OpenShift Commons Briefing #58: Open Source Application Segmentation with Aporeto's Trireme
January 19, 2017 | by
OpenShift Commons Briefing Summary
In this briefing, Dimitri Stiliadis, CEO, Co-Founder of Aporeto gives an introduction to the Trireme open source project. Trireme takes a different approach to application segmentation by treating the problem as what it is: an authentication and authorization problem. Every application component, such as process, a container, a Kubernetes POD, has an identity. A segmentation function is a simple policy that defines identities of the endpoints that are allowed to communicate with each other.
Trireme's simple and robust approach to production-scale security makes it ideal for use on Kubernetes-based container platforms like OpenShift where cloud-native applications are deployed. Trireme, comprised of 6,500 lines of code, is simple, scalable, and secure. Through authentication and authorization, leveraging OpenShift labels and network policy, Trireme creates a whitelist environment where only services that are allowed to communicate with each other do so. There no longer is any need for network segmentation via SDN, E-W firewalls, ACLs, tunneling, and so forth.
Don't forget to leave your feedback and suggestions for each video or in the comments section below. This will be incredibly important to shape this Special Interest Group and create sessions that fit the demands of all the OpenShift developers in the community.
About OpenShift Commons
OpenShift Commons is the place for organizations that are part of the OpenShift community to connect with peers and other related open source technology communities to communicate and collaborate across all OpenShift projects and stakeholders.
The Commons' goal is to foster collaboration and communication between OpenShift stakeholders to drive success for all members, and expand & facilitate points of connection between members for sharing knowledge and experience to help drive success for the platform and for participants: customers, users, partners, and contributors.
Introduction and Goals The purpose of this article is to explain in depth how capabilities are implemented in Linux and why they can't be used to it's full extent in Kubernetes or OpenShift without ...
Without supporting information and guidance, updates can be daunting! In our research sessions, we heard from you: Channels can be confusing, and your overall update experience could benefit from a ...