chore: update 'pick a product' and 'datastores'. remove 'expedited support' (#433)

Author: miparnisari

pages/authzed/concepts/expedited-support.mdx

@@ -2,7 +2,7 @@ import YouTube from "react-youtube";
 
 # Workload Isolation
 
-Workload Isolation is functionality exclusive to AuthZed products that guarantees exclusive access to hardware to guarantee performance.
+Workload Isolation is functionality exclusive to AuthZed products by which we give your SpiceDB deployments access to hardware that is only used by you, to guarantee performance and prevent "noisy neighbor" problems.
 
 ## Control Plane
 

pages/authzed/concepts/workload-isolation.mdx

@@ -2,28 +2,27 @@ import { Callout } from "nextra/components";
 
 # Picking the right AuthZed Product
 
-For those that want to consume SpiceDB without the overhead of operating the service, AuthZed offers managed SpiceDB services and support.
+AuthZed offers both self-hosted and managed SpiceDB services and support.
 
-When evaluating AuthZed's products, there are a few different requirements that can dramatically influence your decision.
-This document is designed to give a high-level overview so that you can effectively evaluate those relevant to your specific use case.
+This document is designed to give a high-level overview of the features supported in each so that you can decide which option is better for your use case.
 
 ## Feature Matrix
 
-The following table maps functional requirements to their respective products:
-
-| Requirements                 | [Open Source] | [Cloud] | [Dedicated] | [Enterprise] |
+| Feature                      | [Open Source] | [Cloud] | [Dedicated] | [Enterprise] |
 | ---------------------------- | :-----------: | :-----: | :---------: | :----------: |
+| Self-Hosted                  |      ✅       |   ❌    |     ❌      |      ✅      |
+| No-commit pricing            |      ✅       |   ✅    |     ❌      |      ❌      |
 | [Materialize (Early Access)] |      ❌       |   ✅    |     ✅      |      ❌      |
 | [Management Dashboard]       |      ❌       |   ✅    |     ✅      |      ❌      |
-| No-commit pricing            |      ✅       |   ✅    |     ❌      |      ❌      |
 | [Private Networking]         |      DIY      |   ❌    |     ✅      |     DIY      |
 | [Workload Isolation]         |      DIY      |   ✅    |     ✅      |     DIY      |
-| Self-Hosted                  |      ✅       |   ❌    |     ❌      |      ✅      |
 | [Automated Updates]          |      DIY      |   ✅    |     ✅      |     DIY      |
 | [SOC2 Compliance]            |      DIY      |   ✅    |     ✅      |     DIY      |
 | [Audit Logging]              |      ❌       |   ✅    |     ✅      |      ✅      |
-| [Multi-Region]               |      DIY      |   ❌    |     ✅      |     DIY      |
+| [Multi-Region Deployments]   |      DIY      |   ❌    |     ✅      |     DIY      |
 | [Security Embargo]           |      ❌       |   ✅    |     ✅      |      ✅      |
+| [Restricted API Access]      |      DIY      |   ✅    |     ✅      |      ✅      |
+| [Expedited Support]          |      ❌       |   ✅    |     ✅      |      ✅      |
 
 [Cloud]: #cloud
 [Dedicated]: #dedicated
@@ -33,9 +32,13 @@ The following table maps functional requirements to their respective products:
 [Audit Logging]: ../concepts/audit-logging
 [Automated Updates]: ../concepts/update-channels
 [Management Dashboard]: ../concepts/management-dashboard
-[Multi-Region]: ../concepts/multi-region
+[Multi-Region Deployments]: ../concepts/multi-region
 [SOC2 Compliance]: https://security.authzed.com
 [Security Embargo]: ../concepts/security-embargo
+[Expedited Support]: https://authzed.com/pricing#support-packages
+[Private Networking]: ../concepts/private-networking
+[Workload Isolation]: ../concepts/workload-isolation
+[Restricted API Access]: ../concepts/restricted-api-access
 
 ## Product Overviews
 
@@ -55,9 +58,7 @@ Functionality includes:
 
 - Creating organizations, teams, and delegating access with your SSO provider
 - Commitment-free, usage-based monthly pricing
-- Workload Isolation vastly improving performance & latency
-- Deployments in more regions, including Europe
-- Full SpiceDB API access: Watch API, HTTP API
+- Possibility of creating your permission system in more regions, including Europe
 - Enterprise features like Audit Logs, Restricted API Access
 
 AuthZed Cloud is built on the same foundation that's serving critical production workloads in AuthZed Dedicated.
@@ -66,33 +67,10 @@ AuthZed Cloud is built on the same foundation that's serving critical production
 
 Dedicated is a managed service that offers fully private deployments of our cloud platform in your cloud provider and regions of choice.
 
-Dedicated features highlights include:
-
-- Our most popular product
-- [Materialize (Early Access)]
-- [Workload Isolation]
-- [Private Networking]
-- [Multi-Region Deployments]
-- [SOC2 compliance]
-- [Security Embargo]
-- [Restricted API Access]
-- [Audit Logging]
-- [Update Channels]
-- [Expedited Support]
-
 Dedicated is sold and renewed on an annual basis.
 
 You can [schedule a call] to learn more.
 
-[Materialize (Early Access)]: ../concepts/authzed-materialize
-[Multi-Region Deployments]: ../concepts/multi-region
-[Private Networking]: ../concepts/private-networking
-[Workload Isolation]: ../concepts/workload-isolation
-[SOC2 compliance]: https://security.authzed.com
-[Update Channels]: ../concepts/update-channels
-[Security Embargo]: ../concepts/security-embargo
-[Restricted API Access]: ../concepts/restricted-api-access
-[Expedited Support]: ../concepts/expedited-support
 [schedule a call]: https://authzed.com/call?utm_source=docs
 
 ### Enterprise

pages/authzed/guides/picking-a-product.mdx

@@ -2,27 +2,28 @@ import { Callout } from "nextra/components";
 
 # Datastores
 
-In order to reduce operational complexity, SpiceDB leverages existing, popular systems for persisting data.
+SpiceDB uses existing, popular database systems for persisting data.
 
 AuthZed has standardized our managed services on CockroachDB, but we give self-hosted customers the option to pick the datastore that best suits their operational requirements.
 
-- [CockroachDB](#cockroachdb) - Recommended for self hosted deployments with high throughput and/or multi-region requirements
+- [CockroachDB](#cockroachdb) - Recommended for self-hosted deployments with high throughput and/or multi-region requirements
 - [Cloud Spanner](#cloud-spanner) - Recommended for self-hosted Google Cloud deployments
 - [PostgreSQL](#postgresql) - Recommended for self-hosted single-region deployments
 - [MySQL](#mysql) - Not recommended; only use if you cannot use PostgreSQL
 - [memdb](#memdb) - Recommended for local development and integration testing against applications
 
-## CockroachDB
-
-### Usage Notes
-
 <Callout type="warning">
-  SpiceDB's Watch API requires CockroachDB's [Experimental Changefeed] to be enabled.
+    If the database you want to run SpiceDB on isn't listed above, please file an issue (or search for existing ones) in our [GitHub repository]
+    so that we can gauge interest and guide development.
 
-[Experimental Changefeed]: https://www.cockroachlabs.com/docs/v22.1/changefeed-for
+    [GitHub repository]: https://github.com/authzed/spicedb
 
 </Callout>
 
+## CockroachDB
+
+### Usage Notes
+
 - Recommended for multi-region deployments, with configurable region awareness
 - Enables horizontal scalability by adding more SpiceDB and CockroachDB instances
 - Resiliency to individual CockroachDB instance failures
@@ -81,11 +82,12 @@ AuthZed has standardized our managed services on CockroachDB, but we give self-h
 
 #### Overlap Strategy
 
-In distributed systems, you can trade-off consistency for performance.
+In distributed systems, you can trade-off [consistency] for performance.
 
 CockroachDB datastore users that are willing to rely on more subtle guarantees to mitigate the [New Enemy Problem] can configure `--datastore-tx-overlap-strategy`.
 
 [New Enemy Problem]: /spicedb/concepts/zanzibar#new-enemy-problem
+[consistency]: /spicedb/concepts/consistency
 
 The available strategies are:
 
@@ -122,20 +124,17 @@ ALTER ZONE default CONFIGURE ZONE USING gc.ttlseconds = 90000;
 
 #### Relationship Integrity
 
-Relationship Integrity is a new experimental feature in SpiceDB that ensures that data written into the supported backing datastores (currently: only CockroachDB) is validated as having been written by SpiceDB itself.
+Relationship Integrity is a feature in SpiceDB that ensures that data written into the supported backing datastores (currently: only CockroachDB) is validated as either having been written by SpiceDB itself, or that the caller has access to the key(s) necessary to write those relationships.
 
-- **What does relationship integrity ensure?**
-  Relationship integrity primarily ensures that all relationships written into the backing datastore were written via a trusted instance of SpiceDB or that the caller has access to the key(s) necessary to write those relationships.
-  It ensures that if someone gains access to the underlying datastore, they cannot simply write new relationships of their own invention.
+It ensures that if someone gains access to the underlying datastore, they cannot simply write new relationships of their own invention.
 
-- **What does relationship integrity _not_ ensure?**
-  Since the relationship integrity feature signs each individual relationship, it does not ensure that removal of relationships is by a trusted party.
-  Schema is also currently unverified, so an untrusted party could change it as well.
-  Support for schema changes will likely come in a future version.
+Since the relationship integrity feature signs each individual relationship, it does not ensure that removal of relationships is by a trusted party.
+Schema is also currently unverified, so an untrusted party could change it as well.
+Support for schema changes will likely come in a future version.
 
 ##### Setting up relationship integrity
 
-To run with relationship integrity, new flags must be given to SpiceDB:
+To run with relationship integrity, the following flags must be given to SpiceDB:
 
 ```zed
 spicedb serve ...existing flags...
@@ -144,19 +143,19 @@ spicedb serve ...existing flags...
 --datastore-relationship-integrity-current-key-filename="some.key"
 ```
 
-Place the generated key contents (which must support an HMAC key) in `some.key`
+Place the generated key contents (which must support an HMAC key) in `some.key`.
 
 ##### Deployment Process
 
-1. Start with a **clean** datastore for SpiceDB. **At this time, migrating an existing SpiceDB installation is not supported.**
-2. Run the standard `migrate` command but with relationship integrity flags included.
-3. Run SpiceDB with the relationship integrity flags included.
+1. Start with a **clean** datastore for SpiceDB. (Migrating from an existing SpiceDB installation is not supported).
+2. Run the standard `spicedb migrate head` command.
+3. Run SpiceDB with the flags specified in the section above.
 
 ## Cloud Spanner
 
 ### Usage Notes
 
-- Requires a Google Cloud Account with an active Cloud Spanner instance
+- Requires a Google Cloud Account with an active Cloud Spanner instance.
 - Take advantage of Google's TrueTime.
   The Spanner driver assumes the database is linearizable and skips the transaction overlap strategy required by CockroachDB.