News

Microsoft Turns to Partners for Azure Kubernetes Service Boost

In a joint statement by Microsoft and Isovalent on Monday, the two companies announced that Microsoft's Azure Kubernetes Service (AKS) will be receiving eBPF capabilities. 

The various eBPF integrations with AKS appear to be mostly at the preview stage right now. However, one of them that has advanced is the option to use Isovalent's Cilium solution, which enables "eBPF-powered networking, observability and security."

Cilium will be coming to AKS via native integration with the Azure Container Networking Interface (CNI), Microsoft's announcement indicated. The Cilium addition is expected to reach the preview stage "early next year," per that announcement.

Additionally, the Isovalent Cilium Enterprise product will get offered at some point as a Kubernetes container app, available from the Azure Container Marketplace, Microsoft noted.

The Cilium and Azure IP Address Management (IPAM) integration opens up performance, troubleshooting and scalability benefits for AKS users, Isovalent contended:

Users of AKS will benefit from all advanced Cilium features including a high-performance eBPF datapath, a scalable network policy and Kubernetes services implementation, and rich observability & troubleshooting capabilities.

Microsoft, for its part, indicated the Cilium support would provide "the most performant and best-in-class container networking platform for our AKS customers," without needing to add custom configurations.

Under the partnership arrangement, Microsoft will offer "first-line support" for AKS, in consultation with Isovalent. The two companies also will collaborate on "joint testing, compatibility, and versioning checks."

Other Collaborative Efforts
There are other collaborative efforts between Microsoft and Isovalent. For instance, there's a Cilium Enterprise integration with Microsoft Sentinel, which is Microsoft's security information and event management platform.

Here's how Isovalent described it:

By integrating [Cilium] with Microsoft Sentinel, security teams gain extensive visibility into AKS clusters including rich connectivity data, TLS visibility, network security violations, encryption status, and compliance monitoring events.

Also getting integrated with Microsoft Sentinel is Isovalent's Tetragon, which offers security and runtime oversights via eBPF.

Isovalent's Hubble, used for observability and viewing data for troubleshooting purposes, is getting integrated with Azure services, as well as with the Azure Monitor portal. Hubble works with the Azure Identity service, and supports role-based access security controls based on Azure user roles.

A lot of Azure identity and metadata capabilities are getting supported in Hubble as well, which will help with AKS tracing.

"The Azure integration of Hubble will natively understand Azure identity and metadata such as names and labels of nodes, VPCs, network security groups, and so on," Isovalent explained.

What is eBPF?
eBPF is said to be an abbreviation that's no longer defined, according to the eBPF Foundation.

However, eBPF is described by Isovalent as "extended BPF" (with the BPF part remaining undefined). Isovalent described eBPF as having originated from the BSD community. eBPF offers a way to add capabilities to the Linux kernel that aren't in the kernel. Isovalent, which bills itself as having created eBPF, also characterized it as providing a secure "sandbox" for this added operating system functionality.

Isovalent indicated that eBPF can extend the Linux operating system much like the ability to run JavaScript broadened the capabilities of Web browsers.

"Think of eBPF as making the operating system programmable in the same way as JavaScript and other languages have done this to the web browser," Isovalent explained in this 2021 announcement, which described the creation of the eBPF Foundation.

Per that 2021 announcement, Google has already brought eBPF to its Google Kubernetes Engine-based managed services. So, Microsoft is now just starting to join in such an effort with its AKS integration.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.