Tetrate Service Bridge

Secure multi-tenant application network

What is TSB?

Tetrate Service Bridge is a comprehensive service mesh management platform for enterprises that need a unified and consistent way to secure and manage services and traditional workloads across complex, heterogeneous deployment environments.

TSB Architecture

Across all compute, bridging Kubernetes clusters, VMs, and bare metal.

Tetrate App SCOR

Introducing App SCOR—security, connectivity, observability and reliability—the touchstones on your journey to application modernization.

Security
Extend the policy enforcement capabilities of a service mesh to your entire application fleet
Connectivity

Manage application connectivity consistently across clusters, clouds, and on-premises.

Observability

Establish unified monitoring, logging, and tracing for every application.

Reliability

Application high availability with seamless failover.

FAQ

Frequently Asked Questions

What’s the difference between TSB and Istio?+

TSB uses Istio under the hood, but layers on additional capabilities like centralized management, multitenancy, audit logging, workflows, a global service inventory, comprehensive lifecycle management, and configuration safeguards.

TSB is built and supported by the world’s foremost Istio experts. We believe in helping to build service mesh expertise within your organization through tailored training for your platform and application teams, understanding your architecture and mesh goals, and developing a plan to achieve them together. And, of course, enterprise-grade 24×7 support for when you need it.

Is TSB open source?+

Tetrate Service Bridge itself is proprietary, but uses best-of-breed open source components. Our team includes founders and core maintainers of Istio, Envoy, Zipkin, and Apache SkyWalking — the projects at the heart of Tetrate Service Bridge. We are the creators of GetIstio and GetEnvoy. These open source projects have been shaped by significant contributions by Tetrands and are used in our products.

Does TSB support non-Kubernetes workloads?+

Yes, we support onboarding services in VMs and on bare metal. In the process, you will run sidecar for VMs or bare-metal services. This sidecar will act as proxy so that your non-Kubernetes services can participate in the mesh.

Does Tetrate Service Bridge run in the cloud? On premises?+

Yes. TSB itself may be deployed in public clouds, a private cloud, or on-premises. It can also manage your services running in public, private, and hybrid clouds and on-premises.

Do you support multiple cloud deployments?+

Yes. TSB can manage application networking in and across multiple clusters, multiple clouds, private clouds, and on-premises simultaneously.

Why do I need multitenancy in a service mesh?+

Multitenancy in TSB is about separating concerns and isolating resources under management so different teams in an organization have the visibility and control they need to get things done without accidentally stepping on each other’s toes. 

Security, network, infrastructure, and application concerns are traditionally siloed within the teams responsible for them. Gaining visibility and coordinating policy across those silos is hard, causing drag on business continuity and agility. 

TSB offers a central point of coordination that gives all stakeholders the control they need to author policy with the visibility they need to ensure that policy is correctly implemented. 

Under the hood, TSB uses the underlying isolation primitives of the mesh, adding a multitenancy model and controls that align with the way your people and assets are organized. Teams may be organized by what they do and what they’re responsible for. Services may be grouped together into logical applications so app teams can focus on the services they need to monitor and manage.

Give InfoSec teams control that cuts across tenants and workspaces to establish global and default policy––for example, deny network egress by default. 

Give app teams a custom view of the services that make up their applications. And, where they once may have spent days or weeks to coordinate policy updates with infosec and network teams, give them the latitude within the scope of their application to add exceptions where needed––for example, allow egress for a particular service.

Platform administrators get a bird’s eye view of all resources and can organize them according to the needs of their constituents.

How do I protect production from unauthorized access in a dynamic compute environment like Kubernetes?+

TSB syncs with your enterprise directory service automatically onboard and offboard teams and members. InfoSec teams may then define roles and access policy within TSB for those teams and members that make sense for your business. TSB translates those roles and policies to your underlying infrastructure so you don’t need to configure that infrastructure directly. This means, for example, that you don’t need to configure each K8s cluster with team and individual permissions and keep them up to date. Tetrate Service Bridge manages all of that for you, based on centrally authored policy backed by your organization’s directory service.

In addition, access to every workload is dynamically authenticated and authorized based on centrally-managed policy. mTLS prevents eavesdropping and ensures message-level authenticity and integrity. And, TSB’s multitenancy features make it easy to author policy that allows teams access to resources they need while protecting those they don’t.

 

How can I implement mTLS across my entire infrastructure, including between K8s and VMs?+

TSB enables flexible mTLS between any workload onboarded to its service inventory—including between multiple clusters, clouds, and data centers as well as between workloads in container orchestrators and VMs.

Will TSB work with my existing public key infrastructure?+

TSB integrates with the PKI of your choice. Whether you’re using the certificate management built into your cloud provider, a third-party PKI like Venafi or Keyfactor, or need to integrate with your own private, self-managed PKI, Tetrate Service Bridge has you covered.

How do I ensure and prove consistent application of authorization policy across all of my deployments?+

Instead of building in and maintaining separate authentication libraries for multiple languages of varying levels of quality and support into each of your applications, a service mesh, through its sidecar proxies, provides a common, consistent policy enforcement mechanism for every service and every app. Tetrate Service Bridge allows you to author policy centrally, then ensures that policy is configured and enforced universally. TSB also lets you make sure, at a glance, that policy actually is being enforced and can provide audit logs to prove it.

Schedule a demo

Resources

White Paper
Service Bridge – Bridging Brownfield and Greenfield
Envoy, is a self-service, multi-tenant platform to weave and manage the service mesh across VMs and Kubernetes clusters, on-prem and cloud.

Download ›

Video

Starting out with
Service Mesh
Envoy creator Matt Klein (Lyft) advises organizations starting with service mesh to make changes incrementally, to solve problems one piece at a time.

Watch Now ›

Case Study

Encryption & PCI Compliance with Istio Service Mesh
Service mesh architecture provides a rich set of features for controlling and securing communications among services. Encryption in transit…

Read More ›