December 12, 2022
Secure and Simplify Kubernetes Clusters
Manage multicluster operations with a single dashboard and a familiar interface.
Kubernetes has increased efficiency and agility for DevOps teams, streamlining the process of moving and scaling workloads among multiple clouds and reducing the number of operational details that developers must manage. This is critical for enterprises that need the flexibility to rapidly adapt to shifting demands across various geographies, markets or IT architectures.
A problem that arises, however, is that cloud providers, architectures, operating systems and other ecosystems all speak different languages. That creates a challenge when organizations are well versed in one environment but, for business reasons, need to expand their applications to a new one. Beyond that, Kubernetes is complex and operates differently than traditional IT systems, so organizations may be wary of investing heavily in a platform with so many risks and unknowns.
SUSE Rancher, a Kubernetes management platform, is designed to address both concerns through an interoperable, easy-to-use dashboard designed to seamlessly manage multiple Kubernetes clusters, regardless of where they are deployed.
Simplify Multicluster Operations
Rancher streamlines workflows for IT operations and developers by making it efficient to establish and move production-ready workloads across all major clouds and enterprise operating systems. Rather than deploying, configuring, and maintaining each environment individually, teams have consistent control of their clusters through the Rancher dashboard. This lets organizations leverage the advantages of Kubernetes without compromising simplicity, security or agility.
In the process, Rancher also reduces the siloes that can accompany multicluster operations. Although each environment may have unique tools and services, Rancher provides a consistent experience and access to industry-leading tools through its dashboard. This enables teams to focus on an application’s features, functionality and value to the end user rather than getting lost in the details of managing its development. And, because the Rancher interface is similar to Kubernetes, it’s familiar and easy to implement.
Unify Security, Policy and User Management
Rancher also helps organizations manage the challenges of replicating their security policies in the cloud. On-premises security policies may be robust and well developed, but some may not apply to the cloud or may not be stringent enough to be used in different regulatory environments, such as those subject to the European Union’s General Data Protection Regulation.
That’s where Rancher comes in, integrating with the existing infrastructure and enforcing appropriate security policies. For instance, the platform takes organizations’ role-based access policies and applies them seamlessly wherever workloads are located. Rancher also scans clusters for adherence to Center for Internet Security benchmarks and creates templates that serve as additional security guardrails. Further, Rancher can leverage its continuous delivery functionality to ensure consistent, auditable deployment of critical applications
Meanwhile, SUSE’s NeuVector platform allows operations teams to define all desired application behaviors at the network level and enforces those rules so that compromised software can’t be exploited. By defining application-layer traffic as the standard for behavior, NeuVector provides proactive measures that help to defend against zero-day attacks and insider threats that more traditional and reactive security tools may miss.
By replicating existing security policies and layering security onto the dynamic traffic layer, Rancher and NeuVector work together to enforce a cohesive security policy.
Increase Visibility into Application Traffic
One particularly helpful feature of Kubernetes is that it dynamically orchestrates many aspects of applications running in the background. This not only reduces administrative complexity but also lowers visibility into entire layers of traffic flowing between containers and between Kubernetes clusters. Because containers may exist only for seconds within the automated Kubernetes environment, securing that traffic layer can be extremely difficult.
This hidden complexity becomes problematic if an organization needs to granularly secure its ever-expanding IT footprint. By inspecting packet traffic, NeuVector enables organizations to block undesired traffic. This visibility and associated reporting can be crucial for organizations running Kubernetes in production in regulated environments. NeuVector can also increase traffic visibility and add zero-trust security controls to any Kubernetes deployment.
As Kubernetes adoption grows, many organizations are figuring out how to leverage its advantages without creating additional risks. Rancher and NeuVector help solve this problem, facilitating all of the agility Kubernetes can deliver while keeping management and security in check.
Story by Chase Weiser