Say you want to link all your Kubernetes clusters together. And, when I say all your Kubernetes clusters, I mean all of them. The ones in your office, the ones at your data center and even those scattered across multiple cloud providers. You could do that with virtual private networks, but that's not easy. Now Red Hat, with its newly released Red Hat Service Interconnect (RHSI), has simplified the connectivity piece while maintaining security across multiple platforms.
As Red Hat CTO Chris Wright explained at Red Hat Summit last week, Service Interconnect makes it so that developers can build distributed applications while adhering to an organization's specific security and compliance controls from the earliest stages in the software development lifecycle. This effectively makes applications – both traditional and Kubernetes-based programs – location-less no matter where they exist, be it in the public cloud, private cloud, data center or out at the edge. Service Interconnect breaks down the silos between critical applications and their services and dependencies.
Skupper for supper
RHSI is based on the Skupper open-source project. Behind the silly name is a Layer 7 network application layer. This supports communications for end-user processes and applications. It does this by transparently supporting HTTP 1.1 and 2, Google Remote Procedure Call (gRPC) and Transmission Control Protocol (TCP).
To secure connections, Skupper communicates across clusters without exposing service ports on the internet and locking down inter-cluster communication with mutual application of the Transport Layer Security (TLS) protocol. It also does this without elevated security privileges. You can sum Skupper up as very simple and very secure.
Diving in deeper, you'll find Skupper has two main components: Skupper-router and Skupper-proxy-controller. The router is Apache Qpid. This is an open-source Advanced Message Queuing Protocol (AMQP) router. The proxy controller looks for Skupper network connections and instantiates a service-*-proxy pod for each one. This pod, in turn, creates secure TLS tunnels over the supported network protocols to the AMQP router. Using these, developers can create application-level networks between cloud-native microservices, Kubernetes pods and clusters, and even legacy applications.
Put it all together, and RHSI provides:
● Dynamic routing, which enables connections to move when applications migrate across properties. RSHI also doesn't require extensive network planning nor provisioning of VPNs combined with complex firewall rules.
● Interconnections that are agnostic of the environment. IPv4 and v6 support portability for both applications and their associated networking configuration.
● The command line interface and Kubernetes Operator help developers to configure and manage their interconnections without elevated privileges.
● All interconnections between applications use mutual TLS to help protect an organization's infrastructure and data.
Why it matters
Unlike VPN-based solutions delivering cross-platform connectivity, Red Hat Service Interconnect delivers connectivity at the application level. Red Hat's Mike Ward, RHSI's Principal Product Marketing Manager, claimed this allows "for only a 'pinhole' access to be created between networks rather than having to wholly open networks up to one another for communication."
You could always have done this before, but it required a lot of work and effort from developers, network and security administrators working in concert. Basically, RHSI puts the power in the programmer's hands to create and support what had heretofore been exceedingly complex networks.
Several Red Hat customers, including Australia and New Zealand Banking Group (ANZ Bank), already benefit from RHSI. The bank has used the service to securely connect applications across environments, allowing developer teams to migrate them at their convenience without requiring elevated privileges or relying on network operations. This has resulted in a seamless migration to the latest OpenShift version and an improved developer experience with minimal customer disruption.
Perhaps RHSI's most engaging feature is that it's not tied to Red Hat OpenShift. Of course, you can use it on OpenShift, but it also works with non-Red Hat Kubernetes clusters, virtual machines or bare-metal hosts. This flexibility makes it of special interest to the whopping 75% of organizations IDC predicts will soon seek technology partners that can deliver a uniform application deployment experience across cloud, edge, and dedicated environments and agile, compliant application layer connectivity.
Thanks to this improved interoperability across platforms, David Linthicum, Deloitte Consulting's Chief Cloud Strategy Officer, predicts that RHSI will cut down on multi-cloud application complexity. This will help Red Hat emerge as a primary cloud player.