Predict your next investment

INTERNET | Internet Software & Services / Monitoring & Security
aporeto.com

See what CB Insights has to offer

Founded Year

2015

Stage

Acquired | Acquired

Total Raised

$34.5M

Valuation

$0000 

About Aporeto

Aporeto provides a comprehensive cloud-native security solution for deploying and operating cloud-native applications.On November 25, 2019 Aporeto was acquired by Palo Alto Networks at a valuation of $150M.

Aporeto Headquarter Location

10 Almaden Suite 400

San Jose, California, 95113,

United States

833-276-7386

Latest Aporeto News

Tuning K8s Performance and Cost With NGINX Ingress Metrics

Oct 11, 2021

Tuning K8s Performance and Cost With NGINX Ingress Metrics There are load balancers, and then there are load balancers. Broadly speaking, there are two variations of NGINX : The first variation is open source with many contributors and an install base of—perhaps—billions. The second variation is NGINX Plus, a commercial product with support and proprietary load balancing algorithms. Although there’s no hard data available, it is reasonable to assert that NGINX Plus has a tiny fraction of the contributors and installations compared to its open source cousin. Is Bigger Better? Opsani recently ran an independent test to determine how their autonomous optimizer for cloud workloads would perform with each version of NGINX. The assumption was that the choice of load balancer as a front end for the optimization service would have no bearing on how the service performed. We were surprised by the outcome; we found significant differences in the setup. Our principal focus was extracting NGINX metrics for the application that we were optimizing. By definition, the application being optimized by our service depends on NGINX for load balancing. Once the test harness is set up and the application is up and running, optimization occurs automatically over a few application load cycles. The optimal configuration is usually calculated after we observe three or four peak periods. The Application Our reference application was Bank of Anthos , an application that mimics both a traditional three-tier enterprise application and the more modern microservices architecture. Test Method and Setup To determine a baseline configuration and measure the impact on both the metrics-gathering methodology and the load balancing mechanism in place, we configured and ran the following tests: Kubernetes “upstream” ingress with the community extended open source NGINX ingress controller as deployed with the standard process . Metrics were gathered by adding an Envoy proxy in line with the application under test in a sidecar container in the application pod. Kubernetes ingress using the NGINX Plus-based ingress controller with the deployment process described here . In addition, metrics were gathered with the same deployment and configuration as with the community version to ensure that metrics gathering was not the source of any direct impact in the optimization performance process. Kubernetes ingress using the NGINX Plus-based ingress controller as described with the previous test. We removed the sidecar Envoy in this model and collected RED metrics directly from the NGINX Plus ingress service controller. In the first two cases, we leveraged collecting RED metrics (of primary interest were throughput, p50 latency and transaction errors) to a Prometheus sidecar co-resident in the optimization controller pod. For the third case, we manually implemented the same base configurations that our connector implements, but targeted at the NGINX controller instead. This required defining the separate Kubernetes connector and Prometheus metrics configurations. The two proxies (Envoy versus NGINX Plus) have different metrics parameters. Still, we found a correlatable set using the median latency from NGINX Plus to compare with the p50 latency from Envoy. In addition, throughput and error rates were available in both metrics services and made up the rest of the required inputs for our optimization process. Results After optimizing Bank of Anthos with two variations of NGINX (Upstream and NGINX Plus) and two metrics collection variations (Envoy sidecar and Prometheus), we delivered the following results: Setup Variation P90  Response Time (latency) a Error Rate a Minor change from the baseline and within margin of error. NGINX Plus load-balancing efficiency is more effective at distributing load than the open source path. Opsani optimization is more efficiently produced with even load distribution. Only extracted mean, as statistically bucketized metrics were not readily available The following facts stand out: NGINX Plus load-balancing efficiency is more effective at distributing load than the open source path. Our optimization is more efficiently produced with even load distribution. Because of more efficient load balancing, NGINX Plus allows for superior optimization results. When collecting metrics via Prometheus and thereby eliminating the sidecar mechanism, we can expect superior performance results, as measured by lower latency. “Free” Costs Money It is worth emphasizing the big difference in cost savings when the same app used a widely distributed and installed open source load balancer, NGINX, versus a proprietary load balancer. Namely, optimizing the same stack module with the load balancer difference yielded a cost savings difference of 26%. Here is another way of looking at it: If your application costs $1.26 per hour when using the free version of NGINX, it would cost you only $1.00 per hour if you upgraded to (and paid for) NGINX Plus. On a small scale, this difference is trivial. But, if you are running any larger-scale production applications, the difference in operating costs is substantial. As it turns out, “free” costs money. Amir Sharif Amir Sharif is the VP of product at Opsani. Prior to Opsani, Amir co-founded Aporeto in November 2015. Aporeto was a cloud-native security startup that was acquired by Palo Alto Networks in November of 2019. Amir started his career at Sun Microsystems. In 2003, he joined Topspin Communications as a product manager. After the acquisition of Topspin by Cisco Systems, Amir joined VMware as the product manager for VMware ESXi. When not working on inventing the future in a startup, Amir enjoys time with his six children and, when the kids let him, he curls up with a history book. TechStrong TV – Live Email* 14 October 2021 Businesses everywhere need to deliver exceptional ways to engage customers, partners and employees — and transform systems and automate business-critical processes — into easy-to-use mobile apps and multi-channel experiences. The post Data from all Directions: Tying It All Together to Deliver Apps the Way You Want appeared first on DevOps.com. [...] 14 October 2021 Time is of the essence. The sooner ideas are transformed into running code, the sooner your business can see results. The post The Journey to Unbreakable DevOps on OpenShift appeared first on DevOps.com. [...] 14 October 2021 Financial institutions are finally adopting open source software to build modern and innovative applications that support their customers’ digital transformation. As financial institutions capitalize on the agility, speed and cost-effectiveness of open source software, they must also contend with mounting pressure to address open source security effectively and efficiently. Those most successful in managing open […] The post Reducing Enterprise Open Source Management Risk in the Financial Sector: Part 2 appeared first on DevOps.com. [...] 14 October 2021 As organizations plan for and assess the impact of IT incidents, one KPI that is often used is the mean time to resolution/repair, or MTTR — the average time required to resolve a service issue. The lower the MTTR, the smaller the business impact an IT incident will have. The post DevOps Collaboration: Right People, Right Data, Right Time appeared first on DevOps.com. [...] 13 October 2021 Modern software development practices like DevOps hands the responsibility for application security to developers. One tool that can help developers cope with this increased responsibility is static application security testing (SAST). The problem is that traditional SAST tools have been slow, inaccurate and not very developer-friendly. Snyk Code is here to change that. The post SAST Reimagined for the Developer appeared first on DevOps.com. [...] 25 October 2021 The need to secure applications from development to production and release has never been more important. Yet, for all the talk about shifting security left in the software development life cycle, many organizations haven’t fully embraced DevSecOps. Issues related to culture, technology and processes have slowed or prevented DevSecOps adoption, even as application security takes.. The post Editorial Panel: The State of DevSecOps appeared first on Security Boulevard. [...] 21 October 2021 Rapid adoption of cloud-native technologies has changed how organizations defend against security threats from their code to production environments. Additional pressures have accelerated the merging of development and IT operations under one DevOps umbrella to build and release code at a faster rate. However, this newfound developer agility and the widespread use of open source.. The post Ask Me Anything: Best Practices for Securing Modern Apps w/ Snyk and Rapid7 appeared first on Security Boulevard. [...] 19 October 2021 The sharp increase in attacks on organizations’ software supply chains requires policy makers to address supply chain risks with a more structured approach. President Biden’s cybersecurity executive order and NTIA’s software component transparency initiative aim to strengthen supply chain security through advanced visibility into organizations’ software bills of materials (SBOM). The post Managing Supply Chain Security Risks in the Enterprise appeared first on Security Boulevard. [...] 15 October 2021 Three forces are colliding to create a perfect cyberstorm: An escalated threat level, a cybersecurity talent shortage and the growing complexity that comes with managing a multitude of security solutions. This storm is driving change, forcing us to break down silos between endpoint, workload, network and identity. It’s driving the need to leverage existing tooling rather.. The post The Perfect Storm: Reshaping MDR appeared first on Security Boulevard. [...] 14 October 2021 Financial institutions are finally adopting open source software to build modern and innovative applications that support their customers’ digital transformation. As financial institutions capitalize on the agility, speed and cost-effectiveness of open source software, they must also contend with mounting pressure to address open source security effectively and efficiently. Those most successful in managing open.. The post Reducing Enterprise Open Source Management Risk in the Financial Sector: Part 2 appeared first on Security Boulevard. [...]

Predict your next investment

The CB Insights tech market intelligence platform analyzes millions of data points on venture capital, startups, patents , partnerships and news mentions to help you see tomorrow's opportunities, today.

Expert Collections containing Aporeto

Expert Collections are analyst-curated lists that highlight the companies you need to know in the most important technology spaces.

Aporeto is included in 2 Expert Collections, including The Edge Computing Landscape.

T

The Edge Computing Landscape

343 items

Edge computing companies facilitate workload deployment in addition to providing data processing and storage at the farthest reaches of the network. These edge computing companies range from data centers at the edge to workload management tools designed to orchestrate edge deploy

C

Cybersecurity

4,754 items

Aporeto Patents

Aporeto has filed 2 patents.

The 3 most popular patent topics include:

  • Computer network security
  • Computer security
  • Cryptography
patents chart

Application Date

Grant Date

Title

Related Topics

Status

3/17/2020

5/18/2021

Secure communication, Computer network security, Cryptography, Computer security, Software testing

Grant

00/00/0000

00/00/0000

Subscribe to see more

Subscribe to see more

Subscribe to see more

Application Date

3/17/2020

00/00/0000

Grant Date

5/18/2021

00/00/0000

Title

Subscribe to see more

Related Topics

Secure communication, Computer network security, Cryptography, Computer security, Software testing

Subscribe to see more

Status

Grant

Subscribe to see more

CB Insights uses Cookies

CBI websites generally use certain cookies to enable better interactions with our sites and services. Use of these cookies, which may be stored on your device, permits us to improve and customize your experience. You can read more about your cookie choices at our privacy policy here. By continuing to use this site you are consenting to these choices.