added instructions overview

product_docs/docs/tde/15/enabling_tde_epas.mdx

@@ -1,15 +1,38 @@
 ---
-title: "Enabling TDE on an existing EDB Postgres Advanced Server database cluster"
+title: "Enabling TDE on an existing EDB Postgres Advanced Server cluster"
 navTitle: Enabling TDE on an existing EDB Postgres Advanced Server cluster
+deepToC: true
 ---
 
-This worked example describes how to use `pg_upgrade` to enable TDE on an EDB Postgres Advanced Server 16.
+## Enabling TDE on an EDB Postgres Advanced Server cluster
 
-## Preparing your upgrade 
+Create a new EDB Postgres Advanced Server cluster with TDE enabled 
+and use `pg_upgrade` to transfer data from the existing source cluster to the new encrypted cluster. 
+
+- [Prepare your upgrade](#preparing-your-upgrade) by performing a backup of the existing instance. 
+- [Create a new database server](#creating-an-encrypted-server)
+    - Create an empty directory for the new server and ensure `enterprisedb` owns it.
+    - Set the environment variables to export the `wrap` and `unwrap` commands for encryption. 
+    - Initialize a server with encryption enabled.
+    - Change the default port, so the new server is available at another port. 
+    - Start the database server.
+    - Connect to the database server and ensure it is functioning.
+- [Upgrade to the encrypted server](#upgrading-to-the-encrypted-server)
+    - Stop both the source and the new server. 
+    - Use `pg_upgrade` with `--copy-by-block` option to copy data from the source server to the new server. Specify the source and target bin and data directories. 
+    - Start the new encrypted databaser server. 
+    - Connect to the encrypted database server and ensure the data was transfered. 
+- [Clean up and delete the source server](#cleaning-up-after-upgrade)
+    - Clean up the database and its statistics. 
+    - Remove the source EDB Postgres Advanced Server cluster with the script provided by `pg_upgrade`. 
+
+## Worked example
+
+### Preparing your upgrade 
 
 Use [pg_dumpall](https://www.postgresql.org/docs/current/app-pg-dumpall.html), [pgBackRest](/supported-open-source/pgbackrest/), or [Barman](/supported-open-source/barman/) to create a backup of your unencrypted source server. 
 
-## Creating an encrypted server 
+### Creating an encrypted server 
 
 1.  Create an empty directory for the new server: 
 
@@ -67,7 +90,7 @@ Use [pg_dumpall](https://www.postgresql.org/docs/current/app-pg-dumpall.html), [
 
 1.  To ensure the new server is encrypted, [check for TDE presence](enabling_tde/#checking-for-tde-presence-using-sql). 
 
-## Upgrading to the encrypted server
+### Upgrading to the encrypted server
 
 1.  Stop both servers:
 
@@ -94,7 +117,7 @@ Use [pg_dumpall](https://www.postgresql.org/docs/current/app-pg-dumpall.html), [
     /usr/lib/edb-as/16/bin/pg_upgrade -b /usr/lib/edb-as/16/bin -B /usr/lib/edb-as/16/bin -d /var/lib/edb-as/16/non-TDE -D /var/lib/edb-as/16/TDE --copy-by-block
     ```
 
-1.  Initialize the encrypted server: 
+1.  Restart the encrypted server: 
 
     ```
     /usr/lib/edb-as/16/bin/pg_ctl -D /var/lib/edb-as/16/TDE start
@@ -119,7 +142,7 @@ Use [pg_dumpall](https://www.postgresql.org/docs/current/app-pg-dumpall.html), [
     SELECT * FROM dept;
     ```
 
-## Cleaning up after upgrade 
+### Cleaning up after upgrade 
 
 After you verify that `pg_upgrade` encrypted the data successfully, perform a cleanup.