SUSE Bolsters Security, Advanced Networking in SUSE CaaS Platform 4

SUSE's Cloud Application Platform is also updated with a variety of user interface enhancements.

Todd R. Weiss

September 11, 2019

5 Min Read
Containers as a service, CaaS

SUSE has revamped its SUSE CaaS Platform with a wide range of updates, including advanced networking for Kubernetes that will make it easier to configure networking with the platform, and has also bolstered its SUSE Cloud Application Platform with refinements such as improved user interface features.

The biggest improvement to SUSE Container as a Service (CaaS) Platform 4, which is built for application developers, DevOps teams and Kubernetes container platform operators, is the new advanced networking for Kubernetes which is being brought in via the Cilium open source project, according to SUSE. Cilium works to transparently secure network connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes. Cilium uses a new Linux kernel technology called BPF, which enables the dynamic insertion of powerful security visibility and control logic within Linux itself. Using BPF, which runs inside the Linux kernel, means that Cilium security policies can be applied and updated without any changes to the application code or container configuration.

The use of Cilium with SUSE CaaS Platform 4 enables Kubernetes users to strengthen application security at scale with high-performance packet filtering and network communication security policies that are easier to implement and control. Also new are integrated application discovery and deployment capabilities that allow users to quickly and easily deploy applications and services that have been published as Helm charts, which includes many popular open source DevOps tools and ISV products and internally developed applications and services.


SUSE’s Jennifer Kotzen

Jennifer Kotzen, SUSE’s senior product marketing manager, told Channel Futures that CaaS 4’s improved network security features will be helpful for channel partners and their customers running the SUSE cloud platform.

“The new enhancements will make the product more attractive to channel partners,” she said, including the use of Cilium as the default networking technology that provides improved security and improved installation and configuration. “The Kubernetes community at large is asking for advances in network security.”

Also new for CaaS 4 are the inclusion of simpler, non-disruptive updates, which will make it easier for reseller partners to do updates and easier for customers to absorb them and stay up to date, said Kotzen.

Another key improvement is that CaaS 4 has been enhanced to require a minimum of three nodes for a non-production cluster, which is down from the four nodes that were required previously, giving them a smaller and more affordable footprint.

“That’s a 25% reduction and that’s pretty significant where resources are scarce,” she said.

SUSE Cloud Application Platform 1.5

SUSE Cloud Application Platform 1.5, which runs on top of Kubernetes to help businesses reach their cloud native application delivery goals, gets new user interface enhancements to reduce its management complexity and to increase IT efficiency with a simpler and more predictable installation experience on hosted Kubernetes services.

The improved installation procedures will be are available first as a tech preview, with full inclusion to follow later. The revised features will enable users to browse any Helm chart repository including embedded documentation, set required deployment…

…values directly in the user interface and deploy applications to Kubernetes with a single click.

Helm, a container packaging tool, allows developers to take an application or a service and provide it as a Helm chart, which makes it easier to install and guides the installation, said Kotzen.

“When you execute that chart, it automates and installs the container or containers or service,” she said. “For our customers, increasingly people want to build applications and leverage as many third-party things as they can. They don’t want to have to write or rewrite that code. Now they can browse the Helm repositories and install with a click and re-use them.”

Developers were asking for this capability, said Kotzen. “This is a very popular idea today to be able to do this.”

Also available will be simplified application autoscaling and quota management directly from the Stratos UI, according to SUSE. Developers and administrators will be able to verify and adjust autoscaling parameters to ensure consistent application availability, while platform operators and end users will be able to monitor and allocate resource usage more effectively in the UI.

In addition, SUSE Cloud Application Platform can now be deployed to SUSE CaaS Platform, Amazon EKS, Microsoft AKS and Google GKE via Terraform scripts for a simple, predictable and repeatable experience.

SUSE CaaS Platform 4 and SUSE Cloud Application Platform 1.5, which can run together, will be available by mid-October.


IDC’s Al Gillen

Al Gillen, an analyst with IDC, said that SUSE’s CaaS 4 platform improvements will make it easier for channel partners to get the product into the hands of customers due to its expanded features and easier installation processes.

One of the most important improvements for the channel and for users, he said, is the introduction of Cilium, which brings network filtering to container environments on Linux. “I wouldn’t be surprised to see other distros incorporate Cilium into their portfolios in the future. SUSE has a history of being first onto the market with some of the emerging OSS technologies.”

CaaS 4 is in a very competitive market segment, but SUSE has an advantage in its on-premises starting point, and with the comfort level customers have with a known technology like SUSE Linux Enterprise Server, said Gillen.

About the Author(s)

Todd R. Weiss

Todd R. Weiss is an award-winning technology journalist who covers open source and Linux, cloud service providers, cloud computing, virtualization, containers and microservices, mobile devices, security, enterprise applications, enterprise IT, software development and QA, IoT and more. He has worked previously as a staff writer for Computerworld and, covering a wide variety of IT beats. He spends his spare time working on a book about an unheralded member of the 1957 Milwaukee Braves, watching classic Humphrey Bogart movies and collecting toy taxis from around the world.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like