Aporeto in AKS

By: Amir Sharif 02.06.2019
Aporeto in AKS

What is Azure Kubernetes Service (AKS)?

Azure Kubernetes Service (AKS) makes it simple to deploy a managed Kubernetes cluster in Azure. AKS reduces the complexity and operational overhead of managing Kubernetes by off-loading much of that responsibility to Azure and handling critical tasks like health monitoring and maintenance. However, your operational needs may require you to deploy your Kubernetes cluster in a hybrid setting. For instance, your data services may be running in your private cloud while application logic services could be running in AKS. Without the proper toolset and configuration, maintaining visibility and security for your distributed environment can be hard to configure and maintain. In this blog, we discuss providing centralized visibility and monitoring for these types of distributed workloads in a manner that is easy to deploy and manage.

Aporeto is simple to deploy and operate:

  • Pick an application and visualize it;
  • Generate and simulate security policy;
  • Enforce the security policy.

You can visualize the application of your choice by deploying Aporeto as an AKS DaemonSet. If you control the virtual machines on which your application component run, you may also deploy Aporeto as a Docker container or a userland process. Aporeto auto-generates application security policy by ingesting Kubernetes Network Policies. You also have the option of leveraging your application dependency graph that Aporeto creates to describe the application’s behavioral intent as policies. In every case, you may audit and edit auto-generated policies and inject human wisdom when necessary.

Once you have policies, you may simulate their enforcement at runtime to evaluate the effects of your security policies without interrupting operations. When satisfied that your security policies are solid, you may lockdown your application and protect it with a Zero Trust approach.

Because Aporeto untethers application security from the network and infrastructure, one key benefit of Aporeto’s approach for protecting your containers, microservices and cloud applications is that you can have a consistent security approach even in a hybrid or multi-cloud setting. As you gain experience with Aporeto in a single cluster setting, you will quickly realize how easy it is to have a consistent security posture in multi-cluster and multi-cloud settings without any infrastructure or operational complexity.

To learn how to setup Aporeto in AKS, read our whitepaper here.

Recent Posts Simple by design; Automating per-namespace isolation with Aporeto and OpenShift Five Things to Check Out at VMworld 2019 and Visit While in San Francisco The Evolution of the Serverless Era (and redefining security to keep up)