Update user topics (#109)

* Update user topics

* Incorporate feedback

datacenter/ucp/2.2/guides/architecture.md

@@ -1,22 +1,23 @@
 ---
+title: UCP architecture
 description: Learn about the architecture of Docker Universal Control Plane.
 keywords: docker, ucp, architecture
-title: UCP architecture
 ---
 
-Universal Control Plane is a containerized application that runs on [Docker Enterprise Edition](/enterprise/index.md) and extends its functionality to
-make it easier to deploy, configure, and monitor your applications at scale.
+Universal Control Plane is a containerized application that runs on
+[Docker Enterprise Edition](/enterprise/index.md) and extends its functionality
+to make it easier to deploy, configure, and monitor your applications at scale.
 
-It also secures Docker with role-based access control so that only authorized
+UCP also secures Docker with role-based access control so that only authorized
 users can make changes and deploy applications to your Docker cluster.
 
 ![](images/architecture-1.svg)
 
-Once Universal Control Plane (UCP) is deployed, developers and IT operations
-no longer interact with Docker Engine directly, but interact with UCP instead.
-Since UCP exposes the standard Docker API this is all done transparently, so
-that you can use the tools you already know and love like the Docker CLI client
-and Docker Compose.
+Once Universal Control Plane (UCP) instance is deployed, developers and IT
+operations no longer interact with Docker Engine directly, but interact with
+UCP instead. Since UCP exposes the standard Docker API, this is all done
+transparently, so that you can use the tools you already know and love, like
+the Docker CLI client and Docker Compose.
 
 
 ## Under the hood
@@ -26,31 +27,38 @@ by Docker.
 
 ![](images/architecture-2.svg)
 
-A swarm is a collection of nodes that are in the same Docker swarm. [Nodes](/engine/swarm/key-concepts.md) in a Docker swarm operate in one of two modes: Manager or Worker. If nodes are not already running in a swarm when installing UCP, nodes will be configured to run in swarm mode.
+A swarm is a collection of nodes that are in the same Docker cluster.
+[Nodes](/engine/swarm/key-concepts.md) in a Docker swarm operate in one of two
+modes: Manager or Worker. If nodes are not already running in a swarm when
+installing UCP, nodes will be configured to run in swarm mode.
 
 When you deploy UCP, it starts running a globally scheduled service called
-`ucp-agent`. This service monitors the node where it is running and starts
-and stops UCP services, based on whether that node is a
+`ucp-agent`. This service monitors the node where it's running and starts
+and stops UCP services, based on whether the node is a
 [manager or a worker node](/engine/swarm/key-concepts.md).
 
 If the node is a:
 
 * **Manager**: the `ucp-agent` service automatically starts serving all UCP
-components including the UCP web UI and data stores used by UCP. The `ucp-agent` accomplishes this by [deploying several containers](#ucp-components-in-manager-nodes) on the node. By promoting a node to manager, UCP automatically becomes highly available and fault tolerant.
-* **Worker**: on worker nodes the `ucp-agent` service starts serving a proxy
-service that ensures only authorized users and other UCP services can run Docker
-commands in that node. The `ucp-agent` only deploys a [subset of containers](#ucp-components-in-worker-nodes) on worker nodes.
-
+  components, including the UCP web UI and data stores used by UCP. The
+  `ucp-agent` accomplishes this by
+  [deploying several containers](#ucp-components-in-manager-nodes)
+  on the node. By promoting a node to manager, UCP automatically becomes
+  highly available and fault tolerant.
+* **Worker**: on worker nodes, the `ucp-agent` service starts serving a proxy
+  service that ensures only authorized users and other UCP services can run
+  Docker commands in that node. The `ucp-agent` deploys a
+  [subset of containers](#ucp-components-in-worker-nodes) on worker nodes.
 
 ## UCP internal components
 
 The core component of UCP is a globally-scheduled service called `ucp-agent`.
-When you install UCP on a node, or join a node to a swarm that is being managed
+When you install UCP on a node, or join a node to a swarm that's being managed
 by UCP, the `ucp-agent` service starts running on that node.
 
 Once this service is running, it deploys containers with other UCP components,
-and ensures they keep running. The UCP components that are deployed
-on a node depend on whether that node is a manager or a worker.
+and it ensures they keep running. The UCP components that are deployed
+on a node depend on whether the node is a manager or a worker.
 
 ### UCP components in manager nodes
 
@@ -73,8 +81,6 @@ persist the state of UCP. These are the UCP services running on manager nodes:
 | ucp-swarm-manager   | Used to provide backwards-compatibility with Docker Swarm                                                                                                                                         |
 
 
-
-
 ### UCP components in worker nodes
 
 Worker nodes are the ones where you run your applications. These are the UCP
@@ -120,7 +126,7 @@ By default, the data for these volumes can be found at
 
 There are two ways to interact with UCP: the web UI or the CLI.
 
-You can use the UCP web UI to manage your cluster, grant and revoke user
+You can use the UCP web UI to manage your swarm, grant and revoke user
 permissions, deploy, configure, manage, and monitor your applications.
 
 ![](images/architecture-3.svg)

datacenter/ucp/2.2/guides/get-support.md

@@ -1,12 +1,11 @@
 ---
-description: Your Docker subscription gives you access to prioritized support. You
-  can file tickets via email, your the support portal.
-keywords: Docker, support, help
 title: Get support
+description: Your Docker EE subscription gives you access to prioritized support. You can file tickets via email or the support portal.
+keywords: Docker, support, help
 ---
 
-Your Docker Data Center, or Universal Control Plane subscription gives you
-access to prioritized support. The service levels depend on your subscription.
+Your Docker Enterprise Edition subscription gives you access to prioritized
+support. The service levels depend on your subscription.
 
 If you need help, you can file a ticket via:
 
@@ -21,8 +20,8 @@ support dump:
 
 ## From the UI
 
-1. Log into the UCP UI with an administrator account.
-2. On the top-right menu, **click your username**, and choose **Support Dump**.
+1. Log into the UCP web UI with an administrator account.
+2. In the top-left menu, click your username and choose **Support Dump**.
 
 ![](images/get-support-1.png){: .with-border}
 
@@ -35,10 +34,10 @@ and run:
 docker run --rm \
   --name ucp \
   -v /var/run/docker.sock:/var/run/docker.sock \
-  {{ page.docker_image }} \
+  {{ page.ucp_latest_image }} \
   support > docker-support.tgz
 ```
 
 This support dump only contains logs for the node where you're running the
 command. If your UCP is highly available, you should collect support dumps
-from all the manager nodes.
+from all of the manager nodes.

datacenter/ucp/2.2/guides/index.md

@@ -1,23 +1,24 @@
 ---
+title: Universal Control Plane overview
 description: Learn about Docker Universal Control Plane, the enterprise-grade cluster
   management solution from Docker.
 keywords: docker, ucp, overview, orchestration, clustering
-title: Universal Control Plane overview
 ---
 
 Docker Universal Control Plane (UCP) is the enterprise-grade cluster management
 solution from Docker. You install it on-premises or in your virtual private
-cloud, and it helps you manage your Docker cluster and applications from a
-single place.
+cloud, and it helps you manage your Docker swarm and applications through a 
+single interface.
 
 ![](../../../images/ucp.png){: .with-border}
 
-## Centralized cluster management
+## Centralized swarm management
 
-With Docker you can join up to thousands of physical or virtual machines
-together to create a container cluster, allowing you to deploy your applications
-at scale. Docker Universal Control Plane extends the functionality provided
-by Docker to make it easier to manage your cluster from a centralized place.
+With Docker, you can join up to thousands of physical or virtual machines
+together to create a container cluster, or swarm, allowing you to deploy your
+applications at scale. Docker Universal Control Plane extends the
+functionality provided by Docker to make it easier to manage your swarm
+from a centralized place.
 
 You can manage and monitor your container cluster using a graphical UI.
 
@@ -28,38 +29,39 @@ you already know, including the Docker CLI client, to deploy and manage your
 applications.
 
 As an example, you can use the `docker info` command to check the
-status of a Docker cluster managed by UCP:
+status of a Docker swarm managed by UCP:
 
-```bash
+```none
 $ docker info
 
-Containers: 30
-Images: 24
-Server Version: ucp/2.0.1
-Role: primary
-Strategy: spread
-Filters: health, port, containerslots, dependency, affinity, constraint
-Nodes: 2
-  ucp-node-1: 192.168.99.100:12376
-    └ Status: Healthy
-    └ Containers: 20
-  ucp-node-2: 192.168.99.101:12376
-    └ Status: Healthy
-    └ Containers: 10
+Containers: 38
+Running: 23
+Paused: 0
+Stopped: 15
+Images: 17
+Server Version: 17.06
+...
+Swarm: active
+NodeID: ocpv7el0uz8g9q7dmw8ay4yps
+Is Manager: true
+ClusterID: tylpv1kxjtgoik2jnrg8pvkg6
+Managers: 1
+…
 ```
 
 ## Deploy, manage, and monitor
 
-With Docker UCP you can manage from a centralized place all the computing
-resources you have available like nodes, volumes, and networks.
+With Docker UCP, you can manage from a centralized place all of the computing
+resources you have available, like nodes, volumes, and networks.
 
 You can also deploy and monitor your applications and services.
 
 ## Built-in security and access control
 
 Docker UCP has its own built-in authentication mechanism and integrates with
-LDAP services. It also has Role Based Access Control (RBAC), so that you can
-control who can access and make changes to your cluster and applications.
+LDAP services. It also has role-based access control (RBAC), so that you can
+control who can access and make changes to your swarm and applications.
+[Learn about role-based access control](admin/manage-users/index.md).
 
 ![](images/overview-3.png){: .with-border}
 

datacenter/ucp/2.2/guides/user/access-ucp/cli-based-access.md

@@ -1,14 +1,14 @@
 ---
-description: Learn how to access Docker Universal Control Plane from the CLI.
-keywords: docker, ucp, cli, administration
 title: CLI-based access
+description: Learn how to access Docker Universal Control Plane from the CLI.
+keywords: ucp, cli, administration
 ---
 
-Docker UCP secures your cluster with role-based access control, so that only
-authorized users can perform changes to the cluster.
+Docker UCP secures your swarm by using role-based access control,
+so that only authorized users can perform changes to the cluster.
 
 For this reason, when running docker commands on a UCP node, you need to
-authenticate your request using client certificates. When trying to run docker
+authenticate your request with client certificates. When trying to run docker
 commands without a valid certificate, you get an authentication error:
 
 ```none
@@ -20,20 +20,20 @@ x509: certificate signed by unknown authority
 There are two different types of client certificates:
 
 * Admin user certificate bundles: allow running docker commands on the
-Docker Engine of any node,
+  Docker Engine of any node,
 * User certificate bundles: only allow running docker commands through a UCP
-manager node.
+  manager node.
 
 ## Download client certificates
 
-To download a client certificate bundle, log into the **UCP web UI**, and
-navigate to your user **profile page**.
+To download a client certificate bundle, log in to the UCP web UI and
+navigate to your **My Profile** page.
+
+In the left pane, click **Client Bundles** and click **New Client Bundle**
+to download the certificate bundle.
 
 ![](../../images/cli-based-access-1.png){: .with-border}
 
-Click the **Create a Client Bundle** button, to download the certificate bundle.
-
-
 ## Use client certificates
 
 Once you've downloaded a client certificate bundle to your local computer, you
@@ -42,7 +42,7 @@ can use it to authenticate your requests.
 Navigate to the directory where you downloaded the user bundle, and unzip it.
 Then source the `env.sh` script.
 
-```none
+```bash
 $ unzip ucp-bundle-dave.lauper.zip
 $ cd ucp-bundle-dave.lauper
 $ eval $(<env.sh)
@@ -53,27 +53,32 @@ local Docker CLI communicate with UCP. It also updates the `DOCKER_CERT_PATH`
 environment variables to use the client certificates that are included in the
 client bundle you downloaded.
 
+> Note: The bundle includes scripts for setting up Windows nodes. To set up a
+> Windows environment, run `env.cmd` in an elevated command prompt, or run
+> `env.ps1` in an elevated PowerShell prompt.
+
 From now on, when you use the Docker CLI client, it includes your client
-certificates as part of the request to the Docker Engine.
-You can now use the Docker CLI to create services, networks, volumes and other
-resources on a swarm managed by UCP.
+certificates as part of the request to the Docker Engine. You can now use the
+Docker CLI to create services, networks, volumes and other resources on a swarm
+that's managed by UCP.
 
-## Download client certificates using the REST API
+## Download client certificates by using the REST API
 
-You can also download client bundles using the UCP REST API. In
-this example we'll be using `curl` for making the web requests to the API, and
-`jq` to parse the responses.
+You can also download client bundles by using the
+[UCP REST API](../../../reference/api/index.md). In this example,
+we use `curl` to make the web requests to the API, and `jq` to parse the
+responses.
 
 To install these tools on a Ubuntu distribution, you can run:
 
-```none
+```bash
 $ sudo apt-get update && apt-get install curl jq
 ```
 
 Then you get an authentication token from UCP, and use it to download the
 client certificates.
 
-```none
+```bash
 # Create an environment variable with the user security token
 $ AUTHTOKEN=$(curl -sk -d '{"username":"<username>","password":"<password>"}' https://<ucp-ip>/auth/login | jq -r .auth_token)
 

datacenter/ucp/2.2/guides/user/access-ucp/index.md

@@ -1,7 +1,7 @@
 ---
-description: Learn how to access Docker Universal Control Plane from the web browser.
-keywords: docker, ucp, web, administration
 title: Web-based access
+description: Learn how to access Docker Universal Control Plane from the web browser.
+keywords: ucp, web, administration
 ---
 
 Docker Universal Control Plane allows you to manage your cluster in a visual
@@ -10,18 +10,22 @@ way, from your browser.
 ![](../../../../../images/ucp.png){: .with-border}
 
 
-Docker UCP secures your cluster with role-based access control. From the
-browser, Administrators can:
+Docker UCP secures your swarm by using
+[role-based access control](../../admin/manage-users/index.md).
+From the browser, administrators can:
 
-* Manage cluster configurations,
-* Manage the permissions of users and teams,
+* Manage swarm configurations,
+* Manage the permissions of users, teams, and organizations,
 * See all images, networks, volumes, and containers.
+* Grant permissions to users for scheduling tasks on specific nodes
+  (with the Docker EE Advanced license).  
 
 ![](../../images/web-based-access-2.png){: .with-border}
 
 Non-admin users can only see and change the images, networks, volumes, and
-containers, they are granted access.
+containers, and only when they're granted access by an administrator.
 
 # Where to go next
 
+* [Authorization](../../admin/manage-users/index.md)
 * [Access UCP from the CLI](cli-based-access.md)

datacenter/ucp/2.2/guides/user/secrets/grant-revoke-access.md

@@ -9,8 +9,11 @@ use a specific secret in their services and which users can delete the secret.
 
 ## Grant access to a secret
 
-As with most resources managed by UCP, the way to grant permission to a set
-of users to use a secret, is by applying the `com.docker.ucp.access.label` to
+As with other resources managed by UCP, the way to grant permission to a set
+of users to use a secret is by creating a grant against the collection that
+contains the secret.
+
+is by applying the `com.docker.ucp.access.label` to
 the secret.
 
 ![](../../images/grant-access-secrets-1.png){: .with-border}

datacenter/ucp/2.2/guides/user/secrets/index.md

@@ -1,26 +1,22 @@
 ---
 title: Manage secrets
 description: Learn how to manage your passwords, certificates, or other secrets in a secure way with Docker Datacenter
-keywords: Docker, UCP, secrets, secrets management
+keywords: UCP, secrets, secrets management
 ---
 
-[![Secrets](../../images/secrets_video.png)](https://www.youtube.com/watch?v=8CaiJ9uZEk8 "Working with Secrets"){:target="_blank"}
-
-When deploying and orchestrating services, you often need to configure those
-services with sensitive information like passwords, TLS certificates, or
-private keys.
+When deploying and orchestrating services, you often need to configure them
+with sensitive information like passwords, TLS certificates, or private keys.
 
 Universal Control Plane allows you to store this sensitive information, also
-know as secrets, in a secure way. It also gives you role-based access control
+known as *secrets*, in a secure way. It also gives you role-based access control
 so that you can control which users can use a secret in their services
 and which ones can manage the secret.
 
 UCP extends the functionality provided by Docker Engine, so you can continue
 using the same workflows and tools you already use, like the Docker CLI client.
+[Learn how to use secrets with Docker](/engine/swarm/secrets/).
 
-<!-- todo: add link when 1.13 is available [Learn how to use secrets with Docker](/engine/swarm/secrets/) -->
-
-In this example we're going to deploy a WordPress application that's composed of
+In this example, we're going to deploy a WordPress application that's composed of
 two services:
 
 * wordpress: The service that runs Apache, PHP, and WordPress
@@ -28,17 +24,19 @@ two services:
 
 Instead of configuring our services to use a plain text password stored in an
 environment variable, we're going to create a secret to store the password.
-When we deploy those services we'll attach the secret to them, which creates
-a file with the password inside the container running the service. Our services
-will be able to use that file, but no one else will be able to see the
-plain text password.
+When we deploy those services, we'll attach the secret to them, which creates
+a file with the password inside the container running the service.
+Our services will be able to use that file, but no one else will be able
+to see the plain text password.
 
 To make things simpler, we're not going to configure the database service to
 persist data. When the service stops, the data is lost.
 
 ## Create a secret
 
-In the **UCP web UI**, navigate to **Resources**, and click **Secrets**.
+In the UCP web UI, navigate to **Secrets** page and click **Create Secret**
+to create a new secret. Once you create the secret you won't be able to edit
+it or see the secret data again.
 
 ![](../../images/manage-secrets-1.png){: .with-border}
 

datacenter/ucp/2.2/guides/user/services/use-domain-names-to-access-services.md

@@ -22,7 +22,7 @@ You also need permissions to attach services to the `ucp-hrm` network.
 
 ## Deploy WordPress
 
-Log in the UCP web UI, navigate to the **Services** page, and click
+Log in to the UCP web UI, navigate to the **Services** page, and click
 **Create Service**. Then create a WordPress service with the following
 configuration: