Split ALTS.md into two pages.

content/docs/guides/auth/ALTS.md

@@ -15,13 +15,9 @@ production environments. For more information about ALTS and how it works, see
 the
 [ALTS whitepaper](https://cloud.google.com/security/encryption-in-transit/application-layer-transport-security).
 
-ALTS is now available to all gRPC users, if the application runs on
+gRPC ALTS has the following features:
-[Google Compute Engine (GCE)](https://cloud.google.com/compute/) or
-[Google Kubernetes Engine (GKE)](https://cloud.google.com/kubernetes-engine). It
-has the following features:
 
 -   Create gRPC servers & clients with ALTS as the transport security protocol.
--   Transparent identity provisioning and key management of ALTS credentials.
 -   ALTS connections are end-to-end protected with privacy and integrity.
 -   Applications can access peer information such as the peer service account.
 -   Client authorization and server authorization support.
@@ -31,21 +27,10 @@ gRPC users can configure their applications to use ALTS as a transport security
 protocol with few lines of code, simply indicating the intent of using ALTS.
 gRPC ALTS is supported in C++, Java, Go, and Python.
 
-### Identity and Key Management
+{{< warning >}}
-
+  Currently gRPC ALTS transport security protocol only works in Google Cloud
-Using ALTS transport security protocol, the identity of the gRPC application is
+  Platform (GCP). For more information, see [ALTS on GCP](ALTS_GCP).
-the primary service account associated with the GCE VM that the application runs
+{{< /warning >}}
-on. The service account of a GCE VM can be set or changed using
-[gCloud command](https://cloud.google.com/sdk/gcloud/reference/compute/instances/set-service-account)
-or via
-[GCP console](https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances#using).
-
-Google Cloud Platform issues an ALTS credential for each service account running
-on the GCE VM. The ALTS credentials are securely located in the hypervisor. The
-private key of an ALTS credential is not accessible to the VM and the
-application. The session keys used for end-to-end encryption are exposed to the
-gRPC stack. Google Cloud Platform fully manages the ALTS credentials, including
-certificate issuing, certificate rotation, and certification revocation.
 
 ### gRPC Client with ALTS Transport Security Protocol
 

content/docs/guides/auth/ALTS_GCP.md

@@ -0,0 +1,30 @@
+---
+title: ALTS on Google Cloud Platform (GCP)
+description: >
+  An overview of gRPC ALTS authentication running on Google Cloud Platform.
+---
+
+### Overview
+
+[ALTS](ALTS) is now available to all gRPC users, if the application runs on
+[Google Compute Engine (GCE)](https://cloud.google.com/compute/) or
+[Google Kubernetes Engine (GKE)](https://cloud.google.com/kubernetes-engine).
+The detailed instructions on how to use ALTS as an authentication mechanism
+in gRPC can be found in [ALTS Authentiction guide](ALTS).
+
+### Identity and Key Management
+
+Using ALTS transport security protocol on Google Cloud Platform, the identity
+of the gRPC application is the primary service account associated with the GCE
+VM that the application runs on. The service account of a GCE VM can be set or
+changed using
+[gCloud command](https://cloud.google.com/sdk/gcloud/reference/compute/instances/set-service-account)
+or via
+[GCP console](https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances#using).
+
+Google Cloud Platform issues an ALTS credential for each service account running
+on the GCE VM. The ALTS credentials are securely located in the hypervisor. The
+private key of an ALTS credential is not accessible to the VM and the
+application. The session keys used for end-to-end encryption are exposed to the
+gRPC stack. Google Cloud Platform fully manages the ALTS credentials, including
+certificate issuing, certificate rotation, and certification revocation.