Wireguard, TLS and Workload Identity: The Backbone of Modern Service Networking

Track: Cloud Technology

Abstract

Zero Trust Networking has become a standard marketing buzzword but the underlying principles are critical for modern microservice-style architectures. Authentication, authorizations, policy, etc. can be difficult to implement between services and do so in a maintainable way. Google invented their own transparent encryption and authorization protocol called "ALTS" back in 2007 to serve the application layer of Google's Borg workload scheduler, but we don't see others using it outside Google.

In this session we look at existing technology like TLS and newcomer Wireguard and see how these technologies come together to provide a secure foundation for workload identity and modern service-to-service networking. We will see how to accomplish exactly what Google did with ALTS but in a more open-source friendly way.

Christian Posta

Christian Posta (@christianposta) is VP, Global Field CTO at Solo.io. He is the author of Istio in Action as well as many other books on cloud-native architecture and is well known in the cloud-native community for being a speaker, blogger (https://blog.christianposta.com) and contributor to various open-source projects in the service mesh and cloud-native ecosystem (Istio, Kubernetes, et. al.). Christian has spent time at government, commercial enterprises as well as web-scale companies and now helps organizations create and deploy large-scale, cloud-native, resilient, distributed architectures. He enjoys mentoring, training and leading teams to be successful with distributed systems concepts, microservices, DevOps, and cloud-native application design.