diff --git a/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-private.md b/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-private.md
new file mode 100644
index 0000000000..cb69f1a66d
--- /dev/null
+++ b/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-private.md
@@ -0,0 +1,37 @@
+
+1. [Log in to the Cloud UI](/deploy-manage/deploy/cloud-enterprise/log-into-cloud-ui.md).
+2. On the **Deployments** page, select your deployment.
+
+ Narrow the list by name, ID, or choose from several other filters. To further define the list, use a combination of filters.
+
+3. Access the **Security** page of the deployment.
+4. Select **Remote Connections > Add trusted environment** and choose **{{remote_type}}**. Then click **Next**.
+5. Select **API keys** as authentication mechanism and click **Next**.
+6. When asked whether the Certificate Authority (CA) of the remote environment’s proxy or load-balancing infrastructure is public, select **No, it is private**.
+7. Add the API key:
+
+ 1. Fill both fields.
+
+ * For the **Remote cluster name**, enter the alias of your choice. You will use this alias to connect to the remote cluster later. It must be lowercase and only contain letters, numbers, dashes and underscores.
+ * For the **Cross-cluster API key**, paste the encoded cross-cluster API key.
+
+ 2. Click **Add** to save the API key to the keystore.
+ 3. Repeat these steps for each API key you want to add. For example, if you want to use several clusters of the remote environment for CCR or CCS.
+
+8. Add the CA certificate of the remote environment.
+9. Provide a name for the trusted environment. That name will appear in the trust summary of your deployment's **Security** page.
+10. Select **Create trust** to complete the configuration.
+11. Restart the local deployment to reload the keystore with its new setting. To do that, go to the deployment's main page, locate the **Actions** menu, and select **Restart {{es}}**.
+
+ ::::{note}
+ If the local deployment runs on version 8.14 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.
+ ::::
+
+If you need to update the remote connection with different permissions later, refer to [Change a cross-cluster API key used for a remote connection](/deploy-manage/remote-clusters/ece-edit-remove-trusted-environment.md#edit-remove-trusted-environment-api-key).
+
diff --git a/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-public.md b/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-public.md
index efcd7836a4..c90dce8320 100644
--- a/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-public.md
+++ b/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-public.md
@@ -1,3 +1,10 @@
+
1. [Log into the Cloud UI](/deploy-manage/deploy/cloud-enterprise/log-into-cloud-ui.md).
2. On the **Deployments** page, select your deployment.
@@ -13,11 +20,10 @@
2. Click **Add** to save the API key to the keystore.
-5. Restart the local deployment to reload the keystore with its new setting. To do that, go to the deployment's main page (named after your deployment's name), locate the **Actions** menu, and select **Restart {{es}}**.
+5. Restart the local deployment to reload the keystore with its new setting. To do that, go to the deployment's main page (named after your deployment's name), locate the **Actions** menu, and select **Restart {{es}}**.
::::{note}
If the local deployment runs on version 8.14 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.
::::
-
-If you need to update the remote connection with different permissions later, refer to [Change a cross-cluster API key used for a remote connection](/deploy-manage/remote-clusters/ece-edit-remove-trusted-environment.md#ece-edit-remove-trusted-environment-api-key).
+If you need to update the remote connection with different permissions later, refer to [Change a cross-cluster API key used for a remote connection](/deploy-manage/remote-clusters/ece-edit-remove-trusted-environment.md#edit-remove-trusted-environment-api-key).
diff --git a/deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-private.md b/deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-private.md
new file mode 100644
index 0000000000..b99d1b1b5d
--- /dev/null
+++ b/deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-private.md
@@ -0,0 +1,36 @@
+
+1. Log in to the [{{ecloud}} Console](https://cloud.elastic.co?page=docs&placement=docs-body).
+2. On the home page, find your hosted deployment and select **Manage** to access it directly. Or, select **Hosted deployments** to go to the **Hosted deployments** page to view all of your deployments.
+
+ On the **Hosted deployments** page you can narrow your deployments by name, ID, or choose from several other filters. To customize your view, use a combination of filters, or change the format from a grid to a list.
+
+3. From the navigation menu, select **Security**.
+4. Select **Remote Connections > Add trusted environment** and choose **{{remote_type}}**. Then click **Next**.
+5. Select **API keys** as authentication mechanism and click **Next**.
+6. When asked whether the Certificate Authority (CA) of the remote environment’s proxy or load-balancing infrastructure is public, select **No, it is private**.
+7. Add the API key:
+
+ 1. Fill both fields.
+
+ * For the **Remote cluster name**, enter the alias of your choice. You will use this alias to connect to the remote cluster later. It must be lowercase and only contain letters, numbers, dashes and underscores.
+ * For the **Cross-cluster API key**, paste the encoded cross-cluster API key.
+
+ 2. Click **Add** to save the API key to the keystore.
+ 3. Repeat these steps for each API key you want to add. For example, if you want to use several clusters of the remote environment for CCR or CCS.
+
+8. Add the CA certificate of the remote environment.
+9. Provide a name for the trusted environment. That name will appear in the trust summary of your deployment's **Security** page.
+10. Select **Create trust** to complete the configuration.
+11. Restart the local deployment to reload the keystore with its new setting. To do that, go to the deployment's main page, locate the **Actions** menu, and select **Restart {{es}}**.
+
+ ::::{note}
+ If the local deployment runs on version 8.14 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.
+ ::::
+
+If you need to update the remote connection with different permissions later, refer to [Change a cross-cluster API key used for a remote connection](/deploy-manage/remote-clusters/ec-edit-remove-trusted-environment.md#edit-remove-trusted-environment-api-key).
\ No newline at end of file
diff --git a/deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-public.md b/deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-public.md
index 5d91cfb8dd..b18e85989d 100644
--- a/deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-public.md
+++ b/deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-public.md
@@ -1,3 +1,10 @@
+
1. Log in to the [{{ecloud}} Console](https://cloud.elastic.co?page=docs&placement=docs-body).
2. On the home page, find your hosted deployment and select **Manage** to access it directly. Or, select **Hosted deployments** to go to the **Hosted deployments** page to view all of your deployments.
@@ -13,11 +20,10 @@
2. Click **Add** to save the API key.
-5. Restart the local deployment to reload the new setting. To do that, go to the deployment's main page (named after your deployment's name), locate the **Actions** menu, and select **Restart {{es}}**.
+5. Restart the local deployment to reload the new setting. To do that, go to the deployment's main page (named after your deployment's name), locate the **Actions** menu, and select **Restart {{es}}**.
::::{note}
If the local deployment runs on version 8.14 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.
::::
-
-If you need to update the remote connection with different permissions later, refer to [Change a cross-cluster API key used for a remote connection](/deploy-manage/remote-clusters/ec-edit-remove-trusted-environment.md#ec-edit-remove-trusted-environment-api-key).
+If you need to update the remote connection with different permissions later, refer to [Change a cross-cluster API key used for a remote connection](/deploy-manage/remote-clusters/ec-edit-remove-trusted-environment.md#edit-remove-trusted-environment-api-key).
diff --git a/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet-self.md b/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet-self.md
index 55b8e8f24b..7aa6cd014e 100644
--- a/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet-self.md
+++ b/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet-self.md
@@ -3,11 +3,11 @@ This snippet is in use in the following locations:
- ece-remote-cluster-self-managed.md
- ec-remote-cluster-self-managed.md
-->
-To configure a self-managed cluster as a remote cluster, use the [cluster update settings API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings). Configure the following fields:
+To add a remote cluster, use the [cluster update settings API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings). Configure the following fields:
* `Remote cluster alias`: When using API key authentication, the cluster alias must match the one you configured when adding the API key in the Cloud UI as **Remote cluster name**.
* `mode`: `proxy`
-* `proxy_address`: Enter the endpoint of the remote self-managed cluster, including the hostname, FQDN, or IP address, and the port. Both IPv4 and IPv6 addresses are supported.
+* `proxy_address`: Enter the endpoint of the remote cluster, including the hostname, FQDN, or IP address, and the port. Both IPv4 and IPv6 addresses are supported.
Make sure you use the correct port for your authentication method:
* **API keys**: Use the port configured in the remote cluster interface of the remote cluster (defaults to `9443`).
diff --git a/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet.md b/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet.md
index 82167d9272..53d072c5ff 100644
--- a/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet.md
+++ b/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet.md
@@ -13,7 +13,7 @@ To configure a deployment as a remote cluster, use the [cluster update settings
* `Remote cluster alias`: When using API key authentication, the cluster alias must match the one you configured when adding the API key in the Cloud UI as **Remote cluster name**.
* `mode`: `proxy`
-* `proxy_address`: This value can be found on the **Security** page of the {{remote_type}} you want to use as a remote. Copy the **Proxy address** from the **Remote cluster parameters** section.
+* `proxy_address`: This value can be found on the **Security** page of the {{remote_type}} deployment you want to use as a remote. Copy the **Proxy address** from the **Remote cluster parameters** section.
Using the API, this value can be obtained from the {{es}} resource info, concatenating the field `metadata.endpoint` and port `9400` using a semicolon.
@@ -21,7 +21,7 @@ To configure a deployment as a remote cluster, use the [cluster update settings
If you’re using API keys as security model, change the port to `9443`.
::::
-* `server_name`: This value can be found on the **Security** page of the {{remote_type}} you want to use as a remote. Copy the **Server name** from the **Remote cluster parameters** section.
+* `server_name`: This value can be found on the **Security** page of the {{remote_type}} deployment you want to use as a remote. Copy the **Server name** from the **Remote cluster parameters** section.
Using the API, this can be obtained from the {{es}} resource info field `metadata.endpoint`.
diff --git a/deploy-manage/remote-clusters/_snippets/rcs-kibana-api-snippet-self.md b/deploy-manage/remote-clusters/_snippets/rcs-kibana-api-snippet-self.md
index 5ad7bd9089..46c102530d 100644
--- a/deploy-manage/remote-clusters/_snippets/rcs-kibana-api-snippet-self.md
+++ b/deploy-manage/remote-clusters/_snippets/rcs-kibana-api-snippet-self.md
@@ -12,7 +12,7 @@ This snippet is in use in the following locations:
* **Remote cluster name**: This *cluster alias* is a unique identifier that represents the connection to the remote cluster and is used to distinguish local and remote indices.
When using API key authentication, this alias must match the **Remote cluster name** you configured when adding the API key in the Cloud UI.
- * **Remote address**: Enter the endpoint of the remote self-managed cluster, including the hostname, FQDN, or IP address, and the port.
+ * **Remote address**: Enter the endpoint of the remote cluster, including the hostname, FQDN, or IP address, and the port.
Make sure you use the correct port for your authentication method:
* **API keys**: Use the port configured in the remote cluster interface of the remote cluster (defaults to `9443`).
diff --git a/deploy-manage/remote-clusters/_snippets/rcs-kibana-api-snippet.md b/deploy-manage/remote-clusters/_snippets/rcs-kibana-api-snippet.md
index e56faeb21a..3c8a19cc81 100644
--- a/deploy-manage/remote-clusters/_snippets/rcs-kibana-api-snippet.md
+++ b/deploy-manage/remote-clusters/_snippets/rcs-kibana-api-snippet.md
@@ -18,7 +18,7 @@ It requires remote_type substitution to be defined
When using API key authentication, this alias must match the **Remote cluster name** you configured when adding the API key in the Cloud UI.
- * **Remote address**: This value can be found on the **Security** page of the {{remote_type}} you want to use as a remote. Copy the **Proxy address** from the **Remote cluster parameters** section.
+ * **Remote address**: This value can be found on the **Security** page of the {{remote_type}} deployment you want to use as a remote. Copy the **Proxy address** from the **Remote cluster parameters** section.
::::{note}
If you’re using API keys as security model, change the port to `9443`.
@@ -27,7 +27,7 @@ It requires remote_type substitution to be defined
* **Configure advanced options** (optional): Expand this section if you need to customize additional settings.
* **TLS server name**: Specify a value if the certificate presented by the remote cluster is signed for a different name than the remote address.
- This value can be found on the **Security** page of the {{remote_type}} you want to use as a remote. Copy the **Server name** from the **Remote cluster parameters** section.
+ This value can be found on the **Security** page of the {{remote_type}} deployment you want to use as a remote. Copy the **Server name** from the **Remote cluster parameters** section.
* **Socket connections**: Define the number of connections to open with the remote cluster.
diff --git a/deploy-manage/remote-clusters/_snippets/retrieve-ece-ca.md b/deploy-manage/remote-clusters/_snippets/retrieve-ece-ca.md
new file mode 100644
index 0000000000..47989a6784
--- /dev/null
+++ b/deploy-manage/remote-clusters/_snippets/retrieve-ece-ca.md
@@ -0,0 +1,14 @@
+Before configuring the local deployment, retrieve the CA certificate of the remote ECE proxy. To find this certificate:
+
+1. In the remote ECE environment, go to **Platform > Settings > TLS certificates**.
+2. Select **Show certificate chain** under **Proxy**.
+3. Click **Copy root certificate** and paste it into a new file. The root certificate is the last certificate shown in the chain.
+
+ :::{image} /deploy-manage/images/cloud-remote-clusters-proxy-certificate.png
+ :alt: Certificate to copy from the chain
+ :::
+
+4. Save the file as `.crt`.
+
+You can now proceed to configure the local deployment. The CA file you saved will be used in one of the following steps.
+
diff --git a/deploy-manage/remote-clusters/_snippets/trusted-environment-change-api-key.md b/deploy-manage/remote-clusters/_snippets/trusted-environment-change-api-key.md
new file mode 100644
index 0000000000..c64b299051
--- /dev/null
+++ b/deploy-manage/remote-clusters/_snippets/trusted-environment-change-api-key.md
@@ -0,0 +1,27 @@
+This section describes the steps to change the API key used for an existing remote connection. For example, if the previous key expired and you need to rotate it with a new one.
+
+::::{note}
+If you need to update the permissions granted by a cross-cluster API key for a remote connection, you only need to update the privileges granted by the API key directly in {{kib}}.
+::::
+
+
+1. On the deployment you will use as remote, use the [{{es}} API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-security-create-cross-cluster-api-key) or [{{kib}}](/deploy-manage/api-keys/elasticsearch-api-keys.md) to create a cross-cluster API key with the appropriate permissions. Configure it with access to the indices you want to use for {{ccs}} or {{ccr}}.
+2. Copy the encoded key (`encoded` in the response) to a safe location. You will need it in the next steps.
+3. From the navigation menu of your local deployment, select **Security** and locate the **Remote connections** section.
+4. Locate the API key currently used for connecting to the remote cluster, copy its current alias, and delete it.
+5. Add the new API key by selecting **Add API key**.
+
+ * For the **Remote cluster name**, enter the same alias that was used for the previous key.
+
+ ::::{note}
+ If you use a different alias, you also need to re-create the remote cluster in {{kib}} with a **Remote cluster name** that matches the new alias.
+ ::::
+
+ * For the **Cross-cluster API key**, paste the encoded cross-cluster API key, then click **Add** to save the API key to the keystore.
+
+6. Restart the local deployment to reload the keystore with its new setting. To do that, go to the deployment's main page (named after your deployment's name), locate the **Actions** menu, and select **Restart {{es}}**.
+
+ ::::{note}
+ If the local deployment runs on version 8.14 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.
+ ::::
+
diff --git a/deploy-manage/remote-clusters/_snippets/trusted-environment-manage.md b/deploy-manage/remote-clusters/_snippets/trusted-environment-manage.md
new file mode 100644
index 0000000000..7bd95a7fbe
--- /dev/null
+++ b/deploy-manage/remote-clusters/_snippets/trusted-environment-manage.md
@@ -0,0 +1,6 @@
+From a deployment's **Security** page, you can manage trusted environments that were created previously. This can happen when:
+
+* You no longer need a trusted environment and want to remove it.
+* You want to refresh the certificate, or add or remove trusted deployments of an existing trusted environment relying on certificates as a security model.
+* You want to remove or update the access level granted by a cross-cluster API key.
+
diff --git a/deploy-manage/remote-clusters/_snippets/trusted-environment-remove-cert.md b/deploy-manage/remote-clusters/_snippets/trusted-environment-remove-cert.md
new file mode 100644
index 0000000000..d6df3a98a6
--- /dev/null
+++ b/deploy-manage/remote-clusters/_snippets/trusted-environment-remove-cert.md
@@ -0,0 +1,17 @@
+By removing a trusted environment, this deployment will no longer be able to establish remote connections using certificate trust to clusters of that environment. The remote environment will also no longer be able to connect to this deployment using certificate trust.
+
+::::{note}
+With this method, you can only remove trusted environments relying exclusively on certificates. To remove remote connections that use API keys for authentication, refer to [Change a cross-cluster API key used for a remote connection](#edit-remove-trusted-environment-api-key).
+::::
+
+1. Go to the deployment's **Security** page.
+2. In the list of trusted environments, locate the one you want to remove.
+3. Remove it using the corresponding `delete` icon.
+
+ :::{image} /deploy-manage/images/cloud-delete-trust-environment.png
+ :alt: button for deleting a trusted environment
+ :::
+
+1. Go to the **Remote Clusters** management page in the navigation menu or use the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md).
+2. In the list of existing remote clusters, delete the ones corresponding to the trusted environment you removed earlier.
+
diff --git a/deploy-manage/remote-clusters/_snippets/trusted-environment-update-cert.md b/deploy-manage/remote-clusters/_snippets/trusted-environment-update-cert.md
new file mode 100644
index 0000000000..fe53ce133b
--- /dev/null
+++ b/deploy-manage/remote-clusters/_snippets/trusted-environment-update-cert.md
@@ -0,0 +1,15 @@
+1. Go to the deployment's **Security** page.
+2. In the list of trusted environments, locate the one you want to edit.
+3. Open its details by selecting the `Edit` icon.
+
+ :::{image} /deploy-manage/images/cloud-edit-trust-environment.png
+ :alt: button for editing a trusted environment
+ :::
+
+4. Edit the trust configuration for that environment:
+
+ * From the **Trust level** tab, you can add or remove trusted deployments.
+ * From the **Environment settings** tab, you can manage the certificates and the label of the environment.
+
+5. Save your changes.
+
diff --git a/deploy-manage/remote-clusters/ec-edit-remove-trusted-environment.md b/deploy-manage/remote-clusters/ec-edit-remove-trusted-environment.md
index 70a782d342..6ac840ac9c 100644
--- a/deploy-manage/remote-clusters/ec-edit-remove-trusted-environment.md
+++ b/deploy-manage/remote-clusters/ec-edit-remove-trusted-environment.md
@@ -11,77 +11,23 @@ products:
# Manage trusted environments for remote connections in {{ech}} [ec-edit-remove-trusted-environment]
-From a deployment’s **Security** page, you can manage trusted environments that were created previously. This can happen when:
-
-* You no longer need a trusted environment and want to remove it.
-* You want to refresh the certificate, or add or remove trusted deployments of an existing trusted environment relying on certificates as a security model.
-* You want to remove or update the access level granted by a cross-cluster API key.
+:::{include} _snippets/trusted-environment-manage.md
+:::
## Remove a certificate-based trusted environment [ec_remove_a_trusted_environment]
-By removing a trusted environment, this deployment will no longer be able to establish remote connections using certificate trust to clusters of that environment. The remote environment will also no longer be able to connect to this deployment using certificate trust.
-
-::::{note}
-With this method, you can only remove trusted environments relying exclusively on certificates. To remove remote connections that use API keys for authentication, refer to [Change a cross-cluster API key used for a remote connection](#ec-edit-remove-trusted-environment-api-key).
-::::
-
-
-1. Go to the deployment’s **Security** page.
-2. In the list of trusted environments, locate the one you want to remove.
-3. Remove it using the corresponding `delete` icon.
-
- :::{image} /deploy-manage/images/cloud-delete-trust-environment.png
- :alt: button for deleting a trusted environment
- :::
-
-1. Go to the **Remote Clusters** management page in the navigation menu or use the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md).
-2. In the list of existing remote clusters, delete the ones corresponding to the trusted environment you removed earlier.
+:::{include} _snippets/trusted-environment-remove-cert.md
+:::
## Update a certificate-based trusted environment [ec_update_a_certificate_based_trusted_environment]
-1. Go to the deployment’s **Security** page.
-2. In the list of trusted environments, locate the one you want to edit.
-3. Open its details by selecting the `Edit` icon.
-
- :::{image} /deploy-manage/images/cloud-edit-trust-environment.png
- :alt: button for editing a trusted environment
- :::
-
-4. Edit the trust configuration for that environment:
-
- * From the **Trust level** tab, you can add or remove trusted deployments.
- * From the **Environment settings** tab, you can manage the certificates and the label of the environment.
-
-5. Save your changes.
-
-
-## Change a cross-cluster API key used for a remote connection [ec-edit-remove-trusted-environment-api-key]
-
-This section describes the steps to change the API key used for an existing remote connection. For example, if the previous key expired and you need to rotate it with a new one.
-
-::::{note}
-If you need to update the permissions granted by a cross-cluster API key for a remote connection, you only need to update the privileges granted by the API key directly in {{kib}}.
-::::
-
-
-1. On the deployment you will use as remote, use the [{{es}} API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-security-create-cross-cluster-api-key) or [{{kib}}](../api-keys/elasticsearch-api-keys.md) to create a cross-cluster API key with the appropriate permissions. Configure it with access to the indices you want to use for {{ccs}} or {{ccr}}.
-2. Copy the encoded key (`encoded` in the response) to a safe location. You will need it in the next steps.
-3. From the navigation menu, select **Security** and locate the **Remote connections** section.
-4. Locate the API key currently used for connecting to the remote cluster, copy its current alias, and delete it.
-5. Add the new API key by selecting **Add API key**.
-
- * For the **Setting name**, enter the same alias that was used for the previous key.
-
- ::::{note}
- If you use a different alias, you also need to re-create the remote cluster in {{kib}} with a **Name** that matches the new alias.
- ::::
+:::{include} _snippets/trusted-environment-update-cert.md
+:::
- * For the **Secret**, paste the encoded cross-cluster API key, then click **Add** to save the API key to the keystore.
-6. Restart the local deployment to reload the keystore with its new setting. To do that, go to the deployment’s main page (named after your deployment’s name), locate the **Actions** menu, and select **Restart {{es}}**.
+## Change a cross-cluster API key used for a remote connection [edit-remove-trusted-environment-api-key]
- ::::{note}
- If the local deployment runs on version 8.14 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.
- ::::
+:::{include} _snippets/trusted-environment-change-api-key.md
+:::
diff --git a/deploy-manage/remote-clusters/ec-remote-cluster-ece.md b/deploy-manage/remote-clusters/ec-remote-cluster-ece.md
index 7faa643d71..b80cffea85 100644
--- a/deploy-manage/remote-clusters/ec-remote-cluster-ece.md
+++ b/deploy-manage/remote-clusters/ec-remote-cluster-ece.md
@@ -9,7 +9,7 @@ applies_to:
products:
- id: cloud-hosted
sub:
- remote_type: Elastic Cloud Enterprise deployment
+ remote_type: Elastic Cloud Enterprise
---
# Connect {{ech}} deployments to an {{ece}} environment [ec-remote-cluster-ece]
@@ -61,47 +61,13 @@ The steps to follow depend on whether the Certificate Authority (CA) of the remo
::::
-
::::{dropdown} The CA is private
-1. Log in to the [{{ecloud}} Console](https://cloud.elastic.co?page=docs&placement=docs-body).
-2. On the home page, find your hosted deployment and select **Manage** to access it directly. Or, select **Hosted deployments** to go to the **Hosted deployments** page to view all of your deployments.
-
- On the **Hosted deployments** page you can narrow your deployments by name, ID, or choose from several other filters. To customize your view, use a combination of filters, or change the format from a grid to a list.
-
-3. Access the **Security** page of the deployment.
-4. Select **Remote Connections > Add trusted environment** and choose **{{ece}}**. Then click **Next**.
-5. Select **API keys** as authentication mechanism and click **Next**.
-6. Add a the API key:
-
- 1. Fill both fields.
-
- * For the **Remote cluster name**, enter the the alias of your choice. You will use this alias to connect to the remote cluster later. It must be lowercase and only contain letters, numbers, dashes and underscores.
- * For the **Cross-cluster API key**, paste the encoded cross-cluster API key.
-
- 2. Click **Add** to save the API key to the keystore.
- 3. Repeat these steps for each API key you want to add. For example, if you want to use several deployments of the remote environment for CCR or CCS.
-
-7. Add the CA certificate of the private proxy or load balancing infrastructure of the remote environment. To find this certificate:
-
- 1. In the remote {{ece}} environment, go to **Platform > Settings > TLS certificates**.
- 2. Select **Show certificate chain** under **Proxy**.
- 3. Click **Copy root certificate** and paste it into a new file. The root certificate is the last certificate shown in the chain.
- 4. Save that file as `.crt`. It is now ready to be uploaded.
-
- :::{image} /deploy-manage/images/cloud-remote-clusters-proxy-certificate.png
- :alt: Certificate to copy from the chain
- :::
-
-8. Provide a name for the trusted environment. That name will appear in the trust summary of your deployment’s **Security** page.
-9. Select **Create trust** to complete the configuration.
-10. Restart the local deployment to reload the keystore with its new setting. To do that, go to the deployment’s main page (named after your deployment’s name), locate the **Actions** menu, and select **Restart {{es}}**.
-
- ::::{note}
- If the local deployment runs on version 8.14 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.
- ::::
+:::{include} _snippets/retrieve-ece-ca.md
+:::
-If you need to update the remote connection with different permissions later, refer to [Change a cross-cluster API key used for a remote connection](ec-edit-remove-trusted-environment.md#ec-edit-remove-trusted-environment-api-key).
+:::{include} _snippets/apikeys-local-ech-remote-private.md
+:::
::::
::::::
diff --git a/deploy-manage/remote-clusters/ec-remote-cluster-other-ess.md b/deploy-manage/remote-clusters/ec-remote-cluster-other-ess.md
index eab530c07c..50109a5f5f 100644
--- a/deploy-manage/remote-clusters/ec-remote-cluster-other-ess.md
+++ b/deploy-manage/remote-clusters/ec-remote-cluster-other-ess.md
@@ -8,7 +8,7 @@ applies_to:
products:
- id: cloud-hosted
sub:
- remote_type: Elastic Cloud Hosted deployment
+ remote_type: Elastic Cloud Hosted
---
# Connect to deployments in another {{ecloud}} organization [ec-remote-cluster-other-ess]
diff --git a/deploy-manage/remote-clusters/ec-remote-cluster-same-ess.md b/deploy-manage/remote-clusters/ec-remote-cluster-same-ess.md
index 0fe3032daa..0675f7318e 100644
--- a/deploy-manage/remote-clusters/ec-remote-cluster-same-ess.md
+++ b/deploy-manage/remote-clusters/ec-remote-cluster-same-ess.md
@@ -8,7 +8,7 @@ applies_to:
products:
- id: cloud-hosted
sub:
- remote_type: Elastic Cloud Hosted deployment
+ remote_type: Elastic Cloud Hosted
---
# Connect to deployments in the same {{ecloud}} organization [ec-remote-cluster-same-ess]
diff --git a/deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md b/deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md
index 00e186f4d0..a86322a079 100644
--- a/deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md
+++ b/deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md
@@ -8,6 +8,8 @@ applies_to:
self: ga
products:
- id: cloud-hosted
+sub:
+ remote_type: Self-managed
---
# Connect {{ech}} deployments to self-managed clusters [ec-remote-cluster-self-managed]
@@ -57,35 +59,9 @@ The steps to follow depend on whether the Certificate Authority (CA) of the remo
::::{dropdown} The CA is private
-1. Log in to the [{{ecloud}} Console](https://cloud.elastic.co?page=docs&placement=docs-body).
-2. On the home page, find your hosted deployment and select **Manage** to access it directly. Or, select **Hosted deployments** to go to the **Hosted deployments** page to view all of your deployments.
- On the **Hosted deployments** page you can narrow your deployments by name, ID, or choose from several other filters. To customize your view, use a combination of filters, or change the format from a grid to a list.
-
-3. Access the **Security** page of the deployment.
-4. Select **Remote Connections > Add trusted environment** and choose **Self-managed**. Then click **Next**.
-5. Select **API keys** as authentication mechanism and click **Next**.
-6. Add a the API key:
-
- 1. Fill both fields.
-
- * For the **Remote cluster name**, enter the the alias of your choice. You will use this alias to connect to the remote cluster later. It must be lowercase and only contain letters, numbers, dashes and underscores.
- * For the **Cross-cluster API key**, paste the encoded cross-cluster API key.
-
- 2. Click **Add** to save the API key to the keystore.
- 3. Repeat these steps for each API key you want to add. For example, if you want to use several clusters of the remote environment for CCR or CCS.
-
-7. Add the CA certificate of the remote self-managed environment.
-8. Provide a name for the trusted environment. That name will appear in the trust summary of your deployment’s **Security** page.
-9. Select **Create trust** to complete the configuration.
-10. Restart the local deployment to reload the keystore with its new setting. To do that, go to the deployment’s main page (named after your deployment’s name), locate the **Actions** menu, and select **Restart {{es}}**.
-
- ::::{note}
- If the local deployment runs on version 8.14 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.
- ::::
-
-
-If you need to update the remote connection with different permissions later, refer to [Change a cross-cluster API key used for a remote connection](ec-edit-remove-trusted-environment.md#ec-edit-remove-trusted-environment-api-key).
+:::{include} _snippets/apikeys-local-ech-remote-private.md
+:::
::::
::::::
diff --git a/deploy-manage/remote-clusters/ece-edit-remove-trusted-environment.md b/deploy-manage/remote-clusters/ece-edit-remove-trusted-environment.md
index 54b870ad44..0a8090be7f 100644
--- a/deploy-manage/remote-clusters/ece-edit-remove-trusted-environment.md
+++ b/deploy-manage/remote-clusters/ece-edit-remove-trusted-environment.md
@@ -11,77 +11,23 @@ products:
# Manage trusted environments for remote connections in {{ece}} [ece-edit-remove-trusted-environment]
-From a deployment’s **Security** page, you can manage trusted environments that were created previously. This can happen when:
-
-* You no longer need a trusted environment and want to remove it.
-* You want to refresh the certificate, or add or remove trusted deployments of an existing trusted environment relying on certificates as a security model.
-* You want to remove or update the access level granted by a cross-cluster API key.
+:::{include} _snippets/trusted-environment-manage.md
+:::
## Remove a certificate-based trusted environment [ece_remove_a_trusted_environment]
-By removing a trusted environment, this deployment will no longer be able to establish remote connections using certificate trust to clusters of that environment. The remote environment will also no longer be able to connect to this deployment using certificate trust.
-
-::::{note}
-With this method, you can only remove trusted environments relying exclusively on certificates. To remove remote connections that use API keys for authentication, refer to [Update the access level of a remote cluster connection relying on a cross-cluster API key](#ece-edit-remove-trusted-environment-api-key).
-::::
-
-
-1. Go to the deployment’s **Security** page.
-2. In the list of trusted environments, locate the one you want to remove.
-3. Remove it using the corresponding `delete` icon.
-
- :::{image} /deploy-manage/images/cloud-enterprise-delete-trust-environment.png
- :alt: button for deleting a trusted environment
- :::
-
-1. Go to the **Remote Clusters** management page in the navigation menu or use the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md).
-2. In the list of existing remote clusters, delete the ones corresponding to the trusted environment you removed earlier.
+:::{include} _snippets/trusted-environment-remove-cert.md
+:::
## Update a certificate-based trusted environment [ece_update_a_certificate_based_trusted_environment]
-1. Go to the deployment’s **Security** page.
-2. In the list of trusted environments, locate the one you want to edit.
-3. Open its details by selecting the `Edit` icon.
-
- :::{image} /deploy-manage/images/cloud-enterprise-edit-trust-environment.png
- :alt: button for editing a trusted environment
- :::
-
-4. Edit the trust configuration for that environment:
-
- * From the **Trust level** tab, you can add or remove trusted deployments.
- * From the **Environment settings** tab, you can manage the certificates and the label of the environment.
-
-5. Save your changes.
-
-
-## Change a cross-cluster API key used for a remote connection [ece-edit-remove-trusted-environment-api-key]
-
-This section describes the steps to change the API key used for an existing remote connection. For example, if the previous key expired and you need to rotate it with a new one.
-
-::::{note}
-If you need to update the permissions granted by a cross-cluster API key for a remote connection, you only need to update the privileges granted by the API key directly in {{kib}}.
-::::
-
-
-1. On the deployment you will use as remote, use the [{{es}} API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-security-create-cross-cluster-api-key) or [{{kib}}](../api-keys/elasticsearch-api-keys.md) to create a cross-cluster API key with the appropriate permissions. Configure it with access to the indices you want to use for {{ccs}} or {{ccr}}.
-2. Copy the encoded key (`encoded` in the response) to a safe location. You will need it in the next steps.
-3. Go to the **Security** page of the local deployment and locate the **Remote connections** section.
-4. Locate the API key currently used for connecting to the remote cluster, copy its current alias, and delete it.
-5. Add the new API key by selecting **Add an API key**.
-
- * For the **Setting name**, enter the same alias that was used for the previous key.
-
- ::::{note}
- If you use a different alias, you also need to re-create the remote cluster in {{kib}} with a **Name** that matches the new alias.
- ::::
+:::{include} _snippets/trusted-environment-update-cert.md
+:::
- * For the **Secret**, paste the encoded cross-cluster API key, then click **Add** to save the API key to the keystore.
-6. Restart the local deployment to reload the keystore with its new setting. To do that, go to the deployment’s main page (named after your deployment’s name), locate the **Actions** menu, and select **Restart {{es}}**.
+## Change a cross-cluster API key used for a remote connection [edit-remove-trusted-environment-api-key]
- ::::{note}
- If the local deployment runs on version 8.14 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.
- ::::
+:::{include} _snippets/trusted-environment-change-api-key.md
+:::
diff --git a/deploy-manage/remote-clusters/ece-remote-cluster-ece-ess.md b/deploy-manage/remote-clusters/ece-remote-cluster-ece-ess.md
index 4c7b2a8f34..5e6e2cc0d3 100644
--- a/deploy-manage/remote-clusters/ece-remote-cluster-ece-ess.md
+++ b/deploy-manage/remote-clusters/ece-remote-cluster-ece-ess.md
@@ -9,7 +9,7 @@ applies_to:
products:
- id: cloud-enterprise
sub:
- remote_type: Elastic Cloud Hosted deployment
+ remote_type: Elastic Cloud Hosted
---
# Connect {{ece}} deployments to an {{ecloud}} organization [ece-remote-cluster-ece-ess]
diff --git a/deploy-manage/remote-clusters/ece-remote-cluster-other-ece.md b/deploy-manage/remote-clusters/ece-remote-cluster-other-ece.md
index 7690d27981..9acba46756 100644
--- a/deploy-manage/remote-clusters/ece-remote-cluster-other-ece.md
+++ b/deploy-manage/remote-clusters/ece-remote-cluster-other-ece.md
@@ -8,7 +8,7 @@ applies_to:
products:
- id: cloud-enterprise
sub:
- remote_type: Elastic Cloud Enterprise deployment
+ remote_type: Elastic Cloud Enterprise
---
# Connect to deployments in a different {{ece}} environment [ece-remote-cluster-other-ece]
@@ -61,45 +61,12 @@ The steps to follow depend on whether the Certificate Authority (CA) of the remo
::::{dropdown} The CA is private
-1. [Log into the Cloud UI](../deploy/cloud-enterprise/log-into-cloud-ui.md).
-2. On the **Deployments** page, select your deployment.
-
- Narrow the list by name, ID, or choose from several other filters. To further define the list, use a combination of filters.
-
-3. Access the **Security** page of the deployment.
-4. Select **Remote Connections > Add trusted environment** and choose **{{ece}}**. Then click **Next**.
-5. Select **API keys** as authentication mechanism and click **Next**.
-6. Add a the API key:
-
- 1. Fill both fields.
-
- * For the **Setting name**, enter the the alias of your choice. You will use this alias to connect to the remote cluster later. It must be lowercase and only contain letters, numbers, dashes and underscores.
- * For the **Secret**, paste the encoded cross-cluster API key.
-
- 2. Click **Add** to save the API key to the keystore.
- 3. Repeat these steps for each API key you want to add. For example, if you want to use several deployments of the remote environment for CCR or CCS.
-
-7. Add the CA certificate of the private proxy or load balancing infrastructure of the remote environment. To find this certificate:
-
- 1. In the remote {{ece}} environment, go to **Platform > Settings > TLS certificates**.
- 2. Select **Show certificate chain** under **Proxy**.
- 3. Click **Copy root certificate** and paste it into a new file. The root certificate is the last certificate shown in the chain.
- 4. Save that file as `.crt`. It is now ready to be uploaded.
-
- :::{image} /deploy-manage/images/cloud-enterprise-remote-clusters-proxy-certificate.png
- :alt: Certificate to copy from the chain
- :::
-
-8. Provide a name for the trusted environment. That name will appear in the trust summary of your deployment’s **Security** page.
-9. Select **Create trust** to complete the configuration.
-10. Restart the local deployment to reload the keystore with its new setting. To do that, go to the deployment’s main page (named after your deployment’s name), locate the **Actions** menu, and select **Restart {{es}}**.
-
- ::::{note}
- If the local deployment runs on version 8.14 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.
- ::::
+:::{include} _snippets/retrieve-ece-ca.md
+:::
-If you need to update the remote connection with different permissions later, refer to [Change a cross-cluster API key used for a remote connection](ece-edit-remove-trusted-environment.md#ece-edit-remove-trusted-environment-api-key).
+:::{include} _snippets/apikeys-local-ece-remote-private.md
+:::
::::
::::::
diff --git a/deploy-manage/remote-clusters/ece-remote-cluster-same-ece.md b/deploy-manage/remote-clusters/ece-remote-cluster-same-ece.md
index b6ad34ef82..8ca39a5f2f 100644
--- a/deploy-manage/remote-clusters/ece-remote-cluster-same-ece.md
+++ b/deploy-manage/remote-clusters/ece-remote-cluster-same-ece.md
@@ -8,7 +8,7 @@ applies_to:
products:
- id: cloud-enterprise
sub:
- remote_type: Elastic Cloud Enterprise deployment
+ remote_type: Elastic Cloud Enterprise
---
# Connect to deployments in the same {{ece}} environment [ece-remote-cluster-same-ece]
diff --git a/deploy-manage/remote-clusters/ece-remote-cluster-self-managed.md b/deploy-manage/remote-clusters/ece-remote-cluster-self-managed.md
index 93f91ae9b3..5a784be67e 100644
--- a/deploy-manage/remote-clusters/ece-remote-cluster-self-managed.md
+++ b/deploy-manage/remote-clusters/ece-remote-cluster-self-managed.md
@@ -8,6 +8,8 @@ applies_to:
self: ga
products:
- id: cloud-enterprise
+sub:
+ remote_type: Self-managed
---
# Connect {{ece}} deployments to self-managed clusters [ece-remote-cluster-self-managed]
@@ -57,35 +59,9 @@ The steps to follow depend on whether the Certificate Authority (CA) of the remo
::::{dropdown} The CA is private
-1. [Log into the Cloud UI](../deploy/cloud-enterprise/log-into-cloud-ui.md).
-2. On the **Deployments** page, select your deployment.
- Narrow the list by name, ID, or choose from several other filters. To further define the list, use a combination of filters.
-
-3. Access the **Security** page of the deployment.
-4. Select **Remote Connections > Add trusted environment** and choose **Self-managed**. Then click **Next**.
-5. Select **API keys** as authentication mechanism and click **Next**.
-6. Add a the API key:
-
- 1. Fill both fields.
-
- * For the **Setting name**, enter the the alias of your choice. You will use this alias to connect to the remote cluster later. It must be lowercase and only contain letters, numbers, dashes and underscores.
- * For the **Secret**, paste the encoded cross-cluster API key.
-
- 2. Click **Add** to save the API key to the keystore.
- 3. Repeat these steps for each API key you want to add. For example, if you want to use several clusters of the remote environment for CCR or CCS.
-
-7. Add the CA certificate of the remote self-managed environment.
-8. Provide a name for the trusted environment. That name will appear in the trust summary of your deployment’s **Security** page.
-9. Select **Create trust** to complete the configuration.
-10. Restart the local deployment to reload the keystore with its new setting. To do that, go to the deployment’s main page (named after your deployment’s name), locate the **Actions** menu, and select **Restart {{es}}**.
-
- ::::{note}
- If the local deployment runs on version 8.14 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.
- ::::
-
-
-If you need to update the remote connection with different permissions later, refer to [Change a cross-cluster API key used for a remote connection](ece-edit-remove-trusted-environment.md#ece-edit-remove-trusted-environment-api-key).
+:::{include} _snippets/apikeys-local-ece-remote-private.md
+:::
::::
::::::