development preferences

how can we help you secure your cloud applications?

Crypto-Segmentation for High-Value Apps

Aporeto and Red Hat Team Up to Secure OpenShift Environments

Amir // May 09, 2017

Aporeto now secures OpenShift containers. Over 1,100 companies use Red Hat OpenShift,, making this platform the dominant distribution of kubernetes in the market.  Specifically, OpenShift orchestrates docker containers with Kubernetes as a DevOps tool for a higher enterprise software delivery velocity.  And as it was evident at Red Hat Summit 2017 in Boston last week, OpenShift and container management is a major enterprise thrust for Red Hat.  With the added cloud-native security from Aporeto, this emerging enterprise platform can now operate securely with simplicity and scale.

Aporeto cloud-native security solution works through authentication, authorization, and encryption for all of a distributed application’s components.  It generates a cryptographically-signed identity certificate for every application component orchestrated by OpenShift and allows interactions between those components if there is a policy that explicitly allows it. This whitelist security model is simple because it does away with the massive complexities of configuring the different segmentation schemes that would otherwise be required to achieve the same ends.

Aporeto and Red Hat recently announced a partnership to make OpenShift containers secure by default.  Aporeto’s open source project, Trireme, is compatible with OpenShift.  You can get the details and the installation instructions on this blog.

Trireme is a portion of the overall Aporeto security solution.  It is a clever data path security enforcer that also works through authentication and authorization.  Trireme gets pod identity from OpenShift and generates is whitelist policies from the (Kubernetes) network policy layer.  Trireme is effective and simple.

This simplicity is paramount as the world increasingly migrates to cloud-native environments.  The computing unit used to be a physical server.  That unit became the VM and is currently being transitioned into a container.  Eventually, that same unit will be a serverless function call.  With each inflection point, the number of endpoints is increasing at least by order of magnitude.  Correspondingly, those endpoints are becoming more ephemeral, increasing the rate of change in the network topology.

The migration towards a bigger network with more churn is, precisely, why the simple, scalable security model put forth by Aporeto matters.  You can try to keep up with the higher growth and faster churn by attempting to apply old, complex, and cumbersome security models to the new, containerized application construct deployed in the zero-trust; or, you could assume that your distributed application is under constant attack and, therefore, should respond to nothing unless the incoming request is from an authenticated and authorized source.  If you take the latter approach, the benefit is a simpler, more reliable, and lower-cost infrastructure.

Red Hat’s OpenShift makes it possible for mainstream enterprises to adopt DevOps and pick up containerized microservices architectures for application development.  The business reason for doing so is faster software velocity, which leads to higher business agility and competitiveness.  That agility, gained through modern software development practices, should not be encumbered through old thinking on infrastructure security – making it the precise reason why Aporeto and Red Hat have teamed up to offer enterprises a kubernetes DevOps tool that is secure by default.

Try out Trireme on OpenShift.  If you have any questions, you can give us a shout on our Slack Channel.


Amir 05.09.2017

Subscribe to our newsletter