Software Defined Networking (SDN) vendor PLUMgrid is helping to secure its product portfolio and its customers with a new technology it calls CloudSecure. The goal with CloudSecure is to help provide policy and structure for organizations to build secure micro-segmented networking in the cloud.
“PLUMgrid CloudSecure is a virtual security solution that consists of ONS, Cloudapex and the ecosystem partners to isolate, protect, and monitor north-south, east-west, and intra-host traffic between VMs and containers,” Pere Monclus, CTO of PLUMgrid, told EnterpriseNetworking Planet. “We are building on top of micro-segmentation/security policies/service insertion, and introducing policy-based virtual tap with ONS 6.0 and Security View with CloudApex 2.0.
ONS is PLUMgrid’s OpenStack Networking Suite providing overlay networking capabilities for cloud networking. ONS has long provided micro-segmentation capabilities that enabled customers to define policies as well as virtual domains. Leveraging that existing functionality, CloudSecure users can now benefit from a virtual tap on virtual machine and containers inside the domains and select the traffic flows by policy.
Monclus said that with CloudSecure users can get very specific detail on the data they are interested in. Additionally the included Security View enables users you to view security policies applied in a virtual domain.
“These capabilities are enabled by IO Visor, in the kernel space,” Monclus said.
IO Visor is an open-source project supported by PLUMgrid that is operated as a Linux Foundation Collaborative Project.
From a policy perspective, Monclus explained that CloudSecure is a set of comprehensive policies that may be access controls, policies for virtual tap traffic selection, or firewall insertions. It also includes products from our partners such as Intel. PLUMgrid has an integration with ONS into Intel’s Open Security Controller which provides an orchestration platform for multi-vendor security.
ONS users with CloudSecure also benefit from AES128 Encryption for data plane traffic between VMs/containers in a virtual domain. Looking forward Monclus expects even more security enhancement to come from his company in the future.
“We plan to add additional support and enhancements for containers, security, policies, and analytics,” Monclus said.
Sean Michael Kerner is a senior editor at EnterpriseNetworkingPlanet and InternetNews.com. Follow him on Twitter @TechJournalist