From 05fa995462b2b64cdc4809b666496ff340e515fd Mon Sep 17 00:00:00 2001 From: Amy Zhou Date: Thu, 27 Apr 2023 17:06:20 -0700 Subject: [PATCH 01/15] add bgp instructions --- .../do/images/mcc-isp-bgp-diagram.png | Bin 0 -> 41292 bytes .../deployment/do/images/mcc-isp-bgp-route.png | Bin 0 -> 6361 bytes .../do/mcc-isp-create-provision-deploy.md | 13 +++++++++++++ windows/deployment/do/mcc-isp-faq.yml | 2 ++ windows/deployment/do/mcc-isp-signup.md | 2 +- 5 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 windows/deployment/do/images/mcc-isp-bgp-diagram.png create mode 100644 windows/deployment/do/images/mcc-isp-bgp-route.png diff --git a/windows/deployment/do/images/mcc-isp-bgp-diagram.png b/windows/deployment/do/images/mcc-isp-bgp-diagram.png new file mode 100644 index 0000000000000000000000000000000000000000..9db7e0c6f49610d9a5a7c95a159bfd82f8a704c2 GIT binary patch literal 41292 zcmX_n1ymc~)Aj-_E^V>mv=oYKad(P4#S0X7hv3BuMM{z2?i2#W-HH{5puviJa1HR~ z_kYj%a?YM)cjw-nJ2Q9Y*_la{x~e=LHaRu`0C*o2WHbQ)<@Ub=6CHWwYlHkI@(aaX zQ(g+F8l&7po;mJMmWzVEI{;8c{&%3nZ=G5KK<>YfGLqUpCP!Hq zK14dOh==EIzLuJ5)C79fSjcPtQ6!d9!=&0{%cG;kobpr23tRES36RDUl~6!^hS^T{ zSsLr+aYvM=HfHT3le!Ny5ar(nEKlEI0+a;9EHZcn9G-^^>%X))pw3a!e9{@VI|iYOzH58 zen+d)j;aGG#4^b+yxiaV@wjiM6$MFi^V-4OEQQwAA+Kh#eA4&@H;p7P-ec!c?D;MMDkY*;eM}uT01G6^ihum;~#cMLK)aVEki>o21B_vY+Z**ri zkE3_*b!?|;X;B5DV~-4_)^FpR02-GewbGDH?!$kh39DVJZzKBfUqt+*l2+shXD(Wv z`VA#G)QCwhg5YtsmZUM699Jya$6z9v%nhx`P1Y1@%n_cpH?A-tE%K{--%3=ZFF|J9 z<#;tFN_za%b%ep)cI}yzPR@RG{tZJu0;Raz@h-&Y3MtK4m-UgTx+!0liZEl-pS=^T zL6J%aMsyqVt=+!|w<+5wkTjC>^T~ET>@_v68T9k%O&C`|ji`|MmS<+g)<4ZhpqT)< zV*ZV$8h03Le2G)=KYLo~I&#_~I#XTIo5a3`rNU4ze*kb{Qj{8@+TlL<6h0+1NanDn z=qE-18)hXW<7n9Wgy2My43fl=34^PC%%je2_*80Sj=aw8M~d^egxAlX3ESKh`^DNB z`B_ApByzp{e(!l*2{m$CNRbbZ`Wb9B`;wWsAHNMXuC*&bG>JK&);rl#(n?pO_Zcu) zTW!YDo6cPxw=*T8w)r(rxl8yXKVpQtl#82ixE`s4wK>N2G(n9K)^~dj35+Q^*FYEl znr7=OUyg#Bn>ov3l6nmQ=nN&4uuRpIE4unZ7W^y=94y|I1|5OHH@@sq1AsrdAc0>* z6xH>oxD*($7VlE5lZMMwFeQ4;izTZg26Q#5M|4_#;BVsI{08Ge8D#ll($dLZai@{^ z95^v(`jG$Z)lez4r}z6r6#k~;{9tl}U#(fb;t>gG3k_(C`1Oj-GJ@ls0kHcK9+s{l zu-s?!7Zvcq=kvD2%+&u-jWczlK~Eqt`(>rg^5ub2g&``^;1jZOSN_b|W;VADJ5De+bGHbpXy~(iZ`y6cuoMDqSwvNjgQUig( z+>v1m&i-M8n6%jRK;XyzqhpaqUh^+#YieI8+oG-8aC90`fg6!M3x`W_kJ;z?CSjO4GXt>I^Q2^|}6Z*Bx2pi}L%339(_|oeP8n(bD0B|44IB&8rLG#1` zg7vyAU`I;uq0+Btz!ya;6~EV-IKh$s08*>o^@%ieU=3HXOl*OHt(l%1<+T$=u)O-> zisL|+`6pa}*3YF|g3J)2ruB(&2JMGE^GmYr#}HM zEPp@g!Q!}GzbWA%cN!UZUp|-V1)!HWNr3MN2LNw#lWGOIZd5?eY^C}5E8-Ld2yWF# z$8;F-;?cje}o9 zzB?7rq6zW0Kw%^+%> z&j0}LYqRCjXXU7JLXn`BPy5v05X)kMP~fCzMQ*lgNJl5VJp;<%G~Sz z5%|;iOmD$B0Pq+$C1VRyrHMtwKOs2W7&q<2IOj$K&R#j}UIiquB7X*tn~QrTS%}an zJOgN*&1o)hxFmxK@;40%PXD`$chwuIaf2cjHud&~G9z=ZnSz@13|boXeM#oB-%8g)QLPu z*H4%F94mAZ4I;_q6Oc@}n1UoDOB(yj)#9OzMS>nIU&HT1jTV11g7jsqR&w!TDqR*X zw#$5jco880!TGrOQxa|dl$3Ee$o|zZKUUwtMXi&u`ziR^>A3FWq=JLd!6pylV2 zuHI_0isB`m)Qh)ygzG_I+Bi=go01za4@!uXPow0qIgRx@bU6YyjQi89GIO%8OF$#t zNCP9dC49Z_so1E)KTS1DOyz*zA-6~gtk3KJM}ho<&o><$64npD#JvzrOYpHQ;r)ce zrZ;24`Utj46MW#fFR;bnwWte^A|>cS2_qE4NjBAv%d9F-ifPJD=kf90+4e7sUf)FF zkk;mMYx9(Z`+CY3M;YHx55kBWUCZkaUU-}Ikm;I zw>^6CN^FF>iTGYhm$Ljg#J(E-1-TY>`PZAZJ&bb-14Px$&ht%Ci{5u369lq!)w?+OAq9%{cN1$@mS71z zBbT!`ZHoAL$|c3_uyuBxK#g6)gvE3033+&+1YSmC5!|reyP|x~N#c6hkAoP|`BXrF zLo$+*Jp#@_$D?8we$Kt#da5q+EE2VssTWDn;4^*9W)Z2?M_O-?pdgJDdBMbKFFODPW%dA)5 zc-$TOKH8C|mSQ!LAZ74HWR2D;&(7?mD;#s$@9KED6+HjIZq%kMdQVWoaMYrq-kZ|% z<>|dLU+_=Q?KEa>xz})cS=slc6Cg5y`Kh;;xJTV9& z!_>&N*{m0N|zD|Qoqc3PeY@e1_WT|6Q@#FsN#o>E7y}ZSUd%c2onIzCN#gj;$FprrsR3de(uO|L2KTr_^NC!!#xE zY5WQPv`d%3#R(hJy)^JD;?E8WUm;1uJ;p4}0$0GBZzb-3k!B$7={rA&u0+=>&a^jS zbbc4_gBqd++pmpzg9>&`ZU68xi6zGlEJtlE*IepgHc#%$Q0Xa4(n48w2{!aAI*^J#40LM6H7!Y3i} z%SY2rJP3i)%FIO*>k2&K9!KLEaa&YofA1RqWG!Qr_vb!GqX7S*)E3-*v1h$HHGNH* zqJpvLg=B-p0_30zMoIA4IX1SvK>ZMoGME24pp9KrKG8mV!0C0wbLoKK;g=Ep)AiAs z2;+SrpI7w=SLHb9VdTFH{W7=mq3zmqR{PQ$O2!eRRpFezVq=NdzZXvJ_>QDFNCFg( zOW-OT_E=%fomYoS+KoqQUiZ8NA<`cgv!)H)fz+ zb5q`hr@qlwDdy`TbYKj(=l?AG<|nG2?l9`fI7cnZC)edc#|Z;W)oTy<&wuUt!`rog zE31^NH&Th}Z@$51QJH?HHb!V+N)9%ADwindTS z$}*UP2CrJ*R5$frNevPIRT?8TdwPak%z|z872oZ%OFon}Y5{?`m0g&=y5D9aqbSFQ z2LYmmbp~xsE-c~lv$SC&Pue10Mh;!Ton`K!$a@omg`rB%$NSxadmIYwwH5!KR(Q>R zXE=54ljzmE_Q!P!C}M{RT6p~obTH#B%aF&(+XBgDoDo+hrtsnxrTN|nnf=`;=}%ef zNToAZGrJ}bbS8@0RXHD*=WH#xDcku+KpVf?NutW-Xpwi%rgrwYXd>ZzZ6yhsm3q|g zdfdAJ+AgZX?C5Z(G`k1zekp*RkvKt)hx|1)BJHbO6l}R%blm zUj(p8WxLBISFIk%yU`=pl=Y zES}aWb!S50Sf0$FVGqEx#I7;y5o2v6+TbD*fjU>0-U>_RdD2P9w~B z7vClBO!F`fw+rBbrYK0$Ut{rKHFh#=^m|84*k9>r!LS0c3;{sv|DM$A`Opr>z*?S^ zty1J71uG1I8wTu#arfI!FXIvCUFyZ|M*=sh(M=3|YPUuUZC1--2DI(!y-EA=PPy1S zWuE1JUE&M`qcTErpKfG{kBBWJu; z9n3H3gO6OZ60rHU;e4VXC?($9|A&aaB$g-M{{&^+>h)04d$Is^ol3!-`7+@TYFm3y zq`V96xo|C0gjy-b>@~burrW(8c#;q4iMia^Y)*fqGdp%B@zbLo_v(z7i3$pH@>5x& zrg5x|ft}{~u1Vhg)|AGMo&W6p>#+P&jb7y&I286w;@Hd-XrqmJ)c0gN!CKTO-=)rd zQB3tLTaxE?YZyFDY8sR=%LEd(EG(8Lnc6_PHdOKY)Zu@T%6SN}Z)k9ucH4Age$@R4 zGGv{LPu#(G$CJf+NR!Xb&1JX18<;t$CtcxG)@Ke+ULnw?PA&%= zIk>6S#4en%9e5@#QpZXib80U3N^<^U2FHLhfI;I!;q|^ZjOmcitIbkG>c9zZ`Vftv zTbN1U?N)1++-S*|mUnvjLN$HQW~|O0cbvbZ6HQQfWiR^?Clo%fuSKPP~c&`dB6D}RT5cRSXGba;Gkn|J0_SmuW3TPDu z59SaS8=rk=CL*`x5-m1q8%4V&RrpxaxX4L}{~B9x-=E2q zjqH?`l6qXJvrR-A1=0ihpu;8_jc{<=UR!*j%T{`Q#M)J`s}guHTlv9ZzPfJ8G%%ob zxGoE7*)JBF9{(vJZ|I;;&b0U>G++CHAwb+GVcC^i)8(46=3ewdW5^8(S`wOeyx4!y z9@UgiUV`PPD)r{YRby)^+IEAOXxG6_eQ9i>!V($;X>!Htj7!W2)ODZTj@u(@ zuVn;kg+K?D+*oTHrM5VV2dCs0KK<#W&PzA$&o~~&rV`+))Gix$He~(ZLwm*EQZulf z3nis(O~G^*^+6T(zzL%j0}Uyu{AdRMlW?_FR$Ud(wdULcmL{7V#C3jCf2m>R0iZc*V^GlwUnf8@C8`$e~`YVy0{O+%a(HPxZS4WyK;mzbZ>@u z_tbavFMOO7gYz;rSASXVl@t~^A?N14%@X$3Z1p;tS^>4*WK|{Dm%=h->;$bUwHP2# zN^?ek19!4Cp?v0vA}PW;%||alhar)r&LLl~EY5Mn6)aIRG#m9#wF^`WVDyUq{?-q7 zmuJGgn<07@G>jPa-6kPNK0bB5XdG{O5?9;(_(#)uzef|Zcs1(8n|T|=8OlFD+bW3< z)3B0%{scE^;dlzr&a)KX=i?Zv-2cFnEyh9dR>k=H?~*jc+*at`(K>ty3lC3a13tJ) z%s}9ex*=ml`a)uKI!yoXJ~bvt4i!SjlDOLH4M9A$!aG_Y`sOUB_r1vE-n5r&DOC15 z=hAG`j1iwUuYfk_^wCbY?crLVv*2)-V#}+;g*xkT>RT$avo33OyNFA=I++z>AN2dC z3!m3r2QGg$H#Ro*xx)Al*})!@}8Em2vAP z?|D5^KdZrJp42^FO_UKr00+Z+hMwl`Edz2Ygt z>FqfN*W|KBwd&QMCCkb{tGR13$e{!A6m zSR*#Y{g>Jh9a7&zd76NWoJeZWw{ks5HlJC~GhaM^wt;w>lB6V}RFM;BhxfwLl{Fby z^&T_JF4XLLM#gAJ`PwClyKmznjXI9qs7V6MZk*ruopgF4PrA%@y4YKcq?q!>i?05U z@V4v6<#@5jP5cU(A+_VM4~~A|SVOI{Dbv56>2(h#K^w8HAt52Q$ca)0w(W(29!0W5 z{ZdqO#PAX^eB&qP7lc+NyQduIb+c&8sZLOq9M8ZUro|O{kSUH%gw!0wv?PPydCIx- zfk6pjKl>{|=iyi2!<`1iq`fc@aVjr($;Pqcs0%Ss(W^2_xIg2%`Q)!Gc7^2C?2Ojg zLii^Ot5h?DMY%dA8rfHO{2nc<5p%%G3-5h-VwsM?RiRgIuM|C}Oz(cd2#dDy3?l z{0H5{9?A_Tr!P{bbTM28oO+6JHSsF(|8TlWf`^c%l4FMZ(?SD`TB6ba=b&P*cZL_Z z!TldOPm@||%_4QpQEj*@_5x06F-FH=ECs(@by^Kq&n9uAHP`x5P&pD8t$w|aD7v5a z9LZW|RaE`h8j?@s%v6DVYb|+EO#UaLp8+dTPdU4jhi)w47ZQp1;}jJO>hEZ!KA&NV zaipHy*983Wk%)U?V*ZEOS@h6(LyW+j_J6q6&xNMOBWJzG28kgClQ@-r9QQ9v@nW7> zhJl|~=hc+`?(W@e9EAV*W{;(V1XCSRt{0^JW7biQ*22_PKybYKMt^LrgPp^y@A9U; zKRa zTqw%=TRo|luQjqzoE}3 zYK>Qk8%-SL;7DuJRe^kM@L3CbZLQe%LkMk&MWa>ln*#=d$jpi0yXK*wmmuGGoB0{S z_|NU*KRBDjz`M1a`2p|lA3|7>&y+j4O1FW)Sk7ka@aD%cr-AJ~I73cq>fq5ydiS-i zGaB$1#ihv-0gcKW?_HPsJV-gHg;~pzos!~}VGLiax1XYXnB4R=JQcmQKfBF`LI{GN z@;zuftIq30Ox!I;F8>?BgIUW~k-XbHAV|^Nnd&bk^>xV<4V~bOsDIDq{N#raZW@{| z<-Z`=r@I4)Xf!c1)mak=23E-i+xKolm2nr>Bv+)!G{Gz5tmCul1xKhr6lYHrGRx%9 zQa2UFI%aIe>d-A*coa@4cHPF>j4cbbq(lIM&su8$K$hR53uhaTi3jR}pM2z&a z(kouM%KAAx!0uY7nT}5u{vb`%KBl44KvDjP9H?SYOWM|m#^~bN-D#Pv$a+3=3~ZtY znx@M$Q3K;Bi5OkyH=ed)NI!NwoJT|;;e`6XOGiz<^l^~DV!@d27_|H$LuhMMH(O1< z8!;lUNs&ZoNFrg*JG1f@=)mNAPTxQ$V?YE@rUu|$aJz8U3d#3J(Qa~i`S_GAb?Z5-v&EwRscO2w0i1(fc5h3>WR!|}ws+0% zlsE%Ay?3AA#K9oSmqI6Q2qXZ4ajK~tNvxRis!q9XdZr19#N*D;&V}ALMALVJaHNl@Y^c{L;Z%ap@Mq!{Dshi>z95H5A<0*S+OoUsaPkX~@Ax&VG;xZLEd9(!vKbif7u`Vn zP}j(R$qjF_B|AZ{4q}P|`>QOnwLu@3(zzzSOlRjHwQlIqv5|EnE|G(*xi(=?i-8|o zFV=f%G>=@CK{Y0(N63nKcUhcw3ppw>k~T}*IAk7s?-h+MA-f0;Wbc$QP=PaG%%hE^ zOXo6N_G1Sp@ofD$8nA?^wvzG)yO_d1$g3eakj?L<0#-t`=zYyjP*8}}6_Pe_K4Ve= z&0jSMkNZv!9brT-N{|NKZI-yhe236hNZD>iqb@%{8RSK_7gTntJg!z?BD1(DQK@AtHHkmEZ-V>jj3z>q(79wDcO~C9-`DM}y z$_Z|R)`Zmw#i*!*-?O`=%qCzHC6mwh*q8vhDd~3KS0b^N4j6BS? z)yARP?%K%$6>1WbfbZ_jA+fG)jYq~po(Df~;Va|zs#sHXZSNG-7=_t(xi$D>=l z=pvHY*VJXd~=ie>x9{OmSwE%-(Dn+>VlDzkwq$`LXjLxF6u`g1U5Rc z8|~O3n+v+=zf`nj!!~CckmwD_mVKgdvSzAe_vBJcYQ1>&HF63CXrr-KHaYMaAe_N; z2V4E8$XXZPfIIlC3e^fsAGPv*ci0Eu27jz>Xqfu)n;}84UINQw#rVgtK7956xS)Ek zY(mgDSs+RcaM0@6O}Q7TAnSl`nPpWwfWT6LiDG3(8Lv0C44_2-V2bK^2HX&^ z$67$fxoAy9k@%C4fdDvhGcxEso@xmKg601+L(|=$>4jq!>(%dYGh`~P3+ytr`TZG@ z6a<7c0&on7CvKn@aSGfpt7iBELNJuIQ5T=vi&Zzijk#UAgRs7c|GY#8I?{ohaKt3e z7^#DWuqgaM=4<({n}J}X0jxw0R>jlBrkfs={(l|-z|l=Vx_77QZI<%tKa+&~3mY1K z&L;BjIS~uPP30+F;aAHeie{zkgVEQ$fS3vkes1 z*~3-=;y@RROT$JM>u3QH(s&XJ0^R$+38nht1E%OyaNtC|ht<-vb4S3lEVQonqTx73 z!5g^YGsZurP1t#%v-4^Hv=e1iq$)sLZ@yn;JamknW z*3kGk`7kBG|9OB)mb8k?UFxL~F#w!63N%78T*?)8M!l7;<6dryEvpjWS9MTPx~_qa z2E*d^R{+3S&Qxna>yI^7WR1!yiXaF;1g{N-<);5T?et%EelT72$o^=GBR#IL>Xjv{ z6XA5%?)9hJ-IIZmxq=!M*=-fpFLxl)8q)FsE#~rGRc-hxkED?!C&93*wZc26942Q&bxFt5rH{vA{<{(?{hK?kF>qwdWwt zMWp46>@no@ee#V-!057GTjTA1iLqfHx8T{{6OU8o(5T;Br5FG%K+dYRaq@pu2W2z? zr8Y<3(0INMz*{xS#xvvn%YY0eqH46b;3$eh^s!|*9{zWqc)j+V4qA%o^wN*vG0cwwId(Dg z2o{2cjXb}7OC(r`mA2U8LM{jr9=ZUH6LG0roS0wjJP?d$_R6s+Z?MptPU6L2d~?bD za5rGO$y!EQm1z0&k^DV3;EBP?B`U95j+lN`&g(UfOyCSi-$EfsBuR=No6LVT;qJmm z0R#(UMJY0C2%87FjZV7qvs@cUtX`&Cl*A<**vyO(wb+{P|Cc$?Dp6CS5^(vE!ftG( zGqTS+>)DAo``!|nkW@Qo)5eJap@CDgg?V)L8l%7V5*U$^B~98uFuG!Q2mV?M`2BLF zzGdxSM0RjtfrF)GJ_^_%Rt|ImO;nRXWA)PniELA0mk8v`U7go5I=L`=W{by>YHY>_ z?@#~rM086>PJa#mzNc>f6C@KZ>x1Hg2l3*UZnsJ+svf3h?Cd434B^T5q&axrd; z#twRV;IB09OaMKJ1S5MQwz%uD4ipkgluPL3HK9CAR-HZvX62LCd3*Jih0Nk?`RQ~G z4+h9b(h~k*A))<}a-6^Lo`(|q+lIR9YS0S~l^SHG<-G#pi0!c-=Yi?b8@p!QSt?4Z zqHkbD3c*dHqlOZ!7543C6=(M_Z-hgWPSLeg`ILP}R>bJ4WYB6yFN9{f%{4UQ>Og+R zE@I-EO{%uiz>|Ek6%HQM?yf(WDjv<)@+EU>b>=fq-s80@wiD+l$#wOsij>J~7vp$q zk`);)kafsBHJU8-{wBbUq-OPFp3f;D4~d8AJc}6|U6O!A|BF_h37`nK z^WgHf&tJ>5iYLBB(iDG5a7tnR^uvVx?%52ct+I-Nx0}IbMqQC!4k#kjMm<*@f=k4# zeb*bm`&XwZYKBTFbR>6m^6VAw&MqNewkTM1-k$?YznKHqESU&%vf z6H=d^I99DNzZANFh7xFnqCVdhDjDZ{#f0&2{U`-3x8PW8_U?2O?b#KUtK@IrW}Wfo znj!Bv)m7N+wif|Ow6k>$yo5ZT`x$|~kUZ7=<4ehqe zCYm9UbcuGAuE-Y<$zX-K`T6m`V5xAGfPpyU4^~D3p2ugQwxB&l*E=!4F%e`w^(*N4 z-Zy(gy2l%5NhO+{h{!*%m*f-{%e2$q1XrSbe5RJRrnQ^<`#b!fdp@1Mw_BdfV&M-J<62o&1~MX@B&0xRb_G(U_%EZ>O|)97s-EkK_}U?Ts46G_44n4m^!y zM|PC>HGK>srNOghp-#zac3!PXY`NaIShSd*CKqvdhfFydwQHsZn7k3-=Hh&JwidpY zU>HO|ULEuGj?Go!KHQfZBQaiUn3|49XCn@67iq% zAvZ*QJrcYCQ|Sz?#ink_wv(rBVmh9asGIY9zwQc4yBE{|#bt6Xd{{oOTlC&%!1ias z3n)j79bV=+`YN z7WzO2hhu|eVesGYq7Q9LRiH%ni>09Nnz@_-d_nBp?jJigODs!$$GIXb0`(g4MBm~* ziW7*~d>V^hPNRizoo*6O!xPx>jO4lt8uHs$a9-LHdzBoC=iVhwLV;QFWXrr=4!&H%JB#5E~F!@hY7>dE3wZm{m`n zXGfPNAwDCsUuV*ItV>--)1gA9VxYRulFXM2q{VxM!WSQh#+9eFPmgN4) z7o5$Zn;HGhu}PcewTrmu^=_het*7a zd(Y*U&mLGjsq)O zd)+&=M+CGuKu^e%p&gQY6Nd(c9QwW9n1jXq;K46cL#9Qj)=^we$Upu))!v_Yu)f<& zoVuu6{HMSJA_>~w%JIL!;m=bLdRSA@4e@`EQ$wePX{l{iG{u?ra)BUiG5SEZ?6j? z0{+Z#?!p!wmB+0sl=PC`Oi<rS~oRwS1hFi%2zkT){+O?%>DaD zO-g2RL~b!_aC2ZgqSe{r+})q;bjDZXX!ir+WHMDL%_O>nN!=O1P?-lbOU+p{&pON9DQQkL)dZW~QNGay{*&^A||Ym5ZB zab6P4;*Bkr)Y%_{VT7IoM>qBVzVSj`=9$5RzxA-*3;P|JU{ka*8Ze$hfAc~B^SU?OTE|omP%-3oNw#qt4hyWutvB&rHVu|5GRqazHkhCb3>{dJ(Vpf5GanaG>+AE}<)I||n2xwU!X4NZW;I%M*f*5?_nXrf z<15S$-4){dEi)6tU2Dn2Zgy{nRfmByESnJ#%-VNA!}s2cn|U5aqu$#fs(d~3=U_G9 z$nh?IFi-3rF0b6krFB$HwX1WQ@0y%USLEBbY059E>lV%3q2(V$?H)PiV}jb)8Yx2^ zvu?K`XTdjlO*hvhYvB3NG&lrxT_*|s%ZCV|PJnM)XtQ~gnl0<`8cbRAOhiU0Gt61> z63IP{1kscjWXTO*wms~aw_oAAVPz|s7)5jVJ)vEkO>=0pn_TUTC}j0l<|n>S9-B30 zaOQhpKh`ebG71lpNPP$)vw?V1yArap3P?kp6P(gyZzR5ZVUCbr{kjiOT#oLi{f!H4i+@Y1-@mg!T}tjAA9vju5xOb zj#MPf$06{T!--DzCF4x=?_6n8${L^fV3LhkNlC$fl!hJP4LGUT3)!(XYh|nxClcV`6pSU< zmrW;8=_cQIyq_U~6X|t>Ng^H=ah%mZ!z3?8=+xAePRDASYlp;jOEHrxr@O1+;CksY z&qq{lLS~hRH1OW2-YOye!`m|-L^cWGusFMM+G3ok_57SN?>=8~t#$I4(sF)dY9M$? zy_d_-IZ}qIE&A#%lWvNF8jYg@(n^5Kuad*9ncTuw83MjIx^yFo^x7l#eFG ztxNoW`MKjdY|hrV(a&N#+;`YL$zDjZ1-{;{+iyHjaqhS&_h~)`bEI7b-&(GL*H7OP zXm0&Taf4w?s%%<63{MFK1>S8Q{PjXMn`LwfT_h>kIGQpnu+y9TegzL=9zR{TQ2Sf_ z?BV-3!;@D{qjLQ4K7WKfR9`Z=FmkP7RY(Jilssnj)~~jPqVzWP(rK>vL2;t6Pboz` z4Li9E+2f^~?7XOy>i_1z?@zt9WuNdMJ>%n3^F5B%5J$PXO<`X(%|Wjk%Y@obo zLu7fhW_yFkO{4;7-86pQ@>K_xll8nQWUPR6GQ+u@tw4!;xx|V0fxVeNkPi`aqmO*0 z_4_t37~-^P)PJt`NqL%H{-Uo@M|oP7-NW_Y!L(XuQE?W=(1$xJjfu&U$;^e#y7|MV z^!>VhRU}9iCo7F=oQoSz(^It;Y~S(#Pn*JeNDo{Su>M)3Qe}AVeyeAg;a}VdnB43e zO)k2jw{O%K&Mt5(w2ST8ZGIB7!b9YV+5`&Lm40sE!1)f=`L(=MX7Tq*t!CAJyhFwl zcENq9RkeLRyK9bES4s@3Z!)7WbX+coDImR;E?n)3QQSyu(8X3WF!hxwSIXdRs%%vK zBIVy+8o-|(`@M){gKsmPui}3#HFhxeB)eIADP!wnaQVcq`0h>K8bQ*RQFcSvmzA)^ z@(XXgy@T@6(v767;)BjgDmmHkW&%Polr%DuD2|Mv(Xovfm|SJSwK(G2_IM7*dw+9~ zGR*4E*v$~}>n82AR@$%K{hNne$~uS1ZTRBDhuIG*ZrZWJc!jTMlDI4XZ3^J4iKvHV zlaNhCU6bE)oHk?zT6rpuP1xO^w3bsPPU}C2W#XTo)(ytDiDtAp-u=>ha;@DIW;@0h zcz*I2sL^3{wqE>K6G7AXm_Lz2SEd6$WuI)Ep_nXKFZw-dybt?v0g^~Py*7>{i<_+8 zkN}+*&Fwj!_N30>i#$M{)IW!+_lkjd;at&*(MGI0Ruta?RsxTxrjI^&QV8`e%Dt2L zYAIDexVie3;oWK_S#pxDm9kshK#Lo!iV?5s7lr4VTa1YX%}bY4}J?5;1< zZ7+s8&We>!tXpd(TDwNn=J^afA)z19nZ*as4EI6XaFyr+wT^Oj`)2}gwnm(7%@EG* zk8kQ@zZJ1>q)fx$ZA#O{Dh0@1Cj*tofj#8=&G(W&<8e7=gJI9==7fWN!e%x7H#1*P zUoZ-nlP-cy{EjWBHTg?2?ykXobmC%+xAn`e9jtnZ*~|_m!d+?Mo|e3G+SqH4KF}9ut{eWN7%h^cY2>;^_NO=%HJN71FKLrayZ=iUuv_;2sx*^7 z=fixrOQ>xkV)O9bl0}u3hNS5ALm<643(LqtU}?X40%3siyOtbqnUjE?l^xWQvHj7A z3k2_-Dn7VetW!#hQeFbT*=Iu)n%@jE@Qmnp?2wR5#9yrVWKs~os9mgN>bx(;uXC*Joid|J`_A;ygO908Jf7q-qaDQ_uV z3R^04DBC+BzF1UpRtmMQ4KkoSFNp8VZCqtnJ>MQJXlfD&9lB0$?!9RBF;MC8UaI1G z^RL{eimyEm84Ej-wsw5>_VK1Y7)$Pc8L=(QRzYq*5YEM=lr2D8Oq1oP!UdneU@S}`LwFJ51e)h{*b z5|GE<7Yi}*-}VI^-|m!wM$@O3ypI+wt>tEKO zQN0aF(78O=c%?j@cNje_r%ESS3Dv8yF4U8W5-+_}gO(mBfX=fR~X=bFjT~jkbiE1TCL%NO9R0#FYa(4lk(RTrYR#Iq;}g0 zI&*h&KyhLXLqsmg(>v>ZELS7nwM%+GBmb75xjZm9$?9;n14T+_K3&9K5!&wbfWqpZt>b4h6Q8v=pliq%Q4W<(5SU~!;8m^TPC#B#8qbO z_zT$+xGs9X7F5ms3V@c+F@laR`S&Uy9VtcE5BJy8EA4(NDjnmQ%f+jG8Bha}4Rj5R zs_#DoC!{f-fMhHuOOTiz%U0d1aP75aD#3suWCURC_rBPVT`gOlXcpA8Km8&0kk9>~mekWn zn%K*HvED!v;18EGdd}QnDf-5w+RbxOV}V>{uMC5_Q0$ucha8PAZSdpuNf6V?y;Jdy z2e|HL4HcK*_ZzxI(`q=jN>r=DWeMfSikHbA_Zc-&qEO@GGU9B6!!lMR-)x4<2?!SD z3Jsjng-kVs#i%^4b%!RUrYd0IQ|5{V++h+1W@QI%laufBqUfC`FIQ<0%`BP}4!Kw4Tvx+F)VQc4Pwj!BO0PNl{`7%;k~Fk&=g#76xd zzrVlW`JDT?&wcK5-Pd&;YQ35QP@!|dWY=^jm+40~|Mf>DCiP6b7HzMyJ66gJBj2$HIfsydEFTKdPS_1KduT^x&tMn3)U8M=r!-TobC}Ril$21*gng29Txwt^DF8SH#7k#-WE{HIE2m;Li%L7R{E`92Q#3MM z4=Jbt!8}wsG|%Ik^h&XjQu&l=B%k71(@`;zn9WZXX+Jl-QNn-ILdx(>Z8mZD6!d+q zCwOI}J_XMQ!uni_TLgB$k3)jU;&-2!g_+Q$IW>vdi8{sJ2_gdWS+oA*ey4pwnA;C= zZ)C?yD%N_QDTe8`#z4X6YbaL9=Zny4JIfq!5Mm5rX$0dhO`aPcf9+g~j@?-P7)j+` zkKruf(vALD3qj*!D$ES}9#g*|h`qBR92^yvp4MQxw&-`MUU$%?597b_fQ1dQ5AfV~LQC4*YzjmWVW8A|8ew zYv@(~WAlV^DpmIIhoXK(FlWhew{HtT5PFbp4Btt z1c{2yTw~_%REiCW5|gp>@!DVN4LRw!4#Xlg?JV(X*Y9JCn)I`+g_PpmDA>5ePj};R ztpCn_2#{pz@(Gkhm~r!Qn^~>Ou_KmrY09Ez_hpLnqd7M-ssv9vC--I&KLF#jWj8Kw z`*mifp8Zfd1rnyQg#26d)Y4IObHK@p`Z^eWBlVLpdD*f4L3LQiQ;>po^w?2TAc@Ao zel6et#WYg+$wcqFfbV%rOpoIJEaT1ZoPdzPz;PBs%$&K6X8rjCXa2bfK86$Tac!BC z4diXsD39RJ)z&a7OzG7q+}%fINtN+OKV3Lz2;b$lm(14Vm(c2X@sG>_HdmkB`SSwF zgGgu;dCdqjeAPDn-j(`Ww|}BBE(NVH6dz5IrBWTw71= z(KYKh-8{AZahE>6N*%K$2T~PKIw|>O-vGxHga+x{vgg>^jI?x=$*^!1jebL*B0Qq{ zH3l*&aoh|hc817tVT^-XxKy}r=<)A6_@&9FoD@csu}&arZI{F@?5N~aE%l2OT~sOs zfFC0o^pnd^`wfBb<-E27K_i*(9HEF)9#F4rI{^nVkN0_*D=%%sxd>HdOf@tmuk_pA zSsIq9Z1+_p&xwI*K3uSSB#~1F3X498}X+)#i6HgP~?|K!ff=Npusd1`>_UUhU&vB1{r~w9jqZ?vzjw1 z3wAq4O+F{zQFP`WBS1G3Jqua9n2O9|%L82W|x3$(NQs$^77dz-OKZ9y9n^P-Gkv3u2{H$ z(&Tq?3yN~X&_5Q1PUm2o-7^N@gF?;T)_ioG=zte9X4EbnBrfO|?v}9knxILWce4Oab!>m+(;|!3;B;fjd?S=PO;O!+ z!TNc4v3~O`15?Mamy}_~C^vpt7yCuGWo)OSAkE}%t5C+$t=4lkzu%8$oJ(9PvD&AW zw59an^(p|7?kxti9hbnapOqPg;+TT=khHL$EQ%k zYnHl|(Yshs7|M9R;Sahkb83#l;CjpDzy25dmpZD)PrGH)J8rsalpip!VQm%HW;)q! z@iTV5@vluW&;pDEP7c(^eYThYh?rx)MuvogU7EG~C%I8yg*D2%5thZX^1v8cy~t~v z_WgYtc#2A4(jVsG(MGw-f<&3ASJRp7BA#nXp_06^kOE}ktNtFvacdvx^XGP!72LM) zF=R>^MaR>HQx1OE21Z zLG5_`q_TNcA74zy7IY}MW^QLQy}V2hw267;8X2OTdSaBsr1Ltz*HunS3RI;AC7GF> z4j_d!2Cpi$WEh+5lrhzx|Jj+Ywzko92MPEESp`+M=yPCLUhJ^%AVf%j1jBzV3%XMW zk`9;Do=M2T@kyfgzlBGQtlizvZQb9*SzeS?9_d&lehtS zU2AKoeVheZLaz+GWWS<(!3GK*}HkDZO*|2hL?g zv*R?8e%#TJ>d-VmJ~g1_r&Ga6f&wpsCI488w?JHB%@h($j*Iq5Z#ujpn&z1(3kvvV zqA8`?zS_H1Qs`#*cB&TdUyJg5!?sEu!a_PD5#u6nH?eNe*Y8Oa4W3_U*uZd6f;?4= z&$d4zaK*84Xp9{K|1X#yVxh4+{jT)0*H;9e>xdoGHE&k8RPyUNt@|;V11EX$gRe?; zxFPXFB^b}#GV_Te%-Er><vo#xiF4q@3hgfx-XfNGR> zwscxlJ9&0t7~`X-oY*?8I%qEY72A>T5@g&_thD`DES*h{KRDqzvIx>n@_uF7>S7XW z%qw&i{yC-ev-ys$7{_Pp|GcBC=J>h2)9TbZ>@|{ksv82RfI@8#zC0g)x6v3!b5Zm2 zcQbL(ZNh;|?hSX)q;>gEoT42lr`VlQXgqb=Q{SP>or^IzOmbLKwS5iLf0xEQTQvlm z+?{MQ!t5sMSK;txDc)Sb_sgm5Wli!=_D0zK~F&kgR+nwUNdcQ&PlNhCb=R; zsUaASNlt_G`0N8LOSS;% z*J#GsKUM^j)6@5ZN+n{1hu3K5>;y=aA#nv?i~b{9jS8l>ZC`;b`Y)CkxAKp*wKF;l z?;MDDB8{UK{fDbMhR$F_{5nI497h6~PyKzVa+&(Q0>A9x^!1bdWeXcZAa5I;=lb|v z%qE(5;z2zg-PnC^-e1`3V_D8elpP&O;F?K`l=p_d|86K9rbTPUHAObaq`p}Zj4lj- zKQ%C-VYY(C{OWO7Z>;bBJF);P-orTYcW_X9niXLxK1%H-@e%>r;#}%>=`*k2J$1ST z>I;ia?s=L}KzO2*gQ@*|>R?AO;{_zS;hm=5pfl*y45b=>b9CsE&jE5bK-G8Q?gt6lDkrUP|^93Bhuh1f6h|Yqq`Apvy#%TD37T8$+r|+lMZ;9AoHcx@Jh}5j=(N+{YxHMQe>0jGhxRa=Vacx2Dao zXleQTPM?Z$X`*B8-amgE&9FogvXd=gYn<_3MWv$+hrXd?)aaaBljK4tyiC^t}%dRl{?Oso-2g+xHYN%>0V-MYu1sJKr3d@STg0Lq!Cm^D@at+W~9kjnP;MUY8*K{vQkO?U=C z9<{7sOJzuplnxsF3$*lJl{0+G5-G6XT%-#1ZEtWH+)>jZm(azHu)>b=C*8VR$EFdKt@BA%}PQ{q_>Q+d6glNm0yt_2uJT|p&@gR znA1q0yWS>i=dQs+E_T*O^H!kVleqI|)$aG&QFM#%b>cqS#a88K1a5y06?vU16d&0r zNZ8#n8pKoSqcV9p9x0B< z`HA$vZ)6?`&8x{At!8tyriiw05rMe=1T%3zSD}%J!G*K)dyqJYXuBb_ck ze|zq=lsP^ig5};VD>1dNM2%lJ&j_>y%h{o?nI!odC;wI%HdTr5JmYB}U+3^I-`OO- z84b~S|C*nv&7S{U#EJ4;`to7yf^VPx&}#PA?ZenY*20g2=9PX@!~J8z-34Soyr#iC|-AWh4PN`gBaQk+L=ASDYZm-LhvG=CB?%sLea^Yeca#`3Z zwUYk4HuthDh+jFVtq_b35;(bZoG3Z}tF|5kE-AtgjjT~>{&t85mM0U5ej|Q1@v2+ z&~6INTtKtE|DYaTlObC<_Kj=e;$r82T5G@<0Mk^S)S1DpxtK!Fd@d?*mWIxmxSpCL zPRe2CADu2Y%2)1{v?Wj;$#HTDt4F*KNNc z;UeXo-W0A}CZ&`&2^X8V|e4WPRk4daKG&51l)b2@Lx=cnDHzd0k zY2$F_zR5rPEwGo^GG8Dz8c?K5-2H%4!K2bG;i8H)CSlh?s;A#YGO@^AstuV?v{n#v5naUd|#Wo%xPmN7MQ>Pg1vIN)M; z1t$>;pXgQ}M`jhEJm)DarrP{G9gYsuscYf&XzBKY$KEWW@v3oDIG!kceyiO;dYYk9 zr|}DOu~sx~*F5|J;kwY`aCT+C-bp6e+=_6KIBm~xZ|SuLv8(z*I9(573hsTr`@M87mg`E$P_J z6zuj-yWa{=T}(};xu5zlu}b@ezoj+H9o>w}$ev>*`#A_rFg3@jU))jzK~0qaEv?_b zhoe&O2=o8KP964Il6g(3YD36yfHk~`f9}}fKwc9Zib5E+E00E&G#^yG=y2@_mJ{}i z9`4pC)$m>y2Yhs2rTG5`6apK9wB71NNkGCW2rXV;FcAV&~6pNq=S9$jTOa=1h}c`cdwi?*_x zkygMQ@D|NEz2F>x3~u5LdDGfxXJy~6zn&RfW4oT#p+314#0IJWePR5 zi2%c$58q=x`P*+fZ&Fw#*KFv3;9P<8M0W)3)7;%UrL*QEAh@! zeRS1GHwm7s+nL0fudoI}48X!sAd-Qj-x$qC+Zjuc;KhB>O!r?ctfj{UdVNoVyK&8K z)$jW>ra|-D=?&XAhvvLx^Gz47Y)l~n)_|Dq(CC|Xuxwx#q&Jw3i z1%HPCn}0T!yr$3)*>+TWUO`cdzDjcJQFCMyoKM(q=h3g_D0G&Tiu6UbHe6O8FmR}g z2hbf__(pGv1$nL1ZE%qB>%`8QD(SH!`QuuSg;!<^q~U&YAt~d&78%-xY74Ij>FM^y*92;x)qGIi;b*x{k9@xD?uzhoC%!T z+27cOnhwBjAU3w)KPVe=e<2!t_SdT8f8H3Fk;1GHvHVKs*~}duxaW^5Y3EmUq6_8v zyid2YpxD;IlyjhFV*!I350gk*)^{LYS$;UYlASKCZ3)Yx7qhUdI8neRKd;@GdPX`} z!!Pwl*XZ3ozQ5X_8eAl7H=GZYzEL{4vlj-XhLBSnOnWDgfI>iJ&xshRc$uSVxj;3* zSA!terfGbP%8H<2F5H*p2`)Y{@#T6gD+Uh@czPgVZbK*)b1t;n)Gad7)R^xlN8Ibq&u>+qHSGu_i7aMg768MS z!B5PHZQ z&CbU&VAiC%&>mn!Yp}$Inh#BDoH%~7s@u@289WnFPTZ}Sq`WTi9U0K8^X(}rQp$?J zGE{--8DhA1n>%2n@qT-@qgTdDtQhl4Q8G`m0nvHS(%V#Zh;uuKEjnJUK9xf=Shqyv z&{%31GtP@}82wmU_ZUy%qDnGImv%F9851OXwAHjXR2KeT&l}q^{Uxi#K2<2mBatY7 z_U^>a6D>n}`aw#{M2>nzPub9Zj&Z=vtgriF`P?f1y9K_y6^V(j2FT)G+&R$&3%LwD z)GM2VT%`F#7r$CJA$Put#s^%PDJ4#y6T4%ETt)q~_$3x_#DimONMm7ZW`~F5Af7j` zpf!{2z<)8Wacaz5tJ8{bCGyHFK6EbfuY^+OQxjakFAJ3dYMvoq4P!BieTHIao^Xf3 zt4J(|mYFXh%4G%0-BYjHe+n`HcXNZ?)=aKr3-uL$ozI=~%Bi&;qWYJs~L$R%} z-Z~IJYa`Y|#z7*2aqtKMEsf7tI;|Xw$OHUKe3Cd>@+PCvC|xtFt;*u=wmgRC zkCcYJro5{Kdc8S?lUV$p2J=bR{A|*EkZwQUAaD&wKSwB{p1}FN47WX*JoFe3C3&3h z*W``hrRje+g!m?YuRL{r49z&x+fGjJVEk(BDC+>!ZopYZY7ikO72PsU!Df`wkuY>q ztU3Ds7u$((gB_VY|)QVKFjXbeCXJyj*%Qz zORSypzS}qN_fyAFVEgGrs(+#~k9Of(EKSbaB!*aH@32YMW;O9kP1sxz=grIjtmj&r zjwwGTxbZ-Unx%TECY17N)fp#OTQ3nNIqKQ^#K2v7a(=zY-(bu`vqkdgXlFE zq3Q%Oeu=SE!(}g5Vx{*y4D}auc>WDnn-@{5XRjcp863D}%v62!#5=Vmh3nAxk;X3E zCtVwRWFjwfkF@}l!jb~UDy0S@NGioX#M>p}o8Lr8;!ZJz;!bf1OdVSSzM9E<=Wao#J#MvJ*BHn1x^d^}A zu$=Ak1E%H+5gOBgD2hs1wW}|`kk{^Vt|M%aG+?YwYTzD@T_3vojHzQupxu-|YOz#K z-mzzZodH&s8n~X>tuMIo^zbei&3Yi>E_E@cC~oiGMU&omTr;m#*-%TTSN|nyrZLm= zld{__iW2p7>5L|_G4R^K)Mm+S`JkpcVODZ3v2EL9+tZMVPe>KO{BsFcp|42)y0ZzB za<`K+I+(v&mxu;a|IJHTz(<0-1(5BKInEf+9-stPxphnrt`zp$w#n!`W$>S}dlv6bGb1Q2sn#8JmQz(3lDznuWN>N2(>z}EB|l!a`12r z*DRdvn&t|RnOzh%sbFPik7X!0j;n<|d%x~lB4Cd|LM{w)E+Z;x((mD#24bgQI=vm; zABN82tSR&5o&yJiLwhf77Em)^xF z_hxItBVnzvJp&~EfHu0QPT=8WRqApb&mYDXKFyAaU+*N=0^#+H4m*n);}UO$4^!Jh zZFk#V4AQ%eBn*a(4ul%ve0n2U3v^j1pkr1fWB%cP0-wcX&uvnc8LH1LZJL&@7JPAn zhd2EhJXo2Rm#d+9>0cQFPaP;?SI`c z34E1$267k=RKAl$559y6kPN%0Mm20GM>JL_MxZ&u_V}DluM+~V$s^6|Mr#6P9Bn7^X61(CEx)f^G&AfsgT*x$ zk++ro!hoe&S`pM+22V@=@>-4oshQoOtE)fymbL3cRr8J8J&KTJO6tEhRF=}pX1fxH z_x@$|hrwG;xp<%Znmb0(gV8#>$zZdbiO9;afgX*zcb9(You?v0)Bc&cVk`w8xx>_e z`Nz*LTx4&)ZgX%(ShY(6(_>lw7{=XH0a76*v8YUdwCKe5YBPa(ePW<{ed33eeogQb z-g^b-IE_Yo(noF&DKSziyLdsLOQ-ruZXBlZ&$Dq~#}*VcH2|3UEPHYnTo@kcLLk%T zOdUrI_1VdqNs&8uXRpGJ>0dHQWMCd>!QcF~$GYGG3%B~+VEISoz?C)z_NdQ4D1OzX zM^Op|O>&dg3@#0P^uYZr_Ag@)0Hs{eq9&>D6&*K*xoI=by3SJ^Vg*hN)KVNsKcnmH zvBv4O2MmxokC?|(9GL#Ql*PM=-K$_Z-lT{MSv4%pf_zfMb|MplXH+uvRXM-yWP$aU zT=cQoKYzz_xt*30~g|O)lCJ7EGy426gL=+G(hEt zZOO-+ACIr+XDEe51m@b3$X?g)MDtJKQ>qj9X)>DOAk*46C;28oC!0c8~O zG4DtxY4o&!qD+!kh`RIDK!IHGpKmY8K4-Vdf~(Tu%FYGH%#cJfmzUTOW5Ib3b;#Hq zD?%G-g>W({$F^f1mDwyTto7tj6@-TSkac)`e+MU42kIU;QD7;|IT0?Ip z!KV0i_!Pd~ts@CGbp~LJ-dPQU!#F1@n4Mmwq{JQ4k@&alcS#Q*m$auKa+dF3UOZx%h1 zSa+K%A#gk9`K8d|JwH(23!mDFf(LI{xZ!1dhxeDP*jAZ;(Q)x-NQZ<}hKx#Uu6)jq z70pW=V}hs^8V6L4j`c9>Vpv5;*G~ER#ZH=~;xL_TAz`14DD*0W+U?(UsTRjOg{ZG= zMh>8yx*m(`G+yg^;|;d7rqbpJh$@MddpXffUqI%OQv%S#yWmU8iLAiS9rwW4pcRP? z0UJ=zsNb`oQJV(_8|~?~I~@v?=yUn#Frcw>Cd@B)=$+V>%m?4Q2DN(fG_`jCX8f7e7j&L22RtOyve zK2qOhp9bRM_iw@?iYq`1G_yx2K^=G~XG%fN_7`tMq;oP?=jL(Q&-&7wU5hnjBATje zM9_3;pcfV*eijv13r;kjii7c|w{(_pi-&`WuIdnM(8MqZx$`2HKtCb0`ITsU`yQUecBoMFXq zeNEZNY9&)OFcIzhC%1=iNY)%z?qMAyo^pN8VzcO%_Ga2mL4CW# zw}e4jb40vC-{{~9rCL2xwboHr=lcV?f`iBCFM&TsYuJ-soDN*$Uv%Dwyf|5pSj`PU0I3`#7wg zOLev3I{Un`sLBpQTAT($$SPE4qf_%y35s8>NeeFWId`fw?rRCgu9+py&WT{cAGqUu zU*w!2DOy^~oH45^UAhq)Kj#|}Y~p8f|J=Pqb|tL8>Yek^Lht!?HqHvm`C3PIAZ6|* ztOEXYi119lzwUy&U7tNYr5tn)8+ih1))=TloPxPcaV>qZ;&RvvvL4-?FYGGR7`xALbiBPH1tnWL~x+~aw7+7(& zz^Ph>u0t2OyN2<+TM3lIRvMsc-I!UU%Bybt65W0vWZ)|NOHwLp5m%}u$rtBm=F?Ov zX?TA*^{UWSLH3=*pMc^(LNRNNt#F_ls<(1G;HiC}G-TQ%;V4@u{p_*TI$RvC-s=>P zSbFqFKjeqw4E1H(B90TkT4f~aGiN|{9lNmcFZvUAAoQ5mtRGK@@XQojxeHsXGtS%v$#$xq%1C~je?;7O z5n^Sp{P}Ym^A|}U&-)x;ZYKTa!Ho!rFn_9aXMRjmvgZ=r<9Uhe8G&^I&&$Qh`Aysb zqOeLq4}Ka8Pvs~G@4GEAf0b0F_Ail7xsIO18mGO;Gi1phh@I2>@;i|si-mV6$Z9|# zY96FUCvya%+7LBml16JG#7RHCAd3gj7)nF}Q$*Yh5fVuIjfQAL*yYv4l6OrKU?N{K1>F^kls%J8mvt5jXQDCHJ~%SZI}ncnSMK^% zu2YoD28KQs%R=;Z&4)xuXq-=FA(Dmliq6}tMP!d|LZ$<=(}$$g3i{acd=9jAql;CF zTAEaNwA0U~g5DNy{ovJi9WkV0sfJwvvi8^=al&(ix69!_b^d@_d;ECe#x4B3vR35t z*kzF^EP!lS%QCW$oxeIX^c5$o)~CfKO#R;9pQSYxTUujVib%OD4wrh-Pl>MtqnA>W zZm*He&*Y`r=&MlLGk(1$HCff08~28A+_W=6kpUTv8U7z+@g2J9KTpk5Fvog{?;d9U zj9x0fY+D$I9%=b+MpqW=16teVK9EEI$45l1-;u;csCU6nBa*{2gB>Rxlu`EkOvzu8 zk4yh>)6VkM#dg`U6{=%29L7ZS{{#_b?E^>4!&U&aC&3lR3Nw``dBMBZX-n3_p7EQ;87v$vUQ zRv92O!Sc5MHIXlBbyV=Jw;uV)1OrY9*?a86=Zz=J`>S^>+4W$cy5+v9 z^M*y-#v4AGng@X=-Rh2#qG}Y~4>}&F`D@K-0V=owS|3o5Q6!bj+4mUiMes_WVJQEU zwV(lW+oB_3f|E7JkzV^%D_*Te(cD;PiRTnU;V2`T@Hjld5p1cR8hBh_S9G4qP(T^{ zGEso^j;VTwr73;$5i3W{H#H6M^+doncs}>y~1I`=s37WbZg;x%<#`l`JG2M8^e5WR}i{? zM-GEG=)mZyzBT>MDffM(R35jVgfl@8YF?1a-l;w`T`o?_s$nQjJEP2Hu=M_AvC*)e zDncrP}Mm+|E%~kGNBJ0;VPMM3opyH3tc0v%xP&?r3d~FWB&_&JKoKD zVd-U|Y#Fs&lMYe;{ytiOL|uZ4mrysq=h-7UfeTl7sTSP7AzZgT4GBe|Z$((xjMyev zO{=a1H@u4ea%#U3H|TYM770aZ$H*wz1XL9I)88qA{*rj`0PVPE2wx&~G|;GXe} z%|ac#S70-ocA7BelHdyOU`yhOSvUk+He8D72w_!zcKz;*pNFvKLRVh%a&G0$-aaid z>^i#A*k{exP|QvvlX2D(%IM=jS-$;1o~}$TTgD;hK z5B0r?i*xmyEG?$oLipX^YLRXSPxz(fhxR6r#a{%VJ7$QqfC<^bqNR9^BF$qZqF>6j zuD~hgPk*XVMsTl~bfwlsy>lOXlQv_xP_l&y5)2dP^hT@^kk`Vf|$o{L3 zmm7Xr!9r@gACp~i6`P`c+ws(K(w{Z!uYRtpYIcke+O}ptRD!J$ryAaHbeP^abRyG| zWxZ%=;FuA#{qn06K<|_dxw;*0eIkEw_3#>Ojq&U8=q=>Ac_z|nx4!b0&?7;YesXP{ z$$e?3UfS+ecqkPsd%lV2h)V*J9&=E-~|VPLsh26csk=Wg;-_RZw3d> zJ7)fuC36Z~6MnJ=Y*oqrJnGfLBuDyqo#nlDqI{kjQGOYvd)T*~qqB+DsTs!2q2<)d z0S*FJ-g5Cq>bXAm*~9a?ErxBWL*{TdSs-X?b9_1@udVXgj|W~gmltyAjVDJ_z$%|= zcIg#?0>4Zb*8UFQfw`y*`QR+=g@AA)UlIrwNIF=~4V!>#B z5L{1@<)GpD#r6G4XnZg6HsE}f%veB@%g~Y{9Cw9TmVqr{0X5W~bYIk;o45`9Y#bjd z{|3r9>HM*WlW{)UW@JgBuRd$rdO87W|58Hx8j?gVFZ_NxL(?wD8dfRvD10M+2I58; zo7WhM)Cm8ac(PY-R}Q{R6Cn8Yo_B3f)TKQTzgv3r5h5yQ*mmG^Dc zl*NZJdBADi1|YyCGaGsguw8!5MaR9|msq!n2M#}+>-=GtRdZA&g07&$*MU45z|Bv4 zv6fye=PWeA zrUb8cWqrc-j)tDY^sJtU@1YvgS5zRunUIvHTQt+7NHqB^;9oxQzBs+R0rOSV?j{)P zuf-)A6@?(2i&N9jtAA8n#`&Hv6nE<8594M=B>X|gKh_#f4TbgWi4mTLuu2)y^@%ih z-SoeNNHbCNMkhJOSz{{WY)!5LQIhAQr|3@8J(XREGDS-{6R4LeN4ic*$L$XNW-Kg& zPkuV5Ngqd9GKNI>a9F-CbyVSaRcukZt$7jZI#@hAeZpM-nD$o@h&4Wyo=+j)(#IB! zXGcJJcoz_aJW>hE^Z}oBgG~1F*&9#GexvM!#7XK2 z&&EBJsgj(9vMjjdzFLr6uZPFXX@|az0b}2;-YAjt5f3_8HkqOCRIsG>&V*+A+q#sbu9DhlyM69Q)7e2Y}W9$H2B~FV2{^5R~+Qq8&8_P(Mc^qCGyd zly(l|6d%(8Lc0P%=HXYqTQfY6;Kh!?I-z|o-symkw!0m_J%BClL2XQ%g^2Dv+wsV1 zCU9SiT>wKamf1?zhpNJf2A7b|zgz7VOWOS+S*@?spPy8wzH+nbQL(vF6pDGJ#W{of zJGR0Y!+;6ZVm!u_clk~9^lpQ|QSal0m7J*yqkwLAXA!uo9UicGy%KaYAW~t)PkiZ7 z$~}JdZ@!Pd6^FBYuw)y4=D5T-c)MrtB(mR}@Uo{p{FVP65G&|j`M_;86(?ozqJyYZ z?=X(CQcgum`vSOFx-*k>9PbB(ZBWx!Na3#^T6&wL2ZlcTQnPHn?0_up`|+A<#si!L zsDC=vtG=3`rNKy)_PoCqkWq5JhYzTtRKJ(ZQ(G3H#=FPedY^@&D77^>vc27^1V}nv zzg1jrbC5(OVeyhroIuZg+S$RKkMUgP(ofWhQd&AEv+s0rJGXR!?HbH%z}lQd!Kaan zy*Qb(F}WKOR}#CZJ`p~R>)f%+0m{8Ag$kHh0m_O>;9`53AA+WW(cHzaxmu0*g!2kd zw;kg7QpQ=8-m%?rTWph15%swYJ_1}gS+IQ$zHfr!Xn!w!X8hopAw6jBwtuJG?trnm zi)itH_MycO&o)q}{*tv(&X|Jz?t$JwjEq^M$-5=^1m_d1tK4qU1g?9P?RLRlt=Hl4 zT%FiHqoW|Z5>sG*Pxm;q;4LAxkPD1`zu```RU5bHB=B+3>3M>BLn@y-{#o7mG$j3r zX2-?1C*(IhIud0StFNsJ^OkM2&-!5Wctimwo-qqGm0ps1_BA%eo|w$7dv)r1_h2E4 zf8H~BbxT?aCdQWY@4@j%QEE4zD5>SP`?xc~)#_-jc%!JCK{ANHoPpvTI?IYk@;#EI zF-dq?{}SJx{@if+hSal{EGdul!%98BRyeu-~4P(%lW7qc+-9Ac*YbbROL!z@`IiMc{lpZ}0qQRa-R;7~uT&rKZb z3Y)1#HD(2+nhZ&59vqwHa(6BiO0@Fp1?lAOwkimcb`czEuu8_D7%rlj63{6sx=k=C z?uw_XLJ(|8Ki`Ahq*T1aQ6bV?O2bN)E$Fx0s2L9QAO)7e+Tx^i;G6?- zX$Egia_dS6l5Qk3Fx7I&GfAtQZAyi74njIszR8SxSDf%2(CKa#2ZXD+rGOV6`_p-6 zKtDuONNQ3;vvLXo&|{0^mi7mKGzgcUX`XomP5%mFcyjco|-GH9M4vHyjAvJSo7qms>X!IIl5{a0DA>spznY25`pW zikkNwa{*)B93ID7c!m`^%gSRK3dg=Cp>)d&cW%#WxF|h?$4bAGro1w%F%MzIYHxkqwXb@n%!8Fvk z!d;^^H#wisNlr@`T#gY85_%Ti0ngOjjd(d0ZF7o2LJ)(r{-$9l?N}-8*g}p$dr#@R zt|a*6DBzca5tpmTG3jp9LpCGBQP_rb053!q>v##p-U5UELT&F|jv#z>;0*Ze&C}NVeMO7-^ydd9G9KXdMGB#w|_+^cJc8H$yI+}%hNK{&;yq8ZV z0*|CwPp)*@fBd3_mhVVS-BPxcc}(&VwpuS&Dqb|i#%Sk!|Du9F zEmmJ^obCWy&*_P z%4D4NPirt#pK~eoncw9g9Y_fIL1}aTT5&&)30n0K;ApEp&Nli5yiqN#mk>Fx#M)x& zq(ES;=$dk}YSZ<`2H@3<{VT=s*C%dMpjnAx)G+un%?^A_xBgq4jw8SNHbCGhh|kbY zDVcVvzxf&9t#NhXn5kf(cKjWs8=-bIVSk@sxwPi_AXmyaL_uy|k+>!M&qIxYST+B& z$a#Z!%{I*Y4XYXDN{7sqn^~k4ejSg_XPT$?C+<;zq~!%k#!~#RqK#F6xm~~RDe&J$ zTfN!w3;sI#g@Zy8v~WmArGTp#>BkLcf|`i!0Y`e%a>@927Q?A-!0Ol|CSk|pxn5bd zyPN@F(Ea{{n+oS-2~##vrM?I^=VA*==-w6?nhDaOZ8mMVWD-sH_$GD(wq{el%8~>| zTd&DE3nVNS398$R1kD6L5=|@Vx%cN>u}2nQKfu6pK7$@N)WPdhHz~dxBQDxxa@iq^BSX;3bm?7FJ4dP@#)8zdlk${j{!^mG^5oCZzy8v6 z=foPmv=_tAlUTbHuY9H9idPLfY28Ojt$b_Hi|haFm;RiuV`YzDU;VSvy2f_rl52qRML0F%pUd56-z*!=3_7lauSoW}V$Z_M zHd7ymQ|rBuT_6V#^d22fYZ`9KFDgFpNbwC1SZYiQ`sN=s)@H%_QmylVa8TozjYNyz zDu9+#%0kDieOoCodPNHPZwU#&Y<8EVM8)Bk+9v*c%*&{eABMmz0Iu7Tavdx4#F__I zH=}@ueaQdK4kpU|IQw@nWvH)7G>U=mCCQsV(ue1K@ab`5kYCoxO#&ZKB>Z2FZKu=I zVlS-r1ts=rN_T7M>z=JdY-J+p$LuN4GJDN1w(dF6boZD6m3&p8-3$)5-8v7qrJ@;w zh*HBSvme^w`Ix(iyyWd9Mu~Hq zcf`ROlS;lTewk6riOG{ul3tCAxNeVRDG0q7ynx>5B42Us;=2~L)~oFs>imHbQz3E( z_mlJ>!Efj9rq}N>7Rw7FtOx>r@t?e=Vw=is&9M|eWOjo7;iXK~aZN;x4&M7}c~)Nz zR+qCg+?-JQr~eT&sSB3a+@3A9=+4|;*bHc+RxI5x5#8cNGcgPfgtj((*|NTvnIH)z zRWXuzVwq1-E_n?Wi3+%BglLVDM}YXzh}N8HcS(L9E0Bcst4!x#rWvR9&5Z!%Z9lYr zpkh{~k*}7EbuOj+{lBsm+k^Ra*Y+j;x5ys@jd}D=2GrW*(11V3CO)5lp`*h@y5iKk zdH)DGakwXNo~}QMTJ%d=-Ra~L^%Vu)aN3nHOW1LAC_gb$cN_MTTrdC^G#4DaW&FRA zt~-$G_xr!EnKF_QxzAwtSZM&`Bmo}r>LE|EPm%E$+@Jn#2;o^zh_it(Pe_4yeZlxJcZ@MNDxzh@!EVA@t7EM?eeV#OT< zIpO)g$Ee--4nATJ*tJ;T9`D1y>WSL_vwL25{_V7R0Y|5cYUY}lPq6O}t}9PC`!B>aK`0>ydrdoE3T`>`_tp!Qwlw<2`UvUP&g<7phy zv`n1H`3-nS-N{V~xY$NQEm1_8i?c3R9YWe(`pPv!_SC5KLnqVv8R9zYBMF!qaDB_+MR`E-T z7AOcd{NDsxeK(lDhWG;d1*{YQyJ{DP`WNX(^*S%}6Gc!%`*IVuPgrZg=+F?h#v2PH^zEbPh}kdS5Ca*qEnqf#ng-+0jC7Dl$uXI=h{KFrs|$! zokNttR>2cz1XI`SU+gjW2XzU@6EAVh%3cQk(zB5)bVSqGr2L??ofP_WFnAft_6MD}R zJ$39?sdIZg9-lVdd0IG=P7jWhMK!OHWd+4Q76X1rp_5U2Ro1%yom}{ug5*#8m9(>&XE%hQkJa-E-4-v>5Lru=HKu@#ljgtTzenxzVO%sFq^fM5 zb(qqhwf!!n%J8E~(;sJ5rjgW`cESli;z2a;2Co~g>UOSowm0n&``;W7jIdgIFrP_s ze#r&03v7~*>tmYpF~UV%xyxkM>0VF7*7f{@%BLnvJUWH!21E53Nl)gNAEct^KPAi( zu5UFf_EKNkn{$uqER(Z%@d1T!uirgtKVB`YBsIvNfH&I&ZG3sIM@I+WF-4n0nYSk()*0m*L=+HNiG^PXLUod@6>?a*uC`bRK2y$IDgia~Mk8iaS z41i(NKk4NaiQHuf->9GQn5w8Bi*U+4l>XoC@KNCC(TOiq8^MX$@id!l8Kz?7K6ZA% zKW*yNJW1dN{_Eao&D1ZM(yF?w^&2n8RJNE|;j}MRn8e1il4HlswXS)kBxwXCvF5H! z501PiPO=>a!AR~-MaHwv`q#vgecztIPU+~I&QYuL2YtVP!v4fUN9-73&jChuxH@@A z^M}G7nxB4aX-#P>qni#TJm+pGCVQEax1u1Z8t0p!!Y{8N-;cWwQeb~(t30ghCpZ-% zynRrq^M{?^>{UB?$KOeBKYIA1W$sxE?aAPtdqw~I)p_qfp%t%WUsY(c=JNNGDq0FW zdkhD7QvmXUAndpcuSYC)mpv8nX3@yp=Xrq~Vk~0)$iZ8i(s=SAqjiEcSBp+!^pI=( zX?0WYN|)b>M?V1u@wlqW^gCeY14?NbS)ApBiq-*W4M=8#2{kJ8wrb75ceh7^W^;OhvvQ^Y98Z&qStZK5i^pM?RniS4}@ zSy46CiZ`tE?P@ScGv1ANqz6<$Yoi6f6wdeh!_F1{^1`BnAwq?P4 zo<}^j_VDGZYQ!;e|5xG|7u|W0#KOa$gpKQVFcw(=Gd5^eQj`UJ;t&S$kR8Hn`6kw< z#;N(F4kG-MK;8kG5b_~|u?Rz1$>L8m143YZ!@UygNir8UKYs+_Ul4((v*_3kWKGZG$OhOgS|g%4@6PsxbygSFtQi#jB0k+flazpi_{Y^8>jnL$J2)Z+S2q zxTuPv*(s|z~+1NHyUZqrY*jqs1~g;Wnw`9G6avv{pt4=bz3UdX#5J{ zcHjj~QU$G$lD4?C#J#2{-poGxm zi29s#mz3gSvQ2DlOO(O(0Q^KG#e?cx3W^>z(mSgT`C#Y0$u7vrZKM{(Jw|na&J;3 zZU7@U*|E4N9uGjDP{o5GSOUzItMi5nd-`67mTaFjmJ7^&c@9%-lA7HE?MjFVi05-opKxI_30!-te&KxAYkK?{0QiWQAPbo@r-Z%il?d;*e!bIs)Xk&-xreun z{TbP>%`2u$Yj~GqFNxe0@6!D^{Krby0tCGFqkDc;!|*OsW3++;mwPJ1n$HqW%Um@=vtDfh3quN^sQXp>@46Hnf1E-x}_#&&*9^l@+*2(tA&#YD4Qd0i^i+TNu z=*vP!WPzeLC}iI0a4^GxzoC~rj}w23MdkZFXaQ32F9=gl8^Uu$QOO6O@RX!E#(9a4 zuOAd`tDcIhG*)Jd(m)V4OS|CN;C#MswBRGdwP<|W$m~-MlZ#d!v30JD?YZ7EC6*uo zlH|=Cfxjrma9MC!2a~!i0T2^lFqu?wcCzu)Hz5`#QCbBQUl}IhB;u$HCjLvg04VLEA-nNGGt@&UdqsD0^DboA)44p?fEn&4X7OtglI*CkMZ zx@K=zy2tH_?xj_y&siI1`R>GV!OyELd#f=OM3n295Pzep@p|U+rBBR!{bKZS5ygw6 z|M*NzF1u5rk{&l#xB=KJ2;%Tj2px@fO^c}Dp4jo%9`Qx&avFig)LEU$o0Vf7|E3%V#h*szjF zTFhO*BGuJ|mSn5$$ZVA?fo*UDiaXf^<>!;je}nw!t<`_(&Jd@3{omN7zjAmz`tQLd zu3A~thEhvI6W~o(z9qUE(R)vS0zz5Jlu!?E1ES*XW%;^7{M$3=;ZqiDr+)(4p?WvT~pm=i$YKXx5FpU;6(TMD3AWF`oqM z;pm=hPgDhl(M{)+ZC*p^(*qZZrxSpA`+7p={!ZQgS)HKogQ~rN1ag;QIbZ6a$cL&x zl^-)Hjn7^qt-H2*1AoXTw;Asx0ELgkppa&>^fnSPwBI%E)nU?^$k^M{E}*g_e%yq* z%l2}>$A}8{=hsoDNuZ8g*LNl^+f2%&>%6zIO#VQm)OuHISN0GYy(1T=+p-dPuqpKE zonrPYsN{VtS-sG{;02feI@MX&v+x{uEXh29G&z$I0w8cF)IVeyn`-MAAv(wC%+JN7 z7we6WtPF)De??AhLHUW}H766GiA_cnD{G73Nz`>^bBFgxB!Cdv$ZLHX?4^mhQy=vv zi0~W-zg*1s0k7IRRc7u~3;w=%%N0=HEbOu=_FlFEcXBdAgT#UE|mP-y6SW6%NNf^0vm#htQ(ZwUNI@;MpY@~V* z!P9JJ+t@qWQHX&><=4Z+kb?IUp0wevPhGY=`1^g~UKj9n4nScf-~V%T7xcxGCNs+w z6!urrH#J|KVZW+CdWBx_Z4$%f+AKCc-Q*vdBCl(H&0DFia=Md%`-KMab&{&vLdPfM z^mlD*1x}}iPd+ejA`q@3aGzP*ZP_VGi(z7c`$B)G>aHg+aG8!ojNJ>#YD0bi`3J>6 z-2M2`P1+wWvhX9p@8$H~5+T{K6vz{W3vlho(Z9@So#`USC;<0lUQ&&x9WOGT*!2B| zXf;j>B@+iVzj^d-N_3%5aC(-rFnme$%@u}EM29mrKC=4WnwhAT^~PTte)2mn6KhY7 zIIiP4-8x10h$z{7CCn>`9Zi4gHdLKaurwT5@`^tKuld^5No0Lr`OLU^;RJ!c=$#Fp zSEG)V6*iE)Dxj5n?PPbUW?IE0@fPS?H|hEn4)MDeIp~)x?PT$K z(*j#dA+$!Q9+i9-k3n^J7xG^l{Tf5#vcP+b?pla?tio+u+4odmZ|!1`xW0GaoDSAt z#K57fmL@KWPXE8OXr6hC(Q-Bk8M3uYt8P>uRBlDhp~qXM9LmM?RMiKN6Y)>Nd%(Cj zKVT+yq3h5}SjN1dgAl3#kA!xJSYAoHdLg#$9I3eKH}ENDa_CC3HNL+i(&uGmCf$WS z)5s9`SM%~2f!w{ilOwF=Bq~(Z|I#T`nJtB*W0x|>>Of0RQ*kS1Q|6r38PY1&@)7vSaVW63cfqE&U^nYrB_IN{R@vU)7g- zuD5=3e7?SyAi~AV;{tHFHXj$9)Pq*ONxtqZ`18_{)PdYq$9dx7>T~?UBzkRESi(%M zsVpT>D^1vO@axtcESPAla`Li();Ui(L~a1jr2}YDzT3oD7qUmt&6ImSSi!@ zUwg{$mk)oVoz~|{>v^Z;?|p*2>5LdERSNW`C>1_l{{hnbmY-!}fPRwmy-Dm4w`2Y} z2aDyS6P+X*Xu<89hHqTG8-H+ow<9Gq>c7gBi}YnXZYE<*>$l?#Q1kR?o)Y=+dKAsK zcfx0KQ?bDnzqrC!A?XCH)KQMF5Sq;Vj(Ctb)oe_J_s%(zJJ8E8{0q14EkwBKUoWKl zo8djbcJ^YkT@Iynn^+|nX$YlI+3s({6v2WYR|G};#2rmD4ZSeZiPIda(IQ-v+dqns zGKI)wC-B6hgsSh}Va!o4$+4X4GG%P!zU(``0`2FLzlxh8MC&Ry*K!X5MqZky(FX?o3K zA&)DwSOX!$oYJ>h0XhhWNUuW1Z~gwr(WtEyIm6s(jb6E;>20SoOH&hz1>rKhPJ5-o zetKGQDHLEjIOq}(N@x#P*LJNa5+aVSN!1?94i10aO$!I%0sZSX6SAx=;>2x3I}}x{@M4~ zl(+66I641D9awqtgO&(U>Wnq0+pAAzp+dXJhs)kZrWk%tZLx}xL&UNFksi9|T~G00 z+ie?v?DUP=sYb8Eojp-?GZuO_X!~}bOoyvc5HaYAqNAqDy$qXoPK(%-Yqt86`sT$v z8BXrc|F{?x3VfN^ZLO&_+Y)8J{48XRy-k2xmKTZW*`wCVYQ7 z3f5a9osm>=EMtj4=j$X+Rb+5}=5Yzo3~c^pKVIJd#VV1)9khUc<8ID>8RhqG=6%|y z4w0~!H6+XTzn+_#dEfYHjhM}uBeK;#*+^!;Yhm7P5!<)z$6O|o#=)Cwnbwj56G>tI zH02#gDRT7JQAF`{s-)fNK<-D7NIPg9T{3F?{YD) zqjCqlcY-6Hj@rnK=3l!{XGa7fE}w^Ncx>P-#UIWP5g_r@KK1Ck{9-cC{eKkwX6;ef z_RDY*m=H{39yFA4cRoWPH5vUYj**7}7d3@G6>}M{;HRz*fR2d2qi_~`#0J5HFP}Up zj1{f8Y(&f}p45MOo{Td0HWrugqRR>`ODlVE!oORODYx3#oIio%I42rbVop|G7a75z zQ!?sM2YKb24&wg5i1Dhf%Z4XfwI#G8r!Xk^a!n)f?V;O{L#8w#Ww{U9sx~6q-rpaS zh5RV^G2l{m+D)y_fD=xUnjb<_Qxy(^D{_cHjJ(@ zO6I=`$zej~@g<0;;YzU2M_TTly2CO3N@XMit0oLm;0b5;(XwdS4z+m_C8ygE!Auoo zc`M)BGY?q*bP47vvXlaq*RD~r6R20VELFIapUIw5<$D7>)633leRb;e;WWmN>MD#p zw^F`}TGA-e_n0VJ&AlE2 z%a>nSEfyo;q0+V^>PCgVq?=15lc1Gl{CtUtn)%QB2@*@Nk3eCCnpi~w6L$Bc)t9tN zslJyStI|cW0;Bt~VZJ~F!FpUxU8kWB?y4B$`|FH6O(d;uv-PGgeyq&L-fBGJt-D0$Dpqe4{*& zaR-jpv;{3W-o$UToz^s6RWu5#e~JGoNwpWvsRFysU>e?S$7||({At1ZtYxA*-l;p0 zPjmBM`#-?**PcJ{ua;q{Tj=Fb=;D2}1e8jSxM zw6?m7$)H^EAEY9L76S;jUiGHwv~(xEmJ9}iU|hjTiRG9OOF}MdL!VV9#ls|*j}JZ~ zXnt1j4T&_V8sBN18;*-XG2d!@_dv+g^F7#x#YVcW$j(fDGZOCC2$V%Q`xjtM|5Apn za&W5>c$ND*2L=E1>=*~W zk$iCgdESno%hq$LOy4+NQnS;fd7m&$F6agdI3A4zWICvqAtv%93@08Ii%&$R-K=s@ ju({X^fuDO;z~=Ewfu`z#`|r-!E+}fsS`SJU&BFcKp+r@ z&dnRQL7+o8;Jt*E8CWYn)iMDO2A|v7*FdGc0`tJ1!!8>78X!=44EwIb{wACEO$#3o z=vdqSkD(n=-~xD9mhLvI@C7j=t{{gC1&7c5XpLph z6FKkAbxWb!l%4y;O>&eat2|eHq+%P_QC4xIU-t@5F|pj{INbNy{;kn5;^Sj&0mlQH z`YfsK7C{u@C9ws(c!OQp%OG@Bm;ig{QSd!L65mm48TJZvhM*877VOLhaG`c z{rErFXy-!tJ0Z(->kKiYwUMIoG!G>*;y&F`M@&0#x;4d{ylp!#TzfIiAO^Y=t}Bd7{lhMj|b zTF$FxH6&Hr(?Ar=1nnR~*0EYO+UD+xbNVn&%&^OkIJTOqDfN?wN!jLH@v4u0=4Dd9 z@mX+grauj&IJtOzL)Y^c1=<0&Yfo-PtYS-x2Lkh`InOQX4_|AeJY~a}O!_qyi&Q^= z!oVyHe%EG%qILFCWcf0Q{f$8ttMA0_T+AF)qriw#cMzAmKFMgwc_vdYl)`s>J3p7i?My4 z|Hh^;Oi41Ca@TW~>a;tVMA0E6)0P(-6?3~ohLW5~6Rr?kEl@S;Dj6O8Bz8vbpL3cY z&)J(S{hFtzNdX=@LDXUi>tpi84hyX%5??Zq=;z=mmH#g07pnhd|xX3 z#Yvjl4nnqbCQ{!b^$X0%V6!8y>3E6_A&!!-Ft60EzsvJ{r*53D{^I(nKmsmxy!Ku+ zXX%@|i}jz{f;^p<*HF(Vw-xR;6u7G^4TA@XC8~^o|6}Pb{3Pd;%F4Hm^0e`8fznQL z{^&9@36icQbEHrM;zd!Sj8{=BRu$(qnKZs|Soo$WR>mP$*o%qsm3fXoKasDV1G{)C zg+ewJ&g!Du1al@InYLRalVUzKtbmyvmBtZah(j(sLf@d%*!4K~kJIaM)`M%mhzi2N z>}a{VV*jrv#xXuw%@frc%F4Jed*)(q>$+^MCzi!jBeH@$^8g&heG0pFHSMM~VDCE{ z19;SGy+Vqj!w7Q$Y~)nt(oJqTy7xwISLIKkTzY zo`a)&mgDV@0&Fq06~1~3<9xksaHFm{p>^b&I((?!PiL;JrgywpuGnJ{4yvGy1Yh)8d_#NIr{%P}RN?W${bdaB>1l>F z#}b6)9AE6}w%ruxEZ^9Sm2__!z4EIaRVS%|&+$>MG--x0Vn(P4^x~V95dGDNE#(ex@F5}k_PaVHD z!q5)N`s=mO?KEe+$ECd0#n;`m>3k=MBBd+KiMYfL$gHWhAEYUG^VIz&{F|P3lLy;+ z$<{l5GUPBjKybIX5?OInShUV&O9*~6{+cI{3Z7q35%9VHfbkrP+gGHl&< zEH0U4&(^6((q?VCAgc;X@TcJy=c{ab5|KL=yx^Fu*jBqRatcb-puJ{FWV(RT*g zmaRz}|DI6XaFx|xD@Q3=22ZzT-_7TL*LMCS;O8JR0D$gTGB?mLOtY+g@-W;W($D(L zT&|=wa#x zizC$)aU;o=C9R%Q>o(#TOVr5}p{wrfThFARw`0W5r7I=-r#)~{ry@#6{xaEE0L5u5 z+qIQ%+3Y3QlyH`{Qb9F>zIz=)qMozWu0HRxiYm8Vdrc?HLWAyS{+Z{3B9XET=Qm=d zn~q>|sk;u^8+(e`AsQWOFSEXT{+T{RSdzjx)2d)d22e&m1skw7@tD_2rufy6=r`C4 z#(OLk^-UtAkkK&Xh)S96iQ+CarfP1}t)D0gW-N#$+mnYHeTJ91o^PI+YI$-gb0TT= zjoSR4^bXepF4Q7%uFq~fnPUI$0oo*a9%}Pon_BX&Yh?&rf2O{QP?ul8q%dTav|fHm-f<*R*n(VUNLP#!AmIQ)>=>E zyRMFOIWH!XeeI1!Hrw|RHm74L-4!PGxfaVyh^a~j_4fM+2>sD5*>gf;OdjQGPzT{< z1)%|_2cZ^2c5`X%k#*gKxxpsmN560=Jr3PNm&ar)l$DG5 zcmI5Oq5C;E6RqkbKD1JF(O>&VdP+YBx^gwc!em@L-VhV+h-QM;*J11rW|UXND7sixFbxywYHsL9VINBnW$@r>YUR0^@%_L!aqNpdwD` z$_s@c8Zy^@CU;dwD`pLyAfn{9b1iO_OZbR3Vz+xR_r_~_ZXW>&me7Qo_6c0_@&6r9 zFGPf|?kR-j_q$%=kJ8HRA03T80{y3waEnSEYD(YP!Q6mS)tG@0f*4%qcyc}w9=|MI;TE(W6TCvKfw>Ag@NuEekr7DVlFPzPq^L*gn$89c7gFR zcWjY`7?0Ss_l3Iic=N7a)>C_Ohy}R3soP!s0o50F+$IY0rheAae1Alls`|Hj8w)>n z>p0RJ>O;L^78HTJYu$5H`xk4E%$y(dx$!Ke%Al<@J#V3)i5xYMGJ~_b`HV1`&oQJh z6&}-nMP;NYzr;s)9fkbFiQ{u14un|^NA7@3HO;ry)5eAiM^B^lv9cGw%38gI!nt-2 zWtf%qsI6%k0}&QKWA?&>_2EJ$p_dg$uMr4^R1fQB5IHj5FFnuR{!(TIPoEtASv=~s zkwOImY;@9Mav0%dm+uw^*=Y5mANATGeI7{D>m^63x)=+C(jOPYzU1m08f(pW^@3El zCsYqVw0bKF<#-ID{VK`>;NNkn6dm7leUC|Jq|(SLb2NP536e}}C|eSa)h zPfX-!IKWNtz+Vm7=H{}3M271PiFx5Rm^~+{L=Yg>u&ezbe>%n&y2j1x& zc#~aG+3MVGW~LCn>ZV_3=>M!lY~9=6F|-4Z_Vm`^PYEe;Jmi~#qCR&5rtmSz{haU& zWm#6->jc`l-a_5aRlVGqE&-w9DTTxBnH@M$aoQ4ut<<3mZPD+?*M~9 z4M;?9V+VM4wt8}2W}Ij1a||_TKq@=b6zrF$q-ko)Th^5KveQqmV}_<7zED1t!o!)T z^QQWGgB?bAWVutU;_daT#}h>7Ng&hf|3YHhlp9<*r`_F40|OPAq+b_a)kH`aDy4kC zy3wE+0`fj|48ZUi`8c_uyKT$Qw=Go>qn~bE)y4C?|{Ca`(q*YPFpwyWlxUjnq+YdY8==msJktA zfm1m->YZ_Xp)!3%6u2-JJje52fgOm$@&?1CXSOVe8moR82isCKLR6hMClD znJfwgieY?lTa zp;+)>`HcdZBHz4-a>;_AjnFBzeCD7h7;=reUyH&fZ-%IE3@;X3P*l9KsDweAnEi#8 zKmTO5J(#uB-2Q^4C!HGhvop)?&q8#Vlm{HeH&*!1r!ch(;60bHnBUOWa(7pe?Ea@i z+y%C*CNvt&%G~p^`b1oEIxzN!eD-kG8MR_xHzTnF>>J@NCM!rq zMf})+DltNSeXDtVU`@Ro><4*Ru|_1SyJ<-7Nu3@ph|v&pv0Ixb54)d?SAe|Gy#K?g}`K z3ftWU8Cd>(t}v=m`~EhxX1kKLI#z48^R4l#K8yX%KxC2g;U;H@NmsYY#{uD8+mde5 z@W)^4>F1p`>I{_EF`~}xpLa#9;W%a1i9#4F$n@IpBPGida;zb}smPbgP|p93ds8Sq zW_LBSDEs}=^kLG&#-7qw&h1rBOpb`)93gQ#=;MXX-<<)ITJS8-_@~@!G6@E9hTU)H zYBcj(#9T}o4y9jc+V^|+7(4D2SE}42F5R9Q=C5alo*JN+ruEO&{3Y!(ERKobeEiY38e=+!ur~81>7(5#}fVf>b(yuyz3HHA9F*OqjL8-#o`K><&0dB3n1^U zP6zVd@juGD<>uR98d5idTV3Vf`RbqpHZxaT*}ohDtr!DC9w5SQYs9^HL;CJ*gAkgP z1Jtp5#NeOb(XVS@w_wzuznXW~OO{q+{ao8&D3 **Cache nodes**. Select the cache node you wish to provision. :::image type="content" source="images/mcc-isp-provision-cache-node-numbered.png" alt-text="Screenshot of the Azure portal depicting the cache node configuration page of a cache node. This screenshot shows all of the fields you can choose to configure the cache node." lightbox="./images/mcc-isp-provision-cache-node-numbered.png"::: diff --git a/windows/deployment/do/mcc-isp-faq.yml b/windows/deployment/do/mcc-isp-faq.yml index ddcf91bb1e..a69163e35c 100644 --- a/windows/deployment/do/mcc-isp-faq.yml +++ b/windows/deployment/do/mcc-isp-faq.yml @@ -85,6 +85,8 @@ sections: answer: If a downstream customer deploys a Microsoft Connected Cache node, the cache controller will prefer the downstream ASN when handling that ASN's traffic. - question: I signed up for Microsoft Connected Cache, but I'm not receiving the verification email. What should I do? answer: First, check that the email under the NOC role is correct in your PeeringDB page. If the email associated with NOC role is correct, search for an email from the sender "microsoft-noreply@microsoft.com" with the email subject - "Here's your Microsoft Connected Cache verification code" in your Spam folders. Still can't find it? Ensure that your email admin rules allow emails from the sender "microsoft-noreply@microsoft.com". + - question: I noticed I can set up BGP for routing. How does BGP routing work for Microsoft Connected Cache? + answer: BGP routing can be set up as an automatic method of routing traffic. To learn more about how BGP is used with Microsoft Connected Cache, see [BGP Routing](mcc-isp-create-provision-deploy.md#bgp-routing) - question: I have an active MCC, but I'm noticing I hit the message limit for my IoT Hub each day. Does this affect my MCC performance and should I be concerned? answer: Even when the quota of 8k messages is hit, the MCC functionality won't be affected. Your client devices will continue to download content as normal. You'll also not be charged above the 8k message limit, so you don't need to worry at all about getting a paid plan. MCC will always be a free service. So if functionality isn't impacted, what is? Instead, messages about the configuration or edge deployment would be impacted. This means that if there was a request to update your MCC and the daily quota was reached, your MCC might not update. In that case, you would just need to wait for the next day to update. This is only a limitation of the early preview and isn't an issue during public preview. - question: What do I do if I need more support and have more questions even after reading this FAQ page? diff --git a/windows/deployment/do/mcc-isp-signup.md b/windows/deployment/do/mcc-isp-signup.md index 960485c7cb..9ae3e9ed19 100644 --- a/windows/deployment/do/mcc-isp-signup.md +++ b/windows/deployment/do/mcc-isp-signup.md @@ -21,7 +21,7 @@ ms.collection: tier3 This article details the process of signing up for Microsoft Connected Cache for Internet Service Providers (public preview). > [!NOTE] - > Microsoft Connected Cache is now in public review. Instead of submitting a survey, you can directly onboard by following the instructions in this article. + > Microsoft Connected Cache is now in public preview. Instead of submitting a survey, you can directly onboard by following the instructions in this article. ## Prerequisites From 8f6bab708501b22bf3596671c05ceb7a33032752 Mon Sep 17 00:00:00 2001 From: Amy Zhou Date: Thu, 27 Apr 2023 17:20:16 -0700 Subject: [PATCH 02/15] add period after faq sentence --- windows/deployment/do/mcc-isp-faq.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/do/mcc-isp-faq.yml b/windows/deployment/do/mcc-isp-faq.yml index a69163e35c..375036f62d 100644 --- a/windows/deployment/do/mcc-isp-faq.yml +++ b/windows/deployment/do/mcc-isp-faq.yml @@ -86,7 +86,7 @@ sections: - question: I signed up for Microsoft Connected Cache, but I'm not receiving the verification email. What should I do? answer: First, check that the email under the NOC role is correct in your PeeringDB page. If the email associated with NOC role is correct, search for an email from the sender "microsoft-noreply@microsoft.com" with the email subject - "Here's your Microsoft Connected Cache verification code" in your Spam folders. Still can't find it? Ensure that your email admin rules allow emails from the sender "microsoft-noreply@microsoft.com". - question: I noticed I can set up BGP for routing. How does BGP routing work for Microsoft Connected Cache? - answer: BGP routing can be set up as an automatic method of routing traffic. To learn more about how BGP is used with Microsoft Connected Cache, see [BGP Routing](mcc-isp-create-provision-deploy.md#bgp-routing) + answer: BGP routing can be set up as an automatic method of routing traffic. To learn more about how BGP is used with Microsoft Connected Cache, see [BGP Routing](mcc-isp-create-provision-deploy.md#bgp-routing). - question: I have an active MCC, but I'm noticing I hit the message limit for my IoT Hub each day. Does this affect my MCC performance and should I be concerned? answer: Even when the quota of 8k messages is hit, the MCC functionality won't be affected. Your client devices will continue to download content as normal. You'll also not be charged above the 8k message limit, so you don't need to worry at all about getting a paid plan. MCC will always be a free service. So if functionality isn't impacted, what is? Instead, messages about the configuration or edge deployment would be impacted. This means that if there was a request to update your MCC and the daily quota was reached, your MCC might not update. In that case, you would just need to wait for the next day to update. This is only a limitation of the early preview and isn't an issue during public preview. - question: What do I do if I need more support and have more questions even after reading this FAQ page? From e4af1e423979c84e492a010d271d19565eb0bbb4 Mon Sep 17 00:00:00 2001 From: Amy Zhou Date: Fri, 28 Apr 2023 15:58:14 -0700 Subject: [PATCH 03/15] start the new overview pages --- windows/deployment/do/TOC.yml | 4 ++++ windows/deployment/do/mcc-ent-edu-overview.md | 12 ++++++++++++ windows/deployment/do/mcc-isp-overview.md | 12 ++++++++++++ 3 files changed, 28 insertions(+) create mode 100644 windows/deployment/do/mcc-ent-edu-overview.md create mode 100644 windows/deployment/do/mcc-isp-overview.md diff --git a/windows/deployment/do/TOC.yml b/windows/deployment/do/TOC.yml index 5bcf7b6dbe..f93adacfb0 100644 --- a/windows/deployment/do/TOC.yml +++ b/windows/deployment/do/TOC.yml @@ -31,6 +31,8 @@ href: waas-microsoft-connected-cache.md - name: MCC for Enterprise and Education items: + - name: What is MCC for Enterprise and Education? + href: mcc-ent-edu-overview.md - name: Requirements href: mcc-enterprise-prerequisites.md - name: Deploy Microsoft Connected Cache @@ -41,6 +43,8 @@ href: mcc-enterprise-appendix.md - name: MCC for ISPs items: + - name: What is MCC for ISPs? + href: mcc-isp-overview.md - name: How-to guides items: - name: Operator sign up and service onboarding diff --git a/windows/deployment/do/mcc-ent-edu-overview.md b/windows/deployment/do/mcc-ent-edu-overview.md new file mode 100644 index 0000000000..26a73b14fb --- /dev/null +++ b/windows/deployment/do/mcc-ent-edu-overview.md @@ -0,0 +1,12 @@ +--- +title: What is MCC for Enterprise and Education? +manager: aaroncz +description: Overview of Microsoft Connected Cache (MCC) for Enterprise and Education. +ms.prod: windows-client +author: amymzhou +ms.author: amyzhou +ms.topic: article +ms.date: 12/31/2017 +ms.technology: itpro-updates +ms.collection: tier3 +--- \ No newline at end of file diff --git a/windows/deployment/do/mcc-isp-overview.md b/windows/deployment/do/mcc-isp-overview.md new file mode 100644 index 0000000000..e4236fdb8f --- /dev/null +++ b/windows/deployment/do/mcc-isp-overview.md @@ -0,0 +1,12 @@ +--- +title: What is MCC for ISPs? +manager: aaroncz +description: Overview for Microsoft Connected Cache for ISPs +ms.prod: windows-client +author: amymzhou +ms.author: amyzhou +ms.topic: article +ms.date: 12/31/2017 +ms.technology: itpro-updates +ms.collection: tier3 +--- \ No newline at end of file From 90c8723a851383218a8e4da0ff5cf1e4fb557428 Mon Sep 17 00:00:00 2001 From: "Steve DiAcetis (MSFT)" <52939067+SteveDiAcetis@users.noreply.github.com> Date: Mon, 1 May 2023 16:07:09 -0700 Subject: [PATCH 04/15] Update media-dynamic-update.md Added support to copy servicing boot manager files from WinPE to the root media. --- .../deployment/update/media-dynamic-update.md | 34 +++++++++++++++++-- 1 file changed, 31 insertions(+), 3 deletions(-) diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md index 135a23932a..42a5654358 100644 --- a/windows/deployment/update/media-dynamic-update.md +++ b/windows/deployment/update/media-dynamic-update.md @@ -77,6 +77,7 @@ This table shows the correct sequence for applying the various tasks to the file |Add Safe OS Dynamic Update | 6 | | | |Add Setup Dynamic Update | | | | 26 |Add setup.exe from WinPE | | | | 27 +|Add boot manager from WinPE | | | | 28 |Add latest cumulative update | | 15 | 21 | |Clean up the image | 7 | 16 | 22 | |Add Optional Components | | | 23 | @@ -416,9 +417,15 @@ Foreach ($IMAGE in $WINPE_IMAGES) { Write-Output "$(Get-TS): Performing image cleanup on WinPE" DISM /image:$WINPE_MOUNT /cleanup-image /StartComponentCleanup | Out-Null - # If second image, save setup.exe for later use. This will address possible binary mismatch with the version in the main OS \sources folder if ($IMAGE.ImageIndex -eq "2") { - Copy-Item -Path $WINPE_MOUNT"\sources\setup.exe" -Destination $WORKING_PATH"\setup.exe" -Force -ErrorAction stop | Out-Null + + # If second image, save setup.exe for later use. This will address possible binary mismatch with the version in the main OS \sources folder + Copy-Item -Path $WINPE_MOUNT"\sources\setup.exe" -Destination $WORKING_PATH"\setup.exe" -Force -Recurse -ErrorAction stop | Out-Null + + # Simiarly, save serviced boot manager files later copy to the root media. + Copy-Item -Path $WINPE_MOUNT"\Windows\boot\efi\bootmgfw.efi" -Destination $WORKING_PATH"\bootmgfw.efi" -Force -Recurse -ErrorAction stop | Out-Null + Copy-Item -Path $WINPE_MOUNT"\Windows\boot\efi\bootmgr.efi" -Destination $WORKING_PATH"\bootmgr.efi" -Force -Recurse -ErrorAction stop | Out-Null + } # Dismount @@ -532,7 +539,7 @@ Move-Item -Path $WORKING_PATH"\install2.wim" -Destination $MEDIA_NEW_PATH"\sourc ### Update remaining media files -This part of the script updates the Setup files. It simply copies the individual files in the Setup Dynamic Update package to the new media. This step brings an updated Setup files as needed, along with the latest compatibility database, and replacement component manifests. This script also does a final replacement of setup.exe using the previously saved version from WinPE. +This part of the script updates the Setup files. It simply copies the individual files in the Setup Dynamic Update package to the new media. This step brings an updated Setup files as needed, along with the latest compatibility database, and replacement component manifests. This script also does a final replacement of setup.exe and boot manager files using the previously saved versions from WinPE. ```powershell # @@ -544,8 +551,29 @@ Write-Output "$(Get-TS): Adding package $SETUP_DU_PATH" cmd.exe /c $env:SystemRoot\System32\expand.exe $SETUP_DU_PATH -F:* $MEDIA_NEW_PATH"\sources" | Out-Null # Copy setup.exe from boot.wim, saved earlier. +Write-Output "$(Get-TS): Copying $WORKING_PATH\setup.exe to $MEDIA_NEW_PATH\sources\setup.exe" Copy-Item -Path $WORKING_PATH"\setup.exe" -Destination $MEDIA_NEW_PATH"\sources\setup.exe" -Force -ErrorAction stop | Out-Null + +# Copy bootmgr files from boot.wim, saved earlier. +$MEDIA_NEW_FILES = Get-ChildItem $MEDIA_NEW_PATH -Force -Recurse -Filter b*.efi + +Foreach ($File in $MEDIA_NEW_FILES){ + if (($File.Name -ieq "bootmgfw.efi") -or ` + ($File.Name -ieq "bootx64.efi") -or ` + ($File.Name -ieq "bootia32.efi") -or ` + ($File.Name -ieq "bootaa64.efi")) + { + Write-Output "$(Get-TS): Copying $WORKING_PATH\bootmgfw.efi to $($File.FullName)" + Copy-Item -Path $WORKING_PATH"\bootmgfw.efi" -Destination $File.FullName -Force -Recurse -ErrorAction stop | Out-Null + } + elseif ($File.Name -ieq "bootmgr.efi") + { + Write-Output "$(Get-TS): Copying $WORKING_PATH\bootmgr.efi to $($File.FullName)" + Copy-Item -Path $WORKING_PATH"\bootmgr.efi" -Destination $File.FullName -Force -Recurse -ErrorAction stop | Out-Null + } +} + ``` ### Finish up From db2afa195d1c05292080dac084755049ca3532d2 Mon Sep 17 00:00:00 2001 From: "Steve DiAcetis (MSFT)" <52939067+SteveDiAcetis@users.noreply.github.com> Date: Mon, 1 May 2023 16:24:54 -0700 Subject: [PATCH 05/15] Update media-dynamic-update.md --- windows/deployment/update/media-dynamic-update.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md index 42a5654358..b28c4a6975 100644 --- a/windows/deployment/update/media-dynamic-update.md +++ b/windows/deployment/update/media-dynamic-update.md @@ -301,7 +301,7 @@ Move-Item -Path $WORKING_PATH"\winre2.wim" -Destination $WORKING_PATH"\winre.wim ### Update WinPE -This script is similar to the one that updates WinRE, but instead it mounts Boot.wim, applies the packages with the latest cumulative update last, and saves. It repeats this for all images inside of Boot.wim, typically two images. It starts by applying the servicing stack Dynamic Update. Since the script is customizing this media with Japanese, it installs the language pack from the WinPE folder on the language pack ISO. Additionally, add font support and text to speech (TTS) support. Since the script is adding a new language, it rebuilds lang.ini, used to identify languages installed in the image. For the second image, we'll save setup.exe for later use, to ensure this version matches the \sources\setup.exe version from the installation media. If these binaries are not identical, Windows Setup will fail during installation. Finally, it cleans and exports Boot.wim, and copies it back to the new media. +This script is similar to the one that updates WinRE, but instead it mounts Boot.wim, applies the packages with the latest cumulative update last, and saves. It repeats this for all images inside of Boot.wim, typically two images. It starts by applying the servicing stack Dynamic Update. Since the script is customizing this media with Japanese, it installs the language pack from the WinPE folder on the language pack ISO. Additionally, add font support and text to speech (TTS) support. Since the script is adding a new language, it rebuilds lang.ini, used to identify languages installed in the image. For the second image, we'll save setup.exe for later use, to ensure this version matches the \sources\setup.exe version from the installation media. If these binaries are not identical, Windows Setup will fail during installation. We'll also save serviced boot manager files for later use in the script. Finally, it cleans and exports Boot.wim, and copies it back to the new media. ```powershell # @@ -419,10 +419,10 @@ Foreach ($IMAGE in $WINPE_IMAGES) { if ($IMAGE.ImageIndex -eq "2") { - # If second image, save setup.exe for later use. This will address possible binary mismatch with the version in the main OS \sources folder + # Save setup.exe for later use. This will address possible binary mismatch with the version in the main OS \sources folder Copy-Item -Path $WINPE_MOUNT"\sources\setup.exe" -Destination $WORKING_PATH"\setup.exe" -Force -Recurse -ErrorAction stop | Out-Null - # Simiarly, save serviced boot manager files later copy to the root media. + # Save serviced boot manager files later copy to the root media. Copy-Item -Path $WINPE_MOUNT"\Windows\boot\efi\bootmgfw.efi" -Destination $WORKING_PATH"\bootmgfw.efi" -Force -Recurse -ErrorAction stop | Out-Null Copy-Item -Path $WINPE_MOUNT"\Windows\boot\efi\bootmgr.efi" -Destination $WORKING_PATH"\bootmgr.efi" -Force -Recurse -ErrorAction stop | Out-Null From a23815eae630a04338b6d203a9bcc44a5181ca9e Mon Sep 17 00:00:00 2001 From: Amy Zhou Date: Mon, 1 May 2023 17:26:27 -0700 Subject: [PATCH 06/15] add the new enterprise overview page --- windows/deployment/do/TOC.yml | 2 +- windows/deployment/do/mcc-ent-edu-overview.md | 61 ++++++++++++++++++- windows/deployment/do/mcc-isp-overview.md | 3 +- .../do/waas-microsoft-connected-cache.md | 2 +- 4 files changed, 64 insertions(+), 4 deletions(-) diff --git a/windows/deployment/do/TOC.yml b/windows/deployment/do/TOC.yml index f93adacfb0..d386e42124 100644 --- a/windows/deployment/do/TOC.yml +++ b/windows/deployment/do/TOC.yml @@ -27,7 +27,7 @@ href: delivery-optimization-test.md - name: Microsoft Connected Cache items: - - name: Microsoft Connected Cache overview + - name: What is Microsoft Connected Cache href: waas-microsoft-connected-cache.md - name: MCC for Enterprise and Education items: diff --git a/windows/deployment/do/mcc-ent-edu-overview.md b/windows/deployment/do/mcc-ent-edu-overview.md index 26a73b14fb..de8b8262a3 100644 --- a/windows/deployment/do/mcc-ent-edu-overview.md +++ b/windows/deployment/do/mcc-ent-edu-overview.md @@ -9,4 +9,63 @@ ms.topic: article ms.date: 12/31/2017 ms.technology: itpro-updates ms.collection: tier3 ---- \ No newline at end of file +--- + +# Microsoft Connected Cache for Enterprise and Education + +**Applies to** + +- Windows 10 +- Windows 11 + +> [!IMPORTANT] +> Microsoft Connected Cache is currently a preview feature. For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/). + +Microsoft Connected Cache (MCC) for Enterprise and Education (early preview) is a software-only caching solution that delivers Microsoft content within Enterprise and Education networks. MCC can be deployed to as many Windows servers, bare-metal servers, or VMs as needed, and is managed from a cloud portal. Cache nodes are created in the cloud portal and are configured by applying the client policy using management tools such as Intune. + +Microsoft Connected Cache (MCC) for Enterprise and Education (early preview) is a standalone cache for customers moving towards modern management and away from Configuration Manager distribution points. For Microsoft Connected Cache in Configuration Manager (generally available starting Configuration Manager version 2111), see [Microsoft Connected Cache in Configuration Manager](/mem/configmgr/core/plan-design/hierarchy/microsoft-connected-cache). + +## Supported scenarios + +Connected Cache (early preview) supports the following scenarios: + +- Pre-provisioning of devices using Windows Autopilot +- Cloud-only devices, such as Intune-enrolled devices + +## Supported content types + +When clients download cloud-managed content, they use Delivery Optimization from the cache server installed on a Windows server or VM. Cloud-managed content includes the following types: + +- Windows Update for Business: Windows feature and quality updates +- Office Click-to-Run apps: Microsoft 365 Apps and updates +- Client apps: Microsoft Store apps and updates +- Endpoint protection: Windows Defender definition updates + +For the full list of content endpoints that Microsoft Connected Cache for Enterprise and Education supports, see [Microsoft Connected Cache content and services endpoints](delivery-optimization-endpoints.md). + +## How it works + +MCC is a hybrid (mix of on-premises and cloud resources) SaaS solution built as an Azure IoT Edge module and Docker compatible Linux container deployed to your Windows devices. The Delivery Optimization team chose IoT Edge for Linux on Windows (EFLOW) as a secure, reliable container management infrastructure. EFLOW is a Linux virtual machine, based on Microsoft's first party CBL-Mariner operating system. It’s built with the IoT Edge runtime and validated as a tier 1 supported environment for IoT Edge workloads. MCC will be a Linux IoT Edge module running on the Windows Host OS. + +1. The Azure Management Portal is used to create MCC nodes. +1. The MCC container is deployed and provisioned to the server using the installer provided in the portal. +1. Client policy is set in your management solution to point to the IP address or FQDN of the cache server. +1. Microsoft end-user devices make range requests for content from the MCC node. +1. The MCC node pulls content from the CDN, seeds its local cache stored on disk, and delivers the content to the client. +1. Subsequent requests from end-user devices for content will now come from cache. +1. If the MCC node is unavailable, the client will pull content from CDN to ensure uninterrupted service for your subscribers. + +The following diagram displays an overview of how MCC functions: + +:::image type="content" source="./images/waas-mcc-diag-overview.png" alt-text="Diagram displaying the components of MCC." lightbox="./images/waas-mcc-diag-overview.png"::: + +## IoT Edge + +Even though your MCC scenario isn't related to IoT, Azure IoT Edge is used as a more generic Linux container deployment and management infrastructure. The Azure IoT Edge runtime sits on your designated MCC device and performs management and communication operations. The runtime performs several functions important to manage MCC on your edge device: + +1. Installs and updates MCC on your edge device. +1. Maintains Azure IoT Edge security standards on your edge device. +1. Ensures that MCC is always running. +1. Reports MCC health and usage to the cloud for remote monitoring. + +For more information on Azure IoT Edge, see the Azure IoT Edge [documentation](/azure/iot-edge/about-iot-edge). diff --git a/windows/deployment/do/mcc-isp-overview.md b/windows/deployment/do/mcc-isp-overview.md index e4236fdb8f..9395eaa9b9 100644 --- a/windows/deployment/do/mcc-isp-overview.md +++ b/windows/deployment/do/mcc-isp-overview.md @@ -9,4 +9,5 @@ ms.topic: article ms.date: 12/31/2017 ms.technology: itpro-updates ms.collection: tier3 ---- \ No newline at end of file +--- + diff --git a/windows/deployment/do/waas-microsoft-connected-cache.md b/windows/deployment/do/waas-microsoft-connected-cache.md index dec5e3708d..d9337c78a1 100644 --- a/windows/deployment/do/waas-microsoft-connected-cache.md +++ b/windows/deployment/do/waas-microsoft-connected-cache.md @@ -12,7 +12,7 @@ ms.date: 12/31/2017 ms.collection: tier3 --- -# Microsoft Connected Cache overview +# What is Microsoft Connected Cache? **Applies to** From b81b750a0d05284bbfb44b04582b490e075ee0e9 Mon Sep 17 00:00:00 2001 From: Amy Zhou Date: Mon, 1 May 2023 17:53:27 -0700 Subject: [PATCH 07/15] fixed original overview, started ISPs overview --- windows/deployment/do/TOC.yml | 4 +- windows/deployment/do/mcc-ent-edu-overview.md | 7 +++- .../do/mcc-enterprise-prerequisites.md | 1 + windows/deployment/do/mcc-isp-overview.md | 32 ++++++++++++++- .../do/waas-microsoft-connected-cache.md | 39 +++---------------- 5 files changed, 44 insertions(+), 39 deletions(-) diff --git a/windows/deployment/do/TOC.yml b/windows/deployment/do/TOC.yml index d386e42124..41763a5c9a 100644 --- a/windows/deployment/do/TOC.yml +++ b/windows/deployment/do/TOC.yml @@ -31,7 +31,7 @@ href: waas-microsoft-connected-cache.md - name: MCC for Enterprise and Education items: - - name: What is MCC for Enterprise and Education? + - name: MCC for Enterprise and Education Overview href: mcc-ent-edu-overview.md - name: Requirements href: mcc-enterprise-prerequisites.md @@ -43,7 +43,7 @@ href: mcc-enterprise-appendix.md - name: MCC for ISPs items: - - name: What is MCC for ISPs? + - name: MCC for ISPs Overview href: mcc-isp-overview.md - name: How-to guides items: diff --git a/windows/deployment/do/mcc-ent-edu-overview.md b/windows/deployment/do/mcc-ent-edu-overview.md index de8b8262a3..ac1fd7ba34 100644 --- a/windows/deployment/do/mcc-ent-edu-overview.md +++ b/windows/deployment/do/mcc-ent-edu-overview.md @@ -1,5 +1,5 @@ --- -title: What is MCC for Enterprise and Education? +title: MCC for Enterprise and Education Overview manager: aaroncz description: Overview of Microsoft Connected Cache (MCC) for Enterprise and Education. ms.prod: windows-client @@ -11,7 +11,7 @@ ms.technology: itpro-updates ms.collection: tier3 --- -# Microsoft Connected Cache for Enterprise and Education +# Microsoft Connected Cache for Enterprise and Education Overview **Applies to** @@ -21,6 +21,9 @@ ms.collection: tier3 > [!IMPORTANT] > Microsoft Connected Cache is currently a preview feature. For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/). +> [!NOTE] +> We're still accepting Enterprise and Education customers to join the early preview. To register your interest, fill out the survey located at [https://aka.ms/MSConnectedCacheSignup](https://aka.ms/MSConnectedCacheSignup). + Microsoft Connected Cache (MCC) for Enterprise and Education (early preview) is a software-only caching solution that delivers Microsoft content within Enterprise and Education networks. MCC can be deployed to as many Windows servers, bare-metal servers, or VMs as needed, and is managed from a cloud portal. Cache nodes are created in the cloud portal and are configured by applying the client policy using management tools such as Intune. Microsoft Connected Cache (MCC) for Enterprise and Education (early preview) is a standalone cache for customers moving towards modern management and away from Configuration Manager distribution points. For Microsoft Connected Cache in Configuration Manager (generally available starting Configuration Manager version 2111), see [Microsoft Connected Cache in Configuration Manager](/mem/configmgr/core/plan-design/hierarchy/microsoft-connected-cache). diff --git a/windows/deployment/do/mcc-enterprise-prerequisites.md b/windows/deployment/do/mcc-enterprise-prerequisites.md index badea53748..d8282ff774 100644 --- a/windows/deployment/do/mcc-enterprise-prerequisites.md +++ b/windows/deployment/do/mcc-enterprise-prerequisites.md @@ -20,6 +20,7 @@ ms.collection: tier3 > [!NOTE] > We're still accepting Enterprise and Education customers to join the early preview. To register your interest, fill out the survey located at [https://aka.ms/MSConnectedCacheSignup](https://aka.ms/MSConnectedCacheSignup). + ## Enterprise requirements for MCC 1. **Azure subscription**: MCC management portal is hosted within Azure and is used to create the Connected Cache [Azure resource](/azure/cloud-adoption-framework/govern/resource-consistency/resource-access-management) and IoT Hub resource. Both are free services. diff --git a/windows/deployment/do/mcc-isp-overview.md b/windows/deployment/do/mcc-isp-overview.md index 9395eaa9b9..a1e7335919 100644 --- a/windows/deployment/do/mcc-isp-overview.md +++ b/windows/deployment/do/mcc-isp-overview.md @@ -1,5 +1,5 @@ --- -title: What is MCC for ISPs? +title: MCC for ISPs Overview manager: aaroncz description: Overview for Microsoft Connected Cache for ISPs ms.prod: windows-client @@ -11,3 +11,33 @@ ms.technology: itpro-updates ms.collection: tier3 --- +# Microsoft Connected Cache for ISPs Overview + +**Applies to** + +- Windows 10 +- Windows 11 + +Microsoft Connected Cache (MCC) for Internet Service Providers (preview) is a software-only caching solution that delivers Microsoft content. MCC can be deployed to as many bare-metal servers or VMs as needed and is managed from a cloud portal. When deployed, MCC can help to reduce your network bandwidth usage for Microsoft software content and updates. Cache nodes are created in the cloud portal and are configured to deliver traffic to customers by manual CIDR or BGP routing. + +## Supported scenarios + +Microsoft Connected Cache (preview) supports the following scenarios: + +- Internet service provider that provides content downloads for end customers +- Network service providers that provide transit for other service providers + +## Supported content + +Microsoft Connected Cache uses Delivery Optimization as the backbone for Microsoft content delivery. Microsoft Connected Cache caches the following types: + +- Windows Update for Business: Windows feature and quality updates +- Office Click-to-Run apps: Microsoft 365 Apps and updates +- Client apps: Microsoft Store apps and updates +- Endpoint protection: Windows Defender definition updates +- Xbox: Xbox Game Pass (PC only) + +For the full list of content endpoints that Microsoft Connected Cache for ISPs supports, see [Microsoft Connected Cache content and services endpoints](delivery-optimization-endpoints.md). + +## How it works + diff --git a/windows/deployment/do/waas-microsoft-connected-cache.md b/windows/deployment/do/waas-microsoft-connected-cache.md index d9337c78a1..b616087474 100644 --- a/windows/deployment/do/waas-microsoft-connected-cache.md +++ b/windows/deployment/do/waas-microsoft-connected-cache.md @@ -31,47 +31,18 @@ Both products are created and managed in the cloud portal. ## Microsoft Connected Cache for ISPs (preview) > [!NOTE] -> Microsoft Connected Cache for Internet Service Providers is now in public preview. Instead of submitting a survey, you can directly onboard by following the instructions in the [Operator sign up and service onboarding](mcc-isp-signup.md) article. +> Microsoft Connected Cache for Internet Service Providers is now in public preview. To onboard, follow the instructions in the [Operator sign up and service onboarding](mcc-isp-signup.md) article. -Microsoft Connected Cache (MCC) for Internet Service Providers is currently in preview. MCC can be deployed to as many bare-metal servers or VMs as needed and is managed from a cloud portal. When deployed, MCC can help to reduce your network bandwidth usage for Microsoft software content and updates. Cache nodes are created in the cloud portal and are configured to deliver traffic to customers by manual CIDR or BGP routing. +Microsoft Connected Cache (MCC) for Internet Service Providers is currently in preview. MCC can be deployed to as many bare-metal servers or VMs as needed and is managed from a cloud portal. When deployed, MCC can help to reduce your network bandwidth usage for Microsoft software content and updates. Cache nodes are created in the cloud portal and are configured to deliver traffic to customers by manual CIDR or BGP routing. Learn more at [Microsoft Connected Cache for ISPs Overview](mcc-isp-overview.md). ## Microsoft Connected Cache for Enterprise and Education (early preview) > [!NOTE] > We're still accepting Enterprise and Education customers to join the early preview. To register your interest, fill out the survey located at [https://aka.ms/MSConnectedCacheSignup](https://aka.ms/MSConnectedCacheSignup). -Microsoft Connected Cache (MCC) for Enterprise and Education (early preview) is a software-only caching solution that delivers Microsoft content within Enterprise and Education networks. MCC can be deployed to as many Windows servers, bare-metal servers, or VMs as needed, and is managed from a cloud portal. Cache nodes are created in the cloud portal and are configured by applying the client policy using management tools such as Intune. - -MCC is a hybrid (mix of on-premises and cloud resources) SaaS solution built as an Azure IoT Edge module and Docker compatible Linux container deployed to your Windows devices. The Delivery Optimization team chose IoT Edge for Linux on Windows (EFLOW) as a secure, reliable container management infrastructure. EFLOW is a Linux virtual machine, based on Microsoft's first party CBL-Mariner operating system. It’s built with the IoT Edge runtime and validated as a tier 1 supported environment for IoT Edge workloads. MCC will be a Linux IoT Edge module running on the Windows Host OS. - -## IoT Edge - -Both of Microsoft Connected Cache product offerings use Azure IoT Edge. Even though your MCC scenario isn't related to IoT, Azure IoT Edge is used as a more generic Linux container deployment and management infrastructure. The Azure IoT Edge runtime sits on your designated MCC device and performs management and communication operations. The runtime performs several functions important to manage MCC on your edge device: - -1. Installs and updates MCC on your edge device. -1. Maintains Azure IoT Edge security standards on your edge device. -1. Ensures that MCC is always running. -1. Reports MCC health and usage to the cloud for remote monitoring. - -To deploy a functional MCC to your device, you must obtain the necessary keys to provision the Connected Cache instance that communicates with Delivery Optimization services, and enable the device to cache and deliver content. The architecture of MCC is described below. - -For more information on Azure IoT Edge, see the Azure IoT Edge [documentation](/azure/iot-edge/about-iot-edge). - -## How MCC Works - -1. The Azure Management Portal is used to create MCC nodes. -1. The MCC container is deployed and provisioned to the server using the installer provided in the portal. -1. Client policy is set in your management solution to point to the IP address or FQDN of the cache server. -1. Microsoft end-user devices make range requests for content from the MCC node. -1. The MCC node pulls content from the CDN, seeds its local cache stored on disk, and delivers the content to the client. -1. Subsequent requests from end-user devices for content will now come from cache. -1. If the MCC node is unavailable, the client will pull content from CDN to ensure uninterrupted service for your subscribers. - -The following diagram displays and overview of how MCC functions: - -:::image type="content" source="./images/waas-mcc-diag-overview.png" alt-text="Diagram displaying the components of MCC." lightbox="./images/waas-mcc-diag-overview.png"::: +Microsoft Connected Cache (MCC) for Enterprise and Education (early preview) is a software-only caching solution that delivers Microsoft content within Enterprise and Education networks. MCC can be deployed to as many Windows servers, bare-metal servers, or VMs as needed, and is managed from a cloud portal. Cache nodes are created in the cloud portal and are configured by applying the client policy using management tools such as Intune. Learn more at [Microsoft Connected Cache for Enterprise and Education Overview](mcc-ent-edu-overview.md). ## Next steps -- [Microsoft Connected Cache for Enterprise and Education](mcc-enterprise-prerequisites.md) -- [Microsoft Connected Cache for ISPs](mcc-isp-signup.md) +- [Microsoft Connected Cache for ISPs Overview](mcc-isp-overview.md) +- [Microsoft Connected Cache for Enterprise and Education Overview](mcc-ent-edu-overview.md) From 601c36224d3237f75b4268df0b22369d09085088 Mon Sep 17 00:00:00 2001 From: "Steve DiAcetis (MSFT)" <52939067+SteveDiAcetis@users.noreply.github.com> Date: Fri, 5 May 2023 12:14:42 -0700 Subject: [PATCH 08/15] Update media-dynamic-update.md Small edits on copy code. --- windows/deployment/update/media-dynamic-update.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md index b28c4a6975..fcc83b1ea0 100644 --- a/windows/deployment/update/media-dynamic-update.md +++ b/windows/deployment/update/media-dynamic-update.md @@ -420,11 +420,11 @@ Foreach ($IMAGE in $WINPE_IMAGES) { if ($IMAGE.ImageIndex -eq "2") { # Save setup.exe for later use. This will address possible binary mismatch with the version in the main OS \sources folder - Copy-Item -Path $WINPE_MOUNT"\sources\setup.exe" -Destination $WORKING_PATH"\setup.exe" -Force -Recurse -ErrorAction stop | Out-Null + Copy-Item -Path $WINPE_MOUNT"\sources\setup.exe" -Destination $WORKING_PATH"\setup.exe" -Force -ErrorAction stop | Out-Null # Save serviced boot manager files later copy to the root media. - Copy-Item -Path $WINPE_MOUNT"\Windows\boot\efi\bootmgfw.efi" -Destination $WORKING_PATH"\bootmgfw.efi" -Force -Recurse -ErrorAction stop | Out-Null - Copy-Item -Path $WINPE_MOUNT"\Windows\boot\efi\bootmgr.efi" -Destination $WORKING_PATH"\bootmgr.efi" -Force -Recurse -ErrorAction stop | Out-Null + Copy-Item -Path $WINPE_MOUNT"\Windows\boot\efi\bootmgfw.efi" -Destination $WORKING_PATH"\bootmgfw.efi" -Force -ErrorAction stop | Out-Null + Copy-Item -Path $WINPE_MOUNT"\Windows\boot\efi\bootmgr.efi" -Destination $WORKING_PATH"\bootmgr.efi" -Force -ErrorAction stop | Out-Null } @@ -565,12 +565,12 @@ Foreach ($File in $MEDIA_NEW_FILES){ ($File.Name -ieq "bootaa64.efi")) { Write-Output "$(Get-TS): Copying $WORKING_PATH\bootmgfw.efi to $($File.FullName)" - Copy-Item -Path $WORKING_PATH"\bootmgfw.efi" -Destination $File.FullName -Force -Recurse -ErrorAction stop | Out-Null + Copy-Item -Path $WORKING_PATH"\bootmgfw.efi" -Destination $File.FullName -Force -ErrorAction stop | Out-Null } elseif ($File.Name -ieq "bootmgr.efi") { Write-Output "$(Get-TS): Copying $WORKING_PATH\bootmgr.efi to $($File.FullName)" - Copy-Item -Path $WORKING_PATH"\bootmgr.efi" -Destination $File.FullName -Force -Recurse -ErrorAction stop | Out-Null + Copy-Item -Path $WORKING_PATH"\bootmgr.efi" -Destination $File.FullName -Force -ErrorAction stop | Out-Null } } From addc93c14d62045116049cd694bfaa1e628a88cc Mon Sep 17 00:00:00 2001 From: "Steve DiAcetis (MSFT)" <52939067+SteveDiAcetis@users.noreply.github.com> Date: Fri, 5 May 2023 14:40:03 -0700 Subject: [PATCH 09/15] Update windows/deployment/update/media-dynamic-update.md Co-authored-by: Meghan Stewart <33289333+mestew@users.noreply.github.com> --- windows/deployment/update/media-dynamic-update.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md index fcc83b1ea0..b611f235f1 100644 --- a/windows/deployment/update/media-dynamic-update.md +++ b/windows/deployment/update/media-dynamic-update.md @@ -539,7 +539,7 @@ Move-Item -Path $WORKING_PATH"\install2.wim" -Destination $MEDIA_NEW_PATH"\sourc ### Update remaining media files -This part of the script updates the Setup files. It simply copies the individual files in the Setup Dynamic Update package to the new media. This step brings an updated Setup files as needed, along with the latest compatibility database, and replacement component manifests. This script also does a final replacement of setup.exe and boot manager files using the previously saved versions from WinPE. +This part of the script updates the Setup files. It simply copies the individual files in the Setup Dynamic Update package to the new media. This step brings in updated Setup files as needed, along with the latest compatibility database, and replacement component manifests. This script also does a final replacement of setup.exe and boot manager files using the previously saved versions from WinPE. ```powershell # From 52888f92d925ebe9152107b0d8d4875a9c33c77a Mon Sep 17 00:00:00 2001 From: "Steve DiAcetis (MSFT)" <52939067+SteveDiAcetis@users.noreply.github.com> Date: Fri, 5 May 2023 14:40:25 -0700 Subject: [PATCH 10/15] Update windows/deployment/update/media-dynamic-update.md Co-authored-by: Meghan Stewart <33289333+mestew@users.noreply.github.com> --- windows/deployment/update/media-dynamic-update.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md index b611f235f1..1fa2b50c6f 100644 --- a/windows/deployment/update/media-dynamic-update.md +++ b/windows/deployment/update/media-dynamic-update.md @@ -301,7 +301,7 @@ Move-Item -Path $WORKING_PATH"\winre2.wim" -Destination $WORKING_PATH"\winre.wim ### Update WinPE -This script is similar to the one that updates WinRE, but instead it mounts Boot.wim, applies the packages with the latest cumulative update last, and saves. It repeats this for all images inside of Boot.wim, typically two images. It starts by applying the servicing stack Dynamic Update. Since the script is customizing this media with Japanese, it installs the language pack from the WinPE folder on the language pack ISO. Additionally, add font support and text to speech (TTS) support. Since the script is adding a new language, it rebuilds lang.ini, used to identify languages installed in the image. For the second image, we'll save setup.exe for later use, to ensure this version matches the \sources\setup.exe version from the installation media. If these binaries are not identical, Windows Setup will fail during installation. We'll also save serviced boot manager files for later use in the script. Finally, it cleans and exports Boot.wim, and copies it back to the new media. +This script is similar to the one that updates WinRE, but instead it mounts Boot.wim, applies the packages with the latest cumulative update last, and saves. It repeats this for all images inside of Boot.wim, typically two images. It starts by applying the servicing stack Dynamic Update. Since the script is customizing this media with Japanese, it installs the language pack from the WinPE folder on the language pack ISO. Additionally, it adds font support and text to speech (TTS) support. Since the script is adding a new language, it rebuilds lang.ini, used to identify languages installed in the image. For the second image, we'll save setup.exe for later use, to ensure this version matches the \sources\setup.exe version from the installation media. If these binaries are not identical, Windows Setup will fail during installation. We'll also save the serviced boot manager files for later use in the script. Finally, the script cleans and exports Boot.wim, and copies it back to the new media. ```powershell # From becce49f2617608d16a276c0c351c7d5ffe94b18 Mon Sep 17 00:00:00 2001 From: yutoadachi <101614356+yut0adachi@users.noreply.github.com> Date: Tue, 9 May 2023 19:08:24 +0900 Subject: [PATCH 11/15] Update hello-hybrid-cloud-kerberos-trust-provision.md Some mistakes in this document. It needs to be corrected because it will cause confusion. --- .../hello-hybrid-cloud-kerberos-trust-provision.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust-provision.md index 1367cb8301..9cd071eac6 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust-provision.md @@ -67,7 +67,7 @@ To configure Windows Hello for Business using an account protection policy: 1. Under **Block Windows Hello for Business**, select **Disabled** and multiple policies become available. - These policies are optional to configure, but it's recommended to configure **Enable to use a Trusted Platform Module (TPM)** to **Yes**. - For more information about these policies, see [MDM policy settings for Windows Hello for Business](hello-manage-in-organization.md#mdm-policy-settings-for-windows-hello-for-business). -1. Under **Enable to certificate for on-premises resources**, select **Disabled** and multiple policies become available. +1. Under **Enable to certificate for on-premises resources**, select **Not configured** 1. Select **Next**. 1. Optionally, add **scope tags** and select **Next**. 1. Assign the policy to a security group that contains as members the devices or users that you want to configure > **Next**. @@ -138,7 +138,7 @@ You can configure Windows Hello for Business cloud Kerberos trust using a Group --- > [!IMPORTANT] -> If the **Use certificate for on-premises authentication** policy is enabled, certificate trust will take precedence over cloud Kerberos trust. Ensure that the machines that you want to enable cloud Kerberos trust have this policy **not configured** or **disabled**. +> If the **Use certificate for on-premises authentication** policy is enabled, certificate trust will take precedence over cloud Kerberos trust. Ensure that the machines that you want to enable cloud Kerberos trust have this policy **not configured**. ## Provision Windows Hello for Business From b4429a7875a53eb562c172b2212a4322bc843bb0 Mon Sep 17 00:00:00 2001 From: jsuther1974 Date: Tue, 9 May 2023 10:03:34 -0700 Subject: [PATCH 12/15] Added notes about ECC crypto --- .../event-tag-explanations.md | 60 +++++++++---------- .../operations/known-issues.md | 10 +++- .../select-types-of-rules-to-create.md | 11 ++-- 3 files changed, 44 insertions(+), 37 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md index 04be400ff9..cc7b86329f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md +++ b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md @@ -13,7 +13,7 @@ author: jsuther1974 ms.reviewer: jogeurte ms.author: vinpa manager: aaroncz -ms.date: 03/24/2023 +ms.date: 05/09/2023 ms.technology: itpro-security ms.topic: article --- @@ -62,35 +62,35 @@ Represents why verification failed, or if it succeeded. | VerificationError Value | Explanation | |---|----------| -| 0 | Successfully verified signature | -| 1 | File has an invalid hash | -| 2 | File contains shared writable sections | -| 3 | File isn't signed| -| 4 | Revoked signature | -| 5 | Expired signature | -| 6 | File is signed using a weak hashing algorithm, which doesn't meet the minimum policy | -| 7 | Invalid root certificate | -| 8 | Signature was unable to be validated; generic error | -| 9 | Signing time not trusted | -| 10 | The file must be signed using page hashes for this scenario | -| 11 | Page hash mismatch | -| 12 | Not valid for a PPL (Protected Process Light) | -| 13 | Not valid for a PP (Protected Process) | -| 14 | The signature is missing the required ARM processor EKU | -| 15 | Failed WHQL check | -| 16 | Default policy signing level not met | -| 17 | Custom policy signing level not met; returned when signature doesn't validate against an SBCP-defined set of certs | -| 18 | Custom signing level not met; returned if signature fails to match `CISigners` in UMCI | -| 19 | Binary is revoked based on its file hash | -| 20 | SHA1 cert hash's timestamp is missing or after valid cutoff as defined by Weak Crypto Policy | -| 21 | Failed to pass Windows Defender Application Control policy | -| 22 | Not Isolated User Mode (IUM)) signed; indicates an attempt to load a non-trustlet binary into a trustlet | -| 23 | Invalid image hash | -| 24 | Flight root not allowed; indicates trying to run flight-signed code on production OS | -| 25 | Anti-cheat policy violation | -| 26 | Explicitly denied by WADC policy | -| 27 | The signing chain appears to be tampered/invalid | -| 28 | Resource page hash mismatch | +| 0 | Successfully verified signature. | +| 1 | File has an invalid hash. | +| 2 | File contains shared writable sections. | +| 3 | File isn't signed. | +| 4 | Revoked signature. | +| 5 | Expired signature. | +| 6 | File is signed using a weak hashing algorithm, which doesn't meet the minimum policy. | +| 7 | Invalid root certificate. | +| 8 | Signature was unable to be validated; generic error. | +| 9 | Signing time not trusted. | +| 10 | The file must be signed using page hashes for this scenario. | +| 11 | Page hash mismatch. | +| 12 | Not valid for a PPL (Protected Process Light). | +| 13 | Not valid for a PP (Protected Process). | +| 14 | The signature is missing the required ARM processor EKU. | +| 15 | Failed WHQL check. | +| 16 | Default policy signing level not met. | +| 17 | Custom policy signing level not met; returned when signature doesn't validate against an SBCP-defined set of certs. | +| 18 | Custom signing level not met; returned if signature fails to match `CISigners` in UMCI. | +| 19 | Binary is revoked based on its file hash. | +| 20 | SHA1 cert hash's timestamp is missing or after valid cutoff as defined by Weak Crypto Policy. | +| 21 | Failed to pass Windows Defender Application Control policy. | +| 22 | Not Isolated User Mode (IUM)) signed; indicates an attempt to load a standard Windows binary into a virtualization-based security (VBS) trustlet. | +| 23 | Invalid image hash. This error can indicate file corruption or a problem with the file's signature. Signatures using elliptic curve cryptography (ECC), such as ECDSA, return this VerificationError. | +| 24 | Flight root not allowed; indicates trying to run flight-signed code on production OS. | +| 25 | Anti-cheat policy violation. | +| 26 | Explicitly denied by WADC policy. | +| 27 | The signing chain appears to be tampered/invalid. | +| 28 | Resource page hash mismatch. | ## Policy activation event Options diff --git a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md index 0aa63e99f8..a9c0d42e86 100644 --- a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md +++ b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md @@ -9,7 +9,7 @@ ms.reviewer: jogeurte ms.author: jogeurte ms.manager: jsuther manager: aaroncz -ms.date: 04/04/2023 +ms.date: 05/09/2023 ms.technology: itpro-security ms.topic: article ms.localizationpriority: medium @@ -51,7 +51,7 @@ When the WDAC engine evaluates files against the active set of policies on the d 1. Explicit deny rules - if any explicit deny rule exists for the file, it's blocked even if other rules are created to try to allow it. Deny rules can use any [rule level](/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create#windows-defender-application-control-file-rule-levels). Use the most specific rule level practical when creating deny rules to avoid blocking more than you intend. -2. Explicit allow rules - if any explicit allow rul exists for the file, it's allowed by the policy. +2. Explicit allow rules - if any explicit allow rule exists for the file, the file runs. 3. WDAC then checks for the [Managed Installer extended attribute (EA)](/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer) or the [Intelligent Security Graph (ISG) EA](/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph) on the file. If either EA exists and the policy enables the corresponding option, then the file is allowed. @@ -71,7 +71,11 @@ When Managed Installer and ISG are enabled, 3091 and 3092 events are logged when ### .NET native images may generate false positive block events -In some cases, the code integrity logs where Windows Defender Application Control errors and warnings are written include error events for native images generated for .NET assemblies. Typically, native image blocks are functionally benign as a blocked native image falls back to its corresponding assembly and .NET will regenerate the native image at its next scheduled maintenance window. +In some cases, the code integrity logs where Windows Defender Application Control errors and warnings are written include error events for native images generated for .NET assemblies. Typically, native image blocks are functionally benign as a blocked native image falls back to its corresponding assembly and .NET regenerates the native image at its next scheduled maintenance window. + +### Signatures using elliptical curve cryptography (ECC) aren't supported + +WDAC signer-based rules only work with RSA cryptography. ECC algorithms, such as ECDSA, aren't supported. If you try to allow files by signature based on ECC signatures, you'll see VerificationError = 23 on the corresponding 3089 signature information events. You can authorize the files instead by hash or file attribute rules, or using other signer rules if the file is also signed with signatures using RSA. ### MSI installers are treated as user writeable on Windows 10 when allowed by FilePath rule diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md index aa785afde2..ac8c1073a4 100644 --- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md @@ -13,7 +13,7 @@ author: jgeurten ms.reviewer: jsuther1974 ms.author: vinpa manager: aaroncz -ms.date: 04/05/2023 +ms.date: 05/09/2023 ms.technology: itpro-security ms.topic: article --- @@ -48,7 +48,7 @@ You can set several rule options within a WDAC policy. Table 1 describes each ru | **1 Enabled:Boot Menu Protection** | This option isn't currently supported. | No | | **2 Required:WHQL** | By default, kernel drivers that aren't Windows Hardware Quality Labs (WHQL) signed are allowed to run. Enabling this rule requires that every driver is WHQL signed and removes legacy driver support. Kernel drivers built for Windows 10 should be WHQL certified. | No | | **3 Enabled:Audit Mode (Default)** | Instructs WDAC to log information about applications, binaries, and scripts that would have been blocked, if the policy was enforced. You can use this option to identify the potential impact of your WDAC policy, and use the audit events to refine the policy before enforcement. To enforce a WDAC policy, delete this option. | No | -| **4 Disabled:Flight Signing** | If enabled, binaries from Windows Insider builds aren't trusted. This option is useful for organizations that only want to run released binaries, not pre-release Windows builds. | No | +| **4 Disabled:Flight Signing** | If enabled, binaries from Windows Insider builds aren't trusted. This option is useful for organizations that only want to run released binaries, not prerelease Windows builds. | No | | **5 Enabled:Inherit Default Policy** | This option is reserved for future use and currently has no effect. | Yes | | **6 Enabled:Unsigned System Integrity Policy (Default)** | Allows the policy to remain unsigned. When this option is removed, the policy must be signed and any supplemental policies must also be signed. The certificates that are trusted for future policy updates must be identified in the UpdatePolicySigners section. Certificates that are trusted for supplemental policies must be identified in the SupplementalPolicySigners section. | Yes | | **7 Allowed:Debug Policy Augmented** | This option isn't currently supported. | Yes | @@ -72,6 +72,9 @@ File rule levels allow administrators to specify the level at which they want to Each file rule level has advantages and disadvantages. Use Table 2 to select the appropriate protection level for your available administrative resources and WDAC deployment scenario. +> [!NOTE] +> WDAC signer-based rules only work with RSA cryptography. ECC algorithms, such as ECDSA, aren't supported. If you try to allow files by signature based on ECC signatures, you'll see VerificationError = 23 on the corresponding 3089 signature information events. Files can be allowed instead by hash or file attribute rules, or using other signer rules if the file is also signed with signatures using RSA. + ### Table 2. Windows Defender Application Control policy - file rule levels | Rule level | Description | @@ -82,7 +85,7 @@ Each file rule level has advantages and disadvantages. Use Table 2 to select the | **SignedVersion** | This level combines the publisher rule with a version number. It allows anything to run from the specified publisher with a version at or above the specified version number. | | **Publisher** | This level combines the PcaCertificate level (typically one certificate below the root) and the common name (CN) of the leaf certificate. You can use this rule level to trust a certificate issued by a particular CA and issued to a specific company you trust (such as Intel, for device drivers). | | **FilePublisher** | This level combines the "FileName" attribute of the signed file, plus "Publisher" (PCA certificate with CN of leaf), plus a minimum version number. This option trusts specific files from the specified publisher, with a version at or above the specified version number. | -| **LeafCertificate** | Adds trusted signers at the individual signing certificate level. The benefit of using this level versus the individual hash level is that new versions of the product will have different hash values but typically the same signing certificate. When this level is used, no policy update would be needed to run the new version of the application. However, leaf certificates typically have shorter validity periods than other certificate levels, so the WDAC policy must be updated whenever these certificates change. | +| **LeafCertificate** | Adds trusted signers at the individual signing certificate level. The benefit of using this level versus the individual hash level is that new versions of the product have different hash values but typically the same signing certificate. When this level is used, no policy update would be needed to run the new version of the application. However, leaf certificates typically have shorter validity periods than other certificate levels, so the WDAC policy must be updated whenever these certificates change. | | **PcaCertificate** | Adds the highest available certificate in the provided certificate chain to signers. This level is typically one certificate below the root because the scan doesn't resolve the complete certificate chain via the local root stores or with an online check. | | **RootCertificate** | Not supported. | | **WHQL** | Only trusts binaries that have been submitted to Microsoft and signed by the Windows Hardware Qualification Lab (WHQL). This level is primarily for kernel binaries. | @@ -175,7 +178,7 @@ The Authenticode/PE image hash can be calculated for digitally signed and unsign The PowerShell cmdlet produces an Authenticode Sha1 Hash, Sha256 Hash, Sha1 Page Hash, Sha256 Page Hash. During validation, WDAC selects which hashes are calculated based on how the file is signed and the scenario in which the file is used. For example, if the file is page-hash signed, WDAC validates each page of the file and avoids loading the entire file in memory to calculate the full sha256 authenticode hash. -In the cmdlets, rather than try to predict which hash will be used, we pre-calculate and use the four hashes (sha1/sha2 authenticode, and sha1/sha2 of first page). This method is also resilient to changes in how the file is signed since your WDAC policy has more than one hash available for the file already. +In the cmdlets, rather than try to predict which hash will be used, we precalculate and use the four hashes (sha1/sha2 authenticode, and sha1/sha2 of first page). This method is also resilient to changes in how the file is signed since your WDAC policy has more than one hash available for the file already. ### Why does scan create eight hash rules for certain XML files? From 36d691beadd33ab15610479b54fa38363f986fec Mon Sep 17 00:00:00 2001 From: Amy Zhou Date: Tue, 9 May 2023 13:15:08 -0700 Subject: [PATCH 13/15] mounting instructions and fixed overview --- windows/deployment/do/mcc-isp-create-provision-deploy.md | 3 +++ windows/deployment/do/mcc-isp-overview.md | 3 --- windows/deployment/do/waas-microsoft-connected-cache.md | 2 ++ 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/windows/deployment/do/mcc-isp-create-provision-deploy.md b/windows/deployment/do/mcc-isp-create-provision-deploy.md index 52602d6b5f..6c6b6a11f0 100644 --- a/windows/deployment/do/mcc-isp-create-provision-deploy.md +++ b/windows/deployment/do/mcc-isp-create-provision-deploy.md @@ -114,6 +114,9 @@ There are five IDs that the device provisioning script takes as input in order t #### Provision your server +> [!IMPORTANT] +> Have you correctly mounted your disk? Your MCC will not be successfully installed without this important step. Before provisioning your server, ensure your disk is correctly mounted by following the instructions here: [Attach a data disk to a Linux VM](/azure/virtual-machines/linux/attach-disk-portal#find-the-disk). + :::image type="content" source="images/mcc-isp-deploy-cache-node-numbered.png" alt-text="Screenshot of the server provisioning tab within cache node configuration in Azure portal."::: 1. After completing cache node provisioning, navigate to the **Server provisioning** tab. Select **Download provisioning package** to download the installation package to your server. diff --git a/windows/deployment/do/mcc-isp-overview.md b/windows/deployment/do/mcc-isp-overview.md index a1e7335919..a5bb6ef9df 100644 --- a/windows/deployment/do/mcc-isp-overview.md +++ b/windows/deployment/do/mcc-isp-overview.md @@ -38,6 +38,3 @@ Microsoft Connected Cache uses Delivery Optimization as the backbone for Microso - Xbox: Xbox Game Pass (PC only) For the full list of content endpoints that Microsoft Connected Cache for ISPs supports, see [Microsoft Connected Cache content and services endpoints](delivery-optimization-endpoints.md). - -## How it works - diff --git a/windows/deployment/do/waas-microsoft-connected-cache.md b/windows/deployment/do/waas-microsoft-connected-cache.md index b616087474..b65a32025e 100644 --- a/windows/deployment/do/waas-microsoft-connected-cache.md +++ b/windows/deployment/do/waas-microsoft-connected-cache.md @@ -42,6 +42,8 @@ Microsoft Connected Cache (MCC) for Internet Service Providers is currently in p Microsoft Connected Cache (MCC) for Enterprise and Education (early preview) is a software-only caching solution that delivers Microsoft content within Enterprise and Education networks. MCC can be deployed to as many Windows servers, bare-metal servers, or VMs as needed, and is managed from a cloud portal. Cache nodes are created in the cloud portal and are configured by applying the client policy using management tools such as Intune. Learn more at [Microsoft Connected Cache for Enterprise and Education Overview](mcc-ent-edu-overview.md). +Microsoft Connected Cache (MCC) for Enterprise and Education (early preview) is a standalone cache for customers moving towards modern management and away from Configuration Manager distribution points. For Microsoft Connected Cache in Configuration Manager (generally available starting Configuration Manager version 2111), see [Microsoft Connected Cache in Configuration Manager](/mem/configmgr/core/plan-design/hierarchy/microsoft-connected-cache) + ## Next steps - [Microsoft Connected Cache for ISPs Overview](mcc-isp-overview.md) From a2ec379662fa352b97d62357b5ff2676893c642a Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 9 May 2023 14:24:40 -0700 Subject: [PATCH 14/15] 7876532-links --- windows/deployment/update/WIP4Biz-intro.md | 2 +- windows/deployment/update/eval-infra-tools.md | 2 +- .../update/waas-servicing-channels-windows-10-updates.md | 6 +++--- windows/deployment/upgrade/windows-10-edition-upgrades.md | 1 - .../volume-activation/volume-activation-windows-10.md | 2 +- 5 files changed, 6 insertions(+), 7 deletions(-) diff --git a/windows/deployment/update/WIP4Biz-intro.md b/windows/deployment/update/WIP4Biz-intro.md index 15954efa93..ba129003a6 100644 --- a/windows/deployment/update/WIP4Biz-intro.md +++ b/windows/deployment/update/WIP4Biz-intro.md @@ -44,7 +44,7 @@ Windows 10 Insider Preview builds offer organizations a valuable and exciting op |Release channel |**Fast Ring:** Insider Preview builds in the Fast Ring are released approximately once a week and contain the very latest features. This makes them ideal for feature exploration.| |Users | Because Fast Ring builds are released so early in the development cycle, we recommend limiting feature exploration in your organization to IT administrators and developers running Insider Preview builds on secondary devices. | |Tasks | - Install and manage Insider Preview builds on devices (per device or centrally across multiple devices)
- Explore new features in Windows designed for organizations, including new features related to current and planned line of business applications
- Before running an Insider Preview build, check our [Windows Insider blog](https://blogs.windows.com/windowsexperience/tag/windows-insider-program/#k3WWwxKCTWHCO82H.97) for a summary of current features. | -|Feedback | - This helps us make adjustments to features as quickly as possible.
- Encourage users to sign into the Feedback Hub using their Azure Active Directory work accounts. This enables both you and Microsoft to track feedback submitted by users within your specific organization. (Note: This tracking is only visible to Microsoft and registered Insiders within your organization’s domain.)
- [Learn how to provide effective feedback in the Feedback Hub](https://insider.windows.com/how-to-feedback/) | +|Feedback | - This helps us make adjustments to features as quickly as possible.
- Encourage users to sign into the Feedback Hub using their Azure Active Directory work accounts. This enables both you and Microsoft to track feedback submitted by users within your specific organization. (Note: This tracking is only visible to Microsoft and registered Insiders within your organization’s domain.)
- [Learn how to provide effective feedback in the Feedback Hub](/windows-insider/feedback) | ## Validate Insider Preview builds Along with exploring new features, you also have the option to validate your apps and infrastructure on Insider Preview builds. Early validation has several benefits: diff --git a/windows/deployment/update/eval-infra-tools.md b/windows/deployment/update/eval-infra-tools.md index 14e8129982..4a20d28511 100644 --- a/windows/deployment/update/eval-infra-tools.md +++ b/windows/deployment/update/eval-infra-tools.md @@ -45,7 +45,7 @@ Keep security baselines current to help ensure that your environment is secure a There are a number of Windows policies (set by Group Policy, Intune, or other methods) that affect when Windows updates are installed, deferral, end-user experience, and many other aspects. Check these policies to make sure they are set appropriately. -- **Windows Administrative templates**: Each Windows client feature update has a supporting Administrative template (.admx) file. Group Policy tools use Administrative template files to populate policy settings in the user interface. The templates are available in the Download Center, for example, this one for [Windows 10, version 1909](https://www.microsoft.com/download/100591). +- **Windows Administrative templates**: Each Windows client feature update has a supporting Administrative template (.admx) file. Group Policy tools use Administrative template files to populate policy settings in the user interface. The templates are available in the Download Center, for example, this one for [Windows 11, version 22H2](https://www.microsoft.com/download/details.aspx?id=104593). - **Policies for update compliance and end-user experience**: A number of settings affect when a device installs updates, whether and for how long a user can defer an update, restart behavior after installation, and many other aspects of update behavior. It's especially important to look for existing policies that are out of date or could conflict with new ones. diff --git a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md index 1b6ef429f8..82f1a7f953 100644 --- a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md +++ b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md @@ -48,10 +48,10 @@ The General Availability Channel is the default servicing channel for all Window To get started with the Windows Insider Program for Business, follows these steps: -1. On the [Windows Insider](https://insider.windows.com) website, go to **For Business > Getting Started** to [register your organizational Azure AD account](https://insider.windows.com/insidersigninaad/). -2. **Register your domain**. Rather than have each user register individually for Insider Preview builds, administrators can [register their domain](https://insider.windows.com/for-business-organization-admin/) and control settings centrally.
**Note:** The signed-in user needs to be a **Global Administrator** of the Azure AD domain in order to be able to register the domain. +1. On the [Windows Insider](https://www.microsoft.com/windowsinsider/for-business) website, select **Register** to register your organizational Azure AD account. +2. Follow the prompts to register your tenant.
**Note:** The signed-in user needs to be a **Global Administrator** of the Azure AD domain in order to be able to register. 3. Make sure the **Allow Telemetry** setting is set to **2** or higher. -4. For Windows 10, version 1709 or later, set policies to manage preview builds and their delivery: +4. For Windows devices, set policies to manage preview builds and their delivery: The **Manage preview builds** setting gives administrators control over enabling or disabling preview build installation on a device. You can also decide to stop preview builds once the release is public. * Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Windows Update/Windows Update for Business** - *Manage preview builds* diff --git a/windows/deployment/upgrade/windows-10-edition-upgrades.md b/windows/deployment/upgrade/windows-10-edition-upgrades.md index ea38090b1d..c3c3acaa55 100644 --- a/windows/deployment/upgrade/windows-10-edition-upgrades.md +++ b/windows/deployment/upgrade/windows-10-edition-upgrades.md @@ -22,7 +22,6 @@ ms.date: 10/28/2022 With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported. For information on what edition of Windows 10 is right for you, see [Compare Windows 10 Editions](https://go.microsoft.com/fwlink/p/?LinkID=690882). For a comprehensive list of all possible upgrade paths to Windows 10, see [Windows 10 upgrade paths](windows-10-upgrade-paths.md). Downgrading the edition of Windows is discussed in the [License expiration](#license-expiration) section on this page. -For a list of operating systems that qualify for the Windows 10 Pro Upgrade or Windows 10 Enterprise Upgrade through Microsoft Volume Licensing, see [Windows 10 Qualifying Operating Systems](https://download.microsoft.com/download/2/d/1/2d14fe17-66c2-4d4c-af73-e122930b60f6/Windows10-QOS.pdf). The following table shows the methods and paths available to change the edition of Windows 10 that is running on your computer. diff --git a/windows/deployment/volume-activation/volume-activation-windows-10.md b/windows/deployment/volume-activation/volume-activation-windows-10.md index 29dfd02ddc..3c213a2a45 100644 --- a/windows/deployment/volume-activation/volume-activation-windows-10.md +++ b/windows/deployment/volume-activation/volume-activation-windows-10.md @@ -27,7 +27,7 @@ ms.technology: itpro-fundamentals > [!TIP] > Are you looking for volume licensing information? > -> - [Download the Volume Licensing Reference Guide for Windows 10 Desktop Operating System](https://go.microsoft.com/fwlink/p/?LinkId=620104) +> - [Download the Volume Licensing Reference Guide for Windows 10 Desktop Operating System](https://www.microsoft.com/download/details.aspx?id=11091) > [!TIP] > Are you looking for information on retail activation? From 1cf424c686bd845a19bf44f561bab75b7220a6fc Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 9 May 2023 15:01:55 -0700 Subject: [PATCH 15/15] edits --- windows/deployment/do/TOC.yml | 2 +- windows/deployment/do/mcc-ent-edu-overview.md | 14 ++++++-------- .../do/mcc-isp-create-provision-deploy.md | 14 +++++++++----- windows/deployment/do/mcc-isp-overview.md | 2 +- .../do/waas-microsoft-connected-cache.md | 2 +- windows/deployment/update/media-dynamic-update.md | 2 +- 6 files changed, 19 insertions(+), 17 deletions(-) diff --git a/windows/deployment/do/TOC.yml b/windows/deployment/do/TOC.yml index 41763a5c9a..4e9dc9cb0c 100644 --- a/windows/deployment/do/TOC.yml +++ b/windows/deployment/do/TOC.yml @@ -27,7 +27,7 @@ href: delivery-optimization-test.md - name: Microsoft Connected Cache items: - - name: What is Microsoft Connected Cache + - name: What is Microsoft Connected Cache? href: waas-microsoft-connected-cache.md - name: MCC for Enterprise and Education items: diff --git a/windows/deployment/do/mcc-ent-edu-overview.md b/windows/deployment/do/mcc-ent-edu-overview.md index ac1fd7ba34..5702d64fde 100644 --- a/windows/deployment/do/mcc-ent-edu-overview.md +++ b/windows/deployment/do/mcc-ent-edu-overview.md @@ -6,7 +6,7 @@ ms.prod: windows-client author: amymzhou ms.author: amyzhou ms.topic: article -ms.date: 12/31/2017 +ms.date: 05/09/2023 ms.technology: itpro-updates ms.collection: tier3 --- @@ -19,14 +19,12 @@ ms.collection: tier3 - Windows 11 > [!IMPORTANT] -> Microsoft Connected Cache is currently a preview feature. For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/). - -> [!NOTE] -> We're still accepting Enterprise and Education customers to join the early preview. To register your interest, fill out the survey located at [https://aka.ms/MSConnectedCacheSignup](https://aka.ms/MSConnectedCacheSignup). +> - Microsoft Connected Cache is currently a preview feature. For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/). +> - We're still accepting Enterprise and Education customers to join the early preview. To register your interest, fill out the survey located at [https://aka.ms/MSConnectedCacheSignup](https://aka.ms/MSConnectedCacheSignup). Microsoft Connected Cache (MCC) for Enterprise and Education (early preview) is a software-only caching solution that delivers Microsoft content within Enterprise and Education networks. MCC can be deployed to as many Windows servers, bare-metal servers, or VMs as needed, and is managed from a cloud portal. Cache nodes are created in the cloud portal and are configured by applying the client policy using management tools such as Intune. -Microsoft Connected Cache (MCC) for Enterprise and Education (early preview) is a standalone cache for customers moving towards modern management and away from Configuration Manager distribution points. For Microsoft Connected Cache in Configuration Manager (generally available starting Configuration Manager version 2111), see [Microsoft Connected Cache in Configuration Manager](/mem/configmgr/core/plan-design/hierarchy/microsoft-connected-cache). +Microsoft Connected Cache (MCC) for Enterprise and Education (early preview) is a standalone cache for customers moving towards modern management and away from Configuration Manager distribution points. For information about Microsoft Connected Cache in Configuration Manager (generally available, starting Configuration Manager version 2111), see [Microsoft Connected Cache in Configuration Manager](/mem/configmgr/core/plan-design/hierarchy/microsoft-connected-cache). ## Supported scenarios @@ -48,7 +46,7 @@ For the full list of content endpoints that Microsoft Connected Cache for Enterp ## How it works -MCC is a hybrid (mix of on-premises and cloud resources) SaaS solution built as an Azure IoT Edge module and Docker compatible Linux container deployed to your Windows devices. The Delivery Optimization team chose IoT Edge for Linux on Windows (EFLOW) as a secure, reliable container management infrastructure. EFLOW is a Linux virtual machine, based on Microsoft's first party CBL-Mariner operating system. It’s built with the IoT Edge runtime and validated as a tier 1 supported environment for IoT Edge workloads. MCC will be a Linux IoT Edge module running on the Windows Host OS. +MCC is a hybrid (mix of on-premises and cloud resources) SaaS solution built as an Azure IoT Edge module and Docker compatible Linux container deployed to your Windows devices. The Delivery Optimization team chose IoT Edge for Linux on Windows (EFLOW) as a secure, reliable container management infrastructure. EFLOW is a Linux virtual machine, based on Microsoft's first party CBL-Mariner operating system. It's built with the IoT Edge runtime and validated as a tier 1 supported environment for IoT Edge workloads. MCC is a Linux IoT Edge module running on the Windows Host OS. 1. The Azure Management Portal is used to create MCC nodes. 1. The MCC container is deployed and provisioned to the server using the installer provided in the portal. @@ -56,7 +54,7 @@ MCC is a hybrid (mix of on-premises and cloud resources) SaaS solution built as 1. Microsoft end-user devices make range requests for content from the MCC node. 1. The MCC node pulls content from the CDN, seeds its local cache stored on disk, and delivers the content to the client. 1. Subsequent requests from end-user devices for content will now come from cache. -1. If the MCC node is unavailable, the client will pull content from CDN to ensure uninterrupted service for your subscribers. +1. If the MCC node is unavailable, the client pulls content from CDN to ensure uninterrupted service for your subscribers. The following diagram displays an overview of how MCC functions: diff --git a/windows/deployment/do/mcc-isp-create-provision-deploy.md b/windows/deployment/do/mcc-isp-create-provision-deploy.md index 6c6b6a11f0..d7bf5ee7a4 100644 --- a/windows/deployment/do/mcc-isp-create-provision-deploy.md +++ b/windows/deployment/do/mcc-isp-create-provision-deploy.md @@ -6,7 +6,7 @@ ms.prod: windows-client author: nidos ms.author: nidos ms.topic: article -ms.date: 12/31/2017 +ms.date: 05/09/2023 ms.technology: itpro-updates ms.collection: tier3 --- @@ -18,7 +18,7 @@ ms.collection: tier3 - Windows 10 - Windows 11 -This article outlines how to create, provision, and deploy your Microsoft Connected Cache nodes. The creation and provisioning of your cache node takes place in Azure portal. The deployment of your cache node will require downloading an installer script that will be run on your cache server. +This article outlines how to create, provision, and deploy your Microsoft Connected Cache nodes. The creation and provisioning of your cache node takes place in Azure portal. The deployment of your cache node requires downloading an installer script that will be run on your cache server. > [!IMPORTANT] > Before you can create your Microsoft Connected Cache, you will need to complete the [sign up process](mcc-isp-signup.md). You cannot proceed without signing up for our service. @@ -37,7 +37,7 @@ During the configuration of your cache node, there are many fields for you to co ### Client routing -Before serving traffic to your customers, client routing configuration is needed. During the configuration of your cache node in Azure portal, you'll be able to route your clients to your cache node. +Before serving traffic to your customers, client routing configuration is needed. During the configuration of your cache node in Azure portal, you're able to route your clients to your cache node. Microsoft Connected Cache offers two ways for you to route your clients to your cache node. The first method of manual entry involves uploading a comma-separated list of CIDR blocks that represents the clients. The second method of setting BGP (Border Gateway Protocol) is more automatic and dynamic, which is set up by establishing neighborships with other ASNs. All routing methods are set up within Azure portal. @@ -53,7 +53,11 @@ You can manually upload a list of your CIDR blocks in Azure portal to enable man BGP (Border Gateway Protocol) routing is another method offered for client routing. BGP dynamically retrieves CIDR ranges by exchanging information with routers to understand reachable networks. For an automatic method of routing traffic, you can choose to configure BGP routing in Azure portal. -Microsoft Connected Cache includes Bird BGP which enables the cache node to 1) establish iBGP peering sessions with routers, route servers, or route collectors within operator networks and 2) act as a route collector. The operator will start the iBGP peering session from the Microsoft Connected Cache side using the Azure management portal and then start the session with the Microsoft Connected Cache node from the router. +Microsoft Connected Cache includes Bird BGP, which enables the cache node to: + - Establish iBGP peering sessions with routers, route servers, or route collectors within operator networks + - Act as a route collector + +The operator starts the iBGP peering session from the Microsoft Connected Cache side using the Azure management portal and then starts the session with the Microsoft Connected Cache node from the router. In the example configuration below: - The operator ASN is 65100 @@ -64,7 +68,7 @@ In the example configuration below: :::image type="content" source="images/mcc-isp-bgp-diagram.png" alt-text="A diagram that shows the relationship between the cache node and other ASNs/routers when using BGP. BGP routing allows the cache node to route to other network providers with different ASNs." lightbox="./images/mcc-isp-provision-cache-node-numbered.png"::: -To set up and enable BGP routing for your cache node, follow these steps below: +To set up and enable BGP routing for your cache node, follow the steps below: 1. Navigate to **Settings** > **Cache nodes**. Select the cache node you wish to provision. diff --git a/windows/deployment/do/mcc-isp-overview.md b/windows/deployment/do/mcc-isp-overview.md index a5bb6ef9df..9ef0352aab 100644 --- a/windows/deployment/do/mcc-isp-overview.md +++ b/windows/deployment/do/mcc-isp-overview.md @@ -6,7 +6,7 @@ ms.prod: windows-client author: amymzhou ms.author: amyzhou ms.topic: article -ms.date: 12/31/2017 +ms.date: 05/09/2023 ms.technology: itpro-updates ms.collection: tier3 --- diff --git a/windows/deployment/do/waas-microsoft-connected-cache.md b/windows/deployment/do/waas-microsoft-connected-cache.md index b65a32025e..7b4290c2a6 100644 --- a/windows/deployment/do/waas-microsoft-connected-cache.md +++ b/windows/deployment/do/waas-microsoft-connected-cache.md @@ -8,7 +8,7 @@ ms.localizationpriority: medium ms.author: carmenf ms.topic: article ms.technology: itpro-updates -ms.date: 12/31/2017 +ms.date: 05/09/2023 ms.collection: tier3 --- diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md index 135a23932a..bd19b56970 100644 --- a/windows/deployment/update/media-dynamic-update.md +++ b/windows/deployment/update/media-dynamic-update.md @@ -8,7 +8,7 @@ ms.author: mstewart manager: aaroncz ms.topic: article ms.technology: itpro-updates -ms.date: 12/31/2017 +ms.date: 05/09/2023 ms.reviewer: stevedia ---