Network security is often not the first thing you think about when setting up a cluster. Usually, by the time you decide to segment your traffic, there are dozens of services already running and connecting to each other. Setting up your network security rules in a running environment can be very difficult, and gets harder the larger your cluster grows. Calico Enterprise uses a policy recommendation engine to help you quickly implement network security in your cluster without all the upfront work.
Calico Enterprise logs all network traffic and uses this data to form a baseline for which microservices communicate with each other. The baseline is then used to generate a set of policies that will lock down your cluster while allowing those connections that were observed historically. These recommended policies can be modified before staging or committing to your cluster.
Interested in trying Calico Enterprise Policy Recommendation?
Sign up for our free trial – we’ll even provide sample workloads to test with.