Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[DOCU-2426] Kong Enterprise: Overview #4263

Merged
merged 7 commits into from
Aug 22, 2022
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
104 changes: 101 additions & 3 deletions src/gateway/kong-enterprise/index.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,104 @@
---
title: Enterprise Overview

title: Overview
badge: enterprise
content_type: explanation
---

## PLACEHOLDER Enterprise Overview
In addition to the {{site.base_gateway}} open source, free, and plus features, users with an Enterprise plan also have access to Enterprise-only features. These features enhance the security, monitoring, and management capabilities of {{site.base_gateway}}.

The following sections describe key Kong Enterprise features.

## Monitoring and analytics

Use [Vitals](/gateway/{{page.kong_version}}/kong-enterprise/vitals/) to gain deep insights into service, route, and application usage and health monitoring data. Keep your finger on the pulse of the health of your API products with custom reports and contextual dashboards. In addition, you can enhance the native monitoring and analytics capabilities with {{site.base_gateway}} plugins that enable streaming monitoring metrics to third-party analytics providers, such as Datadog and Prometheus.

[Start monitoring with Vitals →](/gateway/{{page.kong_version}}/kong-enterprise/vitals/)

## Secrets management

Application secrets include sensitive data like passwords, keys, certifications, tokens, and other items
which must be secured. {{site.base_gateway}} supports
[secrets management](/gateway/{{page.kong_version}}/kong-enterprise/secrets-management/),
which allows you to store secrets in a vault to help you protect them from accidental exposure. By storing sensitive values as secrets, you ensure that they are not
visible in plaintext throughout the platform, in places such as `kong.conf`,
in declarative configuration files, logs, or in the Kong Manager UI.

[Secure your application secrets →](/gateway/{{page.kong_version}}/kong-enterprise/secrets-management/)

## Dynamic plugin ordering

By default, the execution order of {{site.base_gateway}} plugins is static. [Dynamic plugin ordering](/gateway/{{page.kong_version}}/kong-enterprise/plugin-ordering/) allows you to override the priority for any {{site.base_gateway}} plugin using each plugin's `ordering` field.
This determines plugin ordering during the `access` phase,
and lets you create _dynamic_ dependencies between plugins.

[Get started with dynamic plugin ordering →](/gateway/{{page.kong_version}}/kong-enterprise/plugin-ordering/)

## Dev Portal

Streamline developer onboarding with the [Dev Portal](/gateway/{{page.kong_version}}/kong-enterprise/developer-portal/), which offers a self-service developer experience to discover, register, and consume published services from your Service Hub catalog. This customizable experience can be used to match your own unique branding and highlights the documentation and interactive API specifications of your services. Enable application registration to automatically secure your APIs with a variety of authorization providers.

[Learn more about Dev Portal →](/gateway/{{page.kong_version}}/kong-enterprise/developer-portal/)

## Audit logging

{{site.base_gateway}} provides a granular logging facility on its Admin API. This
allows cluster administrators to keep detailed track of changes made to the
cluster configuration throughout its lifetime, aiding in compliance efforts and
providing valuable data points during forensic investigations. Generated audit
log trails are [workspace](/gateway/{{page.kong_version}}/admin-api/workspaces/reference) and [RBAC](/gateway/{{page.kong_version}}/admin-api/rbac/reference)-aware,
providing {{site.base_gateway}} operators a deep and wide look into changes happening within
the cluster.

[Get started with audit logging →](/gateway/{{page.kong_version}}/kong-enterprise/audit-log/)

## Keyring and data encryption

{{site.base_gateway}} allows you to store sensitive data fields, such as consumer secrets, in an encrypted format within the database. This provides encryption-at-rest security controls in a {{site.base_gateway}} cluster.

This functionality provides transparent, symmetric encryption of sensitive data fields at rest. Transparency refers to the fact that, when enabled, encryption and decryption of data is done by {{site.base_gateway}} immediately before writing, or immediately after reading from the database. Responses generated by the Admin API containing sensitive fields continue to show data as plaintext, and runtime elements of {{site.base_gateway}} (such as plugins) that require access to sensitive fields do so transparently, without requiring additional configuration.

[Set up keyring and data encryption →](/gateway/{{page.kong_version}}/kong-enterprise/db-encryption/)

## Roles-based access control (RBAC)

You can configure {{site.base_gateway}} users, roles, and permissions with role-based access control (RBAC), either through the [Admin API](/gateway/{{page.kong_version}}/admin-api/rbac/reference/) or with [Kong Manager](/gateway/{{page.kong_version}}/kong-manager/auth/rbac). RBAC lets you manage access to resources in {{site.base_gateway}}.

[Manage teams with RBAC →](/gateway/{{page.kong_version}}/kong-manager/auth/rbac)

## Workspaces

[Workspaces](/gateway/{{page.kong_version}}/admin-api/workspaces/examples/) provide a way to segment or group {{site.base_gateway}} entities. Entities in a workspace are isolated from those in other workspaces.

[Learn more about workspaces →](/gateway/{{page.kong_version}}/kong-manager/workspaces/)

## Consumer groups

You can use [consumer groups](/gateway/{{page.kong_version}}/admin-api/consumer-groups/reference/) to manage custom rate limiting configuration for subsets of consumers. With consumer groups, you can define any number of rate limiting tiers and
apply them to subsets of consumers, instead of managing each consumer
individually.

For example, you could define three consumer groups:
* A "gold tier" with 1000 requests per minute
* A "silver tier" with 10 requests per second
* A "bronze tier" with 6 requests per second

[Set up consumer groups →](/gateway/{{page.kong_version}}/admin-api/consumer-groups/reference/)

## Event hooks

Event hooks are outbound calls from {{site.base_gateway}}. With event hooks, the {{site.base_gateway}} can communicate with target services or resources, letting the target know that an event was triggered. When an event is triggered in the {{site.base_gateway}}, it calls a URL with information about that event. Event hooks add a layer of configuration for subscribing to worker events using the admin interface. Worker events are integrated into {{site.base_gateway}} to communicate within the gateway context. For example, when an entity is created, the {{site.base_gateway}} fires an event with information about the entity. Parts of the {{site.base_gateway}} codebase can subscribe to these events, then process the events using callbacks.

In {{site.base_gateway}}, these callbacks can be defined using one of the following handlers:

* webhook
* webhook-custom
* log
* lambda

You can configure event hooks through the Admin API.

[Learn more about event hooks →](/gateway/{{page.kong_version}}/admin-api/event-hooks/reference/)

## More information

See [Plugin Compatibility](/hub/plugins/compatibility/) for more information about Enterprise-only plugins.