As our enterprise customers build out large, multi-cluster Kubernetes environments, they are encountering an entirely new set of security challenges, requiring solutions that operate at scale and can be deployed both on-premises and across multiple clouds.
Today we are thrilled to announce the release of Calico Enterprise 3.0 and the availability of Calico Multi-Cluster Management, a game-changing solution that provides centralized management for network security across every Kubernetes cluster in your organization.
Calico Multi-Cluster Management
Calico Multi-Cluster Management provides a centralized management plane and single point of control for multi-cluster and multi-cloud environments. Calico Enterprise’s centralized control simplifies and speeds routine maintenance, leaving more time for your platform team to address other important tasks.
For example, instead of logging in to 50 clusters one-at-a-time to make a policy change, with a single log-in to Calico Enterprise you can apply policy changes consistently across all 50 clusters. You can also automatically apply existing network security controls to new clusters as they are added.
Calico Multi-Cluster Management includes centralized log management, troubleshooting with Flow Visualizer, and cluster-wide IDS (intrusion detection). It also provides compliance reporting, and alerts on non-compliance and indicators of compromise. Alerts are sent to SIEMs, including Splunk and Sumo Logic. The extensible architecture will accommodate new capabilities and use cases as the Calico Enterprise platform evolves, and ease the adoption and deployment of features released in future Calico Enterprise versions.
Calico Enterprise 3.0 also includes new capabilities that enable large enterprise organizations to adopt Kubernetes at scale.
Calico Egress Gateway
New applications and workloads are constantly being added to Kubernetes clusters. Those same apps need to securely communicate with resources outside the cluster beyond a firewall or other control point. Firewalls require consistent IP, but routable IPs are a limited resource that can be quickly depleted if applied to every pod in a namespace.
Calico Enterprise solves this problem by assigning a routable IP to a single pod and designating it as the egress pod. A single firewall rule can be created that enables all pods within a namespace to have access to a resource outside the cluster. This has the added advantage of eliminating the burden of constant firewall change requests.
Now you can enforce egress policies for Kubernetes resources using your existing firewall infrastructure or other IP control point. Platform teams can continue to scale the cluster while preserving the limited number of routable IPs available.
Extended BGP Visibility and Troubleshooting Tools
Pods may be running business applications that must be accessible to the rest of the network. When your platform team configures Calico BGP peering with the network, thousands of constantly-changing pod IP addresses are added to the fabric. Sudden changes like this can cause unexpected behavior that is difficult to troubleshoot.
The new, extended BGP capabilities in Calico Enterprise are designed to speed troubleshooting. You now have access to a richer set of metrics to monitor and alert on indicators such as BGP peering. With this information, operators find it easier to correlate network state changes with other events in the cluster. BGP stats include neighbor status, BGP prefixes received/advertised, capabilities received/advertised, and password for authentication.
Fast Data Path for Service Providers
Latency-sensitive applications like video streaming and VOIP require high QoS (Quality of Service). To accommodate these apps, service providers sometimes deploy dual-homed data paths: a fast data path for latency-sensitive traffic and a second path for operations and management (O&M).
Calico Enterprise Fast Data Path enables the connection of multiple network interfaces to a pod, creating a multi-homed pod that can support multiple IP addresses and operate on more than one subnet. The interface for policy enforcement is user selectable. Fast Data Path is reserved for applications like video streaming and VOIP that need high QoS. The O&M path is used by Calico Enterprise to monitor and manage clusters. This controls bandwidth consumption by traffic required to manage network policies and clusters.
Free Online Training
Access Live and On-Demand Kubernetes Tutorials
Calico Enterprise – Free Trial
Solve Common Kubernetes Roadblocks and Advance Your Enterprise Adoption