Merge pull request #5847 from EnterpriseDB/release/2024-07-10a

Release: 2024-07-10a

install_template/templates/products/edb-jdbc-connector/index.njk

@@ -23,6 +23,7 @@ legacyRedirectsGenerated:
 {% block navigation %}
 {{- super() -}}
 - windows
+- using_maven
 - configuring_for_java
 - upgrading
 {% endblock navigation %}

product_docs/docs/biganimal/release/administering_cluster/projects.mdx

@@ -89,12 +89,12 @@ To delete a project that you created:
 1. From the **Settings** list, select **Security**.
 1. Select **Add a key**. 
 1. On the **Add a key** page, select the **Cloud Service Provider**. 
-1. Select the **Region** for the key. The interface only displays the regions available in the cloud account you configured.
+1. Select the **Region** for the key. Only the regions available in the cloud account you configured are listed.
 1. Complete the remaining fields according to your cloud provider. 
-1. Select **Add Key** to finalize the configuration.
+1. To finalize the configuration, select **Add Key**.
 
 !!!note Note for GCP keys
-   If the key you added was created in a different Google Cloud Platform account than the TDE-enabled cluster you want to create, ensure you enable the [Cloud KMS API](https://cloud.google.com/kms/docs/create-encryption-keys#before-you-begin) in the Google console before assigning it to your cluster in BigAnimal.
+   If the key you added was created in a Google Cloud Platform account different from the TDE-enabled cluster you want to create, ensure you enable the [Cloud KMS API](https://cloud.google.com/kms/docs/create-encryption-keys#before-you-begin) in the Google console before assigning it to your cluster in BigAnimal.
 
 Now, use this TDE key to [create a cluster](/biganimal/release/getting_started/creating_a_cluster/#security).
 

product_docs/docs/biganimal/release/getting_started/creating_a_cluster/creating_a_dha_cluster.mdx

@@ -140,7 +140,7 @@ The following options aren't available when creating your cluster:
 
 1.  In the **Networking** section:
 
-    In **Connectivity Type**, specify whether to use private or public networking. Networking is set to **Public** by default. Public means that any client can connect to your cluster's public IP address over the internet. Optionally, you can limit traffic to your public cluster by specifying an IP allowlist, which allows access only to certain blocks of IP addresses. To limit access, tick the **Use allowlists** box and add one or more classless inter-domain routing (CIDR) blocks. CIDR is a method for allocating IP addresses and IP routing to a whole network or subnet. If you have any CIDR block entries, access is limited to those IP addresses. If none are specified, all network traffic is allowed. 
+    In **Connectivity Type**, specify whether to use private or public networking. Networking is set to **Public** by default. Public means that any client can connect to your cluster's public IP address over the internet. Optionally, you can limit traffic to your public cluster by specifying an IP allowlist, which allows access only to certain blocks of IP addresses. To limit access, select **Use allowlists** and add one or more classless inter-domain routing (CIDR) blocks. CIDR is a method for allocating IP addresses and IP routing to a whole network or subnet. If you have any CIDR block entries, access is limited to those IP addresses. If none are specified, all network traffic is allowed. 
 
     Private networking allows only IP addresses in your private network to connect to your cluster.  
 

product_docs/docs/biganimal/release/getting_started/creating_a_cluster/index.mdx

@@ -43,7 +43,7 @@ The following options aren't available when creating your cluster:
 
     -  [Primary/Standby High Availability](../../overview/02_high_availability/primary_standby_highavailability/) creates a cluster with one primary and one or two standby replicas in different availability zones. You can create primary/standby high-availability clusters running PostgreSQL, EDB Postgres Extended Server or EDB Postgres Advanced Server. If you enable read-only workloads, then you might have to raise the IP address resource limits for the cluster. 
 
-    -  [Distributed High Availability](../../overview/02_high_availability/distributed_highavailability/) creates a cluster, powered by EDB Postgres Distributed, with up to two data groups spread across multiple cloud regions to deliver higher performance and faster recovery. You can create distributed high availability clusters running PostgreSQL, EDB Postgres Extended Server or EDB Postgres Advanced Server. See [Creating a distributed high-availability cluster](creating_a_dha_cluster) for instructions. 
+    -  [Distributed High Availability](../../overview/02_high_availability/distributed_highavailability/) creates a cluster, powered by EDB Postgres Distributed, with up to two data groups spread across multiple cloud regions to deliver higher performance and faster recovery. You can create distributed high-availability clusters running PostgreSQL, EDB Postgres Extended Server, or EDB Postgres Advanced Server. See [Creating a distributed high-availability cluster](creating_a_dha_cluster) for instructions. 
 
     See [Supported cluster types](/biganimal/latest/overview/02_high_availability/) for more information about the different cluster types.
 
@@ -143,7 +143,7 @@ The following options aren't available when creating your cluster:
 
 1.  In the **Network, Logs, & Telemetry** section:
 
-    In **Connectivity Type**, specify whether to use private or public networking. Networking is set to **Public** by default. Public means that any client can connect to your cluster’s public IP address over the internet. Optionally, you can limit traffic to your public cluster by specifying an IP allowlist, which allows access only to certain blocks of IP addresses. To limit access, tick the **Use allowlists** box and add one or more classless inter-domain routing (CIDR) blocks. CIDR is a method for allocating IP addresses and IP routing to a whole network or subnet. If you have any CIDR block entries, access is limited to those IP addresses. If none are specified, all network traffic is allowed. 
+    In **Connectivity Type**, specify whether to use private or public networking. Networking is set to **Public** by default. Public means that any client can connect to your cluster’s public IP address over the internet. Optionally, you can limit traffic to your public cluster by specifying an IP allowlist, which allows access only to certain blocks of IP addresses. To limit access, select **Use allowlists** and add one or more classless inter-domain routing (CIDR) blocks. CIDR is a method for allocating IP addresses and IP routing to a whole network or subnet. If you have any CIDR block entries, access is limited to those IP addresses. If none are specified, all network traffic is allowed. 
 
     Private networking allows only IP addresses in your private network to connect to your cluster.  
 
@@ -233,29 +233,27 @@ Enable **Superuser Access** to grant superuser privileges to the edb_admin role.
 Enable **Transparent Data Encryption (TDE)** to use your own encryption key. This option is available for EDB Postgres Advanced Server and EDB Postgres Extended Server for version 15 and later. Select an encryption key from your project and region to encrypt the cluster with TDE. To learn more about TDE support, see [Transparent Data Encryption](../../overview/03_security/#your-own-encryption-key---transparent-data-encryption-tde).
 
 !!!Note "Important"
-- To enable and use TDE for a cluster, the encryption key must be enabled and added at the project level before creating a cluster. 
+- To enable and use TDE for a cluster, you must first enable the encryption key and add it at the project level before creating a cluster. 
   To add a key, see [Adding a TDE key at project level](../../administering_cluster/projects.mdx/#adding-a-tde-key).
 - To enable and use TDE for a cluster, you must complete the configuration on the platform of your key management provider after creating a cluster. See [Completing the TDE configuration](#completing-the-TDE-configuration) for more information.
 !!!
 
 #### Completing the TDE configuration
 
-After you create the cluster in the BigAnimal console, the UI will display the **Waiting for access to encryption key** state. To complete the configuration and enable the key sync between BigAnimal and the key management platform you must grant encrypt and decrypt permissions to your key:
+After you create the cluster in the BigAnimal console, the cluster is in the **Waiting for access to encryption key** state. To complete the configuration and enable the key sync between BigAnimal and the key management platform, you must grant encrypt and decrypt permissions to your key:
 
 1.  In BigAnimal, select the cluster name and access the cluster's page. See the **Action required: grant key permissions to activate the cluster**.
 
-1.  Copy the **Principal** identifier (AWS), **service account** (GCP) or **MSI Workload Identity** (Azure) to your clipboard. 
-
-1.  Follow the on-screen guide to grant encrypt and decrypt permissions to your key. Here is additional information in case you require further guidance:
+1.  Follow the on-screen guide to grant encrypt and decrypt permissions to your key. The instructions differ depending on the cloud provider of your key. Some additional guidance:
 
     <details><summary>AWS</summary>
 
     1.  Copy the **Principal** identifier to your clipboard. 
-    1.  Go to the AWS console, and navigate to the **Key Management Service**
+    1.  Go to the AWS console, and navigate to the **Key Management Service**.
     1.  Select **Customer-managed keys**, and **Edit policy** for your key.
-    1.  Append a new policy statement where the `Principal.AWS` field equals the **Principal** identifier you copied to    your clipboard and where the `Principal.Action` field contains **kms:Encrypt** and **kms:Decrypt** permissions. 
+    1.  Append a new policy statement where the `Principal.AWS` field contains the **Principal** identifier you copied earlier and the `Principal.Action` field contains **kms:Encrypt** and **kms:Decrypt** permissions. 
 
-        This example contains the default AWS policy statement and the BigAnimal policy statement that corresponds to the TDE configuration.  
+        This example contains the default AWS policy statement and the BigAnimal policy statement that corresponds to the TDE configuration:
 
         ```
         {
@@ -292,7 +290,7 @@ After you create the cluster in the BigAnimal console, the UI will display the *
     <details><summary>GCP</summary>
 
     1.  Copy the **service account** to your clipboard.
-    1.  Go to the Google Cloud console, select **Security**, **VIEW BY PRINCIPALS**, **GRANT ACCESS** for your key.
+    1.  On the Google Cloud console, select **Security**, **VIEW BY PRINCIPALS**, and **GRANT ACCESS** for your key.
     1.  Paste the service account into the **New principals** field.
     1.  Assign the `Cloud KMS CryptoKey Decrypter` and `Cloud KMS CryptoKey Encrypter` roles and save. 
 
@@ -301,11 +299,12 @@ After you create the cluster in the BigAnimal console, the UI will display the *
     <details><summary>Azure</summary>
 
     1.  Copy the **MSI Workload Identity** to your clipboard. 
-    1.  Got to the Microsoft Azure console, and navigate to **Key vaults**. 
-    1.  Select the key, go to **Access configuration** and set the **Permission model** to **Vault access policy**.
-    1.  Select **Access policies**, and **Create**.
+    1.  On the Microsoft Azure console, navigate to **Key vaults**. 
+    1.  Select the key. Go to **Access configuration** and set the **Permission model** to **Vault access policy**.
+    1.  Select **Access policies**. 
+    1.  Select **Create**.
     1.  In **Permissions**, select **Encrypt** and **Decrypt**.
-    1.  In **Principal**, paste the MSI Workload Identity you copied to your clipboard and finish creating the policy.
+    1.  In **Principal**, paste the MSI Workload Identity you copied earlier and finish creating the policy.
 
     </details>
 

product_docs/docs/biganimal/release/overview/02_high_availability/distributed_highavailability.mdx

@@ -59,25 +59,25 @@ Cross-cloud service provider witness nodes are available with AWS, Azure, and Go
 
 ## Read-only workloads
 
-When you enable the read-only workloads option during the cluster creation, a read-only connection string is created for the data group. You can use this connection to allow your application or service to route read-only requests through the shadow nodes (non-write leaders) to lighten the load on the write leaders and improve the Distributed High Availability cluster's performance. 
+When you enable the read-only workloads option during the cluster creation, a read-only connection string is created for the data group. You can use this connection to allow your application or service to route read-only requests through the shadow nodes (non-write leaders) to lighten the load on the write leaders and improve the distributed high-availability cluster's performance. 
 
 If you have more than one data group, you can choose whether to enable the read-only workloads option on a per-data-group basis. 
 
-Since the infrastructure of a Distributed High Availability cluster is almost entirely based on EDB Postgres Distributed, the same [PGD Proxy read-only routing rules](/pgd/latest/routing/readonly/) apply.
+Since the infrastructure of a distributed high-availability cluster is almost entirely based on EDB Postgres Distributed, the same [PGD Proxy read-only routing rules](/pgd/latest/routing/readonly/) apply.
 
 !!! Important 
 
     Once you have configured a read-only connection string with your application, read-only workloads are routed to shadow nodes (non-write leaders). The connection is read-only because it accepts read-only queries through the shadow nodes. However, commands that run on read-only connections aren't filtered by BigAnimal, so shadow nodes can still perfom write operations to the contents of database tables. We recommend that you use a Postgres role with minimal read-only privileges for your application or pass `default_transaction_read_only=on` in the connection string. This way, you can avoid write operations on shadow nodes that could cause conflicts between the write leader and the shadow nodes. 
 
-**IP addresses**
+### IP addresses
 
-If you are configuring read-only workload connections on your own cloud account, you might have to raise the IP address resource limits for the cluster:
+If you're configuring read-only workload connections on your own cloud account, you might have to raise the IP address resource limits for the cluster:
 
-- For Azure, the IP address quota is Standard Public IP Address.
+- For Azure, the IP address quota is standard public IP address.
 
 - For AWS, the IP address quota is Elastic IP. You might also have to increase the **Network Load Balancers per Region** value. 
 
-**Advisory locks**
+### Advisory locks
 
 Advisory locks aren't replicated between Postgres nodes, so advisory locks taken on a shadow node don't conflict with advisory locks taken on the lead. We recommend that applications that rely on advisory locking avoid using read-only workloads for those transactions.
 

product_docs/docs/biganimal/release/overview/03_security/index.mdx

@@ -25,14 +25,14 @@ All data in BigAnimal is encrypted in motion and at rest. Network traffic is enc
 
 ### Your own encryption key - Transparent Data Encryption (TDE)
 
-Optionally enable Transparent Data Encryption (TDE) at the database level on BigAnimal's cloud account, on AWS, GCP or Azure. TDE encrypts all data files, the write-ahead log (WAL) and temporary files used during query processing and database system operations. 
+Optionally enable Transparent Data Encryption (TDE) at the database level on BigAnimal's cloud account, AWS, GCP, or Azure. TDE encrypts all data files, the write-ahead log (WAL), and temporary files used during query processing and database system operations. 
 
 You can't enable nor disable TDE on existing clusters. To enable TDE, first connect the encryption keys to BigAnimal at the project level, and then select those keys while creating a cluster. 
 
-EDB supports enabling TDE with your own encryption key on Single Node and Primary/Standby High Availability deployments running EDB Postgres Advanced Server or EDB Postgres Extended Server versions 15 and later.
+EDB supports enabling TDE with your own encryption key on single-node and primary/standby high-availability deployments running EDB Postgres Advanced Server or EDB Postgres Extended Server versions 15 and later.
 Both the key and cluster must be in the same region and hosted by the same underlying cloud provider. 
 
-This overview shows the supported cluster-to-key combinations: 
+This overview shows the supported cluster-to-key combinations.
 
 |                             | AWS cluster (BYOA) | AWS cluster (BAH) | GCP cluster (BYOA) | GCP cluster (BAH) | Azure cluster (BYOA) | Azure cluster (BAH) |
 |-----------------------------|--------------------|-------------------|--------------------|-------------------|----------------------|---------------------|
@@ -41,15 +41,15 @@ This overview shows the supported cluster-to-key combinations:
 | Azure Key Vault             | ✗            | ✗           | ✗            | ✗           | ✓              | ✗             |
 
 
-**BYOA or Bring your own account:** BigAnimal deploys the cluster on your own cloud provider account.
+**BYOA or bring-your-own-account:** BigAnimal deploys the cluster on your own cloud provider account.
 
-**BAH or BigAnimal hosted:** BigAnimal deploys the cluster on a cloud provider account owned and managed by EDB.   
+**BAH or BigAnimal hosted:** BigAnimal deploys the cluster on a cloud provider account owned and managed by EDB.
 
 !!!note
-   The process of encryption and decryption adds additional overhead in terms of CPU and RAM consumption, performance, and for managing keys for faraway replicas.
+   The process of encryption and decryption adds overhead in terms of CPU and RAM consumption, performance, and for managing keys for faraway replicas.
 !!!
 
-**To enable TDE**:
+To enable TDE:
 
 - Before you create a TDE-enabled cluster, you must [add a TDE key](../../administering_cluster/projects##adding-a-tde-key).