document updates

README.md

@@ -1,36 +1,36 @@
 # Orthweb - Orthanc Solution on AWS
-<a href="https://www.orthanc-server.com/"><img style="float" align="right" src="docs/assets/images/orthanc_logo.png"></a>
+<a href="https://www.orthanc-server.com/"><img style="float" align="right" src="docs/assets/images/orthanc_logo.png" width="200"></a>
 
 
 [![Linux](https://img.shields.io/badge/Linux-FCC624?logo=linux&logoColor=black)](https://aws.amazon.com/amazon-linux-2)
 [![Docker](https://img.shields.io/badge/docker-%230db7ed.svg?logo=docker&logoColor=white)](https://www.docker.com/)
 [![Postgres](https://img.shields.io/badge/postgres-%23316192.svg?logo=postgresql&logoColor=white)](https://www.postgresql.org/)
 [![Nginx](https://img.shields.io/badge/nginx-%23009639.svg?&logo=nginx&logoColor=white)](https://nginx.org/en/index.html)
-![Keycloak](https://img.shields.io/badge/Keycloak-4D4D4D?logo=keycloak&logoColor=white&style=flat)
+[![Keycloak](https://img.shields.io/badge/Keycloak-4D4D4D?logo=keycloak&logoColor=white&style=flat)](https://www.keycloak.org/)
+[![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
 
 [![Terraform](https://img.shields.io/badge/terraform-%235835CC.svg?logo=terraform&logoColor=white)](https://www.terraform.io/)
 [![Amazon EC2](https://img.shields.io/badge/Amazon%20EC2-F90?logo=amazonec2&logoColor=white&style=flat)](https://aws.amazon.com/ec2/)
 [![Amazon S3](https://img.shields.io/badge/Amazon%20S3-569A31?logo=amazons3&logoColor=white&style=flat)](https://aws.amazon.com/s3/)
 [![Amazon RDS](https://img.shields.io/badge/Amazon%20RDS-527FFF?logo=amazonrds&logoColor=white&style=flat)](https://aws.amazon.com/rds/postgresql/)
 
-[![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
-[![Latest Release](https://img.shields.io/github/v/release/digihunch/orthweb)](https://github.com/digihunch/orthweb/releases/latest) 
 
 ## Overview
 
 The **[Orthweb](https://github.com/digihunch/orthweb)** project helps imaging IT staff build an **[Orthanc](https://www.orthanc-server.com/)** solution on AWS. The project addresses the cloud foundation and configuration management to host the Orthanc application. Follow to the [documentation](https://digihunch.github.io/orthweb/) for instructions and architecture discussions. 💪 Let's automate medical imaging!
 
-Orthanc handles sensitive data and must operate on a secure cloud platform. Typically, large organizations can afford specialized IT resources to build enterprise-scale cloud foundations. This cloud foundation is known as a [landing zone](https://www.digihunch.com/2022/12/landing-zone-in-aws/). Each department in the organization is allocated with a segment of the landing zone (e.g. an VPC), to deploys their own applications. 
+Imaging systems like Orthanc handle sensitive data and must operate on secure cloud platforms. Typically, large organizations dedicate specialized IT resources to build enterprise-scale cloud foundations. This cloud foundation is known as a [landing zone](https://www.digihunch.com/2022/12/landing-zone-in-aws/). In the landing zone, each business line of the organization is allocated with a segment (e.g. an VPC), to deploy their own applications. 
 
-In reality, many Orthanc users are small entities (e.g. startups, research groups, independent clinics, etc) without an overarching cloud strategy. They need a secure and scalable cloud foundation to leverage Orthanc. To close this gap, we propose a cloud-based Orthanc solution to address the cloud foundation and configuration management, and [created](https://www.digihunch.com/2020/11/medical-imaging-web-server-deployment-pipeline/) the **Orthweb** project. 
+In reality, many Orthanc users are small teams without overarching cloud strategies from their parent organizations. They are startups, research departments, independent clinics, and so on. They need equally secure and scalable cloud foundations to leverage Orthanc. To close this gap, we propose a cloud-based Orthanc solution to address the cloud foundation and configuration management, and [created](https://www.digihunch.com/2020/11/medical-imaging-web-server-deployment-pipeline/) the **Orthweb** project to implement it. 
 
-<img align="middle" src="docs/assets/images/Overview.png">
-<br/><br/>
+  ![Diagram](docs/assets/images/Overview.png)
+
+For cloud foundation, **Orthweb** project uses **Terraform** template (an infrastructure-as-code technology) to provision a self-contained infrastrcture stack in a single AWS account, without relying upon established network infrastructure. The infrastructure layer provisioned in this project contains a single VPC with multiple subnets, along with useful VPC endpoints. The infrastructure layer also contains encryption keys, managed database service and S3 storage. The infrastrcture footprint is small but secure, aiming to comply with regulatory requirements such as HIPPA. However, regulatory auditing is the responsibility of the Orthanc adopter. 
 
-For cloud foundation, **Orthweb** project uses **Terraform** template (an infrastructure-as-code technology) provisions its own self-contained infrastrcture stack in a single AWS account. It does not rely upon an established network infrastructure platform. The network infrastructure layer provisioned in this project contains a single VPC with multiple subnets, along with required endpoints. The infrastructure layer also contains encryption keys, managed database service and S3 storage. The infrastrcture footprint is small but secure. It aims to comply with regulatory requirements such as HIPPA. However, regulatory auditing is the responsibility of the Orthanc adopter. For configuration management, **Orthweb** leverages cloud-init [user data](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html) and `makefile` to configure the servers upon initialization. The artifact to install **Orthanc** is stored in the [orthanc-config](https://github.com/digihunchinc/orthanc-config) repository. 
+In addition to cloud resource provisioning, the **Orthweb** project also streamles the installation and configuration of Orthanc solution, by proposing a paradign for Orthanc configuration management. The project leverages cloud-init [user data](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html) and `makefile` to configure the servers during the initialization process at the end of cloud resource provisioning. The artifact to install **Orthanc** is stored in the [orthanc-config](https://github.com/digihunchinc/orthanc-config) repository, for users to fork and customize.
 <br/><br/>
 
-The project architecture also takes into account other operational aspects, such as high availability, resiliency and automation in the configuration of **Orthanc** application with Docker, using the official [Orthanc image](https://hub.docker.com/r/orthancteam/orthanc). For those considering hosting Orthanc on Kubernetes, check out our sister project [Korthweb](https://github.com/digihunch/korthweb).
+The project uses the official [Orthanc image](https://hub.docker.com/r/orthancteam/orthanc) and orchestrate the application containers with Docker daemon on EC2 instances. For those considering hosting Orthanc on Kubernetes, check out our sister project [Korthweb](https://github.com/digihunch/korthweb).
 
 ## Partners
 <a href="https://www.yorku.ca/health"><img align="left" src="docs/assets/images/yorku-logo.jpg" style="width: 20%;"></a> <br><br>

docs/design/deviceconnectivity.md

@@ -7,7 +7,7 @@ As a result, users should not send DICOM images from modalities over the Interne
 ## Private Network Connection
 At network infrastructure level, the organzation may build a AWS Direct Connect connection with AWS. Requirement for such network connection should be reviewed with the network team of the organization, and require collaboration of multiple teams.
 
-![Diagram](../assets/images/private-connection.png)
+  ![Diagram](../assets/images/private-connection.png)
 
 Instead of private physical connection, user may build a private connection over the Internet using VPN.
 
@@ -30,6 +30,6 @@ Once the VPC client software (OpenVPN or AWS VPN client) is configured and conne
 ## Use a DICOM proxy
 The organization may consider running a local DICOM proxy. The proxy receives images from modality in the clear, and forwards the images over the Internet to Orthanc. Unlike the modality application, such proxy applications usually come with full support of TLS. There are not many open-source options. An on-prem instance of Orthanc can be configured to act as a DICOM proxy.
 
-![Diagram](../assets/images/dicom-proxy.png)
+  ![Diagram](../assets/images/dicom-proxy.png)
 
 In this configuration the DICOM port should also open. Use security group to restrict where the port can receive traffic.

docs/design/infrastructure.md

@@ -5,7 +5,7 @@ The Orthweb proposes a reference architecture to host Orthanc on AWS. The refere
 
 The architecure includes a VPC that spans across two availability zones (AZs). Each AZ has a public and a private subnet. Each public subnet stands one EC2 instance, with a public IP address routable from the Internet. The Reference Architecture is illustrated in the diagram below:
 
-![Diagram](../assets/images/Orthweb.png)
+  ![Diagram](../assets/images/Orthweb.png)
 
 The two EC2 instances operates active-active, each with its own public IP. There are more options to manage application traffic and they are discussed separately in the section. The instances listens for DICOM (over TLS) and HTTPS traffic on TCP port `11112` and `443`. 
 

docs/design/ingress.md

@@ -1,4 +1,3 @@
-
 Ingress traffic management concerns with how external web traffic (and possibly DICOM traffic) reach the network interface of Orthanc EC2 instances. 
 
 The Orthweb solution does not provide a prescriptive design pattern or implementation for ingress traffic management. This is because the requirements in this area often vary so significantly that no two organizations share the same design. 
@@ -8,7 +7,7 @@ This section discusses some possible customization options for ingress traffic m
 ## Out-of-box Configuration
 The out-of-box configuration functions without ingress traffic management service. However, it comes with two difference DNS names, one for each EC2 instance, as illustrated below:
 
-![Diagram](../assets/images/AppTraffic0.png)
+  ![Diagram](../assets/images/AppTraffic0.png)
 
 In this configuration, each EC2 instance lives in a separate availability zone. Both are connected to the same database (RDS) instance and storage (S3). In the event of an EC2 instance failure, the other instance is available. User may also choose to stop one of the instances for lower cost.
 
@@ -22,7 +21,7 @@ To bring the solution to produciton, it is recommended to introduce additional c
 ## Use Domain Naming Service (DNS)
 Consider introducing a DNS service to point to both EC2 instances. The DNS resolution result determins which EC2 instance the client connects to. So each EC2 instance must still open 443 and 11112 ports. This pattern is illustrated as below:
 
-![Diagram](../assets/images/AppTraffic1.png)
+  ![Diagram](../assets/images/AppTraffic1.png)
 
 In this pattern, the DNS can resolves to the public DNS name for both EC2 instances. The result of DNS resolution can rotate, round robin or based on availability. In this option you will bring your own DNS name, and manage your own TLS certificate, instead of using the self-signed certificate provisioned during automation.
 
@@ -31,7 +30,7 @@ It is also possible to integrate with Content Delivery Network (CDN, such as Clo
 ## Use Load Balancer (NLB or ALB)
 As cost allows, consider placing a network load balancer in front of the EC2 instances. We would be able to configure the network load balancer so it automatically sends the traffic to a functional EC2 instance, thereby eliminating the manual fail over procedure. This pattern is illustrated as below:
 
-![Diagram](../assets/images/AppTraffic2.png)
+  ![Diagram](../assets/images/AppTraffic2.png)
 
 This configuration has several advantages. The security group of the EC2 instances can be narrowed down to only open to the load balancer. You can use Application Load Balancer or Network Load Balancer in AWS. The former supports integration with Web Application Firewall but only for HTTPS traffic. The latter supports both DICOM and HTTPS traffic. Both options supports integration with AWS Certificate Manager to automatically manage TLS certificate. 
 

docs/index.md

@@ -1,33 +1,33 @@
 # Orthweb - Orthanc Solution on AWS
-<a href="https://www.orthanc-server.com/"><img style="float" align="right" src="assets/images/orthanc_logo.png"></a>
+<a href="https://www.orthanc-server.com/"><img style="float" align="right" src="assets/images/orthanc_logo.png" width="200"></a>
 
 
 [![Linux](https://img.shields.io/badge/Linux-FCC624?logo=linux&logoColor=black)](https://aws.amazon.com/amazon-linux-2)
 [![Docker](https://img.shields.io/badge/docker-%230db7ed.svg?logo=docker&logoColor=white)](https://www.docker.com/)
 [![Postgres](https://img.shields.io/badge/postgres-%23316192.svg?logo=postgresql&logoColor=white)](https://www.postgresql.org/)
 [![Nginx](https://img.shields.io/badge/nginx-%23009639.svg?&logo=nginx&logoColor=white)](https://nginx.org/en/index.html)
-![Keycloak](https://img.shields.io/badge/Keycloak-4D4D4D?logo=keycloak&logoColor=white&style=flat)
+[![Keycloak](https://img.shields.io/badge/Keycloak-4D4D4D?logo=keycloak&logoColor=white&style=flat)](https://www.keycloak.org/)
+[![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
 
 [![Terraform](https://img.shields.io/badge/terraform-%235835CC.svg?logo=terraform&logoColor=white)](https://www.terraform.io/)
 [![Amazon EC2](https://img.shields.io/badge/Amazon%20EC2-F90?logo=amazonec2&logoColor=white&style=flat)](https://aws.amazon.com/ec2/)
 [![Amazon S3](https://img.shields.io/badge/Amazon%20S3-569A31?logo=amazons3&logoColor=white&style=flat)](https://aws.amazon.com/s3/)
 [![Amazon RDS](https://img.shields.io/badge/Amazon%20RDS-527FFF?logo=amazonrds&logoColor=white&style=flat)](https://aws.amazon.com/rds/postgresql/)
 
-[![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
-[![Latest Release](https://img.shields.io/github/v/release/digihunch/orthweb)](https://github.com/digihunch/orthweb/releases/latest) 
 
 ## Overview
 
 The **[Orthweb](https://github.com/digihunch/orthweb)** project helps imaging IT staff build an **[Orthanc](https://www.orthanc-server.com/)** solution on AWS. The project addresses the cloud foundation and configuration management to host the Orthanc application. Follow to the [documentation](https://digihunch.github.io/orthweb/) for instructions and architecture discussions. 💪 Let's automate medical imaging!
 
-Orthanc handles sensitive data and must operate on a secure cloud platform. Typically, large organizations can afford specialized IT resources to build enterprise-scale cloud foundations. This cloud foundation is known as a [landing zone](https://www.digihunch.com/2022/12/landing-zone-in-aws/). Each department in the organization is allocated with a segment of the landing zone (e.g. an VPC), to deploys their own applications. 
+Imaging systems like Orthanc handle sensitive data and must operate on secure cloud platforms. Typically, large organizations dedicate specialized IT resources to build enterprise-scale cloud foundations. This cloud foundation is known as a [landing zone](https://www.digihunch.com/2022/12/landing-zone-in-aws/). In the landing zone, each business line of the organization is allocated with a segment (e.g. an VPC), to deploy their own applications. 
 
-In reality, many Orthanc users are small entities (e.g. startups, research groups, independent clinics, etc) without an overarching cloud strategy. They need a secure and scalable cloud foundation to leverage Orthanc. To close this gap, we propose a cloud-based Orthanc solution to address the cloud foundation and configuration management, and [created](https://www.digihunch.com/2020/11/medical-imaging-web-server-deployment-pipeline/) the **Orthweb** project. 
+In reality, many Orthanc users are small teams without overarching cloud strategies from their parent organizations. They are startups, research departments, independent clinics, and so on. They need equally secure and scalable cloud foundations to leverage Orthanc. To close this gap, we propose a cloud-based Orthanc solution to address the cloud foundation and configuration management, and [created](https://www.digihunch.com/2020/11/medical-imaging-web-server-deployment-pipeline/) the **Orthweb** project to implement it. 
 
-<img align="middle" src="assets/images/Overview.png">
-<br/><br/>
+  ![Diagram](assets/images/Overview.png)
+
+For cloud foundation, **Orthweb** project uses **Terraform** template (an infrastructure-as-code technology) to provision a self-contained infrastrcture stack in a single AWS account, without relying upon established network infrastructure. The infrastructure layer provisioned in this project contains a single VPC with multiple subnets, along with useful VPC endpoints. The infrastructure layer also contains encryption keys, managed database service and S3 storage. The infrastrcture footprint is small but secure, aiming to comply with regulatory requirements such as HIPPA. However, regulatory auditing is the responsibility of the Orthanc adopter. 
 
-For cloud foundation, **Orthweb** project uses **Terraform** template (an infrastructure-as-code technology) provisions its own self-contained infrastrcture stack in a single AWS account. It does not rely upon an established network infrastructure platform. The network infrastructure layer provisioned in this project contains a single VPC with multiple subnets, along with required endpoints. The infrastructure layer also contains encryption keys, managed database service and S3 storage. The infrastrcture footprint is small but secure. It aims to comply with regulatory requirements such as HIPPA. However, regulatory auditing is the responsibility of the Orthanc adopter. For configuration management, **Orthweb** leverages cloud-init [user data](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html) and `makefile` to configure the servers upon initialization. The artifact to install **Orthanc** is stored in the [orthanc-config](https://github.com/digihunchinc/orthanc-config) repository. 
+In addition to cloud resource provisioning, the **Orthweb** project also streamles the installation and configuration of Orthanc solution, by proposing a paradign for Orthanc configuration management. The project leverages cloud-init [user data](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html) and `makefile` to configure the servers during the initialization process at the end of cloud resource provisioning. The artifact to install **Orthanc** is stored in the [orthanc-config](https://github.com/digihunchinc/orthanc-config) repository, for users to fork and customize.
 <br/><br/>
 
-The project architecture also takes into account other operational aspects, such as high availability, resiliency and automation in the configuration of **Orthanc** application with Docker, using the official [Orthanc image](https://hub.docker.com/r/orthancteam/orthanc). For those considering hosting Orthanc on Kubernetes, check out our sister project [Korthweb](https://github.com/digihunch/korthweb).
+The project uses the official [Orthanc image](https://hub.docker.com/r/orthancteam/orthanc) and orchestrate the application containers with Docker daemon on EC2 instances. For those considering hosting Orthanc on Kubernetes, check out our sister project [Korthweb](https://github.com/digihunch/korthweb).