Everoute : Networking and security for both virtualization and Kubernetes workloads

Networking and security for both virtualization and Kubernetes workloads.

Everoute provides software-defined network and security capabilities. It offers functionalities such as the distributed firewall, network load balancer, virtual private cloud (VPC) networking, and container network, and supports both virtualized and containerized apps, forming a unified network and security solution.

Check Specs

Distributed Firewall

Everoute Distributed Firewall (DFW) is a network security feature provided by the Everoute service on SmartX's native virtualization platform ELF. It implements a micro-segmented network model adhering to the zero trust principle, and extends multiple distributed firewall policies to safeguard individual virtual machines from cybersecurity threats, thus offering a flexible, fine-grained, and robust security solution for a wide range of services.

Why Everoute Distributed Firewall

Implementing Zero-Trust. Security policies are based on allowlist mode and associated with VM labels, ensuring zero-trust security without blind spots.

Simplifying Management. Security policies are business-aware based on VM labels and security groups, simplifying the management of different policies.

Rapid Response to Alerts. Quickly respond to VM security events and avoid spreading security threats with “one-click isolation”.

Features

Allowlist Mode Security Policies

Allowlist-based security policies ensure that east-west access between virtual machines conforms to the “least privilege” principle.

Sticky Policies

Security policies can follow virtual machines as they migrate automatically from host to host, cluster to cluster, without the need to reset them. Security policies are enforced independent of physical host, segment, and IP address of the virtual machine.

VM Labels and Security Groups

Tag virtual machines with “labels” and “security groups” to provide a clear view of security policies. VMs can be dynamically assigned to “security groups” based on label or label combinations, simplifying security policies for non-contiguous IP addresses.

“One-Click Isolation” of Suspected VMs

Isolate suspected and infected VMs with one click, and set dedicated access policies for them in order to process further operations such as shutdown and recovery.

Automated API-Based Security Management

Support API-based automation. The security management center can quickly issue/update security policies.

Use Cases

Load Balancer

Everoute Load Balancer (LB) is a network feature provided by the Everoute service on SmartX's native virtualization platform ELF. Deployed in hyperconverged clusters, it offers load-balancing services for applications on virtual machines, containers, and physical servers.

Why Everoute Load Balancer

Software-defined. Achieves network virtualization purely through software, with no extra need to purchase, deploy, or maintain dedicated hardware devices or adjust physical network configurations.

Simple operations and maintenance. Integrates load balancing functions into the hyperconverged platform, enabling convenient management of both the infrastructure and load balancer on the CloudTower GUI.

High availability & efficiency. Achieves high availability and efficiency through a combination of active-active and active-standby mechanisms, preventing single points of failure and improving service performance quality.

Flexible adaptation. Provides load-balancing services for applications running in different locations and forms.

Features

Rich load balancing algorithms

Provides a variety of load balancing algorithms to cater to the diverse demands of multiple application scenarios, including round-robin, weighted round-robin, least connections, weighted least connections, source IP address hash, and destination IP address hash.

Comprehensive and proactive health check

Periodically performs proactive health checks on the backend servers via TCP, HTTP, UDP, ICMP protocols. Supports configuring multiple health monitors for the same group of backend servers, enabling a thorough and comprehensive health assessment on server pools.

Diverse address translation methods

Offers FullNAT and DNAT for flexible address translation choices. Different virtual services within the same cluster can use different address translation methods.

Application traffic control and concurrent connection management

Allows for setting inbound and outbound traffic limits for virtual services, and regulating the number of concurrent connections between clients and virtual services at a time. This prevents any single virtual service or client from monopolizing excessive resources, ensuring a balanced resource allocation and mitigating the impact of DoS attacks on the system.

Access control via allowlists and blocklists

Manages client IP addresses with allowlists and blocklists to enhance system security and robustness, safeguarding service resources from malicious requests and potential disruptions.

Application scenarios

Everoute load balancer can accommodate a wide range of protocols based on TCP/UDP, including but not limited to FTP, iSCSI, NFS, MySQL, Oracle Net8, SMB, SMTP, LDAP, Syslog, and more. It is suitable for applications demanding high performance, high concurrency, low latency, and continuous availability with long-lasting connections. Besides, it can be deployed in various environments:

Virtualized environment

In a virtualized environment, Everoute load balancer can support a multitude of application operations on a virtualization platform, and streamline traffic routing via flexible associations with different virtual networks.

VPC Networking

Everoute VPC networking is our virtualized network product that provides secure and isolated network space for virtual machines in SmartX enterprise cloud environments. It enables secure interconnections inside and outside the virtual network through virtualized network functions (VNFs), allowing you to quickly and flexibly deploy unified enterprise cloud networks across multiple data centers.

Why Everoute VPC Networking

Broad compatibility. Implement virtualized networks on a wide range of standard servers and network hardware. Different clusters can use different CPU architectures.

Fast network readiness. Rapidly create diverse virtualized network topologies and network services to accelerate network readiness and meet application agility requirements.

Cross-site high availability. Cloud servers can be replicated and migrated to other data centers or sites to achieve lower RTO in disaster recovery scenarios.

Unified management. Manage, configure, monitor, and maintain cloud servers and networks on a user-friendly graphical interface to improve management efficiency.

Features

Customized Logically Isolated Space

Enables customizing logically isolated VPCs, allowing you to create dedicated VPC resources, manage subnets, allocate IP addresses, and autonomously control network traffic with gateway services and security services.

Rich Gateway Services

Supports configuring floating IP gateways, NAT gateways, Layer 3 routing gateways, Layer 2 bridging gateways, etc., enabling flexible interconnection between virtual machines and external networks to meet the requirements of different applications.

Well-Defined Traffic Planning

Supports configuring routing tables and routing rules for VPC subnets to route traffic heading for destination addresses to specified next-hop gateway services, allowing you to manage VPC traffic models with convenience and ease.

Reliable Network Security Protection

Supports setting distributed firewalls for VPCs, which offers service-aware security policies based on security groups, allowlisting mechanisms that secure east-west traffic between virtual machines, and one-click quarantine of infected VMs.

Open Cloud Network Collaboration Mode

Seamlessly connects with various cloud platforms through open APIs, providing enterprises with automated and flexible network configuration options to better support agile cloud applications.

Use Cases

Application Security Guarantee
Application-Oriented Cloud Network
High Availability

Application Security Guarantee

Safeguards the smooth application access process, and achieves network isolation among different applications or tenants in a cloud or virtualized environment. Reduces the potential security threats and the risk of data leakage while ensuring flexibility, agility, high efficiency, and low total cost.

Resources