block of enterprise doc updates

docs/.vuepress/config.js

@@ -208,6 +208,7 @@ module.exports = {
                 "install/quickstart",
               ],
             },
+            "prometheus",
             "concepts",
           ],
         },

docs/enterprise/concepts.md

@@ -8,12 +8,29 @@ description: Learn how the Pomerium Enterprise Console works.
 
 ## Namespaces
 
-## Folders
+In the Pomerium Enterprise Console, a namespace is where you can define an organizational unit of users and groups with fine-grained access management. This enables teams to self-service the routes and policies pertinent to them. Namespaces can optionally inherit from their parent units.
 
 ## Service Accounts
 
+Service accounts handle machine-to-machine communication from Pomerium to your Identity Provider (**IdP**) in order to retrieve and establish group membership. Configuration is largely dependent on the IdP, but is usually an API acccess token with sufficient privlidges to read users and groups.
+
 ## Routes
 
+Unlike the open-source Pomerium configuration, access is not defined alongside routing. Instead, authorization is configured by attaching [policies](#policies) to a route.
+
 ## Policies
 
+In the open-source Pomerium config, routes and policies are configured in a single block, under `policy`:
+
+```yaml
+policy:
+  - from: https://code.corp.domain.example
+    to: http://codeserver:8080
+    allowed_users:
+      - some.user@domain.example
+    allow_websockets: true
+```
+
+In the Pomerium Enterprise Console, [routes](#routes) and policies are separate entities. This allows for both easier and more fine-grained access control, as policies can be defined once, optionally associated under a [Namespace](#namespaces), and attached to one or more routes. Routes can also inherit policies from their parent Namespace <!-- @Travis please confirm -->.
+
 ### Authorization Policy

docs/enterprise/prometheus.md

@@ -0,0 +1,46 @@
+---
+title: Prometheus
+sidebarDepth: 1
+description: Use Prometheus as a metrics data store.
+---
+
+# Prometheus Metrics
+
+The Pomerium Enterprise Console uses Prometheus as a metrics collection back-end. You can configure Pomerium and the Console to talk to an existing Prometheus server, or configure the embedded Prometheus backend.
+
+## External Prometheus
+
+1. In the Pomerium `config.yaml` define the `metrics_address` key to a network interface and port. For example:
+
+   ```yaml
+   metrics_address: localhost:9999
+   ```
+
+1. Add this listener to your Prometheus configurarion, usually via `prometheus.yml`:
+
+   ```yaml
+   - job_name: 'Pomerium'
+      scrape_interval: 30s
+      scrape_timeout: 5s
+      static_configs:
+         - targets: ['192.0.2.10:9999']
+
+   ```
+
+1. [Reload](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#configuration) the Prometheus configuration:
+
+   ```bash
+   curl -i -XPOST path.to.prometheus:port/-/reload
+   ```
+
+1. In the Pomerium Enterprise Console `config.yaml` file, define the `prometheus_url` key to point to your Prometheus instance(s):
+
+   ```yaml
+   prometheus_url: http://192.168.122.50:9090
+   ```
+
+1. Restart the Pomerium and Pomerium Enterprise Console services. You should now see route traffic data in the Enterprise Console:
+
+   ![Traffic Data in Pomerium Enterprise Console](./img/console-route-traffic.png)
+
+## Embedded Prometheus