changes from pr review

eedugon · eedugon · commit 1cfc83616e79 · 2025-02-21T18:39:16.000+01:00
diff --git a/deploy-manage/deploy/cloud-enterprise.md b/deploy-manage/deploy/cloud-enterprise.md
@@ -1,6 +1,7 @@
 ---
-applies:
-  ece: all
+applies_to:
+  deployment:
+    ece: all
 ---
 
 # Elastic Cloud Enterprise [Elastic-Cloud-Enterprise-overview]
@@ -20,45 +21,29 @@ With {{ece}}, you can:
 * Maximize the hardware utilization for the various clusters.
 * Centralize the management of multiple Elastic deployments across teams or geographies.
 
-Refer to [](./cloud-enterprise/ece-architecture.md) and [Containerized design](./cloud-enterprise/ece-containerization.md) for details about the ECE platform architecture and technologies used.
+Refer to [](./cloud-enterprise/ece-architecture.md) for details about the ECE platform architecture and the technologies used.
 
 ## ECE features
 
-- **Automated Scaling & Orchestration**: Handles cluster provisioning, scaling, and upgrades automatically.
-- **High Availability & Resilience**: Ensures uptime through multiple Availability Zones, data replication, and automated restore and snapshot.
-- **Centralized Monitoring & Logging**: Provides insights into cluster performance, resource usage, and logs.
-- **Single Sign-On (SSO) & Role-Based Access Control (RBAC)**: Allows organizations to manage access and security policies.
-- **API & UI Management**: Offers a web interface and API to create and manage clusters easily.
+- **Automated scaling & orchestration**: Handles cluster provisioning, scaling, and upgrades automatically.
+- **High availability & resilience**: Ensures uptime through multiple Availability Zones, data replication, and automated restore and snapshot.
+- **Centralized monitoring & logging**: Provides insights into cluster performance, resource usage, and logs.
+- **Single Sign-On (SSO) & role-based access aontrol (RBAC)**: Allows organizations to manage access and security policies.
+- **API & UI management**: Offers a web interface and API to create and manage clusters easily.
 - **Air-gapped installations**: Support for off-line installations.
-- **Microservices**: All services are containerized through Docker. Refer to [](./ece-containerization.md) for more details.
-
-## ECE features
-
-* All services are containerized through Docker.
-* High Availability through multiple Availability Zones.
-* Deployment state coordination using ZooKeeper.
-* Easy access for admins through the Cloud UI and API.
-* Support for off-line installations.
-* Automated restore and snapshot.
+- **Microservices architecture**: All services are containerized through Docker.
 
 Check the [glossary](https://www.elastic.co/guide/en/elastic-stack-glossary/current/terms.html) to get familiar with the terminology for ECE as well as other Elastic products and solutions.
 
-% delete or keep. this wasn't part of the original content
-%### Use cases
-%
-%- Organizations that need full control over their Elastic Stack while benefiting from cloud-like automation.
-%- Enterprises managing multiple Elasticsearch clusters across different teams or environments.
-%- Businesses looking for a self-hosted alternative to Elastic Cloud with centralized administration.
-
 ## Section overview
 
 This section focuses on deploying ECE and orchestrating and configuring {{es}} clusters, also referred to as `deployments`.
 
-In ECE, a deployment is a managed {{stack}} environment that provides users with an {{es}} cluster along with supporting components such as {{kib}} and other optional services like APM and Fleet.
+In ECE, a deployment is a managed {{stack}} environment that provides users with an {{es}} cluster along with supporting components such as {{kib}} and other optional services like APM and {{fleet}}.
 
 This section covers the following tasks:
 
-* [Deploy ECE](./cloud-enterprise/deploy-an-orchestrator.md)
+* [Deploy ECE orchestrator](./cloud-enterprise/deploy-an-orchestrator.md)
     - [Prepare the environment](./cloud-enterprise/prepare-environment.md)
     - [Install ECE](./cloud-enterprise/install.md)
     - [Air gapped installations](./cloud-enterprise/air-gapped-install.md)
@@ -73,12 +58,15 @@ This section covers the following tasks:
 
 Other sections of the documentation also include important tasks related to ECE:
 
-* [Secure your ECE installation](../security/secure-your-elastic-cloud-enterprise-installation.md)
-* [Users and roles](../users-roles/cloud-enterprise-orchestrator.md)
-* [Secure your deployments](../security/secure-your-cluster-deployment.md)
-* [Manage snapshot repositories](../tools/snapshot-and-restore.md)
-* [Manage licenses](../license/manage-your-license-in-ece.md)
-* [ECE platform maintenance operations](../maintenance/ece.md)
+* Platform security and management:
+  * [Secure your ECE installation](../security/secure-your-elastic-cloud-enterprise-installation.md)
+  * [Users and roles](../users-roles/cloud-enterprise-orchestrator.md)
+  * [ECE platform maintenance operations](../maintenance/ece.md)
+  * [Manage licenses](../license/manage-your-license-in-ece.md)
+
+* Deployments security and management:
+  * [Secure your deployments](../security/secure-your-cluster-deployment.md)
+  * [Manage snapshot repositories](../tools/snapshot-and-restore.md)
 
 ## How ECE differs from Elastic Cloud and other orchestrators
 
diff --git a/deploy-manage/deploy/cloud-enterprise/configure.md b/deploy-manage/deploy/cloud-enterprise/configure.md
@@ -1,13 +1,16 @@
 ---
-applies:
-  ece: all
+applies_to:
+  deployment:
+    ece: all
 mapped_pages:
   - https://www.elastic.co/guide/en/cloud-enterprise/current/ece-configuring-ece.html
   - https://www.elastic.co/guide/en/cloud-enterprise/current/ece-administering-ece.html
 ---
 
 # Configure ECE [ece-configuring-ece]
 
+⚠️ **This page is a work in progress.** ⚠️
+
 Now that you have Elastic Cloud Enterprise up and running, take a look at some of the additional features that you can configure:
 
 * [System deployment configuration](system-deployments-configuration.md) - Best practices for ECE system deployments to ensure a highly available and resilient setup.
diff --git a/deploy-manage/deploy/cloud-enterprise/deploy-an-orchestrator.md b/deploy-manage/deploy/cloud-enterprise/deploy-an-orchestrator.md
@@ -1,6 +1,7 @@
 ---
-applies:
-  ece: all
+applies_to:
+  deployment:
+    ece: all
 ---
 # Deploy an orchestrator
 
@@ -32,10 +33,20 @@ This section provides step-by-step guidance on:
 
 ## Additional topics
 
-Once ECE is deployed, you may need to configure security, manage snapshots, or perform maintenance tasks. Refer to the following sections for more details:  
+After deploying ECE platform, you may need to configure your own proxy certificates, security, snapshot repositories, or perform maintenance tasks. Refer to the following sections for more details:  
 
 * [Secure your ECE installation](../../security/secure-your-elastic-cloud-enterprise-installation.md)
 * [Users and roles](../../users-roles/cloud-enterprise-orchestrator.md)
 * [Manage snapshot repositories](../../tools/snapshot-and-restore.md)
 * [Manage licenses](../../license/manage-your-license-in-ece.md)
 * [ECE platform maintenance operations](../../maintenance/ece.md)
+
+To start orchestrating your {{es}} clusters, refer to [](./working-with-deployments.md).
+
+## Advanced tasks
+
+The following tasks are only needed on certain circumstances:
+
+* Migrate ECE to Podman hosts
+* Migrate ECE on Podman hosts to SELinux enforce
+* Change allocator disconnect timeout
diff --git a/deploy-manage/deploy/cloud-enterprise/ece-architecture.md b/deploy-manage/deploy/cloud-enterprise/ece-architecture.md
@@ -1,8 +1,10 @@
 ---
-applies:
-  ece: all
+applies_to:
+  deployment:
+    ece: all
 mapped_pages:
   - https://www.elastic.co/guide/en/cloud-enterprise/current/ece-architecture.html
+  - https://www.elastic.co/guide/en/cloud-enterprise/current/ece-containerization.html
 ---
 
 # Service-oriented architecture [ece-architecture]
@@ -17,7 +19,6 @@ Elastic Cloud Enterprise has a service-oriented architecture that lets you:
 :alt: Elastic Cloud Enterprise high level architecture
 :::
 
-
 ## Control plane [ece_control_plane]
 
 The *control plane* of ECE include the following management services:
@@ -67,3 +68,19 @@ Provide web and API access for administrators to manage and monitor the ECE inst
 
 * Advertise the memory capacity of the underlying host machine to ZooKeeper so that the Constructor can make an informed decision on where to deploy.
 
+## Services as Docker containers [ece-containerization]
+
+Services are deployed as Docker containers, which simplifies the operational effort and makes it easy to provision similar environments for development and staging. Using Docker containers has the following advantages:
+
+* **Shares of resources**
+
+    Each cluster node is run within a Docker container to make sure that all of the nodes have access to a guaranteed share of host resources. This mitigates the *noisy neighbor effect* where one busy deployment can overwhelm the entire host. The CPU resources are relative to the size of the Elasticsearch cluster they get assigned to. For example, a cluster with 32GB of RAM gets assigned twice as many CPU resources as a cluster with 16GB of RAM.
+
+* **Better security**
+
+    On the assumption that any cluster can be compromised, containers are given no access to the platform. The same is true for the services: each service can read or write only those parts of the system state that are relevant to it. Even if some services are compromised, the attacker won’t get hold of the keys to the rest of them and will not compromise the whole platform.
+
+* **Secure communication through Stunnel**
+
+    Docker containers communicate securely with one another through Transport Layer Security, provided by [Stunnel](https://www.stunnel.org/) (as not all of the services or components support TLS natively). Tunneling all traffic between containers makes sure that it is not possible to eavesdrop, even when someone else has access to the underlying cloud or network infrastructure.
+
diff --git a/deploy-manage/deploy/cloud-enterprise/ece-containerization.md b/deploy-manage/deploy/cloud-enterprise/ece-containerization.md
diff --git a/deploy-manage/deploy/cloud-enterprise/ece-overview.md b/deploy-manage/deploy/cloud-enterprise/ece-overview.md
diff --git a/deploy-manage/toc.yml b/deploy-manage/toc.yml
@@ -120,10 +120,7 @@ toc:
           - file: deploy/elastic-cloud/restrictions-known-problems.md
       - file: deploy/cloud-enterprise.md
         children:
-          - file: deploy/cloud-enterprise/ece-overview.md
-            children:
-              - file: deploy/cloud-enterprise/ece-architecture.md
-              - file: deploy/cloud-enterprise/ece-containerization.md
+          - file: deploy/cloud-enterprise/ece-architecture.md
           - file: deploy/cloud-enterprise/deploy-an-orchestrator.md
             children:
               - file: deploy/cloud-enterprise/prepare-environment.md
