Networking and Security

A Proven and Scalable Foundation for Virtual Machines and Containers

Featuring Container Name Service

Why Triton for Container Networking and Security?

Simplified Network Management

Software defined networking and DNS allows dynamic and easy management of container networks. Each container gets its own unique IP. Fabric networks and VLANs can be controlled programmatically.

Consistent Network Design

Model on-premise network definitions in the cloud, and leverage Triton in your data center (or one we manage for you) to support private networks with gateway and multi-layer VLANs.

Proven Container Security

Full isolation per container in a multi-tenant environment. Triton has leveraged Zones, a hardened container runtime environment, to deliver containers securely in a hostile environment for nearly a decade.

What Capabilities Does Triton Networking and Security Provide?

Container Name Service

Automatic, universal DNS for your containers. Triton CNS serves address records (A and AAAA) for containers by instance name & tags, and it can be used to support basic load balancing requirements.


Multi-layered VLANs (external, internal (admin), underlay-VxLAN, console - DRAC, iLO, ipmi), layer 2-3 and fabric (switch pools) networking.

Network Modeling

Private network definitions can be modeled in Triton. Map physical NICs by NIC tags, auto-assigned IP addresses with reallocation support, leverage network pools to group VLANs.


Internet gateways on fabric networks enable private networks. Setup per account, traffic generated by one account cannot be seen by another account for system isolation.


Default access with SSH keys. Keys managed within Triton are mapped to accounts. SSL encryption for all compute and storage node access, and SSH access to the hypervisor with easy revoke.

Global and Local firewalls

No need to manage firewalls within instances. Global firewalls are configurable by an operator. Policies can be applied to specific or all (tagged) instances.

Role Based Access Control

Granular RBAC defined through policies, groups, and roles. Accounts can delegate roles to sub-users. Access policies map to CloudAPI functions (CAN createmachine, CAN listdatacenters, CAN createfirewallrule, etc.).

Container Security

Triton leverages Zones, a hardened container runtime environment that does not depend upon VM hosts for security. Patented resource protections insulate containers from noisy neighbors and ensure that each container gets its fair share of I/O.