Rework concepts

edge_management/edge_mgmt_arch.adoc

@@ -1,29 +1,29 @@
 [#edge-mgmt-arch]
 = Understanding the {rhem} architecture
 
-The {rhem} uses an agent-based architecture, which means that a {rhem} agent runs on each edge device that periodically communicates with the {rhem} service for device management and monitoring.
-The agent autonomously updates the device and reports the device status to the service.
+The {rhem} uses an agent-based architecture, which means that a {rhem} agent runs on each edge device.
+The devices periodically communicate with the {rhem} service through the agent.
+The agent autonomously handles device management and monitoring.
 This agent-based architecture allows for a scalable and robust device management under limited network conditions.
 
-The {rhem} service consists of the following components:
-
-* an API server that exposes both agent-facing and user-facing API endpoints
-* a PostgreSQL database for storing inventory and runtime information such as the current target configuration and the reported actual configuration
-* worker processes
+The {rhem} architecture has the following main concepts:
 
 Agent:: The {rhem} agent runs on each device. The agent periodically connects to the {rhem} service for monitoring and updates.
 Service:: The {rhem} service handles user and agent authentication and authorization, device enrollment and inventory, rolling out updates to devices, and rolling up status from devices.
+API server:: A part of the {rhem} service that exposes both agent-facing and user-facing API endpoints.
 Device:: A combination of a real or virtual machine, an operating system, and application workloads that function together to serve a specific purpose.
-Device Spec:: A specification of a state of the device that the user defines.
-Device Status:: A record of the state that the device is reported to actually have.
-Device Template:: A template for device specs that serves to control deviations between the configurations of devices.
+Device spec:: A specification of a state of the device that the user defines.
+Device status:: A record of the state that the device is reported to actually have.
+Device template:: A template for device specs that serves to control deviations between the configurations of devices.
 Fleet:: A group of devices governed by a common device template and common management policies.
+PostgreSQL database:: A database for storing inventory and runtime information, such as the current target configuration and the reported actual configuration.
+////
 Field Selector:: Filters and selectors for {rhem} objects based on the values of specific resource fields.
 Field selectors follow the same syntax, principles, and support the same operators as Kubernetes field and label selectors.
 Labels:: Organizers for devices and other resources.
 Label Selector:: Groups or filters for devices and other resources based on assigned labels.
+////
 
-[#edge-mgmt-api-server]
 == Understanding the {rhem} API server
 
 The {rhem} service communicates with various external systems to authenticate and authorize users, get mTLS certificates signed, or query configuration for managed devices.
@@ -36,7 +36,7 @@ Users must authenticate with the configured external authentication service to o
 Agent-facing API endpoint:: Agents connect to the agent-facing endpoint.
 The endpoint is mTLS-protected which means that the service authenticates the device based on its X.509 client certificates. 
 During enrollment, the device's unique certificate is bootstrapped based on hardware root of trust.
-The private key is protected by the Trusted Plaftom Module (TPM), therefore the client certificate cannot be used by another entity.
+The private key is protected by the Trusted Platform Module (TPM), therefore the client certificate cannot be used by another entity.
 Certificates are automatically rotated before they expire.
 
 [#edge-mgmt-agent]