Tigera Events

Microsoft AKS Networking Bootcamp: Kubernetes networking for single and multi-cluster environment

Topics:

Security AKS
Americas
April 4, 2024
10:00 am PST

Happening this week

Explore Tigera Events

  • AVAILABILITY

  • CATEGORY

  • REGION

  • PARTNER

  • TOPIC

Join Mark Ehr, Principal Research Analyst, S&P Global Market Intelligence 451 Research, and Dhiraj Sehgal, Tigera Director of Product Marketing, for an exclusive webinar as they dive into key findings from 451 Research’s container security studies. As containerized environments continue to evolve, ensuring robust security measures is crucial for organizations.

During this webinar, they will explore the challenges faced by enterprises in securing their containerized workloads and attendees will gain valuable insights into the current state of container security, including emerging threats and best practices for mitigating risks. Learn how to implement zero-trust security models, enforce fine-grained policies, and leverage full-stack observability to enhance your container security posture.

Dhiraj will also discuss how Tigera’s solutions address these challenges through its Calico platform, which provides advanced security controls, network segmentation, and observability for containerized environments.

Don’t miss this opportunity to learn from industry experts and gain practical knowledge to strengthen your container security strategy. Register now to stay ahead of the curve and secure the future of your containerized environments.

  •  Mark Ehr
  •  Dhiraj Sehgal

Join Andrew Green and Dhiraj Sehgal for an insightful webinar as they delve into the findings of the GigaOm Sonar Report on container networking. Container networking plays a critical role in ensuring the connectivity, security, and visibility into cloud-native applications. This webinar will provide valuable insights about how to evaluate a platform which can address all these requirements:

  • Networking policy definition
  • Routing
  • Container network security
  • Cross-environment networking
  • Monitoring and troubleshooting
  • Managing ephemeral resources
  • DevOps suitability
  • Scalability

Don’t miss this opportunity to learn from industry experts and gain practical knowledge to enhance your container networking strategies.

  •  Andrew Green
  •  Dhiraj Sehgal

In the dynamic world of Amazon EKS, where workloads frequently interact with other AWS and third-party services, traditional network firewalls fall short due to their reliance on network addresses at node or cluster level. This challenge is amplified by the distributed, ephemeral nature of EKS workloads. Calico steps in to fill this gap, offering egress-based access controls for Amazon EKS workloads and facilitate secure and controlled data flow between Kubernetes pods and external resources. In our upcoming webinar, we will explore:

  • Deploy zero-trust workload access controls with namespace isolation recommendations
  • DNS policies to limit access to external resources
  • Network sets to limit access to external resources by IP ranges
  • Block lateral movement of APTs with identity-aware microsegmentation
  •  Aleksandr Epifanov
  •  Dhiraj Sehgal

Event Partner: 

Box, a cloud-first SaaS provider serving over 68% of Fortune 500 companies, manages a complex, shared Kubernetes infrastructure across hybrid, multi-cloud, and public cloud setups. Box relies on Calico to enforce zero-trust Kubernetes security for their platform to meet their critical security and compliance needs. In this webinar, you will learn how Box’s platform team uses Calico to: 

  • Implement a zero-trust environment with fine-grained workload access controls and comprehensive observability across a vast, ephemeral landscape with thousands of microservices
  • Streamline troubleshooting processes and ensure seamless security policy deployment and discoverability across multiple clusters
  • Comply with stringent regional regulations like PCI DSS, SOC 2, and FedRAMP, while offering continuous compliance monitoring and instant reporting

Register now and discover how Box achieved these goals with Calico.

  •  Dhiraj Sehgal

Multi-tenant Kubernetes deployments are common. For example, a platform team may offer shared services such as security tools and databases to multiple internal “customers” and a SaaS vendor may also have multiple teams sharing a development cluster.

However, due to the flat nature of Kubernetes network, multi-tenant Kubernetes environments are susceptible to the risk of lateral movement of threats from one tenant to another. Within the Shared Security Framework, while Microsoft AKS secures the infrastructure, enterprises are tasked with the security of workloads.

This webinar will demonstrate how Calico’s security policy recommendations can:

  • Automatically achieve workload isolation in Microsoft AKS with namespace isolation
  • Remove the manual overhead of identifying workload communication patterns for building isolation policies with policy recommendations
  • Reduce the potential impact of threats by restricting communication between workloads with microsegmentation
  • Streamline and expedite policy enforcement processes with preview and stage included
  •  Steve Griffith
  •  Dhiraj Sehgal

Event Partner: 

If you want to integrate your existing enterprise tools that require a stable IP address from Kubernetes workloads, you have a challenge as Kubernetes does not provide a default way to fulfill this requirement. Calico eliminates the complexity of achieving streamlined integration between Kubernetes clusters and tools that need to identify source traffic from Kubernetes pods or namespaces.

Learn how enterprise teams have successfully implemented Egress Gateway for the following benefits:

  • Assign a stable network identity to traffic leaving a Kubernetes pod or namespace
  • Use the network identity to integrate with traditional firewalls, databases, SIEMs, DLP and other tools
  • Advanced use-cases such as high-availability and load-balancing egress traffic
  •  Giri Radhakrishnan

Leader-bet, an online gaming and entertainment company faced slow application development due to its complex and traditional VM-based infrastructure. Its legacy applications were increasingly expensive to maintain. This led them to re-architect their legacy applications and adopt containers and Kubernetes to leverage the agility, scalability, and cost-effectiveness of cloud-native infrastructure. But this presented a new challenge: finding the right security platform for these applications and infrastructure for secure networking, visibility and troubleshooting, and compliance.

In this webinar, you will learn how Leader-bet implemented:

  1. Secure workload communication: Ensured secure communication between workloads, both within the Kubernetes cluster and with external services
  2. Visibility and troubleshooting: Gained real-time graph-based visualization to identify and resolve issues
  3. Compliance: Enforced comprehensive policy controls for compliance and automated compliance reporting features
  •  Dhiraj Sehgal

Teams implementing the Azure Well-Architected Framework, and using the Hub and Spoke network topology often rely on the Azure Firewall to inspect traffic coming from Azure Kubernetes Service (AKS) clusters. However, they face challenges in precisely identifying the origin of that traffic as it traverses the Azure Firewall. With Calico egress gateway you can now identify the Kubernetes namespaces and pods associated with egress traffic outside your clusters when inspected by the Azure Firewall.

In this webinar, you will learn how Calico egress gateway and Azure firewall together can provide the following:

  1. Security and Compliance: Allow platform teams to enforce proper security measures, preventing unauthorized access and potential data breaches by identifying the source of outbound traffic.
  2. Troubleshooting and Debugging: Pinpoint the exact application or namespace responsible for the traffic, making it easier to identify and resolve problems efficiently 
  3. Billing and Cost Management: Identify which applications contribute most to egress traffic and make informed decisions on resource allocation and billing.

 

  •  Jennifer Luther Thomas

Event Partner: 

While it is a standard practice to scan container images during the build process, it doesn’t foolproof in securing an Amazon EKS cluster from runtime threats. Some of the common scenarios where runtime threats emerge due to images include:

  • Images that passed scan during the build phase but harbor vulnerabilities days or weeks later.
  • Third-party images pulled from public registries, that often bypass the build pipeline scanning
  • One-off images outside of app development pipeline for emergency patches to fix critical bugs.
  • Existing workloads in runtime within a cluster that lack image scanning or container runtime tools.

To address and remediate these security gaps during runtime, this webinar will provide a deep dive into how Calico Cloud offers an out-of-box in-cluster real-time image scanning for Amazon EKS clusters. In this webinar, you will learn:

  • The limitations of build-time image scanning and why runtime scanning is crucial for maintaining a secure Amazon EKS cluster.
  • How Calico Cloud’s in-cluster image scanner operates, its setup simplicity, and how it fills the security gaps in your existing or new Amazon EKS clusters.
  • Demonstrations on how to utilize Calico Cloud’s in-cluster image scanner for real-time vulnerability detection and remediation.
  •  Gokhul Srinivasan
  •  Dhiraj Sehgal

Event Partner: 

HanseMerkuer embarked on a journey of operational exercise of consolidating 16 clusters into 4 to significantly curtail operational overheads and expenses, while ensuring stringent compliance requirements of tenant and workload isolation mandated by their infosec team and customers.

This webinar provide you insights and demonstrate how Calico not only enforced tenant-based, workload isolation as necessitated by the infosec team, simplified previously cumbersome and protracted approval cycles of developers, security and platform teams, but also augmented visibility into workload and policy behavior for application teams.

The results are telling – a dramatic reduction in overhead, lowered costs, expedited approval cycles, and enhanced observability and micro-segmentation.

Key Takeaways:

  • Insights into effective cluster consolidation to reduce operational overhead and cost while adhering security team requirements
  • Understanding enforcement of workload isolation and ensuring meeting the regional compliance.
  • Exploring how to simplify approval cycles and enhance observability to provide an agile and responsive operational framework.
  • Realizing tangible benefits from cost savings to enhanced security and observability.
  •  Dhiraj Sehgal