Networking and SecurityNetworking and Security

A Proven and Scalable Foundation for Virtual Machines and Containers

Featuring Container Name Service

Why Triton for Container Networking and Security?

Simplified Network Management

Software defined networking and DNS allows dynamic and easy management of container networks. Each container gets its own unique IP. Fabric networks and VLANs can be controlled programmatically.

Consistent Network Design

Model on-premise network definitions in the cloud, and leverage Triton in your datacenter (or one we manage for you) to support private networks with gateway and multi-layer VLANs.

Proven Container Security

Full isolation per container in a multi-tenant environment. Triton has leveraged Zones, a hardened container runtime environment, to deliver containers securely in a hostile environment for nearly a decade.

What Capabilities Does Triton Networking and Security Provide?

Container Name Service

Automatic, universal DNS for your containers. Triton CNS serves address records (A and AAAA) for containers by instance name & tags, and can be used to support basic load balancing requirements.

VLANs

Multi-layered VLANs. (External, Internal (admin), Underlay-VxLAN, Console - DRAC, iLO, ipmi), Layer 2-3 and Fabric (switch pools) Networking.

Network Modeling

Private network definitions can be modeled in Triton. Map physical NICs by Nic tags, auto assigned IP addresses with reallocation support, leverage Network Pools to group VLANs.

Gateways

Internet gateways on fabric networks enable private networks. Setup per account, traffic generated by one account cannot be seen by another account for system isolation.

SSH & SSL

Default access with SSH keys. Keys managed within Triton are mapped to accounts. SSL encryption for all compute and storage node access, and SSH access to the hypervisor with easy revoke.

Global and Local firewalls

No need to manage firewalls within instances. Global firewalls are configurable by an operator. Policies can be applied to specific or all (tagged) instances.

Role Based Access Control

Granular RBAC defined through policies, groups and roles. Accounts can delegate roles to sub-users. Access policies map to cloud API functions (CAN createmachine, CAN listdatacenters, CAN createfirewallrule, etc.).

Container Security

Triton leverages Zones, a hardened container runtime environment that does not depend upon VM hosts for security. Patented resource protections insulate containers from noisy neighbors and ensure that each container gets its fair share of I/O.