Avatar

We are introducing new additions to the open source projects led by the Cisco Engineering team that are contributing more security features and functionality for Kubernetes and cloud native environments.

From April 18-21, 2023, the Cisco Emerging Technologies and Incubation team (ET&I) will be joining thousands of cloud native enthusiasts at this year’s KubeCon+ CloudNativeCon in Amsterdam, The Netherlands. KubeCon + CloudNativeCon is a fantastic opportunity to highlight the advancements made in the open source projects and ET&I products that continue to improve security tools, risk inventory in the application stack, and application modernization to expand the boundaries of cloud native environments.

Let’s dive in to what’s new:

Address vulnerabilities in cloud native environments with VMClarity 

VMClarityDid you know that virtual machines (VMs) are the number one most-used service on public clouds and the predominant method for hosting containers? The resulting attack paths can be more elaborate than Amsterdam’s canal system. We saw a need to provide protection for VMs against security threats such as leaked secrets, malware, and rootkit as well as system misconfigurations and vulnerability scanning, as they are still very much part of how businesses run in the cloud.

That’s why we developed VMClarity, a part of the OpenClarity suite of projects—to address the vulnerabilities of using virtual machines in cloud native environments.

VMClarity provides agentless detection and management of Software Bill of Materials (SBOMs); and because it is agentless, cloud native security and observability on VMs are enhanced without writing or modifying any code. This new open source project is available on GitHub.

Easily extend service mesh capabilities with Nasp

NASPNasp is a new project created to provide service mesh-type capabilities to non-cloud endpoints and smaller cloud environments. This lightweight, library-based open source service mesh extender can bring applications running on edge devices, legacy VMs, and mobile clients into the Kubernetes service mesh. Applications using Nasp are handled as standard service mesh workloads without the need for dedicated proxies. Download the project to learn more.

Run real-time media applications with Media Streaming Mesh

MSMWe are also introducing Media Streaming Mesh (MSM), an open source project that runs real-time media applications in cloud native Kubernetes environments more efficiently.

As Kubernetes is designed for running web applications (which are by default non real-time), media applications are run in real-time for activities such as live media contribution and distribution, analytics of live media for real-time machine learning analysis or facial recognition, and live feed viewing, to name a few.

Media Streaming Mesh enables media streaming applications to be run in cloud native and Kubernetes environments without the workarounds. Like a service mesh, MSM offloads the media streaming from the application using the Kubernetes environment effectively and as it was designed. Media Streaming Mesh will be available in a GitHub repository in the upcoming months.

Continued commitment to innovation through open source

Cloud Native computing foundationWe are committed to continuing our open source contributions to strengthen cloud native application security and modernizing applications in the cloud native area. We’re proud to say that through our Open Source Program Office, engineering and community teams, we contribute to numerous CNCF projects, SIGs, and committees. Add in the contributions we’ve made in established open source projects that are part of organizations such as The Linux Foundation and the Cloud Native Computing Foundation, and we’re happy to say we’re just getting started. Join us on this journey!

How Can You Get Involved?

 



Authors

Vijoy Pandey

Senior Vice President

Outshift by Cisco