Skip to main content
Version: 3.19 (latest)

About Calico Enterprise

What is Calico Enterprise?​

Calico Enterprise is a security solution with full-stack observability for cloud-native applications running on containers and Kubernetes. Built upon the Calico CNI and network policy, Calico Enterprise works across all multi-cloud and hybrid environments with any combination of VMs, containers, Kubernetes, cloud instances, hosts, and bare metal servers.


Best fit​

The best fit for Calico Enterprise is enterprise teams who need full control to customize their networking security deployment to meet regulatory and compliance requirements for Kubernetes at scale.

Key features​

Web UI for observability and troubleshooting
• Single UI for all enterprise teams to observe traffic, troubleshoot logs, get alerts, manage policy lifecycle (preview, stage, enforce), and generate compliance reports.
• Service Graph to visualize traffic to/from a cluster
• Dashboards
• Elasticsearch logs (flow, L7, DNS, audit) with workload identity context
• Packet capture
• SIEM integration (Syslog, Splunk, or Amazon S3)
Threat defense• Global alerts
• Workload-based Web Application Firewall (WAF)
• Threat feeds to detect and alert on suspicious IPs, domains, and external IPs
• Honeypods (decoys) to detect suspicious activity in a Kubernetes cluster
• Deep packet inspection (DPI) on selected workloads
Multi-cluster management• Unified management plane to manage clusters and workloads running on different infrastructures and using different Kubernetes distributions
• Federated endpoints for policy-writing efficiency
• Federated services to extend and automate endpoint sharing
• Federated Prometheus metrics
Logs and compliance reports• Out-of-the-box support for PCI DSS, SOC 2, HIPAA, GDPR, NIST, and custom frameworks
• Out-of-the-box CIS benchmarks for Kubernetes compliance reports
• Pre-defined and custom compliance reports for audit reporting (on-demand or scheduled)
• Auditor-ready cluster compliance history
Advanced Calico networking• WireGuard pod-to-pod and host-to-host encryption
• Egress gateways to identify the source of traffic at the namespace or pod level when it leaves a Kubernetes cluster to communicate to external resources to avoid opening up a larger set of IP addresses.
• Dual top-of-rack (ToR) peering for redundant, active-active network path for business-critical cluster applications (for example, streaming and AI/ML applications)
Advanced Calico networking policy• Policy recommendations to isolate namespaces with network policy
• Tiered policy
• Stage and preview impacts on traffic before enforcing policy
• Network sets to reuse and scale sets of IP addresses used in policies
• DNS policy
• Application layer policy with Envoy as daemonset
• Auto host endpoints
• Policy integration with Fortinet and AWS firewalls

For a detailed list of Calico Enterprise features, see Tigera product comparison

Going into production with Calico Enterprise​

It is not easy navigating the cultural shifts that come with adopting Kubernetes. Tigera's Customer Success has spent many years working with enterprise companies in highly-regulated industries to understand the sticking points that stall going into production. Common hurdles seen during pre-production are:

  • Troubleshooting in Kubernetes across teams (cluster and pod failures, apps failures, and security breaches/attacks)
  • Writing policy with granular security controls for workloads
  • Ensuring security team requirements are met while allowing developer self-service with guardrails
  • Implementing compliance controls

Tigera's Customer Success has invested heavily in custom and self-service training to address these obstacles. Guided by their best-practices-to-production workflows, you can keep progressing and join the growing list of companies who are in production with Calico Enterprise.

Need more info?​