Author Archives: Pervez Sikora
Author Archives: Pervez Sikora
Welcome to the May 2020 edition of Calicomm! – our monthly newsletter for customers and partners. In the April edition, we discussed audit logs. This edition covers egress access control, which is an important aspect of micro-segmentation.
Consider an enterprise datacenter deployment with hundreds of nodes and thousands of pods. These systems are running business applications with different levels of security requirements. A first-order security and compliance requirement in such a scenario is to ensure that a pod or host is only allowed to talk to authorized destinations. Now consider the real life scenario where there’s a churn rate (pods/hosts being added/removed) of hundreds of pods/minute. The challenge is to continue enforcing the microsegmentation in near real time despite a high churn rate.
An efficient mechanism for micro-segmentation has a direct impact on productivity. Ideally, you do not want to wait days for an access policy to be granted through a ticketing process, nor do you want to wait precious minutes for a policy change to take effect.
Micro-segmentation has two broad categories, East-West (E-W) and North-South (N-S). The following are typical use cases of egress access control within the N-S category:
Welcome to the April 2020 edition of the Tigera Calicommunication newsletter! In the March edition, we discussed context-aware flow logs. This edition covers the next component of logging, the audit logs.
Watch this short video to see how you can benefit from using Calico Enterprise Audit Logs.
Kubernetes is an API-driven platform. Every action happens through an API call into the kube API server. Consequently, recording and monitoring API activity is very important. While most deployments end up sending these logs to a remote destination for compliance purposes, these logs are often not easily accessible when needed. Moreover, different roles (platform, network, security) have different requirements, and many may not even have access to the logs. Some use cases relevant to log analysis are as follows.