build-trust
diff --git a/‎README (1).md‎
Lines changed: 52 additions & 0 deletions b/‎README (1).md‎
Lines changed: 52 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 27 additions & 23 deletions b/‎README.md‎
Lines changed: 27 additions & 23 deletions
diff --git a/‎SUMMARY.md‎
Lines changed: 3 additions & 2 deletions b/‎SUMMARY.md‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎how-does-ockam-work.md‎
Lines changed: 1 addition & 3 deletions b/‎how-does-ockam-work.md‎
Lines changed: 1 addition & 3 deletions
diff --git a/‎portals/databases/README.md‎
Lines changed: 3 additions & 5 deletions b/‎portals/databases/README.md‎
Lines changed: 3 additions & 5 deletions
diff --git a/‎portals/databases/influxdb/README.md‎
Lines changed: 3 additions & 3 deletions b/‎portals/databases/influxdb/README.md‎
Lines changed: 3 additions & 3 deletions
@@ -0,0 +1,52 @@
+---
+layout:
+  title:
+    visible: true
+  description:
+    visible: false
+  tableOfContents:
+    visible: true
+  outline:
+    visible: true
+  pagination:
+    visible: true
+---
+
+# Ockam's core concepts
+
+Ockam empowers you to build secure-by-design apps that can trust data-in-motion.
+
+You can use Ockam to create end-to-end encrypted and mutually authenticated channels. Ockam secure channels authenticate using cryptographic identities and credentials. They give your apps granular control over all trust and access decisions. This control makes it easy to enforce fine-grained, attribute-based authorization policies – at scale.
+
+These core capabilities are composed to enable private and secure communication in a wide variety of application architectures. For example, with one simple command, an app in your cloud can create an [<mark style="color:blue;">encrypted portal</mark>](<README (1).md#portals>) to a micro-service in another cloud. The service doesn’t need to be exposed to the Internet. You don’t have to change anything about networks or firewalls.
+
+{% code fullWidth="false" %}
+```sh
+# Create a TCP Portal Inlet to a Postgres server that is running in
+# a remote private VPC in another cloud.
+ockam tcp-inlet create --from 15432 --via postgres
+
+# Access the Postgres server on localhost.
+psql --host localhost --port 15432
+```
+{% endcode %}
+
+<figure><img src=".gitbook/assets/postgres (1).png" alt=""><figcaption></figcaption></figure>
+
+Similarly, using another simple command a kafka producer can publish end-to-end encrypted messages for a specific kafka consumer. Kafka brokers in the middle can’t see, manipulate, or accidentally leak sensitive enterprise data. This minimizes risk to sensitive business data and makes it easy to comply with data governance policies.
+
+## Encrypted Portals <a href="#portals" id="portals"></a>
+
+Portals carry various application protocols over end-to-end encrypted Ockam secure channels.
+
+For example: a TCP Portal carries TCP over Ockam, a Kafka Portal carries Kafka Protocol over Ockam, etc. Since portals work with existing application protocols you can use them through companion Ockam Nodes, that run adjacent to your application, without changing any of your application’s code.
+
+A tcp portal makes a remote tcp server **virtually adjacent** to the server’s clients. It has two parts: an inlet and an outlet. The outlet runs adjacent to the tcp server and inlets run adjacent to tcp clients. An inlet and the outlet work together to create a portal that makes the remote tcp server appear <mark style="background-color:yellow;">on localhost</mark> adjacent to a client. This client can then interact with this localhost server exactly like it would with the remote server. All communication between inlets and outlets is end-to-end encrypted.
+
+<figure><img src=".gitbook/assets/Screenshot 2024-02-18 at 7.11.15 AM.png" alt=""><figcaption></figcaption></figure>
+
+You can use Ockam Command to start nodes with one or more inlets or outlets. The underlying [<mark style="color:blue;">protocols</mark>](reference/protocols/) handle the hard parts — NATs are traversed; Keys are stored in vaults; Credentials are short-lived; Messages are authenticated; Data-integrity is guaranteed; Senders are protected from key compromise impersonation; Encryption keys are ratcheted; Nonces are never reused; Strong forward secrecy is ensured; Sessions recover from network failures; and a lot more.
+
+## How Ockam is different from a Network layer connector
+
+{% embed url="https://www.youtube.com/embed/B-4BgY9j9-Q?si=b9hgyBdYWkhQ3OUE" %}
@@ -12,41 +12,45 @@ layout:
     visible: true
 ---
 
-# What is Ockam?
+# Intro to Ockam
 
-Ockam empowers you to build secure-by-design apps that can trust data-in-motion.
+Ockam empowers you to build secure-by-design apps that can trust data-in-motion.&#x20;
 
-You can use Ockam to create end-to-end encrypted and mutually authenticated channels. Ockam secure channels authenticate using cryptographic identities and credentials. They give your apps granular control over all trust and access decisions. This control makes it easy to enforce fine-grained, attribute-based authorization policies – at scale.
+With Ockam:
 
-These core capabilities are composed to enable private and secure communication in a wide variety of application architectures. For example, with one simple command, an app in your cloud can create an [<mark style="color:blue;">encrypted portal</mark>](./#portals) to a micro-service in another cloud. The service doesn’t need to be exposed to the Internet. You don’t have to change anything about networks or firewalls.
+**Impossible connections become possible.** Establish secure channels between systems in private networks that previously could not be connected because it is either too difficult or insecure
 
-{% code fullWidth="false" %}
-```sh
-# Create a TCP Portal Inlet to a Postgres server that is running in
-# a remote private VPC in another cloud.
-ockam tcp-inlet create --from 15432 --via postgres
+**All public endpoints become private.** Connect your applications and databases without exposing anything publicly
 
-# Access the Postgres server on localhost.
-psql --host localhost --port 15432
-```
-{% endcode %}
+\
+At its core, Ockam is a toolkit for developers to build applications that can create end-to-end encrypted, mutually authenticated, secure communication channels:
 
-<figure><img src=".gitbook/assets/postgres (1).png" alt=""><figcaption></figcaption></figure>
+**From anywhere to anywhere:** Ockam works across any network, cloud, or on prem infrastructure
 
-Similarly, using another simple command a kafka producer can publish end-to-end encrypted messages for a specific kafka consumer. Kafka brokers in the middle can’t see, manipulate, or accidentally leak sensitive enterprise data. This minimizes risk to sensitive business data and makes it easy to comply with data governance policies.
+**Over any transport topology:** Ockam is compatible with every transport layer including TCP, UDP, Kafka, Bluetooth
 
-## Encrypted Portals <a href="#portals" id="portals"></a>
+**Without no infrastructure, network, or application changes:** Ockam works at the application layer, so you don’t need to make complex changes
 
-Portals carry various application protocols over end-to-end encrypted Ockam secure channels.
+**While ensuring the risky things are impossible to get wrong:** Ockam’s protocols do the heavy lifting to establish end-to-end encrypted, mutually authenticated secure channels
 
-For example: a TCP Portal carries TCP over Ockam, a Kafka Portal carries Kafka Protocol over Ockam, etc. Since portals work with existing application protocols you can use them through companion Ockam Nodes, that run adjacent to your application, without changing any of your application’s code.
+### Why Ockam is a game changer
 
-A tcp portal makes a remote tcp server **virtually adjacent** to the server’s clients. It has two parts: an inlet and an outlet. The outlet runs adjacent to the tcp server and inlets run adjacent to tcp clients. An inlet and the outlet work together to create a portal that makes the remote tcp server appear <mark style="background-color:yellow;">on localhost</mark> adjacent to a client. This client can then interact with this localhost server exactly like it would with the remote server. All communication between inlets and outlets is end-to-end encrypted.
+Traditionally, connections made over TCP are secured with TLS. However, the security guarantees of a TLS secure channel only apply for the length of the underlying TCP connection. It is not possible to connect two systems in different private networks over a single TCP connection. Thus, connecting these two systems requires exposing one of them over the Internet, and breaking the security guarantees of TLS.
 
-<figure><img src=".gitbook/assets/Screenshot 2024-02-18 at 7.11.15 AM.png" alt=""><figcaption></figcaption></figure>
+Ockam works differently. Our secure channel protocol sits on top of an application layer routing protocol. This routing protocol can hand over  messages from one transport layer connection to another. This can be done over any transport protocol, with any number of transport layer hops:  TCP to TCP to TCP, TCP to UDP to TCP, UDP to Bluetooth to Kafka, etc.&#x20;
 
-You can use Ockam Command to start nodes with one or more inlets or outlets. The underlying [<mark style="color:blue;">protocols</mark>](reference/protocols/) handle the hard parts — NATs are traversed; Keys are stored in vaults; Credentials are short-lived; Messages are authenticated; Data-integrity is guaranteed; Senders are protected from key compromise impersonation; Encryption keys are ratcheted; Nonces are never reused; Strong forward secrecy is ensured; Sessions recover from network failures; and a lot more.
+Over these transport layer connections, Ockam sets up an end-to-end encrypted, mutually authenticated connection. This unlocks the ability to create secure channels between systems that live in entirely private networks, without exposing either end to the Internet.&#x20;
 
-## How Ockam is different from a Network layer connector
+Since Ockam’s routing protocol  is at the application layer, complex network and infrastructure changes are not required to make these connections. Rather than a months-long infrastructure project, you can connect private systems in minutes while ensuring the risky things are impossible to get wrong. NATs are traversed; Keys are stored in vaults; Credentials are short-lived; Messages are authenticated; Data-integrity is guaranteed; Senders are protected from key compromise impersonation; Encryption keys are ratcheted; Nonces are never reused; Strong forward secrecy is ensured; Sessions recover from network failures; and a lot more.
 
-{% embed url="https://www.youtube.com/embed/B-4BgY9j9-Q?si=b9hgyBdYWkhQ3OUE" %}
+### Ockam is easy to use
+
+The magic of Ockam is it's simplicity. All you need to do is subscribe to Ockam Orchestrator, and then deploy one of the following distributions next to the applications you'd like to connect:
+
+* Ockam Programming Libraries (Rust …)
+* Ockam Command
+* Ockam Docker Images
+* Redpanda Connect
+* Managed Ockam Nodes from the AWS Marketplace
+* Snowflake Native Apps
+* Lambda/Serverless Functions
@@ -1,7 +1,8 @@
 # Table of contents
 
-* [What is Ockam?](README.md)
-* [How does Ockam work?](how-does-ockam-work.md)
+* [Intro to Ockam](README.md)
+* [Ockam's core concepts](<README (1).md>)
+* [Get started demo](how-does-ockam-work.md)
 * [Quickstarts](quickstarts/README.md)
   * [Add secure connectivity to your SaaS product](https://www.ockam.io/blog/building-secure-saas-platforms)
   * [Snowflake federated queries to Postgres](https://www.ockam.io/blog/snowflake-query-postgres)
 
@@ -12,9 +12,7 @@ layout:
     visible: true
 ---
 
-# How does Ockam work?
-
-Ockam is a stack of[ protocols](https://docs.ockam.io/reference/protocols) to build secure-by-design apps that can trust data-in-motion. We provide a collection of programming libraries, command line tools, deployable components, and cloud services that make it simple for you to use these protocols within your apps.
+# Get started demo
 
 Let’s build a simple example together. We will create an encrypted[ Ockam Portal](https://docs.ockam.io/#portals) from a psql microservice in Azure to a Postgres Database in AWS.
 
 
@@ -16,7 +16,7 @@ layout:
 
 Create an Ockam **Portal** between any application, to any database, in any environment.
 
-In each example, we connect a nodejs app in one private network with a database in another private network.&#x20;
+In each example, we connect a nodejs app in one private network with a database in another private network.
 
 Each company’s network is private, isolated, and doesn't expose ports. To learn how end-to-end trust is established, please read: “[<mark style="color:blue;">How does Ockam work?</mark>](../../how-does-ockam-work.md)”
 
@@ -25,9 +25,7 @@ Each company’s network is private, isolated, and doesn't expose ports. To lear
 Please select an example to dig in:
 
 {% hint style="info" %}
-The examples below use PostgreSQL, MongoDB and InfluxDB. However, the same setup works for any database: _MySQL, ClickHouse, Cassandra, SQL Server, etc._
+The examples below use PostgreSQL, MongoDB and InfluxDB. However, the same setup works for any database: _MySQL, ClickHouse, Cassandra, SQL Server, Databricks, Snowflake, Mongo, etc._
 {% endhint %}
 
-<table data-card-size="large" data-view="cards"><thead><tr><th></th><th></th><th data-hidden data-card-target data-type="content-ref"></th></tr></thead><tbody><tr><td><a href="postgres/"><mark style="color:blue;"><strong>PostgreSQL</strong></mark></a></td><td>We connect a nodejs app in one private network with a PostgreSQL database in another private network.</td><td><a href="postgres/">postgres</a></td></tr><tr><td><a href="mongodb/"><mark style="color:blue;"><strong>MongoDB</strong></mark></a></td><td>We connect a nodejs app in one private network with a MongoDB database in another private network.</td><td><a href="mongodb/">mongodb</a></td></tr><tr><td><a href="influxdb/"><mark style="color:blue;"><strong>InfluxDB</strong></mark></a></td><td>We connect a nodejs app in one private network with a InfluxDB database in another private network.</td><td><a href="influxdb/">influxDB</a></td></tr></tbody></table>
-
-
+<table data-card-size="large" data-view="cards"><thead><tr><th></th><th></th><th data-hidden data-card-target data-type="content-ref"></th></tr></thead><tbody><tr><td><a href="postgres/"><mark style="color:blue;"><strong>PostgreSQL</strong></mark></a></td><td>We connect a nodejs app in one private network with a PostgreSQL database in another private network.</td><td><a href="postgres/">postgres</a></td></tr><tr><td><a href="mongodb/"><mark style="color:blue;"><strong>MongoDB</strong></mark></a></td><td>We connect a nodejs app in one private network with a MongoDB database in another private network.</td><td><a href="mongodb/">mongodb</a></td></tr><tr><td><a href="influxdb/"><mark style="color:blue;"><strong>InfluxDB</strong></mark></a></td><td>We connect a nodejs app in one private network with a InfluxDB database in another private network.</td><td><a href="influxdb/">influxdb</a></td></tr><tr><td><a href="../../quickstarts/"><mark style="color:blue;"><strong>Snowflake</strong></mark></a></td><td>Use one of the Ockam Snowflake connectors to build private connections to Snowflake in minutes.</td><td></td></tr></tbody></table>
@@ -14,12 +14,12 @@ layout:
 
 # InfluxDB
 
-This section contains hands-on examples that use [<mark style="color:blue;">Ockam</mark>](../../../) to create **encrypted portals** to InfluxDB databases running in various environments.
+This section contains hands-on examples that use [<mark style="color:blue;">Ockam</mark>](<../../../README (1).md>) to create **encrypted portals** to InfluxDB databases running in various environments.
 
-In each example, we connect a nodejs app in one private network with a InfluxDB database in another private network.  To understand how end-to-end trust is established, and how the portal works even though the two networks are isolated with no exposed ports, please read: “[<mark style="color:blue;">How does Ockam work?</mark>](../../../how-does-ockam-work.md)”
+In each example, we connect a nodejs app in one private network with a InfluxDB database in another private network. To understand how end-to-end trust is established, and how the portal works even though the two networks are isolated with no exposed ports, please read: “[<mark style="color:blue;">How does Ockam work?</mark>](../../../how-does-ockam-work.md)”
 
 <figure><img src="../../../.gitbook/assets/influxdb-network.png" alt=""><figcaption></figcaption></figure>
 
 Please select an example to dig in:
 
-<table data-card-size="large" data-view="cards"><thead><tr><th></th><th></th></tr></thead><tbody><tr><td><a href="timestream.md"><mark style="color:blue;"><strong>InfluxDB - Amazon Timestream</strong></mark></a></td><td>We connect a nodejs app in one  Amazon VPC with a InfluxDB database in another Amazon VPC. The example uses AWS CLI to create these VPCs.</td></tr></tbody></table>
+<table data-card-size="large" data-view="cards"><thead><tr><th></th><th></th></tr></thead><tbody><tr><td><a href="timestream.md"><mark style="color:blue;"><strong>InfluxDB - Amazon Timestream</strong></mark></a></td><td>We connect a nodejs app in one Amazon VPC with a InfluxDB database in another Amazon VPC. The example uses AWS CLI to create these VPCs.</td></tr></tbody></table>