docs: minor updates

Author: vburckhardt

docs/part1/10-project.md

@@ -47,7 +47,7 @@
         Copy and paste the **full** content including the ssh-rsa and the user name pieces - for instance: `ssh-rsa ... ibmuser@student` 
 
         b. `region`: The region that you want to deploy in. \
-        c. `prefix`: Your initials.
+        c. `prefix`: `<your initials>`.
 
         ![Configuration](../images/part-1/10-configuration.png)
 

docs/part1/20-operator-access.md

@@ -18,37 +18,43 @@ In this lab, you expose one of the VSIs in the management VPC as a 'jump-box'. T
 Complete the following steps to enable public SSH access to one of the VSI in the management VPC. This VSI is the unique operator entry point ('jump-box') to the landing zone VPC topology.
 
 1. Access the [Virtual server instances for VPC list](https://cloud.ibm.com/vpc-ext/compute/vs).
-2. Verify that the region is set to the region you provisioned your resources and click the VSI labeled `<your_initials>-management-server-1`.
-3. Add a floating IP address by clicking the pencil icon in the Network Interface section. Reserve a new floating IP address.
+1. Verify that the region is set to the region you provisioned your resources and click the VSI labeled `<your_initials>-management-server-1`.
+1. Add a floating IP address by clicking the pencil icon in the Network Interface section. Reserve a new floating IP address.
 
-    ![Pencil icon](../images/part-1/20-network-int-pencil.png)
-
-    :exclamation: **Important**: Take note of the public floating IP address. You need it later.
+    ![Pencil icon](../images/part-1/20-network-int-pencil.png)    
 
     ![Floating IP address](../images/part-1/20-floating-ip.png)
 
-5. Click **Save**.
-6. In the [Security Groups for VPC](https://cloud.ibm.com/vpc-ext/network/securityGroups), click the one labeled `<your_initials>-management`.
-7. Go to the Rules section and allow port 22 for SSH inbound access by clicking **Create** in the _Inbound rules_ section.
+    :exclamation: **Important**: Take note of the public floating IP address. You need it later.
+
+1. Click **Save**.
+1. In the [Security Groups for VPC](https://cloud.ibm.com/vpc-ext/network/securityGroups), click the one labeled `<your_initials>-management`.
+1. Go to the Rules section and allow port 22 for SSH inbound access by clicking **Create** in the _Inbound rules_ section.
 
     :information_source: **Tip**: Security groups are stateful so you don’t need to add a corresponding outbound rule.
 
     ![Allow SSH in Security group](../images/part-1/20-ssh-sg.png)
 
-8. Click **Create**.
-9. In the [Access control lists for VPC](https://cloud.ibm.com/vpc-ext/network/acl), click the one labeled `<your_initials>-management-acl`.
-10. Create the following ACL inbound rule for SSH access:
+1. Click **Create**.
+1. In the [Access control lists for VPC](https://cloud.ibm.com/vpc-ext/network/acl), click the one labeled `<your_initials>-management-acl`.
+1. Create the following ACL inbound rule for SSH access:
 
     ![SSH ACL Inbound rule](../images/part-1/20-ssh-acl-inbound.png)
 
-11. Create the following ACL outbound rule for SSH access:
+1. Create the following ACL outbound rule for SSH access:
 
     ![SSH ACL Outbound rule](../images/part-1/20-ssh-acl-outbound.png)
 
-12. You can now access the 'jump-box' through the public floating IP address that you provisioned earlier. On your computer, issue the following command from the terminal or command window:
+1. You can now access the 'jump-box' through the public floating IP address that you provisioned earlier. On your computer, issue the following command from the terminal or command window:
 
     ```sh
     ssh -i ./lab-key root@<Floating IP of Virtual server instance>
     ```
 
     Replace \<Floating IP of Virtual server instance> with the address that you reserved earlier.
+
+1. You can terminate the ssh session with the following command.
+
+    ```sh
+    exit
+    ```

docs/part1/30-apache-server.md

@@ -23,29 +23,31 @@ By default, the workload VSI (Virtual Server Instance) is locked down from the m
       ![Management SSH ACL Outbound rule](../images/part-1/30-mgmt-ssh-acl-outbound.png)
 
 1. Access the workload VSI by completing the following steps:
+
     1. Go to [Virtual server instances for VPC](https://cloud.ibm.com/vpc-ext/compute/vs). Take note of the private IP("Reserved IP") for the VSI labeled `<your_initials-workload-server-1` (`10.40.10.4` in this example). You need it later.
 
         ![Private IP](../images/part-1/30-private-ip.png)
 
-    1. From your computer, copy the private key that is labeled `lab_key`` to the Bastion host.
+    1. From your computer, copy the private key that is labeled `lab_key` to the jump-box host. 
+    The floating IP of the jump box is the public IP that you kept a note of in [Operator Access](./part1/20-operator-access)
 
         ```sh
-        scp -i lab-key lab-key root@<Floating IP address of bastion host>:/root
+        scp -i lab-key lab-key root@<Floating IP address of the jump box>:/root
         ```
 
-   1. SSH to the bastion host
+   1. SSH to the jump box host
 
       ```sh
-      ssh -i ./lab-key root@<Floating IP of Virtual server instance>
+      ssh -i ./lab-key root@<Floating IP address of the jump box>
       ```
 
    1. Change permissions of the private key
 
       ```sh
       chmod 600 lab-key
-      ```
+      ```   
 
-   1. SSH to the workload VSI
+   1. SSH to the workload VSI using the private IP noted above in step 3.1. The jump-box has got connectivity to the private IP of the workload VSI.
 
       ```sh
       ssh -i ./lab-key root@<Private IP address of the workload VSI>

docs/part1/40-expose-web-app.md

@@ -1,6 +1,8 @@
 # Exposing the web application to the internet
 
-In this part of the lab, you expose the web pages to the internet through a VPC load balancer so that anyone can access them.
+In this part of the lab, you expose the web pages to the internet through a VPC load balancer so that anyone can access them. 
+
+The load balancer enables to distribute traffic among multiple application server instances running in the VPC (the workload VSIs), and by forwarding traffic to healthy instances only. Further details on load balancing, and the IBM Cloud Load Balancer are available in the [IBM Cloud documentation](https://cloud.ibm.com/docs/loadbalancer-service?topic=loadbalancer-service-getting-started).
 
 1.  Create a public load balancer to expose the web application.
     1. Access the [Load balancers for VPC](https://cloud.ibm.com/vpc-ext/network/loadBalancers) page.
@@ -19,6 +21,7 @@ In this part of the lab, you expose the web pages to the internet through a VPC
         - Pool protocol: `HTTP`
         - Health Port: `80`
     - Click **Attach server +** in the Back-end pools section and add the VSI that is in the subnet `<your_initials>-workload-vsi-zone-1` with a server port of `80`.
+        - (Optional) If you deployed the Apache server on the workload VSIs 2 and 3 in [Install Apache server](/./part1/30-apache-server) , you may repeat this step to attach `<your_initials>-workload-server-2` and `<your_initials>-workload-server-3` to the back-end pool.
     - Create a front-end listener by clicking **Create listener** and set the Listener port to `80`.
     - Under the _Security Group_ section, clear all settings except the one labeled `<your_initials>-workload`.
     - Click **Create load balancer**.

docs/part1/50-going-further.md

@@ -2,7 +2,7 @@
 
 To keep the lab simple, you give operator access through a VSI jump-box in the management VPC. Then you expose the web application directly through a public load balancer that is attached to the worker VPC.
 
-These approaches provide a reasonable level of security, satisfy a number of compliance controls, and might be sufficient for a number of industries and enterprises. If you want more security and need to comply with different controls, consider the following information to set a more secure and compliant posture.
+These approaches may be sufficient for a number of industries and enterprises. However, if you want more security and need to comply with different controls, consider the following information to set a more secure and compliant posture.
 
 ## Other ways to provide operator access
 
@@ -12,7 +12,7 @@ Some secure options to consider for providing network connectivity to the manage
 
     ![Client-to-site VPN](../images/part-1/50-c2s.png)
 - A [site-to-site VPN](https://cloud.ibm.com/docs/vpc?topic=vpc-using-vpn) to connect the management VPC to another private network. The landing zone deployable architecture creates a site-to-site gateway for this purpose.
-- Direct LInk, which extends an organization data center network. For a starting point with more details, see [Connecting application provider to the management VPC](https://cloud.ibm.com/docs/framework-financial-services?topic=framework-financial-services-vpc-architecture-connectivity-management).
+- Direct Link, which extends an organization data center network. For a starting point with more details, see [Connecting application provider to the management VPC](https://cloud.ibm.com/docs/framework-financial-services?topic=framework-financial-services-vpc-architecture-connectivity-management).
 
 From a compliance perspective, record all interactive operator actions with a bastion solution. Operators connect through the bastion, which records all interactive session actions for auditing. For more information, see [Running operator actions through a bastion host
 ](https://cloud.ibm.com/docs/framework-financial-services?topic=framework-financial-services-vpc-architecture-connectivity-bastion) in the IBM cloud Framework for Financial Services docs. For a tutorial that uses the 3rd-party solution Teleport, see [Setting up a bastion host that uses Teleport](https://cloud.ibm.com/docs/framework-financial-services?topic=framework-financial-services-vpc-architecture-connectivity-bastion-tutorial-teleport).