Redis Enterprise Software Security

content/contribution-guide.md

@@ -114,7 +114,7 @@ and the concepts must explain any background information that is needed to know
 
         1. To create service accounts, on each participating cluster:
 
-            1. In your web browser, open the web UI of the cluster that you want to connect to in order to create the CRDB.
+            1. In your web browser, open the admin console of the cluster that you want to connect to in order to create the CRDB.
                 By default, the address is: `https://<RS_address>:8443`
             1. Go to **settings > team** and click ![Add](/images/rs/icon_add.png#no-click "Add").
             1. Enter the name, email, and password for the user, select the **Admin** role,

content/embeds/backup-locations.md

@@ -110,6 +110,6 @@ You can find the client and key details in your service account in the GCP conso
 - Make sure that the service account has the `Storage Legacy Bucket Writer` permission on the target bucket.
 - Make sure that the bucket doesn't use a retention policy because it can interfere with the process.
 - The format of the private key from the downloaded JSON is in a single string where new lines are marked with `\n` characters.
-    When you paste the key into the RS web UI, replace each `\n` character with a new line.
+    When you paste the key into the RS admin console, replace each `\n` character with a new line.
 
 {{< /note >}}

content/embeds/create-db.md

@@ -1,4 +1,4 @@
-1. In your web browser, open the web UI of the cluster that you want to connect to in order to create the { { < field "db_type"  > } }.
+1. In your web browser, open the admin console of the cluster that you want to connect to in order to create the { { < field "db_type"  > } }.
 
 <!-- When shortcodes can run in embeds, fix field shrotcode above. -->
 

content/modules/add-module-to-cluster.md

@@ -77,7 +77,7 @@ You can also use the `/v1/modules` endpoint, but modules with dependencies are b
 
 To add a module package to the cluster using the admin console:
 
-1. In the Redis Enterprise web UI, go to the: **settings**
+1. In the Redis Enterprise admin console, go to the: **settings**
 1. In **redis modules**, click **Add Module**.
 
     ![upgrade_module](/images/rs/upgrade_module.png)

content/modules/packaging-modules.md

@@ -26,7 +26,7 @@ require six steps:
 1. Compile the module
 1. Install ramp-packer utility
 1. Wrap the custom module using ramp utility
-1. Deploy the custom module to the cluster using the web UI
+1. Deploy the custom module to the cluster using the admin console
 1. Create a database that utilizes the module
 
 ### Get the module from GitHub

content/modules/redisearch/redisearch-2-upgrade.md

@@ -41,10 +41,10 @@ Make sure that you have Python 3 (`sudo apt install python3`) installed on the h
 
 To replicate a RediSearch 1.x database to a RediSearch 2.x database:
 
-1. Log in to the web UI of the RS cluster that you want to host the new database with RediSearch 2.x.
+1. Log in to the admin console of the RS cluster that you want to host the new database with RediSearch 2.x.
 1. Add the RediSearch 2.x module to the cluster:
     1. Go to the [Redis Labs Download Center](https://redislabs.com/download-center/modules/) and download the RediSearch 2.x module package.
-    1. In the Redis Enterprise web UI, go to the: **settings**
+    1. In the Redis Enterprise admin console, go to the: **settings**
     1. In **redis modules**, click **Add Module**.
 
        ![upgrade_module](/images/rs/upgrade_module.png)
@@ -69,8 +69,8 @@ To replicate a RediSearch 1.x database to a RediSearch 2.x database:
 
         Where:
 
-        - `destination url` - The replication URL of the RediSearch 2.x database that you see when you click on **Get Replica of source URL** in the database configuration in the web UI.
-        - `source url` - The replication URL of the RediSearch 1.x database that you see when you click on **Get Replica of source URL** in the database configuration in the web UI.
+        - `destination url` - The replication URL of the RediSearch 2.x database that you see when you click on **Get Replica of source URL** in the database configuration in the admin console.
+        - `source url` - The replication URL of the RediSearch 1.x database that you see when you click on **Get Replica of source URL** in the database configuration in the admin console.
         - `--add-prefix <prefix>` (optional) - Adds a prefix to all of the hashes that are replicated to the new database.
 
             {{< note >}}

content/platforms/faqs/_index.md

@@ -38,7 +38,7 @@ kubectl describe rec my-cluster-name
 The cluster admin user password is created by the Operator during the deployment of the Redis Enterprise cluster and is stored in a Kubernetes secret.
 
 {{< warning >}}
-Do not change the default admin user password in the Redis Enterprise web UI.
+Do not change the default admin user password in the Redis Enterprise admin console.
 Changing the admin password impacts the proper operation of the K8s deployment.
 {{< /warning >}}
 
@@ -152,7 +152,7 @@ echo "Q2h5N1BBY28=" | base64 –-decode
 ```
 
 {{< warning >}}
-Do not change the default admin user password in the Redis Enterprise web UI.
+Do not change the default admin user password in the Redis Enterprise admin console.
 Changing the admin password impacts the proper operation of the K8s deployment.
 {{< /warning >}}
 
@@ -165,7 +165,7 @@ Retrieve your password by selecting “Reveal Secret.”
 ![openshift-password-retrieval]( /images/rs/openshift-password-retrieval.png )
 
 {{< warning >}}
-Do not change the default admin user password in the Redis Enterprise web UI.
+Do not change the default admin user password in the Redis Enterprise admin console.
 Changing the admin password impacts the proper operation of the K8s deployment.
 {{< /warning >}}
 

content/platforms/kubernetes/concepts/db-controller.md

@@ -221,7 +221,7 @@ also updated with the generated database password.
 
 ### `enforceClientAuthentication`
 
-A boolean that indicates whether [client authentication]({{< relref "/rs/administering/designing-production/security/client-connections.md">}}) should be enforced (default: `true`).
+A boolean that indicates whether [client authentication]({{< relref "/rs/security/tls-ssl.md">}}) should be enforced (default: `true`).
 
 ### `evictionPolicy`
 
@@ -275,7 +275,7 @@ The number of [database shards]({{< relref "/rs/concepts/high-availability/clust
 
 ### `tlsMode`
 
-Controls SSL [authentication and encryption]({{< relref "/rs/administering/designing-production/security/tls-configuration.md">}}) for connections to the database.
+Controls SSL [authentication and encryption]({{< relref "/rs/security/tls-ssl.md">}}) for connections to the database.
 
 | Value | Description |
 | ----- | ----------- |

content/platforms/kubernetes/getting-started/openshift/_index.md

@@ -323,7 +323,7 @@ In order to create your database, we will log in to the Redis Enterprise UI.
 - Retrieve your password by selecting “Reveal Secret.”
 
     {{< warning >}}
-Do not change the default admin user password in the Redis Enterprise web UI.
+Do not change the default admin user password in the Redis Enterprise admin console.
 Changing the admin password impacts the proper operation of the K8s deployment.
     {{< /warning >}}
 

content/platforms/kubernetes/getting-started/openshift/openshift-cli.md

@@ -311,14 +311,14 @@ To create your database:
 
     Next, create your database.
 
-1. Open a browser window and navigate to the Redis Enterprise web UI at: `localhost:8443`
+1. Open a browser window and navigate to the Redis Enterprise admin console at: `localhost:8443`
 
     ![getting-started-kubernetes-openshift-image5]( /images/rs/getting-started-kubernetes-openshift-image5.png )
 
 1. To get your password from the OpenShift management console, go `Resources > Secrets > your_cluster_name`, select your project name, and select **Reveal Secret**.
 
     {{< warning >}}
-Do not change the default admin user password in the Redis Enterprise web UI.
+Do not change the default admin user password in the Redis Enterprise admin console.
 Changing the admin password can cause unextpected results in your K8s deployment.
     {{< /warning >}}
 

content/platforms/kubernetes/getting-started/openshift/openshift-operatorhub.md

@@ -243,7 +243,7 @@ the operator. The generated password is stored in a Kubernetes secret.
 - The Openshift UI provides tools for creating additional routing options, including external routes. These are covered in [RedHat Openshift documentation](https://docs.openshift.com/container-platform/4.3/dev_guide/routes.html).
     {{< /note >}}
 
-1. In a browser, go to localhost:8443 to open the Redis Enterprise web UI:
+1. In a browser, go to localhost:8443 to open the Redis Enterprise admin console:
 
     ![getting-started-kubernetes-openshift-image5]( /images/rs/getting-started-kubernetes-openshift-image5.png )
 
@@ -259,7 +259,7 @@ database.
 
 ### Step 3: Inspect your database services
 
-After you create your database in the Redis Enterprise web UI, the operator
+After you create your database in the Redis Enterprise admin console, the operator
 detects the change and creates Kubernetes services that expose the database. The
 databases are named according to the database name. For example, if you
 called your database "`test`", kubectl shows these services:

content/platforms/kubernetes/getting-started/tanzu/_index.md

@@ -400,7 +400,7 @@ In order to create your database, you will log in to the Redis Enterprise UI.
     dgeil7
     ```
 
-1. There are two primary options for accessing the Web UI:
+1. There are two primary options for accessing the admin console:
     1. If your PKS cluster has a load balancer service setup with a public IP you have access to or otherwise a routable IP address from your machine:
         - Determine that IP address:
 
@@ -433,7 +433,7 @@ In order to create your database, you will log in to the Redis Enterprise UI.
 
         - Use `localhost` followed by port number 8443 in your browser address bar: `https://localhost:8443`
 
-1. Log in to the Web UI with the username defined in your REC yaml and the password.
+1. Log in to the admin console with the username defined in your REC yaml and the password.
 
     ![getting-started-kubernetes-openshift-image5]( /images/rs/getting-started-kubernetes-openshift-image5.png )
 

content/platforms/kubernetes/reference/db-options.md

@@ -41,7 +41,7 @@ also updated with the generated database password.
 
 ### `enforceClientAuthentication`
 
-A boolean that indicates whether [client authentication]({{< relref "/rs/administering/designing-production/security/client-connections.md">}}) should be enforced (default: `true`).
+A boolean that indicates whether [client authentication]({{< relref "/rs/security/tls-ssl.md">}}) should be enforced (default: `true`).
 
 ### `evictionPolicy`
 
@@ -95,7 +95,7 @@ The number of [database shards]({{< relref "/rs/concepts/high-availability/clust
 
 ### `tlsMode`
 
-Controls SSL [authentication and encryption]({{< relref "/rs/administering/designing-production/security/tls-configuration.md">}}) for connections to the database.
+Controls SSL [authentication and encryption]({{< relref "/rs/security/tls-ssl.md">}}) for connections to the database.
 
 | Value | Description |
 | ----- | ----------- |

content/platforms/pcf/using-pcf.md

@@ -49,15 +49,15 @@ Available service plans are listed in either:
 
 ## Accessing the Redis Enterprise cluster UI
 
-1. Connect to the Redis Enterprise Admin Console by placing the **Cluster Management Console Subdomain** in the host part of the following URL: `https://[Cluster Management Console Subdomain].[System Domain]`.
+1. Connect to the Redis Enterprise admin console by placing the **Cluster Management Console Subdomain** in the host part of the following URL: `https://[Cluster Management Console Subdomain].[System Domain]`.
 
     For example: `https://console-redis.sys.my-domain.cf-app.com`
 
 1. Log in using the Administrator email account and password you specified in the tile configuration above.
 
     {{< note >}}
 Do not create or delete databases through the Redis Enterprise Cluster UI.
-Use the cf creates/delete/update-service commands or use the Pivotal Apps Manager web UI to create and manage databases through available plans.
+Use the cf creates/delete/update-service commands or use the Pivotal Apps Manager admin console to create and manage databases through available plans.
     {{< /note >}}
 
 ## Installing a license key in an existing cluster

content/rc/administration/account-team-settings.md

@@ -13,3 +13,101 @@ You can also:
 - Change the account Time Zone
 - Add a new Relic license key
 - Configure Multi-Factor Authentication (MFA)
+
+When you set up [SSL/TLS]({{< relref "/rc/security/database-security/tls-ssl.md" >}}) for your account,
+you must enter the downloadable Redis Labs CA Certificate from this page.
+
+![settings](/images/rc/settings.png)
+
+## Team management
+
+To manage the team of people who have access to the account, click on
+the "Team" tab and you will be presented with the current list of team
+members on this account.
+
+- To add more team members, click ![Add](/images/rs/icon_add.png#no-click "Add").
+- To edit an existing team member, click ![Edit](/images/rc/icon_edit.png#no-click "Edit").
+
+Team members can have different roles to the account:
+
+- **Owner** - Can view, create, and edit any settings in the account
+- **Member** - Can view, create, and edit databases
+- **Viewer** - Can view all databases and their configurations (including database secrets)
+
+### Team management for GCP Marketplace customers
+
+If you subscribed to Redis Cloud using GCP Marketplace, you can manage your team from the IAM section of the GCP console.
+To grant Redis Cloud access to a GCP user, assign one of these roles to the user:
+
+- **Viewer** - serviceusage.serviceUsageViewer and redisenterprisecloud.viewer
+- **Owner** - serviceusage.serviceUsageViewer and redisenterprisecloud.admin
+
+Users must log in using SSO to Redis Cloud at least once for them to be added to the team.
+
+## Multi-Factor Authentication (MFA)
+
+To reduce the chances of unauthorized access to the Redis Cloud admin console, each user can enable MFA to require an authentication code at login.
+The account owner can also enable MFA enforcement for all users in the account so that users cannot log in without MFA.
+
+When MFA is enabled it forces users to enter their username, password, and an authentication code sent to them by text message or generated by an app on their smartphone. MFA authentication requires a phone that can receive text messages.
+
+### Using MFA for a user account
+
+Each user can enable and configure MFA for their user account.
+The default MFA configuration sends an authentication code by text message that you must enter when you log in.
+
+To configure MFA for your user account:
+
+1. Log into your account.
+2. In the menu, click on your name.
+3. In your user profile, click **Multi-Factor Authentication**.
+4. Click **Activate Now**
+5. Enter your mobile phone number and enter the confirmation code sent to you by text message.
+
+Your account is now configured for MFA.
+When you log in to the Redis Cloud admin console, you are sent an authentication code by text message that you must enter.
+
+To change the mobile phone number, click **Configure** for the text message code and enter the new mobile phone number.
+
+{{< note >}}
+We recommend that you also configure MFA for an Authenticator app as a second method of MFA.
+If you cannot login to your account because of MFA, contact [Support](https://support.redislabs.com).
+
+If your mobile phone is lost or stolen, make sure that you update the MFA configuration to prevent unauthorized logins.
+{{< /note >}}
+
+#### Configuring MFA for an authenticator app
+
+After you configure MFA for text messages, you can also configure MFA to work with a Time-based One-Time Password (TOTP) app such as Google Authenticator.
+Then when you log in to the Redis Cloud admin console, you can select to use either an authentication code sent by text message or an authentication code shown in the Authenticator app for MFA.
+
+To configure MFA for the Authenticator app:
+
+1. Install the Google Authenticator app on your phone from the Apple Store or Google Play.
+1. Add Redis Cloud to the app:
+    1. In your profile in your Redis Cloud account, click **Multi-Factor Authentication**.
+    1. Click **Configure** for the authenticator app.
+    1. On your phone, open the Authenticator app.
+    1. Press the plus sign and press **Scan a barcode**.
+    1. Scan the Redis Cloud barcode.
+
+When you log in to the Redis Cloud admin console, you can do MFA either with a text message or the Authenticator app.
+If you do MFA with the Authenticator app, you must open the Authenticator app and enter the Redis Labs code into the Redis Cloud login.
+
+#### Deactivating MFA
+
+You can deactivate MFA for your user account. To deactivate MFA, go to your profile, click **Multi-Factor Authentication**, and click **Deactivate**.
+
+### Enforcing MFA for all user accounts
+
+Account owner users can enable MFA enforcement for all users in their account.
+After MFA is enforced for the account, all users that do not have MFA enabled are required to configure MFA the next time they log in to the Redis Cloud admin console.
+
+- When you enable MFA enforcement, users cannot disable MFA for their account.
+- When you disable MFA enforcement, users can disable MFA for their account.
+
+{{< tip >}}
+We recommend that you send an email to all the Redis Cloud admin console users to notify them of this change before you enable MFA enforcement.
+{{< /tip >}}
+
+To enable MFA enforcement for all user accounts, the account owner must enable **MFA enforcement** in **Settings** > **Account**.

content/rc/administration/setup/create-database.md

@@ -42,7 +42,7 @@ You must configure [VPC Peering]({{< relref "/rc/administration/setup/edit-subsc
 between the VPC that this database is on and the VPC that the destination database is on.
         {{< /note >}}
 
-    - **Access Control & Security**
+    - [**Access Control & Security**]({{< relref "/rs/security/tls-ssl.md" >}}) - You can:
         - Enable the **Default User** for the database.
             We recommend that you use a complex password between 8 and 128 characters, and with at least one uppercase letter (A-Z), one lowercase letter (a-z), one number (0-9), and one special character.
         - Specify the **Source IP/Subnet** addresses that your database receives

content/rc/api/concepts/metrics.md

@@ -7,7 +7,7 @@ categories: ["RC"]
 draft: true
 ---
 Metrics API provides programmatic access to database usage and performance data.
-The metrics API shows data that similar to the data that the Redis Cloud Admin Console shows in the database metrics.
+The metrics API shows data that similar to the data that the Redis Cloud admin console shows in the database metrics.
 
 ## Metric spans and intervals
 

content/rc/api/how-to/create-api-keys-for-your-team.md

@@ -1,6 +1,6 @@
 ---
 Title: Creating API Keys
-description: How to use the Redis Cloud Admin Console to create and manage API Keys for your Account's team owners
+description: How to use the Redis Cloud admin console to create and manage API Keys for your Account's team owners
 weight: 20
 alwaysopen: false
 categories: ["RC"]

content/rc/api/how-to/manage-api-keys.md

@@ -1,6 +1,6 @@
 ---
-Title: Managing API Keys
-description: Managing API Keys using the Redis Cloud Admin Console
+Title: Manage API Keys
+description: Managing API Keys using the Redis Cloud admin console
 weight: 30
 alwaysopen: false
 categories: ["RC"]