The simplest, most comprehensive cloud-native stack to help enterprises manage their entire network across data centers, on-premises servers and public clouds all the way out to the edge: Traefik Labs

Traefik Enterprise is a unified cloud-native networking solution that brings ingress control, API gateway and Service Mesh all together in one simple control plane. Traefik Enterprise eases microservices networking complexity for developers and operations teams across the organization. Built on top of open source Traefik Proxy and Traefik Mesh, Traefik Enterprise brings exclusive all-in-one, highly-available, scalable, and distributed features combined with premium bundled support for production grade deployments. With hybrid support for both legacy and cloud-native applications, Traefik Enterprise is the best solution to help companies migrate progressively and safely to a microservices platform.

Ingress proxies are worker nodes that accept requests from the external network and forward them to services running on the cluster, based on custom rule definitions and behaviors. Mesh proxies manage internal communications between services on the cluster so that they can work together, while providing such features as inter-service authentication, rate limiting, and traffic splitting. Controllers query the network infrastructure to generate the appropriate routing configuration, which they then distribute to the proxy nodes. Controllers also store all data about the cluster, which can be accessed via an API. All Traefik Enterprise node types can be scaled horizontally by adding more nodes. Together, they form a high-availability cluster that maintains its own health autonomously.

Unlock the Potential of Data APIs 

When it comes to enterprise IT infrastructure, security is of paramount importance. Between the need for data protection and privacy, regulatory requirements, and the constant threat of bad actors on the network, there is little room for error when designing and maintaining enterprise systems. Because of this, strong authentication is a critical component of any IT modernization project. One of the top goals for enterprises today is to open up the data held within legacy systems and expose it through APIs, microservices, and other modern means. And yet, while this data represents untapped business value, it’s essential to only expose it in controlled ways by using authentication to ensure each request’s validity.

Traefik can help. As a modern, cloud native edge router, Traefik Proxy directs valid requests from the external network to applications and services, while minimizing the risk posed by malformed, malicious, or fraudulent requests. One way it can do this is by acting as an intermediary to ensure that transactions are authorized. What’s more, Traefik Enterprise bundles additional, exclusive features to provide enterprise-grade authentication — including support for OpenID Connect (OIDC).

Who goes there?

One of Traefik’s key concepts is its use of middlewares, which are pluggable components that provide conditional controls over network traffic. These controls can take various forms, including enabling security features such as rate limiting, restricting requests by IP address, and authentication. Traefik Enterprise's authentication middlewares work by referencing external authentication sources. Traefik Enterprise can act as a gatekeeper at the edge of the internal network by intercepting incoming requests and authenticating them against the external source before forwarding them to the appropriate applications. This model can be particularly critical for legacy modernization projects because it allows authentication to occur externally to the application. You can add modern authentication methods to legacy applications to satisfy the latest security requirements, without making any direct modifications to legacy code.

But this model is not only beneficial for modernizing legacy applications. The benefits of standardizing authentication and authorization at the API gateway level apply equally to cloud native and legacy projects. Those benefits include reducing/eliminating duplication of effort, promoting compliance with security standards, and freeing up developers to work directly on the end applications instead of security features.

Traefik Enterprise offers several middlewares for enterprise authentication, and the collection continues to grow. Among the methods that Traefik Enterprise supports are:

JSON web tokens (JWT)

JWT is a popular tool used to authenticate API calls and single sign-on (SSO) applications. It’s a method of digitally signing information as a JSON object. The JWT includes a set of claims, which typically describe the things that an authenticated user is allowed to do. The Traefik Enterprise JWT middleware can be added to routers in the dynamic configuration and verifies that a token is provided in the Authorization header. In case the token can't be passed as an Authorization header, you can also add it as form data or as a query parameter.

OpenID Connect (OIDC)

Traefik Enterprise also includes support for OIDC, an authentication layer built on top of the OAuth 2.0 protocol. OpenID Connect allows an application to obtain user login information by exchanging cryptographic tokens with an identity provider and is often used to implement federated SSO between multiple applications. With the OIDC Authentication middleware, you can secure your applications by delegating the authentication process to an external provider (e.g. Google Accounts, LinkedIn, GitHub, etc.) and obtaining the end user's session claims and scopes for authorization purposes.

Lightweight Directory Access Protocol (LDAP)

To verify user credentials (i.e. usernames and passwords) LDAP connects with a directory service that uses the LDAP protocol. The Traefik Enterprise LDAP middleware connects to an LDAP server to verify said credentials and was designed to avoid having sensitive information — such as LDAP credentials specified as labels (or in CRDs) by applications — and to allow multiple middlewares to reuse the same authentication method.

Emile Vauge, Founder & CEO

Traefik Labs’ mission is to bring the first cloud-native networking stack for dynamic infrastructure to simplify cloud and microservices adoption journey for all enterprises.