Merge branch 'release-sqlseattle' of https://github.com/MicrosoftDocs/sql-docs-pr into 20180830-Kubernetes

Author: MikeRayMSFT

docs/advanced-analytics/install/sql-machine-learning-services-ver15.md

@@ -12,49 +12,46 @@ monikerRange: ">=sql-server-ver15||=sqlallproducts-allversions"
 # Differences in SQL Server Machine Learning Services installation in SQL Server 2019  
 [!INCLUDE[appliesto-ss-xxxx-xxxx-xxx-md-winonly](../../includes/appliesto-ss-xxxx-xxxx-xxx-md-winonly.md)]
 
-On Windows, SQL Server 2019 Setup changes the isolation mechanism for external processes running Java, R, or Python tasks by replacing local worker accounts with [AppContainers](https://docs.microsoft.com/windows/desktop/secauthz/appcontainer-for-legacy-applications-). AppContainers are a containment feature for client apps running on Windows. If you are adding programming extensions or machine learning to a database engine instance, this article explains how Setup provisions the server to contain those processes. 
+On Windows, SQL Server 2019 Setup changes the isolation mechanism for external processes. This change replaces local worker accounts with [AppContainers](https://docs.microsoft.com/windows/desktop/secauthz/appcontainer-isolation), an isolation technology for client applications running on Windows. 
 
-Although process isolation has changed, the mechanics of installation remain the same. If you installed the previous version, you'll notice that the Installation wizard and command-line parameters are unchanged in SQL Server 2019. For help with installation, see [Install SQL Server Machine Learning Services](sql-machine-learning-services-windows-install.md).
+There are no specific action items for the administrator as a result of the modification. On a new or upgraded server, all external scripts and code executed from [sp_execute_external_script](../../relational-databases/system-stored-procedures/sp-execute-external-script-transact-sql.md) follow the new isolation model automatically. This applies to R, Python, and the new Java language extension introduced in SQL Server 2019.
 
-There are no specific action items for the administrator as a result of this change.
+Summarized, the main differences in this release are:
 
-+ On a new or upgraded server, extensions for R, Python, and Java use the new isolation model automatically. 
-+ **SQLRUserGroup** continues to be used in Access Control Lists (ACLs). 
-+ **SQL Server Launchpad service** continues in its role of starting up external processes, but is now also running those processes in individual AppContainers, one per process. 
++ Local user accounts under **SQL Restricted User Group (SQLRUserGroup)** are no longer created or used to run external processes. AppContainers replace them.
++ **SQLRUserGroup** membership has changed. Instead of multiple local user accounts, membership consists of just the SQL Server Launchpad service account. R, Python, and Java processes now execute under the Launchpad service identity, isolated through AppContainers.
+
+Although the isolation model has changed, the Installation wizard and command line parameters remain the same in SQL Server 2019. For help with installation, see [Install SQL Server Machine Learning Services](sql-machine-learning-services-windows-install.md).
 
 ## About AppContainer isolation
 
-In previous releases, **SQLRUserGroup** contained a pool of local Windows user accounts (MSSQLSERVER00-MSSQLSERVER20) for isolating and running external processes. When an external process was needed, SQL Server Launchpad service would take an available account and use it to run a process. 
+In previous releases, **SQLRUserGroup** contained a pool of local Windows user accounts (MSSQLSERVER00-MSSQLSERVER20) used for isolating and running external processes. When an external process was needed, SQL Server Launchpad service would take an available account and use it to run a process. 
 
-In SQL Server 2019, Setup no longer creates worker accounts. Instead, isolation is achieved through [AppContainers](https://docs.microsoft.com/windows/desktop/secauthz/appcontainer-isolation), which do a better job of restricting access to resources without the overhead of account management. At run time, when embedded script or code is detected in a stored procedure or query, Launchpad instantiates an AppContainer to contain the external process, but the process runs under the Launchpad service identity.
+In SQL Server 2019, Setup no longer creates local worker accounts. Instead, isolation is achieved through [AppContainers](https://docs.microsoft.com/windows/desktop/secauthz/appcontainer-isolation). At run time, when embedded script or code is detected in a stored procedure or query, SQL Server calls Launchpad with a request for an extension-specific launcher. Launchpad invokes the appropriate runtime environment in a process under its identity, and instantiates an AppContainer to contain it. This change is beneficial because local account and password management is no longer required. Also, on networks where local user accounts are prohibited, elimination of the local user account dependency means this feature can now qualify for installation.
 
 As implemented by SQL Server, AppContainers are an internal mechanism. While you won't see physical evidence of AppContainers in Process Monitor, you can find them in outbound firewall rules created by Setup to prevent processes from making network calls.
 
-In SQL Server 2019, the only member of **SQLRUserGroup** is the SQL Server Launchpad service account. As with previous releases, the **SQL Restricted User Group (SQLRUserGroup)** continues to provide read and execute permissions on executables in the SQL Server **Binn**, **R_SERVICES**, and **PYTHON_SERVICES** directories. 
+## Firewall rules created by Setup
 
-> [!NOTE]
-> On SQL Server, stored procedures and T-SQL queries execute as a database user, but that user's security token is not used on new processes. Instead, embedded script or code executes under a different identity. In previous releases, the process identity was a worker account. In SQL Server 2019, the process identity is the Launchpad service account, with isolation provided by AppContainers.
+By default, SQL Server disables outbound connections by creating firewall rules. In the past, these rules were based on local user accounts, where Setup created one outbound rule for **SQLRUserGroup** that denied network access to its members (each worker account was listed as a local principle subject to the rule_. 
 
-Summarized, the main differences with AppContainer isolation are:
+As part of the move to AppContainers, there are new firewall rules based on AppContainer SIDs: one for each of the 20 AppContainers created by SQL Server Setup. Naming conventions for the firewall rule name are **Block network access for AppContainer-00 in SQL Server instance MSSQLSERVER**, where 00 is the number of the AppContainer (00-20 by default), and MSSQLSERVER is the name of the SQL Server instance. 
 
-+ Physical accounts worker accounts under **SQLRUserGroup** are no longer created. This is beneficial for machines with policies that disable local users from logging on, and with passwords that expire. 
-+ **SQLRUserGroup** continues to be granted 'read and execute' permissions to the SQL Server **Binn**, **R_SERVICES**, and **PYTHON_SERVICES** directories, but membership now consists of just the SQL Server Launchpad service.
-+ All external scripts and code executed from [sp_execute_external_script](../../relational-databases/system-stored-procedures/sp-execute-external-script-transact-sql.md) follow the new security model. This applies to R, Python, and the new Java language extension introduced in SQL Server 2019.
+> [!Note]
+> If network calls are required, you can disable the outbound rules in Windows Firewall.
 
-As before, additional configuration is still required for *implied authentication*, where script or code has to connect back to SQL Server to retrieve data or resources. The additional configuration is creating a database login for **SQLRUserGroup**. For more information, see [Add SQLRUserGroup as a database user](../r/add-sqlrusergroup-to-database.md)
+## Program file permissions
 
-> [!NOTE]
-> Wehn code or script passes connection instructions, such as an ODBC connection string, back to SQL Server, the server refuses the request from Launchpad service by default. This occurs because there is no login created for Launchpad or the parent **SQLRUserGroup**. If you require an impersonation token for an identity other than the original caller, a database login for **SQLRUserGroup** is required.
+As with previous releases, the **SQLRUserGroup** continues to provide read and execute permissions on executables in the SQL Server **Binn**, **R_SERVICES**, and **PYTHON_SERVICES** directories. In this release, the only member of **SQLRUserGroup** is the SQL Server Launchpad service account.  When Launchpad service starts an R, Python, or Java execution environment, the process runs as LaunchPad service.
 
-## Firewall rules created by Setup
+## Implied authentication
 
-In previous releases, Setup created one outbound rule for **SQLRUserGroup** that denied network access to its members, with each worker account listed as a local principle subject to the rule.
+As before, additional configuration is still required for *implied authentication* in cases where script or code has to connect back to SQL Server using trusted authentication to retrieve data or resources. The additional configuration involves creating a database login for **SQLRUserGroup**, whose sole member is now the single SQL Server Launchpad service account instead of multiple worker accounts. For more information about this task, see [Add SQLRUserGroup as a database user](../r/add-sqlrusergroup-to-database.md).
 
-In SQL Server 2019, SQL Server Setup creates individual firewall rules for each AppContainer (20 by default). Naming conventions for the firewall rule name are **Block network access for AppContainer-00 in SQL Server instance MSSQLSERVER**, where 00 is the number of the AppContainer (00-20 by default), and MSSQLSERVER is the name of the SQL Server instance. 
 
 ## Symbolic link created by Setup
 
-A symbolic link is created to the current default **R_SERVICES location** as part of SQL Server Setup. To avoid creating this link, grant 'all application packages' read permission to the hierarchy leading up to the **R_SERVICES** folder.
+A symbolic link is created to the current default **R_SERVICES location** as part of SQL Server Setup. If you don't want to create this link, an alternative is to grant 'all application packages' read permission to the hierarchy leading up to the **R_SERVICES** folder.
 
 
 ## See also

docs/advanced-analytics/what-s-new-in-sql-server-machine-learning-services.md

@@ -14,18 +14,18 @@ monikerRange: ">=sql-server-2016||=sqlallproducts-allversions"
 # What's new in SQL Server Machine Learning Services 
 [!INCLUDE[appliesto-ss-xxxx-xxxx-xxx-md-winonly](../includes/appliesto-ss-xxxx-xxxx-xxx-md-winonly.md)]
 
-Machine learning capabilities are added to SQL Server in each release as we continue to expand, extend, and deepen the integration between the data platform and the data science, analytics, and supervised learning you want to implement over your data. 
+Machine learning capabilities are added to SQL Server in each release as we continue to expand, extend, and deepen the integration between the data platform, advanced analytics, and data science. 
 
 ::: moniker range=">=sql-server-ver15||=sqlallproducts-allversions"
 ## New in SQL Server 2019 preview
 
-This release adds the top-requested features for R and Python machine learning operations in SQL Server. For more information about other features in this release, see [What's New in SQL Server 2019](../sql-server/what-s-new-in-sql-server-ver15.md) and [Release Notes for SQL Server 2019](../sql-server/sql-server-ver15-release-notes.md).
+This release adds the top-requested features for R and Python machine learning operations in SQL Server. For more information about all of the features in this release, see [What's New in SQL Server 2019](../sql-server/what-s-new-in-sql-server-ver15.md) and [Release Notes for SQL Server 2019](../sql-server/sql-server-ver15-release-notes.md).
 
-| Release | Date | Feature update |
-|---------|------|----------------|
-| CTP 2.0 | September 2018 | Linux platform support for SQL Server 2019 Machine Learning Services (In-Database). <br/><br/>For instructions on Linux installation, see [Install SQL Server Machine Learning Services on Linux](../linux/sql-server-linux-setup-machine-learning.md). |
-| CTP 2.0 | September 2018 | Partition-based modeling. By setting new parameters on the [sp_execute_external_script](https://docs.microsoft.com/sql/relational-databases/system-stored-procedures/sp-execute-external-script-transact-sql) system stored procedure, you can specify a column in the data set that naturally segments data into partitions (some examples are geographic regions, dates, age or gender, categories). At execution time, individual models are generated for each partition, with external script executing once for every partition. <br/><br/>Learn more in this tutorial, [Create partition-based models in R](tutorials/r-tutorial-create-models-per-partition.md). |
-| CTP 2.0 | September 2018 | Failover cluster support. You can install SQL Server 2019 Machine Learning Services (In-Database) on a Windows failover cluster to meet your SLA requirements if your primary server fails over. Acceptance of the licensing agreements for R and Python distributions is a Setup requirement. <br/><br/> ![](install/media/sql-15-failoverclusterinstall-sqlmls-small.png)|
+| Release | Feature update |
+|---------|----------------|
+| CTP 2.0 | Linux platform support for R and Python machine learning, plus the new Java extension. For help getting started, see [Install SQL Server Machine Learning Services on Linux](../linux/sql-server-linux-setup-machine-learning.md). |
+| CTP 2.0 | The [sp_execute_external_script](https://docs.microsoft.com/sql/relational-databases/system-stored-procedures/sp-execute-external-script-transact-sql) includes two new parameters that enable you to easily generate multiple models from partitioned data. Learn more in this tutorial, [Create partition-based models in R](tutorials/r-tutorial-create-models-per-partition.md). |
+| CTP 2.0 | Failover cluster support is now suported on Windows. You can install SQL Server 2019 Machine Learning Services (In-Database) on a failover cluster to meet your SLA requirements for this feature. For more information, see [SQL Server failover cluster installation](../sql-server/failover-clusters/install/sql-server-failover-cluster-installation.md). |
 ::: moniker-end
 
 ::: moniker range=">=sql-server-2017||=sqlallproducts-allversions"
@@ -92,15 +92,15 @@ For feature announcements all-up, see [What's New in SQL Server 2016](../sql-ser
 
 ## Linux support roadmap
 
-SQL Server 2019 CTP 2.0 adds Linux support for **R only** in-database analytics when you install the machine learning packages with a database engine instance. Python support is forthcoming but there is no projected date at this time. For more information, see [Install SQL Server Machine Learning Services on Linux](../linux/sql-server-linux-setup-machine-learning.md).
+SQL Server 2019 CTP 2.0 adds Linux support for R, Python, and Java when you install the machine learning packages with a database engine instance. For more information, see [Install SQL Server Machine Learning Services on Linux](../linux/sql-server-linux-setup-machine-learning.md).
 
-On SQL Server 2017, there is no R or Python in-database support in SQL Server 2017 on Linux, with the exception of [native scoring](sql-native-scoring.md) using the T-SQL PREDICT function. Native scoring lets you score from a pretrained model very fast, without calling or even requiring an R runtime. This means you can use SQL Server on Linux to generate predictions very fast, to serve client applications.
+On Linux, SQL Server 2017 does not have R or Python integration, but you can use [Native scoring](sql-native-scoring.md) on Linux because that functionality is available through T-SQL [PREDICT](), which runs on Linux. Native scoring enables high-performance scoring from a pretrained model, without calling or even requiring an R runtime.
 
 <a name="azure-sql-database-roadmap"></a>
 
 ## Azure SQL Database roadmap
 
-There is limited support for R in Azure SQL Database: available only in West Central US, in services created at the Premium tier. Expanded coverage, including Python support, is likely to follow in a future release. However, there is no projected release date at this time.  
+There is currently no support for Machine Learning Services (R and Python) in Azure SQL Database. Support is on the roadmap but there is no projected release date at this time.  
 
 ## Next steps
 

docs/big-data-cluster/big-data-cluster-overview.md

@@ -11,11 +11,11 @@ ms.prod: sql
 
 # What is SQL Server 2019 Big Data Clusters?
 
-Staring with [!INCLUDE[SQL Server 2019](../includes/sssqlv15-md.md)], SQL Big Data Clusters allows you to deploy scalable clusters of SQL Server containers on Kubernetes. These containers are then used to read, write, and process big data from Transact-SQL, allowing you to easily combine your high-value relational data with high-volume big data within the same query.
+Staring with [!INCLUDE[SQL Server 2019](../includes/sssqlv15-md.md)], SQL Big Data Clusters allows you to deploy scalable clusters of SQL Server containers on Kubernetes. These containers are then used to read, write, and process big data from Transact-SQL, allowing you to easily combine and analyze your high-value relational data with high-volume big data.
 
-## Big data scenarios
+## Scenarios
 
-SQL Server Big Data Clusters enable the following scenarios:
+SQL Big Data Clusters provides flexibility in how you interact with your big data. You can query external data sources, store big data in HDFS managed by SQL Server, or pull data from multiple data sources into the cluster. You can then use the data for AI, Machine Learning, and other analysis tasks. The following sections provide more information about these scenarios.
 
 ### Data virtualization
 
@@ -45,7 +45,7 @@ SQL Big Data Clusters enable AI and machine learning tasks on the data stored in
 
 Management and monitoring are provided through a combination of open-source components, SQL Server tools, and Dynamic Management Views.
 
-The cluster Admin portal is a web interface that displays the status and health of the pods in the cluster. It also provides links to other dashboards provided by Kubernetes, Grafana, or Kibana.
+The cluster Admin portal is a web interface that displays the status and health of the pods in the cluster. It also provides links to other dashboards provided by Grafana and Kibana.
 
 You can use Azure Data Studio to perform a variety of tasks on the Big Data Cluster. This is enabled by a new Scale-out Data Management extension. This extension provides:
 
@@ -68,7 +68,7 @@ The control plane provides management and [security](concept-security.md) for th
 
 ### Compute plane
 
-The compute plane provides computational resources to the cluster. It contains nodes running SQL Server on Linux pods. The pods in the compute plane are divided into [compute pools](concept-compute-pool.md) for specific processing tasks. A compute pool can act as a [PolyBase](../relational-databases/polybase) scale-out group for distributed queries over different data sources—such as Oracle, MongoDB, or Teradata. It can also be configured to cache data returned from external queries.
+The compute plane provides computational resources to the cluster. It contains nodes running SQL Server on Linux pods. The pods in the compute plane are divided into [compute pools](concept-compute-pool.md) for specific processing tasks. A compute pool can act as a [PolyBase](../relational-databases/polybase/polybase-guide.md) scale-out group for distributed queries over different data sources—such as Oracle, MongoDB, or Teradata.
 
 ### Data plane