Kong Mesh
Kong Mesh is an enterprise-grade service mesh that runs on both Kubernetes and VMs on any cloud. Built on top of CNCF’s Kuma (donated by Kong) and Envoy and focused on simplicity, Kong Mesh enables microservices transformation.
Features
- Out-of-the-box service connectivity and discovery
- Zero-trust security
- Traffic reliability
- Global observability across all traffic, including cross-cluster deployments
Benefits
- Easily Secure and encrypt traffic between service
- Gain full visibility of traffic between services
- Quickly spot and address issues
- Improve developer productivity by offloading common tasks into service mesh
- Quickly and easily build highly available systems
- Support for Kubernetes and non Kubernetes environments
Pricing
£166,000 a unit a year
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
8 3 6 3 3 4 4 0 6 3 5 3 1 0 1
Contact
Kong, Inc.
Rory McCall
Telephone: 07905 634 386
Email: rory.mccall@konghq.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
-
- Public cloud
- Private cloud
- Community cloud
- Hybrid cloud
- Service constraints
- None
- System requirements
- None
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Response times depend on severity level and the support level purchased.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- No
- Web chat support
- Web chat
- Web chat support availability
- 24 hours, 7 days a week
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- Kong customer experience team members can join customer Instant Messaging tools if available
- Web chat accessibility testing
- N/A
- Onsite support
- Yes, at extra cost
- Support levels
-
Severity based SLAs defined by Pro, Business & Platinum support plans. Cost dependent on license configuration:
Severity Level 1 (Urgent):
Pro: 4 business hours
Business: 2 business hours
Platinum: 2 hours (24 x 7 x 365)
Severity Level 2 (High):
Pro: 24 business hours
Business: 4 business hours
Platinum: 4 hours (24 x 7 x 365)
Severity Level 3 (Normal):
Pro: 48 business hours
Business: 8 business hours
Platinum: 4 business hours
Severity Level 4 (Low):
Pro: 96 business hours
Business: 16 business hours
Platinum: 8 business hours
Business Hours means 7 a.m to 7 p.m. Monday to Friday excluding banking or statutory holidays in San Francisco (PST/PDT), London (GMT/BST), or Singapore (SGT) time zones. Applicable time zone is determined based on the region (North/South America, EMEA, AP/ANZ) of the Customer's address in the applicable Order - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
When a customer completes paperwork, they are immediately introduced to their technical account manager, who is a named contact and will remain with the customer for the duration of their license term.
Normally the first call a technical account manager will schedule with a custom is an onboarding call to discuss:
a) Getting access to the enterprise software and license
b) Getting access to the Kong support portal
c) Getting access (if applicable) to Kong university for self paced learning
The technical account manager will also work with the customer to understand their goals and objectives using the Kong platform, before assisting the customer team with customised onboarding help relevant to their usecase and priorities. - Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- Data in the system is exposed through an API and user interface. In the event of a customer exiting their contract this data can be programatically exported.
- End-of-contract process
- The Kong team works closely with its customers in order to ensure you gain the maximum value from your investment in Kong Mesh and associated professional services. 6 months prior to the contract end date we will begin discussions relating to the contract renewal or the contract expiration and product off-boarding process.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- Yes
- Compatible operating systems
- Linux or Unix
- Designed for use on mobile devices
- No
- Service interface
- Yes
- User support accessibility
- None or don’t know
- Description of service interface
- Kong Mesh includes an HTTP API, a CLI (Called kumactl) and a Read Only UI
- Accessibility standards
- None or don’t know
- Description of accessibility
- N/A
- Accessibility testing
- N/A
- API
- Yes
- What users can and can't do using the API
-
Kong Mesh ships with a RESTful HTTP interface that you can use to retrieve the state of your configuration and policies on every environment, and when running on Universal mode it will also allow to make changes to the state. On Kubernetes, you will use native CRDs to change the state in order to be consistent with Kubernetes best practices.
CI/CD: The HTTP API can be used for infrastructure automation to either retrieve data, or to make changes when running in Universal mode. The kumactl CLI is built on top of the HTTP API, which you can also access with any other HTTP client like curl - API documentation
- Yes
- API documentation formats
- HTML
- API sandbox or test environment
- No
- Customisation available
- Yes
- Description of customisation
- Kong Mesh is very extensible in that many different types of policies and configuration options are available. This provides a rich set of options that satisfies the majority of customer requirements. If needed the proxy template policy provides configuration options for low-level Envoy resources that Kong Mesh policies do not directly expose. Generally though we would work directly with customer to add new policies into the core product as needed.
Scaling
- Independence of resources
- N/A, Kong Mesh is managed by each individually licensed customer. The same product deployment is not shared between different organisations so one users demand cannot adversely affect another.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
Kong Mesh facilitates consistent traffic metrics across all data plane proxies in your mesh. Add metrics to a mesh configuration, or to an individual data plane proxy configuration. E.g., you might need metrics for individual data plane proxies to override the default metrics port if it's already in use on the specified machine. Kong Mesh provides full integration with Prometheus:
Each proxy can expose its metrics in Prometheus format.
Because metrics are part of the mesh configuration, Prometheus automatically finds every proxy in the mesh.
Collect metrics from Kong Mesh by exposing metrics from proxies then configure Prometheus to collect. - Reporting types
-
- API access
- Real-time dashboards
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
- Other
- Other data at rest protection approach
-
All services within Mesh are protected by mTLS policies when communicating with each other. Sophisticated travel management policies determine which service can communicate with which other services.
To secure different aspects of the services themselves we provide:
Full support for mTLS connectivity between the Control Plane and Data Plane Proxies
Access to the API Server HTTPS server secured by default by autogenerated certificates.
Control Plane to Control plane communication and Control Plane to Postgres communication (where required) secured using mTLS
Certificates can be provided directly by the user.
We support HashiCorp Vault server and Amazon Certificate Manager Private CA. - Data sanitisation process
- No
- Equipment disposal approach
- In-house destruction process
Data importing and exporting
- Data export approach
- Data can be exported using the Admin API, declarative configuration, or by reading the underlying configuration database.
- Data export formats
- Other
- Other data export formats
-
- YAML
- JSON
- Data import formats
- Other
- Other data import formats
-
- YAML
- JSON
Data-in-transit protection
- Data protection between buyer and supplier networks
- Other
- Other protection between networks
- Kong Mesh is a customer hosted software product, it does not run in Kong's network.
- Data protection within supplier network
- Other
- Other protection within supplier network
- Kong Mesh is a customer hosted software product, it does not run in Kong's network.
Availability and resilience
- Guaranteed availability
- N/A. Kong Mesh is a customer-hosted software product. Availability of the product is down to the customer implementation
- Approach to resilience
- N/A. Kong Mesh is a customer-hosted software product. Availability of the product is down to the customer implementation
- Outage reporting
- N/A. Kong Mesh is a customer-hosted software product.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Other
- Other user authentication
- There is a limited requirement for users to interact with our system. When they do we Authenticate using a UserID and Token
- Access restrictions in management interfaces and support channels
- Login to the Support Portal is secured using username and password.
- Access restriction testing frequency
- Never
- Management access authentication
- Other
- Description of management access authentication
- There is a limited requirement for ordinary users to interact with our system, only for system administration purposes. When they do we Authenticate using a UserID and Token. We then have an RBAC capbility that determines what sort of access to provide to the User via the use of roles. Roles include; Admin, Service Owner, Observability Operator, Single Mesh operator
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
- SOC 2, Type 2
Security governance
- Named board-level person responsible for service security
- No
- Security governance certified
- Yes
- Security governance standards
- Other
- Other security governance standards
- Kong is certified to the SOC 2, Type 2 standard
- Information security policies and processes
- Kong has a comprehensive set of security policies. Kong's security practices have been audited to the SOC 2, Type 2 standard. Kong's Information Security team reports to the SVP Engineering and through them to the Board of Directors. Kong also maintains a Compliance function responsible for, among other things, internal audits of security-related practices, which reports to the VP Legal and through them to the Board of Directors
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
Kong follows a recognized change management process for its software development processes, including division of responsibilities between developer, reviewer, and approver, and unit, build and product testing prior to release.
The Kong Change Control Policy and Procedure was enacted to document the workflows for implementing code changes. Workflows are documented and require a multi-step approval. Ticketing system Jira is used to track and monitor the status and ownership of requested changes. Code changes are controlled through workflows in GitHub. Information designated as confidential is not stored, processed, or maintained in development or test systems, or non- production environments. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Kong software is regularly monitored for known vulnerabilities. Kong software dependencies are scanned by automated tools in its code repository. Code is peer reviewed for accuracy, performance and vulnerabilities as part of Kong’s change control process. Third-parties may report vulnerabilities to Kong through a defined process. Reported vulnerabilities are addressed based on an assessment of the CVSS score, which determines the timeline for the development of an appropriate fix. Additionally, external penetration tests and vulnerability assessments are conducted annually. Results are reported to Engineering Management and IT Administrators, with an action plan to correct any identified vulnerabilities.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Kong software is regularly monitored for known vulnerabilities. Kong software dependencies are scanned by automated tools in its code repository. In addition, code is peer reviewed for accuracy, performance and vulnerabilities as part of Kong’s change control process. Third parties may report vulnerabilities to Kong through a process disclosed on Kong’s public-facing website. Reported vulnerabilities are addressed by Kong based on an assessment of the CVSS score, which determines the timeline for the development of an appropriate fix.
- Incident management type
- Supplier-defined controls
- Incident management approach
-
Kong maintains an incident reporting policy and response plan.
Kong personnel are required to report potential data security incidents to the Kong Security team.
Protocol for responding to incidents are contained in the Data Incident Response Procedure.
Security event resolutions are reviewed periodically at Incident Response Team meetings.
Changes/improvements in protocol/systems are addressed in these meetings. Changes are documented and signed-off by relevant parties.
If needed, internal and external users are informed and advised of any measures to take.
Any required notices to regulators and consumer reporting agencies are made.
Probation, suspension or termination are potential sanctions for employee misconduct.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
- - Covid-19 recovery
-
Covid-19 recovery
Kong Enterprise doesn't deliver against the social values directly but customers are using Kong Enterprise to build citizen services that help with Covid-19 recovery - Tackling economic inequality
-
Tackling economic inequality
- - Equal opportunity
-
Equal opportunity
- - Wellbeing
-
Wellbeing
-
Pricing
- Price
- £166,000 a unit a year
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- Kong provides a free trial of Kong Mesh service for 30 days.
- Link to free trial
- https://konghq.com/install#kong-mesh