diff --git a/source/vendor/deciso/images/OPNcentral_provisioning_host_classes_setup.png b/source/vendor/deciso/images/OPNcentral_provisioning_host_classes_setup.png
new file mode 100644
index 00000000..198fc8af
Binary files /dev/null and b/source/vendor/deciso/images/OPNcentral_provisioning_host_classes_setup.png differ
diff --git a/source/vendor/deciso/images/OPNcentral_provisioning_status.png b/source/vendor/deciso/images/OPNcentral_provisioning_status.png
new file mode 100644
index 00000000..a798dbe9
Binary files /dev/null and b/source/vendor/deciso/images/OPNcentral_provisioning_status.png differ
diff --git a/source/vendor/deciso/images/OPNcentral_service_status_overview.png b/source/vendor/deciso/images/OPNcentral_service_status_overview.png
new file mode 100644
index 00000000..df8591fa
Binary files /dev/null and b/source/vendor/deciso/images/OPNcentral_service_status_overview.png differ
diff --git a/source/vendor/deciso/images/OPNcentral_status_toupdate.png b/source/vendor/deciso/images/OPNcentral_status_toupdate.png
index 181630a0..e2e9ea1e 100644
Binary files a/source/vendor/deciso/images/OPNcentral_status_toupdate.png and b/source/vendor/deciso/images/OPNcentral_status_toupdate.png differ
diff --git a/source/vendor/deciso/images/OPNcentral_status_uptodate.png b/source/vendor/deciso/images/OPNcentral_status_uptodate.png
index aad97b19..92ff8b51 100644
Binary files a/source/vendor/deciso/images/OPNcentral_status_uptodate.png and b/source/vendor/deciso/images/OPNcentral_status_uptodate.png differ
diff --git a/source/vendor/deciso/opncentral.rst b/source/vendor/deciso/opncentral.rst
index b7ed33f4..18267f57 100644
--- a/source/vendor/deciso/opncentral.rst
+++ b/source/vendor/deciso/opncentral.rst
@@ -41,33 +41,14 @@ the url from the machine and the API key and secret generated above.
:width: 100%
-Machine status / upgrade
-----------------------------
-
-All connected and enabled machines can be contacted using the :menuselection:`Management->Status` page, when visiting the
-page all connected machines will automatically be contacted to report their status and installed version.
-
-.. image:: images/OPNcentral_status_toupdate.png
- :width: 100%
-
-When an update is available, it will be shown in the list, including if this upgrade requires a reboot. The upgrade button starts
-the upgrade procedure, but will only upgrade machines that will require a reboot if **Enable reboot** is checked.
-
-.. Tip::
-
- .. raw:: html
-
- Use the refresh button to request status again.
-
-
-The upgrade wheel starts spinning when an upgrade was requested, since the upgrade itself can consume some time, you can revisit the
-status page later (or press refresh) to show the new status.
-
Connect to managed machine
----------------------------------
-Every connected node is shown with a link which opens in a new tab when clicking, in the example below that would be :code:`https://node1.opnsense.local`.
+On various management pages there are direct links available to login to the firewall in question.
+Usually connected nodes are shown with a link which opens in a new tab when clicking.
+
+The example below shows a link in the firmware status page which will open :code:`https://node1.opnsense.local`.
.. image:: images/OPNcentral_status_uptodate.png
:width: 100%
@@ -89,3 +70,106 @@ user:
Make sure your browser trusts the remote node otherwise the browser can't access the machine and will signal an issue with the
software version.
+
+
+Machine firmware status / upgrade
+----------------------------------------------------
+
+All connected and enabled machines can be contacted using the :menuselection:`Management->Status` page, when visiting the
+page all connected machines will automatically be contacted to report their status and installed version.
+
+.. image:: images/OPNcentral_status_toupdate.png
+ :width: 100%
+
+When an update is available, it will be shown in the list, including if this upgrade requires a reboot. The upgrade button starts
+the upgrade procedure, but will only upgrade machines that will require a reboot if **Enable reboot** is checked.
+
+.. Tip::
+
+ .. raw:: html
+
+ Use the refresh button to request status again.
+
+
+The upgrade wheel starts spinning when an upgrade was requested, since the upgrade itself can consume some time, you can revisit the
+status page later (or press refresh) to show the new status.
+
+
+Machine service status and control
+----------------------------------------------------
+
+The service status and control page provides an overview on all managed OPNsense firewalls connected to OPNcentral and
+offers the ability to restart services when needed.
+
+.. image:: images/OPNcentral_service_status_overview.png
+ :width: 100%
+
+In the screenshot above there are 7 machines managed by OPNcentral, for every configured service there's an icon reflecting the
+status of the service.
+
+
+.. raw:: html
+
+ Stopped (inactive, but configured)
+ Running (active)
+ Host unreachable or misconfigured
+
+
+When you click one of the service icons, the icon changes into a checkbox which can be used to restart the selected
+services with the button below the table.
+
+.. Tip::
+
+ The link in the host column brings you directly into the service control page of the selected firewall.
+
+
+Provisioning / sharing settings
+----------------------------------------------------
+
+The provisioning tool offers the ability to configure some settings in a more centralised manner. Inspired by the functionality that
+is offered for high-availability setups, you can distribute global settings among all connected firewalls for various configuration options.
+The central host acts as a template in this case.
+
+In order to configure the settings that should be shared, you can configure the "classes" to synchronize in the host settings :menuselection:`Management->Host configuration`.
+
+.. image:: images/OPNcentral_provisioning_host_classes_setup.png
+ :width: 50%
+
+Here you will find the same options as are available under :menuselection:`System->High Availability->Settings`.
+After configuring the desired parameters, you can use the Provisioning page (:menuselection:`Management->Provisioning`) to
+inspect status and push options to the attached firewalls.
+
+
+.. Warning::
+
+ Be **very** careful pushing settings to your connected firewall which may disconnect your session, such as firewall and routing related
+ options. The central management host can't predict if settings you plan to make lead to an inaccesible firewall.
+
+
+All provisioning classes known by the management machine will be shown in the table, combined with the status of each section.
+OPNcentral calculates if settings are equal, keeps track of changes and restarts related services when needed.
+
+.. image:: images/OPNcentral_provisioning_status.png
+ :width: 100%
+
+You can either selectlively reconfigure specific hosts with the checkbox or reconfigure all at once on command.
+
+.. raw:: html
+
+ Class equals this machine (nothing todo)
+ Changes ready to commit
+ Unknown yet configured class
+ Unable to connect
+
+
+.. Tip::
+
+ When users and groups are synchronized, the existing api key+secret is merged into the user with the same name to prevent access
+ issues after reconfigure. To avoid issues, make sure there's a unique username with proper credentials before using
+ the synchronization.
+
+
+.. Note::
+
+ Since various firewall sections depend on aliases, OPNcentral checks if aliases are used before removing local aliases
+ from the remote firewall.