Network Isolation refers to a configuration where applications operate on a dedicated pool of nodes in a Kubernetes cluster. These nodes are situated in a specific set of subnets to ensure that the applications have their own isolated environment. This setup provides an additional layer of isolation beyond the standard capabilities of Kubernetes to ensure that the application does not share memory, compute, or disk resources with applications that belong to other customers.
If your application requires stringent isolation levels, similar to those offered by Shield, this approach offers a comparable solution while preserving the inherent benefits of the Kubernetes platform as Cloud Next is built on it.
Key features¶
- Dedicated resource Pools:
Applications are allocated exclusive resources to ensure that they do not compete with other applications for memory, CPU, or storage. Each application is completely separated from others to ensure that performance and security are not compromised by neighboring applications.
However, if your private network has multiple applications and if you want to have dedicated resources for each of such applications, you must have multiple private networks. - Enhanced security:
By isolating applications at the network level, the risk of unauthorized access or data breaches at node level is significantly reduced. Applications are shielded from potential vulnerabilities that could arise from shared environments. This isolation minimizes the risk of cross-application attacks and data leaks. - Compliance assurance:
This setup helps meet strict security and compliance requirements, which are often mandated by industry regulations. Network isolation provides a controlled and secure environment to help organizations meet these requirements. - Preservation of Cloud Next advantages:
Despite the added isolation, the benefits of Kubernetes, such as scalability, flexibility, and efficient resource management, are maintained.
Use cases¶
- Applications requiring strict resource isolation:
Ideal for applications that demand high levels of security and performance, where resource sharing could lead to potential risks or inefficiencies. - Compliance-driven deployments:
Suitable for industries such as finance, healthcare, and government, where regulatory compliance is critical, and data protection is paramount. - Security-sensitive Implementations:
Suitable for applications that handle sensitive data or perform critical operations, where any compromise could have significant consequences.
Network isolation allows organizations to achieve a balance between enhanced security and the operational efficiencies provided by Cloud Next, which makes it an attractive option for businesses with high security and compliance needs.
Infographic¶