[Kong Gateway]Product Overview, Strategy, and Roadmap Update

Transcript

1. 1 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY

2. 2 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY Product

   Overview, Strategy, and Roadmap Update November 2022 THE CLOUD CONNECTIVITY COMPANY

3. 3 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY 3

   The following slides may contain information related to upcoming products, features and functionality. The content is presented for informational purposes only and subject to change or delay without notice. The development, release and timing of products, features or functionality are at the sole discretion of Kong Inc.

4. Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY 4 Become

   Agile DevOps, GitOps, CI/CD, IaC Go Cloud Native Modernize & Migrate { REST } Microservices Mesh Serverless Monolith SOAP Unlock New Use Cases Real-time, IoT, and beyond IoT Real-time Omnichannel AI / ML Mobile Customer 360

5. The Future of Software is Distributed APIs & Microservices Are

   Increasing Exponentially 65% 87% 100%+ Increasing investment in APIs and Microservices1 Will fall behind if they fail to adopt APIs and Microservices2 YoY growth of APIs and Microservices worldwide3 1 Mckinsey CIO Survey 2 Vanson Bourne 3 Gartner Research

6. Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY 6 Exploding

   APIs = Reliability Challenges NETWORK TRAFFIC L4/L7 FUTURE 2002 WE’RE ONLY HERE! 2022 APIS AND MICROSERVICES

7. Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY 7 SOAP

   & REST Edge Monolithic Baremetal, VMs Data Center PROTOCOLS CONNECTIVITY PATTERNS APPLICATION TYPES PLATFORMS ENVIRONMENTS APIs Have Evolved, Legacy API Management Hasn’t # OF SERVICES AND AGILE TEAMS CONTROL AND VISIBILITY LEGACY TECH STACK REST, gRPC, GraphQL, Kafka Ingress, Service Mesh Microservices, Serverless Containers, Kubernetes Multi-region, Multi-cloud, Hybrid MODERN TECH STACK

8. Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY 8 Kong

   Enterprise Kong Mesh Kong Insomnia Kong Konnect The Kong API Platform - E2E APIm platform - Kong API Gateway - Apps: Portal and Vitals - 100% self-managed (on-prem) - SaaS E2E APIm platform - Kong API Gateway - Apps: Portal, Vitals, ServiceHub and Runtime Manager - Cloud control plane - and apps, self- - managed data - planes - Easy to use and operate service mesh - Built on Kuma CNCF project - Most popular OSS API developer tool - Browse, design, and test APIs - Integrated into Kong Enterprise and Kong Konnect via APIOps

9. Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY 9 Kong

   Enterprise Kong Mesh Kong Insomnia Kong Konnect (Cloud) Kong API Gateway Service Mesh API Explorer API Designer API Testing Platform Platform Portal Vitals Portal Service Hub Vitals Runtime Manager K8s Ingress Controller Kong Manager Community and Enterprise Plugins The Kong API Platform Outside of the scope of this presentation Inso CLI AuthN / AuthZ decK CLI Self-managed (i.e. on-prem) Kong hosted (i.e. cloud/saas)

10. 10 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY Decentralization

    and Automation with APIOps - Infra as code/config ⇔ API - 🥕 vs 🏒 governance - Enables speed, reliability, and re-use - Enables distributed autonomy with control - Benefits all: Devs, Architects, Operators

11. Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY 11 Kong

    Enterprise Kong Mesh Kong Insomnia Kong Konnect (Cloud) Kong API Gateway Service Mesh API Explorer API Designer API Testing Platform Platform Portal Vitals Portal Service Hub Vitals Runtime Manager K8s Ingress Controller Kong Manager Community and Enterprise Plugins First stop ⇒ The Kong API Gateway Inso CLI AuthN / AuthZ decK CLI decK CLI

12. 12 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY 12

    Kong Gateway - 🌍 most 😍 API gateway - Thriving OSS community - 100% API/declarative config driven - Multi-🌥 and multi-protocol - 🚀 performance - Rich OOTB plugin ecosystem Today 2.7 (Dec) • Secret Management P1 • Consumer Groups • KM OIDC Wizard 2.8 (Mar) • FIPS-2 • Secret management (Beta) 3.0 (Sep) • Router optimization • Plugin ordering • Secret manager-GA 3.1 (Dec) • SAML2 • OAS validation • AppDynamics • Datadog

13. 13 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY 13

    API Product Tiers with Consumer Groups Event Gateway with Kafka Plugin API AutN via OIDC and mTLS Secret Management - AWS, GCP, Vault FIPS 140-2 Validated Powerful GraphQL Enhancement Advanced Data Transformation - jQ, Config OPA Policy driven Traffic Mgmt Developer Speed with API Mocking Highlights of Kong Gateway Enterprise Cloud-Native Connectivity Capabilities FIPS 140-2 API

14. 14 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY 14

    Kong Gateway 3.0 Core Performance - Resource optimizations - More scalable inter-worker communication Event and Timer New Route Optimization - Configuration local persistence - Improved performance Fake Nginx request Timer coroutine Timer library worker http-log flush request http-log flush request http-log flush request http-log flush request http-log flush request - New Router object - More powerful Routes - Lay the foundation for incremental configuration change

15. 15 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY 15

    Kong Gateway 3.0 Plugins Secret Management (GA) - Modify the default plugin execution order - Without the need to change plugin code - No need to package another version of the same plugin with different priority value Plugin Ordering Open Telemetry-Tracing - Support open telemetry - Instrumentation of trace and span - Hashi Vault and AWS Secret Manager integration - Referenceable secrets for more secure deployments - Used in custom and bundled plugins

16. 16 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY 16

    Kong Gateway Flagship Features LMDB New Route Optimization Plugin Ordering Secrets Management Websocket Support FIPS 140-2 Kong Manager 3.0 LDAP Group Authentication OpenTelemetry New Router UBI + Slim Images

17. 17 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY 17

    Kong Gateway Flagship Features LMDB New Route Optimization Plugin Ordering Websocket Support FIPS 140-2 LDAP Group Authentication UBI + Slim Images Secrets Management Kong Manager 3.0 OpenTelemetry New Router

18. 18 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY New

    Router 18

19. 19 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY ▪

    Kong Gateway 3.0 ships with a new router ▪ The router is what helps Kong decide which upstream to forward inbound requests to ▪ The new router can be used in traditional-compatible mode, or using a new expression based language What is it? 19

20. 20 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY 20

    ▪ Comparable performance for commonly used scenarios ▪ Incremental rebuilds ◦ By leveraging efficient data structures instead of function closures for matching optimization ▪ More expressive format ◦ Reduced cardinality ◦ Reduced expensive regexs ▪ Unified implementation for all users ◦ Kong DP, Koko, Kong Manager, … Design Goals

21. 21 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY A

    DSL-based approach "protocols": ["http", "https"], "methods": ["GET", "POST"], "hosts": ["example.com" , "foo.test"], "paths": ["/foo", "/bar"], "headers": {"x-another-header":["bla"], "x-my-header":["foo", "bar"]}, 2.x 3.x (net.protocol == "http" || net.protocol == "https") && (http.method == "GET" || http.method == "POST") && (http.host == "example.com" || http.host == "foo.test") && (http.path ^= "/foo" || http.path ^= "/bar") && http.headers.x_another_header == "bla" && (http.headers.x_my_header == "foo" || http.headers.x_my_header == "bar") 21

22. 22 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY 22

    ▪ Reduced router rebuild time when changing Kong’s configuration ◦ Reduced P99 latency from 1.5s to 0.1s with 10,000 routes ▪ Powerful routing language that can handle complex routing requirements ▪ Increased runtime performance when routing requests Business Benefit

23. 23 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY OpenTelemetry

    23

24. 24 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY 24

    ▪ OpenTelemetry (OTel) is a collection of tools, APIs and SDKs to instrument, collect and export telemetry data for your software ▪ Use it to understand what your software is doing, how it’s performing and where time is being spent during execution What is it?

25. 25 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY 25

    ▪ Allows DevOps and SRE teams to understand where time is being spent when running Kong Gateway to help tune performance ▪ Provides a Plugin Development Kit (PDK) to enable customers to instrument their own custom plugins Business Benefit

26. 26 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY Kong

    Manager 26

27. 27 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY 27

    ▪ Kong Manger is a UI that we provide to help customers configure and monitor their Kong deployment ▪ Kong Manager 3.0 ships a new design and improved user experience (including more tooltips) What is it?

28. 28 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY 28

29. 29 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY Secrets

    Management 29

30. 30 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY 30

    ▪ Store sensitive information in external vaults, such as AWS Secrets Manager, Google Cloud Secrets Manager or Hashicorp Vault ▪ Secrets can be used for any kong.conf value, and specific plugins (with more being added each release) ▪ Automatic secret rotation is supported for some values (such as Postgres password) What is it?

31. 31 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY 31

    ▪ Ensure these Sensitive Keys used in Kong Deployments are: ◦ Secrets are not inadvertently visible throughout Kong’s platform (e.g decK configurations, logs, Manager UIs) which may lead to unauthorized access. ◦ Secrets can be securely stored, tightly controlled and are auditable by IT organizations ▪ Move from “Secret Sprawl” to Centralization ◦ Customers can leverage their own centrally managed secret management infrastructure to ensure sensitive information necessary for Gateway operations is up-to-date and adheres to IT security policies Business Benefit

32. 32 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY 32

    1) Use pre-built “Connectors” to AWS Secret Manager, Hashicorp Vault and Google Cloud Secret Manager 2) Reference secrets using a simple and intuitive variable used throughout Kong configurations: {vault://driver/secret/path} 3) Automatically resolve secrets on Kong Data Planes whose secret values only exist in memory and are obfuscated throughout the deployment. Key Features

33. 33 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY Architecture

    33

34. 34 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY –

    Original Timer – Timer library 34 Timer Library Make Callback Functions Scalable

35. 35 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY wrk

    -c 10000 -t 36 -d 3m --latency http://localhost:8080 35 Events Library Improved inter-worker communication

36. 36 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY 36

    New Storage Engine for Hybrid and DB-less LMDB

37. 37 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY 37

    Kong Gateway 3.1 (ETA: End of November) Headless Scale-out - On-demand granularity control of logs for Day 2 operations. Dynamic Log Level Changes More OOTB Plugins - AppDynamics and Datadog - SAML 2.0 Authentication - JWT Encryption & Decryption - Open API Spec validation - XML threat-protection - - DPs can scale out even with no connection to Control Plane - DPs can navigate your forward proxies

38. 38 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY -

    Token based authentication - Gateway 3.0 plugin ordering and secret management support 38 decK Command Line Interface - Configure Kong gateways - Configure Konnect runtime groups - Drift detection, backup and restore - Distributed configuration Today Roadmap Roadmap kong.yaml _format_version: '1.1' services: - name: Mockbin host: mockbin.org port: 443 protocol: https retries: 3 read_timeout: 60000 write_timeout: 60000 routes: - name: endpoint1 paths: - /endpoint1 preserve_host: false protocols: - http - https regex_priority: 0 strip_path: true plugins: - name: acl enabled: true

39. 39 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY 39

    Kong Kubernetes Ingress Controller - Kong API Gateway 💪 via K8s CRDs - Kubernetes Gateway API support - Integrated Prometheus metrics - Plugin-in Istio gateway support - Kong Gateway Operator - Konnect Platform integrations - Create svc in portal from k8s - Create Gateways directly from Konnect Today Roadmap

40. 40 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY 40

    Kong Gateway Looking Beyond 3.0

41. 41 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY Other

    Runtimes KONG GATEWAY WasmX - Multi-language connectivity support • Write Connectivity Logic in a WASM supported language • Compile to WASM and run on any WASM supported runtime layer • Go, Rust, and JavaScript are P1 WASM CONNECTIVITY RUNTIME LAYER KONG MESH Side-car Logic Edge Traffic Logic Edge Traffic Logic

42. 42 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY Project

    Kayak (Internal Name) {"Geeks":[ { "firstName":"Vivek", "lastName":"Kothari" }, { "firstName":"Suraj", "lastName":"Kumar" }, { "firstName":"John", "lastName":"Smith" }, { "firstName":"Peter", "lastName":"Gregory" } ]} <Geeks> <Geek> <firstName>Vivek</firstName> <lastName>Kothari</lastName> </Geek> <Geek> <firstName>Suraj</firstName> <lastName>Kumar</lastName> </Geek> <Geek> <firstName>John</firstName> <lastName>Smith</lastName> </Geek> <Geek> <firstName>Peter</firstName> <lastName>Gregory</lastName> </Geek> </Geeks> input to json KScript GATEWAY MESH Compiled to

43. Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY 43 Kong

    Konnect (Cloud) Kong Enterprise Kong Mesh Kong Insomnia Kong API Gateway Service Mesh API Explorer API Designer API Testing Platform Platform Portal Vitals Portal Service Hub Vitals Runtime Manager K8s Ingress Controller Kong Manager Community and Enterprise Plugins Next ⇒ Kong Konnect complements the 🌍 most 😍 API gateway Inso CLI AuthN / AuthZ decK CLI decK CLI

44. Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY 44 Traffic

45. 45 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY Decentralization

    and Automation with APIOps - Infra as code/config ⇔ API - 🥕 vs 🏒 governance - Enables speed, reliability, and re-use - Enables distributed autonomy with control - Benefits all: Devs, Architects, Operators

46. 46 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY Federated

    Governance at Scale RUNTIME FUNCTIONALITY USERS Kong Gateway Kong Mesh Kong Ingress Controler Portal Runtime ServiceHub Vitals Insomnia OPERATORS ENTERPRISE ARCHITECTS DEVELOPERS App Team 1 App Team 2 App Team 3

47. Kong Proprietary and Confidential Kong Konnect Fastest SaaS API platform

    for multi-cloud environments SaaS-based control plane accelerates deployments and offers expanded APIOps & Full-Lifecycle applications Self-managed runtimes provide flexibility for any hybrid or multi-cloud deployment pattern Gateway Gateway Global Management Plane ServiceHub Runtime Manager Vitals Developer Portal Kong Insomnia* * Kong Insomnia is a Kong product that integrates natively with Kong Konnect.

48. THE CLOUD CONNECTIVITY COMPANY Kong Confidential 48 Konnect Platform -

    Fine grained teams and role assignment - Generic IdP OIDC federation - Multi-Geo (US & EU) - Personal Access Tokens - Multi-Geo (Australia, Japan) - Next generation platform APIs - Audit logs, Social Login Today Roadmap

49. THE CLOUD CONNECTIVITY COMPANY Kong Confidential 49 Runtime Manager -

    Multi-cluster Management - Runtime groups: SaaS-delivered “virtual” gateway control planes - Kong Gateway 3.0 - Mixed-version runtime groups - Self-service custom certificates management - API & UI support for consumer groups + secret management - Cloud runtime launchers - include GCP Today Roadmap

50. THE CLOUD CONNECTIVITY COMPANY Kong Confidential 50 Service Hub -

    Connectivity Registry of Record - Support for Kong & non-Kong services - Versioning and documentation - Streamlined Runtime Manager integration - Contextual insights - Non-Gateway Cataloging Roadmap Today

51. THE CLOUD CONNECTIVITY COMPANY Kong Confidential 51 Developer Portal -

    Publish your APIs - Customizable - domain, style, templates - Flexible documentation content - Application registration workflows - Multi-version support & version lifecycle - Published administration APIs - Code Level Frontend customization - Portal teams & permissions for content access control Today Roadmap

52. THE CLOUD CONNECTIVITY COMPANY Kong Confidential 52 Analytics - Business

    API Analytics - Throughput, latency, error rate by route, service, or application - Available in context of service or raw report - Ability to create custom reports - 360 data exploration - Consumer analytics - Custom dashboards Today Roadmap

53. Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY 53 Kong

    Konnect (Cloud) Kong Enterprise Kong Mesh Kong API Gateway Service Mesh Platform Platform Portal Vitals Portal Service Hub Vitals Runtime Manager K8s Ingress Controller Kong Manager Community and Enterprise Plugins Next ⇒ Insomnia the 🌍 most 😍 OSS API developer tool AuthN / AuthZ decK CLI decK CLI Kong Insomnia API Explorer API Designer API Testing Inso CLI

54. 54 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY 54

    Insomnia - Overview - Support for REST, gRPC, and graphQL APIs - Sync and git integration for collaboration - Publish OpenAPI specs to Dev Portal - CLI companion for APIOps in CI/CD - Debug and test Websocket APIs - Login with GitHub and Google - More collaboration with invite flows - RBAC and SSO with Konnect as backend Today Roadmap

55. Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY 55 Kong

    Konnect (Cloud) Kong Enterprise Kong API Gateway Platform Platform Portal Vitals Portal Service Hub Vitals Runtime Manager K8s Ingress Controller Kong Manager Community and Enterprise Plugins Next ⇒ Kong Mesh - Easy to use, powerful, and based on Kuma AuthN / AuthZ decK CLI decK CLI Kong Insomnia API Explorer API Designer API Testing Inso CLI Kong Mesh Service Mesh

56. 56 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY 56

    Kong Mesh - Overview - 15+ service mesh policies - Multi-cluster/cloud, K8s and VMs - Cross-Kong Mesh Communication - Native integration with Kong Gateway - Expanded policies (Policy Selectors 2.0) - eBPF CNI - RBAC Auditing - Mesh Gateway GA Today Roadmap

57. 57 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY Oct

    - Dec: 75% Most Likely Kong Gateway or Kong Enterprise Kong Konnect Kong Insomnia Jan - March: 60% Likely SAML 2.0 Plugin Multi-geo support: Australia Gateway: Secret Mgmt & Consumer Groups Developer & application analytics Kong Manager 3.0 Ongoing Improvements Response Schema Validation FIPS Compliance - Plugins Identity and Runtime Group APIs Konnect Platform Konnect Developer Portal Insomnia Kong Gateway and Kong Ingress Controller Multi-runtime Groups App Reg Multi-geo support AU Cloud Application Rewrite + Refactoring API - Needed for Vision24 Social and EE SSO Invite Flows Dynamic client registration Service Doc Mgmt. Platform APIs AppDynamic Plugin Data Dog Advanced Plugin XML Threat Protection Headless DP Scale-out Dynamic log level changes KIC ⇔ Konnect Integration Contextual API documentation Mocking RBAC Runtime cert mgmt & proxy support Self-managed custom plugins Custom dashboards & drill-down Platform audit logs Cloud Launcher Beta, Gateway 3.1, Runtime UI enhancements RBAC for Portal Content Support for Azure Vault Overall End-to-End Experience Improvements (Key Plugins, APIOps, …)

58. 58 Thanks for listening!

59. 59 Appendix - Kong Mesh additional Slides

60. 60 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY 60

    Next 6 months Beyond eBPF - iptables lookup leveraging eBPF Serverless - AWS Lambda support RBAC Auditing - Exact logs of changes SSO - For API and UI Authentication Cross Mesh Discovery - Istio (& other mesh) integrations Top policies - More policies as requested by customers and community (see next slide)

61. 61 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY Kong

    Mesh Policies Roadmap FY 22 SECURITY PROTOCOLS DEPLOYMENT & POLICIES Certificate Rotation Extensible CAs CA Rotation Vault PKI Integration CP Auditing [1] DP Auditing [1.1] FIPS-140 Encryption Additional PKIs OIDC GUI EAR* Secrets [2] EAR* All Resources [2] Universal RBAC Multi-Zone AuthN PKI Compliance Reports DONE DONE ENTERPRISE ENTERPRISE ENTERPRISE ENTERPRISE ENTERPRISE ENTERPRISE ENTERPRISE ENTERPRISE ENTERPRISE ENTERPRISE ENTERPRISE ENTERPRISE DONE DONE DONE CUSTOMER-INFLUENCED IMPLEMENTED IN K8S MODE [1] On K8s via Webhooks [1.1] Envoy configuration [2] Encryption At Rest L4 Routing L4 Traffic Permission L4 Traffic Log L4 Traffic Metrics HTTP Traffic Trace L7 Traffic Routing L7 Traffic Perm. Kafka Traffic Routing Kafka Traffic Perm. Hybrid Mode Security gRPC Routing gRPC Traffic Perm. DONE DONE ENTERPRISE DONE DONE DONE ENTERPRISE ENTERPRISE DONE DONE Simple Universal Hybrid Universal Hybrid Universal DNS Topology GUI UBI Images AWS ECS & Fargate Fault Injection OPA Traffic Mirror Adaptive Routing WASM Filters Rate Limiting Windows Support DONE DONE DONE ENTERPRISE DONE DONE DONE ENTERPRISE ENTERPRISE 2.x PROXY TEMPLATE DONE DONE DONE DONE DONE 2.x 2.x 2.x ENTERPRISE DONE ENTERPRISE 2.x IMPLEMENTED IN K8S MODE

62. 62 Kong Proprietary and Confidential THE CLOUD CONNECTIVITY COMPANY Decentralization

    and Automation with APIOps - Infra as code/config ⇔ API - 🥕 vs 🏒 governance - Enables speed, reliability, and re-use - Enables distributed autonomy with control - Benefits all: Devs, Architects, Operators

63. 63 Appendix - Kong ⇔ NeoSec

64. SERVICEHUB PORTAL ANALYTICS RUNTIME MANAGER Enterprise Architects Enable re-use and

    manage cross-app concerns DEPLOY External Developers Operators DISCOVER PUBLISH TO A MANAGE A A REGISTERED TOA

65. SERVICEHUB PORTAL ANALYTICS RUNTIME MANAGER Enterprise Architects & InfoSec Enable

    re-use and manage cross-app concerns DEPLOY External Developers Operators DISCOVER PUBLISH TO A MANAGE A A REGISTERED TOA DISCOVERY SECURITY STRENGTHEN SECURITY

66. SERVICEHUB PORTAL ANALYTICS RUNTIME MANAGER Enterprise Architects & InfoSec Enable

    re-use and manage cross-app concerns DEPLOY External Developers Operators PUBLISH TO A MANAGE A A REGISTERED TOA DISCOVERY SECURITY STRENGTHEN SECURITY

67. Oct - Dec: 75% Most Likely Kong Gateway or Kong

    Enterprise Kong Konnect Kong Insomnia Jan - March: 60% Likely SAML 2.0 Plugin Multi-geo support: Australia Gateway: Secret Mgmt & Consumer Groups Developer & application analytics Kong Manager 3.0 Ongoing Improvements Response Schema Validation FIPS Compliance - Plugins Workspaces Config Scoping Identity and Runtime Group APIs Konnect Platform Konnect Developer Portal Insomnia Kong Gateway and Kong Ingress Controller Multi-runtime Groups App Reg Multi-geo support EU Cloud Application Rewrite + Refactoring API - Needed for Vision24 Social and EE SSO Invite Flows Dynamic client registration Service Doc Mgmt. Platform APIs AppDynamic Plugin Data Dog Advanced Plugin XML Threat Protection Headless DP Scale-out Dynamic log level changes KIC ⇔ Konnect Integration Contextual API documentation Mocking RBAC Runtime cert mgmt & proxy support Self-managed custom plugins Custom dashboards & drill-down Platform audit logs Cloud Launcher Beta, Gateway 3.1, Runtime UI enhancements RBAC for Portal Content Support for Azure Vault Overall End-to-End Experience Improvements (Key Plugins, APIOps, …)