Contrail Enterprise Multicloud for IBM Cloud Private and Kubernetes services
Automates the transformation of multiple independent clouds into a securely managed multicloud, providing full control of and visibility into all services.
Contrail provides the ability to introduce varying degrees of network isolation (normally absent in vanilla Kubernetes clusters). The virtual network-based isolation could be per-namespace or even granular allowing specific pods to be launched in specific virtual networks. Additionally, there is the option to advertise overlapping/customer unique IPs within the isolated namespaces
Contrail provides the Kubernetes "Service" by implementing fully distributed native L4 load balancing. It also supports the unique feature for L4 loadbalancer objects to advertise connectivity to external gateways. This allows arbitrary TCP/UDP service ports to be exposed from the cluster (as opposed to running only HTTP based services)
Contrail components are highly available and offer active/active redundancy. High availability is extended to workloads in the data center, leveraging active/active server multihoming
An industry-first to support Kubernetes pods with multiple interfaces. This enables network functions (such as firewalls) to be run as Kubernetes pods. Contrail further supports the ability to specify policy based service chaining to direct selected traffic between Kubernetes pods/services via specific network functions. As an example use-case, this allows the implementation of API policy enforcement between microservices
Contrail implements Kubernetes' Network Policy using Contrail's tag-based security. Contrail also provides integrated analytics that helps visualize application-centric flows and the security posture in a Kubernetes environment. Further, Contrail is able to generate recommended policies based on observation of flows of traffic
Contrail Enterprise Multicloud uses open, standard, and mature protocols and data models. Device operations are based on Ansible playbooks that users can clone or customize, as needed. Users do not need to wait for release upgrades to benefit from customization; the ability to assign roles to devices and network functions makes Contrail a perfect fit for any deployment scenario or architecture
