Microsoft Azure and AKS Security

Tigera and Microsoft Azure together deliver active build, deploy, and runtime security with full-stack observability for securing, monitoring, and troubleshooting Linux and Windows containers on Azure and AKS

Overview

Calico helps Microsoft Azure and Azure Kubernetes Service (AKS) users protect their heterogeneous workload environments and Kubernetes, detect threats, and achieve continuous compliance. Users can apply a standard set of zero-trust workload access controls, enforce consistent security policies and have real-time visualization of services, namespaces, and pod communication for faster troubleshooting. AKS users can now run Calico CNI on their AKS clusters via the “Preview Mode” in Azure AKS. Whether using Calico CNI or Azure CNI for networking, users can deploy and manage a consistent set of security policies across both Windows and Linux servers hosting Kubernetes clusters on the Microsoft Azure cloud and AKS.

Benefits

Zero-Trust Workload Security

Protect your container and Kubernetes workloads running on Microsoft AKS and applications with zero-trust workload security

Container Security

Robust build-time security with safeguards for Microsoft AKS and Azure applications

Observability and Troubleshooting

Identify and resolve connectivity issues and security policy violations between namespaces, microservices, and pods in AKS and Microsoft Azure

Top Use Cases

Zero-Trust Workload Security

A Zero-Trust approach to application security is a must-have in today’s environment. But traditional network-based access controls are inadequate for containerized workloads as they don’t have a fixed network address. Instead, Zero-Trust Security controls must be implemented at the workload level.

What can you do with Calico?

Implement zero-trust workload access controls and protect containerized environments in Microsoft Azure and AKS from outside threats, while enabling applications and workloads to securely communicate with resources outside the cluster behind a firewall or other control point.

KEY FEATURES INCLUDE

  • Zero-trust workload access controls
  • Identity-aware microsegmentation
  • Universal firewall integration
  • Envoy-based app-level protection
  • DNS policies to limit access to external resources

Container Security

Container security is the process of implementing security tools and policies to assure that everything in your container is running as intended, including protection of infrastructure, software supply chain, runtime, and everything in between.

What can you do with Calico?

Protect containers during development and production. Reduce attack surface with vulnerability and misconfiguration detection. Provide runtime protection from known threats and zero-day vulnerabilities.

KEY FEATURES INCLUDE

  • Image assurance
  • Configuration assessment
  • Runtime threat defense

Compliance

Auditors need proof that you are enforcing these controls, but capturing the information required to show proof can be challenging, especially in a dynamic, distributed Kubernetes environment where workloads are ephemeral. For example, auditors will want to know what security controls are currently implemented, whether control changes be detected, and if compliance be verified for any given day and time.

What can you do with Calico?

Calico continuously monitors your cloud-native environment for compliance and retains a daily history of your compliance status. Calico also includes predefined compliance report formats, as well as a resource for creating customized reports.

KEY FEATURES INCLUDE

  • Encryption
  • Security controls
  • Evidence and audit reports
  • Configuration security

Observability and Troubleshooting

Traditional monitoring solutions create data silos at each level and stitch them together to provide a snapshot view of interactions and dependencies. This approach is not scalable for a distributed application running in a Kubernetes environment given the high volume of granular data generated at each level and lifespan of each interaction, due to the underlying infrastructure and the ephemeral nature of workloads within Kubernetes.

What can you do with Calico?

Enable faster troubleshooting of workloads and cloud-native applications with Dynamic Service and Threat Graph, Dynamic packet capture, anomaly detection, and performance hotspots, leading to shorter time-to-resolution, less application downtime, and improved QoS.

KEY FEATURES INCLUDE

  • Dynamic Service and Threat Graph
  • Dynamic packet capture
  • Performance hotspot detection

Quick Start

Developers and administrators who want to apply security-policy enforcement to Microsoft Azure or AKS clusters can get started with Calico Cloud in just a few minutes. Calico Cloud provides a rich networking and security policy model for Windows and Linux containers and Kubernetes that helps secure communications by controlling traffic flows.

How It Works

Calico provides a common networking and security policy model, using Kubernetes constructs like labels and selectors to control and restrict access to specific namespaces, microservices, and pods in both Linux and Windows environments.

Key Capabilities

Get Started

Getting started with Calico and Microsoft AKS is easy.
Whether running Calico policy alongside the Azure’s CNI, or using Calico CNI in AKS “Preview Mode”, everything you need to get Calico installed and configured in your Microsoft AKS cluster is available in the below links:

AKS and Calico

Installation

Zero-trust Workload Access

Learn More

Resources

Azure Marketplace

Learn More

Blog

Learn More

AKS Hackfest

Learn More

Become a Tigera Partner