Kubernetes usage continues to experience record growth. According to the Cloud Native Computing Foundation (CNCF), 96% of organizations are either using or evaluating Kubernetes. This surge has also led to an increase in security risks as enterprises are forced to use disparate DIY tools to secure the communication between application workloads and Kubernetes clusters located across their infrastructure. Failure to secure both the application and transport layers of the modern technology stack can leave Kubernetes and cloud environments vulnerable to attack by allowing unauthorized access to applications, their data and related resources. In fact, a majority of teams continue to face challenges that have led to at least one security incident in their Kubernetes and container environments within the past 12 months.
So, to help solve this problem, today we’ve announced two new services – Service Mesh Manager and Network Policy Manager – that empower platform, developer and DevSecOps teams to centrally manage transport security and application traffic for cloud-native applications and Kubernetes clusters deployed across private data centers, public clouds and edge.
As a result, these new, integrated services deliver a centralized, consistent process for enterprises to manage transport security and application traffic for Kubernetes clusters and modern applications.
The Rafay Service Mesh Manager, powered by CNCF project Istio, delivers centralized configuration of security controls and traffic management policies for microservices fleet-wide. Key features allow enterprises to:
- Automatically apply and enforce application communication policies at the cluster and namespace level;
- View dashboards for observability to monitor service-to-service communication in real time and retrospectively;
- Control access to management and visibility based on roles and assets, allowing platform teams to unblock developers and empowering them to view traffic for their respective applications or namespaces while still maintaining role-based access control (RBAC);
- Selectively enable mutual TLS (mTLS) across different parts of the infrastructure based on organizational or specific application needs.
Check out this video to learn more about the Rafay Service Mesh Manager: https://youtu.be/DbAzjO-Et3k
The Rafay Network Policy Manager, powered by CNCF project Cilium, delivers centralized management and visibility into pod and namespace communication to ensure isolation boundaries and reduce the lateral attack surface fleet-wide. Key features allow enterprises to:
- Isolate communication between applications and namespaces in both shared (multi-tenant) and dedicated cluster environments;
- View real-time and historical network traffic flows to monitor and troubleshoot communication controlled with centralized RBAC;
- Provide a self-service experience for developers to view network traffic for applications in their namespaces based on their assigned role;
- Automatically enforce network policy standards cluster-wide and at an individual namespace level.
Check out this video to learn more about the Rafay Network Policy Manager: https://youtu.be/ceukpmDdGMQ
If you will be at KubeCon + CloudNativeCon this week, we will be available for demonstrations of the Service Mesh Manager and Network Policy Manager at booth S123 in the Expo Hall. We hope to see you there!
To learn more about these new services and the Rafay Kubernetes Operations Platform, start a free trial today or read our Getting Started Documentation.