Advantage
For the past 4 years, VSHN has collaborated with aspectra in the provision and management of OpenShift infrastructure for their customers, ensuring security and availability 24/7. VSHN has chosen Isovalent Enterprise for Cilium as the default data plane for their managed OpenShift service. This directly benefits customers of aspectra Managed OpenShift, thanks to the close collaboration between aspectra and VSHN.
VSHN has partnered with Isovalent since 2021, and has adopted Isovalent Enterprise for Cilium in all of its Kubernetes product line, from APPUiO Managed to APPUiO Cloud, with years of experience in eBPF-powered production networking. This article explains the reasons behind this choice and the benefits it brings to customers.
What is Isovalent Enterprise for Cilium?
Isovalent Enterprise for Cilium is a tested and hardened Kubernetes component for enterprise users. It provides eBPF-based networking, observability, and security to platform teams operating Kubernetes clusters in any environment. Cilium is the data plane of choice for major hyperscalers, such as AWS, Google, and Alibaba, and is a certified OpenShift operator available on the Red Hat Ecosystem Catalog.
Isovalent Enterprise for Cilium is built on top of eBPF, the modern standard to extend Linux kernel capabilities in a safe and efficient manner. eBPF has revolutionized Cloud Native tooling in the networking, security, and observability markets.
Going well beyond what is possible with traditional Linux networking such as iptables, Isovalent Enterprise for Cilium enables zero-trust network security via powerful Kubernetes and DNS-aware network policies. Isovalent Enterprise for Cilium provides tooling to simplify and automate the creation of network policies, allowing security teams to delegate them to the application team, while still providing high-level guidelines on what policies are or aren't acceptable in terms of compliance.
Isovalent Enterprise for Cilium is a product of Isovalent, a company with headquarters in Mountain View, USA, and Zurich, Switzerland.
What benefits does Isovalent Enterprise for Cilium bring to aspectra Customers?
Undeniably, the most important benefit of Isovalent Enterprise for Cilium is its large array of advanced Kubernetes native zero-trust network security features.
In leveraging eBPF, Cilium provides network visibility to application developers running workloads on OpenShift. Additionally, Cilium collects extensive metrics for developers to monitor TCP, UDP and HTTP golden signals, such as HTTP return codes, latency, requests per second, and used TLS ciphers. These data can be exported to open telemetry.
Cilium natively understands Cloud Native identity, implementing not only basic Kubernetes network policies (for example, matching labels or CIDR) but also supporting DNS-aware network policies, dramatically simplifying zero-trust policies for accessing services outside Kubernetes clusters.
Regarding traffic visibility, Cilium supports L7 policies for fine-grained access control to shared API services running common Cloud Native protocols like HTTP, gRPC, Kafka, etc. Cilium also supports deny-based network policies, cluster-wide network policies, and hostlayer firewalls.
Cilium provides an unprecedented level of visibility on the networking traffic and security of Kubernetes clusters, enabling transparent encryption, compliance monitoring, workload runtime visibility, network flow visibility, and automated network policy approvals, avoiding the overhead and intrusive nature of sidecar pods or other common Kubernetes patterns.
Conclusion
By adopting Isovalent Enterprise for Cilium, VSHN and aspectra are disrupting the local OpenShift market with more security, higheravailability, better compliance, and increased visibility for DevSecOps teams.