Merge branch 'main' into search-platform

Author: lcawl

deploy-manage/_snippets/field-doc-sec-limitations.md

@@ -40,5 +40,5 @@ When a user’s role enables document or [field level security](/deploy-manage/u
 
 * The request cache is disabled for search requests if either of the following are true:
 
-    * The role query that defines document level security is [templated](/deploy-manage/users-roles/cluster-or-deployment-auth/controlling-access-at-document-field-level.md#templating-role-query) using a [stored script](/explore-analyze/scripting/modules-scripting-using.md#script-stored-scripts).
+    * The role query that defines document level security is [templated](/deploy-manage/users-roles/cluster-or-deployment-auth/controlling-access-at-document-field-level.md#templating-role-query) using a [stored script](/explore-analyze/scripting/modules-scripting-store-and-retrieve.md).
     * The target indices are a mix of local and remote indices.

deploy-manage/deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md

@@ -148,5 +148,5 @@ In order to make requests to the [{{es}} API](elasticsearch://reference/elastics
 This completes the quickstart of deploying an {{es}} cluster. We recommend continuing to:
 
 * [Deploy a {{kib}} instance](kibana-instance-quickstart.md)
-* For information about how to apply changes to your deployments, refer to [aplying updates](./update-deployments.md).
+* For information about how to apply changes to your deployments, refer to [applying updates](./update-deployments.md).
 * To explore other configuration options for your {{es}} cluster, see [](./elasticsearch-configuration.md) and [](./configure-deployments.md).

deploy-manage/deploy/elastic-cloud/create-an-organization.md

@@ -41,9 +41,9 @@ A deployment lets you explore Elastic solutions for Search, Observability, and S
 
 For more information, check the [{{ech}} documentation](cloud-hosted.md).
 
-**One serverless project**
+**Three {{serverless-short}} project**
 
-Serverless projects package {{stack}} features by type of solution:
+{{serverless-short}} projects package {{stack}} features by type of solution:
 
 * [{{es}}](../../../solutions/search.md)
 * [Observability](../../../solutions/observability.md)
@@ -56,7 +56,7 @@ For more information, check the [{{serverless-short}} documentation](serverless.
 
 ### Trial limitations [general-sign-up-trial-what-limits-are-in-place-during-a-trial]
 
-During the free 14 day trial, Elastic provides access to one hosted deployment and one serverless project. If all you want to do is try out Elastic, the trial includes more than enough to get you started. During the trial period, some limitations apply.
+During the free 14 day trial, Elastic provides access to one hosted deployment and three {{serverless-short}} projects. If all you want to do is try out Elastic, the trial includes more than enough to get you started. During the trial period, some limitations apply.
 
 **Hosted deployments**
 
@@ -70,10 +70,10 @@ For more information, check the [{{ech}} documentation](cloud-hosted.md).
 
 **Serverless projects**
 
-* You can have one active serverless project at a time.
+* You can have three active {{serverless-short}} projects at a time.
 * Search Power is limited to 100. This setting only exists in {{es-serverless}} projects
 * Search Boost Window is limited to 7 days. This setting only exists in {{es-serverless}} projects
-* Scaling is limited for serverless projects in trials. Failures might occur if the workload requires memory or compute beyond what the above search power and search boost window setting limits can provide.
+* Scaling is limited for {{serverless-short}} projects in trials. Failures might occur if the workload requires memory or compute beyond what the above search power and search boost window setting limits can provide.
 * We monitor token usage per account for the Elastic Managed LLM. If an account uses over one million tokens in 24 hours, we will inform you and then disable access to the LLM. This is in accordance with our fair use policy for trials. 
 
 **Remove limitations**
@@ -95,7 +95,7 @@ Start by checking out some common approaches for [moving data into {{ecloud}}](/
 
 ### Maintain access to your trial projects and data [general-sign-up-trial-what-happens-at-the-end-of-the-trial]
 
-When your trial expires, the deployment and project that you created during the trial period are suspended until you subscribe to [{{ecloud}}](/deploy-manage/cloud-organization/billing/add-billing-details.md). When you subscribe, you are able to resume your deployment and serverless project, and regain access to the ingested data. After your trial expires, you have 30 days to subscribe. After 30 days, your deployment, serverless project, and ingested data are permanently deleted.
+When your trial expires, the deployment and projects that you created during the trial period are suspended until you subscribe to [{{ecloud}}](/deploy-manage/cloud-organization/billing/add-billing-details.md). When you subscribe, you are able to resume your deployment and {{serverless-short}} projects, and regain access to the ingested data. After your trial expires, you have 30 days to subscribe. After 30 days, your deployment, {{serverless-short}} projects, and ingested data are permanently deleted.
 
 If you’re interested in learning more ways to subscribe to {{ecloud}}, don’t hesitate to [contact us](https://www.elastic.co/contact).
 

deploy-manage/images/self-managed-autoops-diagram.png

@@ -0,0 +1,3 @@
+1. {{agent}} connects to your ECE, ECK, or self-managed {{es}} cluster. 
+2. The agent registers your cluster with {{ecloud}} using the Cloud Connect API.
+3. The agent begins to send metrics from your cluster to AutoOps in your selected CSP region. 

deploy-manage/monitor/_snippets/autoops-cc-components.md

@@ -12,10 +12,26 @@ products:
 
 # AutoOps for self-managed clusters
 
-For ECE ({{ece}}), ECK ({{eck}}), and self-managed clusters, AutoOps can be set up in all supported [regions](ec-autoops-regions.md#autoops-for-self-managed-clusters-regions) through [Cloud Connect](/deploy-manage/cloud-connect.md). More regions are coming soon.
+For ECE ({{ece}}), ECK ({{eck}}), and self-managed {{es}} clusters, AutoOps can be set up in all supported [regions](ec-autoops-regions.md#autoops-for-self-managed-clusters-regions) through [Cloud Connect](/deploy-manage/cloud-connect.md). More regions are coming soon.
 
 Cloud Connect enables users of ECE, ECK, and self-managed clusters to use {{ecloud}} services. This means you can take advantage of the simplified cluster monitoring, real-time issue detection, and performance recommendations of AutoOps without having to run and manage the underlying infrastructure.
 
+## How your self-managed cluster connects to AutoOps
+
+To connect your ECE, ECK, or self-managed cluster to AutoOps, you have to use your {{ecloud}} account to install {{agent}}. After that, the process can be broken down into three components:
+
+:::{include} /deploy-manage/monitor/_snippets/autoops-cc-components.md
+:::
+
+:::{image} /deploy-manage/images/self-managed-autoops-diagram.png
+:alt: Diagram depicting how AutoOps for self-managed clusters works
+:::
+
+For instructions on how to get started, refer to [](/deploy-manage/monitor/autoops/cc-connect-self-managed-to-autoops.md).
+
+After this setup is complete, you can start using AutoOps to monitor your cluster. Learn more about what you can do with AutoOps in [views](/deploy-manage/monitor/autoops/views.md) and [events](/deploy-manage/monitor/autoops/ec-autoops-events.md).  
+
+
 ## Section overview
 
 In this section, you'll find the following information:
@@ -26,4 +42,5 @@ In this section, you'll find the following information:
 * A [troubleshooting guide](/deploy-manage/monitor/autoops/cc-cloud-connect-autoops-troubleshooting.md) to help you with any issues you may encounter
 
 :::{tip}
-Refer to our [FAQ](/deploy-manage/monitor/autoops/ec-autoops-faq.md#questions-about-autoops-for-self-managed-clusters) for answers to commonly asked questions about AutoOps for self-managed clusters.
+Refer to our [FAQ](/deploy-manage/monitor/autoops/ec-autoops-faq.md#questions-about-autoops-for-self-managed-clusters) for answers to commonly asked questions about AutoOps for self-managed clusters.
+:::

deploy-manage/monitor/autoops/cc-autoops-as-cloud-connected.md

@@ -44,42 +44,12 @@ $$$firewall$$$**My organization's firewall may be preventing {{agent}} from coll
     Run the following tests within the context of your execution environment. That is, if your chosen installation method is Kubernetes, run the commands from within the pod; for Docker, run the commands from within the container, and so on. 
     :::
 
-    There are three main components of {{agent}}'s connection with your system:
+    There are [three main components](/deploy-manage/monitor/autoops/cc-autoops-as-cloud-connected.md#how-your-self-managed-cluster-connects-to-autoops) of {{agent}}'s connection with your system:
 
-    1. {{agent}} registers your cluster with {{ecloud}}
-    2. {{agent}} connects to your cluster
-    3. {{agent}} sends metrics from your cluster to {{ecloud}}
-
-    If there is an issue with the first component, the agent will stop working and your logs might look like: 
-    
-    ```sh
-    ... failed to register Cloud Connected Mode: ... Post \"https://api.elastic-cloud.com/api/v1/cloud-connected/clusters\": ...
-    ```
-    
-    To test if your organization is not allowing the agent to register your cluster with {{ecloud}}, run the following command:
-
-    ```json
-    curl -XPOST -i \
-    https://api.elastic-cloud.com/api/v1/cloud-connected/clusters \
-    -H 'Content-Type: application/json' \
-    -d '{"self_managed_cluster": {"id": "my-cluster-uuid", "name": "my-cluster-name", "version": "9.1.0"}, "license": {"uid": "my-license-id", "type": "basic"}}'
-    ```
-    
-    The command should return an HTTP 401 response similar to: 
-
-    ```json
-          {"UnauthorizedMessages":["Invalid credential headers"],"Cause":null}
-    ```
-    If you do not receive a similar response, configure your HTTP proxy to allow it to reach the URL (with headers and a JSON body):
-    
-    ```json
-          POST https://api.elastic-cloud.com/api/v1/cloud-connected/clusters
-    ```
-    :::{note}
-    If you are using Docker, you may need to complete this configuration directly via the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables.
+    :::{include} /deploy-manage/monitor/_snippets/autoops-cc-components.md
     :::
 
-    If there is an issue with the second component, {{agent}} cannot connect to your cluster. To test if your organization is not allowing this connection, run the following command depending on your chosen authentication method:
+    If there is an issue with the first component, {{agent}} cannot connect to your cluster. To test if your organization is not allowing this connection, run the following command depending on your chosen authentication method:
 
     :::::{tab-set}
     :group: api-key-or-basic
@@ -138,6 +108,34 @@ $$$firewall$$$**My organization's firewall may be preventing {{agent}} from coll
     | You are using a custom SSL/TLS configuration with {{es}} | Disable SSL/TLS verification so that your system trusts all certificates. We do not recommend disabling verification in production environments. <br><br> If you are using API key authentication, run the following command: <br><br>`curl -XGET --insecure -i $AUTOOPS_ES_URL \ -H "Authorization: ApiKey $AUTOOPS_ES_API_KEY"`. <br><br> If you are using username/password authentication, run the following command: <br><br> `curl -XGET --insecure -i $AUTOOPS_ES_URL \ -u $AUTOOPS_ES_USERNAME` <br><br> If the issue is resolved, you need to configure your custom SSL/TLS settings with {{agent}}. If the issue persists, contact [Elastic support](https://support.elastic.co/).| 
     | You are connecting a local development cluster using Docker without specifying `--network host` | - Make sure you are following all the steps to [connect your local development cluster to AutoOps](/deploy-manage/monitor/autoops/cc-connect-local-dev-to-autoops.md#connect-your-local-development-cluster-to-autoops). <br> - In the [Install agent](/deploy-manage/monitor/autoops/cc-connect-self-managed-to-autoops.md#install-agent) step, make sure you are replacing `docker run -d \` with `docker run -d --network host \`. |
 
+    If there is an issue with the second component, the agent will stop working and your logs might look like: 
+    
+    ```sh
+    ... failed to register Cloud Connected Mode: ... Post \"https://api.elastic-cloud.com/api/v1/cloud-connected/clusters\": ...
+    ```
+    
+    To test if your organization is not allowing the agent to register your cluster with {{ecloud}}, run the following command:
+
+    ```json
+    curl -XPOST -i \
+    https://api.elastic-cloud.com/api/v1/cloud-connected/clusters \
+    -H 'Content-Type: application/json' \
+    -d '{"self_managed_cluster": {"id": "my-cluster-uuid", "name": "my-cluster-name", "version": "9.1.0"}, "license": {"uid": "my-license-id", "type": "basic"}}'
+    ```
+    
+    The command should return an HTTP 401 response similar to: 
+
+    ```json
+          {"UnauthorizedMessages":["Invalid credential headers"],"Cause":null}
+    ```
+    If you do not receive a similar response, configure your HTTP proxy to allow it to reach the URL (with headers and a JSON body):
+    
+    ```json
+          POST https://api.elastic-cloud.com/api/v1/cloud-connected/clusters
+    ```
+    :::{note}
+    If you are using Docker, you may need to complete this configuration directly via the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables.
+    :::
 
     If there is an issue with the third component, the agent will attempt to establish the connection and your logs might look like: 
         

deploy-manage/monitor/autoops/cc-cloud-connect-autoops-troubleshooting.md

@@ -70,7 +70,8 @@ If you don’t have an existing {{ecloud}} account:
 :sync: existing
 
 If you already have an {{ecloud}} account:
-1. Log in to [{{ecloud}}](https://cloud.elastic.co?page=docs&placement=docs-body).
+1. Log in to [{{ecloud}}](https://cloud.elastic.co/login?redirectTo=%2Fconnect-cluster-services).
+    - The link provided should take you directly to the **Connect your self-managed cluster** page
 2. On your home page, in the **Connected clusters** section, select **Connect self-managed cluster**. 
 3. On the **Connect your self-managed cluster** page, in the **AutoOps** section, select **Connect**.
 4. Go through the installation wizard as detailed in the following sections.

deploy-manage/monitor/autoops/cc-connect-self-managed-to-autoops.md

@@ -20,9 +20,8 @@ Remote clusters are especially useful in two cases:
 - **Cross-cluster search**
   [Cross-cluster search](/solutions/search/cross-cluster-search.md), or CCS, enables you to run a search request against one or more remote clusters. This capability provides each region with a global view of all clusters, allowing you to send a search request from a local cluster and return results from all connected remote clusters. For full {{ccs}} capabilities, the local and remote cluster must be on the same [subscription level](https://www.elastic.co/subscriptions).
 
-::::{note} about terminology
-In the case of remote clusters, the {{es}} cluster or deployment initiating the connection and requests is often referred to as the **local cluster**, while the {{es}} cluster or deployment receiving the requests is referred to as the **remote cluster**.
-::::
+:::{include} ./remote-clusters/_snippets/terminology.md
+:::
 
 ## Security models and connection modes
 

deploy-manage/remote-clusters.md

@@ -1,7 +1,7 @@
-Before you start, consider the security model that you would prefer to use for authenticating remote connections between clusters, and follow the corresponding steps.
+Before you start, consider the [security model](/deploy-manage/remote-clusters/security-models.md) that you would prefer to use for authenticating remote connections between clusters, and follow the corresponding steps.
 
 API key
-:   For deployments based on {{stack}} 8.14 or later, you can use an API key to authenticate and authorize cross-cluster operations to a remote cluster. This model offers administrators of both the local and the remote deployment fine-grained access controls.
+:   For deployments based on {{stack}} 8.14 or later, you can use an API key to authenticate and authorize cross-cluster operations to a remote cluster. This model uses a dedicated service endpoint, on port `9443` by default, and gives administrators fine-grained control over remote access. The API key is created on the remote cluster and defines the permissions available to all cross-cluster requests, while local user roles can further restrict, but not extend, those permissions.
 
 TLS certificate (deprecated in {{stack}} 9.0.0)
-:   This model uses mutual TLS authentication for cross-cluster operations. User authentication is performed on the local cluster and a user's role names are passed to the remote cluster. A superuser on the local deployment gains total read access to the remote deployment, so it is only suitable for deployments that are in the same security domain.
+:   This model uses mutual TLS authentication over the {{es}} transport interface for cross-cluster operations. User authentication is performed on the local cluster and a user's role names are passed to the remote cluster for authorization. Because a superuser on the local cluster automatically gains full read access to the remote cluster, this model is only suitable for clusters within the same security domain.