Rethinking security from the ground up with a microservices mindset
Recent high-profile data breaches have made it clear that traditional security based on n-tier application partitioning is broken. As we move into the container era, there is a huge opportunity to revolutionize security by rendering developer intent directly into the network fabric. Andrew Randall presents an open source approach to this problem, leveraging proven IP networking and Linux concepts.
| Talk Title | Rethinking security from the ground up with a microservices mindset |
| Speakers | Andrew Randall (Project Calico) |
| Conference | O’Reilly Open Source Convention |
| Conf Tag | |
| Location | Austin, Texas |
| Date | May 16-19, 2016 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
Recent high-profile data breaches have made it clear that traditional security based on n-tier application partitioning is broken. As we move into the container era, there is a huge opportunity to revolutionize security by rendering developer intent directly into the network fabric. Andrew Randall presents an open source approach to this problem, leveraging proven IP networking and Linux concepts. Andrew reviews the evolution of enterprise security approaches, from the original three-tier separation of dedicated servers with physical firewalls to virtual appliances and overlay networks to separate application domains, explaining the challenges with implementations of overlay-based virtual networks to date, including the negative implications of traffic encapsulation on performance and troubleshooting. Andrew also outlines the evolution of container networking from port mapping to the current state of plug-in architectures, including Docker libnetwork’s Container Network Model (CNM), the container networking interface (CNI) used by rkt and Kubernetes, and Apache Mesos’s net-modules. Andrew then introduces Project Calico, an alternative approach to networking for virtual machines, containers, and bare metal, covering:
