Tigera has extended its alliance with Google to include an instance of open source Calico networking software in the on-premises edition of Google’s managed Kubernetes service.
Project Calico enables IT organizations to set up virtual networks spanning both containers and virtual machines that proponents contend provides an easier alternative to software-defined networks (SDNs) that are anchored around a specific controller. Calico makes uses of IP routing to set up those virtual networks on each host rather than requiring IT organizations to deploy a network virtualization overlay, which can be more challenging to manage.
Tigera CEO Ratan Tipirneni says the distribution of Calico curated by Tigera will play a key role in Google’s evolving hybrid cloud strategy. Tigera previously worked with Google to make Calico available on the Google public cloud. This extension now embeds Calico into the instance of Kubernetes that Google is managing on behalf of customers in on-premises IT environments.
In general, Tipirneni says IT organizations tend to underestimate the networking challenges in implementing a hybrid cloud computing strategy. Many of the initial networking connections, for example, may be set up by developers, but networking and security professionals need to make sure those networks are segmented and have the appropriate levels of controls in place. To enable IT organizations to achieve that goal, Tigera sells Tigera Secure to create a zero-trust network on top of Calico. That offering provides access to network flow logs that record accepted and denied traffic, which policies denied traffic and workload context such as Kubernetes namespaces, labels and metadata. Tigera Secure also provides access to a tool for visualizing network flows along with the ability to apply security policies based on roles and detect anomalies that might indicate a cybersecurity breach.
Tipirneni says the rise of cloud computing coupled with best DevOs processes is starting to drive more collaboration between application developers and security and networking teams. Because of that issue, Calico is gaining traction because it provides a means to segment networks that doesn’t require developers to wait for networking specialists to update a network overlay, says Tipirneni.
Network overlays may play a major role within data centers trying to connect multiple legacy virtual machines, but when it comes to hybrid cloud computing that approach is already proving to be too cumbersome to manage across multiple wide area network connections, he adds.
IT organizations are just now starting to wrestle with the networking and cybersecurity challenges associated with hybrid cloud computing. Thanks to the rise of Kubernetes, it will become much easier over time to build those hybrid cloud computing environments. But the pressure on IT organizations to establish secure networks between all those instances of Kubernetes and legacy virtual machine environments without compromising application performance will be considerable in the months and years ahead.