Cloud Native

Unison 1.0.8 Available

December 13, 2016

by

Marc Boorshtein

We’re pleased to announce the immediate availability of Unison and OpenUnison 1.0.8. This release brings new features specifically aimed at Cloud Native systems:

  • OpenID Connect support, both as a relying party and as an identity provider
  • Kubernetes SSO integration
  • MongoDB Support for storing authorization data and additional attributes outside of your corporate Active Directory
  • Identity Management for OpenShift and OpenStack
  • Dynamic Workflows for OpenShift and Kubernetes

What makes the Cloud Native revolution so important is its ability to give you both the control of local infrastructure while having the speed of Software as a Service.  This power shouldn’t be slowed down by adding identity management, it should be accelerated.  By combining our light weight deployment methods and integration with existing systems many of the services you already own you can quickly have an enterprise capable identity service in a matter of minutes.

Here’s an example of how Unison can accelerate your application deployment.  You’ve decided to run Kubernetes on Amazon Web Services but for compliance reasons you need to control access at every level.  That means providing the who, what and why of access:

  • Who is the user and how do you know?
  • What is the user authorized to do?
  • Why is the user authorized?

You might already have a process in place for provisioning servers on AWS and providing access, but what about Kubernetes?  It has no knowledge of users or group memberships so you need a way to authenticate your developers and admins as well as a way to authorize the access.  Kubernetes provides integration with OpenID Connect and Role Based Access Controls (RBAC) but you still need to tell Kubernetes who the user is and what they have access to.

Where will you store the groups?  In Active Directory? Do you own Active Directory?  Do you have a well established process for adding groups and provisioning access?  Chances are you don’t.  The people who own Active Directory are going to be focussed on managing access to the Windows and potentially the Linux infrastructure so its unlikely they’ll want to let application owners start making additions to Active Directory.

Enter Unison and OpenUnison.  Your team already knows databases, NoSQL databases and applications.  You can standup databases for audit and authorization data separate from Active Directory, but still use AD for authentication.  Its the best of both worlds.  You are delegating authentication while controlling authorizations.

Speaking of authorizations, how will you authorize access to new namespaces and projects?  Will you manually create a process for each one?  That doesn’t sound like DevOps.  Instead let Unison or OpenUnison dynamically adapt to your environment.  As you add new namespaces to Kubernetes Unison will drive access requests via a self service request portal and annotations in your namespace deployments.

The same self service interface used for access requests can be used for giving the auditors direct access to the audit data in real time.  In addition to meeting your compliance and security needs for Kubernetes you have increased the automation in your environment and provided a way for users to access information on their own decreasing your support burden and costs.

Thats just one example of how a Cloud Native identity management system can help run your applications more smoothly then ever before.  In the coming weeks we’re going to be releasing quick starts for OpenUnison, our open source identity management system, that will get you up and running on managing access to OpenStack, OpenShift and Kubernetes in no time!  To get started now, check out or videos gallery, wiki and documentation.


Related Posts

June 13, 2022
Using Okta with Kubernetes
Combine OpenUnison and Okta for a simple and powerful access solution for Kubernetes. Combine CLI access and the dashboard to provide a unified login system for your Kubernetes clusters and control access using Okta groups.
Cloud Native
June 13, 2022
Amazon EKS and OIDC
Amazon EKS now supports OpenID Connect! This post will take you through the setup and configuration of integrating your cluster with Okta and OpenUnison.
Cloud Native
February 15, 2021
Pipelines and Kubernetes Authentication
Don't use ServiceAccount tokens in your external pipelines. Learn why you shouldn't use ServiceAccount tokens and how to properly authenticate your pipelines to your Kubernetes cluster.
Cloud Native
September 1, 2020
Building a Developer Portal
Integrate the applications that manage your cluster, like ArgoCD, into your OpenUnison deployment to give your developers and admins a central portal for accessing those applications.
Cloud Native
August 24, 2020
Building a Multi Cluster Authentication Portal
Quickly build a multi-cluster authentication portal for all your clusters, both on-premises and managed in the cloud. In this blog post we'll walk you through creating an authentication portal for accessing all your clusters and dashboards from a single site.
Cloud Native
July 21, 2020
Kubectl without Configuration Files
Login to your clusters with no upfront configuration!
Cloud Native
May 5, 2020
Multi-tenant Amazon EKS - The Easy Way - Part I: Authentication
Use Active Directory to login to your Amazon EKS clusters and use AD groups to authorize access to your cluster.
Cloud Native
April 21, 2020
Kubernetes Impersonation, DUO, Okta, and AzureAD in OpenUnison 1.0.18
New features in OpenUnison 1.0.18 - Kubernetes Impersonation, Prometheus metrics, Okta and AzureAD support.
Cloud Native
March 3, 2021
Kubernetes and Active Directory with Canonical
Use OopenUnison to integration Active Directory and Cononical's Kubernetes Distribution!
Cloud Native
April 12, 2020
Beyond RBAC in OpenShift – Open Policy Agent
Cloud Native
February 21, 2020
Automate OpenShift Identity Management and Project Deployment with Unison 1.0.10
Cloud Native
February 21, 2020
Containers are (Not) Doomed Because of Dirty Cow, and Why Identity Management is Important For Mitigation
Cloud Native
April 13, 2020
Unison 1.0.8 Available
Cloud Native
February 24, 2020
Kubernetes on Raspberry Pi II – Networking
Cloud Native
February 24, 2020
Building an Identity Enabled Kubernetes Cluster on Raspberry Pi
Cloud Native
February 24, 2020
Missed Google DevFestDC? Here’s My Talk on Kubernetes Identity Management
Cloud Native
February 24, 2020
Kubernetes Identity Management Part II – RBAC and User Provisioning
Cloud Native
March 20, 2020
Open Source Identity Manager for Red Hat Identity Management and FreeIPA
Cloud Native
April 12, 2020
Kubernetes Identity Management - Part I : SSO
Cloud Native
April 12, 2020
Details on our OpenShift Demo
Cloud Native
June 2, 2020
Multi-tenant Amazon EKS The Easy Way - Part II : Provisioning Namespaces
Automate the creation of namespaces and on-boarding of users for EKS with a self-service portal that takes administrators out of user management.
Cloud Native
December 14, 2020
Is Kubernetes Multi-Tenant?
Building a multi-tenant cluster will lead to better experience for your customers and an overall more secure platform. In this blog post learn why Kubernetes is an important part of a multi-tenant platform.
Cloud Native
January 5, 2021
OpenUnison Operator 2.0, New Helm Charts, and Portal Updates
OpenUnison includes better support for long term management, NetworkPolicies, and more!
Cloud Native
April 13, 2021
Secure Access to Kubernetes From Your Pipeline
Secure access to Kubernetes from your pipelines without a third party identity provider
Cloud Native
March 21, 2022
What the NSA and CISA Left Out of Their Kubernetes Hardening Guide
See what the NSA and CISA left out of their Kubernetes hardening guide for authentication and authorization!
Cloud Native
view all
solutions For
PRODUCTS
resources
company
contact
Enterprise Applications
OpenUnison
Blog
About Us
Contact Us
Customer Identity Access Management
Orchestra
Client Portal
Leadership
Receive Email Updates
free demo
OpenShift
Downloads
MyVirtualDirectory
Infrastructure & DevOps
Documentation
Content
Kubernetes
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

CALL

Phone. +1 703 844 2727

CONNECT

Drop us a line

ADDRESS

5810 Kingstowne Center Dr
STE #120-427
Alexandria, VA 22315

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form
(c) 2020 Tremolo Security, Inc. All rights reserved.
|
|
Connect with US
(c) 2020 Tremolo Security, Inc. All rights reserved.
Privacy
terms & conditions
Sign up for Tremolo emails and  content updates
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.