Isovalent Cilium Enterprise
To learn more, check out "What is Cilium?".
APPUiO Managed uses Cilium by default in its commercial version from Isovalent - Isovalent Cilium Enterprise - it’s included in the price.
Isovalent Cilium Enterprise addresses the complex workflows related to security automation, forensics, compliance, role-based access control, and integration with legacy infrastructure that arise as platform teams engage with application and security teams within an enterprise organization.
Resources:
-
Supercharge OpenShift with Isovalent Cilium Enterprise (PDF by Isovalent)
Secure & scalable connectivity for open hybrid cloud with eBPF superpowers. -
Accelerating the Journey to Cloud Native Microservices (PDF by Isovalent)
Overcoming the Networking, Observability and Security challenges that slow down adoption of production Kubernetes platforms. -
Isovalent Cilium Enterprise - Security Сompliance & Forensics (PDF by Isovalent)
Leverage the power of eBPF to secure your Kubernetes platform. -
Multi-Cluster Kubernetes Networking with Cilium (PDF by Isovalent)
-
APPUiO announcement: Partnership with Isovalent
Why using Cilium?
- Security
-
Cilum offers advanced security features which aren’t available by any other Kubernetes networking add-on. These features go far further than just networking, thanks to eBPF.
- Advanced Networking
-
By leveraging eBPF, Cilium enables many advanced networking use-cases which aren’t possible with traditional, iptables-based network plugins. It outperforms in speed, flexibility and security.
- Observability
-
Cilium works directly in the Kernel and therefore brings insights into what’s actually going on - far more than possible with traditional observability tooling.
VSHN Supported Features and Configuration
Supported by default
These features and configurations are available out-of-the box and installed and configured by default.
- Core Secure & Scalable Connectivity
-
-
Highly scalable IPv4 and IPv6 Kubernetes CNI
-
Kubernetes Label & CIDR Network Policies
-
DNS-aware Network Policies
-
Host Network Policies
-
Deny Network Policies
-
- Advanced Secure & Scalable Connectivity
-
-
L7-Aware Network Policy & Visibility
-
TLS-termination for L7 Visibility
-
- Ops-Centric Connectivity Observability
-
-
Hubble Cluster-wide Flow Visibility CLI / API
-
Hubble Service Map + Flow Visibility UI
-
Identity-aware Network Metrics (Prometheus)
-
HTTP/gRPC-aware Connectivity Metrics
-
- Application Team Troubleshooting & Policy Workflows
-
-
Multi-tenant RBAC for Flows, Metrics, and UI
-
Advanced Policy Troubleshooting UI
-
Simplified Policy Creation Tools & APIs
-
- Enterprise Distribution & Support
-
-
Enterprise-hardened Cilium Versions and Testing
-
Supported on request
These features or configuration adjustments must be specifically requested and some restrictions apply. Activation and configuration of these features imply additional engineering costs and can cause additional engineering costs for operating them (although no fixed additional recurring costs apply).
- Core Secure & Scalable Connectivity
-
-
Overlay, Direct, and Cloud Provider Routing Modes
-
High-performance L3/L4 Pod Load-balancing (kube-proxy replacement)
-
- Advanced Secure & Scalable Connectivity
-
-
Transparent IPsec Encryption
-
Multi-cluster Routing, Load-balancing & Security
-
Advanced L3/L4 External Load-balancing (including XDP-acceleration, Direct Server Return, Maglev)
-
Advanced Bandwidth Management for Pods through EDT (Earliest Departure Time) model
-
Non-containerized VM / Bare-metal Workloads
-
3rd-party BGP integrations (MetalLB, BIRD, etc.)
-
- Ops-Centric Connectivity Observability
-
-
Historical Flow Data and Analytics
-
- Application Team Troubleshooting & Policy Workflows
-
-
Historical Flow Data and Analytics
-
Automated Security Policy Approvals
-
- SecOps Observability Workflows
-
-
Integration with External SIEM (Splunk, ELK, etc.) for Incident Investigation, Forensics + Audit
-
SIEM - Identity + DNS-aware Flow Data Export
-
SIEM - Process/Syscall Data Export
-
SIEM - TLS Handshake Compliance Monitoring
-
SIEM - Network Policy Compliance Monitoring
-
Identity-aware Tap/Mirror (IDS insertion)
-