CLOUDSTACK-770 ntier review comments

docs/en-US/add-loadbalancer-rule-vpc.xml

@@ -60,7 +60,7 @@
     </section>
     <section id="ext-lb-offering">
       <title>Creating a Network Offering for External LB</title>
-      <para>To have internal LB support on VPC, create a network offering as follows: </para>
+      <para>To have external LB support on VPC, create a network offering as follows: </para>
       <orderedlist>
         <listitem>
           <para>Log in to the &PRODUCT; UI as a user or admin.</para>
@@ -111,12 +111,16 @@
                 Indicate whether a VLAN should be specified when this offering is used.</para>
             </listitem>
             <listitem>
-              <para><emphasis role="bold">Supported Services</emphasis>: Select Load Balancer.
-                Select <code>InternalLbVM</code> from the provider list.</para>
+              <para><emphasis role="bold">Supported Services</emphasis>: Select Load Balancer. Use
+                Netscaler or VpcVirtualRouter.</para>
             </listitem>
             <listitem>
-              <para><emphasis role="bold">Load Balancer Type</emphasis>: Select external LB from the
-                drop-down. Use Netscaler</para>
+              <para><emphasis role="bold">Load Balancer Type</emphasis>: Select Public LB from the
+                drop-down.</para>
+            </listitem>
+            <listitem>
+              <para><emphasis role="bold">LB Isolation</emphasis>: Select Dedicated if Netscaler is
+                used as the external LB provider.</para>
             </listitem>
             <listitem>
               <para><emphasis role="bold">System Offering</emphasis>: Choose the system service
@@ -288,7 +292,9 @@
     </section>
     <section id="int-lb-offering">
       <title>Creating a Network Offering for Internal LB</title>
-      <para>To have internal LB support on VPC, create a network offering as follows: </para>
+      <para>To have internal LB support on VPC, either use the default offering,
+        DefaultIsolatedNetworkOfferingForVpcNetworksWithInternalLB, or create a network offering as
+        follows: </para>
       <orderedlist>
         <listitem>
           <para>Log in to the &PRODUCT; UI as a user or admin.</para>
@@ -364,6 +370,13 @@
     </section>
     <section id="int-lb-vpc">
       <title>Creating an Internal LB Rule</title>
+      <para>When you create the Internal LB rule and applies to a VM, an Internal LB VM, which is
+        responsible for load balancing, is created. You can view the created Internal LB VM in the
+        Instances page if you navigate to <emphasis role="bold">Infrastructure</emphasis> >
+          <emphasis role="bold">Zones</emphasis> > &lt;<emphasis role="italic">zone_
+        name</emphasis>&gt; > &lt;<emphasis role="italic">physical_network_name</emphasis>&gt; >
+          <emphasis role="bold">Network Service Providers</emphasis> > <emphasis role="bold"
+          >Internal LB VM</emphasis>. </para>
       <orderedlist>
         <listitem>
           <para>Log in to the &PRODUCT; UI as an administrator or end user.</para>
@@ -398,8 +411,9 @@
             </listitem>
             <listitem>
               <para><emphasis role="bold">Source IP Address</emphasis>: The source IP from which
-                traffic originates. Typically, this is the IP of an instance on another tier within
-                your VPC.</para>
+                traffic originates. The IP is acquired from the CIDR of that particular tier on
+                which you want to create the Internal LB rule. </para>
+              <para>For every Source IP, a new Internal LB VM is created for load balancing.</para>
             </listitem>
             <listitem>
               <para><emphasis role="bold">Source Port</emphasis>: The port associated with the

docs/en-US/configure-acl.xml

@@ -22,9 +22,11 @@
   <title>Configuring Network Access Control List</title>
   <para>Define Network Access Control List (ACL) on the VPC virtual router to control incoming
     (ingress) and outgoing (egress) traffic between the VPC tiers, and the tiers and Internet. By
-    default, all incoming and outgoing traffic to the guest networks is blocked. To open the ports,
-    you must create a new network ACL. The network ACLs can be created for the tiers only if the
-    NetworkACL service is supported.</para>
+    default, all incoming traffic to the guest networks is blocked and all outgoing traffic from
+    guest networks is allowed, once you add an ACL rule for outgoing traffic, then only outgoing
+    traffic specified in this ACL rule is allowed, the rest is blocked. To open the ports, you must
+    create a new network ACL. The network ACLs can be created for the tiers only if the NetworkACL
+    service is supported.</para>
   <section id="network-acl">
     <title>About Network ACL Lists</title>
     <para>In &PRODUCT; terminology, Network ACL is a group of Network ACL items. Network ACL items
@@ -35,8 +37,8 @@
       VPC tiers within a VPC. A Tier is associated with a Network ACL at all the times. Each tier
       can be associated with only one ACL.</para>
     <para>The default Network ACL is used when no ACL is associated. Default behavior is all the
-      incoming and outgoing traffic is blocked to the tiers. Default network ACL cannot be removed
-      or modified. Contents of the default Network ACL is:</para>
+      incoming traffic is blocked and outgoing traffic is allowed from the tiers. Default network
+      ACL cannot be removed or modified. Contents of the default Network ACL is:</para>
     <informaltable>
       <tgroup cols="5" align="left" colsep="1" rowsep="1">
         <colspec colnum="1" colname="c1" colwidth="31.5pt"/>
@@ -222,7 +224,7 @@
     </orderedlist>
   </section>
   <section id="create-acl-tier">
-    <title>Assigning a Custom ACL List to a Tier</title>
+    <title>Creating a Tier with Custom ACL List</title>
     <orderedlist>
       <listitem>
         <para>Create a VPC.</para>