Modal Title
Cloud Native Ecosystem / Kubernetes / Networking / Open Source / Security

Midokura, PLUMGrid Advance Software-Defined Networking with New Releases

Sep 7th, 2016 9:10am by
Featued image for: Midokura, PLUMGrid Advance Software-Defined Networking with New Releases

Midokura and PLUMGrid have each updated their software-defined networking (SDN) portfolios. While Midokura announced the latest release of Midokura Enterprise MidoNet (MEM) that brings support for Kubernetes, PLUMGrid announced a new solution, CloudSecure that offers a package for securing cloud-based workflows.

What’s CloudSecure?

“Data centers are increasingly built on ephemeral infrastructure that only lasts for hours or days, instead of months or years,” said Larry Lang, CEO, PLUMgrid. “CloudSecure provides significant protection for increasingly ephemeral; multi-directional traffic flows in container and OpenStack Clouds. Combining it with CloudApex’s simplified visualizations that make it easy to monitor and diagnose breaches, enabling our customers to benefit from the agility and flexibility of these technologies without having to struggle to secure the network infrastructure.”

PLUMGrid stressed that the need for segmentation, multi-tenancy, security, and analytics has become crucial to ensure environments are constantly protected and compliant.

CloudSecure addresses these concerns by enabling customers to microsegment workloads, isolate tenant traffic to contain attacks, protect applications, deploy virtual tap at scale without hardware devices, and monitor virtual networks to minimize the attack surface for software-defined data centers running private, public, or hybrid clouds, explained Wendy Cartee, vice president of product management and marketing at PLUMgrid in an interview.

CloudSecure is built on top of micro-segmentation, security policies, and security service insertion, and introduces policy-based virtual tap, CloudApex security view, and ecosystem partners.

Powered by IO Visor

CloudSecure is powered by IO Visor, a Linux Foundation open source project that virtualizes in-kernel IO with enhanced Linux Socket Filtering, called BPF (Berkeley Packet Filtering).  IO Visor runs on every compute node.

As a result, “within each virtual domain, security software and appliances such as firewalls can be inserted on-demand which enables our customers to upgrade or add new security at any time, said Cartee.

Some of the main features of CloudSecure that make it easier to monitor virtual network security include:

  • CloudApex Security View: Visualizes security flows, and behaviors in an easy to view chord graph to diagnose security breaches.
  • Micro-segmentation: Creates zero-trust domains by isolating tenant traffic and enforcing security policies for containers and virtual machines. In the event of a breach, each segmented domain contains attacks to minimize the spread of malware.
  • Security Policies: Provides in-depth security definitions and group-based policies that can be enforced per tenant, virtual machine, or container.
  • Policy-based Virtual Tap: Deploys virtual tap points with policies to select traffic to be mirrored for monitoring, troubleshooting, and remediation.
  • Security Service Insertion: Enables any third party security software to be added to PLUMgrid’s virtual network to introduce or update latest security quickly.
  • Encryption: Supports encryption between segmented virtual domains to ensure privacy and protection of data

Being a software-based solution, the policy-based virtual tap allows customers to monitor traffic per virtual machine or container and select the type of flows they want to monitor, for example, HTTP traffic vs. database traffic.


In addition to that, PLUMGrid is also introducing CloudApex Security View to monitor security groups and partnering with companies such as Rackspace, Intel Security, Fortinet, and Check Point.

CloudSecure works with OpenStack and containers, and partner products such as Intel Security Controller, Fortinet Fortigate firewall appliance and Check Point security software.

“Security is an increasing use case for overlay SDNs, said Cartee. “For customers who are deploying containers or OpenStack clouds, CloudSecure enables network agility with security.”

Midokura Enterprise MidoNet

Midokura has updated Midokura Enterprise MidoNet (MEM), a scalable network virtualization solution designed for Infrastructure as a Service (IaaS) clouds.

The new release provides the network virtualization overlay solution for connectivity between multi-site OpenStack clouds and delivers an SDN interface to container orchestration engines, including Kubernetes and Docker‘s built-in orchestration capabilities.

“Enterprise organizations across the globe continue to adopt Midokura’s network virtualization solution to make cloud adoption easier and to retain a tight grip over their networks and applications,” said Pino deCandia, Midokura chief technology officer. “Our latest iteration of MEM technology is designed to address real market needs, including the ability to connect multiple OpenStack clouds and support the containers movement.”

The new version includes multi-cloud connectivity with router peering which enables direct connectivity between multiple sites.

A new feature in the MidoNet Manager allows real-time visualization of the fabric topology in relation to the logical switches and routers, the connectivity scheme about the virtual and physical switch ports in the underlay. As a result, customers get the ability to pinpoint networking problems and failure

MEM already supports Docker and with the 5.2 release, they are adding support for Kubernetes. The initial release includes these features: public services consumption, communication between pods (on different servers), deployment on CoreOS, namespaces support and associate neutron security group with a pod.

Midokura also made MEM more memory efficient. “We changed the flow state from protobuf to another protocol called Simple Binary Encoding (SBE),” deCandia explained in an interview. “This is primarily used in low latency financial applications. Although the protobufs did not add much on the sending side, using protobuf generate about 250 kilobits/per flow on the receiving side. Moving to the Simple Binary Encoding protocol, no new memory is allocated per flow. This led to making the MidoNet agent to run 75% more efficiently.”

Going Secure

Midokura has added some new security features in the new release, most notably the multi-cloud connectivity using router peering. “This is more of an operational feature than security per se. The router peering feature of MidoNet provides overlay connectivity between multiple sites with VXLAN tunneling,” said deCandia.

With this release, Midokura is trying to make things easier for customers. “Simplicity and ease of use are designs principles that we try adhere to in designing MidoNet Manager,” said deCandia. “MidoNet Manager provides correlation of the overlay with current and historical events happening in the underlay. Operators can view real-time visualization of the fabric topology in relation to the logical switches and routers, the connectivity scheme about the virtual and physical switch ports in the underlay. This level of insights into the events in the underlay was not possible in previous releases.”

CoreOSDocker and Intel are sponsors of The New Stack.

Feature image via Pexels.

Group Created with Sketch.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.
TNS owner Insight Partners is an investor in: Docker.