Merge pull request #27692 from pneedle-rh/remote_health_updates

Updates to the Remote Health section.

Author: pneedle-rh

images/telmetry-and-insights-operator-data-flow.svg

@@ -9,12 +9,10 @@ The Insights Operator periodically gathers configuration and component failure s
 
 Users of {product-title} can display the report of each cluster in {cloud-redhat-com}. If any issues have been identified, Insights provides further details and, if available, steps on how to solve a problem.
 
-The Insights Operator does not collect identifying information, such as user names, passwords, or certificates. However, to provide specific remediation steps, the Insights Operator does not anonymize certain information internal to the cluster, such as IP addresses and host names of nodes.
+The Insights Operator does not collect identifying information, such as user names, passwords, or certificates. See link:https://cloud.redhat.com/security/insights[Red Hat Insights Data & Application Security] for information about Red Hat Insights data collection and controls.
 
 Red Hat uses all connected cluster information to:
 
 * Proactively identify potential cluster issues and provide a solution and preventive actions in {cloud-redhat-com}
-* Improve {product-title}
+* Improve {product-title} by providing aggregated and critical information to product and support teams
 * Make {product-title} more intuitive
-
-The information the Insights Operator sends is available only to Red Hat Support and engineering teams with the same restrictions as accessing data reported in support cases. Red Hat does not share this information with third parties.

modules/insights-operator-about.adoc

@@ -5,11 +5,12 @@
 [id="insights-operator-what-information-is-collected_{context}"]
 = Information collected by the Insights Operator
 
-The Insights Operator collects:
+The following information is collected by the Insights Operator:
 
 * General information about your cluster and its components to identify issues that are specific to your {product-title} version and environment
 * Configuration files, such as the image registry configuration, of your cluster to determine incorrect settings and issues that are specific to parameters you set
-* Error that occurred in the cluster components
-* Progress and health information of running updates, and the status of any component upgrades
+* Errors that occur in the cluster components
+* Progress information of running updates, and the status of any component upgrades
 * Details of the platform that {product-title} is deployed on, such as Amazon Web Services, and the region that the cluster is located in
-* Information about infrastructure pods
+* If an Operator reports an issue, information is collected about core {product-title} pods in the `openshift-*` and `kube-*` projects. This includes state, resource, security context, volume information, and more.
+

modules/insights-operator-what-information-is-collected.adoc

@@ -6,14 +6,8 @@
 [id="telemetry-about-telemetry_{context}"]
 = About Telemetry
 
-Telemetry sends a carefully chosen subset of the cluster monitoring metrics to Red Hat. These metrics are sent continuously and describe:
+Telemetry sends a carefully chosen subset of the cluster monitoring metrics to Red Hat. The Telemeter Client fetches the metrics values every four minutes and thirty seconds and uploads the data to Red Hat. These metrics are described in this document. 
 
-* The size of an {product-title} cluster
-* The health and status of {product-title} components
-* The health and status of any upgrade being performed
-* Limited usage information about {product-title} components and features
-* Summary info about alerts reported by the cluster monitoring component
+This stream of data is used by Red Hat to monitor the clusters in real-time and to react as necessary to problems that impact our customers. It also allows Red Hat to roll out {product-title} upgrades to customers to minimize service impact and continuously improve the upgrade experience.
 
-This continuous stream of data is used by Red Hat to monitor the health of clusters in real time and to react as necessary to problems that impact our customers. It also allows Red Hat to roll out {product-title} upgrades to customers so as to minimize service impact and continuously improve the upgrade experience.
-
-This debugging information is available to Red Hat Support and engineering teams with the same restrictions as accessing data reported via support cases. All connected cluster information is used by Red Hat to help make {product-title} better and more intuitive to use. None of the information is shared with third parties.
+This debugging information is available to Red Hat Support and Engineering teams with the same restrictions as accessing data reported through support cases. All connected cluster information is used by Red Hat to help make {product-title} better and more intuitive to use.

modules/telemetry-about-telemetry.adoc

@@ -5,14 +5,14 @@
 [id="telemetry-consequences-of-disabling-telemetry_{context}"]
 = Consequences of disabling remote health reporting
 
-In {product-title}, customers can opt out of reporting health and usage information. However, connected clusters allow Red Hat to react more quickly to problems and better support our customers, as well as better understand how product upgrades impact clusters.
+In {product-title}, customers can opt out of reporting usage information. However, connected clusters allow Red Hat to react more quickly to problems and better support our customers, as well as better understand how product upgrades impact clusters. Connected clusters also help to simplify the subscription and entitlement process and enable the {cloud-redhat-com} service to provide an overview of your clusters and their subscription status.
 
 Red Hat strongly recommends leaving health and usage reporting enabled for pre-production and test clusters even if it is necessary to opt out for production clusters. This allows Red Hat to be a participant in qualifying {product-title} in your environments and react more rapidly to product issues.
 
 Some of the consequences of opting out of having a connected cluster are:
 
 * Red Hat will not be able to monitor the success of product upgrades or the health of your clusters without a support case being opened.
-* Red Hat will not be able to use anonymized configuration data to better triage customer support cases and identify which configurations our customers find important.
+* Red Hat will not be able to use configuration data to better triage customer support cases and identify which configurations our customers find important.
 * The {cloud-redhat-com} will not show data about your clusters including health and usage information.
 ifndef::openshift-origin[]
 * Your subscription entitlement information must be manually entered via cloud.redhat.com without the benefit of automatic usage reporting.

modules/telemetry-consequences-of-disabling-telemetry.adoc

@@ -10,27 +10,26 @@ endif::[]
 [id="what-information-is-collected_{context}"]
 = Information collected by Telemetry
 
-Primary information collected by Telemetry includes:
+The following information is collected by Telemetry:
 
-* The number of updates available per cluster
-* Channel and image repository used for an update
-* The number of errors that occurred during an update
-* Progress information of running updates
-* The number of machines per cluster
-* The number of CPU cores and size of RAM of the machines
-* The number of members in the etcd cluster and number of objects currently stored in the etcd cluster
-* The number of CPU cores and RAM used per machine type - infra or master
-* The number of CPU cores and RAM used per cluster
+* The unique random identifier that is generated during an installation
+* Version information, including the {product-title} cluster version and installed update details that are used to determine update version availability
+* Update information, including the number of updates available per cluster, the channel and image repository used for an update, update progress information, and the number of errors that occur in an update
+* The name of the provider platform that {product-title} is deployed on and the data center location
+* Sizing information about clusters, machine types, and machines, including the number of CPU cores and the amount of RAM used for each
 ifdef::virt-cluster[]
-* The number of running virtual machine instances in the cluster
+* The number of running virtual machine instances in a cluster
 endif::virt-cluster[]
-* Use of {product-title} framework components per cluster
-* The version of the {product-title} cluster
-* Health, condition, and status for any {product-title} framework component that is installed on the cluster, for example Cluster Version Operator, Cluster Monitoring, Image Registry, and Elasticsearch for Logging
-* A unique random identifier that is generated during installation
-* The name of the platform that {product-title} is deployed on, such as Amazon Web Services
+* The number of etcd members and the number of objects stored in the etcd cluster
+* The {product-title} framework components installed in a cluster and their condition and status
+* Usage information about components, features, and extensions
+* Usage details about Technology Previews and unsupported configurations
+* Information about degraded software and nodes marked as `NotReady`
+* Events for all namespaces listed as "related objects" for a degraded Operator
+* Configuration details that help Red Hat Support to provide beneficial support for customers. This includes node configuration at the cloud infrastructure level, host names, IP addresses, Kubernetes pod names, namespaces, and services.
+* Information about the validity of certificates
 
-Telemetry does not collect identifying information such as user names, passwords, or the names or addresses of user resources.
+Telemetry does not collect identifying information such as user names, or passwords. Red Hat does not intend to collect personal information. If Red Hat discovers that personal information has been inadvertently received, Red Hat will delete such information. To the extent that any telemetry data constitutes personal data, please refer to the link:https://www.redhat.com/en/about/privacy-policy[Red Hat Privacy Statement] for more information about Red Hat’s privacy practices. 
 
 ifeval::["{context}" == "virt-openshift-cluster-monitoring"]
 :!virt-cluster:

modules/telemetry-what-information-is-collected.adoc

@@ -0,0 +1,17 @@
+// Module included in the following assemblies:
+//
+// * support/remote_health_monitoring/about-remote-health-monitoring.adoc
+
+[id="understanding-telemetry-and-insights-operator-data-flow_{context}"]
+= Understanding Telemetry and Insights Operator data flow
+
+The Telemeter Client collects selected time series data from the Prometheus API. The time series data is uploaded to api.openshift.com every four minutes and thirty seconds for processing.
+
+The Insights Operator gathers selected data from the Kubernetes API and the Prometheus API into an archive. The archive is uploaded to link:https://cloud.redhat.com[cloud.redhat.com] every two hours for processing. The Insights Operator also downloads the latest Insights analysis from link:https://cloud.redhat.com[cloud.redhat.com]. This is used to populate the *Insights status* pop-up that is included in the *Overview* page in the {product-title} web console.
+
+All of the communication with Red Hat occurs over encrypted channels by using Transport Layer Security (TLS) and mutual certificate authentication. All of the data is encrypted in transit and at rest.
+
+Access to the systems that handle customer data is controlled through multi-factor authentication and strict authorization controls. Access is granted on a need-to-know basis and is limited to required operations.
+
+.Telemetry and Insights Operator data flow
+image:telmetry-and-insights-operator-data-flow.svg[Telemetry and Insights Operator data flow]