Merge branch 'amberjack' of github.com:docker/docs-private into amberjack

ee/dtr/admin/install/index.md

@@ -26,50 +26,52 @@ You cannot install DTR on a standalone Docker Engine.
 
 ## Step 3. Install DTR
 
-Once UCP is installed, navigate to the **UCP web UI**. In the **Admin Settings**,
-choose **Docker Trusted Registry**.
+Once UCP is installed, navigate to the UCP web interface as an admin. Expand your profile on the left 
+navigation pane, and select **Admin Settings > Docker Trusted Registry**.
 
 ![](../../images/install-dtr-2.png){: .with-border}
 
-After you configure all the options, you'll have a snippet that you can use
-to deploy DTR. It should look like this:
+After you configure all the options, you should see a Docker CLI command that you can use
+to install DTR.
 
 ```bash
-# Pull the latest version of DTR
-$ docker pull {{ page.dtr_org }}/{{ page.dtr_repo }}:{{ page.dtr_version }}
-
-# Install DTR
-$ docker run -it --rm \
-  {{ page.dtr_org }}/{{ page.dtr_repo }}:{{ page.dtr_version }} install \
+docker run -it --rm \
+  {{ page.dtr_org }}/{{ page.dtr_repo }} install \
+  --dtr-external-url dtr-example.com
   --ucp-node <ucp-node-name> \
-  --ucp-insecure-tls
+  --ucp-username admin \
+  --ucp-url <ucp-url>
 ```
 
-You can run that snippet on any node where Docker is installed. As an example
-you can SSH into a UCP node and run the DTR installer from there. By default
-the installer runs in interactive mode and prompts you for any additional
-information that is necessary.
-[Learn more about the installer](/reference/dtr/2.6/cli/install/).
+You can run the DTR install command on any node where `docker` is installed. To verify, run `docker version`. 
+Check that your DTR version is compatible with your Engine - Enterprise and UCP versions using the [compatibility matrix](https://success.docker.com/article/compatibility-matrix).
 
-By default DTR is deployed with self-signed certificates, so your UCP deployment
-might not be able to pull images from DTR.
-Use the `--dtr-external-url <dtr-domain>:<port>` optional flag while deploying
-DTR, so that UCP is automatically reconfigured to trust DTR. Since [HSTS (HTTP Strict-Transport-Security)
-header](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) is included in all API responses, 
-make sure to specify the FQDN (Fully Qualified Domain Name) of your DTR, or your browser may refuse 
-to load the web interface.
+As an example, you can SSH into a UCP node and install DTR from there. Running the installation command in interactive TTY or `-it` mode means you will be prompted for any required additional information.
+[Learn more about installing DTR](/reference/dtr/2.7/cli/install/). 
+
+To pull a specific version of DTR, run the following:
+
+```bash
+docker pull {{ page.dtr_org }}/{{ page.dtr_repo }}:{{ page.dtr_version }}
+```
+Replace `{{ page.dtr_version }}` with your desired version. Run the [installation command](#step-3-install-dtr) with the image you just pulled.
+
+DTR is deployed with self-signed certificates by default, so UCP might not be able to pull images from DTR.
+Use the `--dtr-external-url <dtr-domain>:<port>` optional flag during installation, so that UCP is automatically reconfigured to trust DTR. Additionally, with DTR 2.7, you can 
+[enable browser authentication via client certificates](/ee/enable-authentication-via-client-certificates/) 
+at install time. This bypasses the need for entering your username and password.
 
 ## Step 4. Check that DTR is running
 
-In your browser, navigate to the Docker **Universal Control Plane**
-web interface, and navigate to **Shared Resources > Stacks**. DTR should be listed
-as an application.
+In your browser, navigate to the UCP
+web interface. Select **Shared Resources > Stacks** from the left navigation pane. You should see
+DTR listed as a stack.
 
-
-![](../../images/install-dtr-3.png){: .with-border}
-
-You can also access the **DTR web interface**, to make sure it is working. In your
-browser, navigate to the address where you installed DTR.
+To verify that DTR is accessible from the browser, enter your DTR IP address or FQDN on the address bar.
+Since [HSTS (HTTP Strict-Transport-Security)
+header](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) is included in all API responses, 
+make sure to specify the FQDN (Fully Qualified Domain Name) of your DTR prefixed with `https://`, 
+or your browser may refuse to load the web interface.
 
 ![](../../images/create-repository-1.png){: .with-border}
 
@@ -79,17 +81,21 @@ browser, navigate to the address where you installed DTR.
 After installing DTR, you should configure:
 
   * The certificates used for TLS communication. [Learn more](../configure/use-your-own-tls-certificates.md).
-  * The storage backend to store the Docker images. [Lean more](../configure/external-storage/index.md).
+  * The storage backend to store the Docker images. [Learn more](../configure/external-storage/index.md).
 
-  To perform these configurations, navigate to the **Settings** page of DTR.
-
-  ![](../../images/auto-delete-job-logs-1.png){: .with-border}
+### Web interface
 
+  * To update your TLS certificates, access DTR from the browser and navigate to **System > General**. 
+  * To configure your storage backend, navigate to **System > Storage**. If you are upgrading and changing your existing storage backend, see [Switch storage backends](/ee/dtr/admin/configure/external-storage/storage-backend-migration/) for recommended steps.
+  
+### Command line interface
+  
+  To reconfigure DTR using the CLI, see the reference page for [the reconfigure command](/reference/dtr/2.7/cli/reconfigure/).
 
 ## Step 6. Test pushing and pulling
 
 Now that you have a working installation of DTR, you should test that you can
-push and pull images to it:
+push and pull images:
 
 * [Configure your local Docker Engine](../../user/access-dtr/index.md)
 * [Create a repository](../../user/manage-images/index.md)
@@ -104,10 +110,10 @@ you can add more replicas to your DTR cluster. Adding more replicas allows you
 to load-balance requests across all replicas, and keep DTR working if a
 replica fails.
 
-For high-availability you should set 3, 5, or 7 DTR replicas. The nodes where
-you're going to install these replicas also need to be managed by UCP.
+For high-availability, you should set 3 or 5 DTR replicas. The replica nodes also need 
+to be managed by the same UCP.
 
-To add replicas to a DTR cluster, use the `docker/dtr join` command:
+To add replicas to a DTR cluster, use the [join](/reference/dtr/2.7/cli/join/) command:
 
 1. Load your [UCP user bundle](/ee/ucp/user-access/cli/#use-client-certificates).
 
@@ -128,14 +134,14 @@ To add replicas to a DTR cluster, use the `docker/dtr join` command:
     
     > --ucp-node
     >
-    > The <ucp-node-name> following the --ucp-node flag is the target node to
+    > The `<ucp-node-name>` following the `--ucp-node` flag is the target node to
     > install the DTR replica. This is NOT the UCP Manager URL.
     {: .important}
     
 3. Check that all replicas are running.
 
-    In your browser, navigate to the Docker **Universal Control Plane**
-    web interface, and navigate to **Shared Resources > Stacks**. All replicas should
+    In your browser, navigate to UCP's
+    web interface. Select **Shared Resources > Stacks**. All replicas should
     be displayed.
 
     ![](../../images/install-dtr-6.png){: .with-border}

ee/ucp/admin/install/index.md

@@ -83,6 +83,11 @@ To install UCP:
 >[Install an unmanaged CNI plugin](/ee/ucp/kubernetes/install-cni-plugin/).
 {: important}
 
+3. Turn off scheduling on UCP managers and DTR nodes since it is on by default. Workloads cannot be run on manager nodes. 
+Make sure all options shown in the following screen shot are unchecked:
+
+    ![Scheduling options](../../images/scheduling-options.png){: .with-border}
+
 ## Step 5: License your installation
 
 Now that UCP is installed, you need to license it. To use UCP you are required to have a Docker EE standard or advanced subscription, or you can test the platform with a free trial license.