first pass edits

Author: anupras-mohapatra-arm

content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/_index.md

@@ -1,9 +1,5 @@
 ---
-title: Deploy Keycloak on Azure Cobalt 100 Arm64 virtual machines for identity and access management
-
-draft: true
-cascade:
-    draft: true
+title: Deploy Keycloak on Azure Cobalt 100-based Arm64 virtual machines for identity and access management
 
 description: Learn how to install and configure Keycloak on an Azure Cobalt 100 Arm64 virtual machine, integrate it with PostgreSQL, configure OAuth2/OpenID Connect authentication, and secure applications using centralized identity management.
 
@@ -12,14 +8,14 @@ minutes_to_complete: 90
 who_is_this_for: This is an introductory topic for developers, DevOps engineers, platform engineers, and cloud architects who want to deploy centralized authentication and identity management using Keycloak on Arm-based cloud environments.
 
 learning_objectives:
-    - Install and configure Keycloak on Azure Cobalt 100 Arm64 virtual machines
+    - Install and configure Keycloak on Azure Cobalt 100-based Arm64 virtual machines
     - Configure PostgreSQL as the backend database for Keycloak
     - Configure realms, users, and OAuth2/OpenID Connect clients
     - Integrate a Flask application with Keycloak authentication
     - Validate OAuth2/OpenID Connect authentication workflows
 
 prerequisites:
-  - A [Microsoft Azure account](https://azure.microsoft.com/) with access to Cobalt 100 based instances (Dpsv6)
+  - A [Microsoft Azure account](https://azure.microsoft.com/) with access to Cobalt 100-based instances (Dpsv6)
   - Basic knowledge of Linux command-line operations
   - Familiarity with SSH and remote server access
   - Basic understanding of authentication, OAuth2, and identity management concepts

content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/background.md

@@ -7,38 +7,32 @@ layout: "learningpathall"
 
 ## Why run Keycloak on Azure Cobalt 100
 
-Keycloak on Arm-based Azure Cobalt 100 processors delivers scalable and efficient identity and access management for modern cloud-native applications. Azure Cobalt 100 processors provide dedicated physical cores per vCPU, which helps deliver predictable performance for authentication workloads, user management, and OAuth2/OpenID Connect flows.
+Keycloak delivers scalable and efficient identity and access management for modern cloud-native applications. Azure Cobalt 100 processors provide dedicated physical cores per vCPU, which helps deliver predictable performance for authentication workloads, user management, and OAuth2/OpenID Connect (OIDC) flows.
 
 Keycloak benefits from the strong multi-core performance and energy efficiency of Arm-based Azure infrastructure, making it well suited for enterprise authentication systems, API security, and cloud-native identity platforms.
 
 ## Azure Cobalt 100 Arm-based processor
 
-Azure’s Cobalt 100 is Microsoft’s first-generation, in-house Arm-based processor. Built on Arm Neoverse N2, Cobalt 100 is a 64-bit CPU that delivers strong performance and energy efficiency for cloud-native, scale-out Linux workloads. These workloads include web and application servers, data analytics, open-source databases, and caching systems. Running at 3.4 GHz, Cobalt 100 allocates a dedicated physical core for each vCPU, ensuring consistent and predictable performance.
+Azure’s Cobalt 100 is Microsoft’s first-generation, in-house Arm-based processor. Built on Arm Neoverse N2, Cobalt 100 is a 64-bit CPU that delivers strong performance and energy efficiency for cloud-native, scale-out Linux workloads. Running at 3.4 GHz, Cobalt 100 allocates a dedicated physical core for each vCPU, ensuring consistent and predictable performance.
 
 To learn more, see the Microsoft blog [Announcing the preview of new Azure VMs based on the Azure Cobalt 100 processor](https://techcommunity.microsoft.com/blog/azurecompute/announcing-the-preview-of-new-azure-vms-based-on-the-azure-cobalt-100-processor/4146353).
 
-## How Keycloak improves authentication and identity management
+## How Keycloak provides authentication and identity management
 
-Keycloak is an open-source Identity and Access Management (IAM) platform that simplifies authentication and authorization for applications and services.
+Keycloak is an open-source identity and access management (IAM) platform that simplifies authentication and authorization for applications and services.
 
-Keycloak supports modern authentication standards such as:
+Keycloak supports modern authentication standards such as OAuth2, OIDC, and SAML. It integrates with web applications, APIs, Kubernetes platforms, microservices, and enterprise identity systems, making it ideal for securing cloud-native workloads.
 
-- OAuth2
-- OpenID Connect (OIDC)
-- SAML
+Keycloak provides several important capabilities for authentication and security management. You can use its single sign-on (SSO) support to authenticate once and access multiple applications without logging in again. With centralized identity management, you can manage users, roles, groups, and authentication policies from a single platform. With OAuth2 and OpenID Connect support, you get simplified secure API and application authentication workflows.
 
-Keycloak provides centralized authentication, allowing users to log in once and securely access multiple applications using Single Sign-On (SSO).
+Keycloak also supports multi-factor authentication (MFA) for stronger account security, user federation for integrating with enterprise identity systems such as LDAP and Active Directory, and role-based access control (RBAC) to control user permissions and application access.
 
-Keycloak integrates with web applications, APIs, Kubernetes platforms, microservices, and enterprise identity systems, making it ideal for securing cloud-native workloads.
-
-To learn more, see the official [Keycloak documentation](https://www.keycloak.org/documentation).
-
-Keycloak provides several important capabilities for authentication and security management. Its Single Sign-On (SSO) support lets users authenticate once and access multiple applications without logging in again. Centralized Identity Management means you can manage users, roles, groups, and authentication policies from a single platform, while OAuth2 and OpenID Connect support simplifies secure API and application authentication workflows.
-
-Keycloak also supports Multi-factor Authentication (MFA) for stronger account security, User Federation for integrating with enterprise identity systems such as LDAP and Active Directory, and Role-Based Access Control (RBAC) to control user permissions and application access.
+To learn more about Keycloak, see the official [Keycloak documentation](https://www.keycloak.org/documentation).
 
 In this Learning Path, you'll deploy Keycloak on an Azure Cobalt 100 Arm64 virtual machine and configure PostgreSQL as the backend database. You'll create realms, users, and OAuth2/OpenID Connect clients, then integrate a Flask application with Keycloak authentication.
 
 ## What you've learned and what's next
 
-You now understand why Azure Cobalt 100 and Keycloak are a strong combination for scalable authentication and identity management workloads. Next, you'll create the virtual machine that will run Keycloak and the Flask OAuth2 demo application throughout this Learning Path.
+You've now understood why Azure Cobalt 100 and Keycloak are a strong combination for scalable authentication and identity management workloads. You also learned how Keycloak provides support for centralized identity management.
+
+Next, you'll create a virtual machine on Azure that you'll use to run Keycloak and a Flask OAuth2 demo application.

content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/firewall.md

@@ -8,15 +8,15 @@ layout: learningpathall
 
 ## Configure external traffic for Keycloak and Flask application
 
-To allow external traffic for Keycloak and the Flask OAuth2 demo application on an Azure virtual machine, open the required ports in the Network Security Group (NSG). The NSG can be attached to the virtual machine's network interface or subnet.
+To allow external traffic for Keycloak and the Flask OAuth2 demo application on the Azure virtual machine, open the required ports in the network security group (NSG). 
 
 {{% notice Note %}}
 For more information about Azure setup, see [Getting started with Microsoft Azure Platform](/learning-paths/servers-and-cloud-computing/csp/azure/).
 {{% /notice %}}
 
 ### Add inbound firewall rules in Azure
 
-To expose the required ports for Keycloak and the Flask application, create firewall rules.
+To expose the required ports for Keycloak and the Flask application, create firewall rules:
 
 1. Navigate to the [Azure portal](https://portal.azure.com), go to **Virtual Machines**, and select your virtual machine.
 
@@ -69,6 +69,7 @@ You can now access:
 
 ## What you've learned and what's next
 
-You've now configured the Azure Network Security Group to allow incoming traffic for Keycloak and the Flask OAuth2 demo application.
+You've now configured the Azure network security group to allow incoming traffic for Keycloak and the Flask OAuth2 demo application.
+
+Next, you'll install Keycloak on the VM, configure PostgreSQL as the backend database, and validate OAuth2/OpenID Connect authentication workflows using a demo Flask application.
 
-Next, you'll deploy Keycloak, configure PostgreSQL integration, and validate OAuth2/OpenID Connect authentication workflows using the Flask application.

content/learning-paths/servers-and-cloud-computing/keycloak-cobalt/instance.md

@@ -1,36 +1,36 @@
 ---
-title: Create an Azure Cobalt 100 Arm64 virtual machine
+title: Create an Arm64 virtual machine powered by Azure Cobalt 100
 weight: 3
 
 ### FIXED, DO NOT MODIFY
 layout: learningpathall
 ---
 
-## Set up the Azure virtual machine
+## Set up an Arm-based Azure virtual machine
 
 In this section, you'll launch the Azure portal to create a virtual machine (VM) with the Arm-based Azure Cobalt 100 processor.
 
-This Learning Path focuses on general-purpose virtual machines in the Dpsv6 series. For more information, see the [Microsoft Azure guide for the Dpsv6 size series](https://learn.microsoft.com/en-us/azure/virtual-machines/sizes/general-purpose/dpsv6-series).
+You'll create a general-purpose VM in the Dpsv6 series. For more information about this series of VMs, see the [Microsoft Azure guide for the Dpsv6 size series](https://learn.microsoft.com/en-us/azure/virtual-machines/sizes/general-purpose/dpsv6-series).
 
-While the steps to create this instance are included here for convenience, you can also see [Deploy a Cobalt 100 virtual machine on Azure Learning Path](/learning-paths/servers-and-cloud-computing/cobalt/).
+For more detailed steps to create a VM, see the [Deploy a Cobalt 100 virtual machine on Azure Learning Path](/learning-paths/servers-and-cloud-computing/cobalt/).
 
-### Create an Arm-based virtual machine in the Azure portal
+### Use the Azure portal to create a virtual machine 
 
 To create an Azure virtual machine using the Azure portal:
 
 1. Launch the Azure portal and navigate to **Virtual Machines**.
 2. Select **Create**, and select **Virtual Machine** from the drop-down list.
-3. In the **Basic** tab, fill in the instance details such as **Virtual machine name** and **Region**.
+3. In the **Basic** tab, provide instance details such as **Virtual machine name** and **Region**.
 4. Select **Ubuntu Pro 24.04 LTS** as the image for your virtual machine, and select **Arm64** as the VM architecture.
 5. In the **Size** field, select **See all sizes** and select the D-Series v6 family of virtual machines.
-6. Select **D4ps_v6** from the list as shown in the diagram below:
+6. Select **D4ps_v6** from the list as shown in the following screenshot:
 
 ![Azure Portal showing D-Series v6 VM size selection with D4ps_v6 highlighted#center](images/instance.png "Select D4ps_v6 from the D-Series v6 family")
 
 7. For **Authentication type**, select **SSH public key**.
 
 {{% notice Note %}}
-Azure generates an SSH key pair for you and lets you save it for future use. This method is fast, secure, and easy for connecting to your virtual machine.
+Azure generates an SSH key pair for you that you can save for future use. This method is fast, secure, and easy for connecting to your VM.
 {{% /notice %}}
 
 8. Fill in the **Administrator username** for your VM.
@@ -41,7 +41,7 @@ RSA offers better security with keys longer than 3072 bits.
 {{% /notice %}}
 
 10. Give your SSH key a key pair name.
-11. In the **Inbound port rules**, select **HTTP (80)** and **SSH (22)** as the inbound ports, as shown in the following image:
+11. In the **Inbound port rules**, select **HTTP (80)** and **SSH (22)** as the inbound ports, as shown in the following screenshot:
 
 ![Azure Portal inbound port configuration showing SSH and HTTP selected. Check that the required access settings are in place before creating the virtual machine.#center](images/instance1.png "Configure inbound port rules for HTTP and SSH access")
 
@@ -53,11 +53,11 @@ RSA offers better security with keys longer than 3072 bits.
 
 ![Azure Portal showing Create button and SSH key download dialog#center](images/instance4.png "Download SSH key and create the virtual machine")
 
-Your virtual machine should be ready and running in a few minutes. You can SSH into the virtual machine using the private key, along with the public IP details.
+Your VM should be ready and running in a few minutes. You can SSH into the virtual machine using the private key, along with the public IP details.
 
 ![Azure Portal deployment result showing that the virtual machine was created successfully. Look for the successful deployment status and the connection details you will use to access the virtual machine in the next step.#center](images/final-vm.png "Successful VM deployment confirmation")
 
-{{% notice Note %}}To learn more about Arm-based virtual machines in Azure, see "Getting Started with Microsoft Azure" in [Get started with Arm-based cloud instances](/learning-paths/servers-and-cloud-computing/csp/azure/).{{% /notice %}}
+{{% notice Note %}}To learn more about Arm-based virtual machines in Azure, see the "Getting Started with Microsoft Azure" section in the [Get started with Arm-based cloud instances](/learning-paths/servers-and-cloud-computing/csp/azure/) Learning Path.{{% /notice %}}
 
 ### Connect to your virtual machine
 
@@ -71,6 +71,6 @@ Replace `<your-key-name>` with the name of your SSH key pair and `YOUR_PUBLIC_IP
 
 ## What you've accomplished and what's next
 
-You've created an Azure Cobalt 100 Arm64 virtual machine running Ubuntu 24.04 LTS with SSH authentication configured. The virtual machine is now ready for installing PostgreSQL, Keycloak, and the Flask OAuth2 demo application.
+You've now created an Azure Cobalt 100-based Arm64 virtual machine running Ubuntu 24.04 LTS with SSH authentication configured. The virtual machine is now ready for installing PostgreSQL, Keycloak, and the Flask OAuth2 demo application.
 
-Next, you'll install Keycloak on the VM, configure PostgreSQL as the backend database, and deploy a demo OAuth2/OpenID Connect application using Flask.
+Next, you'll set up firewall rules to allow external traffic for Keycloak and the demo Flask application.