.1.0/30",- "primaryIpv6Prefix": null, "secondaryIpv4Prefix": "20.0.0.0/30",- "secondaryIpv6Prefix": null, "serialNumber": "TerminalServerSerialNumber",- "username": "****" + "username": "XXXX" }, "type": "microsoft.managednetworkfabric/networkfabrics" } ``` -### Show network fabrics +## List all network fabrics in a resource group ```azurecli-az networkfabric fabric show --resource-group "NFResourceGroupName" --resource-name "NFName" +az networkfabric fabric list --resource-group "NFResourceGroup" ``` Expected output: ```output- {- "annotation": null, - "fabricAsn": 65048, - "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkFabrics/NFName", + "configurationState": "Provisioned", + "fabricASN": 65048, + "fabricVersion": "1.0.0", + "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/microsoft.managednetworkfabric/networkfabrics/NFName", "ipv4Prefix": "10.2.0.0/19",- "ipv6Prefix": "fda0:d59c:da02::/59", - "l2IsolationDomains": null, - "l3IsolationDomains": null, + "ipv6Prefix": "fda0:d59c:df02::/59", + "l2IsolationDomains": [], + "l3IsolationDomains": [], "location": "eastus", "managementNetworkConfiguration": { "infrastructureVpnConfiguration": { "administrativeState": "Enabled",- "networkToNetworkInterconnectId": null, - "optionAProperties": null, "optionBProperties": {- "exportRouteTargets": [ - "65048:10039" - ], - "importRouteTargets": [ - "65048:10039" - ] + "routeTargets": { + "exportIpv4RouteTargets": [ + "65048:10039" + ], + "exportIpv6RouteTargets": [ + "65048:10039" + ], + "importIpv4RouteTargets": [ + "65048:10039" + ], + "importIpv6RouteTargets": [ + "65048:10039" + ] + } }, "peeringOption": "OptionB" }, "workloadVpnConfiguration": { "administrativeState": "Enabled",- "networkToNetworkInterconnectId": null, - "optionAProperties": null, "optionBProperties": {- "exportRouteTargets": [ - "65048:10050" - ], - "importRouteTargets": [ - "65048:10050" - ] + "routeTargets": { + "exportIpv4RouteTargets": [ + "65048:10039" + ], + "exportIpv6RouteTargets": [ + "65048:10039" + ], + "importIpv4RouteTargets": [ + "65048:10039" + ], + "importIpv6RouteTargets": [ + "65048:10039" + ] + } }, "peeringOption": "OptionB" } },- "name": "nffab1031623", - "networkFabricControllerId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFCResourceGroupName/providers/Microsoft.ManagedNetworkFabric/networkFabricControllers/NFCName", + "name": "NFName", + "networkFabricControllerId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFCResourceGroupName/providers/microsoft.managednetworkfabric/networkfabriccontrollers/NFCName", "networkFabricSku": "NFSKU",- "operationalState": null, "provisioningState": "Succeeded", "rackCount": 4, "racks": [ "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourcegroups/NFResourceGroup/providers/microsoft.managednetworkfabric/networkracks/NFName-aggrack", "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourcegroups/NFResourceGroup/providers/microsoft.managednetworkfabric/networkracks/NFName-comprack1",- "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourcegroups/NFResourceGroup/providers/microsoft.managednetworkfabric/networkracks/NFName-comprack2" + "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourcegroups/NFResourceGroup/providers/microsoft.managednetworkfabric/networkracks/NFName-comprack2", + "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourcegroups/NFResourceGroup/providers/microsoft.managednetworkfabric/networkracks/NFName-comprack3", + "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourcegroups/NFResourceGroup/providers/microsoft.managednetworkfabric/networkracks/NFName-comprack4" ], "resourceGroup": "NFResourceGroup",- "routerId": null, "serverCountPerRack": 8, "systemData": {- "createdAt": "2023-XX-XXT12:52:11.769525+00:00", - "createdBy": "email@address.com", - "createdByType": "User", - "lastModifiedAt": "2023-XX-XXT12:53:02.504974+00:00", + "createdAt": "2023-XX-XXT18:29:58.3785568Z", + "createdBy": "97fdd529-68de-4ba5-aa3c-adf86bd564bf", + "createdByType": "Application", + "lastModifiedAt": "2023-XX-XXT04:32:02.7129198Z", "lastModifiedBy": "d1bd24c7-b27f-477e-86dd-939e107873d7", "lastModifiedByType": "Application" },- "tags": null, "terminalServerConfiguration": {- "networkDeviceId": null, - "password": null, "primaryIpv4Prefix": "20.0.1.0/30",- "primaryIpv6Prefix": null, "secondaryIpv4Prefix": "20.0.0.0/30",- "secondaryIpv6Prefix": null, "serialNumber": "TerminalServerSerialNumber",- "username": "****" + "username": "XXXX" }, "type": "microsoft.managednetworkfabric/networkfabrics"-} --``` --### List all network fabrics in a resource group --```azurecli -az networkfabric fabric list --resource-group "NFResourceGroup" -``` --Expected output: --```output -{ - "annotation": null, - "fabricAsn": 65048, - "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkFabrics/NFName", - "ipv4Prefix": "10.2.0.0/19", - "ipv6Prefix": "fda0:d59c:da02::/59", - "l2IsolationDomains": [Null], - "l3IsolationDomains": [Null], - "location": "eastus", - "managementNetworkConfiguration": { - "infrastructureVpnConfiguration": { - "administrativeState": "Enabled", - "networkToNetworkInterconnectId": null, - "optionAProperties": null, - "optionBProperties": { - "exportRouteTargets": [ - "65048:10039" - ], - "importRouteTargets": [ - "65048:10039" - ] - }, - "peeringOption": "OptionB" - }, - "workloadVpnConfiguration": { - "administrativeState": "Enabled", - "networkToNetworkInterconnectId": null, - "optionAProperties": null, - "optionBProperties": { - "exportRouteTargets": [ - "65048:10050" - ], - "importRouteTargets": [ - "65048:10050" - ] - }, - "peeringOption": "OptionB" - } - }, - "name": "NFName", - "networkFabricControllerId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFCResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkFabricControllers/NFCName", - "networkFabricSku": "NFSKU", - "operationalState": "Provisioned", - "provisioningState": "Succeeded", - "rackCount": 4, - "racks": [ - "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourcegroups/NFResourceGroup/providers/microsoft.managednetworkfabric/networkracks/NFName-aggrack", - "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourcegroups/NFResourceGroup/providers/microsoft.managednetworkfabric/networkracks/NFName-comprack1", - "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourcegroups/NFResourceGroup/providers/microsoft.managednetworkfabric/networkracks/NFName-comprack2" - ], - "resourceGroup": "NFResourceGroup", - "routerId": null, - "serverCountPerRack": 8, - "systemData": { - "createdAt": "2023-XX-XXT12:52:11.769525+00:00", - "createdBy": "email@address.com", - "createdByType": "User", - "lastModifiedAt": "2023-XX-XXT02:05:44.043591+00:00", - "lastModifiedBy": "d1bd24c7-b27f-477e-86dd-939e107873d7", - "lastModifiedByType": "Application" - }, - "tags": null, - "terminalServerConfiguration": { - "networkDeviceId": null, - "password": null, - "primaryIpv4Prefix": "20.0.1.0/30", - "primaryIpv6Prefix": null, - "secondaryIpv4Prefix": "20.0.0.0/30", - "secondaryIpv6Prefix": null, - "serialNumber": "TerminalServerSerialNumber", - "username": "****" - }, - "type": "microsoft.managednetworkfabric/networkfabrics" - } +} ``` ## Configure an NNI -The following table specifies the parameters that you use to create a network-to-network interconnect. --| Parameter | Description | Example | Required | Type | -|--|-||-|| -|`isMangementType`| Configuration to use an NNI for management of the fabric. Possible values are `True` and `False`. The default value is `True`. |`True`|True|| -|`useOptionB`| Configuration to enable Option B. Possible values are `True` and `False`. |`True`|True|| -|`layer2Configuration`| Layer 2 configuration. |||| -|`portCount`| Number of ports that are part of the port channel. The maximum value is based on the fabric SKU.|`3`||| -|`mtu`| Maximum transmission unit between CEs and PEs. |`1500`||| -|`layer3Configuration`| Layer 3 configuration between CEs and PEs.||True|| -|`primaryIpv4Prefix`|IPv4 prefix for connectivity between the primary CE and the primary PE. The port-channel interface for the primary CE is assigned the first usable IP from the prefix. The corresponding interface on the primary PE is assigned the second usable address.|`10.246.0.124/31`; the port-channel interface for the primary CE is assigned `10.246.0.125`, and the port-channel interface for the primary PE is assigned `10.246.0.126`.||String| -|`secondaryIpv4Prefix`|IPv4 prefix for connectivity between the secondary CE and the secondary PE. The port-channel interface for the secondary CE is assigned the first usable IP from the prefix. The corresponding interface on the secondary PE is assigned the second usable address.|`10.246.0.128/31`; the port-channel interface for the secondary CE is assigned `10.246.0.129`, and the port-channel interface for the secondary PE is assigned `10.246.0.130`.||String| -|`primaryIpv6Prefix`|IPv6 prefix for connectivity between the primary CE and the primary PE. The port-channel interface for the primary CE is assigned the first usable IP from the prefix. The corresponding interface on the primary PE is assigned the second usable address.|`3FFE:FFFF:0:CD30::a1` is assigned to the primary CE, and `3FFE:FFFF:0:CD30::a2` is assigned to the primary PE. Default value is `3FFE:FFFF:0:CD30::a0/126`.||String| -|`secondaryIpv6Prefix`|IPv6 prefix for connectivity between the secondary CE and the secondary PE. The port-channel interface for the secondary CE is assigned the first usable IP from the prefix. The corresponding interface on the secondary PE is assigned the second usable address.|`3FFE:FFFF:0:CD30::a5` is assigned to the secondary CE, and `3FFE:FFFF:0:CD30::a6` is assigned to the secondary PE. Default value is `3FFE:FFFF:0:CD30::a4/126`.||String| -|`fabricAsn`|ASN assigned on the CE for BGP peering with the PE.|`65048`||| -|`peerAsn`|ASN assigned on the PE for BGP peering with the CE. For internal BGP between the PE and the CE, the value should be the same as `fabricAsn`. For external BGP, the value should be different from `fabricAsn`. |`65048`|True|| -|`fabricAsn`|ASN assigned on the CE for BGP peering with the PE.|`65048`||| -|`vlan-Id`|VLAN for the NNI. The range is 501 to 4095. |`501`||| -|`importRoutePolicy`|Details to import a route policy.|||| -|`exportRoutePolicy`|Details to export a route policy.|||| --### Create an NNI --You must create the resource group and network fabric before you create a network-to-network interconnect. --Run the following command to create the NNI: +The following table specifies parameters used to create Network-to-Network Interconnect. +++| Parameter | Description | Example | Required | Type| +|--|-||-|--| +|isMangementType| Configuration to make NNI to be used for management of Fabric. Default value is true. Possible values are True/False |True|True +|useOptionB| Configuration to enable optionB. Possible values are True/False |True|True +|| +|*layer2Configuration*| Layer 2 configuration || +|| +|portCount| Number of ports that are part of the port-channel. Maximum value is based on Fabric SKU|3|| +|mtu| Maximum transmission unit between CE and PE. |1500|| +|| +|*layer3Configuration*| Layer 3 configuration between CEs and PEs||True +|| +|primaryIpv4Prefix|IPv4 Prefix for connectivity between CE1 and PE1. CE1 port-channel interface is assigned the first usable IP from the prefix and the corresponding interface on PE1 should be assigned the second usable address|10.246.0.124/31, CE1 port-channel interface is assigned 10.246.0.125 and PE1 port-channel interface should be assigned 10.246.0.126||String| +|secondaryIpv4Prefix|IPv4 Prefix for connectivity between CE2 and PE2. CE2 port-channel interface is assigned the first usable IP from the prefix and the corresponding interface on PE2 should be assigned the second usable address|10.246.0.128/31, CE2 port-channel interface should be assigned 10.246.0.129 and PE2 port-channel interface 10.246.0.130||String| +|primaryIpv6Prefix|IPv6 Prefix for connectivity between CE1 and PE1. CE1 port-channel interface is assigned the first usable IP from the prefix and the corresponding interface on PE1 should be assigned the second usable address|3FFE:FFFF:0:CD30::a1 is assigned to CE1 and 3FFE:FFFF:0:CD30::a2 is assigned to PE1. Default value is 3FFE:FFFF:0:CD30::a0/126||String| +|secondaryIpv6Prefix|IPv6 Prefix for connectivity between CE2 and PE2. CE2 port-channel interface is assigned the first usable IP from the prefix and the corresponding interface on PE2 should be assigned the second usable address|3FFE:FFFF:0:CD30::a5 is assigned to CE2 and 3FFE:FFFF:0:CD30::a6 is assigned to PE2. Default value is 3FFE:FFFF:0:CD30::a4/126.||String| +|fabricAsn|ASN number assigned on CE for BGP peering with PE|65048|| +|peerAsn|ASN number assigned on PE for BGP peering with CE. For iBGP between PE/CE, the value should be same as fabricAsn, for eBGP the value should be different from fabricAsn |65048|True| +|fabricAsn|ASN number assigned on CE for BGP peering with PE|65048|| +|vlan-Id|Vlan for NNI.Range is between 501-4095 |501|| +|importRoutePolicy|Details to import route policy.||| +|exportRoutePolicy|Details to export route policy.||| +|nni-type|The default value is CE. CE and NPB are the options|CE, PE|| ++## Create a Network to Network Interconnect (NNI) ++Resource group & Network Fabric must be created before Network to Network Interconnect creation. ++Run the following command to create the Network to Network Interconnect (Default nni type is CE): + ```azurecli az networkfabric nni create \ --resource-name "NFNNIName" \ --fabric "NFFabric" \ --is-management-type "True" \use-option-b "True" \+--use-option-b "False" \ --layer2-configuration '{"portCount": 3, "mtu": 1500}' \ --layer3-configuration '{"peerASN": 65048, "vlanId": 501, "primaryIpv4Prefix": "10.2.0.124/30", "secondaryIpv4Prefix": "10.2.0.128/30", "primaryIpv6Prefix": "10:2:0:124::400/127", "secondaryIpv6Prefix": "10:2:0:124::402/127"}' Expected output: ```output {- "administrativeState": null, - "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkFabrics/nffab1031623/networkToNetworkInterconnects/NFNNIName", - "isManagementType": "True", - "layer2Configuration": { - "interfaces": null, - "mtu": 1500, - "portCount": 3 - }, - "layer3Configuration": { - "exportRoutePolicyId": null, - "fabricAsn": null, - "importRoutePolicyId": null, - "peerAsn": 65048, - "primaryIpv4Prefix": "10.2.0.124/30", - "primaryIpv6Prefix": "10:2:0:124::400/127", - "secondaryIpv4Prefix": "10.2.0.128/30", - "secondaryIpv6Prefix": "10:2:0:124::402/127", - "vlanId": 501 - }, + "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroupName/providers/microsoft.managednetworkfabric/networkfabrics/NFName/networkToNetworkInterconnects/NFNNIName", "name": "NFNNIName",- "provisioningState": "Succeeded", - "resourceGroup": "NFResourceGroup", + "type": "microsoft.managednetworkfabric/networkfabrics/networktonetworkinterconnects", "systemData": {- "createdAt": "2023-XX-XXT13:13:22.514644+00:00", - "createdBy": "email@address.com", - "createdByType": "User", - "lastModifiedAt": "2023-XX-XXT13:13:22.514644+00:00", - "lastModifiedBy": "email@address.com", - "lastModifiedByType": "User" + "createdBy": "97fdd529-68de-4ba5-aa3c-adf86bd564bf", + "createdByType": "Application", + "createdAt": "2023-XX-XXT18:30:14.613498Z", + "lastModifiedBy": "97fdd529-68de-4ba5-aa3c-adf86bd564bf", + "lastModifiedByType": "Application", + "lastModifiedAt": "2023-XX-XXT18:30:14.613498Z" },- "type": "microsoft.managednetworkfabric/networkfabrics/networktonetworkinterconnects", - "useOptionB": "True" + "properties": { + "administrativeState": "Enabled", + "nniType": "CE", + "isManagementType": "True", + "useOptionB": "False", + "layer2Configuration": { + "mtu": 1500 + }, + "optionBLayer3Configuration": { + "peerASN": 65050, + "vlanId": 501, + "fabricASN": 0, + "primaryIpv4Prefix": "10.2.0.124/30", + "primaryIpv6Prefix": "10:2:0:124::400/127" + "secondaryIpv4Prefix": "10.2.0.128/30" + "secondaryIpv6Prefix": "10:2:0:124::402/127" + }, + "provisioningState": "Accepted", + "configurationState": "Succeeded" + } +} ``` -### Show network fabric NNIs +## Show Network Fabric NNIs (Network to Network Interface) ```azurecli az networkfabric nni show -g "NFResourceGroup" --resource-name "NFNNIName" --fabric "NFFabric" Expected output: ```output {- "administrativeState": null, - "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkFabrics/NFFabric/networkToNetworkInterconnects/NFNNIName", + "administrativeState": "Enabled", + "configurationState": "Succeeded", + "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroupName/providers/microsoft.managednetworkfabric/networkfabrics/NFName/networkToNetworkInterconnects/NFNNIName", "isManagementType": "True", "layer2Configuration": {- "interfaces": null, - "mtu": 1500, - "portCount": 3 + "mtu": 1500 },- "layer3Configuration": { - "exportRoutePolicyId": null, - "fabricAsn": null, - "importRoutePolicyId": null, - "peerAsn": 65048, + "name": "nffab2lab180723-nni", + "nniType": "CE", + "optionBLayer3Configuration": { + "fabricASN": 0, + "peerASN": 65050, "primaryIpv4Prefix": "10.2.0.124/30",- "primaryIpv6Prefix": "10:2:0:124::400/127", - "secondaryIpv4Prefix": "10.2.0.128/30", - "secondaryIpv6Prefix": "10:2:0:124::402/127", + "primaryIpv6Prefix": "10:2:0:124::400/127" + "secondaryIpv4Prefix": "10.2.0.128/30" + "secondaryIpv6Prefix": "10:2:0:124::402/127" "vlanId": 501 },- "name": "NFNNIName", "provisioningState": "Succeeded",- "resourceGroup": "NFResourceGroup", + "resourceGroup": "NFResourceGroupName", "systemData": {- "createdAt": "2023-XX-XXT13:13:22.514644+00:00", - "createdBy": "email@address.com", - "createdByType": "User", - "lastModifiedAt": "2023-XX-XX13:13:22.514644+00:00", - "lastModifiedBy": "email@address.com", - "lastModifiedByType": "User" + "createdAt": "2023-XX-XXT18:30:14.613498Z", + "createdBy": "97fdd529-68de-4ba5-aa3c-adf86bd564bf", + "createdByType": "Application", + "lastModifiedAt": "2023-XX-XXT18:30:14.613498Z", + "lastModifiedBy": "97fdd529-68de-4ba5-aa3c-adf86bd564bf", + "lastModifiedByType": "Application" }, "type": "microsoft.managednetworkfabric/networkfabrics/networktonetworkinterconnects",- "useOptionB": "True" + "useOptionB": "False" +} ``` -### List or get network fabric NNIs +++## List or Get Network Fabric NNI (Network to Network Interface) ```azurecli az networkfabric nni list -g NFResourceGroup --fabric NFFabric Expected output: ```output {- "administrativeState": null, - "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkFabrics/NFFabric/networkToNetworkInterconnects/NFNNIName", - "isManagementType": "True", - "layer2Configuration": { - "interfaces": null, - "mtu": 1500, - "portCount": 3 - }, - "layer3Configuration": { - "exportRoutePolicyId": null, - "fabricAsn": null, - "importRoutePolicyId": null, - "peerAsn": 65048, - "primaryIpv4Prefix": "10.2.0.124/30", - "primaryIpv6Prefix": "10:2:0:124::400/127", - "secondaryIpv4Prefix": "10.2.0.128/30", - "secondaryIpv6Prefix": "10:2:0:124::402/127", - "vlanId": 501 - }, - "name": "NFNNIName", - "provisioningState": "Succeeded", - "resourceGroup": "NFResourceGroup", - "systemData": { - "createdAt": "2023-XX-XXT13:13:22.514644+00:00", - "createdBy": "email@address.com.com", - "createdByType": "User", - "lastModifiedAt": "2023-XX-XXT13:13:22.514644+00:00", - "lastModifiedBy": "email@address.com.com", - "lastModifiedByType": "User" - }, - "type": "microsoft.managednetworkfabric/networkfabrics/networktonetworkinterconnects", - "useOptionB": "True" - } + "administrativeState": "Enabled", + "configurationState": "Succeeded", + "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroupName/providers/microsoft.managednetworkfabric/networkfabrics/NFName/networkToNetworkInterconnects/NFNNIName", + "isManagementType": "True", + "layer2Configuration": { + "mtu": 1500 + }, + "name": "nffab2lab180723-nni", + "nniType": "CE", + "optionBLayer3Configuration": { + "fabricASN": 0, + "peerASN": 65050, + "primaryIpv4Prefix": "10.2.0.124/30", + "primaryIpv6Prefix": "10:2:0:124::400/127" + "secondaryIpv4Prefix": "10.2.0.128/30" + "secondaryIpv6Prefix": "10:2:0:124::402/127" + "vlanId": 501 + }, + "provisioningState": "Succeeded", + "resourceGroup": "NFResourceGroupName", + "systemData": { + "createdAt": "2023-XX-XXT18:30:14.613498Z", + "createdBy": "97fdd529-68de-4ba5-aa3c-adf86bd564bf", + "createdByType": "Application", + "lastModifiedAt": "2023-XX-XXT18:30:14.613498Z", + "lastModifiedBy": "97fdd529-68de-4ba5-aa3c-adf86bd564bf", + "lastModifiedByType": "Application" + }, + "type": "microsoft.managednetworkfabric/networkfabrics/networktonetworkinterconnects", + "useOptionB": "False" +} ``` -## Update network fabric devices -Run the following command to update network fabric devices: +++## Next Steps ++* Update the serial number in the networkDevice resource with the actual serial number on the device. The device sends the serial number as part of DHCP request. +* Configure the terminal server with the serial numbers of all the devices (which also hosts DHCP server) +* Provision the network devices via zero-touch provisioning mode, Based on the serial number in the DHCP request, the DHCP server responds with the boot configuration file for the corresponding device +++## Update Network Fabric Devices ++Run the following command to update Network Fabric Devices: ```azurecli Expected output: ```output {- "annotation": null, - "hostName": "AggrRack-CE01", "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkDevices/Network-Device-Name",- "location": "eastus2euap", "name": "Network-Device-Name",- "networkDeviceRole": "CE1", - "networkDeviceSku": "DefaultSku", - "networkRackId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkRacks/Network-Device-Name", - "provisioningState": "Succeeded", - "resourceGroup": "NFResourceGroup", - "serialNumber": "AXXXX;DCS-XXXXX-24;XX.XX;JXXXXXXX", + "type": "microsoft.managednetworkfabric/networkdevices", + "location": "eastus", "systemData": {- "createdAt": "2023-XX-XXT12:52:42.270551+00:00", "createdBy": "d1bd24c7-b27f-477e-86dd-939e107873d7", "createdByType": "Application",- "lastModifiedAt": "2023-XX-XXT13:30:24.098335+00:00", - "lastModifiedBy": "email@address.com", - "lastModifiedByType": "User" + "createdAt": "2023-XX-XXT18:30:03.11544Z", + "lastModifiedBy": "97fdd529-68de-4ba5-aa3c-adf86bd564bf", + "lastModifiedByType": "Application", + "lastModifiedAt": "2023-XX-XXT18:30:29.1296291Z" },- "tags": null, - "type": "microsoft.managednetworkfabric/networkdevices", - "version": null -} + "properties": { + "networkRackId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkRacks/Network-Device-Name", + "networkDeviceSku": "DefaultSku", + "networkDeviceRole": "XX", + "hostName": "example-hostname", + "serialNumber": "AXXXX;DCS-XXXXX-24;XX.XX;JXXXXXXX", + "version": "", + "configurationState": "Succeeded", + "administrativeState": "Enabled", + "provisioningState": "Succeeded" + } ```--The preceding code serves only as an example. You should update all the devices that are part of both `AggrRack` and `computeRacks`. +> [!Note] +> The The preceding code serves only as an example. You should update all the devices that are part of both `AggrRack` and `computeRacks` For example, `AggrRack` consists of:- * `CE01` * `CE02` * `TOR17` For example, `AggrRack` consists of: * `MgmtSwitch01` * `MgmtSwitch02` (and so on, for other switches) -## List or get network fabric devices +## List or Get Network Fabric Devices Run the following command to list network fabric devices in a resource group: az networkfabric device list --resource-group "NFResourceGroup" Expected output: ```output-{ - "annotation": null, - "hostName": "AggrRack-CE01", - "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkDevices/NFName-AggrRack-CE1", +[ + { + "administrativeState": "Enabled", + "configurationState": "Succeeded", + "hostName": "example-hostname", + "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkDevices/Network-Device-Name", "location": "eastus", "name": "Network-Device-Name",- "networkDeviceRole": "CE1", + "networkDeviceRole": "CE", "networkDeviceSku": "DefaultSku",- "networkRackId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkRacks/Network-Device-Name", + "networkRackId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkRacks/Network-Device-Name-aggrack", "provisioningState": "Succeeded", "resourceGroup": "NFResourceGroup",- "serialNumber": "ArXXX;DCS-7XXXXXX-24;12.05;JPXXXXXXXX", + "serialNumber": "AXXXX;DCS-XXXXX-24;XX.XX;JXXXXXXX", "systemData": {- "createdAt": "2023-XX-XXT12:52:42.270551+00:00", + "createdAt": "2023-XX-XXT18:30:00.5266816Z", "createdBy": "d1bd24c7-b27f-477e-86dd-939e107873d7", "createdByType": "Application",- "lastModifiedAt": "2023-XX-XXT13:30:24.098335+00:00", - "lastModifiedBy": "email@address.com", - "lastModifiedByType": "User" + "lastModifiedAt": "2023-XX-XXT18:30:23.2231751Z", + "lastModifiedBy": "97fdd529-68de-4ba5-aa3c-adf86bd564bf", + "lastModifiedByType": "Application" },- "tags": null, "type": "microsoft.managednetworkfabric/networkdevices",- "version": null + "version": "" }, {- "annotation": null, - "hostName": "AggrRack-CE02", - "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkDevices/NFName-AggrRack-CE2", + "administrativeState": "Enabled", + "configurationState": "Succeeded", + "hostName": "AR-MGMT2", + "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkDevices/Network-Device-Name", "location": "eastus", "name": "Network-Device-Name",- "networkDeviceRole": "CE2", + "networkDeviceRole": "TS", "networkDeviceSku": "DefaultSku",- "networkRackId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkRacks/Network-Device-Name", + "networkRackId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkRacks/Network-Device-Name-aggrack", "provisioningState": "Succeeded", "resourceGroup": "NFResourceGroup",- "serialNumber": "ArXXX;DCS-7XXXXXX-24;12.05;JPXXXXXXXX", + "serialNumber": "AXXXX;DCS-XXXXX-24;XX.XX;JXXXXXXX", "systemData": {- "createdAt": "2023-XX-XXT12:52:43.489256+00:00", + "createdAt": "2023-XX-XXT18:30:00.727495Z", "createdBy": "d1bd24c7-b27f-477e-86dd-939e107873d7", "createdByType": "Application",- "lastModifiedAt": "2023-XX-XXT13:30:40.923567+00:00", - "lastModifiedBy": "email@address.com", - "lastModifiedByType": "User" + "lastModifiedAt": "2023-XX-XXT18:30:33.7864881Z", + "lastModifiedBy": "97fdd529-68de-4ba5-aa3c-adf86bd564bf", + "lastModifiedByType": "Application" },- "tags": null, "type": "microsoft.managednetworkfabric/networkdevices",- "version": null + "version": "" }, {- "annotation": null, - "hostName": "AggRack-TOR17", - "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkDevices/NFName-AggrRack-TOR17", - "location": "eastus2euap", + "administrativeState": "Enabled", + "configurationState": "Succeeded", + "hostName": "example-hostname", + "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkDevices/Network-Device-Name", + "location": "eastus", "name": "Network-Device-Name",- "networkDeviceRole": "TOR17", + "networkDeviceRole": "NPB", "networkDeviceSku": "DefaultSku",- "networkRackId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkRacks/Network-Device-Name", + "networkRackId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkRacks/Network-Device-Name-aggrack", "provisioningState": "Succeeded", "resourceGroup": "NFResourceGroup",- "serialNumber": "ArXXX;DCS-7XXXXXX-24;12.05;JPXXXXXXXX", + "serialNumber": "AXXXX;DCS-XXXXX-24;XX.XX;JXXXXXXX", "systemData": {- "createdAt": "2023-XX-XXT12:52:44.676759+00:00", + "createdAt": "2023-XX-XXT18:30:00.7582997Z", "createdBy": "d1bd24c7-b27f-477e-86dd-939e107873d7", "createdByType": "Application",- "lastModifiedAt": "2023-XX-XXT13:31:59.650758+00:00", - "lastModifiedBy": "email@address.com", - "lastModifiedByType": "User" + "lastModifiedAt": "2023-XX-XXT18:30:34.9110792Z", + "lastModifiedBy": "97fdd529-68de-4ba5-aa3c-adf86bd564bf", + "lastModifiedByType": "Application" },- "tags": null, "type": "microsoft.managednetworkfabric/networkdevices",- "version": null + "version": "" }, {- "annotation": null, - "hostName": "AggRack-TOR18", - "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkDevices/NFName-AggrRack-TOR18", + "administrativeState": "Enabled", + "configurationState": "Succeeded", + "hostName": "example-hostname", + "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkDevices/Network-Device-Name", "location": "eastus", "name": "Network-Device-Name",- "networkDeviceRole": "TOR18", + "networkDeviceRole": "CE", "networkDeviceSku": "DefaultSku",- "networkRackId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkRacks/Network-Device-Name", + "networkRackId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkRacks/Network-Device-Name-aggrack", "provisioningState": "Succeeded", "resourceGroup": "NFResourceGroup",- "serialNumber": "ArXXX;DCS-7XXXXXX-24;12.05;JPXXXXXXXX", + "serialNumber": "AXXXX;DCS-XXXXX-24;XX.XX;JXXXXXXX", "systemData": {- "createdAt": "2023-03-16T12:52:45.801778+00:00", + "createdAt": "2023-XX-XXT18:30:00.7210136Z", "createdBy": "d1bd24c7-b27f-477e-86dd-939e107873d7", "createdByType": "Application",- "lastModifiedAt": "2023-XX-XXT13:32:13.369591+00:00", - "lastModifiedBy": "email@address.com", - "lastModifiedByType": "User" + "lastModifiedAt": "2023-XX-XXT18:30:24.426339Z", + "lastModifiedBy": "97fdd529-68de-4ba5-aa3c-adf86bd564bf", + "lastModifiedByType": "Application" },- "tags": null, "type": "microsoft.managednetworkfabric/networkdevices",- "version": null + "version": "" }, {- "annotation": null, - "hostName": "AggRack-MGMT1", - "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkDevices/NFName-AggrRack-MgmtSwitch1", + "administrativeState": "Enabled", + "configurationState": "Succeeded", + "hostName": "example-hostname", + "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkDevices/Network-Device-Name", "location": "eastus", "name": "Network-Device-Name",- "networkDeviceRole": "MgmtSwitch1", + "networkDeviceRole": "TS", "networkDeviceSku": "DefaultSku",- "networkRackId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkRacks/Network-Device-Name", + "networkRackId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkRacks/Network-Device-Name-aggrack", "provisioningState": "Succeeded", "resourceGroup": "NFResourceGroup",- "serialNumber": "ArXXX;DCS-7XXXXXX-24;12.05;JPXXXXXXXX", + "serialNumber": "AXXXX;DCS-XXXXX-24;XX.XX;JXXXXXXX", "systemData": {- "createdAt": "2023-XX-XXT12:52:46.911202+00:00", + "createdAt": "2023-XX-XXT18:30:00.7722959Z", "createdBy": "d1bd24c7-b27f-477e-86dd-939e107873d7", "createdByType": "Application",- "lastModifiedAt": "2023-XX-XXT13:31:00.836730+00:00", - "lastModifiedBy": "email@address.com", - "lastModifiedByType": "User" + "lastModifiedAt": "2023-XX-XXT18:30:25.7076346Z", + "lastModifiedBy": "97fdd529-68de-4ba5-aa3c-adf86bd564bf", + "lastModifiedByType": "Application" },- "tags": null, "type": "microsoft.managednetworkfabric/networkdevices",- "version": null + "version": "" }, {- "annotation": null, - "hostName": "AggRack-MGMT2", - "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkDevices/NFName-AggrRack-MgmtSwitch2", + "administrativeState": "Enabled", + "configurationState": "Succeeded", + "hostName": "example-hostname", + "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkDevices/Network-Device-Name", "location": "eastus", "name": "Network-Device-Name",- "networkDeviceRole": "MgmtSwitch2", + "networkDeviceRole": "ToR", "networkDeviceSku": "DefaultSku",- "networkRackId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkRacks/Network-Device-Name", + "networkRackId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkRacks/nffab2lab180723-comprack1", + "provisioningState": "Succeeded", + "resourceGroup": "NFResourceGroup", + "serialNumber": "AXXXX;DCS-XXXXX-24;XX.XX;JXXXXXXX", + "systemData": { + "createdAt": "2023-XX-XXT18:30:03.0049164Z", + "createdBy": "d1bd24c7-b27f-477e-86dd-939e107873d7", + "createdByType": "Application", + "lastModifiedAt": "2023-XX-XXT18:30:28.0046231Z", + "lastModifiedBy": "97fdd529-68de-4ba5-aa3c-adf86bd564bf", + "lastModifiedByType": "Application" + }, + "type": "microsoft.managednetworkfabric/networkdevices", + "version": "" + }, + { + "administrativeState": "Enabled", + "configurationState": "Succeeded", + "hostName": "example-hostname", + "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkDevices/Network-Device-Name", + "location": "eastus", + "name": "Network-Device-Name", + "networkDeviceRole": "TS", + "networkDeviceSku": "DefaultSku", + "networkRackId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkRacks/nffab2lab180723-comprack1", + "provisioningState": "Succeeded", + "resourceGroup": "NFResourceGroup", + "serialNumber": "AXXXX;DCS-XXXXX-24;XX.XX;JXXXXXXX", + "systemData": { + "createdAt": "2023-XX-XXT18:30:03.11544Z", + "createdBy": "d1bd24c7-b27f-477e-86dd-939e107873d7", + "createdByType": "Application", + "lastModifiedAt": "2023-XX-XXT18:30:29.1296291Z", + "lastModifiedBy": "97fdd529-68de-4ba5-aa3c-adf86bd564bf", + "lastModifiedByType": "Application" + }, + "type": "microsoft.managednetworkfabric/networkdevices", + "version": "" + }, + { + "administrativeState": "Enabled", + "configurationState": "Succeeded", + "hostName": "example-hostname", + "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkDevices/Network-Device-Name", + "location": "eastus", + "name": "Network-Device-Name", + "networkDeviceRole": "ToR", + "networkDeviceSku": "DefaultSku", + "networkRackId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkRacks/nffab2lab180723-comprack1", + "provisioningState": "Succeeded", + "resourceGroup": "NFResourceGroup", + "serialNumber": "AXXXX;DCS-XXXXX-24;XX.XX;JXXXXXXX", + "systemData": { + "createdAt": "2023-XX-XXT18:30:03.1893834Z", + "createdBy": "d1bd24c7-b27f-477e-86dd-939e107873d7", + "createdByType": "Application", + "lastModifiedAt": "2023-XX-XXT18:30:26.7545474Z", + "lastModifiedBy": "97fdd529-68de-4ba5-aa3c-adf86bd564bf", + "lastModifiedByType": "Application" + }, + "type": "microsoft.managednetworkfabric/networkdevices", + "version": "" + }, + { + "administrativeState": "Enabled", + "configurationState": "Succeeded", + "hostName": "example-hostname", + "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkDevices/Network-Device-Name", + "location": "eastus", + "name": "Network-Device-Name", + "networkDeviceRole": "ToR", + "networkDeviceSku": "DefaultSku", + "networkRackId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkRacks/nffab2lab180723-comprack2", "provisioningState": "Succeeded", "resourceGroup": "NFResourceGroup",- "serialNumber": "ArXXX;DCS-7XXXXXX-24;12.05;JPXXXXXXXX", + "serialNumber": "AXXXX;DCS-XXXXX-24;XX.XX;JXXXXXXX", "systemData": {- "createdAt": "2023-XX-XXT12:52:48.020528+00:00", + "createdAt": "2023-XX-XXT18:30:05.4237868Z", "createdBy": "d1bd24c7-b27f-477e-86dd-939e107873d7", "createdByType": "Application",- "lastModifiedAt": "2023-XX-XXT13:31:42.173645+00:00", - "lastModifiedBy": "email@address.com", - "lastModifiedByType": "User" + "lastModifiedAt": "2023-XX-XXT18:30:31.5047457Z", + "lastModifiedBy": "97fdd529-68de-4ba5-aa3c-adf86bd564bf", + "lastModifiedByType": "Application" },- "tags": null, "type": "microsoft.managednetworkfabric/networkdevices",- "version": null + "version": "" + }, + { + "administrativeState": "Enabled", + "configurationState": "Succeeded", + "hostName": "example-hostname", + "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkDevices/Network-Device-Name", + "location": "eastus", + "name": "Network-Device-Name", + "networkDeviceRole": "TS", + "networkDeviceSku": "DefaultSku", + "networkRackId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkRacks/nffab2lab180723-comprack2", + "provisioningState": "Succeeded", + "resourceGroup": "NFResourceGroup", + "serialNumber": "AXXXX;DCS-XXXXX-24;XX.XX;JXXXXXXX", + "systemData": { + "createdAt": "2023-XX-XXT18:30:05.4580643Z", + "createdBy": "d1bd24c7-b27f-477e-86dd-939e107873d7", + "createdByType": "Application", + "lastModifiedAt": "2023-XX-XXT18:30:32.6766268Z", + "lastModifiedBy": "97fdd529-68de-4ba5-aa3c-adf86bd564bf", + "lastModifiedByType": "Application" + }, + "type": "microsoft.managednetworkfabric/networkdevices", + "version": "" + }, + { + "administrativeState": "Enabled", + "configurationState": "Succeeded", + "hostName": "example-hostname", + "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkDevices/Network-Device-Name", + "location": "eastus", + "name": "Network-Device-Name", + "networkDeviceRole": "ToR", + "networkDeviceSku": "DefaultSku", + "networkRackId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkRacks/nffab2lab180723-comprack2", + "provisioningState": "Succeeded", + "resourceGroup": "NFResourceGroup", + "serialNumber": "AXXXX;DCS-XXXXX-24;XX.XX;JXXXXXXX", + "systemData": { + "createdAt": "2023-XX-XXT18:30:05.4906233Z", + "createdBy": "d1bd24c7-b27f-477e-86dd-939e107873d7", + "createdByType": "Application", + "lastModifiedAt": "2023-XX-XXT18:30:30.4265486Z", + "lastModifiedBy": "97fdd529-68de-4ba5-aa3c-adf86bd564bf", + "lastModifiedByType": "Application" + }, + "type": "microsoft.managednetworkfabric/networkdevices", + "version": "" }+] ```--Run the following command to get or show details of a network fabric device: +Run the following command to Get or Show details of a Network Fabric Device: ```azurecli az networkfabric device show --resource-group "NFResourceGroup" --resource-name "Network-Device-Name" Expected output: ```output {- "annotation": null, - "hostName": "AggrRack-CE01", - "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkDevices/NFName-AggrRack-CE1", + "administrativeState": "Enabled", + "configurationState": "Succeeded", + "hostName": "example-hostname", + "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkDevices/Network-Device-Name", "location": "eastus", "name": "Network-Device-Name",- "networkDeviceRole": "CE1", + "networkDeviceRole": "ToR", "networkDeviceSku": "DefaultSku",- "networkRackId": "/subscriptions/61065ccc-9543-4b91-b2d1-0ce42a914507/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkRacks/Network-Device-Name", + "networkRackId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkRacks/nffab2lab180723-comprack2", "provisioningState": "Succeeded", "resourceGroup": "NFResourceGroup", "serialNumber": "AXXXX;DCS-XXXXX-24;XX.XX;JXXXXXXX", "systemData": {- "createdAt": "2023-XX-XXT12:52:42.270551+00:00", + "createdAt": "2023-XX-XXT18:30:05.4906233Z", "createdBy": "d1bd24c7-b27f-477e-86dd-939e107873d7", "createdByType": "Application",- "lastModifiedAt": "2023-XX-XXT13:30:24.098335+00:00", - "lastModifiedBy": "email@address.com", - "lastModifiedByType": "User" + "lastModifiedAt": "2023-XX-XXT18:30:30.4265486Z", + "lastModifiedBy": "97fdd529-68de-4ba5-aa3c-adf86bd564bf", + "lastModifiedByType": "Application" },- "tags": null, "type": "microsoft.managednetworkfabric/networkdevices",- "version": null + "version": "" } ``` + ## Provision a network fabric After you update the device serial number, provision and show the fabric by running the following commands: az networkfabric fabric provision --resource-group "NFResourceGroup" --resource ``` ```azurecli-az networkfabric fabric show --resource-group "NFResourceGroup" --resource-name "NFName" +az networkfabric fabric show --resource-group "NFResourceGroup" --resource-name "NFName" ``` Expected output: ```output {- "annotation": null, - "fabricAsn": 65048, - "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkFabrics/NFName", + "configurationState": "Provisioned", + "fabricASN": 65048, + "fabricVersion": "1.0.0", + "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/microsoft.managednetworkfabric/networkfabrics/NFName", "ipv4Prefix": "10.2.0.0/19",- "ipv6Prefix": "fda0:d59c:da02::/59", - "l2IsolationDomains": null, - "l3IsolationDomains": null, + "ipv6Prefix": "fda0:d59c:df02::/59", + "l2IsolationDomains": [], + "l3IsolationDomains": [], "location": "eastus", "managementNetworkConfiguration": { "infrastructureVpnConfiguration": { "administrativeState": "Enabled",- "networkToNetworkInterconnectId": null, - "optionAProperties": null, - "optionBProperties": { - "exportRouteTargets": [ - "65048:10039" - ], - "importRouteTargets": [ - "65048:10039" - ] + "routeTargets": { + "exportIpv4RouteTargets": [ + "65048:10039" + ], + "exportIpv6RouteTargets": [ + "65048:10039" + ], + "importIpv4RouteTargets": [ + "65048:10039" + ], + "importIpv6RouteTargets": [ + "65048:10039" + ] + } }, "peeringOption": "OptionB" }, "workloadVpnConfiguration": { "administrativeState": "Enabled",- "networkToNetworkInterconnectId": null, - "optionAProperties": null, "optionBProperties": {- "exportRouteTargets": [ - "65048:10050" - ], - "importRouteTargets": [ - "65048:10050" - ] + "routeTargets": { + "exportIpv4RouteTargets": [ + "65048:10050" + ], + "exportIpv6RouteTargets": [ + "65048:10050" + ], + "importIpv4RouteTargets": [ + "65048:10050" + ], + "importIpv6RouteTargets": [ + "65048:10050" + ] + } }, "peeringOption": "OptionB" } }, "name": "NFName",- "networkFabricControllerId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFCResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkFabricControllers/NFCName", + "networkFabricControllerId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFCResourceGroup/providers/microsoft.managednetworkfabric/networkfabriccontrollers/NFCName", "networkFabricSku": "NFSKU",- "operationalState": "Provisioning", "provisioningState": "Succeeded",- "rackCount": 3, + "rackCount": 4, "racks": [- "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourcegroups/NFResourceGroup/providers/microsoft.managednetworkfabric/networkracks/NFName-aggrack", - "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourcegroups/NFResourceGroup/providers/microsoft.managednetworkfabric/networkracks/NFName-comprack1", - "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourcegroups/NFResourceGroup/providers/microsoft.managednetworkfabric/networkracks/NFName-comprack2" + "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFCResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkRacks/NFName-aggrack", + "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFCResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkRacks/NFName-comprack1", + "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFCResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkRacks/NFName-comprack2", + "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFCResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkRacks/NFName-comprack3", + "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFCResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkRacks/NFName-comprack4" ], "resourceGroup": "NFResourceGroup",- "routerId": null, - "serverCountPerRack": 7, + "serverCountPerRack": 8, "systemData": {- "createdAt": "2023-XX-XXT12:52:11.769525+00:00", - "createdBy": "email@address.com", - "createdByType": "User", - "lastModifiedAt": "2023-XX-XXT14:47:59.424826+00:00", + "createdAt": "2023-XX-XXT18:29:58.3785568Z", + "createdBy": "97fdd529-68de-4ba5-aa3c-adf86bd564bf", + "createdByType": "Application", + "lastModifiedAt": "2023-XX-XXT04:32:02.7129198Z", "lastModifiedBy": "d1bd24c7-b27f-477e-86dd-939e107873d7", "lastModifiedByType": "Application" },- "tags": null, "terminalServerConfiguration": {- "networkDeviceId": null, - "password": null, "primaryIpv4Prefix": "20.0.1.0/30",- "primaryIpv6Prefix": null, "secondaryIpv4Prefix": "20.0.0.0/30",- "secondaryIpv6Prefix": null, - "serialNumber": "XXXXXXXXXXXX", + "serialNumber": "XXXXXXXXXXXXXX", "username": "XXXX" }, "type": "microsoft.managednetworkfabric/networkfabrics" } ``` -## Deprovision a network fabric -+## Deprovision a Fabric To deprovision a fabric, ensure that the fabric is in a provisioned operational state and then run this command: ```azurecli Expected output: ```output {-  "annotation": null, -  "fabricAsn": 65046, -  "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkFabrics/NFName", -  "ipv4Prefix": "10.18.0.0/19", -  "ipv6Prefix": null, -  "l2IsolationDomains": [], -  "l3IsolationDomains": null, -  "location": "eastus", -  "managementNetworkConfiguration": { -    "infrastructureVpnConfiguration": { -      "administrativeState": "Enabled", -      "networkToNetworkInterconnectId": null, -      "optionAProperties": null, -      "optionBProperties": { -        "exportRouteTargets": [ -          "65048:10039" -        ], -        "importRouteTargets": [ -          "65048:10039" -        ] -      }, -      "peeringOption": "OptionB" -    }, -    "workloadVpnConfiguration": { -      "administrativeState": "Enabled", -      "networkToNetworkInterconnectId": null, -      "optionAProperties": null, -      "optionBProperties": { -        "exportRouteTargets": [ -          "65048:10050" -        ], -        "importRouteTargets": [ -          "65048:10050" -        ] -      }, -      "peeringOption": "OptionB" -    } -  }, -  "name": "NFName", -  "networkFabricControllerId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFCResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkFabricControllers/NFCName", -  "networkFabricSku": "M4-A400-A100-C16-aa", -  "operationalState": "Deprovisioned", -  "provisioningState": "Succeeded", -  "rackCount": 3, -  "racks": [ -    "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourcegroups/NFResourceGroup/providers/microsoft.managednetworkfabric/networkracks/NFName-aggrack", -    "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourcegroups/NFResourceGroup/providers/microsoft.managednetworkfabric/networkracks/NFName-comprack1", -    "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourcegroups/NFResourceGroup/providers/microsoft.managednetworkfabric/networkracks/NFName-comprack2" -  ], -  "resourceGroup": "NFResourceGroup", -  "routerId": null, -  "serverCountPerRack": 8, -  "systemData": { -    "createdAt": "2023-XX-XXT19:30:23.319643+00:00", -    "createdBy": "email@address.com", -    "createdByType": "User", -    "lastModifiedAt": "2023-XX-XXT06:47:36.130713+00:00", -    "lastModifiedBy": "d1bd24c7-b27f-477e-86dd-939e107873d7", -    "lastModifiedByType": "Application" -  }, -  "tags": null, -  "terminalServerConfiguration": { -    "networkDeviceId": null, -    "password": null, -    "primaryIpv4Prefix": "20.0.1.12/30", -    "primaryIpv6Prefix": null, -    "secondaryIpv4Prefix": "20.0.0.12/30", -    "secondaryIpv6Prefix": null, -    "serialNumber": "XXXXXXXXXXXXX", -    "username": "XXXX" -  }, -  "type": "microsoft.managednetworkfabric/networkfabrics" + "configurationState": "Deprovisioned", + "fabricASN": 65048, + "fabricVersion": "1.0.0", + "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/microsoft.managednetworkfabric/networkfabrics/NFName", + "ipv4Prefix": "10.2.0.0/19", + "ipv6Prefix": "fda0:d59c:df02::/59", + "l2IsolationDomains": [], + "l3IsolationDomains": [], + "location": "eastus", + "managementNetworkConfiguration": { + "infrastructureVpnConfiguration": { + "administrativeState": "Enabled", + "optionBProperties": { + "routeTargets": { + "exportIpv4RouteTargets": [ + "65048:10039" + ], + "exportIpv6RouteTargets": [ + "65048:10039" + ], + "importIpv4RouteTargets": [ + "65048:10039" + ], + "importIpv6RouteTargets": [ + "65048:10039" + ] + } + }, + "peeringOption": "OptionB" + }, + "workloadVpnConfiguration": { + "administrativeState": "Enabled", + "optionBProperties": { + "routeTargets": { + "exportIpv4RouteTargets": [ + "65048:10050" + ], + "exportIpv6RouteTargets": [ + "65048:10050" + ], + "importIpv4RouteTargets": [ + "65048:10050" + ], + "importIpv6RouteTargets": [ + "65048:10050" + ] + } + }, + "peeringOption": "OptionB" + } + }, + "name": "NFName", + "networkFabricControllerId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFCResourceGroup/providers/microsoft.managednetworkfabric/networkfabriccontrollers/NFCName", + "networkFabricSku": "NFSKU", + "provisioningState": "Succeeded", + "rackCount": 4, + "racks": [ + "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFCResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkRacks/NFName-aggrack", + "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFCResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkRacks/NFName-comprack1", + "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFCResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkRacks/NFName-comprack2", + "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFCResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkRacks/NFName-comprack3", + "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFCResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkRacks/NFName-comprack4" + ], + "resourceGroup": "NFResourceGroup", + "serverCountPerRack": 8, + "systemData": { + "createdAt": "2023-XX-XXT18:29:58.3785568Z", + "createdBy": "97fdd529-68de-4ba5-aa3c-adf86bd564bf", + "createdByType": "Application", + "lastModifiedAt": "2023-XX-XXT04:32:02.7129198Z", + "lastModifiedBy": "d1bd24c7-b27f-477e-86dd-939e107873d7", + "lastModifiedByType": "Application" + }, + "terminalServerConfiguration": { + "primaryIpv4Prefix": "20.0.1.0/30", + "secondaryIpv4Prefix": "20.0.0.0/30", + "serialNumber": "XXXXXXXXXXXXXX", + "username": "XXXX" + }, + "type": "microsoft.managednetworkfabric/networkfabrics" } ``` -## Delete a network fabric +## Deleting Fabric To delete a fabric, run the following command. Before you do, make sure that: * The fabric is in a deprovisioned operational state. If it's in a provisioned state, run the `deprovision` command. * No racks are associated with the fabric. + ```azurecli az networkfabric fabric delete --resource-group "NFResourceGroup" --resource-name "NFName" ``` -Expected output: +Sample output: ```output {-  "annotation": null, -  "fabricAsn": 65044, -  "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkFabrics/NFName", -  "ipv4Prefix": "10.21.0.0/16", -  "ipv6Prefix": "10:15:0:0::/59", -  "l2IsolationDomains": null, -  "l3IsolationDomains": null, -  "location": "eastus", -  "managementNetworkConfiguration": { -    "infrastructureVpnConfiguration": { -      "administrativeState": "Enabled", -      "networkToNetworkInterconnectId": null, -      "optionAProperties": null, -      "optionBProperties": { -        "exportRouteTargets": [ -          "65044:10039" -        ], -        "importRouteTargets": [ -          "65044:10039" -        ] -      }, -      "peeringOption": "OptionB" -    }, -    "workloadVpnConfiguration": { -      "administrativeState": "Enabled", -      "networkToNetworkInterconnectId": null, -      "optionAProperties": null, -      "optionBProperties": { -        "exportRouteTargets": [ -          "65044:10050" -        ], -        "importRouteTargets": [ -          "65044:10050" -        ] -      }, -      "peeringOption": "OptionB" -    } -  }, -  "name": "nffab2030823", -  "networkFabricControllerId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFCResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkFabricControllers/NFCName", -  "networkFabricSku": "SKU-Name", -  "operationalState": "Deprovisioned", -  "provisioningState": "Deleting", -  "rackCount": 3, -  "racks": [ -    "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourcegroups/NFResourceGroup/providers/microsoft.managednetworkfabric/networkracks/NFName-aggrack", -    "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourcegroups/NFResourceGroup/providers/microsoft.managednetworkfabric/networkracks/NFName-comprack1", -    "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourcegroups/NFResourceGroup/providers/microsoft.managednetworkfabric/networkracks/NFName-comprack2" -  ], -  "resourceGroup": "NFResourceGroup", -  "routerId": null, -  "serverCountPerRack": 7, -  "systemData": { -    "createdAt": "2023-XX-XXT10:31:22.423399+00:00", -    "createdBy": "email@address.com", -    "createdByType": "User", -    "lastModifiedAt": "2023-XX-XXT06:31:41.675991+00:00", -    "lastModifiedBy": "d1bd24c7-b27f-477e-86dd-939e107873d7", -    "lastModifiedByType": "Application" -  }, -  "tags": null, -  "terminalServerConfiguration": { -    "networkDeviceId": null, -    "password": null, -    "primaryIpv4Prefix": "20.0.1.68/30", -    "primaryIpv6Prefix": null, -    "secondaryIpv4Prefix": "20.0.0.68/30", -    "secondaryIpv6Prefix": null, -    "serialNumber": "XXXXXXXXXXXXX", -    "username": "XXXX" -  }, -  "type": "microsoft.managednetworkfabric/networkfabrics" + "configurationState": "Deleting", + "fabricASN": 65048, + "fabricVersion": "1.0.0", + "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroup/providers/microsoft.managednetworkfabric/networkfabrics/NFName", + "ipv4Prefix": "10.2.0.0/19", + "ipv6Prefix": "fda0:d59c:df02::/59", + "l2IsolationDomains": [], + "l3IsolationDomains": [], + "location": "eastus", + "managementNetworkConfiguration": { + "infrastructureVpnConfiguration": { + "administrativeState": "Enabled", + "optionBProperties": { + "routeTargets": { + "exportIpv4RouteTargets": [ + "65048:10039" + ], + "exportIpv6RouteTargets": [ + "65048:10039" + ], + "importIpv4RouteTargets": [ + "65048:10039" + ], + "importIpv6RouteTargets": [ + "65048:10039" + ] + } + }, + "peeringOption": "OptionB" + }, + "workloadVpnConfiguration": { + "administrativeState": "Enabled", + "optionBProperties": { + "routeTargets": { + "exportIpv4RouteTargets": [ + "65048:10050" + ], + "exportIpv6RouteTargets": [ + "65048:10050" + ], + "importIpv4RouteTargets": [ + "65048:10050" + ], + "importIpv6RouteTargets": [ + "65048:10050" + ] + } + }, + "peeringOption": "OptionB" + } + }, + "name": "NFName", + "networkFabricControllerId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFCResourceGroup/providers/microsoft.managednetworkfabric/networkfabriccontrollers/NFCName", + "networkFabricSku": "NFSKU", + "provisioningState": "Deleting", + "rackCount": 4, + "racks": [ + "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFCResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkRacks/NFName-aggrack", + "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFCResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkRacks/NFName-comprack1", + "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFCResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkRacks/NFName-comprack2", + "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFCResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkRacks/NFName-comprack3", + "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFCResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkRacks/NFName-comprack4" + ], + "resourceGroup": "NFResourceGroup", + "serverCountPerRack": 7, + "systemData": { + "createdAt": "2023-XX-XXT18:29:58.3785568Z", + "createdBy": "97fdd529-68de-4ba5-aa3c-adf86bd564bf", + "createdByType": "Application", + "lastModifiedAt": "2023-XX-XXT04:32:02.7129198Z", + "lastModifiedBy": "d1bd24c7-b27f-477e-86dd-939e107873d7", + "lastModifiedByType": "Application" + }, + "terminalServerConfiguration": { + "primaryIpv4Prefix": "20.0.1.0/30", + "secondaryIpv4Prefix": "20.0.0.0/30", + "serialNumber": "XXXXXXXXXXXXXX", + "username": "XXXX" + }, + "type": "microsoft.managednetworkfabric/networkfabrics" } ```--After you successfully delete the network fabric, when you run the command to show the fabric, you won't find any resources available: +After successfully deleting the Network Fabric, when you run a show of the same fabric, you won't find any resources available. ```azurecli az networkfabric fabric show --resource-group "NFResourceGroup" --resource-name "NFName" ``` Expected output:- ```output-The Resource 'Microsoft.ManagedNetworkFabric/NetworkFabrics/NFName' under resource group 'NFResourceGroup' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix +(ResourceNotFound) The Resource 'Microsoft.ManagedNetworkFabric/NetworkFabrics/NFName' under resource group 'NFResourceGroup' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix Code: ResourceNotFound ``` |
operator-nexus | Troubleshoot Isolation Domain | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/operator-nexus/troubleshoot-isolation-domain.md | For further instructions, see [Change the administrative state of an L3 isolatio When you're creating an isolation domain, VLAN IDs below 500 are reserved for infrastructure purposes and shouldn't be used. Instead, establish an external network with a VLAN ID higher than 500 on the partner end (PE) side to enable peering between the customer end (CE) and the PE (Option A peering). -For further instructions, see [Create external networks](./howto-configure-isolation-domain.md#create-an-external-network-by-using-option-a). +For further instructions, see [Create external networks](./howto-configure-isolation-domain.md#create-an-external-network-with-option-a). ## Isolation domain stuck in a disabled state (Option A) |
sap | Acss Backup Integration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/sap/center-sap-solutions/acss-backup-integration.md | If you have already configured Backup from Azure Backup Center for your SAP VMs Before you can go ahead and use this feature in preview, register for it from the Backup (preview) tab on the Virtual Instance for SAP solutions resource on the Azure portal. ## Prerequisites-- A Virtual Instance for SAP solutions resource representing your SAP system on Azure Center for SAP solutions.+- A Virtual Instance for SAP solutions (VIS) resource representing your SAP system on Azure Center for SAP solutions. - An Azure account with **Contributor** role access on the Subscription in which your SAP system exists. - Register **Microsoft.Features** Resource Provider on your subscription. - Register your subscription for this preview feature in Azure Center for SAP solutions. Before you can go ahead and use this feature in preview, register for it from th - To be able to configure Backup from the VIS resource, assign the following roles to **Azure Workloads Connector Service** first-party app 1. **Backup Contributor** role access on the Subscription or specific Resource group which has the Recovery services vault that will be used for Backup. 2. **Virtual Machine Contributor** role access on the Subscription or Resource groups which have the Compute resources of the SAP systems.- - You can skip this step if you have already configured Backup for your VMs and HANA DB using Azure Backup Center. You will be able to monitor Backup of your SAP system from the VIS. + - You can skip this step if you have already configured Backup for your VMs and HANA DB using Azure Backup Center. You will be able to monitor Backup of your SAP system from the VIS. + - Once you have completed configuring Backup from the VIS experience, it is recommended that you remove role access assigned to **Azure Workloads Connector Service** first-party app, as the access is no longer needed when monitoring backup status from VIS. - For HANA database backup, ensure the [prerequisites](/azure/backup/tutorial-backup-sap-hana-db#prerequisites) required by Azure Backup are in place. - For HANA database backup, create a HDB Userstore key that will be used for preparing HANA DB for configuring Backup. |
search | Cognitive Search Common Errors Warnings | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/search/cognitive-search-common-errors-warnings.md | Collections with [Lazy](../cosmos-db/index-policy.md#indexing-mode) indexing pol ## `Warning: The document contains very long words (longer than 64 characters). These words may result in truncated and/or unreliable model predictions.` This warning is passed from the Language service of Azure AI services. In some cases, it's safe to ignore this warning, such as when your document contains a long URL (which likely isn't a key phrase or driving sentiment, etc.). Be aware that when a word is longer than 64 characters, it will be truncated to 64 characters which can affect model predictions.++## `Error: Cannot write more bytes to the buffer than the configured maximum buffer size` ++Indexers have [document size limits](search-limits-quotas-capacity.md#indexer-limits). Make sure that the documents in your data source are smaller than the supported size limit, as documented for your service SKU. |
search | Cognitive Search Debug Session | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/search/cognitive-search-debug-session.md | |
search | Cognitive Search How To Debug Skillset | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/search/cognitive-search-how-to-debug-skillset.md | A debug session is a cached indexer and skillset execution, scoped to a single d + An existing enrichment pipeline, including a data source, a skillset, an indexer, and an index. -+ A **Contributor** role assignment in the Search service. ++ A **Contributor** role assignment in the search service. + An Azure Storage account, used to save session state. A Debug Session works with all generally available [indexer data sources](search + For the SQL API of Azure Cosmos DB, if a partitioned collection was previously non-partitioned, a Debug Session won't find the document. ++ Debug sessions doesn't currently support connections using a managed identity or private endpoints to custom skills.+ ## Create a debug session 1. Sign in to the [Azure portal](https://portal.azure.com) and find your search service. |
search | Search Indexer How To Access Private Sql | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/search/search-indexer-how-to-access-private-sql.md | Although you can call the Management REST API directly, it's easier to use the A + You should have a minimum of Contributor permissions on both Azure Cognitive Search and SQL Managed Instance. ++ Azure SQL Managed Instance connection string. Managed identity is not currently supported with shared private link.+ > [!NOTE] > Azure Private Link is used internally, at no charge, to set up the shared private link. |
storage | Soft Delete Blob Manage | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/storage/blobs/soft-delete-blob-manage.md | -Blob soft delete protects an individual blob and its versions, snapshots, and metadata from accidental deletes or overwrites by maintaining the deleted data in the system for a specified period of time. During the retention period, you can restore the blob to its state at deletion. After the retention period has expired, the blob is permanently deleted. For more information about blob soft delete, see [Soft delete for blobs](soft-delete-blob-overview.md). +Blob soft delete protects an individual blob and its versions, snapshots, and metadata from accidental deletes or overwrites by maintaining the deleted data in the system for a specified period of time. During the retention period, you can restore the blob to its state at deletion. After the retention period has expired, the blob is permanently deleted. You cannot permanently delete a blob that has been soft deleted before the retention period expires. For more information about blob soft delete, see [Soft delete for blobs](soft-delete-blob-overview.md). Blob soft delete is part of a comprehensive data protection strategy for blob data. To learn more about Microsoft's recommendations for data protection, see [Data protection overview](data-protection-overview.md). |
storage | Storage Use Azcopy Authorize Azure Active Directory | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/storage/common/storage-use-azcopy-authorize-azure-active-directory.md | To learn more, see [Access control model in Azure Data Lake Storage Gen2](../blo <a id="authorize-without-a-secret-store"></a> -### Authorize a user identity +## Authorize a user identity After you've verified that your user identity has been given the necessary authorization level, type the following command, and then press the ENTER key. After you set these variables, you can run any azcopy command (For example: `azc <a id="service-principal"></a> -### Authorize a service principal +## Authorize a service principal This is a great option if you plan to use AzCopy inside of a script that runs without user interaction, particularly when running on-premises. If you plan to run AzCopy on VMs that run in Azure, a managed service identity is easier to administer. To learn more, see the [Authorize a managed identity](#authorize-a-managed-identity) section of this article. azcopy login --identity --identity-resource-id "<resource-id>" Replace the `<resource-id>` placeholder with the resource ID of the user-assigned managed identity. -## Authorize a service principal (azcopy login command) +### Authorize a service principal (azcopy login command) Before you run a script, you have to sign in interactively at least one time so that you can provide AzCopy with the credentials of your service principal. Those credentials are stored in a secured and encrypted file so that your script doesn't have to provide that sensitive information. |
virtual-desktop | Configure Single Sign On | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-desktop/configure-single-sign-on.md | Clients currently supported: - [Windows Desktop client](users/connect-windows.md) on local PCs running Windows 10 or later. There's no requirement for the local PC to be joined to a domain or Azure AD. - [Web client](users/connect-web.md). - [macOS client](users/connect-macos.md) version 10.8.2 or later.+- [iOS client](users/connect-ios-ipados.md) version 10.5.1 or later. +- [Android client](users/connect-android-chrome-os.md) version 10.0.16 or later. ## Things to know before enabling single sign-on |