mendix
diff --git a/‎content/en/docs/apidocs-mxsdk/apidocs/private-mendix-platform/pipeline-api.md‎
Lines changed: 26 additions & 0 deletions b/‎content/en/docs/apidocs-mxsdk/apidocs/private-mendix-platform/pipeline-api.md‎
Lines changed: 26 additions & 0 deletions
diff --git a/‎content/en/docs/deployment/mx-azure/mx-azure-support.md‎
Lines changed: 112 additions & 17 deletions b/‎content/en/docs/deployment/mx-azure/mx-azure-support.md‎
Lines changed: 112 additions & 17 deletions
diff --git a/‎content/en/docs/marketplace/platform-supported-content/modules/snowflake/snowflake-rest-sql.md‎
Lines changed: 1 addition & 1 deletion b/‎content/en/docs/marketplace/platform-supported-content/modules/snowflake/snowflake-rest-sql.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎content/en/docs/partners/siemens/3d-viewer/_index.md‎
Lines changed: 2 additions & 2 deletions b/‎content/en/docs/partners/siemens/3d-viewer/_index.md‎
Lines changed: 2 additions & 2 deletions
@@ -0,0 +1,26 @@
+---
+title: "Private Mendix Platform Pipeline API"
+url: /apidocs-mxsdk/apidocs/private-platform-pipeline-api/
+type: swagger
+description: "This API allows you to manage pipelines in Private Mendix Platform."
+restapi: true
+weight: 60
+linktitle: "Pipeline API"
+---
+
+{{% alert color="info" %}}
+This document is about [Private Mendix Platform](/private-mendix-platform/) API. This API is only available on instances of Private Mendix Platform. For [Mendix on Kubernetes](/developerportal/deploy/private-cloud/) API, see [Mendix on Kubernetes Build API](/apidocs-mxsdk/apidocs/private-cloud-build-api/) and [Mendix on Kubernetes Deploy API](/apidocs-mxsdk/apidocs/private-cloud-deploy-api/).
+{{% /alert %}}
+
+## Introduction
+
+The Private Mendix Platform Project API allows you to manage pipelines in Private Mendix Platform. You can use the API to do the following:
+
+* Get pipeline running information.
+* Set the current step status of the pipeline.
+* Create a pipeline for build or deployment.
+* Approve or reject a manual step of a waiting pipeline.
+
+## API Reference
+
+{{< swaggerui src="/openapi-spec/openapi-pipeline.yaml"  >}}
@@ -5,16 +5,37 @@ description: "Provides information about the support model for Mendix on Azure."
 weight: 30
 ---
 
-{{% alert color="info" %}}  
+{{% alert color="info" %}}
 To facilitate sharing this information with internal stakeholders, a downloadable PDF version is available [here](https://blob.mendix.technology/mxonazure/MXonAzure-Support-Policy-for-Mendix-on-Azure.pdf). If discrepancies arise between this document and the PDF, the PDF version takes precedence.  
 {{% /alert %}}
 
 ## Introduction
 
 This document outlines the technical support policies and limitations for Mendix on Azure, based on the shared responsibility model that underpins the offering.
 
+## Managed Nature of Mendix on Azure
+
+With Mendix on Azure, you get a managed service to host Mendix apps in an Azure subscription you own. The Mendix on Azure service is comprised of several underlying Azure services combined with three Mendix-specific components (the Mendix Runtime, Operator and Agent). Mendix deploys and operates all services and components within the scope of the Mendix on Azure service for you.
+
+Hosting Mendix apps on underlying Azure services you deploy and operate yourself (as can be done by adopting our Mendix on Kubernetes offering) provides you with the most low-level choice, control, and customization options with regards to these underlying services. By contrast, Mendix on Azure only provides you a relatively limited set of customization options with regards to these underlying services.
+
+In exchange, you do not need to worry about deploying or managing these underlying Azure services yourself. In this manner, Mendix onAzure provides you a turnkey solution for hosting Mendix apps on Azure.
+
+Mendix deploys and manages the following components and services as part of Mendix on Azure:
+
+* Azure Kubernetes Service with Managed NGINX Ingress Controller (app routing add-on)
+* Azure PostgreSQL Flexible Server and Azure PostgreSQL Flexible Server replica (if enabled)
+* Azure Container Registry
+* Azure Blob Storage
+* Azure Managed Grafana
+* Azure Managed Prometheus
+* Azure Virtual Network including Private Endpoints 
+* Mendix Runtime 
+* Mendix Operator
+* Mendix Agent
+
 {{% alert color="info" %}}  
-Before proceeding, familiarize yourself with the general Mendix support policies available in [Mendix Support](/support/).  
+These components are managed in the sense that Mendix deploys and operates them in such a manner that they work together to form a Mendix app hosting service. As a consequence, customers cannot alter these underlying components themselves beyond what is described in the next paragraphs.
 {{% /alert %}}
 
 ## Shared Responsibility Model for Mendix on Azure
@@ -27,7 +48,7 @@ Microsoft manages and secures the Azure services that underlie Mendix on Azure.
 
 * Compute - Azure Kubernetes Service (AKS)  
 * Storage - Azure Blob Storage, Azure Container Registry  
-* Database - PostgreSQL Flexible Server  
+* Database - PostgreSQL Flexible Server, Postgres replica
 * Networking - Virtual Networks, Load Balancer, Private Endpoints  
 * Monitoring - Managed Grafana and Prometheus  
 
@@ -51,13 +72,42 @@ Customers are accountable for developing, deploying, operating, integrating, and
 * Integrating - Securing integrations with backend services and IAM
 * Securing - Following Mendix best practices for secure apps
 
-## Available Customizations
+## Limited Customizabilty
+
+When a Mendix on Azure cluster is initialized, all components that are required to host Mendix apps are automatically deployed inside an Azure resource group in the subscription of your choosing. Regularly, Mendix and Microsoft will push all required updates to this resource group to ensure it remains compliant and secure. 
+
+In order to be able to push these updates to all Mendix on Azure customers in an automated, predictable and consistent manner, you as a customer are not able to modify any of these components directly in Azure nor can you influence this upgrade process. As a consequence, any customization beyond what is described below is not possible. 
+
+The following customizations are offered as self-service in the Mendix on Azure portal:
+
+* Apply custom tags to deployed Azure resources.
+* Set the Azure Kubernetes Service tier.
+* Set the VM type for the Azure Kubernetes agent node. 
+* Set the maximum node pool size (that is, the upper autoscaling limit) for the AKS agent.
+* Set the Azure for PostgreSQL Flexible server computing SKU and storage performance tier. 
+* Switch to internal load balancer exposure to enable apps that can only be reached privately.
+* Switch to internal Grafana exposure to prevent exposure to the public internet.
+* Change IP address prefix of the subnet hosting AKS nodes (only at initial deployment).
+
+The following customizations are related to establishing connectivity to and from other networks and Azure services. They can be done by the customer directly in the Microsoft Azure Portal:
+
+* Configure virtual network peerings with the subnet hosting AKS nodes.
+* Override DNS configuration on the subnet hosting AKS nodes.
+* Configure Private Link Service to expose Mendix apps in other Azure virtual networks.
+* Configure Private Endpoints to establish connectivity between Mendix apps and other services.
+
+Mendix limits customization to what is described above to ensure a consistent, predictable, and scalable customer experience.
+
+## Access to your Environment by Mendix
 
-During cluster initialization, all components needed to host Mendix apps are deployed automatically inside an Azure Resource Group you select. Mendix and Microsoft regularly apply mandatory automated updates to keep clusters compliant and secure.
+By deploying Mendix on Azure from the Azure Marketplace, you provide consent for Mendix to deploy and operate the resources required for Mendix on Azure in the chosen resource group. The mechanism used by Mendix to fulfil this access is provided by Microsoft - that is, publisher access to a Managed Application - and by definition limits the access Mendix has to your Azure subscription to the resources deployed. 
 
-Due to this automation, direct modification of these components in Azure or control over the upgrade process is not possible. Customizations are limited to options exposed via the Mendix on Azure, Microsoft Azure, and Mendix on Kubernetes portals. Current allowed customizations include those documented in the [Configuration section](/developerportal/deploy/mendix-on-azure/configuration/).
+Mendix will use this access for the following purposes:
 
-Any modifications outside this documented scope are not supported.
+* Initial initialisation of the cluster (as initiated by the customer from Mendix on Azure portal)
+* Pushing regular service updates (automatically, see description in the next paragraph)
+* Pushing ad-hoc emergency updates or configuration changes to avoid service disruptions (by exception and at discretion of Mendix) 
+* Troubleshooting incidents on behalf of the customer (after raising of a support ticket by the customer)
 
 ## Support Tickets
 
@@ -110,17 +160,25 @@ These automated upgrade cadences cannot be modified by customers.
 
 ## Mendix Support Coverage Examples
 
-The following scenarios are supported:
+### Example Supported Scenarios
 
-* Cluster initialization fails despite passing pre-flight checks.
-* Service availability issues are not resolvable through self-service recovery.
+Mendix provides technical support for the following example scenarios:
 
-The following scenarios are not supported:
+* Cluster initialization fails despite passing pre-flight validation checks.
+* The customer is experiencing service availability issues and is unable to recover the situation using the self-service recovery option.
 
-* Consultations on integrations with other Azure services outside the Mendix on Azure scope; consider Mendix Expert Services or partners for consultancy.
-* Configuration changes to Azure services beyond self-service options; Mendix on Kubernetes may offer more flexibility.
-* Customizations to Azure subscription resources beyond the supported scope.
-* Manual fixes for security vulnerabilities beyond the automated update cycles.
+### Example Unsupported Scenarios
+
+Mendix does not provide technical support in the following example scenarios: 
+
+* Requests about how to integrate with other Azure Services that are beyond the scope of the product. Such requests can be supported by Mendix Expert Services or Mendix (infra) partners as part of (paid) consultancy engagements. 
+* Requests to make configuration changes to underlying Azure services beyond what is offered as self-service in the Mendix on Azure and Mendix on Kubernetes Portal. Since such changes are not possible with this service, customer may consider to adopt Mendix on Kubernetes (formerly Mendix for Private Cloud) instead.
+* Requests for any other type of customization on the resources deployed in the customer's Azure subscription. Since such customization is not possible with this service, customer may consider to adopt Mendix for Kubernetes (formerly Mendix for Private Cloud) instead. 
+* Requests to fix security vulnerabilities in one of the managed components beyond what is automatically pushed during the weekly and quarterly update cycles.
+
+{{% alert color="warning" %}}  
+The state of the resources in the customer subscription nor overall service availability are proactively monitored by Mendix. As a consequence, any degradation in service will only reactively be addressed by Mendix after customer has notified Mendix of such degradation by filing a support ticket.
+{{% /alert %}}
 
 ## Customer Responsibilities for Mendix on Azure Resources
 
@@ -138,12 +196,49 @@ Mendix mitigates these impacts by:
 * Collaboration with Microsoft Support and engineering for upstream fixes  
 * Transparent communication and guidance on workarounds for affected customers  
 
+## Backup, Restore, Data Migration and Disaster Recovery
+
+Mendix on Azure provides the following features to allow customers to self-service their needs with regards to backup, restore, data migration, and disaster recovery: 
+
+* Mendix on Azure provides per-app environment snapshotting capabilities that allow customers to backup and restore all relevant app data from/to an environment via selfservice on the Mendix on Kubernetes  Portal. 
+* Mendix on Azure creates automated nightly backup snapshots for every Mendix app environment. 
+* All backup snapshots are stored in an Azure Storage Account hosted on the customer's Azure subscription. Mendix has prepared an emergency procedure which can be performed in collaboration with the customer in case the Azure Storage Account holding the backup snapshots is accidentally deleted from Azure. 
+* Individual backup snapshots can be downloaded and uploaded from and into a customer's Mendix on Azure environment by the customer under self-service through the Mendix on Kubernetes Portal. This provides the customer the ability to use such snapshots for disaster recovery scenarios as well as data migration scenarios to and from other deployment models. Mendix Expert Services is available to support customers in such scenarios, when desired.
+
 ## Compliance Frameworks
 
 Mendix on Azure aligns with SOC 2 Azure Policy automated controls. For more information, see [SOC 2 Type 2 Compliance Exceptions](/developerportal/deploy/mendix-on-azure/security-and-compliance/#soc2).
 
+| Service | Exception | Rationale |
+| --- | --- | --- |
+| Azure Kubernetes Service | [Azure Policy Addon for Kubernetes service (AKS) should be installed and enabled on your clusters](https://www.azadvertizer.net/azpolicyadvertizer 0a15ec92-a229-4763-bb14-0ea34a568f8d.html) | The cluster and all workloads are deployed and managed by Mendix so enforcing policy does not add any value. |
+| Azure Kubernetes Service | [Azure Kubernetes Service clusters should have Defender profile enabled](https://www.azadvertizer.net/azpolicyadvertizer/a1840de2-8088-4ea8-b153-b4c723e9cb01.html) | Defender is not enabled for costsaving reasons. |
+| Azure Kubernetes Service | [All Internet traffic should be routed via your deployed Azure Firewall](https://www.azadvertizer.net/azpolicyadvertizer/fc5e4038-4584-4632-8c85-c0448d374b2c.html) | This is not part of the product scope but can be added by the customer postdeployment. |
+| Azure Container Registry | [Container registries should be encrypted with a customer-managed key](https://www.azadvertizer.net/azpolicyadvertizer/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580.html) | The standard Microsoft key is used to enable deployment without key creation in Azure. |
+| Storage Account | [Storage accounts should use customer-managed key for encryption](https://www.azadvertizer.net/azpolicyadvertizer/6fac406b-40ca-413b-bf8e-0bf964659c25.html) | The standard Microsoft key is used to enable deployment without key creation in Azure. |
+
+## Severity Baselines for Support Tickets
+
+To ensure consistent and prioritised support, we classify issues based on the following severity levels:
+
+| SeverityLevel | Response Time | Resolution Time | Examples |
+| --- | --- | --- | --- |
+| Critical | Less than 2 office hours | Best effort | Production environment is inaccessible or severely impaired, preventing critical changes. Core application functionality is completely unavailable. |
+| High | Less than 8 office hours | Best effort | Inability to provision new clusters. Inability to modify existing clusters via the Mx on Azure portal. |
+| Medium | Next business day | Best effort | Non-production environments (Test or Acceptance) experience significant disruption to operational functionality. Operational functionality in production is moderately impacted but not critical. |
+| Low | Reasonable effort | Best effort | Minor issues with minimal impact on operational functionality. Cosmetic issues, minor performance degradation, or general inquiries. |
+
+## Off-boarding from the Service
+
+Customers can completely off-board from the service by deleting the Managed Application from their Azure subscription (for example by using the Azure Portal). This will immediately perform the following actions:
+
+* Remove all resources related to Mendix on Azure from the customer's subscription. 
+* Remove any access Mendix has to the customer's environment. 
+* Delete the cluster registration from the Mendix on Azure and Mendix on Kubernetes Portals. 
+* While Mendix does have an emergency procedure available to help revive an environment and restore data in case the Managed Application gets deleted by accident, it is a higheffort manual process requiring close collaboration between Mendix and the customer. Given this, we advise customers to exercise extreme caution when deleting the Managed Application from their Azure subscription to avoid the need of this emergency procedure to be executed.
+
 ## Known Limitations
 
-* Only apps on Mendix version 10.10 or later are supported; deployment for earlier versions will fail.
+* Only apps on Mendix version 10.10 or later are supported. Deployment for earlier versions will fail.
 * Certain Mendix on Kubernetes APIs (Create, Edit, or Delete cluster and namespace operations) are unavailable in Mendix on Azure due to managed architecture. Other APIs function normally.
-* Downtime or issues with Mendix on Kubernetes may affect Mendix on Azure availability (for example, cluster creation may notbe  possible).
+* Downtime or issues with Mendix on Kubernetes may affect Mendix on Azure availability (for example, cluster creation may not be  possible).
@@ -54,7 +54,7 @@ To use the Snowflake REST SQL connector, you must also install and configure the
 
 * [Community Commons](https://marketplace.mendix.com/link/component/170) – This module is a required dependency for the Snowflake REST SQL connector.
 * [Encryption](https://marketplace.mendix.com/link/component/1011) – This module is a required dependency for the Snowflake REST SQL connector. The EncryptionKey constant must be set up in your application settings.
-* GenAI Commons module ver. 3.x from the [GenAI For Mendix](https://marketplace.mendix.com/link/component/227931) bundle – This module is a required dependency for the Snowflake Cortex Analyst.
+* GenAI Commons module ver. 3.x from the [GenAI For Mendix](https://marketplace.mendix.com/link/component/227931) bundle – Only required for the Snowflake REST Connector version 2.x. This module is a required dependency for the Snowflake Cortex Analyst.
 
 {{% alert color="info" %}}
 The Snowflake REST SQL connector currently requires version 3.x of the GenAI Commons module. Newer versions of the module are not supported yet.
 
@@ -10,7 +10,7 @@ aliases:
 
 ## Introduction
 
-The [3D Viewer](https://marketplace.mendix.com/link/component/118345) service lets you upload, visualize, and operate on 3D files (JT, OBJ, glTF, and STL formats) in your web applications, using Mendix file storage to store models. The app service contains out-of-the-box Java actions, JavaScript actions, [domain models](/refguide/domain-model/), [nanoflows](/refguide/nanoflows/), [microflows](/refguide/microflows/), and a set of 3D widgets that enable you to build apps to work with 3D models. Also included are whole functionalities and integrations that can be very helpful when building your own 3D applications. All you need to do is drag and drop items and configure them.
+The [3D Viewer](https://marketplace.mendix.com/link/component/118345) service lets you upload, visualize, and operate on JT files in your web applications, using Mendix file storage to store models. The app service contains out-of-the-box Java actions, JavaScript actions, [domain models](/refguide/domain-model/), [nanoflows](/refguide/nanoflows/), [microflows](/refguide/microflows/), and a set of 3D widgets that enable you to build apps to work with 3D models. Also included are whole functionalities and integrations that can be very helpful when building your own 3D applications. All you need to do is drag and drop items and configure them.
 
 This app service does the heavy-lifting for you so you do not have to build a 3D-rendering engine from scratch.
 
@@ -63,7 +63,7 @@ The 3D Viewer app service includes a few 3D widgets. These are some limitations
 
 * One **Container3D** widget can only contain one **Viewer** widget. If multiple Viewer widgets are placed inside a Container3D widget, you will see error message in **Design mode**. 
 * The **Viewer** widget is used to display a 3D model. All other 3D widgets (except the **Uploader** and **Container3D** widgets) need a Viewer widget present on the page to interact with.
-* Currently, supports glTF, STL, OBJ, and JT (JT version 9 and above) formats.
+* Supports the JT format (version 9 and above).
 * Before uploading a shattered JT *.zip* file, make sure you are using UTF-8 encode to zip the JT files. For example, if you are using 7-Zip, make sure you enter *cu* in **Parameters**.
 
     {{< figure src="/attachments/partners/siemens/3d-viewer/shatteredjt-utf8.png" alt="shatteredjt-utf8" class="no-border" >}}