Today, Tetrate, the leader in application-aware networking and service mesh technologies, announced the opening of a Singapore office to expand the company’s presence in the APAC region. Tetrate appointed Karthik Viswanathan as the APAC sales leader and Adrian Cole as head of engineering to build out its team in Asia. Viswanathan has grown sales organizations for Cloudhealth (acquired by VMWare) and Fortinet, and Cole is a co-founder and major contributor to open source projects like JClouds, Spring Cloud Sleuth and OpenZipkin. Earlier this year in March, Tetrate raised $40 million in a Series B funding round led by Sapphire Ventures. Other investors include Scale Venture Partners, NTTVC, Dell Technologies Capital, Intel Capital, 8VC, and Samsung NEXT.
Enterprises are increasing their investments in digital transformation and in hiring the right talent to accelerate the journey. According to the 2020 open source jobs report from Linux Foundation, 52% of hiring managers are more likely to hire someone with a certification, up from 47% two years ago. Not so surprisingly, 93% of hiring managers report difficulty finding sufficient talent. Tetrate today announced the public availability of its exam for Certified Istio Administrator by Tetrate (CIAT) that evaluates skill, knowledge, and ability to perform Istio service mesh installation and configuration as well as configure traffic management, resilience and fault injection, and use security features of the Istio service mesh. This follows the February launch of the free training and certification course on Istio Fundamentals. Over 600 IT professionals have taken the training since then.
Service mesh architecture provides a rich set of features for controlling and securing communications among services. Encryption in transit is a feature that will be critical for financial institutions and other industries working within regulatory frameworks, including PCI, HIPAA, and others.
New tooling is now available to make it easier for developers to create custom extensions for the Envoy proxy.
In this interview (also available as a Make it Mesh podcast), Tetrate Engineer Yaroslav Skopets, an Envoy contributor and GetEnvoy maintainer, explains how WebAssembly (Wasm) makes Envoy extensibility more accessible, and how developers can quickly get started with Tetrate’s open source GetEnvoy extensibility toolkit.
September 29, 2020 — The Envoy Product Security Team (PST) announced the availability of a security fix and a series of patches for Envoy versions 1.12,1.13, 1.14 and 1.15 to address two high-risk vulnerabilities related to header values and HTTP URL paths. In response to CVE-2020-25017. Additionally the Istio community recommends users to upgrade to 1.6.11+ for 1.6.x deployments or 1.7.3 or later for 1.7.x deployments.
Istio founders and contributors Zack Butcher, Sven Mawson, and Liam White discussed all things Istio– covering the latest Istio 1.7 release, what’s to come in 1.8, and practical advice for end users of Istio and the Envoy proxy in Tetrate’s September Istio AMA session.
The release of Istio 1.7 was highly anticipated by the service mesh community and end-users because it addresses a problem that Tetrate was founded to solve: Bringing VMs into the mesh.
Can I use Istio with Other Ingress Proxies?
It’s been a common problem that we’ve been asked to address, and something that pops up frequently. Can I use Istio with other ingress proxies? In a word? Yes.
Users of Istio and Envoy are strongly encouraged to upgrade to Istio 1.4.6 and Envoy 1.13.1 or 1.12.3 to address four newly discovered security vulnerabilities. The Envoy update is also available via GetEnvoy.io.
CVE-2020-8659 (CVSS score 7.5, High): Excessive CPU and/or memory usage when proxying HTTP/1.1 Envoy version 1.13.0 or earlier may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (e.g., 1 byte) chunks.
The Identity Management & Access Control for Multi-Cloud Conference co-hosted this January by Tetrate and NIST drew 300 attendees to Maryland and and some 600 more participants online. A major takeaway: a Zero Trust Architecture needs service mesh technologies (Istio and Envoy) and Next Generation Access Control (NGAC).