Weaveworks’ Weave Net open-source SDN effort is out this week with a new 1.7 release providing users with improved security isolation control that can enable a so-called ‘micro-SDN’ architecture.
“In Weave Net 1.7, we have now provided integration with Kubernetes security policies,” Mathew Lodge, COO of Weaveworks, told EnterpriseNetworkingPlanet. “So you can now have fine-grained security controls with Weave Net, specifying policies in Kubernetes and having it all automatically applied by Weave Net.”
Kubernetes is an open-source container management and orchestration system that is widely deployed. With Kubernetes, multiple clusters of containers can be deployed and managed. The Kubernetes project released its 1.4 milestone on September 26, introducing new security control capabilities.
Lodge explained that the Kubernetes 1.4 security policies can be implemented in Weave Net 1.7 as a set of firewall rules.
For existing Weave Net users, Lodge said that isolation has been subnet-based. As such, specific containers could be segregated by placing them on a specific network subnet to create a form of isolation. With Kubernetes 1.4, users now need to provide more definition as part of a security policy, which also provides more control over container networking and access.
With enterprise access, typically a directory system like Microsoft’s ActiveDirectory or OpenLDAP is used to help define security policy. Lodge commented that ActiveDirectory isn’t typically where organizations will keep network security policy.
“The big difference with Kubernetes is you’re essentially bringing the application and the infrastructure closer together,” Lodge said. “In Kubernetes, the security policy is defined in terms of how the application describes it.”
The Weave Net SDN technology is only one of several efforts from Weaveworks. For visibility into network activity and operations there is the Weave Scope effort, which will also benefit from the security enhancements. What happens is Kubernetes information shows up in Scope, so an administrator can see container pods, services and replication controls and the way that security policies map to those capabilities.
Looking forward for Weaveworks, Lodge said that the company is continuing to integrate Weave Net with the company’s Weave Cloud service.
“Weave Cloud is a superset of our open-source Weave Scope project and it also includes single sign-on functionality, permission and other enterprise-level controls,” Lodge said.
Sean Michael Kerner is a senior editor at EnterpriseNetworkingPlanet and InternetNews.com. Follow him on Twitter @TechJournalist