With Mirantis Container Cloud (formerly Docker Enterprise Container Cloud) and Mirantis Kubernetes Engine (formerly Docker Enterprise/UCP), you get an integrated security framework for delivering safer applications and improving policy automation without sacrificing performance by enhancing container security. Leveraging security features built into Mirantis Container Runtime (formerly Docker Engine – Enterprise) and Mirantis Secure Registry (formerly Docker Trusted Registry), Mirantis Kubernetes Engine adds an extra layer of threat protection that travels with your applications in a secure supply chain that traverses any infrastructure across the application lifecycle. And with a single interface and centrally-managed content, you get a seamless workflow that improves governance and ensures compliance across your entire organization.
Mirantis Kubernetes Engine oversees your containerized applications at scale, interweaving best practices and flexible governance rules with your existing policies. For example, container image security is enhanced as your container images automatically go in and out of checkpoints based upon policy-driven rule sets that provide monitoring and vulnerability detection, and determine how content progresses through Mirantis Secure Registries from development into production securely.
- Container security solutions provide granular & flexible role-based access controls (RBAC) enable your teams to work quickly, efficiently and seamlessly as a repeatable business process, sparking creativity and innovation. RBAC that allows diverse teams to work within the same operational environment while limiting what actions specific groups can take. Mirantis Kubernetes Engine integrates with your LDAP and/or Active Directory and authentication can be granted through SAML 2.0 or Public Key Infrastructure (PKI) to ensure that your RBAC policies can be deployed across any environment and are not bound to a specific cloud provider.
- Secure application zones enable multi-tenancy within individual clusters. That allows your organization to maximize the utilization of your compute resources by providing for numerous applications to be managed within the same cluster while still providing container isolation security. In addition, application development can remain agile without creating new clusters for every team, application and project, which saves time and reduces complexity.
Secure Content Across the Software Supply Chain
Mirantis Kubernetes Engine offers cryptographic digital signing to confirm container image provenance and authenticity – in effect providing your operations team with details about the author of an application and confirming that it hasn’t been tampered with or modified in any way to improve the security of containers running on your cluster.
- Image signing and vulnerability scanning allow your operations teams to have visibility into your container; who is the author, what is the bill of materials of the container image and whether there are critical vulnerabilities. These automated analysis and insights protect and greatly improve your organization’s ability to meet your compliance requirements and prevent Kubernetes security breaches.
- Policy-based image promotion and image pruning accelerates the DevOps pipeline, allowing you to act on images that pass security scans by promoting them automatically, or removing them if they’re no longer needed. This policy driven automation is how organizations can scale their secure management of containers as they get to hundreds and thousands of images.
Mirantis Kubernetes Engine provides default configurations that offer greater protection for applications running on top of Mirantis Container Runtime and across both Swarm and Kubernetes orchestrators. The platform establishes strong secure defaults, while still leaving the controls with the admin to change configurations and policies as needed.
Out-of-the-box security defaults include:
- System-level mutual TLS authentication and cryptographic node identity ensure that communications stay inside the cluster, and foreign nodes stay outside, preventing data leakage and attacks.
- Application-level isolation with authentication/authorization lets you share resources without sacrificing security because you must explicitly open network communications to an application for any application or person to see or access it.
Container security solutions provide FIPS 140-2 validated cryptographic modules that ensure that Mirantis Container Runtime meets the standards required by the US Federal government and other regulated industries by delivering on the fundamental confidentiality, integrity and availability objectives of information security. Additionally, Mirantis Kubernetes Engine has DISA STIG validation, making it easier for customers to pass compliance audits and ensure secure operations.
Learn more about Mirantis Kubernetes Engine
Mirantis Kubernetes Engine is the fastest way to securely build, share and run modern applications anywhere. Download the datasheet to learn more.GET THE DATASHEET