News

Microsoft Turns to Partners for Azure Kubernetes Service Boost

In a joint statement by Microsoft and Isovalent on Monday, the two companies announced that Microsoft's Azure Kubernetes Service (AKS) will be receiving eBPF capabilities. 

The various eBPF integrations with AKS appear to be mostly at the preview stage right now. However, one of them that has advanced is the option to use Isovalent's Cilium solution, which enables "eBPF-powered networking, observability and security."

Cilium will be coming to AKS via native integration with the Azure Container Networking Interface (CNI), Microsoft's announcement indicated. The Cilium addition is expected to reach the preview stage "early next year," per that announcement.

Additionally, the Isovalent Cilium Enterprise product will get offered at some point as a Kubernetes container app, available from the Azure Container Marketplace, Microsoft noted.

The Cilium and Azure IP Address Management (IPAM) integration opens up performance, troubleshooting and scalability benefits for AKS users, Isovalent contended:

Users of AKS will benefit from all advanced Cilium features including a high-performance eBPF datapath, a scalable network policy and Kubernetes services implementation, and rich observability & troubleshooting capabilities.

Microsoft, for its part, indicated the Cilium support would provide "the most performant and best-in-class container networking platform for our AKS customers," without needing to add custom configurations.

Under the partnership arrangement, Microsoft will offer "first-line support" for AKS, in consultation with Isovalent. The two companies also will collaborate on "joint testing, compatibility, and versioning checks."

Other Collaborative Efforts
There are other collaborative efforts between Microsoft and Isovalent. For instance, there's a Cilium Enterprise integration with Microsoft Sentinel, which is Microsoft's security information and event management platform.

Here's how Isovalent described it:

By integrating [Cilium] with Microsoft Sentinel, security teams gain extensive visibility into AKS clusters including rich connectivity data, TLS visibility, network security violations, encryption status, and compliance monitoring events.

Also getting integrated with Microsoft Sentinel is Isovalent's Tetragon, which offers security and runtime oversights via eBPF.

Isovalent's Hubble, used for observability and viewing data for troubleshooting purposes, is getting integrated with Azure services, as well as with the Azure Monitor portal. Hubble works with the Azure Identity service, and supports role-based access security controls based on Azure user roles.

A lot of Azure identity and metadata capabilities are getting supported in Hubble as well, which will help with AKS tracing.

"The Azure integration of Hubble will natively understand Azure identity and metadata such as names and labels of nodes, VPCs, network security groups, and so on," Isovalent explained.

What is eBPF?
eBPF is said to be an abbreviation that's no longer defined, according to the eBPF Foundation.

However, eBPF is described by Isovalent as "extended BPF" (with the BPF part remaining undefined). Isovalent described eBPF as having originated from the BSD community. eBPF offers a way to add capabilities to the Linux kernel that aren't in the kernel. Isovalent, which bills itself as having created eBPF, also characterized it as providing a secure "sandbox" for this added operating system functionality.

Isovalent indicated that eBPF can extend the Linux operating system much like the ability to run JavaScript broadened the capabilities of Web browsers.

"Think of eBPF as making the operating system programmable in the same way as JavaScript and other languages have done this to the web browser," Isovalent explained in this 2021 announcement, which described the creation of the eBPF Foundation.

Per that 2021 announcement, Google has already brought eBPF to its Google Kubernetes Engine-based managed services. So, Microsoft is now just starting to join in such an effort with its AKS integration.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • IBM Giving Orgs a Governance Lifeline in Agentic AI Era

    Nearly overnight, organizations are facing brand-new challenges caused by self-directed AI systems (a.k.a. agentic AI). Big Blue is extending them some help.

  • Microsoft Launches Integrated E-mail Security Ecosystem for Defender for Office 365

    Microsoft is expanding its e-mail security capabilities with the launch of a new Integrated Cloud Email Security (ICES) ecosystem for Microsoft Defender for Office 365.

  • Microsoft Joins Workday's AI Agent Partner Network

    Microsoft has become a key partner in Workday's newly launched AI Agent Partner Network, aligning with other industry leaders to integrate AI agents into enterprise workforce systems.

  • LinkedIn CEO Ryan Roslansky To Lead Microsoft's Productivity Initiatives

    In a strategic leadership realignment, Microsoft has appointed LinkedIn CEO Ryan Roslansky to oversee its consumer and small business productivity software division, encompassing Microsoft 365, Teams and AI-driven tools like Copilot.