Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Protecting Applications with L4 and L7 Network Encryption for TLS/mTLS

Protecting Applications with L4 and L7 Network Encryption for TLS/mTLS

API Gateways act as a control point for accessing backend application services by external clients and end users. Depending on the request path and the service the client is connecting to, organizations may want to secure it by encrypting the communications.

Gloo is a next generation API Gateway and Kubernetes Ingress controller that connects, manages and secures the request and response traffic from external users to a broad portfolio of backend applications including; monoliths, microservices and serverless. Built using Envoy as the edge proxy in the gateway, Gloo supports L4 and L7 layer traffic to enable TLS and mTLS encryption for your ingress traffic.

Watch the video https://youtu.be/9LlBvSwiFg8
Tutorials https://github.com/solo-io/gloo-ref-arch/tree/master/webinars/encryption
About Gloo https://solo.io/products/gloo
Questions? https://slack.solo.io

Solo.io

July 30, 2020
Tweet

More Decks by Solo.io

Other Decks in Programming

Transcript

  1. L4/L7 Network Encryption with
    Gloo API Gateway
    July 30, 2020

    View Slide

  2. 2 | Copyright © 2020
    Secure Networks, Safer Applications
    Challenge
    Backend applications are often exposed as APIs accessible by external clients and end users. This
    creates a potential attack vendor reaching inside the firewall.
    Solution
    Encrypt incoming traffic from external clients over TLS/HTTPS and mTLS with specific clients
    through the API / edge gateway.

    View Slide

  3. 3 | Copyright © 2020
    Gloo API Gateway and Ingress Controller
    ENVOY CONFIG
    CONTROL
    PLANE
    DATA
    PLANE
    END USERS
    Service 1 Service 2
    Next Generation API Gateway
    • Built with Envoy Proxy
    • Kubernetes and Consul Native
    • Monolith, Microservices and
    Serverless Functions
    • Lightweight, performant, secure
    Service 3

    View Slide

  4. 4 | Copyright © 2020
    Companies Using Gloo
    Read their stories at www.solo.io/customers

    View Slide

  5. 5 | Copyright © 2020
    TLS and mTLS in Gloo API Gateway
    TLS Termination
    TLS Origination
    TLS Passthrough
    mTLS with Upstream Server
    Already Serving TLS
    mTLS with Service Mesh

    View Slide

  6. 6 | Copyright © 2020
    Scenario: L7 Encryption with TLS and mTLS

    View Slide

  7. 7 | Copyright © 2020
    Scenario: L4 TCP Encryption

    View Slide

  8. 8 | Copyright © 2020
    Gloo Open Source and Enterprise Features

    View Slide

  9. 9 | Copyright © 2020
    LEARN MORE
    solo.io/gloo
    OPEN SOURCE
    gloo.solo.io
    ENTERPRISE TRIAL
    lp.solo.io/lp-request-a-trial-general
    TRY THE DEMOS
    github.com/solo-io
    SOLO COMMUNITY
    slack.solo.io
    Thank You!

    View Slide