isolation doc and dedicated configuration guide

docs/spicedb-dedicated/audit-logging.md

@@ -10,7 +10,7 @@ Audit Logging allows you to capture a log of all API calls made to SpiceDB, and
 
 When enabled and properly configured, SpiceDB Enterprise will asynchronously log every API call made to it and emit a stream to your preferred log sink. The logs contain full details related to a request, including a hash of the API token, RPC, payload, request IP, response and any possible errors.
 
-For assistance in configuring Audit Logging please [contact us](/contact-us) or reach out to your dedicated account team.
+For assistance in configuring Audit Logging please [contact us](https://authzed.com/contact-us) or reach out to your dedicated account team.
 
 ## Supported Log Sink Types
 
@@ -20,4 +20,4 @@ Currently supported log sink types:
 - Kinesis
 - Firehose
 
-If you'd like to see additional log sinks please [contact us](/contact-us).
+If you'd like to see additional log sinks please [contact us](https://authzed.com/contact-us).

docs/spicedb-dedicated/dedicated-configuration.md

@@ -0,0 +1,54 @@
+# SpiceDB Dedicated Configuration
+
+The guide provides information about the configuration options available to you when deploying a SpiceDB Dedicated Permission System.
+
+## Configuration Options
+
+### Permission System Type
+
+<img src={require("/img/ps-type.png").default} alt="permission system type" />
+
+Please select the choice (Production or Development) that is appropriate for the Permission System you are deploying. This choice will not effect the performance or security of your Permission System, but may have impact your Permission System in the future, so please choose appropriately.
+
+### Datastore
+
+<img src={require("/img/datastore-config.png").default} alt="datastore configuration" />
+
+Your SpiceDB Dedicated environment can be provisioned with multiple isolated databases. If you have more than one, choose the database that is appropriate for the Permission System you are deploying.
+
+### Update Channel
+
+<img src={require("/img/channels-config.png").default} alt="channels config" />
+
+SpiceDB Dedicated has two update channels: `rapid` and `regular` . You can select the update channel either when you launch the Permission System or in the settings page after you’ve launched it.
+
+`rapid` - gets every release that is not a release candidate.
+
+`regular` - trails behind `rapid` by at least one release.
+
+After you’ve deployed your Permission System, you can choose to keep up to date with a channel automatically, or you can “pin” to a version by un-checking the automatic updates box. If you uncheck the automatic release box, you’ll still be able to update, but will have to pick the next version manually.
+
+### Rollout Strategy
+
+<img src={require("/img/rollout-strategy.png").default} alt="rollout strategy" />
+
+There are two rollout strategies: `rolling update` and `immediate`.
+
+- `rolling update` is a zero downtime strategy for upgrading to a new version. This is recommended for prod permission systems.
+- `immediate` involves downtime, but is faster than `rolling update`.
+
+### Define Cluster(s)
+
+<img src={require("/img/define-clusters.png").default} alt="define clusters" />
+
+#### Single region deployment
+
+If you are deploying a single region Permission System, define a single cluster.
+
+#### Multi-region deployment
+
+Define a cluster for every region you want to deploy into.
+
+#### Cluster Class
+
+For production clusters, we recommend selecting the Cluster Class with the largest number of replicas and processing units. For non-production clusters, you can select whatever Cluster Class is appropriate for your workload. If you have questions about your overall utilization or would like to provision a custom Cluster Class, please reach out to your Authzed account team.

docs/spicedb-dedicated/dedicated-isolation.md

@@ -0,0 +1,11 @@
+# SpiceDB Dedicated Isolation
+
+SpiceDB Dedicated isolates your workloads from other customers. Cloud accounts, compute resources, databases, and networking are all dedicated to you.
+
+Additionally, SpiceDB allows you to deploy multiple isolated Permissions Systems into a single SpiceDB Dedicated environment. Each Permissions Systems has it’s own schema and set of relationships. Also, these Permissions Systems impose memory and CPU limits so one Permissions System can’t crowd out another Permissions System.
+
+By default, API tokens are scoped to a particular Permissions System. [Fine Grained Access Management (FGAM)](/spicedb-dedicated/fgam.md) can take this farther by restricting API tokens to specified APIs, object types, or object IDs.
+
+The below diagram gives an overview of the SpiceDB Dedicated isolation model.
+
+<img src={require("/img/dedicated-isolation.png").default} alt="dedicated isolation model" />

docs/spicedb-dedicated/overview.md

@@ -20,7 +20,7 @@ Please [schedule a call](https://authzed.com/call) to learn more.
 
 ## How is SpiceDB Dedicated deployed?
 
-AuthZed provisions and manages an environment for you in a private account within  our cloud provider organization. It comes with everything needed to run single and multi-region SpiceDB Permissions Systems in a cloud of your choice. We support AWS and GCP today, with Azure support coming. All resources are fully isolated and dedicated to you.
+AuthZed provisions and manages an environment for you in a private account within  our cloud provider organization. It comes with everything needed to run single and multi-region SpiceDB Permissions Systems in a cloud of your choice. We support AWS and GCP today, with Azure support coming. [All resources are fully isolated and dedicated to you.](/spicedb-dedicated/dedicated-isolation.md)
 
 ## Pricing
 

sidebars.js

@@ -59,6 +59,8 @@ module.exports = {
         'spicedb-dedicated/overview',
         'spicedb-dedicated/fgam',
         'spicedb-dedicated/audit-logging',
+        'spicedb-dedicated/dedicated-configuration',
+        'spicedb-dedicated/dedicated-isolation',
         {
           type: 'category',
           label: 'Networking',