What is Calico Enterprise?

Modern applications are more distributed, dynamically orchestrated, and run across multi-cloud infrastructure. To protect workloads and enforce compliance, connectivity must be established and secured in a highly dynamic environment that includes microservices, containers, and virtual machines.

Calico Enterprise provides secure application connectivity across multi-cloud and legacy environments, with the enterprise control and compliance capabilities required for mission-critical deployments.

Designed from the ground up as cloud-native software, Calico Enterprise builds on leading open source projects like Calico. It connects and secures container, virtual machine, and bare metal host workloads in public cloud and private data centers.

Choice of dataplanes

Calico Enterprise gives you a choice of dataplanes, including a pure Linux eBPF dataplane, a standard Linux networking dataplane, and a Windows HNS dataplane. Whether you prefer cutting edge features of eBPF, or the familiarity of the standard primitives that existing system administrators already know, Calico has you covered.

Whichever choice is right for you, you’ll get the same, easy to use, base networking, network policy and IP address management capabilities, that have made Calico the most trusted networking and network policy solution for mission-critical cloud-native applications.

Best practices for network security

Calico Enterprise’s rich network policy model makes it easy to lock down communication so the only traffic that flows is the traffic you want to flow. Plus with built in support for Wireguard encryption, securing your pod-to-pod traffic across the network has never been easier.

Calico Enterprise’s policy engine can enforce the same policy model at the host networking layer and (if using Istio & Envoy) at the service mesh layer, protecting your infrastructure from compromised workloads and protecting your workloads from compromised infrastructure.

Performance

Depending on your preference, Calico Enterprise uses either Linux eBPF or the Linux kernel's highly optimized standard networking pipeline to deliver high performance networking. Calico Enterprise's networking options are flexible enough to run without using overlays in most environments, avoiding the overheads of packet encap/decap. Calico Enterprise’s control plane and policy engine has been fine tuned over many years of production use to minimize overall CPU usage and occupancy.

Scalability

Calico Enterprise’s core design principles leverage best practice cloud-native design patterns combined with proven standards based network protocols trusted worldwide by the largest internet carriers. The result is a solution with exceptional scalability that has been running at scale in production for years. Calico Enterprise’s development test cycle includes regularly testing multi-thousand node clusters. Whether you are running a 10 node cluster, 100 node cluster, or more, you reap the benefits of the improved performance and scalability characteristics demanded by the largest Kubernetes clusters.

Interoperability

Calico Enterprise enables Kubernetes workloads and non-Kubernetes or legacy workloads to communicate seamlessly and securely. Kubernetes pods are first class citizens on your network and able to communicate with any other workload on your network. In addition Calico Enterprise can seamlessly extend to secure your existing host based workloads (whether in public cloud or on-prem on VMs or bare metal servers) alongside Kubernetes. All workloads are subject to the same network policy model so the only traffic that is allowed to flow is the traffic you expect to flow.

Real world production hardened

Calico Enterprise is trusted and running in production at large enterprises including SaaS providers, financial services companies, and manufacturers. The largest public cloud providers have selected Calico Enterprise to provide network security for their hosted Kubernetes services (Amazon EKS, Azure AKS, Google GKE, and IBM IKS) running across tens of thousands of clusters.

Full Kubernetes network policy support

Calico Enterprise’s network policy engine formed the original reference implementation of Kubernetes network policy during the development of the API. Calico Enterprise is distinguished in that it implements the full set of features defined by the API giving users all the capabilities and flexibility envisaged when the API was defined. And for users that require even more power, Calico Enterprise supports an extended set of network policy capabilities that work seamlessly alongside the Kubernetes API giving users even more flexibility in how they define their network policies.