To celebrate the start of VMWorld, we wanted to talk a little about how customers are running Twistlock across the VMware ecosystem. Because one of our original investors was Dell Technologies Capital, it’s probably not surprising that we’ve worked with a broad set of technologies across the VMware ecosystem from the beginning (fun fact – one of our very first customers is an intelligence agency running Twistlock to protect a Docker environment running entirely on VMware and air gapped from the rest of the world). In this piece, I’ll talk about a few of the most popular ecosystem technologies our customers are currently most interested in.

VMware Kubernetes Engine

VMware Kubernetes Engine launched earlier this year as a fully managed Kubernetes distribution available on AWS and built on a variety of VMware components.

While there are a wide variety of managed Kubernetes offerings available, VMware’s solution is often most interesting to customers with familiarity of existing VMware technologies and management idioms. One of the neat things about VKE is it’s ‘Smart Cluster’ technology, which makes it easy to not just deploy and run clusters, but to deploy and run efficient clusters using optimized instance types, saving money and removing a common management burden. Smart Clusters pair well with our native support for Daemon Set deployments, in which the cluster automatically deploys a Twistlock Defender to each cluster node as it continuously optimizes cluster sizing.

While there are a wide variety of managed Kubernetes offerings available, VMware’s solution is often most interesting to customers with familiarity of existing VMware technologies and management idioms. One of the neat things about VKE is it’s ‘Smart Cluster’ technology, which makes it easy to not just deploy and run clusters, but to deploy and run efficient clusters using optimized instance types, saving money and removing a common management burden. Smart Clusters pair well with our native support for Daemon Set deployments, in which the cluster automatically deploys a Twistlock Defender to each cluster node as it continuously optimizes cluster sizing.

VMware Harbor registry

The Cloud Native Computing Foundation recently added VMware’s Harbor Docker Registry as a sandbox project. Harbor is an extension of the Docker Registry project that adds enhanced capabilities around identity, management, and security.

We have a number of customers using Twistlock’s registry scanning to supplement Harbor’s basic vulnerability management capabilities which are based on the open source Clair project and sourced with a few open source vulnerability data feeds. While Harbor provides a baseline capability, Twistlock goes much further, including >30 upstream providers including not just open source, but also many commercial providers providing specialized coverage for technologies like Node.js, Ruby, Java, and Python, enabling Twistlock to provide much broader coverage and higher fidelity results. Additionally, Twistlock goes beyond just vulnerability scanning and detects >200 compliance and configuration risks, like malware embedded in images or private keys exposed within them.

Pivotal Container Service

While not a direct VMware technology, as close corporate cousins in the Dell Technologies family, we see many customers using Pivotal Container Services (PKS) with a VMware stack. Because PKS is built on standard Kubernetes, Twistlock already “just works” with it.

Even though PKS is pretty new, we’ve supported it from the start and there’s no beta program or waiting list to use Twistlock with PKS – just create a Daemon Set through our existing UI and immediately have Twistlock Defenders running across your PKS cluster. This includes full support across the Twistlock platform – from our Cloud Native Network Firewall to vulnerability management to smart runtime defense – Twistlock protects PKS across all the clouds you may run it across and provides integrated protection throughout the lifecycle of the apps you run on it from the CI process to whatever registry you choose to production.

Good Ole vSphere

With new managed Kubernetes distributions and services seemingly launching all the time, it can be easy to forget that at the end of the day they still need to run on some kind of compute nodes. In a great many enterprises, that compute is still provided by vSphere and I’m often impressed at the degree of sophistication that we see customers build on top of the vSphere platform.

While the major public cloud providers provide comprehensive capabilities and strong security for nearly any use case, they’re not necessarily the best solution for every individual use case. We’ve especially seen customers in health care, financial services, and government embrace an intentionally permanently hybrid architecture. In nearly all of those cases, the layer just above “hardware” in the architecture diagrams is provided by VMware. There’s not really a specific product integration scenario here but whatever you’re doing with cloud native on vSphere – from commercial options like Red Hat OpenShift and Docker Enterprise to a fully open source stack, we probably already have customers protecting it with Twistlock.

If you have a cloud native stack built around the VMware ecosystem, we’d be happy to talk with you about how we’ve helped protect other customers like you!

← Back to All Posts Next Post →