Containerized, cloud-based, elastic architectures are becoming more popular. Each container typically includes an application or microservice. The application or microservice needs to communicate securely with other containerized applications or microservices.
One issue with containers is the need to protect data in transit. The applications and microservices must also be able to mutually authenticate each other. One method of doing this to use SSL (Secure Sockets Layer), which is a security technology for establishing an encrypted link between two applications. SSL addresses both of these security needs; however, SSL depends on X.509 certificates, in which case each container will require a public-private key-pair and a corresponding certificate.
One problem with using SSL in containerized environments is that containers exist in elastic environments, where containers are dynamically spawned to meet demand, destroyed when no longer needed, and spawned again when demand once again spikes. This is not the environment for which SSL was designed.
Another problem is that in cloud environments deployment is fully automated. Since there is no human presence, the cloud networks cannot rely on using a human's credential to verify and confirm the identity of the container being spawned. Further, it is unacceptable from a security standpoint to attempt to bake the private keys into the container images, as they easily leak out, leading to security vulnerabilities.
Therefore a need exists for an improved method for providing secure communication between microservices in elastic cloud environments.
Skilled artisans will appreciate that elements in the figures are illustrated for simplicity and clarity and have not necessarily been drawn to scale. For example, the dimensions of some of the elements in the figures may be exaggerated relative to other elements to help to improve understanding of embodiments of the present invention.
The apparatus and method components have been represented where appropriate by conventional symbols in the drawings, showing only those specific details that are pertinent to understanding the embodiments of the present invention so as not to obscure the disclosure with details that will be readily apparent to those of ordinary skill in the art having the benefit of the description herein.