Merge branch 'master' of https://github.com/wavefrontHQ/docs into mst…

…-maint-windows

_data/sidebars/doc_sidebar.yml

@@ -15,10 +15,6 @@ entries:
       url: /wavefront_introduction.html
       output: web
 
-    - title: "Subscription Types"
-      url: /subscriptions-differences.html
-      output: web
-
     - title: Product FAQ
       output: web
       url: /tobs_faq.html
@@ -27,14 +23,44 @@ entries:
     output: web
     folderitems:
 
-    - title: Upgrade from Trial to Paid
-      url: /upgrade_and_purchase.html
+    - title: Subscription Types
+      url: /subscriptions-differences.html
       output: web
 
-    - title: Purchase Additional Capacity
-      url: /purchase_additional_capacity.html
+      subfolders:
+
+      - title: Differences Explained
+        output: web
+        subfolderitems:
+
+          - title: "UI Differences"
+            url: /csp-ui-differences.html
+            output: web
+
+          - title: "Functionality Differences"
+            url: /csp-differences-by-area.html
+            output: web
+
+      - title: Free Trial and Purchases
+        output: web
+        subfolderitems:
+
+        - title: Start a Free Trial
+          url:  /start_trial.html
+          output: web
+
+        - title: Upgrade from Trial to Paid
+          url: /upgrade_and_purchase.html
+          output: web
+
+        - title: Purchase Additional Capacity
+          url: /purchase_additional_capacity.html
+          output: web
+
+    - title: "Onboarding Original to VMware Cloud Services"
+      url: /csp_migration.html
       output: web
-
+   
   - title: Quickstart & Tutorials
     output: web
     folderitems:
@@ -471,6 +497,10 @@ entries:
     - title: Integrations Overview
       url: /integrations.html
       output: web
+
+    - title: How Integration Authentication Works
+      url: /integrations_onboarded_subscriptions.html
+      output: web
 
     - title: Complete List of Integrations
       url: /label_integrations%20list.html
@@ -922,6 +952,14 @@ entries:
           - title: Manage Server to Server Apps
             url: /csp_server_to_server_apps.html
             output: web
+
+          - title: Manage Service Accounts
+            url: /csp_service_accounts.html
+            output: web
+
+          - title: Manage Tokens
+            url: /csp_api_tokens.html
+            output: web
 
         - title: Manage Access to Objects
           output: web

pages/doc/2020_10.x_release_notes.md

@@ -32,7 +32,7 @@ If you are currently using an IAM Policy with Limited Access, review our changes
 
 Changes support more efficient and new APIs we are using. For example, in the next release (2010.14.x) we will start querying Cloudwatch using `cloudwatch:GetMetricData` API calls (instead of the older `cloudwatch:GetMetricStatistics` API calls). As a result, we can fetch multiple metrics in one API call and significantly reduce the number of API calls for retrieving metrics from AWS.
 
-
+ 
 ## Operators gt, lt, ge, le, eq, ne
 
 The new operators allow you to easily [filter on the query line](query_language_recipes.html#compare-with-operators-lt-gt-le-ge-eq-ne). You can use multiple operators, for example, to find values that are between specified values, as in this example:

pages/doc/accounts-service.md

@@ -7,7 +7,7 @@ permalink: service-accounts.html
 summary: Create and manage service accounts.
 ---
 
-{% include note.html content="Starting July 3, 2023, VMware Aria Operations for Applications is a service on the VMware Cloud services platform. The content in this chapter is valid for **original** subscribers. For VMware Cloud services subscriptions, see [Manage Server to Server Apps](csp_server_to_server_apps.html)."%}
+{% include note.html content="Starting July 3, 2023, VMware Aria Operations for Applications is a service on the VMware Cloud services platform. The content in this chapter is valid for **original** subscribers. For VMware Cloud services subscriptions, see [Manage Server to Server Apps](csp_server_to_server_apps.html) and [Manage Service Accounts](csp_service_accounts.html)."%}
 
 VMware Aria Operations for Applications (formerly known as Tanzu Observability by Wavefront) supports service accounts that can be used to automate management of objects such as dashboards, alerts, etc. A service account can't perform the **UI operations** that all user accounts can [perform by default](user-accounts.html#what-can-a-new-user-do). There's no limit on the number of service accounts that you can create in your organization. 
 
@@ -19,11 +19,11 @@ Each service account that you create is automatically added to the **Service Acc
 
 Service accounts are used for automating management tasks.
 
-* A service account uses a **token** to authenticate.
+* A service account uses an **API token** to authenticate.
 * Each account is automatically added to the **Service Accounts** group. If a role is assigned to that group, the service account gets the permissions from that role.
 * Service accounts can be added to any group to get that group's role (and permissions).
 
-As a user with the **Accounts** permission, you [generate (and revoke, if needed)](api_tokens.html#generate-and-manage-the-api-tokens-for-a-service-account) authentication tokens for the service account. It’s also possible to deactivate a service account completely. 
+As a user with the **Accounts** permission, you [generate (and revoke, if needed)](api_tokens.html#generate-and-manage-the-api-tokens-for-a-service-account) API tokens for the service account. It’s also possible to deactivate a service account completely. 
 
 ## How Service Accounts Work
 

pages/doc/api_tokens.md

@@ -7,7 +7,7 @@ permalink: api_tokens.html
 summary: Learn how you can generate and manage API tokens in VMware Aria Operations for Applications (previously known as Tanzu Observability by Wavefront).
 ---
 
-{% include note.html content="Starting July 3, 2023, VMware Aria Operations for Applications is a service on the VMware Cloud services platform. The content in this chapter is valid for **original** subscribers. VMware Cloud services subscriptions use VMware Cloud services API tokens. For details, see [Subscription Types](subscriptions-differences.html)."%}
+{% include note.html content="Starting July 3, 2023, VMware Aria Operations for Applications is a service on the VMware Cloud services platform. The content in this chapter is valid for **original** subscriptions. For VMware Cloud services subscriptions, see [Manage Tokens](csp_api_tokens.html)."%}
 
 Before you can invoke the [REST API](wavefront_api.html) using `curl` or from an API client, you must have an API token. An API token is a string of hexadecimal characters and dashes. For example:
 

pages/doc/csp_access.md

@@ -11,19 +11,14 @@ summary: Control access to individual dashboards and alerts.
 
 VMware Cloud services supports the roles and groups authorization paradigm for managing global permissions in VMware Aria Operations for Applications. For example, a user with the **Dashboards** service role can manage *all* dashboards in Operations for Applications. This paradigm is sufficient for many of our customers.
 
-Users with the [**Super Admin** service role](csp_users_roles.html#operations-for-applications-service-roles-built-in) who need finer-grained control can manage access on a per-object basis. We currently support access control for dashboards and alerts.
+Users with the **Admin** and **Super Admin** service roles who need finer-grained control can manage access on a per-object basis. We currently support access control for dashboards and alerts.
 
 {% include note.html content="Permission and access control are additive. To make changes to a dashboard, you must have a role with the **Dashboards** permission and **View and Modify** access for that dashboard." %}
 
-{% include tip.html content="In addition to access control, Operations for Applications also support [metrics security policy rules](csp_metrics_security.html) which allow fine-grained control over which users can see which metrics." %}
+{% include tip.html content="In addition to access control, Operations for Applications also supports [metrics security policy rules](csp_metrics_security.html) which allow fine-grained control over which users can see which metrics." %}
 
-This video shows how to limit access for a dashboard, how to give access (share) that dashboard, and how to set the security setting. You can manage access for alerts the same way. 
 
-Note that this video was created in 2020 and some of the information in it might have changed. It also uses the 2020 version of the UI.
-
-<p><iframe id="kmsembed-1_lckq6foe" width="700" height="400" src="https://vmwaretv.vmware.com/embed/secure/iframe/entryId/1_lckq6foe/uiConfId/49694343/st/0" class="kmsembed" allowfullscreen webkitallowfullscreen mozAllowFullScreen allow="autoplay *; fullscreen *; encrypted-media *" referrerPolicy="no-referrer-when-downgrade" frameborder="0" title="Object-Based Access Control"></iframe></p>
-
-{% include note.html content="After the access setting is set to **Object Creator** in an environment, only the creator of a new object and the users with **Super Admin** service role can view and modify new objects initially. Those users can give access to the object with other groups or users." %}
+{% include note.html content="After the access setting is set to **Object Creator** in an environment, only the creator of a new object and users the **Super Admin** service role can view and modify new objects initially. Those users can give access to the object with other groups or users." %}
 
 
 ## How Access Control Works
@@ -37,10 +32,10 @@ Operations for Applications supports granting and revoking access to dashboards
   - Restrict or grant access for individual alerts from the Alerts browser.
   - Click the **Share** icon on individual alerts to change who has access.
 
-In high-security environments, users with the **Super Admin** service role can change the security setting to **Object Creator**. After that change:
-* Each *new* object (dashboard or alert) is visible only to the creator of the object and to the users with the **Super Admin** service role with enabled Super Admin mode.
+In high-security environments, users with the **Admin** and **Super Admin** service roles can change the security setting to **Object Creator**. After that change:
+* Each *new* object (dashboard or alert) is visible only to the creator of the object and to the users with the **Admin** service role.
 * The object creator and the users with the **Super Admin** service role can then share new dashboards with groups or users.
-* If a user with the **Super Admin** service role changes the security setting back to allow **Everyone** access, then the objects that were created while the strict security setting was set, continue to be governed by access control.
+* If a user with the **Admin** or **Super Admin** service role changes the security setting back to allow **Everyone** access, then the objects that were created while the strict security setting was set, continue to be governed by access control.
 
 ## Change Access for One or More Dashboards or Alerts
 
@@ -79,17 +74,18 @@ Initially, all users can *view* all dashboards and alerts. In addition, global p
 * Users with **Dashboards** permission can modify all dashboards.
 * Users with **Alerts** permission can modify all alerts.
 
-As a user with the **Super Admin** service role, you can restrict access for new dashboards and alerts:
+As a user with the **Admin** or **Super Admin** service role, you can restrict access to new dashboards and alerts:
 
-1. Log in to your service instance and [enable Super Admin mode](csp_users_account_managing.html#enable-or-disable-super-admin-mode).
+1. Log in to your service instance.
+1. If you are a **Super Admin** user, [enable Super Admin mode](csp_users_account_managing.html#enable-or-disable-super-admin-mode).
 1. From the gear icon <i class="fa fa-cog"/> on the toolbar, select **Organization Settings**.
 2. Click the **Security** tab and select **Object Creator**.
 
-After the change, access to new dashboards and new alerts is initially limited to the dashboard creator and the users with the **Super Admin** service role. Those users can share the objects with groups or individual users by giving **View** access or **View & Modify** access.
+After the change, access to new dashboards and new alerts is initially limited to the dashboard creator and the users with the **Admin** or **Super Admin** service roles. Those users can share the objects with groups or individual users by giving **View** access or **View & Modify** access.
 
-{% include note.html content="A change to the security setting applies only to dashboards and alerts created after the change. If you change the setting to **Object Creator**, only new dashboards and alerts have restricted access. If you later change the setting to **Everyone**, all dashboards and alerts that were created while the setting was **Object Creator** keep the restricted access." %}
+{% include note.html content="A change to the security setting applies only to dashboards and alerts created **after** the change. If you change the setting to **Object Creator**, only new dashboards and alerts have restricted access. If you later change the setting to **Everyone**, all dashboards and alerts that were created while the setting was **Object Creator** keep the restricted access." %}
 
-By default, service accounts (which correspond to server to server apps in VMware Cloud services) don't have browse permissions. However, you can also grant access for new dashboards and alerts to service accounts:
+By default, service accounts (which includes the [server to server apps](csp_server_to_server_apps.html) in VMware Cloud services as well as the [service accounts](csp_service_accounts.html) in Operations for Applications) don't have browse permissions. However, you can also grant access for new dashboards and alerts to service accounts:
 
 1. From the gear icon <i class="fa fa-cog"/> on the toolbar, select **Organization Settings**.
 2. Click the **Security** tab, select **Grant Modify Access To:  Everyone** and **Service Accounts**.
@@ -101,7 +97,7 @@ If you can no longer access a dashboard or alert, it was either deleted (moved t
 * If a dashboard was deleted and moved to trash less than 30 days ago, a user with the **Dashboards** permission can [restore the deleted dashboard](ui_dashboards.html#delete-and-recover-a-deleted-dashboard).
 * If an alert was deleted and moved to trash less than 30 days ago, a user with the **Alerts** permission can [restore the deleted alert](alerts_manage.html#restore-a-deleted-alert).
 * If a dashboard was deleted and moved to trash more than 30 days ago, or was permanently deleted, and no one, including users with the **Super Admin** service role, can find the dashboard. A user with the **Super Admin** can attempt to [restore the dashboard by using the API](#recover-a-permanently-deleted-dashboard).
-* If the access settings to a dashboard or alert have changed, you can ask a user with the **Super Admin** service role to [restore the access for you](#changing-access-for-individual-dashboards-or-alerts).
+* If the access settings to a dashboard or alert have changed, you can ask a user with the **Admin** or **Super Admin** service role to [restore the access for you](#changing-access-for-individual-dashboards-or-alerts).
 * If all users and groups can no longer access a specific dashboard or alert, a user with the **Super Admin** service role may need to check if it is in an orphaned state. A user with the **Super Admin** service role can [make orphan dashboards and alerts visible](#make-orphan-dashboards-or-alerts-visible).
 
 Only a user with the **Super Admin** service role can restore dashboard permissions and attempt to restore a permanently deleted dashboard.
@@ -125,10 +121,10 @@ A permanently deleted dashboard does not show in the trash and becomes inaccessi
 2. From the gear icon <i class="fa fa-cog"/> on the toolbar, select **API Documentation**.
 3. Expand the **Dashboard** category and click the `GET api/v2/dashboard/{id}/history/{version}` request.
 4. Enter the dashboard name as the `"id"` parameter.
-   For example, if the dashboard URL is `https://<your_instance>.wavefront.com/dashboards/MY-DASHBOARD`, then the `"id"` that you should enter is *MY-DASHBOARD*.
+   For example, if the dashboard URL is `https://<your_instance>.wavefront.com/dashboards/MY-DASHBOARD`, then the `"id"` that you should enter is `MY-DASHBOARD`.
 5. Enter the last known version of the dashboard as an integer.
 
-   If you don't know the version, you can enter *1*. This way, you also determine whether the dashboard `"id"` input has ever existed.
+   If you don't know the version, you can enter `1`. This way, you also determine whether the dashboard `"id"` input has ever existed.
 
 6. Click **Execute**.
 
@@ -148,17 +144,17 @@ A permanently deleted dashboard does not show in the trash and becomes inaccessi
 
 
    ```
-{
-  "modifyAclAccess":true,
-  "hidden":false,
-  "parameters":{},
-    "name":"MY DASHBOARD",
-    "id":"MY-DASHBOARD",
-    ...
-
-    "favorite":false,
-    "numCharts":2
-}
+   {
+   "modifyAclAccess":true,
+   "hidden":false,
+   "parameters":{},
+      "name":"MY DASHBOARD",
+      "id":"MY-DASHBOARD",
+      ...
+
+      "favorite":false,
+      "numCharts":2
+   }
 
    ```
 8. Click the `POST api/v2/dashboard/` request.
@@ -170,4 +166,4 @@ A permanently deleted dashboard does not show in the trash and becomes inaccessi
 
 10. Validate that the dashboard is now live again.
 
-    For example, navigate to `https://<your_instance>.wavefront.com/dashboards/MY-DASHBOARD/history` and you should now be able to review the dashboard history by using the GUI.
+    For example, navigate to `https://<your_instance>.wavefront.com/dashboards/MY-DASHBOARD/history` and you should now be able to review the dashboard history by using the Operations for Applications UI.