Service Mesh Archives

Use Tetrate’s Open Source Istio Cost Analyzer to Optimize Your Cloud Egress Costs

Who Is This For?

You should read this if you run Kubernetes and/or Istio on a public cloud, and you care about your cloud bill. Cloud providers charge money for data egress, including data leaving one availability zone destined for another. If your Kubernetes deployments span availability zones, you are likely being charged for egress between internal components. Even if you don’t run Kubernetes/Istio, you’ll still run into cross-zone data egress costs, which this article will help you understand and minimize.

Service Mesh, Tetrate

eBPF and Sidecars – Getting the Most Performance and Resiliency out of the Service Mesh

If you’ve been watching the service mesh space recently, you’ll have noticed a lot of talk about eBPF and “sidecar-less” meshes. In fact, there’s been so much talk about these things that I’m hoping for a lot of readers for this blog post, just because I’ve got all of it in the title!

But what actually are “sidecar-less” service meshes? How do they work? And do they solve the problems we’ve been told they do, namely improving performance and reducing resource usage? In this post I’ll explain what these two technologies are, what they can and can’t do for the mesh, and how they do — and do not — work together.

Service Mesh

Avoid Attacker Lateral Movement using Service Mesh

One of the core ideas that motivates the zero trust architecture is the idea that “the attacker is already in the network.” Many of the projects, tools, and techniques we see gaining widespread adoption today for enabling a zero trust architecture were born out of companies that know this first-hand. One seminal event was the Snowden leaks in 2011, which prompted Google to adopt encryption in transit for all communications, even over their own internal network.

Envoy Proxy & GetEnvoy, Istio, Service Mesh, Tetrate, Wasm

NIST-Tetrate 2022 Conference Talks: NIST Standards for Service Mesh

At the joint NIST-Tetrate conference this year on ZTA and DevSecOps for Cloud Native Applications, Tetrate founding engineer Zack Butcher offered a deep dive into new publications in the NIST SP 800-204 series that sets the standards on security for the use of microservices architecture for the US Government. In this article, we’ll provide a brief overview of Zack’s talk, with a link to a full recording for all the details.

Comprehensive Secure Connectivity for Composite Applications.

Service Mesh, Tetrate

Gartner’s CASCE Proposal for Securing Composite Applications

Background

Many applications today rely on components from multiple providers, accessed via web APIs – referred to as “composite applications,” according to Techopedia. Securing these applications, including communication across components, is challenging.

Now Gartner is promoting a solution to these challenges in a report, 2021 Gartner® Innovation Insight for Comprehensive Secure Connectivity for Composite Applications. The report describes composite applications as “a security architecture challenge” and proposes techniques “to implement these applications with greater consistency, flexibility and integrity.” Joe Skorupa of Gartner also spoke about these issues at the third annual ZTA and DevSecOps for Cloud-Native Applications conference, held in January. (Mr. Secorro’s talk was not recorded.)

Announcements, API Gateway, Kubernetes, Service Mesh, Tetrate Service Bridge

Tetrate Service Bridge: Golden Gate Release

Centralized governance, local enforcement for your application traffic

We are pleased to announce the general availability of the Golden Gate release of our flagship product, Tetrate Service Bridge (TSB). TSB Golden Gate adds capabilities that enable application developers to define traffic and security controls for all their applications and APIs. Importantly, it adds Web Application Firewall (WAF) and API gateway capabilities to the Envoy data plane and lets application developers and platform owners collaborate on the same platform to configure them properly for their applications, while enabling an end-to-end zero trust implementation. There is an entirely new developer experience for configuring applications and troubleshooting configurations for both personae.

Building HA microservice with Istio service mesh

API Gateway, Kubernetes, Resiliency, Service Mesh, Tetrate Service Bridge

Building highly available (HA) and resilient microservices using Istio Service Mesh

What is High Availability in microservices

High availability systems are designed to provide continuous and uninterrupted service to the end customer by using redundant software performing similar functions. In highly available microservices, all the hosts must point to the same storage. So, in case of failure of one host, the workload in one host can failover to another host without downtime. The redundant software can be installed in another virtual machine (VM), or Kubernetes clusters in multicloud or hybrid cloud.

Security, Service Mesh, Zero Trust

The US Government Endorses Zero Trust Architecture for Security

Tetrate is among the leading proponents of zero-trust architectures, helping NIST define the standards, and enabling public and private enterprises to pursue a zero-trust strategy — powered by the service mesh at its core. We’re recognized leaders in this space: we have been the exclusive co-hosts of an annual conference with the National Institute of Standards and Technology (NIST) on this topic for three years so far, and counting, as mentioned below. We’ve recently been recognized by Gartner as a Cool Vendor for Cloud Computing, and we were recognized by IDC as an IDC Innovator 2021. We were also named one of the Top 10 Hottest Cloud Computing Startups of 2021 by CRN.

Announcements, Envoy Proxy & GetEnvoy, Service Mesh, Wasm

Launching Envoy Fundamentals, a training course to enable faster adoption of Envoy Proxy

Also published on: CNCF

Envoy Proxy, an open-source edge and service proxy, is a vital part of today’s modern, cloud-native application and is used in production by large companies like Booking.com, Pinterest, and Airbnb(Source). Tetrate, a top contributor to Envoy, has developed Envoy Fundamentals, free training with a completion certificate, to help enterprises adopt the technology faster. It will enable DevOps users, SREs, developers, and other community members to learn Envoy easily with concept text, practical labs, and quizzes. Tetrate is also the creator of the popular Istio Fundamentals training course and the open-source project Func-e, which makes it easier to adopt Envoy.

Announcements, Kubernetes, Security, Service Mesh, Tetrate, Zero Trust

Why You Should Attend the ZTA and DevSecOps Conference with NIST and Tetrate

Tetrate and NIST are hosting their third annual ZTA conference, ZTA and DevSecOps for Cloud Native Applications (virtual), on Wednesday, Jan. 26th (training) and Thursday, Jan. 27th (sessions). The conference provides the most valuable opportunity this year for organizations to gather a practical understanding of how to secure critical infrastructure. You will learn how to put together a ZTA stack for end-user traffic from the ground up.

With the severity of data breaches escalating, including damage to critical US infrastructure, executive orders have been issued, calling for federal agencies to adopt Zero Trust Architecture (ZTA). The DevSecOps approach is seen as essential to achieving high operational assurance for microservices-based applications. But many organizations face challenges in implementation. NIST and Tetrate are presenting the third annual edition of this conference to dive deeply into this new architectural model, which yields enhanced security and other benefits. Their work to date has already yielded ZTA standards for cloud-native applications.