Skip to main content
Version: 3.28 (latest)

Tigera product comparison

Calico Open Source

The base product that comprises both Calico Enterprise and Calico Cloud. It provides the core networking and network policy features.

calico-open-source

Calico Enterprise

Includes the Calico Open Source core networking and network policy, but adds advanced features for networking, network policy, visibility and troubleshooting, threat defense, and compliance reports.

calico-enterprise

Calico Cloud

The SaaS version of Calico Enterprise. It adds Image Assurance to scan and detect vulnerabilities in images, and container threat defense to detect malware. It also adds onboarding tutorials, and eliminates the cost to manage Elasticsearch logs and storage that comes with Calico Enterprise.

calico-cloud

What is the best fit for you? It depends on your needs. The following table provides a high-level comparison.

ProductCost and supportBest fit
Calico Open SourceFree, community-supportedUsers who want best-in-class networking and network policy capabilities for Kubernetes without any costs.
Calico EnterprisePaid subscriptionEnterprise teams who need full control to customize their networking security deployment to meet regulatory and compliance requirements for Kubernetes at scale. Teams who want Tigera Customer Support for day-zero to production best practices, custom training and workshops, and Solution Architects to customize solutions.
Calico CloudFree trial with hands-on training from Customer Support, then pay-as-you-go with self-service training. Also offered as an annual subscription.Small teams who need to manage the full spectrum of compliance in a web-based console for novice users:
- Secure clusters, pods, and applications
- Scan images for vulnerabilities
- Web-based UI for visibility to troubleshoot Kubernetes
- Detect and mitigate threats
- Run compliance reports

Enterprise teams who want to scale their Calico Enterprise on-premises deployments by providing more self-service to developers.

Product comparison by feature

Calico Open Source
Calico Cloud
Calico Enterprise
Networking security and scalability
High-performance, scalable pod networking
Advanced IP address management
Direct infrastructure peering without the overlay
Dual ToR peering
Egress gateway
Multiple Calico networks on a pod
Application, pod, cluster security
Calico Open Source
Calico Cloud
Calico Enterprise
Seamless support with Kubernetes network policy
Label-based (identity-aware) policy
Namespace and cluster-wide scope
Global default deny policy design
Application layer policy
Policy for services
Web UI
Onboarding tutorials and lab cluster
DNS/FQDN-based policy
Hierarchical tiered network policy
Policy recommendations
Preview and staged network policy
Policy integration for third-party firewalls
Network sets to limit IP ranges for egress and ingress traffic to workloads
Data security and storage
Calico Open Source
Calico Cloud
Calico Enterprise
Data-in-transit encryption for pod traffic using WireGuard
SIEM integration
Non-cluster host security
Calico Open Source
Calico Cloud
Calico Enterprise
Restrict traffic to/from hosts using network policy
Automatic host endpoints
Secure Kubernetes nodes with host endpoints managed by Calico
Apply policy to host-forwarded traffic
Dataplane support
Calico Open Source
Calico Cloud
Calico Enterprise
eBPF
iptables
Windows HNS
VPP
Image vulnerability management
Calico Open Source
Calico Cloud
Calico Enterprise
Scan images for vulnerabilities for workloads in Kubernetes cluster
Create policy to block vulnerable images from your clusters
Runtime view to assess impact of newly-found vulnerabilities
Application observability and troubleshooting
Calico Open Source
Calico Cloud
Calico Enterprise
Graphical view of deployment (Service Graph)
Using third-party tools
Packet capture
Using third-party tools
Exportable logs
L3-4 flows, manual integration with any SIEM
Preconfigured Elasticsearch dashboards: flow, audit, bgp, dns, L7Preconfigured Elasticsearch dashboards: flow, audit, bgp, dns, L7
Prometheus for metrics and alert monitoring
Supports manual deployment
Kibana DNS dashboards
Traffic Flow Visualizer
Kubernetes security posture management
Calico Open Source
Calico Cloud
Calico Enterprise
Review overall score based on namespace isolation, container image vulnerabilities, and egress access
Prioritized list of remediation actions
Cluster mesh
Calico Open Source
Calico Cloud
Calico Enterprise
Native Kubernetes cross-cluster networking (ToR and IP-in-IP)
Multi-cluster management with RBAC integration
CLI only
GUI and CLI
Federated cross-cluster networking (VXLAN)
Federated identity-aware policy and services enforcement
Threat defense
Calico Open Source
Calico Cloud
Calico Enterprise
Container threat detection
Workload-centric Web Application Firewall (WAF)
Honeypods to see intruder activity
Add threatfeeds to trace suspicious network flows
Compliance
Calico Open Source
Calico Cloud
Calico Enterprise
Compliance reports
CIS benchmark reports
Monitor Calico components
Calico Open Source
Calico Cloud
Calico Enterprise
Prometheus