Everoute : Networking and security for both virtualization and Kubernetes workloads

Networking and security for both virtualization and Kubernetes workloads.

Everoute provides software-defined network and security capabilities for SmartX HCI. It offers functionalities such as the distributed firewall, load balancer, and container network, and supports both virtualized and containerized apps, forming a unified network and security solution managed with SmartX HCI.

Download Whitepaper Check Specs

Distributed Firewall

Everoute Distributed Firewall (DFW) is a network security feature provided by the Everoute service on SmartX's native virtualization platform ELF. It implements a micro-segmented network model adhering to the zero trust principle, and extends multiple distributed firewall policies to safeguard individual virtual machines from cybersecurity threats, thus offering a flexible, fine-grained, and robust security solution for a wide range of services.

Why Everoute Distributed Firewall

Implementing Zero-Trust. Security policies are based on whitelist mode and associated with VM labels, ensuring zero-trust security without blind spots.

Simplifying Management. Security policies are business-aware based on VM labels and security groups, simplifying the management of different policies.

Rapid Response to Alerts. Quickly respond to VM security events and avoid spreading security threats with “one-click isolation”.

Features

Whitelist Mode Security Policies

Whitelist-based security policies ensure that east-west access between virtual machines conforms to the “least privilege” principle.

Sticky Policies

Security policies can follow virtual machines as they migrate automatically from host to host, cluster to cluster, without the need to reset them. Security policies are enforced independent of physical host, segment, and IP address of the virtual machine.

VM Labels and Security Groups

Tag virtual machines with “labels” and “security groups” to provide a clear view of security policies. VMs can be dynamically assigned to “security groups” based on label or label combinations, simplifying security policies for non-contiguous IP addresses.

“One-Click Isolation” of Suspected VMs

Isolate suspected and infected VMs with one click, and set dedicated access policies for them in order to process further operations such as shutdown and recovery.

Automated API-Based Security Management

Support API-based automation. The security management center can quickly issue/update security policies.

Use Cases

Load Balancer

Everoute Load Balancer (LB) is a network feature provided by the Everoute service on SmartX's native virtualization platform ELF. Deployed in hyperconverged clusters, it offers load-balancing services for applications on virtual machines, containers, and physical servers.

Why Everoute Load Balancer

Software-defined. Achieves network virtualization purely through software, with no extra need to purchase, deploy, or maintain dedicated hardware devices or adjust physical network configurations.

Simple operations and maintenance. Integrates load balancing functions into the hyperconverged platform, enabling convenient management of both the infrastructure and load balancer on the CloudTower GUI.

High availability & efficiency. Achieves high availability and efficiency through a combination of active-active and active-standby mechanisms, preventing single points of failure and improving service performance quality.

Flexible adaptation. Provides load-balancing services for applications running in different locations and forms.

Features

Rich load balancing algorithms

Provides a variety of load balancing algorithms to cater to the diverse demands of multiple application scenarios, including round-robin, weighted round-robin, least connections, weighted least connections, source IP address hash, and destination IP address hash.

Comprehensive and proactive health check

Periodically performs proactive health checks on the backend servers via TCP, HTTP, UDP, ICMP protocols. Supports configuring multiple health monitors for the same group of backend servers, enabling a thorough and comprehensive health assessment on server pools.

Diverse address translation methods

Offers FullNAT and DNAT for flexible address translation choices. Different virtual services within the same cluster can use different address translation methods.

Application traffic control and concurrent connection management

Allows for setting inbound and outbound traffic limits for virtual services, and regulating the number of concurrent connections between clients and virtual services at a time. This prevents any single virtual service or client from monopolizing excessive resources, ensuring a balanced resource allocation and mitigating the impact of DoS attacks on the system.

Access control via allowlists and blocklists

Manages client IP addresses with allowlists and blocklists to enhance system security and robustness, safeguarding service resources from malicious requests and potential disruptions.

Application scenarios

Everoute load balancer can accommodate a wide range of protocols based on TCP/UDP, including but not limited to FTP, iSCSI, NFS, MySQL, Oracle Net8, SMB, SMTP, LDAP, Syslog, and more. It is suitable for applications demanding high performance, high concurrency, low latency, and continuous availability with long-lasting connections. Besides, it can be deployed in various environments:

Virtualized environment

In a virtualized environment, Everoute load balancer can support a multitude of application operations on a virtualization platform, and streamline traffic routing via flexible associations with different virtual networks.

Resources