[v17] Reorganize the feature matrix

Backports #52641

* Reorganize the feature matrix

This change organizes the feature matrix according to the latest product
categorization scheme, and moves the feature matrix into its own guide
to make it more discoverable. While there is opportunity to rework the
rows within the feature matrix, this change minimizes the scope of the
first iteration by reorganizing the existing rows while leaving them for
the most part unchanged.

In the new feature matrix page, each Teleport product has its own
H2-level section. Product descriptions come from official Marketing
language, focusing on concrete statements about what each product
comprises and how it works and leaving out statements of value (which
are not typically found in documentation). This change does not include
sections for categories with no rows in the current table.

* Respond to zmb3 feedback

Add minor wording tweaks.

* Align cells across feature matrix tables

Make it easier for a user to follow a single column across multiple
tables of the feature matrix. Since the style sets cells to 25% width,
which assumes a table that is four cells wide, use a `style` tag so the
style only applies to the tables in the `teleport-editions.mdx` guide.

Closes gravitational/docs-website#134

* Update the MWI section of the feature matrix

Indicate that it is available for Community Edition users.

* Edit index.mdx

Apply changes made to identical language in teleport-editions.mdx.

* Respond to eglenn-teleport feedback

- Move the Community Edition column to the final place, rather than the
  first, since we now want to de-emphasize Community Edition and elevate
  the commercial offering.
- Edit the text to de-emphemphasize "editions", moving the description
  of editions to the end of the page and linking to this from the
  heading of relevant feature matrix columns.
- Remove section intro paragraphs, since the same information is
  on the home page of the docs.

* Add a Teleport Identity Security section

Co-authored-by: Ben Arent <ben@goteleport.com>

* Rename MWI features

---------

Co-authored-by: Ben Arent <ben@goteleport.com>

Author: ptgott

docs/config.json

@@ -20,6 +20,10 @@
           "title": "Installation",
           "slug": "/installation/"
         },
+	{
+          "title": "Teleport Feature Matrix",
+          "slug": "/feature-matrix/"
+	},
         {
           "title": "Upgrading",
           "slug": "/upgrading/upgrading/",

docs/pages/faq.mdx

@@ -27,9 +27,9 @@ Teleport provides two editions:
 - Teleport Enterprise
 - Teleport Community Edition
 
-Here is a detailed breakdown of the differences between Teleport's editions.
-
-(!docs/pages/includes/edition-comparison.mdx!)
+For a detailed breakdown of features by edition, alongside a description of the
+products available to Teleport users, see [Teleport
+Editions](./feature-matrix.mdx).
 
 ## Should we use Teleport Enterprise or Teleport Community Edition for connecting resources to our Teleport cluster?
 

docs/pages/feature-matrix.mdx

@@ -0,0 +1,103 @@
+---
+title: Teleport Feature Matrix
+description: Provides a comparison of features available in Teleport products.
+---
+
+The Teleport feature matrix lists capabilities of the Teleport Infrastructure
+Identity Platform, organized by product.
+
+{/*Since the feature matrix includes multiple tables, set a fixed cell width to
+ensure that all tables are aligned.*/} 
+<style dangerouslySetInnerHTML={{__html: `
+  table {
+    table-layout: fixed;
+  }
+
+  table td {
+    width: 25%;
+  }`}}
+/>
+
+## Teleport Zero Trust Access
+
+||[Teleport Enterprise (Cloud)](#teleport-editions)|[Teleport Enterprise (Self-Hosted)](#teleport-editions)|[Teleport Community Edition](#teleport-editions)|
+|---|:---:|:---:|:---:|
+|Agentless Integration with [OpenSSH Servers](./enroll-resources/server-access/openssh/openssh-agentless.mdx)|✔|✔|✔|
+|[Dual Authorization](./admin-guides/access-controls/guides/dual-authz.mdx)|✔|✔|✖|
+|[Enhanced Session Recording](./enroll-resources/server-access/guides/bpf-session-recording.mdx)|✔|✔|✔|
+|[FedRAMP Control](./admin-guides/access-controls/compliance-frameworks/fedramp.mdx)|✖|✔|✖|
+|FIPS-compliant binaries available for FedRAMP High|✖|✔|✖|
+|IP-Based Restrictions|✔|✔|✖|
+|[Moderated Sessions](./admin-guides/access-controls/guides/joining-sessions.mdx)|✔|✔|✖|
+|PCI DSS Features|✔|✔|Limited|
+|[Protecting Applications](./enroll-resources/application-access/getting-started.mdx)|✔|✔|✔|
+|[Protecting Databases](./enroll-resources/database-access/getting-started.mdx)|✔|✔|✔|
+|[Protecting Kubernetes Clusters](./enroll-resources/kubernetes-access/getting-started.mdx)|✔|✔|✔|
+|[Protecting Linux Servers](./enroll-resources/server-access/getting-started.mdx)|✔|✔|✔|
+|[Protecting Windows Desktops](./enroll-resources/desktop-access/introduction.mdx)|✔|✔|✔|
+|[Recording Proxy Mode](./enroll-resources/server-access/guides/recording-proxy-mode.mdx)|✖|✔|✔|
+|[Role-Based Access Control](./admin-guides/access-controls/guides/role-templates.mdx)|✔|✔|✔|
+|[Session Recording with Playback](./reference/architecture/session-recording.mdx)|✔|✔|✔|
+|[Single Sign-On](./admin-guides/access-controls/sso/sso.mdx)|GitHub, Google Workspace, OIDC, SAML, Teleport|GitHub, Google Workspace, OIDC, SAML, Teleport|GitHub|
+|SOC 2 Features|✔|✔|Limited|
+|[Structured Audit Logs](./reference/monitoring/audit.mdx)|✔|✔|✔|
+
+## Teleport Identity Governance
+
+||[Teleport Enterprise (Cloud)](#teleport-editions)|[Teleport Enterprise (Self-Hosted)](#teleport-editions)|[Teleport Community Edition](#teleport-editions)|
+|---|:---:|:---:|:---:|
+|[Access Lists & Access Reviews](./admin-guides/access-controls/access-lists/access-lists.mdx)|✔|✔|✖|
+|[Access Monitoring & Response](./admin-guides/access-controls/access-monitoring.mdx)|✔|✔|✖|
+|[Device Trust](./admin-guides/access-controls/device-trust/guide.mdx)|✔|✔|✖|
+|[Endpoint Management: Jamf](./admin-guides/access-controls/device-trust/jamf-integration.mdx)|✔|✔|✖|
+|[Hardware Key Support](./admin-guides/access-controls/guides/hardware-key-support.mdx)|✔|✔|✖|
+|[Hardware Security Module support](./admin-guides/deploy-a-cluster/hsm.mdx) for encryption at rest|✖|✔|✖|
+|[JIT Access Requests](./admin-guides/access-controls/guides/dual-authz.mdx)|✔|✔|Limited|
+|[Session & Identity Locks](./admin-guides/access-controls/guides/locking.mdx)|✔|✔|✖|
+
+## Teleport Machine & Workload Identity
+
+||[Teleport Enterprise (Cloud)](#teleport-editions)|[Teleport Enterprise (Self-Hosted)](#teleport-editions)|[Teleport Community Edition](#teleport-editions)|
+|---|:---:|:---:|:---:|
+|[Machine Access](./enroll-resources/machine-id/getting-started.mdx)|✔|✔|✔|
+|[Flexible Workload Identities](./enroll-resources/workload-identity/getting-started.mdx)|✔|✔|✔|
+
+## Teleport Identity Security
+
+||[Teleport Enterprise (Cloud)](#teleport-editions)|[Teleport Enterprise (Self-Hosted)](#teleport-editions)|[Teleport Community Edition](#teleport-editions)|
+|---|:---:|:---:|:---:|
+|[Identity Security](./admin-guides/teleport-policy/teleport-policy.mdx)|✔|✔|✖|
+|[Crown Jewel Monitoring](./admin-guides/teleport-policy/crown-jewels.mdx)|✔|✔|✖|
+|[SSH Key Scanning](./admin-guides/teleport-policy/integrations/ssh-keys-scan.mdx)|✔|✔|✖|
+
+## Management and licensing
+
+||[Teleport Enterprise (Cloud)](#teleport-editions)|[Teleport Enterprise (Self-Hosted)](#teleport-editions)|[Teleport Community Edition](#teleport-editions)|
+|---|:---:|:---:|:---:|
+|Annual or multi-year contracts, volume discounts|✔|✔|✖|
+|Anonymized Usage Tracking|✔|✔|Opt-in|
+|Auth Service and Proxy Service Management|Fully managed|Self-hosted|Self-hosted|
+|[Backend support](./reference/backends.mdx)|All data is stored in DynamoDB and S3 with server-side encryption.|Any S3-compatible storage for session records, many managed backends for custom audit log storage|Any S3-compatible storage for session records, many managed backends for custom audit log storage.|
+|Data storage location|Data is stored in Teleport's AWS infrastructure with audit logs/sessions optionally in customer AWS accounts. Proxy Service instances are deployed across the world for low-latency access.|Can store data anywhere in the world, on most managed cloud backends|Can store data anywhere in the world, on most managed cloud backends|
+|License|Commercial|Commercial|Commercial|
+|Proxy Service domain name|A subdomain of `teleport.sh`|Custom|Custom|
+|Support|24x7 support with premium SLAs and account managers|24x7 support with premium SLAs and account managers|Community|
+|Version support|Deploys last stable release with 2-3 week lag for stability.|All supported releases available to install and download.|All supported releases available to install and download.|
+
+## Teleport editions
+
+Teleport includes two editions:
+- **Teleport Community Edition:** An open source offering intended for demos and
+  small teams.
+- **Teleport Enterprise:** A fully-featured commercial offering.
+
+Teleport Enterprise offers two deployment
+options: 
+- **Cloud:** The Teleport team manages the Teleport Auth Service and Teleport
+  Proxy Service on the Teleport Cloud infrastructure.
+- **Self-Hosted:** Teleport users deploy the Teleport Auth Service and Teleport Proxy
+  Service on their own infrastructure.
+
+Teleport Enterprise includes add-on products that provide a more complete
+infrastructure identity solution, which this guide explains in more detail
+below.

docs/pages/includes/edition-comparison.mdx

@@ -27,8 +27,8 @@ and protecting time to market.
 
 The **Teleport** Infrastructure Identity **Platform** consists of four products:
 
-- **Teleport Zero Trust Access** provides engineers with just-in-time, least-privileged access 
-to applications, servers, databases, Kubernetes clusters, and other resources across distributed infrastructures, improving engineering time to market and strengthening infrastructure resiliency.
+- **Teleport Zero Trust Access** provides engineers with least-privileged access 
+to applications, servers, databases, Kubernetes clusters, remote desktops, and other resources across distributed infrastructure, improving engineering time to market and strengthening infrastructure resiliency.
 - **Teleport Machine & Workload Identity**  provides identity management and access control of 
 non-human identities, improving infrastructure resiliency by securing system and data access between machines and workloads.   
 - **Teleport Identity Governance** hardens and monitors identities for both human and non-human identities, improving resiliency of infrastructure from compromise due to human factor or identity attacks.