IBM · vburckhardt · Aug 30, 2023 · Aug 8, 2023 · Aug 8, 2023 · Aug 8, 2023
diff --git a/app-install/main.tf b/app-install/main.tf
@@ -26,6 +26,7 @@ resource "null_resource" "application-install" {
 
   provisioner "remote-exec" {
     inline = [
+      "apt-get update",
       "apt-get install apache2 -y"
     ]
   }

diff --git a/docs/README.md b/docs/README.md
@@ -1,18 +1,30 @@
-# Seamless App Deployment with IBM Cloud's Secure Landing Zone
+# Seamless Deployment: From Provisioning to Runtime With the IBM Cloud VPC landing zone
 
-With the release of IBM Cloud Deployable Architectures, it is easy to provision an exisiting pre-defined architecture or customize and import.
+The introduction of IBM Cloud [deployable architectures](https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-faqs) makes it easy to provision predefined architecture in no time.
 
-In this hands-on lab, you will learn to:
+## 📖 What you will learn
 
-1. Create a customized VPC-based topology using the VPC Landing Zone Deployable Architecture
-2. Deploy and expose a web application on top of this secure topology. For this lab, we will use an Apache service as an example.
-3. Share this deployable pattern with your enterprise through the IBM Cloud Private Catalog
+In this hands-on lab, you will learn how to work with the VPC landing zone deployable architecture to accomplish these goals.
 
-The objective of this lab is split into two distinct parts. The first part is built as a stepping stone for the second part.
+1. Create a customized VPC-based topology from the VPC landing zone deployable architecture.
+2. Deploy and expose a web application on this secure topology. For this lab, we use an Apache service as an example.
+3. Share this deployable pattern with your enterprise through the IBM Cloud private catalog.
 
-- Part 1 shows how the end-to-end steps to deploy a sample web application on top of a secure VPC-topology in your own account.
-  - The secure VPC-based topology will be deployed using the Landing Zone Deployable Architecture.
-  - Operator access will be provided through a manually deployed jump box VSI
-  - An Apache server will be deployed in a secure VSI workload VPC
-  - The web application will be exposed for outside access.
-- Part 2 shows how to automate the manual steps in Part 1, and then, how to package, and share the automation as a “Deployable Architecture” with other user through a private IBM Cloud Catalog
+The lab also introduces some concepts and background to help you to better get the "bigger" picture at the beginning. However, the hands-on steps are designed to be independent from the concepts and background information.
+
+## Lab structure
+
+Two labs are available. The two labs are independent. However, the first lab is a stepping stone in term of knowledge to the second lab.
+
+In [Lab 1](./part1/00-objectives), you take the perspective of a cloud infrastructure engineer:
+
+1. Use the [landing zone deployable architecture](https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview) to automatically deploy a secure VPC-based topology in an IBM Cloud account.
+2. Manually customize the deployed infrastructure in the account in the following ways:
+    a. Provide operator access through a "jump box" VSI.
+    b. Install an Apache server in one of the workload VPCs that serves the web pages.
+    c. Expose the web pages that are served by the Apache server through a public VPC load balancer.
+
+In [Lab 2](./part2/00-objectives), you are a DevOps/automation engineer:
+
+1. Automate all the manual steps in lab 1.
+2. Package, and share the automation with other users as a **Deployable architecture** through a private IBM Cloud catalog. This packaging in a private catalog helps specific users to find and consume your automation.
diff --git a/docs/about/10-fs-cloud.md b/docs/about/10-fs-cloud.md
@@ -1,25 +1,9 @@
-# VPC Landing Zone
+# IBM Cloud for Financial Cloud Services Framework
 
-IBM VPC Landing Zone (“SLZ”) is a set of [Infrastructure-As-Code](https://en.wikipedia.org/wiki/Infrastructure_as_code) automation that enables creating a fully customizable VPC environment within a single region. The VPC Landing Zone is implemented in terraform and automates the provisioning, configuring, and integration of several services that participates in the realization of a compliant VPC-based topology:
+IBM Cloud Framework for Financial Services provides comprehensive and detailed guidance around regulatory compliance, security, and resiliency to help address the needs of enterprises both during initial deployment and with ongoing operations. For more information, see [Getting started with IBM Cloud for Financial Services](https://cloud.ibm.com/docs/framework-financial-services?topic=framework-financial-services-about).
 
-- A resource group for cloud services and for each VPC.
-- Cloud Object Storage instances for flow logs and Activity Tracker
-- Encryption keys in either a Key Protect or Hyper Protect Crypto Services instance
-- A management and workload VPC connected by a transit gateway
-- A flow log collector for each VPC
-- All necessary networking rules to allow communication.
-- Virtual Private Endpoint (VPE) for Cloud Object Storage in each VPC
-- A VPN gateway in the management VPC
+The framework was initially based on the needs of financial institutions, as its name indicates. However, it can be used as a compliance and security starting point and baseline for most industries.
 
-[Available VPC Landing Zone terraform modules](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone)
-
-VPC Landing Zone comes with four fully functional patterns that are strictly following the IBM Cloud Financial Services reference architecture:
-
-- VPC pattern
-- VPC with Virtual Servers (“VSIs”) – which the lab will use.
-- VPC with OpenShift
-- VPC with VSIs and OpenShift (“mixed”) pattern.
-
-Each of the patterns can be used as a starting point to create your own customizable VPC-based topology that matches your enterprise or customer exact needs.
+The framework provides secure [VPC reference architectures](https://cloud.ibm.com/docs/framework-financial-services?topic=framework-financial-services-vpc-architecture-about) that meet a number of regulatory controls.
 
 ![VPC reference architecture](../images/about-fs-cloud.png)
diff --git a/docs/about/20-vpc-landing-zone.md b/docs/about/20-vpc-landing-zone.md
@@ -1,9 +1,29 @@
-# IBM Cloud for Financial Cloud Services Framework
+# VPC landing zone
 
-The IBM Cloud Financial Cloud Services Framework provides comprehensive and detailed guidance to help address the needs of enterprises with regulatory compliance, security, and resiliency during the initial deployment phase and with ongoing operations.
+IBM VPC landing zone (also referred to as "SLZ" for secure landing zone) is [Infrastructure-As-Code](https://en.wikipedia.org/wiki/Infrastructure_as_code) automation that enables you to create a fully customizable VPC environment within a single region. The VPC landing zone is implemented in Terraform and automates the provisioning, configuring, and integration of several services that participate in the realization of a compliant VPC-based topology that is aligned with the documented [IBM Cloud for Financial Cloud Services Framework](./about/10-fs-cloud).
 
-Whilst the framework was initially based on the needs of financial institutions, as its name indicates, it can be used as a starting point and baseline for meeting compliance and security for most industries.
+The automation is available as a set of [Terraform modules on GitHub](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone). The automation creates and configures all of the resources necessary to create a secure and compliant topology:
+- A resource group for cloud services and for each VPC
+- Cloud Object Storage instances for flow logs and Activity Tracker (access and audit logs)
+- Encryption keys in either a Key Protect or Hyper Protect Crypto Services instance
+- A management and workload VPC connected by a transit gateway
+- A flow log collector for each VPC
+- All necessary networking rules to allow communication.
+- Virtual Private Endpoint (VPE) for Cloud Object Storage in each VPC
+- A VPN gateway in the management VPC
 
-[Getting started with IBM Cloud for Financial Services](https://cloud.ibm.com/docs/framework-financial-services?topic=framework-financial-services-about)
+# Landing zone patterns
 
-The framework provides secure [VPC reference architectures](https://cloud.ibm.com/docs/framework-financial-services?topic=framework-financial-services-vpc-architecture-about) meeting with a number of regulatory controls.
+
+VPC landing zone comes with four fully functional patterns that follow the IBM Cloud Framework for Financial Services reference architecture:
+
+- VPC pattern
+- VPC with Virtual Servers ("VSIs") – which the lab uses.
+- VPC with Red Hat OpenShift ("ROKS")
+- VPC with VSIs and Red Hat OpenShift ("mixed") pattern.
+
+|  VPC pattern                   |  Virtual server pattern          |  Red Hat OpenShift pattern       | Mixed pattern                      |
+| ------------------------------ | -------------------------------- | -------------------------------- | ---------------------------------- |
+| [![VPC](https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/reference-architectures/vpc.drawio.svg)](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone/blob/main/patterns/vpc/README.md) | [![VSI](https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/reference-architectures/vsi-vsi.drawio.svg)](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone/blob/main/patterns/vsi/README.md) | [![ROKS](https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/reference-architectures/roks.drawio.svg)](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone/blob/main/patterns/roks/README.md) |  [![Mixed](https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/.docs/images/mixed.png)](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone/blob/main/patterns/mixed/README.md) |
+
+You can use any pattern as a starting point to create a customizable VPC-based topology that supports your customer needs or the needs of your enterprise.
diff --git a/docs/about/30-deployable-arch.md b/docs/about/30-deployable-arch.md
@@ -1,21 +1,21 @@
-# Deployable Architecture
+# Deployable architecture
 
-“Deployable Architecture” is officially defined as “Cloud automation for deploying a common architectural pattern that combines one or more cloud resources that is designed for easy deployment, scalability, and modularity.”
+A deployable architecture is defined as "Cloud automation for deploying a common architectural pattern that combines one or more cloud resources that is designed for easy deployment, scalability, and modularity.
 
-More specifically, and concretely, from a technical perspective, “Deployable Architectures” are essentially terraform modules that are fully integrated into the IBM Cloud experience. Deployable Architecture are:
+From a technical perspective, deployable architectures are essentially Terraform modules that are fully integrated into the IBM Cloud experience. Deployable architectures have these characteristics:
 
-- Discoverable and available through the IBM Cloud Catalog (and through IBM Cloud search)
-- Fully integrated in IBM Cloud Projects and Schematics.
+- Discoverable and available through the IBM Cloud catalog (and through IBM Cloud search)
+- Fully integrated in IBM Cloud projects and Schematics
 - Integrated with [IBM Cloud Risk Analyzer](https://cloud.ibm.com/docs/code-risk-analyzer-cli-plugin?topic=code-risk-analyzer-cli-plugin-cra-cli-plugin#terraform-command)
 
-In other words, it is possible for an end-user to execute the terraform automation behind a “Deployable Architecture” just from a few clicks and inputs in the IBM Cloud console.
+In other words, a user can run the Terraform automation behind a deployable architecture just from a few clicks and inputs in the IBM Cloud console.
 
-![Deployable Architecture console](../images/about-deployable-arch.png)
+![Deployable architecture console](../images/about-deployable-arch.png)
 
-The Landing Zone terraform module and patterns described just above have a corresponding [Deployable Architecture](https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview) in IBM Cloud. In this lab, the Secure Landing Zone is consumed through the Deployable Architecture experience for ease of use, rather than using the terraform CLI against the open-source github version.
+The landing zone Terraform module and patterns that are described in [🌍 VPC landing zone](./about/20-vpc-landing-zone.md) have a corresponding [deployable architecture](https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview) in IBM Cloud. To help you learn about deployable architectures, this lab provides steps for deploying the deployable architecture in IBM Cloud rather than by running Terraform commands against the open source GitHub version.
 
-IBM-maintained Deployable Architectures, like the Landing Zone Deployable Architecture:
+IBM-maintained deployable architectures are just like the landing zone deployable architecture in these ways:
 
 - Provide the same level of customer support as any other IBM Cloud product
-- [Come with extensive documentation](https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview)
-- Are maintained and remains current over time
+- Come with extensive [documentation](https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview)
+- Are maintained to stay current
diff --git a/docs/about/40-projects.md b/docs/about/40-projects.md
@@ -1,18 +1,19 @@
-# IBM Cloud Projects
+# IBM Cloud projects
 
-IBM Cloud Projects make it easy to manage Infrastructure-As-Code deployments across accounts, collaborate with team members, and maintain compliance.
+IBM Cloud projects make it easy to manage Infrastructure-As-Code (IaC) deployments across accounts, collaborate with team members, and maintain compliance.
 
-At its core, an IBM Cloud Project is made up of a collection of configurations that are used to manage related Infrastructure as Code (IaC) deployments (and associated resources) across accounts.
+At its core, an IBM Cloud project is made up of a collection of configurations that are used to manage related Infrastructure as Code (IaC) deployments (and associated resources) across accounts.
 
-As a concrete example, let’s imagine the scenario of a SRE team responsible for setting up the infrastructure supporting the web application. That SRE team wants to follow best practices and deploy the following environments, all based on the same Deployable Architecture template (but with slight configuration differences for each environment):
+For example, let’s imagine the scenario of a SRE team that is responsible for setting up the infrastructure that supports the web application. That SRE team wants to follow best practices and deploy the following environments, which are based on the same deployable architecture template (but with slight configuration differences for each environment):
 
-1. A development environment – with scaled down compute resources and no audit event tracking.
-2. A staging environment – as close as possible to the production environment
-3. 2 production environments: one in America and another one in Europe.
+1. A development environment: with scaled down compute resources and no audit event tracking.
+2. A staging environment: as close as possible to the production environment
+3. Two production environments: one in North America and another one in Europe.
 
-That SRE team can group configurations, and thus centralize the governance, for the 4 different environments in one single Project.
+That SRE team can group configurations, and thus centralize the governance and supervision, for the four different environments in one single Project.
 
-Beyond the core configuration grouping capability, IBM Cloud Projects is designed with an IaC and a compliance-first approach. Projects also seemingly integrate with IBM Cloud Schematics to deploy, update, and manage the resources created by the IaC automation.
-Each project also includes tools to scan for potentially harmful resource changes, compliance, security, and cost, as well as tracking configuration versioning and governance.
+Beyond the core configuration grouping capability, IBM Cloud projects is designed with an IaC and a compliance-first approach. Projects also seemingly integrates with IBM Cloud Schematics to deploy, update, and manage the resources that are created by the IaC automation.
 
-![IBM Cloud Projects](../about/40-projects.md)
+Each project also includes tools to scan for potentially harmful resource changes, compliance, security, and cost issues, and to track configuration versioning and governance.
+
+![IBM Cloud projects](../images/about-projects.png)
diff --git a/docs/cover.md b/docs/cover.md
@@ -1,7 +1,7 @@
 <img src="header.jpg">
 
-> Seamless App Deployment with<br/>
-> IBM Cloud's Secure Landing Zone
+> Seamless Deployment: From Provisioning to Runtime<br/>
+> with IBM Cloud VPC landing zone
 
 _Session 2448_