Revise the primary product overview pages

docs/iam/index.mdx

@@ -4,20 +4,16 @@ sidebar_label: Overview
 pagination_next: iam/users
 ---
 
-# Identity and Access Management
-
-## Overview
-
-ngrok includes a robust identity and access management (IAM) system. ngrok's
-IAM functionality enables you to:
+ngrok includes a robust identity and access management (IAM) system.
+ngrok's IAM functionality enables you to:
 
 - Issue, rotate and revoke unique credentials for each principal in your account (either a human user or an automated process).
 - Enforce least-privilege access for each principal acting within your ngrok account
 - Attribute all mutations to distinct principals in your ngrok account recorded in audit logs
 - Configure single sign-on (SSO) to federate identity and SCIM to enable provisioning from your own IdP
 - Administrate multiple ngrok accounts with a single user
 
-## Concepts
+## Features
 
 Before diving into ngrok's IAM system, it's helpful to be acquainted with the
 terminology and concepts ngrok uses to describe its IAM primitives.
@@ -43,5 +39,12 @@ terminology and concepts ngrok uses to describe its IAM primitives.
   email address to an Account.
 - [**RBAC**](/iam/rbac/): Role Base Access Control is used to limit the permissions of what
   actions a User may take within your account.
-- [**Account Domain Controls**](/iam/domain-controls/): Account Domain Controls are used to create
-  policy on Users who log in or sign up with a given email domain.
+- [**Account Domain Controls**](/iam/domain-controls/): Account Domain Controls are used to create policy on Users who log in or sign up with a given email domain.
+
+## Use cases
+
+TK
+
+## What's next
+
+TK

docs/k8s/index.mdx

@@ -4,13 +4,21 @@ sidebar_label: Overview
 pagination_next: k8s/how-it-works
 ---
 
-The ngrok Kubernetes Operator is the best way to use ngrok if your applications run in Kubernetes environments. It comes with custom resources for configuration and also supports both Ingress resources as well as the new cross-platform Gateway API configuration resources. When using Kubernetes Ingresses or the Gateway API resources, the ngrok Kubernetes Operator will translate them into managed instances of the ngrok custom resources for you.
+## What is the Kubernetes Operator?
+
+The ngrok Kubernetes Operator is the best way to use ngrok if your applications run in Kubernetes environments.
+It comes with custom resources for configuration and also supports both Ingress resources as well as the new cross-platform Gateway API configuration resources.
+When using Kubernetes Ingresses or the Gateway API resources, the ngrok Kubernetes Operator will translate them into managed instances of the ngrok custom resources for you.
 
 The ngrok Kubernetes Operator is deployed to a cluster and allows developers to self-service endpoints to their apps and services using a shared ngrok account.
 
 Check out the [how it works](/k8s/how-it-works) and [architecture](/k8s/installation/architecture) pages for more info on how the operator functions.
 
-## When Should I Use The ngrok Kubernetes Operator?
+## Features
+
+TK
+
+## Use cases
 
 You should use the ngrok Kubernetes Operator if you want to:
 
@@ -19,7 +27,7 @@ You should use the ngrok Kubernetes Operator if you want to:
 1. Perform cross-cluster networking
 1. Use Kubernetes with ngrok without using ngrok's SDKs
 
-## What Type of Config Can I Use With The Operator?
+## Configuration
 
 The Operator supports its own native custom resource types, including:
 
@@ -41,3 +49,7 @@ controller incur a cost. More details can be found on our [pricing page](https:/
 
 [Kubernetes Ingress docs]: https://kubernetes.io/docs/concepts/services-networking/ingress/
 [Gateway API docs]: https://gateway-api.sigs.k8s.io/
+
+## What's next
+
+TK

docs/obs/index.mdx

@@ -4,27 +4,20 @@ sidebar_label: Overview
 pagination_next: obs/traffic-inspection
 ---
 
-# Traffic Observability
-
-ngrok provides two powerful mechanisms that allow you to observe and introspect
-the network traffic flowing through your Endpoints. An in-dashboard real-time
-view of requests and a fully-fledged event system to export events to your own
-logging systems.
+ngrok provides two powerful mechanisms that allow you to observe and introspect the network traffic flowing through your Endpoints.
+An in-dashboard real-time view of requests and a fully-fledged event system to export events to your own logging systems.
 
 ## Traffic Inspector
 
-Traffic Inspector gives you a view into the HTTP traffic flowing through the
-endpoints in your account. You can choose whether Traffic Inspector captures
-only request metadata or full request and response bodies. You can even replay
-requests against your endpoints for easy debugging replication.
+Traffic Inspector gives you a view into the HTTP traffic flowing through the endpoints in your account.
+You can choose whether Traffic Inspector captures only request metadata or full request and response bodies.
+You can even replay requests against your endpoints for easy debugging replication.
 
 [Get Started with Traffic Inspector →](/obs/traffic-inspection/)
 
 ## Log Exporting
 
-Whenever changes occur in your ngrok account or when traffic transits through
-your endpoints, an event is fired. You may subscribe to these events and
-publish them to destinations like AWS Cloudwatch Logs, AWS Firehose, AWS S3,
-Datadog Logs, Azure Monitor and more.
+Whenever changes occur in your ngrok account or when traffic transits through your endpoints, an event is fired.
+You may subscribe to these events and publish them to destinations like AWS Cloudwatch Logs, AWS Firehose, AWS S3, Datadog Logs, Azure Monitor and more.
 
 [Get Started with Log Exporting Events →](/obs/events/)

docs/traffic-policy/concepts/index.mdx

@@ -1,13 +1,17 @@
 ---
 sidebar_position: 0
-title: Overview
+title: Traffic Policy Overview
+sidebar_title: Overview
 pagination_next: traffic-policy/concepts/phases
 pagination_label: Phases
 ---
 
-# Traffic Policy Overview
+## What is a Traffic Policy?
 
-The ngrok Traffic Policy engine enables you to manage traffic consistently across your endpoints. It allows you to inspect, manipulate, and route traffic in a structured way.
+The ngrok Traffic Policy engine enables you to manage traffic consistently across your endpoints.
+It allows you to inspect, manipulate, and route traffic in a structured way.
+
+## Features
 
 Traffic Policy is composed of a few key components:
 
@@ -17,4 +21,10 @@ Traffic Policy is composed of a few key components:
 - [**Actions:**](./actions) Logic that is triggered when a Phase Rule condition is met.
 - [**CEL Interpolation:**](./cel-interpolation) A way to dynamically evaluate variables and macros inside configuration values, such as URLs or headers.
 
-By combining these components, Traffic Policy provides a powerful way to control your traffic flow at a fine-grained level.
+## Use cases
+
+TK
+
+## What's next?
+
+TK

docs/universal-gateway/overview.mdx

@@ -4,58 +4,36 @@ sidebar_label: Overview
 pagination_next: universal-gateway/domains
 ---
 
-# Universal Gateway
+## What is the Universal Gateway?
 
-ngrok's Universal Gateway is a suite of common tools for building API and device gateways, identity-aware proxies, and site-to-site connectivity.
-It secures, accelerates, and protects your applications.
-We call it a Universal Gateway because it supports [TCP](/universal-gateway/tcp/) and [TLS](/universal-gateway/tls/) applications as well as [HTTP/S](/universal-gateway/http/).
+ngrok's Universal Gateway is a flexible and composable platform for building API and device gateways, identity-aware proxies, and site-to-site connectivity.
 
-## Concepts
+**What makes it "universal"?**
+The Universal Gateway can be used with software running locally or in the cloud, and with devices running on-premises or distributed in the field.
+You can deliver traffic to internal and public APIs as well as orchestrate traffic across your devices.
+It's globally distributed by default and provides support for multiple environments with minimal configuration.
 
-Dive into the different parts of the Universal Gateway like Endpoints, Bindings, Pools, and Domains to understand how they work.
+## Features
 
-Learn more about Universal Gateway Concepts:
+Here are some of the key features of the Universal Gateway platform:
 
-- [Domains →](/universal-gateway/domains/)
-- [TCP Addresses →](/universal-gateway/tcp-addresses/)
-- [TLS Certificates →](/universal-gateway/tls-certificates/)
-- [Edges →](/universal-gateway/edges/)
+- [**Traffic Policy**](/docs/traffic-policy/): filter, match, manage, and orchestrate traffic to your endpoints.
+- [**Traffic observability**](/docs/obs/): capture request and response data; replay requests against your endpoints for debugging replication.
+- [**Identity and access management**](/docs/iam/): manage credentials for human users and automated processes.
+- [**Kubernetes support**](/docs/k8s/): ngrok's Kubernetes Operator supports ingress resources as well as cross-platform Gateway API configuration resources.
 
-## Endpoints
+## Use cases
 
-[Endpoints](/universal-gateway/endpoints/) are how ngrok enables traffic to reach your services.
+Here are some of the most common use cases for the Universal Gateway, from the [examples collection](/universal-gateway/examples/):
 
-Learn more about Endpoints:
+- [**The front door pattern**](/universal-gateway/examples/front-door-pattern/): Set up a single public endpoint to serve as the centralized entrance to all upstream services.
+- [**Route to endpoints by geography**](/universal-gateway/examples/route-by-geography/): Forward requests based on IP geolocation data for improved latency or country-specific features.
+- [**Create identity-based rate limits**](/universal-gateway/examples/pre-tier-requests/): Pre-tier requests based on your packaging or pricing model.
+- [**Secure a public Minecraft server**](/universal-gateway/examples/minecraft/): Restrict server access to a specific set of IP addresses.
+- [**Intercept and rewrite headers**](/universal-gateway/examples/rewrite-headers-redirects/): Intercept 302 redirect headers to preserve UX and agent behavior.
 
-- [Bindings →](/universal-gateway/bindings/)
-- [Internal Endpoints →](/universal-gateway/internal-endpoints/)
-- [Public Endpoints →](/universal-gateway/public-endpoints/)
-- [Kubernetes Endpoints →](/universal-gateway/kubernetes-endpoints/)
+## What's next?
 
-## Load Balancing
-
-Endpoints Pools make load balancing dead simple.
-When your create two endpoints with the same URL (and binding), those endpoints automatically "pool" together and traffic to their URL is balanced among them.
-
-- [Learn more about Load Balancing with Endpoint Pools →](/universal-gateway/endpoint-pooling/)
-
-## TLS
-
-ngrok automatically handles TLS (SSL) termination and certificate management for you.
-There is typically nothing to setup, configure, or manage.
-
-- [Learn more about TLS Certificates →](/universal-gateway/tls-certificates/)
-- [Learn more about the TLS Termination →](/universal-gateway/tls-termination/)
-
-## Global Load Balancer
-
-ngrok's Global Load Balancer automatically improves the performance and resiliency of your applications by distributing traffic to the nearest healthy point of presence, measured by latency, from the perspective of the connecting client.
-
-- [Learn more about the Global Load Balancer →](/universal-gateway/global-load-balancer/)
-- [See ngrok's Global Points of Presence →](/universal-gateway/points-of-presence)
-
-## DDoS Protection
-
-ngrok automatically protects your applications with out-of-the-box protection from distributed denial-of-service (DDoS) attacks.
-
-- [Learn more about DDoS Protection →](/universal-gateway/ddos-protection)
+- Check out the [Universal Gateway examples collection](/docs/universal-gateway/examples/) to see how to implement even more common use cases.
+- Explore key concepts for working with the Universal Gateway such as [endpoint types](/universal-gateway/types/), [protocols](/universal-gateway/protocols/), [bindings](/universal-gateway/bindings/), and [pooling](/universal-gateway/endpoint-pooling/).
+- Proceed to the Guides section to get started with ngrok as an [API gateway](/guides/api-gateway/get-started/), [device gateway](/guides/device-gateway/agent/), [identity-aware proxy](/guides/identity-aware-proxy/securing-with-oauth/), or for [site-to-site connectivity](/guides/identity-aware-proxy/securing-with-oauth/).