update install guide ova

docs/installation_guide_ova.md

@@ -1,6 +1,6 @@
 # Installing and Configuring Harbor on vSphere as Virtual Appliance
 
-This guide walks you through the steps about installing and configuring Harbor on vSphere as an virtual appliance (OVA). If you are installing Harbor on a Linux host, refer to this **[Installation Guide](installation_guide.md)**.
+This guide walks you through the steps about installing and configuring Harbor on vSphere as an virtual appliance. If you are installing Harbor on a Linux host, refer to this **[Installation Guide](installation_guide.md)**.
 
 ## Prerequisites
 * vCenter 5.5+ and at least an ESX host. 
@@ -10,21 +10,21 @@ This guide walks you through the steps about installing and configuring Harbor o
 ## Planning for installation
 
 ### User management  
-By default, Harbor stores user information in an internal database. Harbor can also be configured to authenticate against an external LDAP or AD server. The proper **authentication mode** must be set at the deployment time. 
+By default, Harbor stores user information in an internal database. Harbor can also be configured to authenticate against an external LDAP or AD server. For LDAP/AD authentication, the **Authentication Mode** property must be set to *ldap_auth* at the deployment time. 
 
-**NOTE: This mode cannot be changed after the first boot of Harbor.**
+**NOTE:** This mode cannot be changed after the first boot of Harbor.
 
 ### Security 
 
-By default, Harbor uses HTTPS for secure communication. A self-signed certificate is generated at first boot. A Docker client or a VCH (Virtual Container Host) needs to trust Harbor's CA certificate in order to interact with Harbor. 
+By default, Harbor uses HTTPS for secure communication. A self-signed certificate is generated at first boot. A Docker client or a VCH (Virtual Container Host) needs to trust the certificate of Harbor's CA in order to interact with Harbor. 
 
 The self-generated certificate can be replaced by supplying a certificate signed by other CAs in OVA's settings. 
 
-Harbor can be configured to use plain HTTP for  some environments like testing or continuous integration (CI). However, it is **NOT** recommended to use HTTP for production because the communication is never secure.
+Harbor can be configured to use plain HTTP for some environments such as testing and continuous integration (CI). However, it is **NOT** recommended to use HTTP for production because the communication is never secure.
 
 ### Networking
 
-Harbor can obtain IP address by DHCP. This is convenient for testing purpose. For a production system, it is recommended that static IP address be used.
+Harbor can obtain IP address by DHCP. This is convenient for testing purpose. For a production system, it is recommended that static IP address and host name be used.
 
 
 ## Installation
@@ -83,7 +83,8 @@ Harbor can obtain IP address by DHCP. This is convenient for testing purpose. Fo
 
  * Security
  
-    If HTTPS is enabled, a self-signed certificate is generated by default. To supply your own certificate, please fill in **SSL Cert** and **SSL Cert Key**. Do not use HTTP in any production system.
+    If HTTPS is enabled, a self-signed certificate is generated by default. To supply your own certificate, please fill in **SSL Cert** and **SSL Cert Key**. Do not use HTTP in any production system.  **Notes:** If you want to enable HTTPS with your own self-signed certificate, refer to the "Getting a certificate" part of this **[guide](https://github.com/vmware/harbor/blob/master/docs/configure_https.md#getting-a-certificate)** for creating a certificate.  
+
  
 	* **Protocol**: The protocol for accessing Harbor. Warning: setting it to http makes the communication insecure.
 	* **SSL Cert**: Paste in the content of a certificate file. Leave blank for a generated self-signed certificate.
@@ -109,8 +110,6 @@ Harbor can obtain IP address by DHCP. This is convenient for testing purpose. Fo
 	* **Network 1 IP Address**: The IP address of this interface. Leave blank if DHCP is desired.
 	* **Network 1 Netmask**: The netmask or prefix for this interface. Leave blank if DHCP is desired.
 
- **Notes:** If you want to enable HTTPS with a self-signed certificate created manually, refer to the "Getting a certificate" part of this [guide](https://github.com/vmware/harbor/blob/master/docs/configure_https.md#getting-a-certificate) for generating a certificate.  
-
  After you complete the properties, click "Next".  
 
 10. Review your settings and click "Finish" to complete the deployment.  
@@ -126,14 +125,17 @@ Harbor can obtain IP address by DHCP. This is convenient for testing purpose. Fo
 ## Getting Certificate of Harbor's CA
 
 By default, Harbor uses a self-signed certificate in HTTPS. A Docker client or a VCH needs to trust Harbor's CA certificate in order to interact with Harbor. 
-To download Harbor's CA certificate and import into a Docker client, follow the below steps:
+To download the certificate of Harbor's CA and import into a Docker client, follow the below steps:
 
 1. Log in Harbor's UI as an admin user.
-2. Click on the admin's name and select **About** from drop-down menu. 
+2. Click on the admin's name at the upper left corner and select **"About"** from the drop-down menu. 
 3. Click on the **Download** link to save the certificate file as `ca.crt`.
-4. Transmit the certificate file to a Docker host, put it under the below directory, you may need to create the directory if it does not exist:
+ 
+ ![ova](img/ova/downloadcert.png)
+ 
+4. Copy the certificate file to a Docker host, put it under the below directory. Place **host_name_or_IP_of_Harbor** with the actual host name or IP address of Harbor instance. You may need to create the directory if it does not exist:
    ```
-      /etc/docker/certs.d/<host_name_or_IP_of_Harbor>/ca.crt
+      /etc/docker/certs.d/host_name_or_IP_of_Harbor/ca.crt
    ```
 5. Restart Docker service.
 6. Run `docker login` to verify that HTTPS is working.