Enhance the client node intro rel note with blog content

aimeeu · aimeeu · commit 54d5a35185a7 · 2025-11-24T16:19:20.000-06:00
diff --git a/content/nomad/v1.11.x/content/docs/architecture/cluster/node-identity.mdx b/content/nomad/v1.11.x/content/docs/architecture/cluster/node-identity.mdx
@@ -8,14 +8,20 @@ description: Nomad's node identity feature uniquely identities each Nomad client
 
 This page provides conceptual information about Nomad's node identity feature,
 which uniquely identities each Nomad client node and provides an authentication
-mechanism for nodes to make RPC calls to the Nomad servers. This feature does
-not replace mTLS.
+mechanism for nodes to make RPC calls to the Nomad servers. 
 
 The Nomad cluster gives every node a default identity once the cluster is able
 to fully support the feature with a defined lifetime. This node identity is a
 [JSON Web Token (JWT)][] that has been signed by the leader's keyring and is
 generated as part of the node's registration and heartbeat process.
 
+The node identity feature is like multi-factor authentication for your Nomad
+clusters. It does not replace mTLS but adds a second layer of security to
+prevent an unauthorized client from joining a Nomad cluster. Using a client
+introduction token gives you the added benefit of additional control over
+misconfigured clients trying to join the cluster. You can specify node names,
+node pools, and TTLs for the tokens you generate.
+
 ## Node identity claims
 
 Alongside the standard JWT claims such as `exp` (expiration time), `iat` (issued
diff --git a/content/nomad/v1.11.x/content/docs/release-notes/nomad/v1-11-x.mdx b/content/nomad/v1.11.x/content/docs/release-notes/nomad/v1-11-x.mdx
@@ -15,14 +15,28 @@ We are pleased to announce the following Nomad updates.
 
 Nomad's client node identity feature uniquely identities each Nomad client node
 and provides an authentication mechanism for nodes to make RPC calls to the
-Nomad servers. This feature does not replace mTLS.
+Nomad servers. 
 
 Introduce Nomad clients to the cluster with JWT tokens. Configure Nomad servers
 with introduction enforcement levels that dictate how clients join the cluster.
 This approach results in logs and metrics to detail introduction violations.
 Once registered, Nomad clients are now provided with an identity token, used for
 RPC communication which is periodically renewed.
 
+The client node introduction and identity feature is like multi-factor
+authentication for your Nomad clusters. It does not replace mTLS but adds
+a second layer of security to prevent an unauthorized client from joining a
+Nomad cluster. 
+
+Each layer answers a distinct question. 
+
+- Networking: Can the client reach the server?
+- mTLS: Does the client have valid certificates for the cluster?
+- Client introduction token: Does the client have a valid token to join the
+cluster?
+
+Using a client introduction token gives you the added benefit of additional control over misconfigured clients trying to join the cluster. You can specify node names, node pools, and TTLs for the tokens you generate.
+
 #### Relevant documentation
 
 - [Client node identity concepts](/nomad/docs/architecture/cluster/node-identity)
