private CA connections converted to snippets

Author: eedugon

deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-private.md

@@ -0,0 +1,36 @@
+<!--
+This snippet is in use in the following locations:
+- xxx
+
+It requires remote_type substitution to be defined
+-->
+1. [Log into the Cloud UI](/deploy-manage/deploy/cloud-enterprise/log-into-cloud-ui.md).
+2. On the **Deployments** page, select your deployment.
+
+    Narrow the list by name, ID, or choose from several other filters. To further define the list, use a combination of filters.
+
+3. Access the **Security** page of the deployment.
+4. Select **Remote Connections > Add trusted environment** and choose **{{remote_type}}**. Then click **Next**.
+5. Select **API keys** as authentication mechanism and click **Next**.
+6. When asked whether the Certificate Authority (CA) of the remote environment’s proxy or load-balancing infrastructure is public, select **No, it is private**.
+7. Add the API key:
+
+    1. Fill both fields.
+
+        * For the **Setting name**, enter the alias of your choice. You will use this alias to connect to the remote cluster later. It must be lowercase and only contain letters, numbers, dashes and underscores.
+        * For the **Secret**, paste the encoded cross-cluster API key.
+
+    2. Click **Add** to save the API key to the keystore.
+    3. Repeat these steps for each API key you want to add. For example, if you want to use several clusters of the remote environment for CCR or CCS.
+
+8. Add the CA certificate of the remote deployment or cluster.
+9. Provide a name for the trusted environment. That name will appear in the trust summary of your deployment's **Security** page.
+10. Select **Create trust** to complete the configuration.
+11. Restart the local deployment to reload the keystore with its new setting. To do that, go to the deployment's main page, locate the **Actions** menu, and select **Restart {{es}}**.
+
+    ::::{note}
+    If the local deployment runs on version 8.14 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.
+    ::::
+
+If you need to update the remote connection with different permissions later, refer to [Change a cross-cluster API key used for a remote connection](/deploy-manage/remote-clusters/ece-edit-remove-trusted-environment.md#ece-edit-remove-trusted-environment-api-key).
+

deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-public.md

@@ -13,11 +13,10 @@
 
     2. Click **Add** to save the API key to the keystore.
 
-5. Restart the local deployment to reload the keystore with its new setting. To do that, go to the deployment's main page (named after your deployment's name), locate the **Actions** menu, and select **Restart {{es}}**.<br>
+5. Restart the local deployment to reload the keystore with its new setting. To do that, go to the deployment's main page (named after your deployment's name), locate the **Actions** menu, and select **Restart {{es}}**.
 
     ::::{note}
     If the local deployment runs on version 8.14 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.
     ::::
 
-
 If you need to update the remote connection with different permissions later, refer to [Change a cross-cluster API key used for a remote connection](/deploy-manage/remote-clusters/ece-edit-remove-trusted-environment.md#ece-edit-remove-trusted-environment-api-key).

deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-private.md

@@ -0,0 +1,35 @@
+<!--
+This snippet is in use in the following locations:
+- xxx
+
+It requires remote_type substitution to be defined
+-->
+1. Log in to the [{{ecloud}} Console](https://cloud.elastic.co?page=docs&placement=docs-body).
+2. On the home page, find your hosted deployment and select **Manage** to access it directly. Or, select **Hosted deployments** to go to the **Hosted deployments** page to view all of your deployments.
+
+    On the **Hosted deployments** page you can narrow your deployments by name, ID, or choose from several other filters. To customize your view, use a combination of filters, or change the format from a grid to a list.
+
+3. From the navigation menu, select **Security**.
+4. Select **Remote Connections > Add trusted environment** and choose **{{remote_type}}**. Then click **Next**.
+5. Select **API keys** as authentication mechanism and click **Next**.
+6. When asked whether the Certificate Authority (CA) of the remote environment’s proxy or load-balancing infrastructure is public, select **No, it is private**.
+7. Add the API key:
+
+    1. Fill both fields.
+
+        * For the **Remote cluster name**, enter the alias of your choice. You will use this alias to connect to the remote cluster later. It must be lowercase and only contain letters, numbers, dashes and underscores.
+        * For the **Cross-cluster API key**, paste the encoded cross-cluster API key.
+
+    2. Click **Add** to save the API key to the keystore.
+    3. Repeat these steps for each API key you want to add. For example, if you want to use several clusters of the remote environment for CCR or CCS.
+
+8. Add the CA certificate of the remote deployment or cluster.
+9. Provide a name for the trusted environment. That name will appear in the trust summary of your deployment's **Security** page.
+10. Select **Create trust** to complete the configuration.
+11. Restart the local deployment to reload the keystore with its new setting. To do that, go to the deployment's main page, locate the **Actions** menu, and select **Restart {{es}}**.
+
+    ::::{note}
+    If the local deployment runs on version 8.14 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.
+    ::::
+
+If you need to update the remote connection with different permissions later, refer to [Change a cross-cluster API key used for a remote connection](/deploy-manage/remote-clusters/ec-edit-remove-trusted-environment.md#ec-edit-remove-trusted-environment-api-key).

deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-public.md

@@ -13,11 +13,10 @@
 
     2. Click **Add** to save the API key.
 
-5. Restart the local deployment to reload the new setting. To do that, go to the deployment's main page (named after your deployment's name), locate the **Actions** menu, and select **Restart {{es}}**.<br>
+5. Restart the local deployment to reload the new setting. To do that, go to the deployment's main page (named after your deployment's name), locate the **Actions** menu, and select **Restart {{es}}**.
 
     ::::{note}
     If the local deployment runs on version 8.14 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.
     ::::
 
-
 If you need to update the remote connection with different permissions later, refer to [Change a cross-cluster API key used for a remote connection](/deploy-manage/remote-clusters/ec-edit-remove-trusted-environment.md#ec-edit-remove-trusted-environment-api-key).

deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet-self.md

@@ -2,12 +2,14 @@
 This snippet is in use in the following locations:
 - ece-remote-cluster-self-managed.md
 - ec-remote-cluster-self-managed.md
+- ece-enable-ccs-for-eck.md
+- ec-enable-ccs-for-eck.md
 -->
-To configure a self-managed cluster as a remote cluster, use the [cluster update settings API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings). Configure the following fields:
+To add a remote cluster, use the [cluster update settings API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings). Configure the following fields:
 
 * `Remote cluster alias`: When using API key authentication, the cluster alias must match the one you configured when adding the API key in the Cloud UI as **Remote cluster name**.
 * `mode`: `proxy`
-* `proxy_address`: Enter the endpoint of the remote self-managed cluster, including the hostname, FQDN, or IP address, and the port. Both IPv4 and IPv6 addresses are supported.
+* `proxy_address`: Enter the endpoint of the remote cluster, including the hostname, FQDN, or IP address, and the port. Both IPv4 and IPv6 addresses are supported.
 
   Make sure you use the correct port for your authentication method:
   * **API keys**: Use the port configured in the remote cluster interface of the remote cluster (defaults to `9443`).  

deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet.md

@@ -13,15 +13,15 @@ To configure a deployment as a remote cluster, use the [cluster update settings
 
 * `Remote cluster alias`: When using API key authentication, the cluster alias must match the one you configured when adding the API key in the Cloud UI as **Remote cluster name**.
 * `mode`: `proxy`
-* `proxy_address`: This value can be found on the **Security** page of the {{remote_type}} you want to use as a remote. Copy the **Proxy address** from the **Remote cluster parameters** section. 
+* `proxy_address`: This value can be found on the **Security** page of the {{remote_type}} deployment you want to use as a remote. Copy the **Proxy address** from the **Remote cluster parameters** section.
 
    Using the API, this value can be obtained from the {{es}} resource info, concatenating the field `metadata.endpoint` and port `9400` using a semicolon.
 
   ::::{note}
   If you’re using API keys as security model, change the port to `9443`.
   ::::
 
-* `server_name`: This value can be found on the **Security** page of the {{remote_type}} you want to use as a remote. Copy the **Server name** from the **Remote cluster parameters** section. 
+* `server_name`: This value can be found on the **Security** page of the {{remote_type}} deployment you want to use as a remote. Copy the **Server name** from the **Remote cluster parameters** section.
 
    Using the API, this can be obtained from the {{es}} resource info field `metadata.endpoint`.
 

deploy-manage/remote-clusters/_snippets/rcs-kibana-api-snippet-self.md

@@ -2,6 +2,8 @@
 This snippet is in use in the following locations:
 - ece-remote-cluster-self-managed.md
 - ec-remote-cluster-self-managed.md
+- ece-enable-ccs-for-eck.md
+- ec-enable-ccs-for-eck.md
 -->
 1. Go to the **Remote Clusters** management page in the navigation menu or use the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md).
 2. Select **Add a remote cluster**.
@@ -12,7 +14,7 @@ This snippet is in use in the following locations:
     * **Remote cluster name**: This *cluster alias* is a unique identifier that represents the connection to the remote cluster and is used to distinguish local and remote indices.
 
       When using API key authentication, this alias must match the **Remote cluster name** you configured when adding the API key in the Cloud UI.
-    * **Remote address**: Enter the endpoint of the remote self-managed cluster, including the hostname, FQDN, or IP address, and the port.
+    * **Remote address**: Enter the endpoint of the remote cluster, including the hostname, FQDN, or IP address, and the port.
 
       Make sure you use the correct port for your authentication method:
       * **API keys**: Use the port configured in the remote cluster interface of the remote cluster (defaults to `9443`).  

deploy-manage/remote-clusters/_snippets/rcs-kibana-api-snippet.md

@@ -18,7 +18,7 @@ It requires remote_type substitution to be defined
 
       When using API key authentication, this alias must match the **Remote cluster name** you configured when adding the API key in the Cloud UI.
 
-    * **Remote address**: This value can be found on the **Security** page of the {{remote_type}} you want to use as a remote. Copy the **Proxy address** from the **Remote cluster parameters** section.
+    * **Remote address**: This value can be found on the **Security** page of the {{remote_type}} deployment you want to use as a remote. Copy the **Proxy address** from the **Remote cluster parameters** section.
 
       ::::{note}
       If you’re using API keys as security model, change the port to `9443`.
@@ -27,7 +27,7 @@ It requires remote_type substitution to be defined
     * **Configure advanced options** (optional): Expand this section if you need to customize additional settings.
       * **TLS server name**: Specify a value if the certificate presented by the remote cluster is signed for a different name than the remote address.
 
-        This value can be found on the **Security** page of the {{remote_type}} you want to use as a remote. Copy the **Server name** from the **Remote cluster parameters** section.
+        This value can be found on the **Security** page of the {{remote_type}} deployment you want to use as a remote. Copy the **Server name** from the **Remote cluster parameters** section.
 
       * **Socket connections**: Define the number of connections to open with the remote cluster.
 

deploy-manage/remote-clusters/ec-remote-cluster-ece.md

@@ -9,7 +9,7 @@ applies_to:
 products:
   - id: cloud-hosted
 sub:
-  remote_type: Elastic Cloud Enterprise deployment
+  remote_type: Elastic Cloud Enterprise
 ---
 
 # Connect {{ech}} deployments to an {{ece}} environment [ec-remote-cluster-ece]
@@ -58,47 +58,24 @@ The steps to follow depend on whether the Certificate Authority (CA) of the remo
 
 ::::
 
-
 ::::{dropdown} The CA is private
-1. Log in to the [{{ecloud}} Console](https://cloud.elastic.co?page=docs&placement=docs-body).
-2. On the home page, find your hosted deployment and select **Manage** to access it directly. Or, select **Hosted deployments** to go to the **Hosted deployments** page to view all of your deployments.
-
-    On the **Hosted deployments** page you can narrow your deployments by name, ID, or choose from several other filters. To customize your view, use a combination of filters, or change the format from a grid to a list.
-
-3. Access the **Security** page of the deployment.
-4. Select **Remote Connections > Add trusted environment** and choose **{{ece}}**. Then click **Next**.
-5. Select **API keys** as authentication mechanism and click **Next**.
-6. Add a the API key:
-
-    1. Fill both fields.
 
-        * For the **Remote cluster name**, enter the the alias of your choice. You will use this alias to connect to the remote cluster later. It must be lowercase and only contain letters, numbers, dashes and underscores.
-        * For the **Cross-cluster API key**, paste the encoded cross-cluster API key.
+Before configuring the local deployment, retrieve the CA certificate of the remote {{ece}} environment’s proxy or load-balancing infrastructure. To find this certificate:
 
-    2. Click **Add** to save the API key to the keystore.
-    3. Repeat these steps for each API key you want to add. For example, if you want to use several deployments of the remote environment for CCR or CCS.
+1. In the remote {{ece}} environment, go to **Platform > Settings > TLS certificates**.
+2. Select **Show certificate chain** under **Proxy**.
+3. Click **Copy root certificate** and paste it into a new file. The root certificate is the last certificate shown in the chain.
 
-7. Add the CA certificate of the private proxy or load balancing infrastructure of the remote environment. To find this certificate:
+    :::{image} /deploy-manage/images/cloud-remote-clusters-proxy-certificate.png
+    :alt: Certificate to copy from the chain
+    :::
 
-    1. In the remote {{ece}} environment, go to **Platform > Settings > TLS certificates**.
-    2. Select **Show certificate chain** under **Proxy**.
-    3. Click **Copy root certificate** and paste it into a new file. The root certificate is the last certificate shown in the chain.
-    4. Save that file as `.crt`. It is now ready to be uploaded.
+4. Save that file as `.crt`.
 
-        :::{image} /deploy-manage/images/cloud-remote-clusters-proxy-certificate.png
-        :alt: Certificate to copy from the chain
-        :::
+You can now proceed to configure the local deployment. The CA file you just saved will be used in one of the following steps.
 
-8. Provide a name for the trusted environment. That name will appear in the trust summary of your deployment’s **Security** page.
-9. Select **Create trust** to complete the configuration.
-10. Restart the local deployment to reload the keystore with its new setting. To do that, go to the deployment’s main page (named after your deployment’s name), locate the **Actions** menu, and select **Restart {{es}}**.<br>
-
-    ::::{note}
-    If the local deployment runs on version 8.14 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.
-    ::::
-
-
-If you need to update the remote connection with different permissions later, refer to [Change a cross-cluster API key used for a remote connection](ec-edit-remove-trusted-environment.md#ec-edit-remove-trusted-environment-api-key).
+:::{include} _snippets/apikeys-local-ech-remote-private.md
+:::
 
 ::::
 ::::::

deploy-manage/remote-clusters/ec-remote-cluster-other-ess.md

@@ -8,7 +8,7 @@ applies_to:
 products:
   - id: cloud-hosted
 sub:
-  remote_type: Elastic Cloud Hosted deployment
+  remote_type: Elastic Cloud Hosted
 ---
 
 # Connect to deployments in another {{ecloud}} organization [ec-remote-cluster-other-ess]