Networking and security for both virtualization and Kubernetes workloads.

Everoute provides software-defined network and security capabilities for SmartX HCI. It offers functionalities such as the distributed firewall, load balancer, and container network, and supports both virtualized and containerized apps, forming a unified network and security solution managed with SmartX HCI.

Distributed Firewall
Everoute Distributed Firewall (DFW) is a network security feature provided by the Everoute service on SmartX's native virtualization platform ELF. It implements a micro-segmented network model adhering to the zero trust principle, and extends multiple distributed firewall policies to safeguard individual virtual machines from cybersecurity threats, thus offering a flexible, fine-grained, and robust security solution for a wide range of services.
Why Everoute Distributed Firewall
Implementing Zero-Trust. Security policies are based on whitelist mode and associated with VM labels, ensuring zero-trust security without blind spots.
Simplifying Management. Security policies are business-aware based on VM labels and security groups, simplifying the management of different policies.
Rapid Response to Alerts. Quickly respond to VM security events and avoid spreading security threats with “one-click isolation”.
Whitelist Mode Security Policies
Whitelist-based security policies ensure that east-west access between virtual machines conforms to the “least privilege” principle.
Sticky Policies
Security policies can follow virtual machines as they migrate automatically from host to host, cluster to cluster, without the need to reset them. Security policies are enforced independent of physical host, segment, and IP address of the virtual machine.
VM Labels and Security Groups
Tag virtual machines with “labels” and “security groups” to provide a clear view of security policies. VMs can be dynamically assigned to “security groups” based on label or label combinations, simplifying security policies for non-contiguous IP addresses.
“One-Click Isolation” of Suspected VMs
Isolate suspected and infected VMs with one click, and set dedicated access policies for them in order to process further operations such as shutdown and recovery.
Automated API-Based Security Management
Support API-based automation. The security management center can quickly issue/update security policies.
Use Cases
Load Balancer
Everoute Load Balancer (LB) is a network feature provided by the Everoute service on SmartX's native virtualization platform ELF. Deployed in hyperconverged clusters, it offers load-balancing services for applications on virtual machines, containers, and physical servers.
Why Everoute Load Balancer
Software-defined. Achieves network virtualization purely through software, with no extra need to purchase, deploy, or maintain dedicated hardware devices or adjust physical network configurations.
Simple operations and maintenance. Integrates load balancing functions into the hyperconverged platform, enabling convenient management of both the infrastructure and load balancer on the CloudTower GUI.
High availability & efficiency. Achieves high availability and efficiency through a combination of active-active and active-standby mechanisms, preventing single points of failure and improving service performance quality.
Flexible adaptation. Provides load-balancing services for applications running in different locations and forms.
Rich load balancing algorithms
Provides a variety of load balancing algorithms to cater to the diverse demands of multiple application scenarios, including round-robin, weighted round-robin, least connections, weighted least connections, source IP address hash, and destination IP address hash.
Comprehensive and proactive health check
Periodically performs proactive health checks on the backend servers via TCP, HTTP, UDP, ICMP protocols. Supports configuring multiple health monitors for the same group of backend servers, enabling a thorough and comprehensive health assessment on server pools.
Diverse address translation methods
Offers FullNAT and DNAT for flexible address translation choices. Different virtual services within the same cluster can use different address translation methods.
Application traffic control and concurrent connection management
Allows for setting inbound and outbound traffic limits for virtual services, and regulating the number of concurrent connections between clients and virtual services at a time. This prevents any single virtual service or client from monopolizing excessive resources, ensuring a balanced resource allocation and mitigating the impact of DoS attacks on the system.
Access control via allowlists and blocklists
Manages client IP addresses with allowlists and blocklists to enhance system security and robustness, safeguarding service resources from malicious requests and potential disruptions.
Application scenarios
Everoute load balancer can accommodate a wide range of protocols based on TCP/UDP, including but not limited to FTP, iSCSI, NFS, MySQL, Oracle Net8, SMB, SMTP, LDAP, Syslog, and more. It is suitable for applications demanding high performance, high concurrency, low latency, and continuous availability with long-lasting connections. Besides, it can be deployed in various environments:
Virtualized environment
In a virtualized environment, Everoute load balancer can support a multitude of application operations on a virtualization platform, and streamline traffic routing via flexible associations with different virtual networks.