Production Scale Application Segmentation

Orthodox thinking makes the network the natural place to impose security for distributed application. Mechanisms include distributed firewalls, distributed ACLs, and SDN. However, at cloud scale, none of these approaches are practical going forward.


Unlimited possibilities

Breaking from orthodoxy, Aporeto Trireme attaches security to the application by authentication and authorization. This method is simple, scalable, and network-agnostic. By releasing Trireme, an open source project for Kubernetes and docker, Aporeto is demonstrating this concept, engaging the community, and making cloud-native application viable, manageable, and effective for the first time.

Learn more

Easy to use

Aporeto's approach is compatible with all networking techniques available in docker / Kubernetes and still provides protection against man-in-the-middle or replay attacks that IP filter-based implementations cannot support. Moreover, Aporeto's approach is extensible across federated clusters and works in the presence of network address translations (NAT) or tunneling mechanisms without requiring any IP address and port configuration.

Learn more

Key Features

  • An application segmentation mechanism for Kubernetes / docker.
  • Requires no shared state or centralized controller.
  • Allows any two resources orchestrated by Kubernetes to connect with each other implementing the network policy API.
  • No SDN complexities.
  • No VLAN tags.
  • No Subnets.
  • Just a flat L3 routed network for the entire Kubernetes or docker environment.

Learn more

Trireme's simple and robust approach to production-scale security makes it ideal for Kubernetes deployed, cloud-native applications. We’re pleased that Trireme chose to implement their solution on Kubernetes using the network policy API, and we look forward to seeing how the community uses it.

Aparna Sinha, Senior Product Manager, Kubernetes, Google



Get Started With Trireme Today!

We Love Trireme. You will too!

//]]>