Created by Istio founders, Tetrate Service Bridge is the only edge-to-workload application connectivity platform that provides enterprises with a consistent, unified way to connect and secure services across an entire mesh-managed environment.
TSB sits at the application edge, at cluster ingress, and between workloads in your Kubernetes and traditional compute clusters. Edge and ingress gateways route and load balance application traffic across clusters and clouds while the mesh controls connectivity between services.
A single management plane configures connectivity, security, and observability for your entire application network.
Tetrate Service Bridge makes it faster and safer to modernize and incrementally migrate by providing seamless connectivity between traditional and modern workloads. Embrace cloud–public, private, and hybrid–faster, too.
The move to modernization too often makes operations messier for enterprises. TSB is designed to streamline and accelerate application operations. App developers can configure their APIs for desired behavior, and TSB makes it happen across the entire infrastructure.
Application connectivity from edge to mesh
Envoy-based, application-aware L7 gateway: smart and flexible enough to facilitate modern, multi-cluster deployments.
- Request-level traffic control across all your compute clusters
- Traffic shifting between VMs and Kubernetes
- Traditional north-south API gateway functionality
Envoy-based, application-aware Ingress load balancer: combines service mesh ingress with backend API gateway functionality.
- Kubernetes ingress & service load balancing
- Traditional east-west API gateway tasks like rate limiting, credential management
- Fault tolerance capabilities like timeouts, retries, and circuit breakers
Istio control plane and Envoy data plane: TSB uses the best-in-class service mesh, Istio, to power consistent, unified security, connectivity, observability, and resiliency across all application traffic regardless of where or how it runs. TSB augments/transforms Istio into an enterprise-grade service mesh, providing:
- Vetted builds for your application and cloud platform
- Istio and Envoy lifecycle management
- Usability enhancements
Unified application management: A central management plane coordinates policy, configuration, observability, and lifecycle across your entire application network topology.
- Centralized management
- Multi-tenancy
- Workflows and process integration
- Service inventory
- Configuration safeguards
Application edge. L7 load balancing across one or more ingress gateways in different clusters over Istio-controlled mTLS.
Application ingress. Ingress gateway load balancing to the mesh in Kubernetes clusters or traditional workloads.
API Gateway. TSB eliminates the difference between north-south and east-west traffic. There is just application traffic. So, our out-of-the box API gateway functionality may be applied at every layer: the application edge, application ingress, and between services at the mesh sidecar.
- OpenAPI: configure gateways and mesh with your OpenAPI spec
- CORS policy configuration
- WAF
- Authn/z. mTLS, OIDC, JWT, IP black/whitelist, and external auth
- Credential management
- Rate limiting
- Fault tolerance: timeout retry, circuit breaker
- Transforms: custom header and body transformations for both request and response
- Wasm: deploy custom Wasm filters to Envoy
Security
Apply security policy consistently in the mesh so app devs don’t have to. Get out-of-the-box conformance with NIST standards for microservices security and enable zero trust
- Service identity
- mTLS
- Certificate management
- Next-generation access control
- Global, dynamic policy enforcement
- Central policy configuration
Traffic management
Manage connectivity between services on any compute, from microservices in Kubernetes to monoliths running on virtual machines or bare metal
- Flexible routing
- Timeouts
- Retries
- Circuit breakers
- Fault injection
Vetted, FIPS compatible builds
Comprehensive mesh lifecycle management with tested builds of upstream Istio and Envoy vetted by Tetrate to work in your environment. FIPS-compatible builds available for those operating in a federal regulatory environment,
Best of open source
Built by founders and core contributors to Istio, Envoy, and Skywalking, Tetrate has open source service mesh in its DNA.
Consistent observability for your entire fleet
Measure, correlate, alert & remediate SLO violations
See the topology of your services and their dependency relationships to understand application health at a glance. Correlated metrics, traces, logs, and lifecycle events make it easier to troubleshoot apps and reduce mean time to identification and resolution.
Consistent metrics from all apps, at scale
Roll out global SLOs with consistent and unified service and app-level metrics. Apache SkyWalking under the hood means data collection will scale efficiently with your apps.
Single pane of glass for developers and SREs
Give app teams a view of their service topology and dependencies at a glance. Ensure alerts instantly reach the right teams so they can take action before customers notice.
Find out before there’s an outage
Create, measure, and monitor both app and service-level SLOs across your fleet. You can then recognize anomalies and take action before there’s an outage.
Centralized Management. Istio is the de facto standard service mesh for a single Kubernetes cluster. TSB adds a global management plane that extends Istio to multi-cluster, multi-cloud, and hybrid cloud deployments.
Multi-tenancy. Governance and regulatory compliance are driving use cases for service mesh adoption. Tetrate has partnered with NIST to define service mesh security standards for all. TSB makes it easy to control who in your organization can change what, audit those changes, and ensure your mesh deployment conforms to secure best practices.
Workflows and process integration. Build workflows to match your existing business processes to fit cleanly into modern infrastructure-as-code and CI/CD practices while incrementally modernizing your applications. Your teams execute at their own pace, but safely within the guardrails you’ve provided.
Service Inventory. Get a complete view of all your applications wherever they’re running––in modern or traditional environments––including real-time health, endpoints, and performance. View and manage applications in your data centers and the cloud with a consistent set of tools and processes.
Comprehensive Istio & Envoy lifecycle management. Manage centrally and upgrade incrementally with a full inventory of your mesh deployments, versions, and current state.
Configuration safeguards. Author and validate Istio configuration ensuring correctness by construction. Service-level isolation and organizational controls guarantee that only correct configuration reaches your runtime.
See TSB in Action
Traffic
View traffic between services historically and in real time
Health
Check traffic health at a glance
Metrics
View connectivity metrics between services everywhere
Service Metrics
Drill down to individual service metrics
Subset and Envoy Metrics
Look at Envoy under the hood
Service Dependencies
Inspect as-built service dependency graphs
Topology
View cross-cluster traffic
Cluster Inventory
View and manage configuration in every cluster
Configs
View and manage configuration in every cluster
Resource level Policies
Set auth policy for your org and view audit logs
Roles
Configure roles based on your directory service
AuthN and AuthZ
Configure authentication and authorization
Features
First-class support for OpenAPI-driven configuration combined with unified, application-level metrics makes it easy for development teams to manage their operating environments.
A single management plane across heterogeneous environments including Kubernetes, virtual machines, and bare metal servers in the cloud or on premises offers consistent and unified application management for any compute.
Use TSB’s fine-grained access control and isolation to apportion your shared infrastructure safely across teams. Audit changes to service and shared resources from start to finish.
Built on the best-in-class open source projects—Istio, Envoy, and Apache SkyWalking—TSB provides a management platform on top of them for a consumable application connectivity platform that integrates with your organization.
Multi-cluster out of the box to coordinate app connectivity across all of your infrastructure—multi-cluster, multi-cloud, on-premises—from a single point of management.
Manage centrally and upgrade incrementally with a full inventory of your mesh deployments, versions, and current state. Platform owners can manage the lifecycle of Istio and Envoy consistently and safely across their entire fleet.
Gain deep insight into all the services in your system—their dependencies, behavior, health history, and who owns them—with a complete view of your applications wherever they’re running.
Powered by a vetted and validated build of upstream Istio with FIPS-compatible options available. Tested by Tetrate on all major Kubernetes environments including EKS, EKS Anywhere, GKE, and AKE.
Resources
Service Mesh
