Freshness

Xelu86 · Xelu86 · commit 1035865a0b4f · 2026-03-16T13:54:57.000-04:00
diff --git a/articles/sap/monitor/set-up-network.md b/articles/sap/monitor/set-up-network.md
@@ -1,15 +1,16 @@
 ---
-title: Set up a network for Azure Monitor for SAP solutions 
+title: Set up a network for Azure Monitor for SAP solutions
 description: Learn how to set up an Azure virtual network for use with Azure Monitor for SAP solutions.
 author: MightySuz
 ms.service: sap-on-azure
 ms.subservice: sap-monitor
 ms.topic: how-to
-ms.date: 08/22/2024
+ms.date: 03/16/2026
 ms.author: jacobjaygbay
 #Customer intent: As a developer, I want to set up an Azure virtual network so that I can use Azure Monitor for SAP solutions.
 # Customer intent: As an IT administrator, I want to configure an Azure virtual network for Azure Monitor for SAP solutions, so that I can ensure proper data collection and monitoring of my SAP environment.
 ---
+
 # Set up a network for Azure Monitor for SAP solutions
 
 In this how-to guide, you learn how to configure an Azure virtual network so that you can deploy Azure Monitor for SAP solutions. You learn how to:
@@ -33,10 +34,10 @@ For more information, see how to [integrate your app with an Azure virtual netwo
 
 ## Use Custom DNS for your virtual network
 
-This section only applies if you're using Custom DNS for your virtual network. Add the IP address 168.63.129.16, which points to Azure DNS Server. This arrangement resolves the storage account and other resource URLs that are required for proper functioning of Azure Monitor for SAP solutions.
+This section only applies if you're using Custom DNS for your virtual network. Add the IP address `168.63.129.16`, which points to Azure DNS Server. This arrangement resolves the storage account and other resource URLs that are required for proper functioning of Azure Monitor for SAP solutions.
 
 > [!div class="mx-imgBorder"]
-> ![Screenshot that shows the Custom DNS setting.]([../../media/set-up-network/adding-custom-dns.png)
+> ![A screenshot showing the Custom DNS setting in Azure portal.]([../../media/set-up-network/adding-custom-dns.png)
 
 ## Configure outbound internet access
 
@@ -88,21 +89,21 @@ You can use this option after you deploy an Azure Monitor for SAP solutions reso
       1. On the NSG menu, under **Settings**, select **Outbound security rules**.
       1. Select **Add** to add the following new rules:
 
-    | Priority | Name                | Port | Protocol | Source | Destination      | Action |
-    |--------------|--------------------------|----------|--------------|------------|----------------------|------------|
-    | 450          | allow_monitor            | 443      | TCP          |  Azure Functions subnet           | Azure Monitor         | Allow      |
-    | 451          | allow_keyVault           | 443      | TCP          |  Azure Functions subnet           | Azure Key Vault        | Allow      |
-    | 452          | allow_storage            | 443      | TCP          |   Azure Functions subnet          | Storage              | Allow      |
-    | 453          | allow_azure_controlplane | 443      | Any          |   Azure Functions subnet          | Azure Resource Manager | Allow      |
-    | 454      | allow_ams_to_source_system | Any  | Any   |  Azure Functions subnet | Virtual network or comma-separated IP addresses of the source system | Allow      |
-    | 455          | allow_monitor_for_sap    | 443      | TCP          |  Azure Functions subnet           | AzureMonitorForSAP         | Allow      |
-    | 660          | deny_internet            | Any      | Any          | Any        | Internet             | Deny       |
+      | Priority | Name                | Port | Protocol | Source | Destination      | Action |
+      |--------------|--------------------------|----------|--------------|------------|----------------------|------------|
+      | 450          | allow_monitor            | 443      | TCP          |  The Azure Functions subnet           | Azure Monitor         | Allow      |
+      | 451          | allow_keyVault           | 443      | TCP          |  Azure Functions subnet           | Azure Key Vault        | Allow      |
+      | 452          | allow_storage            | 443      | TCP          |   Azure Functions subnet          | Storage              | Allow      |
+      | 453          | allow_azure_controlplane | 443      | Any          |   Azure Functions subnet          | Azure Resource Manager | Allow      |
+      | 454      | allow_ams_to_source_system | Any  | Any   |  Azure Functions subnet | Virtual network or comma-separated IP addresses of the source system | Allow      |
+      | 455          | allow_monitor_for_sap    | 443      | TCP          |  Azure Functions subnet           | AzureMonitorForSAP         | Allow      |
+      | 660          | deny_internet            | Any      | Any          | Any        | Internet             | Deny       |
 
 The Azure Monitor for SAP solution's subnet IP address refers to the IP of the subnet associated with your Azure Monitor for SAP solutions resource. To find the subnet, go to the Azure Monitor for SAP solutions resource in the Azure portal. On the **Overview** page, review the **vNet/subnet** value.
 
 For the rules that you create, **allow_vnet** must have a lower priority than **deny_internet**. All other rules also need to have a lower priority than **allow_vnet**. The remaining order of these other rules is interchangeable.
 
-## Troubleshooting Networking Issues
+## Troubleshooting networking issues
 
 When configuring providers in Azure Monitor for SAP solutions, you might encounter connectivity issues between Azure Monitor for SAP solutions and your SAP environment. In this section, we provide guidance on how to troubleshoot these networking issues.
 
@@ -111,36 +112,44 @@ When configuring providers in Azure Monitor for SAP solutions, you might encount
 
 ### Hostname resolution issues
 
-When you add a provider in Azure Monitor for SAP solutions, it needs to resolve the hostname of the system that you want to monitor. For monitoring different systems, like SAP HANA or SAP NetWeaver, Azure Monitor for SAP solutions deploys Azure Function apps. These function apps make a connection to your source system and run the checks. In this section, we see how to check if the Azure function app is able to resolve the hostname for your SAP system. If your provider onboarding fails due to hostname resolution issues, you can follow these steps to troubleshoot:
+When you add a provider in Azure Monitor for SAP solutions, it needs to resolve the hostname of the system that you want to monitor. If you want to monitor different systems, like SAP HANA or SAP NetWeaver, Azure Monitor for SAP solutions deploys Azure Function apps. These function apps make a connection to your source system and run the checks. In this section, we see how to check if the Azure function app is able to resolve the hostname for your SAP system. If your provider onboarding fails due to hostname resolution issues, you can follow these steps to troubleshoot:
 
 1. Go to the Azure portal and navigate to your Azure Monitor for SAP solutions resource.
 1. Now, open the managed resource group for your Azure Monitor for SAP solutions resource. You can find the name of the managed resource group in the **Overview** page of your Azure Monitor for SAP solutions resource.
-   :::image type="content" source="./media/set-up-network/managed-resource-group.png" alt-text="Screenshot showing the managed resource group." lightbox="./media/set-up-network/managed-resource-group.png":::
+
+   :::image type="content" source="./media/set-up-network/managed-resource-group.png" alt-text="A screenshot showing a managed resource group in the Azure portal." lightbox="./media/set-up-network/managed-resource-group.png":::
+
 1. In the managed resource group, find the Azure Function app that is associated with the provider that you're trying to onboard. The naming convention for the function app is **<provider_type>-<unique_identifier>**. For example, if you're trying to onboard an SAP HANA system, look for a function app with the name **saphana-<unique_identifier>**.
-   :::image type="content" source="./media/set-up-network/azure-function-apps.png" alt-text="Screenshot showing the Azure Function apps." lightbox="./media/set-up-network/azure-function-apps.png":::
+
+   :::image type="content" source="./media/set-up-network/azure-function-apps.png" alt-text="A screenshot showing the Azure Function apps in Azure portal." lightbox="./media/set-up-network/azure-function-apps.png":::
+
 1. Open the function app and search for **Development Tools**.
 1. Open **Advanced Tools** in the left-hand menu then select **Go** to open Kudu.
-   :::image type="content" source="./media/set-up-network/open-advanced-tools.png" alt-text="Screenshot showing how to navigate to Advanced Tools." lightbox="./media/set-up-network/open-advanced-tools.png":::
+
+   :::image type="content" source="./media/set-up-network/open-advanced-tools.png" alt-text="A screenshot showing how to navigate to Advanced Tools in the Azure portal." lightbox="./media/set-up-network/open-advanced-tools.png":::
 
 Now as we have access to Kudu, we run the following checks to troubleshoot hostname resolution issues:
 
 #### Check if Azure Function is integrated with virtual network
 
 Follow these steps to check if the Azure Function app is integrated with the virtual network:
 
-1. In Kudu, Select the **Environment** tab.
+1. In Kudu, select the **Environment** tab.
 1. Now, search for **WEBSITE_PRIVATE_IP** in the environment variables list.
 1. Verify that the value for **WEBSITE_PRIVATE_IP** is an IP address from the subnet that you configured for Azure Monitor for SAP solutions.
-   :::image type="content" source="./media/set-up-network/website-private-ip-address.png" alt-text="Screenshot showing the website private IP address." lightbox="./media/set-up-network/website-private-ip-address.png":::
+
+   :::image type="content" source="./media/set-up-network/website-private-ip-address.png" alt-text="A screenshot highlighting a website private IP address in Azure App Service." lightbox="./media/set-up-network/website-private-ip-address.png":::
 
 #### Check hostname resolution from Azure Function
 
 Follow these steps to check if the Azure Function app can resolve the hostname of your SAP system:
 
 1. In Kudu, Select the **SSH** tab.
-1. In the SSH to Kudu, click on the **Start Connection** button. This opens the debug console in a new tab. The debug console is a terminal where you can run commands to check connectivity and troubleshoot issues.
-   :::image type="content" source="./media/set-up-network/open-kudu-debug-console.png" alt-text="Screenshot showing the Kudu debug console." lightbox="./media/set-up-network/open-kudu-debug-console.png":::
-1. Now you have access to a terminal where you can run commands. Run the following command
+1. In the SSH to Kudu, select the **Start Connection** button. A debug console opens in a new tab. The debug console is a terminal where you can run commands to check connectivity and troubleshoot issues.
+
+   :::image type="content" source="./media/set-up-network/open-kudu-debug-console.png" alt-text="A screenshot showing the Kudu debug console." lightbox="./media/set-up-network/open-kudu-debug-console.png":::
+
+1. Now you have access to a terminal where you can run commands.
 1. To check if the hostname of your SAP system is resolving correctly, run the following command in the terminal, replacing hostname with the actual hostname of your SAP system:
 
    ```bash
@@ -149,23 +158,26 @@ Follow these steps to check if the Azure Function app can resolve the hostname o
 
 1. To check if the Azure Function app can connect to your SAP system on the required port, run the following command in the terminal, replacing hostname with the actual **hostname** of your SAP system and port with the actual **port** number that your SAP system is listening on. To find the port number, refer to the documentation section on [Allow inbound traffic](#allow-inbound-traffic) and find the port number for your provider type:
 
-    ```bash
-    timeout 5 bash -c "</dev/tcp/hostname/port" && echo "Port Open" || echo "Port Closed"
-    curl -v telnet://hostname:port
-    ```
+   ```bash
+   timeout 5 bash -c "</dev/tcp/hostname/port" && echo "Port Open" || echo "Port Closed"
+   curl -v telnet://hostname:port
+   ```
 
-1. If the hostname resolution is working correctly, you should see the IP address of your SAP system in the output of the nslookup command. If the connection to the required port is working correctly, you should see "Port Open" in the output of the timeout command and a successful connection message in the output of the curl command.
+1. If the hostname resolution is working correctly, you should see the IP address of your SAP system in the output of the `nslookup` command. If the connection to the required port is working correctly, you should see "Port Open" in the output of the timeout command. A successful connection message in the output of the curl command is displayed.
 1. If you see any errors in the output of these commands, it indicates that there's a connectivity issue between the Azure Function app and your SAP system. You can use the error messages to further troubleshoot and identify the root cause of the issue. Common issues include incorrect DNS configuration, NSG rules blocking traffic, or firewall rules blocking traffic.
 
 ### Check effective network rules
 
-When trying to resolve connectivity issues, it's important to check the effective network rules for your Virtual Machine or subnet. Effective network rules include NSG rules, user-defined routes, and firewall rules that are applied to your resources. These rules can affect the connectivity between Azure Monitor for SAP solutions and your SAP environment. In this section, we see how to check the effective network rules for your Virtual Machine or subnet:
+When trying to resolve connectivity issues, it's important to check the effective network rules for your virtual machine (VM) or subnet. Effective network rules include NSG rules, user-defined routes, and firewall rules that are applied to your resources. These rules can affect the connectivity between Azure Monitor for SAP solutions and your SAP environment. In this section, we see how to check the effective network rules for your VM or subnet:
 
-1. Go to the Azure portal and navigate to your Virtual Machine that's hosting your SAP system.
+1. Go to the Azure portal and navigate to your VM that's hosting your SAP system.
 1. Search for **Network Settings** in the left-hand menu and select it.
-1. Open the **Network Interface** associated with your Virtual Machine.
-   :::image type="content" source="./media/set-up-network/vm-network-interface.png" alt-text="Screenshot showing the network interface of the Virtual Machine." lightbox="./media/set-up-network/vm-network-interface.png":::
-1. Search for **Effective routes** in the left-hand menu and select it. This shows you all the effective routes that are applied to your Virtual Machine. Review the routes to check if there are any routes that might be blocking traffic from Azure Monitor for SAP solutions.
+1. Open the **Network Interface** associated with your VM.
+
+   :::image type="content" source="./media/set-up-network/vm-network-interface.png" alt-text="Screenshot showing the network interface of the VM." lightbox="./media/set-up-network/vm-network-interface.png":::
+
+1. Search for **Effective routes** in the left-hand menu and select it. This shows you all the effective routes that are applied to your VM. Review the routes to check if there are any routes that might be blocking traffic from Azure Monitor for SAP solutions.
+
    :::image type="content" source="./media/set-up-network/effective-routes.png" alt-text="Screenshot showing the effective routes of the network interface." lightbox="./media/set-up-network/effective-routes.png":::
 
 ## Next steps
