Request a demo
See Isovalent Enterprise for Cilium in action
Request a demoElevate Your AKS Clusters with Isovalent Enterprise for Cilium. Azure Kubernetes Services will now be deployed with Cilium open sourced data plane and natively integrated with Azure CNI. Discover the advantages of advanced security and observability features in Isovalent Enterprise for Cilium, designed for AKS clusters of any size and complexity. Try it now on Azure Marketplace and experience the benefits first-hand.
Azure Kubernetes Service will now be deployed with Cilium open sourced data plane and natively integrated with Azure CNI. Microsoft will handle first-line support and collaborate with Isovalent on specific support issues to their deep knowledge of the technology.
By integrating Isovalent's Cilium, Hubble, and Tetragon on Microsoft Azure, users will benefit from all advanced Cilium features including a high-performance eBPF datapath, a scalable network policy and Kubernetes services implementation, and rich observability & troubleshooting capabilities.
Contact usCilium
Cilium Service Mesh
Hubble - (Network Observability)
Tetragon - (Security Visibility and Enforcement)
Enterprise Distribution & Support
Cilium, an open-source project by Isovalent, provides networking and security capabilities using eBPF. Integrating Cilium with Azure offers the following benefits:
Combines the eBPF-based Cilium datapath with the advanced IPAM capabilities of Azure CNI, resulting in a highly scalable VNET for direct routing and the selection of the new Azure Overlay feature.
Azure Kubernetes Service (AKS) users can leverage the high-performance eBPF datapath, scalable network policy, Kubernetes services implementation, and rich observability & troubleshooting capabilities of Cilium.
AKS customers can seamlessly upgrade from Azure CNI Powered by Cilium to the full Isovalent Enterprise for Cilium platform with a single click, unlocking advanced security, governance controls, extended network capabilities, Timescape, and Isovalent Tetragon Enterprise features.
The tight integration with Azure enables auto-upgrades, native integration into the Azure ecosystem for SIEM export, monitoring, governance control, and a unified billing experience, reducing management overhead.
Integrating Isovalent Enterprise for Cilium with Microsoft Sentinel brings extensive visibility into AKS clusters for security teams. This integration offers:
Hubble, the network observability platform, is an integral part of the Cilium project. Integrating Hubble with Azure provides users with:
Hubble RBAC with Azure Identity
Hubble UI and Prometheus metrics can be governed using Role-Based Access (RBAC) rules, allowing platform teams to create self-service dashboards for application teams. By integrating with Azure Identity, Azure user roles can be easily mapped to Hubble's RBAC roles for a seamless experience.
Azure Metadata Support
Hubble's integration with Azure allows it to natively understand Azure identity and metadata, such as names and labels of nodes, VPCs, network security groups, and more. This enriches observability data and provides more accurate identification, simplifying the understanding of HTTP tracing data and other security-relevant information.
Azure Monitor with Native Prometheus & Grafana Integration
Hubble's integration with Azure Monitor and Azure Managed Grafana brings its Prometheus metrics and Grafana dashboards into the Azure ecosystem. This allows users to access all metrics covering day-2 operations, incident troubleshooting, and security monitoring alongside their existing dashboards.
Adobe has used Isovalent Enterprise for Cilium in production for many years, and we were excited to learn of the enterprise features and support provided on Microsoft Azure Kubernetes Service by the Isovalent team.
Tetragon, an eBPF-based security observability and runtime enforcement platform, is transforming cloud-native security by providing comprehensive data for incident investigations and preventive security measures. The integration of Tetragon with Azure brings several advantages to users.
Get startedMicrosoft Sentinel SIEM Integration
Tetragon's SIEM export to Microsoft Sentinel enables groundbreaking security observability for cloud-native environments. This integration expands the networking-focused view offered by Cilium and additionally covers runtime and system spectrums.
Comprehensive Security Insights
Tetragon addresses various use cases such as file access, file integrity monitoring, syscall activity logs, privilege and capabilities escalation alerting, and much more. By providing a comprehensive data source for incident investigations, Tetragon empowers security teams to better understand and respond to security threats.
Preventive Security Measures
After achieving visibility into potential security threats, Tetragon offers enforcement policies that allow users to establish preventive security measures within their Azure environment. This helps to protect cloud-native applications and infrastructure from vulnerabilities and attacks.
Isovalent Enterprise for Cilium is a powerful networking and security solution for Kubernetes environments that goes beyond the capabilities of the open-source Cilium project. With Isovalent Enterprise for Cilium, you can benefit from:
Isovalent Cilium Enterprise provides advanced network policy capabilities, including DNS-aware policy, L7 policy, and deny policy, enabling fine-grained control over network traffic for micro-segmentation and improved security.
Built to scale, Isovalent Cilium Enterprise provides a powerful connectivity layer with built-in security functionality for Kubernetes that allows you to isolate and secure traffic between applications and other cloud-native infrastructure.
Achieve deep visibility into network traffic with detailed flow logs and packet captures for real-time monitoring and troubleshooting.
Protect against sophisticated threats with robust and scalable security features like micro-segmentation, encryption, and authentication.
Advanced use cases that enterprises may look at when using this solution:
Azure CNI powered by Cilium provides application-aware networking that enables microservices architectures to be easily deployed and managed in a secure and scalable way.
Enterprises that have large-scale Kubernetes deployments with hundreds or thousands of nodes can benefit from the high-performance networking and observability features provided by Azure CNI powered by Cilium.
Azure CNI powered by Cilium provides advanced network policy enforcement, making it easier for enterprises to comply with regulatory requirements such as HIPAA and GDPR.
Azure CNI powered by Cilium provides advanced network security at the kernel level, making it an ideal solution for enterprises that require a cloud-native security approach.
Isovalent Enterprise for Cilium supports multi-cluster environments, allowing enterprises to easily connect and secure Kubernetes workloads across multiple AKS clusters. This solution also supports hybrid-cloud environments, where Kubernetes workloads are deployed across both on-premises and cloud infrastructure.
We needed a very quick networking solution that would form the backbone of our entire multi-cloud architecture. We choose Cilium as it supports Network Policies at Layer 3/4/7, Cloud agnostic & easy deploy everywhere.
eBPF-based enforcement, visibility & forensics
eBPF-based networking & load-balancing
eBPF-based network & application visibility
See Isovalent Enterprise for Cilium in action
Request a demoJoin an “ask me anything” session with Thomas Graf, creator of Cilium, co-founder of Isovalent
Add to calendarLearn about Isovalent Enterprise for Cilium with our interactive labs
Start hands-on labSoftware for providing, securing and observing network connectivity
Revolutionary technology with origins in the Linux kernel
We look forward to engaging with you around all things Cilium and eBPF
Get in touch