RedHat is acquiring container security company StackRox

RedHat today announced that it’s acquiring container security startup StackRox . The companies did not share the purchase price.

RedHat, which is perhaps best known for its enterprise Linux products has been making the shift to the cloud in recent years. IBM purchased the company in 2018 for a hefty $34 billion and has been leveraging that acquisition as part of a shift to a hybrid cloud strategy under CEO Arvind Krishna.

The acquisition fits nicely with RedHat OpenShift, its container platform, but the company says it will continue to support StackRox usage on other platforms including AWS, Azure and Google Cloud Platform. This approach is consistent with IBM’s strategy of supporting multi-cloud, hybrid environments.

In fact, Red Hat president and CEO Paul Cormier sees the two companies working together well. “Red Hat adds StackRox’s Kubernetes-native capabilities to OpenShift’s layered security approach, furthering our mission to bring product-ready open innovation to every organization across the open hybrid cloud across IT footprints,” he said in a statement.

CEO Kamal Shah, writing in a company blog post announcing the acquisition, explained that the company made a bet a couple of years ago on Kubernetes and it has paid off. “Over two and half years ago, we made a strategic decision to focus exclusively on Kubernetes and pivoted our entire product to be Kubernetes-native. While this seems obvious today; it wasn’t so then. Fast forward to 2020 and Kubernetes has emerged as the de facto operating system for cloud-native applications and hybrid cloud environments,” Shah wrote.

Shah sees the purchase as a way to expand the company and the road map more quickly using the resources of Red Hat (and IBM), a typical argument from CEOs of smaller acquired companies. But the trick is always finding a way to stay relevant inside such a large organization.

StackRox’s acquisition is part of some consolidation we have been seeing in the Kubernetes space in general and the security space more specifically. That includes Palo Alto Networks acquiring competitor TwistLock for $410 million in 2019. Another competitor, Aqua Security, which has raised $130 million, remains independent.

StackRox was founded in 2014 and raised over $65 million, according to Crunchbase data. Investors included Menlo Ventures, Redpoint and Sequoia Capital. The deal is expected to close this quarter subject to normal regulatory scrutiny.


By Ron Miller

New Relic acquires Kubernetes observability platform Pixie Labs

Two months ago, Kubernetes observability platform Pixie Labs launched into general availability and announced a $9.15 million Series A funding round led by Benchmark, with participation from GV. Today, the company is announcing its acquisition by New Relic, the publicly traded monitoring and observability platform.

The Pixie Labs brand and product will remain in place and allow New Relic to extend its platform to the edge. From the outset, the Pixie Labs team designed the service to focus on providing observability for cloud-native workloads running on Kubernetes clusters. And while most similar tools focus on operators and IT teams, Pixie set out to build a tool that developers would want to use. Using eBPF, a relatively new way to extend the Linux kernel, the Pixie platform can collect data right at the source and without the need for an agent.

At the core of the Pixie developer experience are what the company calls “Pixie scripts.” These allow developers to write their debugging workflows, though the company also provides its own set of these and anybody in the community can contribute and share them as well. The idea here is to capture a lot of the informal knowledge around how to best debug a given service.

“We’re super excited to bring these companies together because we share a mission to make observability ubiquitous through simplicity,” Bill Staples, New Relic’s Chief Product Officer, told me. “[…] According to IDC, there are 28 million developers in the world. And yet only a fraction of them really practice observability today. We believe it should be easier for every developer to take a data-driven approach to building software and Kubernetes is really the heart of where developers are going to build software.”

It’s worth noting that New Relic already had a solution for monitoring Kubernetes clusters. Pixie, however, will allow it to go significantly deeper into this space. “Pixie goes much, much further in terms of offering on-the-edge, live debugging use cases, the ability to run those Pixie scripts. So it’s an extension on top of the cloud-based monitoring solution we offer today,” Staples said.

The plan is to build integrations into New Relic into Pixie’s platform and to integrate Pixie use cases with New Relic One as well.

Currently, about 300 teams use the Pixie platform. These range from small startups to large enterprises and as Staples and Asgar noted, there was already a substantial overlap between the two customer bases.

As for why he decided to sell, Pixie co-founder (and former Google AI CEO Zain Asgar told me that it was all about accelerating Pixie’s vision.

“We started Pixie to create this magical developer experience that really allows us to redefine how application developers monitor, secure and manage their applications,” Asgar said. “One of the cool things is when we actually met the team at New Relic and we got together with Bill and [New Relic founder and CEO] Lou [Cirne], we realized that there was almost a complete alignment around this vision […], and by joining forces with New Relic, we can actually accelerate this entire process.”

New Relic has recently done a lot of work on open-sourcing various parts of its platform, including its agents, data exporters and some of its tooling. Pixie, too, will now open-source its core tools. Open-sourcing the service was always on the company’s roadmap, but the acquisition now allows it to push this timeline forward.

“We’ll be taking Pixie and making it available to the community through open source, as well as continuing to build out the commercial enterprise-grade offering for it that extends the New Relic one platform,” Staples explained. Asgar added that it’ll take the company a little while to release the code, though.

“The same fundamental quality that got us so excited about Lew as an EIR in 2007, got us excited about Zain and Ishan in 2017 — absolutely brilliant engineers, who know how to build products developers love,” Bessemer Ventures General Partner Eric Vishria told me. “New Relic has always captured developer delight. For all its power, Kubernetes completely upends the monitoring paradigm we’ve lived with for decades.  Pixie brings the same — easy to use, quick time to value, no-nonsense approach to the Kubernetes world as New Relic brought to APM.  It is a match made in heaven.”


By Frederic Lardinois

Cast.ai nabs $7.7M seed to remove barriers between public clouds

When you launch an application in the public cloud, you usually put everything on one provider, but what if you could choose the components based on cost and technology and have your database one place and your storage another?

That’s what Cast.ai says that it can provide, and today it announced a healthy $7.7 million seed round from TA Ventures, DFX, Florida Funders and other unnamed angels to keep building on that idea. The round closed in June.

Company CEO and co-founder Yuri Frayman says that they started the company with the idea that developers should be able to get the best of each of the public clouds without being locked in. They do this by creating Kubernetes clusters that are able to span multiple clouds.

“Cast does not require you to do anything except for launching your application. You don’t need to know  […] what cloud you are using [at any given time]. You don’t need to know anything except to identify the application, identify which [public] cloud providers you would like to use, the percentage of each [cloud provider’s] use and launch the application,” Frayman explained.

This means that you could use Amazon’s RDS database and Google’s ML engine, and the solution decides how to make that work based on your requirements and price. You set the policies when you are ready to launch and Cast will take care of distributing it for you in the location and providers that you desire, or that makes most sense for your application.

The company takes advantage of cloud native technologies, containerization and Kubernetes to break the proprietary barriers that exist between clouds, says company co-founder Laurent Gil. “We break these barriers of cloud providers so that an application does not need to sit in one place anymore. It can sit in several [providers] at the same time. And this is great for the Kubernetes application because they’re kind of designed with this [flexibility] in mind,” Gil said.

Developers use the policy engine to decide how much they want to control this process. They can simply set location and let Cast optimize the application across clouds automatically, or they can select at a granular level exactly the resources they want to use on which cloud. Regardless of how they do it, Cast will continually monitor the installation and optimize based on cost to give them the cheapest options available for their configuration.

The company currently has 25 employees with four new hires in the pipeline, and plans to double to 50 by the end of 2021. As they grow, the company is trying keep diversity and inclusion front and center in its hiring approach and they currently have women in charge of HR, marketing and sales at the company.

“We have very robust processes on the continuous education inside of our organization on diversity training. And a lot of us came from organizations where this was very visible and we took a lot of those processes [and lessons] and brought them here,” Frayman said.

Frayman has been involved with multiple startups including Cujo.ai, a consumer firewall startup that participated in TechCrunch Disrupt Battlefield in New York in 2016.


By Ron Miller

Mirantis brings extensions to its Lens Kubernetes IDE, launches a new Kubernetes distro

Earlier this year, Mirantis, the company that now owns Docker’s enterprise business, acquired Lens, a desktop application that provides developers with something akin to an IDE for managing their Kubernetes clusters. At the time, Mirantis CEO Adrian Ionel told me that the company wants to offer enterprises the tools to quickly build modern applications. Today, it’s taking another step in that direction with the launch of an extensions API for Lens that will take the tool far beyond its original capabilities

In addition to this update to Lens, Mirantis also today announced a new open-source project: k0s. The company describes it as “a modern, 100% upstream vanilla Kubernetes distro that is designed and packaged without compromise.”

It’s a single optimized binary without any OS dependencies (besides the kernel). Based on upstream Kubernetes, k0s supports Intel and Arm architectures and can run on any Linux host or Windows Server 2019 worker nodes. Given these requirements, the team argues that k0s should work for virtually any use case, ranging from local development clusters to private datacenters, telco clusters and hybrid cloud solutions.

“We wanted to create a modern, robust and versatile base layer for various use cases where Kubernetes is in play. Something that leverages vanilla upstream Kubernetes and is versatile enough to cover use cases ranging from typical cloud based deployments to various edge/IoT type of cases.,” said Jussi Nummelin, Senior Principal Engineer at Mirantis and founder of k0s. “Leveraging our previous experiences, we really did not want to start maintaining the setup and packaging for various OS distros. Hence the packaging model of a single binary to allow us to focus more on the core problem rather than different flavors of packaging such as debs, rpms and what-nots.”

Mirantis, of course, has a bit of experience in the distro game. In its earliest iteration, back in 2013, the company offered one of the first major OpenStack distributions, after all.

As for Lens, the new API, which will go live next week to coincide with KubeCon, will enable developers to extend the service with support for other Kubernetes-integrated components and services.

“Extensions API will unlock collaboration with technology vendors and transform Lens into a fully featured cloud native development IDE that we can extend and enhance without limits,” said Miska Kaipiainen, the co-founder of the Lens open-source project and senior director of engineering at Mirantis. “If you are a vendor, Lens will provide the best channel to reach tens of thousands of active Kubernetes developers and gain distribution to your technology in a way that did not exist before. At the same time, the users of Lens enjoy quality features, technologies and integrations easier than ever.”

The company has already lined up a number of popular CNCF projects and vendors in the cloud-native ecosystem to build integrations. These include Kubernetes security vendors Aqua and Carbonetes, API gateway maker Ambassador Labs and AIOps company Carbon Relay. Venafi, nCipher, Tigera, Kong and StackRox are also currently working on their extensions.

“Introducing an extensions API to Lens is a game-changer for Kubernetes operators and developers, because it will foster an ecosystem of cloud-native tools that can be used in context with the full power of Kubernetes controls, at the user’s fingertips,” said Viswajith Venugopal, StackRox software engineer and developer of KubeLinter. “We look forward to integrating KubeLinter with Lens for a more seamless user experience.”


By Frederic Lardinois

With $29M in funding, Isovalent launches its cloud-native networking and security platform

Isovalent, a startup that aims to bring networking into the cloud-native era, today announced that it has raised a $29 million Series A round led by Andreesen Horowitz and Google. In addition, the company today officially launched its Cilium platform (which was in stealth until now) to help enterprises connect, observe and secure their applications.

The open-source Cilium project is already seeing growing adoption, with Google choosing it for its new GKE dataplane, for example. Other users include Adobe, Capital One, Datadog and GitLab. Isovalent is following what is now the standard model for commercializing open-source projects by launching an enterprise version.

Image Credits: Cilium

The founding team of CEO Dan Wendlandt and CTO Thomas Graf has deep experience in working on the Linux kernel and building networking products. Graf spent 15 years working on the Linux kernel and created the Cilium open-source project, while Wendlandt worked on Open vSwitch at Nicira (and then VMware).

Image Credits: Isovalent

“We saw that first wave of network intelligence be moved into software, but I think we both shared the view that the first wave was about replicating the traditional network devices in software,” Wendlandt told me. “You had IPs, you still had ports, you created virtual routers, and this and that. We both had that shared vision that the next step was to go beyond what the hardware did in software — and now, in software, you can do so much more. Thomas, with his deep insight in the Linux kernel, really saw this eBPF technology as something that was just obviously going to be groundbreaking technology, in terms of where we could take Linux networking and security.”

As Graf told me, when Docker, Kubernetes and containers, in general, become popular, what he saw was that networking companies at first were simply trying to reapply what they had already done for virtualization. “Let’s just treat containers as many as miniature VMs. That was incredibly wrong,” he said. “So we looked around, and we saw eBPF and said: this is just out there and it is perfect, how can we shape it forward?”

And while Isovalent’s focus is on cloud-native networking, the added benefit of how it uses the eBPF Linux kernel technology is that it also gains deep insights into how data flows between services and hence allows it to add advanced security features as well.

As the team noted, though, users definitely don’t need to understand or program eBPF, which is essentially the next generation of Linux kernel modules, themselves.

Image Credits: Isovalent

“I have spent my entire career in this space, and the North Star has always been to go beyond IPs + ports and build networking visibility and security at a layer that is aligned with how developers, operations and security think about their applications and data,” said Martin Casado, partner at Andreesen Horowitz (and the founder of Nicira). “Until just recently, the technology did not exist. All of that changed with Kubernetes and eBPF.  Dan and Thomas have put together the best team in the industry and given the traction around Cilium, they are well on their way to upending the world of networking yet again.”

As more companies adopt Kubernetes, they are now reaching a stage where they have the basics down but are now facing the next set of problems that come with this transition. Those, almost by default, include figuring out how to isolate workloads and get visibility into their networks — all areas where Isovalent/Cilium can help.

The team tells me its focus, now that the product is out of stealth, is about building out its go-to-market efforts and, of course, continue to build out its platform.


By Frederic Lardinois

Kong launches Kong Konnect, its cloud-native connectivity platform

At its (virtual) Kong Summit 2020, API platform Kong today announced the launch of Kong Konnect, its managed end-to-end cloud-native connectivity platform. The idea here is to give businesses a single service that allows them to manage the connectivity between their APIs and microservices and help developers and operators manage their workflows across Kong’s API Gateway, Kubernetes Ingress and King Service Mesh runtimes.

“It’s a universal control plane delivery cloud that’s consumption-based, where you can manage and orchestrate API gateway runtime, service mesh runtime, and Kubernetes Ingress controller runtime — and even Insomnia for design — all from one platform,” Kong CEO and co-founder Augusto ‘Aghi’ Marietti told me.

The new service is now in private beta and will become generally available in early 2021.

Image Credits: Kong

At the core of the platform is Kong’s new so-called ServiceHub, which provides that single pane of glass for managing a company’s services across the organization (and make them accessible across teams, too).

As Marietti noted, organizations can choose which runtime they want to use and purchase only those capabilities of the service that they currently need. The platform also includes built-in monitoring tools and supports any cloud, Kubernetes provider or on-premises environment, as long as they are Kubernetes-based.

The idea here, too, is to make all these tools accessible to developers and not just architects and operators. “I think that’s a key advantage, too,” Marietti said. “We are lowering the barrier by making a connectivity technology easier to be used by the 50 million developers — not just by the architects that were doing big grand plans at a large company.”

To do this, Konnect will be available as a self-service platform, reducing the friction of adopting the service.

Image Credits: Kong

This is also part of the company’s grander plan to go beyond its core API management services. Those services aren’t going away, but they are now part of the larger Kong platform. With its open-source Kong API Gateway, the company built the pathway to get to this point, but that’s a stable product now and it’s now clearly expanding beyond that with this cloud connectivity play that takes the company’s existing runtimes and combines them to provide a more comprehensive service.

“We have upgraded the vision of really becoming an end-to-end cloud connectivity company,” Marietti said. “Whether that’s API management or Kubernetes Ingress, […] or Kuma Service Mesh. It’s about connectivity problems. And so the company uplifted that solution to the enterprise.”

 


By Frederic Lardinois

Cisco acquires PortShift to raise its game in DevOps and Kubernetes security

Cisco is making another acquisition to expand its reach in security solutions, this time specifically targeting DevOps and the world of container management. It is acquiring PortShift, an Israeli startup that has built a Kubernetes-native security platform.

Terms of the deal are not being disclosed. PortShift had raised about $5.3 million from Team8, an incubator and backer of security startups in Israel founded by a group of cybersecurity vets. Cisco, along with Microsoft and Walmart, are among the large corporates that back Team8. (Indeed, their participation is in part a way of getting an early look and inside scoop on some of the more cutting edge technologies being built, and in part a way to help founders understand what corporates’ security needs are these days.)

The deal underscores not just how containerization, and specifically Kubernetes, has taken hold of the enterprise world, but also how those working in this area, and building businesses around containerization and Kubernetes, are paying increasing attention to security around them.

Others are also sharpening their focus on containers and how they are secured. Earlier this year, Venafi acquired Jetstack, which runs a certificate controller for Kubernetes; and last month StackRox raised funding for its own approach to Kubernetes security.

Cisco has been a longtime partner of Google’s around cloud services, and it has made a number of acquisitions in the area of cybersecurity in recent years. They have included Duo for $2.35 billion, OpenDNS for $635 million, and most recently Babble Labs (which helps reduce background noise in video calls, something that both improves quality but also helps users ensure unwanted or private chatter doesn’t inadvertently get heard by unintended listeners).

But as Liz Centoni, the SVP of the Emerging Technologies and Incubation (ET&I) Group, notes in a blog post, Cisco is now turning its attention also to how it can help customers better secure applications and workloads, alongside the investments that it has made to help secure people.

In the area of containers, security issues can arise around container architecture in a number of ways: it can be due to misconfiguration; or because of how applications are monitored; or how developers use open-source libraries; and how companies implement regulatory compliance. Other security vulnerabilities include the use of insecure container images; problems with how containers interact with each other; the use of containers that have been infected with rogue processes; and having containers not isolated properly from their hosts.

Centoni notes that PortShift interested them because it provides an all-in-one platform covering the many aspects of Kubernetes security:

“Today, the application security space is highly fragmented with many vendors addressing only part of the problem,” she writes. “The Portshift team is building capabilities that span a large portion of the lifecycle of the cloud-native application.”

PortShift provides tools for better container configuration visibility, vulnerability management, configuration management, segmentation, encryption, compliance and automation.

The acquisition is expected to close in the first half of Cisco’s 2021 fiscal year, when the team will join Cisco’s ET&I Group.


By Ingrid Lunden

Pure Storage acquires data service platform Portworx for $370M

Pure Storage, the public enterprise data storage company, today announced that it has acquired Portworx, a well-funded startup that provides a cloud-native storage and data-management platform based on Kubernetes, for $370 million in cash. This marks Pure Storage’s largest acquisition to date and shows how important this market for multi-cloud data services has become.

Current Portworx enterprise customers include the likes of Carrefour, Comcast, GE Digital, Kroger, Lufthansa, and T-Mobile. At the core of the service is its ability to help users migrate their data and create backups. It creates a storage layer that allows developers to then access that data, no matter where it resides.

Pure Storage will use Portworx’s technology to expand its hybrid and multi-cloud services and provide Kubernetes -based data services across clouds.

Image Credits: Portworx

“I’m tremendously proud of what we’ve built at Portworx: an unparalleled data services platform for customers running mission-critical applications in hybrid and multi-cloud environments,” said Portworx CEO Murli Thirumale. “The traction and growth we see in our business daily shows that containers and Kubernetes are fundamental to the next-generation application architecture and thus competitiveness. We are excited for the accelerated growth and customer impact we will be able to achieve as a part of Pure.”

When the company raised its Series C round last year, Thirumale told me that Portworx had expanded its customer base by over 100 percent and its bookings increased by 376 from 2018 to 2019.

“As forward-thinking enterprises adopt cloud native strategies to advance their business, we are thrilled to have the Portworx team and their groundbreaking technology joining us at Pure to expand our success in delivering multi-cloud data services for Kubernetes,” said Charles Giancarlo, Chairman and CEO of Pure Storage. “This acquisition marks a significant milestone in expanding our Modern Data Experience to cover traditional and cloud native applications alike.”


By Frederic Lardinois

StackRox nabs $26.5M for a platform that secures containers in Kubernetes

Containers have become a ubiquitous cornerstone in how companies manage their data, a trend that has only accelerated in the last eight months with the larger shift to cloud services and more frequent remote working due to the coronavirus pandemic. Alongside that, startups building services to enable containers to be used better are also getting a boost.

StackRox, which develops Kubernetes-native security solutions, says that its business grew by 240% in the first half of this year, and on the back of that, it is announcing today that it has raised $26.5 million to expand its business into international markets, and to continue investing in its R&D.

The funding, which appears to be a Series C, has an impressive list of backers. It is being led by Menlo Ventures, with Highland Capital Partners, Hewlett-Packard Enterprise, Sequoia Capital and Redpoint Ventures all also participating. Sequoia and Redpoint are previous investors, and the company has raised around $60 million to date.

HPE is a strategic backer in this round:

“At HPE, we are working with our customers to help them accelerate their digital transformations,” said Paul Glaser, VP, Hewlett Packard Enterprise, and Head of Pathfinder. “Security is a critical priority as they look to modernize their applications with containers. We’re excited to invest in StackRox and see it as a great fit with our new software HPE Ezmeral to help HPE customers secure their Kubernetes environments across their full application life cycle. By directly integrating with Kubernetes, StackRox enables a level of simplicity and unification for DevOps and Security teams to apply the needed controls effectively.”

Kamal Shah, the CEO, said that StackRox is not disclosing its valuation, but he confirmed it has definitely gone up. For some context, according to PitchBook data, the company was valued at $145 million in its last funding round, a Series B in 2018. Its customers today include the likes of Priceline, Brex, Reddit, Zendesk and Splunk, as well as government and other enterprise customers, in a container security market that analysts project will be worth some $2.2 billion by 2024, up from $568 million last year.

StackRox first got its start in 2014, when containers were starting to pick up momentum in the market. At the time, its focus was a little more fragmented, not unlike the container market itself: it provided solutions that could be used with Docker containers as well as others. Over time, Shah said that the company chose to hone its focus just on Kubernetes, originally developed by Google and open-sourced, and now essentially the de-facto standard in containerisation.

“We made a bet on Kubernetes at a time when there were multiple orchestrators, including Mesosphere, Docker and others,” he said. “Over the last two years Kubernetes has won the war and become the default choice, the Linux of the cloud and the biggest open source cloud application. We are all Kubernetes all the time because what we see in the market are that a majority of our customers are moving to it. It has over 35,000 contributors to the open source project alone, it’s not just Red Hat (IBM) and Google.” Research from CNCF estimates that nearly 80% of organizations that it surveyed are running Kubernetes in production.

That is not all good news, however, with the interest underscoring a bigger need for Kubernetes-focused security solutions for enterprises that opt to use it.

Shah says that some of the typical pitfalls in container architecture arise when they are misconfigured, leading to breaches; as well as around how applications are monitored; how developers use open-source libraries; and how companies implement regulatory compliance. Other security vulnerabilities that have been highlighted by others include the use of insecure container images; how containers interact with each other; the use of containers that have been infected with rogue processes; and having containers not isolated properly from their hosts.

But Shah noted, “Containers in Kubernetes are inherently more secure if you can deploy correctly.” And to that end that is where StackRox’s solutions attempt to help: the company has built a multi-purposes toolkit that provides developers and security engineers with risk visibility, threat detection, compliance tools, segmentation tools and more. “Kubernetes was built for scale and flexibility, but it has lots of controls so if you misconfigure it it can lead to breaches. So you need a security solution to make sure you configure it all correctly,” said Shah.

He added that there has been a definite shift over the years from companies considering security solutions as a optional element into one that forms part of the consideration at the very core of the IT budget — another reason why StackRox and competitors like TwistLock (acquired by Palo Alto Networks) and Aqua Security have all seen their businesses really grow.

“We’ve seen the innovation companies are enabling by building applications in containers and Kubernetes. The need to protect those applications, at the scale and pace of DevOps, is crucial to realizing the business benefits of that innovation,” said Venky Ganesan, partner, Menlo Ventures, in a statement. “While lots of companies have focused on securing the container, only StackRox saw the need to focus on Kubernetes as the control plane for security as well as infrastructure. We’re thrilled to help fuel the company’s growth as it dominates this dynamic market.”

“Kubernetes represents one of the most important paradigm shifts in the world of enterprise software in years,” said Corey Mulloy, General Partner, Highland Capital Partners, in a statement. “StackRox sits at the forefront of Kubernetes security, and as enterprises continue their shift to the cloud, Kubernetes is the ubiquitous platform that Linux was for the Internet era. In enabling Kubernetes-native security, StackRox has become the security platform of choice for these cloud-native app dev environments.”


By Ingrid Lunden

SUSE contributes EiriniX to the Cloud Foundry Foundation

SUSE today announced that it has contributed EiriniX, a framework for building extensions for Eirini, a technology that brings support for Kubernetes-based container orchestration to the Cloud Foundry platform-as-a-service project.

About a year ago, SUSE also contributed the KubeCF project to the foundation, which itself allows the Cloud Foundry Application Runtime — the core of Cloud Foundry — to run on top of Kubernetes.

Image Credits: SUSE

“At SUSE we are developing upstream first as much as possible,” said Thomas Di Giacomo, president of Engineering and Innovation at SUSE. “So, after experiencing the value of contributing KubeCF to the Foundation earlier this year, we decided it would be beneficial to both the Cloud Foundry community and the EiriniX team to do it again. We have seen an uptick in contributions to and usage of KubeCF since it became a Foundation project, indicating that more organizations are investing developer time into the upstream. Contributing EiriniX to the Foundation is a surefire way to get the broader community involved.”

SUSE first demonstrated EiriniX a year ago. The tool implements features like the ability to SSH into a container and debug it, for example, or to use alternative logging solutions for KubeCF.

“There is significant value in contributing this project to the Foundation, as it ensures that other project teams looking for a similar solution to creating Extensions around Eirini will not reinvent the wheel,” said Chip Childers, executive director, Cloud Foundry Foundation. “Now that EiriniX exists within the Foundation, developers can take full advantage of its library of add-ons to Eirini and modify core features of Cloud Foundry. I’m excited to see all of the use cases for this project that have not yet been invented.” 


By Frederic Lardinois

Microsoft launches Open Service Mesh

Microsoft today announced the launch of a new open-source service mesh based on the Envoy proxy. The Open Service Mesh is meant to be a reference implementation of the Service Mesh Interface (SMI) spec, a standard interface for service meshes on Kubernetes that has the backing of most of the players in this ecosystem.

The company plans to donate Open Service Mesh to the Cloud Native Computing Foundation (CNCF) to ensure that it is community-led and has open governance.

“SMI is really resonating with folks and so we really thought that there was room in the ecosystem for a reference implementation of SMI where the mesh technology was first and foremost implementing those SMI APIs and making it the best possible SMI experience for customers,” Microsoft partner program manager (and CNCF board member) Gabe Monroy told me.

Image Credits: Microsoft

He also added that, because SMI provides the lowest common denominator API design, Open Service Mesh gives users the ability to “bail out” to raw Envoy if they need some more advanced features. This “no cliffs” design, Monroy noted, is core to the philosophy behind Open Service Mesh.

As for its feature set, SMI handles all of the standard service mesh features you’d expect, including securing communications between services using mTLS, managing access control policies, service monitoring and more.

Image Credits: Microsoft

There are plenty of other service mesh technologies in the market today, though. So why would Microsoft launch this?

“What our customers have been telling us is that solutions that are out there today, Istio being a good example, are extremely complex,” he said. “It’s not just me saying this. We see the data in the AKS support queue of customers who are trying to use this stuff — and they’re struggling right here. This is just hard technology to use, hard technology to build at scale. And so the solutions that were out there all had something that wasn’t quite right and we really felt like something lighter weight and something with more of an SMI focus was what was going to hit the sweet spot for the customers that are dabbling in this technology today.”

Monroy also noted that Open Service Mesh can sit alongside other solutions like Linkerd, for example.

A lot of pundits expected Google to also donate its Istio service mesh to the CNCF. That move didn’t materialize. “It’s funny. A lot of people are very focused on the governance aspect of this,” he said. “I think when people over-focus on that, you lose sight of how are customers doing with this technology. And the truth is that customers are not having a great time with Istio in the wild today. I think even folks who are deep in that community will acknowledge that and that’s really the reason why we’re not interested in contributing to that ecosystem at the moment.”


By Frederic Lardinois

Kubermatic launches open source service hub to enable complex service management

As Kubernetes and cloud native technologies proliferate, developers and IT have found a growing set of technical challenges they need to address, and new concepts and projects have popped up to deal with them. For instance, operators provide a way to package, deploy and manage your cloud native application in an automated way. Kubermatic wants to take that concept a step further, and today the German startup announced KubeCarrier, a new open source, cloud native service management hub.

Kubermatic co-founder Sebastian Scheele says three or four years ago, the cloud native community needed to solve a bunch of technical problems around deploying Kubernetes clusters such as overlay networking, service meshes and authentication. He sees a similar set of problems arising today where developers need more tools to manage the growing complexity of running Kubernetes clusters at scale.

Kubermatic has developed KubeCarrier to help solve one aspect of this. “What we’re currently focusing on is how to provision and manage workloads across multiple clusters, and how IT organizations can have a service hub where they can provide those services to their organizations in a centralized way,” Scheele explained.

Scheele says that KubeCarrier provides a way to manage and implement all of this, giving organizations much greater flexibility beyond purely managing Kubernetes. While he sees organizations with lots of Kubernetes operators, he says that as he sees it, it doesn’t stop there. “We have lots of Kubernetes operators now, but how do we manage them, especially when there are multiple operators, [along with] the services they are provisioning,” he asked.

This could involve provisioning something like Database as a Service inside the organization or for external customers, while combining or provisioning multiple services, which are working on multiple levels and a need a way to communicate with each other.

“That is where Kubecarrier comes in. Now, we can help our customers to build this kind of automation around provisioning, and service capability so that different teams can provide different services inside the organization or to external customers,” he said.

As the company explains it, “KubeCarrier addresses these complexities by harnessing the Kubernetes API and Operators into a central framework allowing enterprises and service providers to deliver cloud native service management from one multi-cloud, multi-cluster hub.”

KubeCarrier is available  on GitHub, and Scheele says the company is hoping to get feedback from the community about how to improve it. In parallel, the company is looking for ways to incorporate this technology into its commercial offerings and that should be available in the next 3-6 months, he said.


By Ron Miller

SUSE acquires Kubernetes management platform Rancher Labs

SUSE, which describes itself as ‘the world’s largest independent open source company,’ today announced that it has acquired Rancher Labs, a company that has long focused on making it easier for enterprises to make their container clusters.

The two companies did not disclose the price of the acquisition, but Rancher was well funded, with a total of $95 million in investments. It’s also worth mentioning that it’s only been a few months since the company announced its $40 million Series D round led by Telstra Ventures. Other investors include the likes of Mayfield and Nexus Venture Partners, GRC SinoGreen and F&G Ventures.

Like similar companies, Rancher’s original focus was first on Docker infrastructure before it pivoted to putting its emphasis on Kubernetes once that became the de facto standard for container orchestration. Unsurprisingly, this is also why SUSE is now acquiring this company. After a number of ups and downs — and various ownership changes — SUSE has now found its footing again and today’s acquisition shows that its aiming to capitalize on its current strengths.

Just last month, the company reported that the annual contract value of its booking increased by 30% year over year and that it saw a 63% increase in customer deals worth more than $1 million in the last quarter, with its cloud revenue growing 70%. While it is still in the Linux distribution business that the company was founded on, today’s SUSE is a very different company, offering various enterprise platforms (including its Cloud Foundry-based Cloud Application Platform), solutions and services. And while it already offered a Kubernetes-based container platform, Rancher’s expertise will only help it to build out this business.

“This is an incredible moment for our industry, as two open source leaders are joining forces. The merger of a leader in Enterprise Linux, Edge Computing and AI with a leader in Enterprise Kubernetes Management will disrupt the market to help customers accelerate their digital transformation journeys,” said SUSE CEO Melissa Di Donato in today’s announcement. “Only the combination of SUSE and Rancher will have the depth of a globally supported and 100% true open source portfolio, including cloud native technologies, to help our customers seamlessly innovate across their business from the edge to the core to the cloud.”

The company describes today’s acquisition as the first step in its ‘inorganic growth strategy’ and Di Donato notes that this acquisition will allow the company to “play an even more strategic role with cloud service providers, independent hardware vendors, systems integrators and value-added resellers who are eager to provide greater customer experiences.”


By Frederic Lardinois

Suse launches version 2.0 of its Cloud Foundry-based Cloud Application Platform

Suse, the well-known German open-source company that went through more corporate owners than anybody can remember until it finally became independent again in 2019, has long been a champion of Cloud Foundry, the open-source platform-as-a-service project. And while you may think of Suse as a Linux distribution, today’s company also offers a number of other services, including a container platform, DevOps tools and the Suse Cloud Application Platform, based on Cloud Foundry. Today, right in time for the bi-annual (and now virtual) Cloud Foundry Summit, the company announced the launch of version 2.0 of this platform.

The promise of the Application Platform, and indeed Cloud Foundry, is that it allows for one-step application deployments and an enterprise-ready platform to host them.

The marquee feature of version 2.0 is that it now includes a new Kubernetes Operator, a standard way of packaging, deploying and managing container-based applications, which makes deploying and managing Cloud Foundry on Kubernetes infrastructure easier.

Suse President of Engineering and Innovation Thomas Di Giacomo also notes that it’s now easier to “install, operate and maintain on Kubernetes platforms anywhere — on premises and in public clouds,” and that it opens up a new path for existing Cloud Foundry users to move to a modern container-based architecture. Indeed, for the last few years, Suse has been crucial to bringing both Kubernetes support to Cloud Foundry and Cloud Foundry to Kubernetes.

Cloud Foundry, it’s worth noting, long used its home-grown container orchestration tool, which the community developed before anybody had even heard of Kubernetes. Over the course of the last few years, though, Kubernetes became the de facto standard for container management, and today, Cloud Foundry supports both its own Diego tool and Kubernetes.

Suse Cloud Application Platform 2.0 builds on and advances those efforts, incorporating several upstream technologies recently contributed by Suse to the Cloud Foundry Community,” writes Di Giacomo. “These include KubeCF, a containerized version of the Cloud Foundry Application Runtime designed to run on Kubernetes, and Project Quarks, a Kubernetes operator for automating deployment and management of Cloud Foundry on Kubernetes.”


By Frederic Lardinois

Loodse becomes Kubermatic and open sources Kubernetes automation platform

Loodse, a German Kubernetes automation platform, announced today that it was rebranding as Kubermatic. While it was at it, the company also announced that it was open sourcing its Kubermatic Kubernetes Platform as open source under the Apache 2.0 License.

Co-founder Sebastian Scheele says that his company’s Kubernetes solution can provision clusters and applications on any cloud, as well in a datacenter running, for example OpenStack or VMware. What’s more, it can do it much faster by automating much of the operations side of running Kubernetes clusters.

“We wanted to really have a cloud native way to run and manage Kubernetes. And so it’s running the Kubernetes master itself, which is completely containerized on top of Kubernetes, rather than being run on VMs. This helps provide you with better scalability, but also because it’s running on Kubernetes, we get all of the resilience and auto scaling out of Kubernetes itself,” Scheele told TechCrunch.

He says that he and his co-founder Julian Hansert have always had a strong commitment to open source, and offering Kubermatic platform under the Apache 2.0 license is a way to show that to the community. “One of the big [things] we can bring to the table is making Kubermatic completely open source, while following the Open-core model, and having a strong commitment to open source to the world and also to the community,” he said.

Image Credit: Kubermatic

As for why it’s rebranding, he says that the original company name is a German word that means navigation pilot for a ship. The name is a nod to its Hamburg base, which is a hub for container ships. It makes sense to Germans, but not others, so they wanted a name that more broadly reflected what the company does.

“Now that we are open sourcing Kubermatic, we also thought that people should understand our vision and what’s our DNA. It’s Kubernetes automation, helping our customers to really save money on Kubernetes operations by automating as much as possible on the operation level, so our users can really focus on building new applications,” he explained.

The company launched 4 years ago and has taken no funding, completely bootstrapping along the way. It’s worth noting it was of the top 5 committers to the open source Kubernetes project in 2019 along with much bigger names including Google, VMware, Red Hat and Microsoft.

Today the company has 50 employees most of whom are working remotely by choice, rather than due to the pandemic. In fact the company has employees working in 10 different countries. He says that has allowed him to work with people with a broad set of skills, who don’t necessarily live in Hamburg where he and Hansert are based.


By Ron Miller