Tetrate Blog | Service Mesh for Any Cloud and Any Environment

Tetrate First to Provide Hardened Istio to DoD’s Iron Bank

Game of Thrones fans know the Iron Bank as a lender to governments, businesses, and individuals across the known world. But Iron Bank is also the repository for digitally signed container images that are accredited for use across the US Department of Defense. Iron Bank software is accessible to anyone who registers on the Iron Bank repository.

Iron Bank software must comply with relevant Federal Information Processing Standards (FIPS). Now, a FIPS-compliant version of Istio, provided and supported by Tetrate, has been accepted by the DoD and added to Iron Bank. This version of Istio is supported by the Tetrate support service, Tetrate Istio Subscription. Istio is now easily available for rapid deployment across the DoD and beyond.

The DoD is the largest organization in the world, by headcount (more than 2 million employees, civilian and military) and by budget (more than $700B per year.) About 100,000 of those 2 million employees are involved in software development and delivery. So the use of service mesh and Istio, along with Zarf (see below) and disconnected systems, by the DoD will have a large impact across the US government and beyond.

Tetrate

Tetrate Adds Istio and Envoy Support for Arm Neoverse

Arm and Tetrate strengthen the responsiveness of Istio service mesh with integrated hardware and software for high performance computing and cloud-to-edge workloads

Tetrate, founded by creators and maintainers of Istio and Envoy, today announced that Istio service mesh and Envoy proxy now support the Arm® Neoverse™ platform. Arm is the leading technology provider of processor IP and its designs have enabled more than 215 billion chips. Neoverse support enables widely used open source software projects to run faster, with less energy usage and lower total cost of ownership.

mTLS

mTLS by the Book

In DevSecOps the reality is that everything is configurable– absolutely everything. A good analogy here: Imagine if you had a pen that had– instead of one button to retract the ballpoint– a number of knobs and switches– a color adjuster, pressure switch, ink density tuning wheel, etc. Many people would find it difficult to sign their name because not many of us are ink experts. A similar situation is happening when application developers or infrastructure specialists need to become cryptographers to set up mTLS certificates.

Tetrate

NIST-Tetrate 2022 Conference Talks: NIST Standards for Service Mesh

At the joint NIST-Tetrate conference this year on ZTA and DevSecOps for Cloud Native Applications, Tetrate founding engineer Zack Butcher offered a deep dive into new publications in the NIST SP 800-204 series that sets the standards on security for the use of microservices architecture for the US Government. In this article, we’ll provide a brief overview of Zack’s talk, with a link to a full recording for all the details.

Tetrate

NIST SP 800-207: Laying the Groundwork for Zero Trust Architecture

Background

Since the first animal took a bite out of its neighbor, security concerns have driven an ever-escalating evolution of threat and defense. The evolutionary call and response between threat actors and defenders is punctuated by periods of rapid change between periods of stasis.

We are now in such a period of rapid change. The current security landscape presents us with twin competing challenges: cyber attacks have rapidly increased in scale and sophistication while, at the same time, modern, cloud-native architectures have outgrown traditional network security practices.

In an effort to modernize the security posture of federal agencies and private industry to meet these new challenges, the US government has endorsed zero trust network architecture as a way forward. The National Institute of Standards and Technology (NIST), the body tasked with defining the standards and deployment recommendations for zero trust in the enterprise, has authored a series of special publications to do just that.

In this article, the first of two on NIST zero trust standards, we’ll review NIST’s cornerstone paper, SP 800-207: Zero Trust Architecture, which defines the tenets of zero trust network security and offers recommendations for how to adopt it in your organization.

Envoy proxy & GetEnvoy, Tetrate

Designing Traffic flow via Tier-1 and Tier-2 Ingress Gateways

Introduction

Tetrate’s application connectivity platform, Tetrate Service Bridge (TSB), offers two gateway types, called Tier-1 and Tier-2, that are both based on Envoy and help to achieve different goals. Let’s explore how each type of gateway functions, and when to choose one gateway type versus another.

Istio, Open Source

What’s new in Istio 1.13?

In February 2022, Istio released 1.13.0 and 1.13.1. This blog will give you an overview of what’s new in these two releases.

ABAC, NGAC, Security, Tetrate, Zero Trust

NIST-Tetrate 2021 Conference Talk: ABAC for microservices applications using a service mesh

Access control is fundamental to application security. Modern applications, more than ever, need a flexible access control mechanism that can succinctly express access rules, take into account a large number of objects and dynamic runtime attributes, and be evaluated efficiently at runtime. These rules must also be both intelligible and auditable so the current state of access policy enforcement is knowable and can be easily understood.

Comprehensive Secure Connectivity for Composite Applications.

Service Mesh, Tetrate

Gartner’s CASCE Proposal for Securing Composite Applications

Background

Many applications today rely on components from multiple providers, accessed via web APIs – referred to as “composite applications,” according to Techopedia. Securing these applications, including communication across components, is challenging.

Now Gartner is promoting a solution to these challenges in a report, 2021 Gartner® Innovation Insight for Comprehensive Secure Connectivity for Composite Applications. The report describes composite applications as “a security architecture challenge” and proposes techniques “to implement these applications with greater consistency, flexibility and integrity.” Joe Skorupa of Gartner also spoke about these issues at the third annual ZTA and DevSecOps for Cloud-Native Applications conference, held in January. (Mr. Secorro’s talk was not recorded.)

Announcements, API Gateway, Kubernetes, Service Mesh, Tetrate Service Bridge

Tetrate Service Bridge: Golden Gate Release

Centralized governance, local enforcement for your application traffic

We are pleased to announce the general availability of the Golden Gate release of our flagship product, Tetrate Service Bridge (TSB). TSB Golden Gate adds capabilities that enable application developers to define traffic and security controls for all their applications and APIs. Importantly, it adds Web Application Firewall (WAF) and API gateway capabilities to the Envoy data plane and lets application developers and platform owners collaborate on the same platform to configure them properly for their applications, while enabling an end-to-end zero trust implementation. There is an entirely new developer experience for configuring applications and troubleshooting configurations for both personae.