KONG

KONG Enterprise

Next-Generation API platform for Modern Architecture

Kong is one of the world's fastest growing open source enterprise software companies. Kong provides the world’s largest companies, institutions, and government bodies with a next-generation API platform to secure, manage, and orchestrate microservice APIs. Kong accelerates innovation by enabling customers to better and more quickly develop, improve, deploy, and maintain applications and services for their customers.

Kong has been downloaded over 15 million times and has over 10 thousand active open source community members.

Key Functions

KONG offers some or all of seven major areas of functionality

Authentication and authorization.

Most of the gateways can leverage security credentials in an incoming message to perform authentication and authorization using client id tokens (aka API keys), digital signatures, two-way SSL, HTTP basic, OAuth2, and more — although some are quite limited in the authentication mechanisms they support.

Security integration.

To perform authentication and authorization, a gateway may use its own policy and identity stores or it may have pre built integration allowing it to delegate authentication or author ization to enterprise identity stores (e.g., LDAP, Active Directory), access management servers (e.g., single sign-on, entitlements servers). Applicable standards for this type of security federation include SAML, OAuth2, and OpenID Connect. Most gateways provide at least minimal support for security integration, but only in the API, messaging, and file gateways segment do all products upport broad features for security integration.

Cryptographic processing.

Message-level encryption and digital signatures serve needs of privacy, message integrity, and sometimes non-repudiation. All products in the API, message, and file gateway segment support cryptography (e.g., digital signatures, message-/field-level encryption); in other segments, one must examine each product individually.

Quotas and rate limits.

Quotas limit how many requests an API user is allowed over a typically extended time period (e.g., per month). Rate limiting governs message arrival rates over shorter durations of time (e.g., per second, per minute) regardless of what an API user’s remaining quota may be. The fewer API and message types a gateway supports, the less likely it will support both quotas and rate limits. On their own, gateways do not do billing, but some of their associated API management solutions do. In either case, a gateway can export detailed API call records to feed billing systems.

Content validation.

Using techniques such as XML and JSON schema validation, regular expressions, and XSLT, ensuring that an incoming message is well-formed helps to protect an API from various types of content-based attacks (e.g., blind XPath injection, SQL injection). In the special purpose and REST API gateway segments, some products support content validation; in the other segments, all do

Mediation and transformation.

Upon receiving an incoming request or prior to sending an outgoing response, gateways may manipulate messages in three major ways: 1) mediate between message protocols (e.g., HTTP to JMS), 2) mediate between message formats (e.g., JSON to XML), or 3) map and transform data (e.g., change “female” to “F” or map data between input and output fields). REST API gateways tend to support only data mapping and transformation, general purpose API gateways are mixed in their support, and API, messaging, and file gateways support all three types of manipulation.

Attack protection.

Rate limits and schema validation provide coarse-grained attack protection, but gateways may also implement specific functions to guard against denial of service attacks, injection attacks, viruses embedded in attachments, and other threats. Because they typically have the deepest processing capabilities, API, messaging, and file gateways tend to have the most attack protection capabilities, followed by the API and messaging gateway segment. A small number of gateways extend their attack protection capabilities with web application firewall features.

Kong Enterprise

As your organization’s software architecture evolves, you need a better method of brokering the exchange of information by your services. Increasingly distributed systems and adopting microservices create new challenges managing communications across your architecture. Kong Enterprise provides a simple, fast, scalable, and flexible service control platform for complex modern architectures. Kong Enterprise secures, manages and monitors all your services to accelerate innovation across all use cases. Use Kong Enterprise to connect your development teams, partners and customers with a unified platform. Reduce latency to less than 1ms. Remove bloating with a plugin-based architecture and lightweight integrations.

Scale clusters effortlessly, regardless of environment, vendor, configuration or deployment pattern. Kong Enterprise provides one platform for bare metal to
cloud-native, monolith to microservices, mesh and beyond.

OPTIMIZE PERFORMANCE

Accelerate your applications. Achieve sub-millisecond latency for virtually all requests. Scale horizontally to demand.

STREAMLINE DEVELOPMENT

Stop wasting time with redundant coding tasks, and start using plugins. Easily test deployments to reduce risk.

INCREASE GOVERNANCE

Take ownership of your infrastructure. Proactively find and address issues in real-time. Increase compliance with internal and industry standards.

FUTURE-PROOF YOUR INFRASTRUCTURE

Eliminate lock-in and build with innovation in mind with Kong’s vendor-, deployment-, and technology-agnostic platform. Take advantage of a thriving open-source community.

Running Mission-critical Microservices &
APIs On Kong Enterprise

Kong Enterprise

SCALABLE

Easily add nodes to your cluster regardless of your deployment type. Achieve flexibility at scale with microservices, serverless, mesh, and more.

PERFORMANT

Dramatically reduce latency with Kong’s sophisticated routing and request collapsing. Employ rate limiting to increase flexibility and accuracy.

FLEXIBLE

Deploy Kong in the cloud, on-premises or in hybrid environments, including single or global datacenter setups.

MODULAR

Extend Kong functional- ity with plugins that are installed and configured through a RESTful Admin API.

Copyright(c) 2019 BMTECH SYSTEM CO., LTD. All rights reserved.