BARCELONA –KubeCon- May 21, 2018 – Docker and Tigera announced today an extension of their existing partnership to provide networking support for Kubernetes on Windows in
Docker Enterprise, the industry leading container platform for driving high-velocity application innovation from desktop to cloud. Tigera’s Project Calico is an open source networking and security solution for containers and is currently the “batteries included” Kubernetes CNI plug-in and for Linux environments in Docker Enterprise, providing a highly scalable and secure networking and Network Policy option for enterprise users. As part of this extended partnership, Project Calico will also be the networking and network policy default for Windows environments, providing Windows admins and users with an enterprise-ready overlay networking option for deploying and managing Kubernetes clusters. With the additional support for Windows, Docker Enterprise users will also have seamless Windows and Linux network integration in the same cluster.
“Companies today are adapting to competitive challenges by accelerating the development and delivery of new, differentiated Linux and Windows applications,” said Scott Johnston, GM of enterprise solutions at Docker. “Docker Enterprise is the only container platform to support both Windows and Linux applications, and now, with the integration of Calico, we are providing organizations with market-proven networking and Network Policy capabilities for rapidly scaling these applications in production with Kubernetes.”
Docker Enterprise with integrated Calico networking and Network Policy provides enterprises with:
- Out-of-the-box networking with Calico – a market-proven networking option for Kubernetes that is used by at least 85,000 known clusters worldwide. As part of Docker Enterprise, Calico easily handles the networking needs for clusters of thousands of nodes at near bare-metal performance.
- A policy-driven security model – with fine-grained, label-based network policies for container networking. Using Calico, organizations can easily define which connections are allowed and which are not. This enables organizations to apply rules for each node in the cluster to separate or limit access to a service in accordance with business requirements and compliance.
- Choice and flexibility with Docker’s “batteries included but swappable” model – gives customers the option to swap out the built-in Calico solution to leverage their preferred networking stack.
“Through this collaboration, we are simplifying, scaling and securing Kubernetes networking and network security on the Docker platform for both Linux and Windows environments,” said Ratan Tipirneni, president and CEO of Tigera. “Customers using the Docker Enterprise platform have a one-click install process for taking advantage of the full power and flexibility of Calico. The combination of Docker Enterprise and Calico provides organizations the ease of use, security and flexibility needed to more rapidly deploy applications into production.”
Additionally, organizations with more complex security, control and compliance requirements are able to easily add on another layer of security and policy enforcement on top of the Calico capabilities in Docker Enterprise with Tigera Secure Enterprise Edition. As an additional option in Docker Enterprise, Tigera Secure Enterprise Edition provides:
- Zero trust model – each workload establishes trust using multiple sources of identity and connections are authorized from layer 3 to 7 using a least privileges model. Traffic is encrypted and policies are evaluated at multiple points of the infrastructure providing defense in depth.
- Visibility and threat detection – monitors network flows and logs them along with Kubernetes context such as namespace, pod, and labels. Detects anomalies and attack methods while automatically blocking known malicious behavior. All data is sent to the SIEM to integrate into the security teams workflow.
- Continuous compliance – Define and enforce security controls using a tamper-proof tiered policy model. Evidence reports can be generated for any point in time to support compliance audits. If the environment drifts out of compliance, real-time alerts enable security teams to quickly bring the environment back into compliance.
The Calico networking plugin for Windows in Docker Enterprise will be available in 2H of 2019. For more information on Docker Enterprise, please visit https://www.docker.com/products/docker-enterprise.