From 08dd4981933bf141bc373c11a55eca6a6ce8aa01 Mon Sep 17 00:00:00 2001
From: MEM4GH <118773316+MEM4GH@users.noreply.github.com>
Date: Mon, 6 May 2024 16:55:28 -0400
Subject: [PATCH] Azure account prep - best I can do for now - ok for review

---
 .../prod-aws-console-deploy-ai-unlimited.md   |  1 -
 .../prod-azure-portal-deploy-manager.md       | 31 +++++++++++++-
 docs/resources/aws-requirements.md            |  8 ++--
 docs/resources/azure-requirements.md          | 42 ++++++-------------
 4 files changed, 46 insertions(+), 36 deletions(-)

diff --git a/docs/install-ai-unlimited/prod-aws-console-deploy-ai-unlimited.md b/docs/install-ai-unlimited/prod-aws-console-deploy-ai-unlimited.md
index f5aff821e8..1599647562 100644
--- a/docs/install-ai-unlimited/prod-aws-console-deploy-ai-unlimited.md
+++ b/docs/install-ai-unlimited/prod-aws-console-deploy-ai-unlimited.md
@@ -153,4 +153,3 @@ Now you're ready to [set up AI Unlimited](/docs/install-ai-unlimited/setup-ai-un
 
 
 
-
diff --git a/docs/install-ai-unlimited/prod-azure-portal-deploy-manager.md b/docs/install-ai-unlimited/prod-azure-portal-deploy-manager.md
index 6eaa2566b0..5d34ff3e73 100644
--- a/docs/install-ai-unlimited/prod-azure-portal-deploy-manager.md
+++ b/docs/install-ai-unlimited/prod-azure-portal-deploy-manager.md
@@ -64,7 +64,7 @@ Review the parameters. Provide values for the required parameters. Your organiza
 | Role Definition ID | The ID of the role to use with AI Unlimited.| Required<br/>Default: NA<br/>Use Azure CLI command- Get-AzRoleDefinition command to get your Role Definition ID. |
 | Allow Public SSH | Specifies whether you can use secure shell (SSH) keys to connect to VMs in Azure.|  Optional<br/>Default: true |
 | Use Key Vault | Specifies whether to use Key Vault to retrieve the secured password during a deployment. | Optional<br/>Default: New |
-| Use Persistent Volume | Specifies whether you want to use a persistent volume to store data.| Optional with default<br/>Default: New <br/>Supported options: New, None, Existing, depending on your use case. |
+| Use Persistent Volume | Specifies whether you want to use a persistent volume to store data. See *Learn more: Why use a persistent volume?* below the parameters section. | Optional with default<br/>Default: New <br/>Supported options: New, None, Existing, depending on your use case. |
 | Persistent Volume Size | The size of the persistent volume that you can attach to the instance, in GB. | Optional<br/>Default: 100 |
 | Existing Persistent Volume | <br/>The ID of the existing persistent volume that you can attach to the instance.| Required if UsePersistentVolume is set to Existing.<br/>Default: None<br/>The persistent volume must be in the same availability zone as the AI Unlimited instance. |
 | AI Unlimited Version | The version of the AI Unlimited you want to deploy. | Required with default<br/>Default: latest<br/>The value is a container version tag. |
@@ -73,6 +73,35 @@ Review the parameters. Provide values for the required parameters. Your organiza
 
 </details>
 
+<details>
+
+<summary>Learn more: Why use a persistent volume?</summary>
+
+The manager instance runs in a container and saves its configuration data in a database in the root volume of the instance. This data persists if you shut down, restart, or snapshot and relaunch the instance. 
+
+But a persistent volume stores data for a containerized application beyond the lifetime of the container, pod, or node in which it runs. 
+
+#### Without a persistent volume
+
+If the container, pod, or node crashes or terminiates, you lose the manager's configuration data. You can deploy a new manager instance, but not to the same state as the one that was lost.
+
+#### With a persistent volume
+
+If the container, pod, or node crashes or terminates, and the manager's configuration data is stored in a persistent volume, you can deploy a new manager instance that has the same configuration as the one that was lost.
+
+#### Example
+
+1. Deploy the manager, and set the `Use Persistent Volume` parameter to **New**.
+2. After you create the stack, on the **Outputs** page, note the `volume-id`.
+3. Use AI Unlimited.
+4. If the manager instance is lost, deploy the manager again, and include these parameters:
+   - `Use Persistent Volume`: **New**
+   - `Existing Persistent Volume`: the value you noted in step 2
+   
+The new manager instance has the same configuration as the one that was lost.
+
+</details>
+
 
 ## Create the instance
 
diff --git a/docs/resources/aws-requirements.md b/docs/resources/aws-requirements.md
index 63c4d08e02..31320d6a2c 100644
--- a/docs/resources/aws-requirements.md
+++ b/docs/resources/aws-requirements.md
@@ -10,12 +10,12 @@ pagination_next: null
 
 # AWS account requirements
 
-***()***
+***(This topic is still being discussed.)***
 
-- Work with your cloud admin to ensure you have the [Identity and Access Management (IAM)](https://aws.amazon.com/iam/) permissions to deploy cloud resources.
+- Work with your cloud admin to ensure you have the [Identity and Access Management (IAM)](https://aws.amazon.com/iam/) permissions to create cloud resources.
 
-- If you will need to access the manager instance, after it is installed, to run commands or debug, you can connect to it one of these ways:
-	- Generate a [key pair](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) now to securely connect using Secure Shell (SSH). You will need the key pair when you [specify the manager's stack details](/docs/install-ai-unlimited/prod-aws-console-ai-unlimited.md#aws-parms).
+- If you'll need to access the manager instance, after it is installed, to run commands or debug, you can connect to it one of these ways:
+	- Generate a [key pair](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) to securely connect using Secure Shell (SSH). You will need the key pair when you [specify the manager's stack details](/docs/install-ai-unlimited/prod-aws-console-ai-unlimited.md#aws-parms).
 	- Use AWS Session Manager to connect. To enable this, attach the [session-manager.json](https://github.com/Teradata/ai-unlimited/blob/develop/deployments/aws/policies/session-manager.json) policy to a [role you provide](#provide-roles) to the manager.
   
 - If you’re using an [Application Load Balancer (ALB)](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancer-getting-started.html) or [Network Load Balancer (NLB)](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancer-getting-started.html), make sure you have permission to manage these AWS services:
diff --git a/docs/resources/azure-requirements.md b/docs/resources/azure-requirements.md
index be675bf202..f2a65fc220 100644
--- a/docs/resources/azure-requirements.md
+++ b/docs/resources/azure-requirements.md
@@ -10,51 +10,33 @@ pagination_next: null
 
 # Azure account requirements
 
-- Work with your cloud admin to ensure you have [Azure role-based access control (RBAC)](https://learn.microsoft.com/en-us/azure/role-based-access-control/overview) permissions to deploy cloud resources.
+***(This topic is still being worked - please disregard for now.)***
 
-- Networking requirements: Your resource group must have an Azure Virtual Network (VNet) configured with a subnet. 
-- [Resource Group](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/manage-resource-groups-portal)
-- [Vnet](https://learn.microsoft.com/en-us/azure/virtual-network/quick-create-portal)
-- [Subnet](https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-subnet?tabs=azure-portal)
-- [role](https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles) 
+- Work with your cloud admin to ensure your Azure account has permissions to create the cloud resources definined in the [AI Unlimited template](https://github.com/Teradata/ai-unlimited/blob/develop/deployments/azure/ai-unlimited.json).
 
-You can use your existing VNet and subnets or create your own, depending on your account permissions. 
+- Networking requirements: Your Azure [resource group](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/manage-resource-groups-portal) must have an [Azure Virtual Network (VNet)](https://learn.microsoft.com/en-us/azure/virtual-network/quick-create-portal) configured with a [subnet](https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-subnet?tabs=azure-portal). Use an existing VNet or subnet, or create your own, depending on your account permissions. 
 
-- If you will need to access the manager instance, after it is installed, to run commands or debug, you can connect to it one of these ways:
-	- Generate a [key pair](https://learn.microsoft.com/en-us/azure/virtual-machines/linux/mac-create-ssh-keys) now to securely connect using Secure Shell (SSH). You will need the key pair when you [specify the manager's stack details](/docs/install-ai-unlimited/prod-azure-portal-deploy-manager.md#azure-parms).
+***(This roll link was included, how does it fit with the context? [role](https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles))***
 
+- If you'll need to access the manager instance, after it is installed, to run commands or debug, you can use a [key pair](https://learn.microsoft.com/en-us/azure/virtual-machines/linux/mac-create-ssh-keys) to securely connect using Secure Shell (SSH). You'll need the key pair when you [specify the manager's stack details](/docs/install-ai-unlimited/prod-azure-portal-deploy-manager.md#azure-parms).
 
-## Create a role with the required permissions	
 
-***Grabbed this from the Azure Demo installation before we removed it. True for the full installation too?***
+## Create the role required by the manager
 
-If the roles defined by your organization cannot deploy AI Unlimited ***(needs better wording--roles don't deploy)***, use the [role-policy](https://github.com/Teradata/ai-unlimited/blob/develop/deployments/azure/role-policy.json) ARM template. This template contains permissions to create an AI Unlimited instance and grants AI Unlimited permissions to create specific IAM ***[RBAC?]*** roles and policies for the AI Unlimited engines it deploys. Optionally, you can share the [ai-unlimited](https://github.com/Teradata/ai-unlimited/blob/develop/deployments/azure/policies/ai-unlimited.json) file with your cloud admin to create the custom role on your behalf. This file contains the subscription-level permissions required for AI Unlimited to deploy AI Unlimited engine instances within your resource groups.
+The manager's role allows it to deploy the engine. Each time the manager deploys the engine, AI Unlimited creates a new role for the engine to enable its nodes to communicate.
 
-***Need to look at the template - any readme.***
+***(Jack is looking into whether we provide the role or if the user has to provide it.)***
 
-If you have the permissions needed to create roles, [configure the custom roles and policies](https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-portal) on the **Access control (IAM)** page ***(AWS term)*** from the Azure portal.
+If you have the permissions needed to create roles, create the role for the manager using the [role-policy](https://github.com/Teradata/ai-unlimited/blob/develop/deployments/azure/role-policy.json) template. (with the [ai-unlimited.json](https://github.com/Teradata/ai-unlimited/blob/develop/deployments/azure/policies/ai-unlimited.json) policy?)
 
-To deploy the role-policy ARM template, do the following: ***This is "documenting a third-party UI" which we are not really supposed to do.***
+See [Create or update Azure custom roles using the Azure portal](https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-portal) for details.
 
-1. Sign in your [Azure portal](https://portal.azure.com) and select the **deploy a custom template** option. 
+You'll need the `RoleDefinitionId` when you [specify the manager's stack details](/docs/install-ai-unlimited/prod-azure-portal-deploy-manager.md#azure-parms). 
 
-2. Select **Build your own template in the editor** and load the [role-policy](https://github.com/Teradata/ai-unlimited/blob/develop/deployments/azure/role-policy.json) template.
+Optionally, you can share the [ai-unlimited.json](https://github.com/Teradata/ai-unlimited/blob/develop/deployments/azure/policies/ai-unlimited.json) file with your cloud admin to create the custom role for you.
 
-3. When the file contents appear in the editor, select **Save**. 
 
-4. On the **Custom deployment** page, fill in the details in the following fields: 
 
-    - **Subscription**: The Azure subscription that you want to use. 
-
-    - **Region**: The geographic location where you can deploy your resources. Use the location that’s closest to your working location. 
-
-    - **Name**: The name for the role for use with the AI Unlimited instance.
-
-5. Select **Review + Create**, and then **Create**. The template proceeds to deploy a simple network in a few minutes.  
-
-You can view the deployment status in **Notifications**.
-
-The **Output** tab shows the network names and `RoleDefinitionId`. You'll need these when you install AI Unlimited.