Abstract
To provide better services and new future offerings to their customers, an enterprise in the financial services industry in Indonesia has decided to use Kubernetes, an application container technology, to serve their digital services through applications, developed with micro-services architecture concepts. The new services and technology were expected to utilize their existing virtualized resources without introducing any additional hardware. The goal of this study was to provide a secure network infrastructure design for the Kubernetes deployment in their Data Center. Network and security were still viewed as important aspects and focus. This study provided a design with network recommendations from the likes of Cisco and VMware, and Forrester’s Zero Trust model as its security guideline. Each of the recommendations has been evaluated and written through this study. The simulation results showed that the proposed design was able to conform with the enterprise’s requirements and constraints, and successfully applying Zero Trust’s requirement in the container networks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Hightower, K., Burns, B., Beda, J.: Kubernetes: Up and Running: Dive into the Future of Infrastructure. O’Reilly Media Inc., Sebastopol (2017)
Pahl, C.: Containerization and the PaaS cloud. IEEE Cloud Comput. 2(3), 24–31 (2015)
Becker, J.: SANS institute information security reading room trust no one: a gap analysis of moving IP-based network perimeters to a zero trust network architecture (2017)
Kindervag, J.: No more chewy centers: introducing the zero-trust model of information security. Forrester Res. (2010)
Sucasas, V., et al.: A privacy-enhanced OAuth 2.0 based protocol for Smart city mobile applications. Comput. Secur. 74, 258–274 (2018)
IBM Security: IBM X-Force threat intelligence index (2017)
Oppenheimer, P.: Top-Down Network Design, vol. 1, pp. 57069–57870. Cisco Press, ISBN (2011)
draft-ietf-nvo3-geneve-05 - Geneve: generic network virtualization encapsulation (2017)
Gangil, A., et al.: Translating PaaS/CaaS abstractions to logical network topologies. Google Patents (2018)
Premji, A., Lapukhov, P.: Use of BGP for routing in large-scale data centers (2016)
Stuppi, J., Schudel, G., Protecting border gateway protocol for the enterprise—Cisco
Whitman, M.E., Mattord, H.J.: Principles of Information Security. Cengage Learning, Boston (2011)
Engebretson, P.: The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy. Elsevier (2013)
Acknowledgments
We thank Directorate General of Research Strengthening and Development, Indonesian Ministry of Research and Higher Education, for supporting this publication through Overseas Seminar Grant Program.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Surantha, N., Ivan, F. (2020). Secure Kubernetes Networking Design Based on Zero Trust Model: A Case Study of Financial Service Enterprise in Indonesia. In: Barolli, L., Xhafa, F., Hussain, O. (eds) Innovative Mobile and Internet Services in Ubiquitous Computing . IMIS 2019. Advances in Intelligent Systems and Computing, vol 994. Springer, Cham. https://doi.org/10.1007/978-3-030-22263-5_34
Download citation
DOI: https://doi.org/10.1007/978-3-030-22263-5_34
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-22262-8
Online ISBN: 978-3-030-22263-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)