SlideShare a Scribd company logo

Considerations for East-West Traffic Security and Analytics for Kubernetes Environment

Download as PPTX, PDF
Akshay Mathur
Akshay Mathur

This talk about the learnings through the journey of reaching A10 Secure Service Mesh.

Technology
1 of 25
1. Reliable Security Always™ Considerations for East-West Traffic Security and Analytics for Kubernetes Environment Akshay Mathur
2. NEW DE-FACTO STANDARDS: Growing Industry Trend: Containers and Kubernetes APPLICATIONS Moving from Monolith to Micro Services APPLICATION DEPLOYMENTS Moving from Hardware Servers or Virtual Machines to Containers o Adopted by all industry major players – AWS, Azure, Google, VMWare, RedHat. o 10X increase in usage in Azure and GCP last year o 10X increase in deployment last 3 years o Deployment Size increased 75% in a year Growing Kubernetes Adoption
3. Key Requirements of Modern Teams … EFFICIENT OPERATIONS VISIBILITY & CONTROL Application Security SSL Encryption Access Control Attack Protection and Mitigation Analytics Faster troubleshooting Operational intelligence Central Management Multi-services Multi-cloud
4. Issues Observed
5. An E-Com Company: Access Control between Microservices o For Security and compliance reason, communication between microservices must be controlled o In absence of logical policy enforcement, this company isolated clusters Kubernetes Node Kubernetes Node Kubernetes Node Kubernetes Node
6. A FinTech Company: Blind on Traffic Flow Information o This company implements all important microservices in separate namespace o Traffic between microservices across namespaces must pass through application gateway o Some information about the traffic is collected from application gateway Kubernetes Node Kubernetes Node Kubernetes NodeKubernetes Node
7. A Media Service Company: Worried about Cost of Operations o Sidecar deployment model significantly enhances the resource requirement o Management overhead also increases with size of deployment Kubernetes Node
8. Challenges in Kubernetes Environment o Knowledge and Learning Curve o Internal and External Networks are isolated o IP addresses of Pods keep changing o No access control between microservices o No application layer visibility o Cost of operation Kubernetes NodeKubernetes Node
9. In Kubernetes Environment Journey towards Solution
10. How to Ingress and Distribute Traffic o Kubernetes provides Kubeproxy for simple usage • Works by adjusting iptables rules (Layer 3) o Implementation of Advance Traffic Ingress is left to ecosystem vendors Kubernetes NodeKubernetes Node OR
11. Keeping LB config in sync with Infrastructure o Kubernetes replaces pods as they are ill • IP address of the pod changes o Ingress Controller is defined by Kubernetes but not implemented Kubernetes NodeKubernetes Node OR
12. Security for North-South Traffic o SSL Offload o HTTP 2.0 o OWASP Top 10 o Malware, Bad BOTs o Application DDoS attack Kubernetes NodeKubernetes Node OR
13. Simplification of Architecture Unified solution brings o Operation simplicity o better application performance Kubernetes NodeKubernetes Node OR
14. Kubernetes Cluster Kubernetes Cluster Central Management for Large Deployments Kubernetes NodeKubernetes Node OR Kubernetes NodeKubernetes Node
15. Resource Requirements Consideration Kubernetes Node OR Kubernetes Node Sidecar Proxy Deployment Hub-Spoke Proxy Deployment
16. Kubernetes Cluster Distributed and Elastic Deployment Architecture o ADC as DaemonSet • Hub-Spoke deployment within node • Active-Active cluster within namespace o Monitoring of infrastructure • Updates at per pod lifecycle events o Central Controller • Keep all configuration in sync Kubernetes NodeKubernetes Node
17. Access Control between Microservices o Transparent Proxy • Automatically intercept the traffic and enforce policy o Policy using service labels • No IP addresses
18. Transparent Encryption o Intelligent SSL • Only the traffic between nodes is encrypted o No code change • App service need not implement SSL Node 1 Node 2 S1 S2
19. Kubernetes Cluster Deployment Architecture – Distributed and Elastic • Container-native advance load balancer (proxy) is automatically deployed with each new node Node Node Node Kubernetes Connector Central Controller • Kubernetes Connector detects changes in application service scale and communicates new config to the load balancer (proxy) via controller • The load balancer (proxy) connect to controller and get relevant configuration automatically • Metrics/Logs flow from load balancer (proxy) to the Controller
20. Application Traffic and Security Analytics Descriptive Analytics • Health Status • Logs & Events PERFORMANCE MONITORING Diagnostic Analytics • Per-App metrics • Trend Analysis FASTER TROUBLE- SHOOTING Predictive Analytics • Anomalies/Threats • Correlation INSIGHTS Prescriptive Analytics • Policy updates • Behavior Analysis ADAPTIVE CONTROLS
21. Visualizing the Application Traffic
22. Getting to the root of Anomalies Time series distribution of o Requests o Bandwidth consumption o IP addresses clients sending high traffic o Drill down to their transaction logs to confirm genuineness
23. Troubleshooting Response Time Issues Reach to individual transaction(s) for identifying the root cause View segmentation of response time by various properties like URLs, countries, servers etc. Keep a tab on end-to-end response time and time taken in various portions of request/response cycle
24. Summary: Security with Simplicity o Simple architecture with unified solution and central management and control o ADC Config ‘as code’ in Kubernetes format o No change in microservices’ code o Traffic visibility for optimizations and enhancements
25. THANK YOU

Recommended

Enhanced Security and Visibility for Microservices Applications
Enhanced Security and Visibility for Microservices ApplicationsEnhanced Security and Visibility for Microservices Applications
Enhanced Security and Visibility for Microservices ApplicationsAkshay Mathur
 
Security and Observability of Application Traffic in Kubernetes
Security and Observability of Application Traffic in KubernetesSecurity and Observability of Application Traffic in Kubernetes
Security and Observability of Application Traffic in KubernetesAkshay Mathur
 
4 Key Considerations for Advanced Load Balancing & Traffic Insights for Kuber...
4 Key Considerations for Advanced Load Balancing & Traffic Insights for Kuber...4 Key Considerations for Advanced Load Balancing & Traffic Insights for Kuber...
4 Key Considerations for Advanced Load Balancing & Traffic Insights for Kuber...DevOps.com
 
Extend DevOps to Your SQL Server Databases
Extend DevOps to Your SQL Server DatabasesExtend DevOps to Your SQL Server Databases
Extend DevOps to Your SQL Server DatabasesRed Gate Software
 
NetScout nGeniusONE overview
NetScout nGeniusONE overviewNetScout nGeniusONE overview
NetScout nGeniusONE overviewBAKOTECH
 
Cloud native microservices for systems and applications ieee rev2
Cloud native microservices for systems and applications ieee rev2Cloud native microservices for systems and applications ieee rev2
Cloud native microservices for systems and applications ieee rev2Prem Sankar Gopannan
 
5 Ways to use Node in the Network
5 Ways to use Node in the Network5 Ways to use Node in the Network
5 Ways to use Node in the NetworkF5 Networks
 
AlgoSec Application Migration Webinar
AlgoSec Application Migration WebinarAlgoSec Application Migration Webinar
AlgoSec Application Migration WebinarMaytal Levi
 

Recommended

Enhanced Security and Visibility for Microservices Applications
Enhanced Security and Visibility for Microservices ApplicationsEnhanced Security and Visibility for Microservices Applications
Enhanced Security and Visibility for Microservices ApplicationsAkshay Mathur
 
Security and Observability of Application Traffic in Kubernetes
Security and Observability of Application Traffic in KubernetesSecurity and Observability of Application Traffic in Kubernetes
Security and Observability of Application Traffic in KubernetesAkshay Mathur
 
4 Key Considerations for Advanced Load Balancing & Traffic Insights for Kuber...
4 Key Considerations for Advanced Load Balancing & Traffic Insights for Kuber...4 Key Considerations for Advanced Load Balancing & Traffic Insights for Kuber...
4 Key Considerations for Advanced Load Balancing & Traffic Insights for Kuber...DevOps.com
 
Extend DevOps to Your SQL Server Databases
Extend DevOps to Your SQL Server DatabasesExtend DevOps to Your SQL Server Databases
Extend DevOps to Your SQL Server DatabasesRed Gate Software
 
NetScout nGeniusONE overview
NetScout nGeniusONE overviewNetScout nGeniusONE overview
NetScout nGeniusONE overviewBAKOTECH
 
Cloud native microservices for systems and applications ieee rev2
Cloud native microservices for systems and applications ieee rev2Cloud native microservices for systems and applications ieee rev2
Cloud native microservices for systems and applications ieee rev2Prem Sankar Gopannan
 
5 Ways to use Node in the Network
5 Ways to use Node in the Network5 Ways to use Node in the Network
5 Ways to use Node in the NetworkF5 Networks
 
AlgoSec Application Migration Webinar
AlgoSec Application Migration WebinarAlgoSec Application Migration Webinar
AlgoSec Application Migration WebinarMaytal Levi
 
Implementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices InfrastructureImplementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices InfrastructureDevSecOpsSg
 
UC SDN
UC SDNUC SDN
UC SDNIMTC
 
F5 Cloud Story
F5 Cloud StoryF5 Cloud Story
F5 Cloud StoryMarketingArrowECS_CZ
 
Examining the Impact of Security Management on the Business (Infographic)
Examining the Impact of Security Management on the Business (Infographic)Examining the Impact of Security Management on the Business (Infographic)
Examining the Impact of Security Management on the Business (Infographic)AlgoSec
 
S4 Value Proposition
S4 Value PropositionS4 Value Proposition
S4 Value PropositionSteve Jones
 
Network monitoring for the modern wan webinar
Network monitoring for the modern wan webinarNetwork monitoring for the modern wan webinar
Network monitoring for the modern wan webinarThousandEyes
 
AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudCryptzone
 
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...AlgoSec
 
Webinar: How automation can transform the way you manage your network securit...
Webinar: How automation can transform the way you manage your network securit...Webinar: How automation can transform the way you manage your network securit...
Webinar: How automation can transform the way you manage your network securit...AlgoSec
 
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...apidays
 
NETFLOW ANALYZER 9600 - AN OVERVIEW
NETFLOW ANALYZER 9600 - AN OVERVIEWNETFLOW ANALYZER 9600 - AN OVERVIEW
NETFLOW ANALYZER 9600 - AN OVERVIEWNetFlow Analyzer
 
Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...
Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...
Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...Nuage Networks
 
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...Nuage Networks
 
Firewall Rule Recertification - An Application-Centric Approach
Firewall Rule Recertification - An Application-Centric ApproachFirewall Rule Recertification - An Application-Centric Approach
Firewall Rule Recertification - An Application-Centric ApproachAlgoSec
 
WebRTC - Bridging Web and SIP Worlds
WebRTC - Bridging Web and SIP WorldsWebRTC - Bridging Web and SIP Worlds
WebRTC - Bridging Web and SIP WorldsIMTC
 
Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016
Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016
Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016ThousandEyes
 
Unified Communications and Software Defined Networks (UC SDN)
Unified Communications and Software Defined Networks (UC SDN)Unified Communications and Software Defined Networks (UC SDN)
Unified Communications and Software Defined Networks (UC SDN)IMTC
 
COMIT Community Day - Summer 2017 Ecologic slides
COMIT Community Day - Summer 2017 Ecologic slidesCOMIT Community Day - Summer 2017 Ecologic slides
COMIT Community Day - Summer 2017 Ecologic slidesComit Projects Ltd
 
Kerberos using public key cryptography
Kerberos using public key cryptographyKerberos using public key cryptography
Kerberos using public key cryptographyishmecse13
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone
 
Webinar: Effective Management of APIs and the Edge when Adopting Kubernetes
Webinar: Effective Management of APIs and the Edge when Adopting Kubernetes Webinar: Effective Management of APIs and the Edge when Adopting Kubernetes
Webinar: Effective Management of APIs and the Edge when Adopting Kubernetes Ambassador Labs
 
ISTIO Deep Dive
ISTIO Deep DiveISTIO Deep Dive
ISTIO Deep DiveYong Feng
 

More Related Content

What's hot

Implementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices InfrastructureImplementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices InfrastructureDevSecOpsSg
 
UC SDN
UC SDNUC SDN
UC SDNIMTC
 
Examining the Impact of Security Management on the Business (Infographic)
Examining the Impact of Security Management on the Business (Infographic)Examining the Impact of Security Management on the Business (Infographic)
Examining the Impact of Security Management on the Business (Infographic)AlgoSec
 
S4 Value Proposition
S4 Value PropositionS4 Value Proposition
S4 Value PropositionSteve Jones
 
Network monitoring for the modern wan webinar
Network monitoring for the modern wan webinarNetwork monitoring for the modern wan webinar
Network monitoring for the modern wan webinarThousandEyes
 
AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudCryptzone
 
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...AlgoSec
 
Webinar: How automation can transform the way you manage your network securit...
Webinar: How automation can transform the way you manage your network securit...Webinar: How automation can transform the way you manage your network securit...
Webinar: How automation can transform the way you manage your network securit...AlgoSec
 
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...apidays
 
NETFLOW ANALYZER 9600 - AN OVERVIEW
NETFLOW ANALYZER 9600 - AN OVERVIEWNETFLOW ANALYZER 9600 - AN OVERVIEW
NETFLOW ANALYZER 9600 - AN OVERVIEWNetFlow Analyzer
 
Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...
Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...
Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...Nuage Networks
 
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...Nuage Networks
 
Firewall Rule Recertification - An Application-Centric Approach
Firewall Rule Recertification - An Application-Centric ApproachFirewall Rule Recertification - An Application-Centric Approach
Firewall Rule Recertification - An Application-Centric ApproachAlgoSec
 
WebRTC - Bridging Web and SIP Worlds
WebRTC - Bridging Web and SIP WorldsWebRTC - Bridging Web and SIP Worlds
WebRTC - Bridging Web and SIP WorldsIMTC
 
Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016
Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016
Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016ThousandEyes
 
Unified Communications and Software Defined Networks (UC SDN)
Unified Communications and Software Defined Networks (UC SDN)Unified Communications and Software Defined Networks (UC SDN)
Unified Communications and Software Defined Networks (UC SDN)IMTC
 
COMIT Community Day - Summer 2017 Ecologic slides
COMIT Community Day - Summer 2017 Ecologic slidesCOMIT Community Day - Summer 2017 Ecologic slides
COMIT Community Day - Summer 2017 Ecologic slidesComit Projects Ltd
 
Kerberos using public key cryptography
Kerberos using public key cryptographyKerberos using public key cryptography
Kerberos using public key cryptographyishmecse13
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone
 

What's hot (20)

Implementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices InfrastructureImplementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices Infrastructure
 
UC SDN
UC SDNUC SDN
UC SDN
 
F5 Cloud Story
F5 Cloud StoryF5 Cloud Story
F5 Cloud Story
 
Examining the Impact of Security Management on the Business (Infographic)
Examining the Impact of Security Management on the Business (Infographic)Examining the Impact of Security Management on the Business (Infographic)
Examining the Impact of Security Management on the Business (Infographic)
 
S4 Value Proposition
S4 Value PropositionS4 Value Proposition
S4 Value Proposition
 
Network monitoring for the modern wan webinar
Network monitoring for the modern wan webinarNetwork monitoring for the modern wan webinar
Network monitoring for the modern wan webinar
 
AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the Cloud
 
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
 
Webinar: How automation can transform the way you manage your network securit...
Webinar: How automation can transform the way you manage your network securit...Webinar: How automation can transform the way you manage your network securit...
Webinar: How automation can transform the way you manage your network securit...
 
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...
 
NETFLOW ANALYZER 9600 - AN OVERVIEW
NETFLOW ANALYZER 9600 - AN OVERVIEWNETFLOW ANALYZER 9600 - AN OVERVIEW
NETFLOW ANALYZER 9600 - AN OVERVIEW
 
Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...
Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...
Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...
 
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...
 
Firewall Rule Recertification - An Application-Centric Approach
Firewall Rule Recertification - An Application-Centric ApproachFirewall Rule Recertification - An Application-Centric Approach
Firewall Rule Recertification - An Application-Centric Approach
 
WebRTC - Bridging Web and SIP Worlds
WebRTC - Bridging Web and SIP WorldsWebRTC - Bridging Web and SIP Worlds
WebRTC - Bridging Web and SIP Worlds
 
Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016
Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016
Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016
 
Unified Communications and Software Defined Networks (UC SDN)
Unified Communications and Software Defined Networks (UC SDN)Unified Communications and Software Defined Networks (UC SDN)
Unified Communications and Software Defined Networks (UC SDN)
 
COMIT Community Day - Summer 2017 Ecologic slides
COMIT Community Day - Summer 2017 Ecologic slidesCOMIT Community Day - Summer 2017 Ecologic slides
COMIT Community Day - Summer 2017 Ecologic slides
 
Kerberos using public key cryptography
Kerberos using public key cryptographyKerberos using public key cryptography
Kerberos using public key cryptography
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?
 

Similar to Considerations for East-West Traffic Security and Analytics for Kubernetes Environment

Webinar: Effective Management of APIs and the Edge when Adopting Kubernetes
Webinar: Effective Management of APIs and the Edge when Adopting Kubernetes Webinar: Effective Management of APIs and the Edge when Adopting Kubernetes
Webinar: Effective Management of APIs and the Edge when Adopting Kubernetes Ambassador Labs
 
ISTIO Deep Dive
ISTIO Deep DiveISTIO Deep Dive
ISTIO Deep DiveYong Feng
 
Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Ram Vennam
 
Modernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Modernizing Application Deployments with HashiCorp Consul on Microsoft AzureModernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Modernizing Application Deployments with HashiCorp Consul on Microsoft AzureMitchell Pronschinske
 
Do You Need A Service Mesh?
Do You Need A Service Mesh?Do You Need A Service Mesh?
Do You Need A Service Mesh?NGINX, Inc.
 
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ... (SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...Priyanka Aash
 
Openstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMsOpenstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMsSanjeev Rampal
 
Enabling Production Grade Containerized Applications through Policy Based Inf...
Enabling Production Grade Containerized Applications through Policy Based Inf...Enabling Production Grade Containerized Applications through Policy Based Inf...
Enabling Production Grade Containerized Applications through Policy Based Inf...Docker, Inc.
 
Open Source Networking Days- Service Mesh
Open Source Networking Days- Service MeshOpen Source Networking Days- Service Mesh
Open Source Networking Days- Service MeshCloudOps2005
 
QoS in IP Network.pptx
QoS in IP Network.pptxQoS in IP Network.pptx
QoS in IP Network.pptxPiyushJha78
 
Fundamentals of microservices
Fundamentals of microservicesFundamentals of microservices
Fundamentals of microservicesNGINX, Inc.
 
[DW Webinar] Effective Management of APIs and the Edge when Adopting Kubernetes
[DW Webinar] Effective Management of APIs and the Edge when Adopting Kubernetes[DW Webinar] Effective Management of APIs and the Edge when Adopting Kubernetes
[DW Webinar] Effective Management of APIs and the Edge when Adopting KubernetesDaniel Bryant
 
Do I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptxDo I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptxPINGXIONG3
 
DevOpsCon 2020: The Past, Present, and Future of Cloud Native API Gateways
DevOpsCon 2020: The Past, Present, and Future of Cloud Native API GatewaysDevOpsCon 2020: The Past, Present, and Future of Cloud Native API Gateways
DevOpsCon 2020: The Past, Present, and Future of Cloud Native API GatewaysDaniel Bryant
 
AllTheTalks 2020: "The Past, Present, and Future of Cloud Native API Gateways"
AllTheTalks 2020: "The Past, Present, and Future of Cloud Native API Gateways"AllTheTalks 2020: "The Past, Present, and Future of Cloud Native API Gateways"
AllTheTalks 2020: "The Past, Present, and Future of Cloud Native API Gateways"Daniel Bryant
 
Service Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with IstioService Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with IstioMichelle Holley
 
Episode 1: Building Kubernetes-as-a-Service
Episode 1: Building Kubernetes-as-a-ServiceEpisode 1: Building Kubernetes-as-a-Service
Episode 1: Building Kubernetes-as-a-ServiceMesosphere Inc.
 
Next Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiNext Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiMyNOG
 
Kubernetes Journey of a Large FinTech
Kubernetes Journey of a Large FinTechKubernetes Journey of a Large FinTech
Kubernetes Journey of a Large FinTechAkshay Mathur
 

Similar to Considerations for East-West Traffic Security and Analytics for Kubernetes Environment (20)

Webinar: Effective Management of APIs and the Edge when Adopting Kubernetes
Webinar: Effective Management of APIs and the Edge when Adopting Kubernetes Webinar: Effective Management of APIs and the Edge when Adopting Kubernetes
Webinar: Effective Management of APIs and the Edge when Adopting Kubernetes
 
ISTIO Deep Dive
ISTIO Deep DiveISTIO Deep Dive
ISTIO Deep Dive
 
Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019
 
Modernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Modernizing Application Deployments with HashiCorp Consul on Microsoft AzureModernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Modernizing Application Deployments with HashiCorp Consul on Microsoft Azure
 
Do You Need A Service Mesh?
Do You Need A Service Mesh?Do You Need A Service Mesh?
Do You Need A Service Mesh?
 
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ... (SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...
 
Openstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMsOpenstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMs
 
Enabling Production Grade Containerized Applications through Policy Based Inf...
Enabling Production Grade Containerized Applications through Policy Based Inf...Enabling Production Grade Containerized Applications through Policy Based Inf...
Enabling Production Grade Containerized Applications through Policy Based Inf...
 
Open Source Networking Days- Service Mesh
Open Source Networking Days- Service MeshOpen Source Networking Days- Service Mesh
Open Source Networking Days- Service Mesh
 
QoS in IP Network.pptx
QoS in IP Network.pptxQoS in IP Network.pptx
QoS in IP Network.pptx
 
Fundamentals of microservices
Fundamentals of microservicesFundamentals of microservices
Fundamentals of microservices
 
[DW Webinar] Effective Management of APIs and the Edge when Adopting Kubernetes
[DW Webinar] Effective Management of APIs and the Edge when Adopting Kubernetes[DW Webinar] Effective Management of APIs and the Edge when Adopting Kubernetes
[DW Webinar] Effective Management of APIs and the Edge when Adopting Kubernetes
 
Do I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptxDo I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptx
 
DevOpsCon 2020: The Past, Present, and Future of Cloud Native API Gateways
DevOpsCon 2020: The Past, Present, and Future of Cloud Native API GatewaysDevOpsCon 2020: The Past, Present, and Future of Cloud Native API Gateways
DevOpsCon 2020: The Past, Present, and Future of Cloud Native API Gateways
 
AllTheTalks 2020: "The Past, Present, and Future of Cloud Native API Gateways"
AllTheTalks 2020: "The Past, Present, and Future of Cloud Native API Gateways"AllTheTalks 2020: "The Past, Present, and Future of Cloud Native API Gateways"
AllTheTalks 2020: "The Past, Present, and Future of Cloud Native API Gateways"
 
Service Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with IstioService Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with Istio
 
Episode 1: Building Kubernetes-as-a-Service
Episode 1: Building Kubernetes-as-a-ServiceEpisode 1: Building Kubernetes-as-a-Service
Episode 1: Building Kubernetes-as-a-Service
 
NTT i3 at OpenStack Summit - May 20th, 2015
NTT i3 at OpenStack Summit - May 20th, 2015NTT i3 at OpenStack Summit - May 20th, 2015
NTT i3 at OpenStack Summit - May 20th, 2015
 
Next Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiNext Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF Chui
 
Kubernetes Journey of a Large FinTech
Kubernetes Journey of a Large FinTechKubernetes Journey of a Large FinTech
Kubernetes Journey of a Large FinTech
 

More from Akshay Mathur

Documentation with Sphinx
Documentation with SphinxDocumentation with Sphinx
Documentation with SphinxAkshay Mathur
 
Kubernetes as Orchestrator for A10 Lightning Controller
Kubernetes as Orchestrator for A10 Lightning ControllerKubernetes as Orchestrator for A10 Lightning Controller
Kubernetes as Orchestrator for A10 Lightning ControllerAkshay Mathur
 
Cloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADSCloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADSAkshay Mathur
 
Shared Security Responsibility Model of AWS
Shared Security Responsibility Model of AWSShared Security Responsibility Model of AWS
Shared Security Responsibility Model of AWSAkshay Mathur
 
Techniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloudTechniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloudAkshay Mathur
 
Introduction to Node js
Introduction to Node jsIntroduction to Node js
Introduction to Node jsAkshay Mathur
 
Object Oriented Programing in JavaScript
Object Oriented Programing in JavaScriptObject Oriented Programing in JavaScript
Object Oriented Programing in JavaScriptAkshay Mathur
 
Getting Started with Angular JS
Getting Started with Angular JSGetting Started with Angular JS
Getting Started with Angular JSAkshay Mathur
 
Releasing Software Without Testing Team
Releasing Software Without Testing TeamReleasing Software Without Testing Team
Releasing Software Without Testing TeamAkshay Mathur
 
Getting Started with jQuery
Getting Started with jQueryGetting Started with jQuery
Getting Started with jQueryAkshay Mathur
 
Creating Single Page Web App using Backbone JS
Creating Single Page Web App using Backbone JSCreating Single Page Web App using Backbone JS
Creating Single Page Web App using Backbone JSAkshay Mathur
 
Getting Started with Web
Getting Started with WebGetting Started with Web
Getting Started with WebAkshay Mathur
 
Getting Started with Javascript
Getting Started with JavascriptGetting Started with Javascript
Getting Started with JavascriptAkshay Mathur
 
Using Google App Engine Python
Using Google App Engine PythonUsing Google App Engine Python
Using Google App Engine PythonAkshay Mathur
 
Testing Single Page Webapp
Testing Single Page WebappTesting Single Page Webapp
Testing Single Page WebappAkshay Mathur
 

More from Akshay Mathur (18)

Documentation with Sphinx
Documentation with SphinxDocumentation with Sphinx
Documentation with Sphinx
 
Kubernetes as Orchestrator for A10 Lightning Controller
Kubernetes as Orchestrator for A10 Lightning ControllerKubernetes as Orchestrator for A10 Lightning Controller
Kubernetes as Orchestrator for A10 Lightning Controller
 
Cloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADSCloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADS
 
Shared Security Responsibility Model of AWS
Shared Security Responsibility Model of AWSShared Security Responsibility Model of AWS
Shared Security Responsibility Model of AWS
 
Techniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloudTechniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloud
 
Introduction to Node js
Introduction to Node jsIntroduction to Node js
Introduction to Node js
 
Object Oriented Programing in JavaScript
Object Oriented Programing in JavaScriptObject Oriented Programing in JavaScript
Object Oriented Programing in JavaScript
 
Getting Started with Angular JS
Getting Started with Angular JSGetting Started with Angular JS
Getting Started with Angular JS
 
Releasing Software Without Testing Team
Releasing Software Without Testing TeamReleasing Software Without Testing Team
Releasing Software Without Testing Team
 
Getting Started with jQuery
Getting Started with jQueryGetting Started with jQuery
Getting Started with jQuery
 
CoffeeScript
CoffeeScriptCoffeeScript
CoffeeScript
 
Creating Single Page Web App using Backbone JS
Creating Single Page Web App using Backbone JSCreating Single Page Web App using Backbone JS
Creating Single Page Web App using Backbone JS
 
Getting Started with Web
Getting Started with WebGetting Started with Web
Getting Started with Web
 
Getting Started with Javascript
Getting Started with JavascriptGetting Started with Javascript
Getting Started with Javascript
 
Using Google App Engine Python
Using Google App Engine PythonUsing Google App Engine Python
Using Google App Engine Python
 
Working with GIT
Working with GITWorking with GIT
Working with GIT
 
Testing Single Page Webapp
Testing Single Page WebappTesting Single Page Webapp
Testing Single Page Webapp
 
Mongo db
Mongo dbMongo db
Mongo db
 

Recently uploaded

Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

Recently uploaded (20)

Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

Considerations for East-West Traffic Security and Analytics for Kubernetes Environment

  • 1. 1. Reliable Security Always™ Considerations for East-West Traffic Security and Analytics for Kubernetes Environment Akshay Mathur
  • 2. 2. NEW DE-FACTO STANDARDS: Growing Industry Trend: Containers and Kubernetes APPLICATIONS Moving from Monolith to Micro Services APPLICATION DEPLOYMENTS Moving from Hardware Servers or Virtual Machines to Containers o Adopted by all industry major players – AWS, Azure, Google, VMWare, RedHat. o 10X increase in usage in Azure and GCP last year o 10X increase in deployment last 3 years o Deployment Size increased 75% in a year Growing Kubernetes Adoption
  • 3. 3. Key Requirements of Modern Teams … EFFICIENT OPERATIONS VISIBILITY & CONTROL Application Security SSL Encryption Access Control Attack Protection and Mitigation Analytics Faster troubleshooting Operational intelligence Central Management Multi-services Multi-cloud
  • 5. 5. An E-Com Company: Access Control between Microservices o For Security and compliance reason, communication between microservices must be controlled o In absence of logical policy enforcement, this company isolated clusters Kubernetes Node Kubernetes Node Kubernetes Node Kubernetes Node
  • 6. 6. A FinTech Company: Blind on Traffic Flow Information o This company implements all important microservices in separate namespace o Traffic between microservices across namespaces must pass through application gateway o Some information about the traffic is collected from application gateway Kubernetes Node Kubernetes Node Kubernetes NodeKubernetes Node
  • 7. 7. A Media Service Company: Worried about Cost of Operations o Sidecar deployment model significantly enhances the resource requirement o Management overhead also increases with size of deployment Kubernetes Node
  • 8. 8. Challenges in Kubernetes Environment o Knowledge and Learning Curve o Internal and External Networks are isolated o IP addresses of Pods keep changing o No access control between microservices o No application layer visibility o Cost of operation Kubernetes NodeKubernetes Node
  • 10. 10. How to Ingress and Distribute Traffic o Kubernetes provides Kubeproxy for simple usage • Works by adjusting iptables rules (Layer 3) o Implementation of Advance Traffic Ingress is left to ecosystem vendors Kubernetes NodeKubernetes Node OR
  • 11. 11. Keeping LB config in sync with Infrastructure o Kubernetes replaces pods as they are ill • IP address of the pod changes o Ingress Controller is defined by Kubernetes but not implemented Kubernetes NodeKubernetes Node OR
  • 12. 12. Security for North-South Traffic o SSL Offload o HTTP 2.0 o OWASP Top 10 o Malware, Bad BOTs o Application DDoS attack Kubernetes NodeKubernetes Node OR
  • 13. 13. Simplification of Architecture Unified solution brings o Operation simplicity o better application performance Kubernetes NodeKubernetes Node OR
  • 14. 14. Kubernetes Cluster Kubernetes Cluster Central Management for Large Deployments Kubernetes NodeKubernetes Node OR Kubernetes NodeKubernetes Node
  • 15. 15. Resource Requirements Consideration Kubernetes Node OR Kubernetes Node Sidecar Proxy Deployment Hub-Spoke Proxy Deployment
  • 16. 16. Kubernetes Cluster Distributed and Elastic Deployment Architecture o ADC as DaemonSet • Hub-Spoke deployment within node • Active-Active cluster within namespace o Monitoring of infrastructure • Updates at per pod lifecycle events o Central Controller • Keep all configuration in sync Kubernetes NodeKubernetes Node
  • 17. 17. Access Control between Microservices o Transparent Proxy • Automatically intercept the traffic and enforce policy o Policy using service labels • No IP addresses
  • 18. 18. Transparent Encryption o Intelligent SSL • Only the traffic between nodes is encrypted o No code change • App service need not implement SSL Node 1 Node 2 S1 S2
  • 19. 19. Kubernetes Cluster Deployment Architecture – Distributed and Elastic • Container-native advance load balancer (proxy) is automatically deployed with each new node Node Node Node Kubernetes Connector Central Controller • Kubernetes Connector detects changes in application service scale and communicates new config to the load balancer (proxy) via controller • The load balancer (proxy) connect to controller and get relevant configuration automatically • Metrics/Logs flow from load balancer (proxy) to the Controller
  • 20. 20. Application Traffic and Security Analytics Descriptive Analytics • Health Status • Logs & Events PERFORMANCE MONITORING Diagnostic Analytics • Per-App metrics • Trend Analysis FASTER TROUBLE- SHOOTING Predictive Analytics • Anomalies/Threats • Correlation INSIGHTS Prescriptive Analytics • Policy updates • Behavior Analysis ADAPTIVE CONTROLS
  • 22. 22. Getting to the root of Anomalies Time series distribution of o Requests o Bandwidth consumption o IP addresses clients sending high traffic o Drill down to their transaction logs to confirm genuineness
  • 23. 23. Troubleshooting Response Time Issues Reach to individual transaction(s) for identifying the root cause View segmentation of response time by various properties like URLs, countries, servers etc. Keep a tab on end-to-end response time and time taken in various portions of request/response cycle
  • 24. 24. Summary: Security with Simplicity o Simple architecture with unified solution and central management and control o ADC Config ‘as code’ in Kubernetes format o No change in microservices’ code o Traffic visibility for optimizations and enhancements