Securing Cloud PKS Clusters with Aporeto

By: Amir Sharif 02.04.2019
Securing Cloud PKS Clusters with Aporeto

Multi-Cloud Application Security Powered by Application Identity

Aporeto, a Zero Trust security solution for cloud, containers and microservices, allowing companies to achieve granular segmentation recently announced that we have joined the VMware Technology Alliance Partner (TAP) program as a Standard Technology Alliance level partner for public cloud, networking and security. Members of the TAP program collaborate with VMware to deliver innovative solutions for virtualization and cloud computing. The diversity and depth of the TAP ecosystem provides customers with the flexibility to choose a partner with the right expertise to satisfy their unique needs.

VMware Cloud PKS™ (Cloud PKS)

Cloud PKS is VMware’s managed Kubernetes service. It is similar to GKE (Google Kubernetes Engine), AKS (Azure Kubernetes Service) and EKS (AWS Elastic Kubernetes Service).

Benefits of Securing Cloud PKS clusters with Aporeto

  • Visibility – visualize what your Cloud PKS clusters are doing, no matter where they are running
  • Portable security policies, regardless of where the Cloud PKS clusters are running
  • Ability to integrate with existing workloads, like those on VMware vSphere

Aporeto Namespace Hierarchy

This is a method of mapping an organization into a structure that is like a file system or a tree, and then mapping people to the right part of the tree. The higher up you are, the more influence you have over security policies. See the illustration below:

Visualizing and Organizing Workloads

Aporeto auto-generates workload identity. Each workload identity has multiple attributes. Organization can be done through any of these attributes. Such as:

  1. Group my workloads by the cloud they are running on.
  2. Group my workloads by application type.
  3. Group my workloads by application type and then application component role (for instance, first group my finance and HR apps and then show me how each of those applications are organized.
  4. Group by cloud then application type.
  5. Show me all applications that are using nginx (or bin/bash or have a particular bug).
Recent Posts Palo Alto Networks Acquires Aporeto Palo Alto Networks Announces Intent to Acquire Aporeto Aporeto – Flexible and Secure by Default