DCSF 19 Zero Trust Networks Come to Enterprise Kubernetes
2 likes705 views
The document discusses a presentation about implementing zero trust networks on Docker Enterprise Kubernetes. It begins with motivations for zero trust like changes in app architectures, security threats, and deficiencies of traditional network zoning models. It then covers using Calico and Istio on Docker Enterprise to provide zero trust security with benefits like resilience against compromise and decoupling security from network location. The presentation includes a demo of a sample app and concludes with time for questions.
DCSF 19 Zero Trust Networks Come to Enterprise Kubernetes
- 1. Spike Curtis Senior Software Engineer, Tigera Zero Trust Networks Come to Docker Enterprise Kubernetes Brent Salisbury Software Alliance Engineer, Docker
- 2. Agenda • Motivation for Zero Trust Networks − Trends in application architecture − Trends in threat landscape − Deficiencies of the “Zone” model • Building Zero Trust with Docker Enterprise, Calico & Istio − Calico & Istio architecture − DEMO! • Conclusion, Q&A
- 4. Intra-Security Zone Traffic Hairpin
- 8. Distributing Policy Across Compute
- 11. Zero Trust Networking The network is always assumed to be hostile
- 17. ● Resilient against compromised devices, workload, and network links ● Security is decoupled from network location ○ Simplified management ○ Flexible deployment ● VPNs are no longer needed Zero Trust Networking Advantages
- 18. Zero Trust Networking Software Control Plane Data PlanePlatform
- 19. Calico & Istio Architecture NodeNode Pod Workload Istio Citadel Envoy Felix Pod Workload Envoy Felix Mutual Authentication & Encryption Calico Policy Dikastes Dikastes IPTables IPTables
- 20. Demo Application customer summary database
- 21. Q&A