cancel
Showing results for 
Search instead for 
Did you mean: 

Pulse vADC and Kubernetes for Application Orchestration

cm-K8S-Diagram.png

Kubernetes is an open-source container orchestration platform, designed to meet the needs of one of the largest technology companies in the world. It has gained significant popularity and industry adoption over the last few years as a result of its extensive customizability and rich community support.

Pulse Secure’s Virtual Application Delivery Controller (vADC) has supported customers through the rapid increase in deployment automation and developer-oriented solutions over the years with its flexible deployment and licensing model and has been a recognized by Gartner as a leading vendor and a key player in Mode 2 Application Development and Mode 1/Mode 2 Hybrid ADC use cases. As businesses migrate workloads into Kubernetes, they can continue to rely on Pulse Secure’s Virtual Traffic Manager (vTM) solution to deliver their applications efficiently, reliably, and securely.

vTM can be deployed into Kubernetes clusters using standard resources and deployment patterns, allowing it to take full advantage of Kubernetes features, such as horizontal autoscaling, and provide maximum flexibility to support the needs of operational teams.

The following provides some comparisons between the different ways in which vTM can be deployed in Kubernetes:

Per-cluster or per-application traffic managers

A set of traffic managers can manage all the applications deployed in the cluster using expressive routing logic to direct incoming traffic to the appropriate application. This deployment style provides a convenient single point of policy enforcement for the cluster.

Alternatively, traffic managers can be deployed independently for each application in the cluster, providing greater isolation and security between applications.

Host networking or Kubernetes networking

Traffic managers deployed in host networking mode can receive traffic sent directly to the Kubernetes cluster nodes on standard ports and distribute it to the applications deployed in the cluster.

Alternatively, traffic managers can be deployed entirely inside the cluster, receiving traffic from outside the cluster through a LoadBalancer or NodePort service. Deploying this way provides greater scalability, as traffic manager pods can be deployed on any cluster nodes, and also makes the cluster more portable.

Restricted nodes or full access to the cluster

Traffic manager instances can be given exclusive access to a specific set of cluster nodes by using the taint and affinity features of Kubernetes. This technique ensures that even if the rest of the cluster is overloaded, the traffic manager will continue to operate and will be able to redirect traffic or return an appropriate error response to the client. It also allows the traffic manager to protect other cluster nodes from becoming overloaded when ingress traffic spikes occur.

 

Pulse Secure vADC offers an extensive application delivery feature set to support delivery of applications deployed in Kubernetes, including:

  • In-band Traffic Optimization– vTM can reduce latency and improve application performance by offloading TLS key exchanges and decryption, compressing and caching resources, and optimizing web content to reduce page load times.

  • Ease of Management– deploy security policies, TLS secrets, and authentication checks in one place, taking the burden away from individual applications. Manage configuration through standard Kubernetes resources, such as ConfigMaps and Secrets.

  • Customized Content Management – use vTM’s powerful TrafficScript language to make advanced content routing decisions, apply business policies, and rapidly respond to application issues.

  • Advanced Load-Balancing Algorithms – vTM offers an extensive set of load-balancing algorithms beyond those provided by the native Kube-proxy to ensure an even distribution of traffic between application pods.

  • Service Discovery– vTM automatically discovers application endpoints in Kubernetes as they scale up and down. It can also be customized to use other discovery services such as Consul.

  • Authentication - vTM provides application security by supporting authentication services such as SAML SP and Kerberos constrained delegation.

  • Protection– vTM can protect applications, and the cluster itself, from being overloaded by queueing up requests when the application pods are reaching capacity, applying bandwidth limits to client connections, and rate-limiting classes of traffic.

  • Security - Pulse Secure provides an up-to-date TLS-stack, including TLS-1.3 support, protection against denial of service attacks, and a robust Web Application Firewall (WAF) solution.

  • Activity Graphs – get visibility into ingress and egress traffic patterns, track SLA policies, and export detailed information about all traffic managed by vTM for offline analysis.

  • Deployment Flexibility – vTM can be deployed in any Kubernetes environment, whether on-premises or hosted by a cloud provider such as Google Kubernetes Engine (GKE), Amazon Elastic Container Service for Kubernetes (EKS), and OpenShift (Hosted or Platform).

For more information and resources on how to use Pulse vADC in a Kubernetes environment, see:

https://github.com/pulse-vadc/kubernetes-vtm

https://pulsesecure.net/vadc-community

 

Version history
Revision #:
1 of 1
Last update:
‎03-07-2019 08:45:AM
Updated by:
 
Labels (2)
Contributors