“Modern cloud deployment can be very complex,” says Gadi Naor, CTO & co-founder, Alcide.io, a Tel Aviv-based information security firm. “There are often lots of moving parts and shifting parameters that can be hard to operate and secure.” Alcide aims to provide a complete security solution designed specifically for cloud-based infrastructure. With a single platform, customers gain access to a threat intelligence solution using the company’s proprietary machine learning algorithms, a deep level of visibility into their systems, and security segmentation at the microservices level.
“In a cloud-native environment, services run on different workloads so you can’t base your security around servers,” says Gadi. “By focusing on the microservices, we’re taking firewalls to the next level.”
Founded in 2016, Alcide helps organizations secure their distributed and complex cloud stacks with thousands of nodes to secure. To achieve this, Alcide very quickly adopted an architecture based on Kubernetes, allowing its platform to quickly and easily scale up and down according to its needs. As a fast-growing company with limited resources, Alcide places a priority on efficiency. When it looked for ways to optimize its architecture, it turned to Google Cloud Platform (GCP) for the answer.
“The cloud environment is elastic by nature, so we have to be too,” says Gadi. “We don’t have time for a lot of provisioning or maintenance, so we looked for managed services for Kubernetes clusters. For us, Google’s solution was the best way of offloading overheads and keeping the benefits of Kubernetes.”
Flexibility, scalability, and ease of use with Google Kubernetes Engine.
Over the last few years, cloud deployment has been shifting from virtual machine environments, based around servers and hardware, towards container-based systems, where the architecture is broken down into components. Each component performs a single task and they communicate with each other via APIs and messaging systems. A system like this makes it easier for companies to scale up and down quickly and maintain large workloads, compared to a more traditional architecture. Early on, Alcide developed its architecture around Kubernetes, an open source container solution from Google.
Even with Kubernetes, Alcide knew that it could make its deployments faster. “We were provisioning new clusters manually, which took days, even for experienced DevOps staff,” says Gadi. “That was too much time from our perspective.” In addition, the time and effort needed for maintaining clusters and managing security meant that Alcide’s tight resources were being stretched thin. In early 2017, the company began looking for managed services with Kubernetes.
After assessing its options, Alcide decided that Google Cloud Platform offered the most stable and secure solution for the company. Google Kubernetes Engine was the core of the new system, providing easy provisioning of new clusters and built-in maintenance tools. Alcide’s developers spent time working on a deployment template that fit their needs. Once that was in place, creating new environments from scratch was quick and simple.
In addition, Alcide used Container Registry to maintain its container images, Cloud Load Balancing to keep its service smooth even with high volumes of traffic, and Stackdriver for logging each one of its clusters. Meanwhile, Google Cloud Identity & Access Management enabled Alcide to simplify its security while streamlining the procedures with granular control of permissions and authentications. By the end of its migration period, Alcide was using Kubernetes Engine for its testing, development, and production environments.
“There are a lot of additional services like logging, monitoring, and security that are baked into the overall service with Google Kubernetes Engine and Google Cloud Platform,” says Gadi. “With Kubernetes Engine in particular, Google is doing a great job in maintaining its performance. It’s the best managed service we found.”
Reduced deployment time for increased productivity
Kubernetes Engine and Google Cloud Platform have enabled Alcide and its security platform to achieve a new level of elasticity by slashing the time taken to deploy new environments. “Provisioning new clusters used to take two to three days,” says Gadi. “With our templates in Kubernetes Engine, we can now do it in 20 minutes.” This has helped Alcide scale its platform to accommodate large enterprise stacks with thousands of nodes and hundreds of thousands of workloads.
Meanwhile, Google’s managed services made maintaining and updating clusters much easier for Alcide. With much of the DevOps burden lifted, engineers could now work on more important business objectives.
“For a startup like ours, we want to move fast, close the gaps with our customers and provide as much feature functionality as we can,” says Gadi. “Google Cloud Platform lets us concentrate on writing our own business logic and implementing the application, without having to worry about the infrastructure.”
Always evolving, always improving
As Alcide grows its business and works on new features, it continues to explore new ways of making GCP and Kubernetes even more efficient. The company is currently looking at the option of preemptible virtual machines in Kubernetes Engine to reduce costs while new features in Container Registry allow for built-in image scanning for vulnerabilities. “It’s something we’ve recently started to explore, and it helps us deliver a much more secure workload in the design period,” says Gadi. “We’re very happy with Google Cloud Platform, both with where we’re at now and where we’re headed.”