SIMPLE Kubernetes (K8s)
Bear Systems is building on its next generation cybersecurity platform to provide a range of SIMPLE (Secure Integrated ML Platform Leveraging Expertise) solutions for the world’s most pressing needs. This blog entry is one of a series of introductions showing how Bear can provide a SIMPLE solution for specific vertical challenges.
Back in the old days (circa a couple of years ago) people were focused on “moving to the cloud” in order to virtualize their servers and gain cost efficiencies. The realization driving that movement was the fact that an average physical server was running around 10% capacity about 95% of the time. The thought was to move the physical servers to a central place and then share virtual servers on top. We have a blog post on SIMPLE Clouds that addresses cloud deployments to this end.
Recently, people have realized that spinning up an entire server is overkill as they really only want to run a single application. Google quickly took this realization and built the new evolution of cloud deployments that allows customers to just spin up the applications they need for only as long as that application is required. This solution is called Kubernetes or K8s.
K8s is incredible in its ability to optimize performance and, while our deep technical whitepaper reveals the underlying technical reality to be grounded in virtual servers, the results clearly demonstrate massive performance gains. That stated, K8s has two main issues that causes issues at scale – secure, distributed communications and application protection.
Without delving too far into the technology, the reality is that K8s runs all of its applications in one large virtual server. As long as that single server is big enough, K8s can handle communications between applications. Unfortunately, those communications are completely open to hacking, and nothing intrinsic to K8s does anything to protect these applications inside this virtual server. Similar other older security models, Kubernetes relies on secure boundaries on the outside of the virtual server for protection.
When going to scale, however, K8s completely breaks down as there is nothing within K8s that can handle communications between servers. A group of what are called service mesh providers have popped up to help with this issue. Their solution, however, is beyond insane to me as they literally spin up an entire server just to run each secure line of communication…
Think about this – we moved AWAY from servers because they are too big and clunky and into application virtualization and the solution to communications is to spin up even more servers?!?
SIMPLE K8s is a multi-faceted solution in which each of those virtualized application can be visually managed, optimized to a higher degree, and intelligent insights obtained. More than any of those features, however, SIMPLE K8s provides a unified cyberphysical security platform that protects virtual applications and their communications both inside K8s and between K8s servers with zero impact to K8s or any applications.
Within a given server, SIMPLE K8s is able to invisibly identify and apply expert-provides rules controlling resource usage and access control. SIMPLE K8s locks down the internal lines of communication and protects K8s internally instead of sitting on the sidelines with zero unwanted disruption.
SIMPLE K8s also provides its own secure routing system that works across any type of communication and can instantly connect any local K8s application to any remote K8s application no matter where it is located – no extra servers required. With this routing, programmers no longer worry about endpoint addresses and can, instead, use logically rules such as “send this data to all applications running this version of this app”. To this end, SIMPLE K8s transforms largescale, distributed, deployments into one large Virtual Private Server that eliminates complexity, security holes, and all of those crazy extra SSL severs used by service mesh providers.
There is obviously more, much more, to our SIMPLE K8s solution and, if you are interested, please contact us to learn more!