Fresh faced startup Illumio is bringing a new twist on an old technique to create something simple and powerful.
Take host-based firewalls–in Linux, Windows, containers–that already exist and control them with centrally managed policy.
In case you don’t immediately grab why this is an excellent idea, I’ll break it down for you.
Let me be clear at the outset: I love what Illumio purports to do. I can see the potential because it uses something that I already know works and makes it scale. Illumio isn’t a magic bullet, but it is wonderfully complementary.
Once upon a time, host-based firewalls were all we had. You can still configure one now, because Windows, OSX, Linux, and pretty much every operating system out there has a built in firewall capability. The trouble is, managing the configuration of lots of host-based firewalls is a scale problem that gets worse as you add more hosts.
You can’t just apply a blanket set of rules to all hosts, because different applications need to talk to each other on different ports. Add in the mobility inherent in modern apps with load-balancing, high-availability, and disaster-recovery, and if your rule changes can’t keep up with what’s needed, [entity display=”security” type=”section” active=”true” key=”/security” natural_id=”channel_3section_21″]security[/entity] becomes a stifling bottleneck.
Anyone who has had to wait weeks for a change to firewall rules for your new application will know what I mean. And the result is as predictable as it is maddening: [entity display=”security” type=”section” active=”false” key=”/security” natural_id=”channel_3section_21″]security[/entity] is compromised in the name of agility.