Tetrate Service Bridge

Application connectivity platform

Get a Demo

Topology

Created by Istio founders, Tetrate Service Bridge is the only edge-to-workload application connectivity platform that provides enterprises with a consistent, unified way to connect and secure services across an entire mesh-managed environment.

TSB sits at the application edge, at cluster ingress, and between workloads in your Kubernetes and traditional compute clusters. Edge and ingress gateways route and load balance application traffic across clusters and clouds while the mesh controls connectivity between services.

A single management plane configures connectivity, security, and observability for your entire application network.

Multi-cluster, multi-cloud, multi-tenant
Complexity contained: consistent, unified observability, security, and traffic management on any compute. Define fine-grained access control and editing rights for teams on shared infrastructure. Audit changes to services and shared resources from start to finish.
Seamless connectivity for modern and traditional apps

Tetrate Service Bridge makes it faster and safer to modernize and incrementally migrate by providing seamless connectivity between traditional and modern workloads.  Embrace cloud–public, private, and hybrid–faster, too.

Managed modernization

The move to modernization too often makes operations messier for enterprises. TSB is designed to streamline  and accelerate application operations. App developers can configure their APIs for desired behavior, and TSB makes it happen across the entire infrastructure.

Application connectivity from edge to mesh

Topology View

Application edge. L7 load balancing across one or more ingress gateways in different clusters over Istio-controlled mTLS.

Ingress Gateway

Application ingress. Ingress gateway load balancing to the mesh in Kubernetes clusters or traditional workloads.

Application Services

API Gateway. TSB eliminates the difference between north-south and east-west traffic. There is just application traffic. So, our out-of-the box API gateway functionality may be applied at every layer: the application edge, application ingress, and between services at the mesh sidecar.

  • OpenAPI: configure gateways and mesh with your OpenAPI spec
  • CORS policy configuration
  • WAF
  • Authn/z. mTLS, OIDC, JWT, IP black/whitelist, and external auth
  • Credential management
  • Rate limiting
  • Fault tolerance: timeout retry, circuit breaker
  • Transforms: custom header and body transformations for both request and response
  • Wasm: deploy custom Wasm filters to Envoy

Security
Security
Apply  security policy consistently in the mesh so app devs don’t have to. Get out-of-the-box conformance with NIST standards for microservices security and enable zero trust

  • Service identity
  • mTLS
  • Certificate management
  • Next-generation access control
  • Global, dynamic policy enforcement
  • Central policy configuration

Traffic management
Traffic management
Manage connectivity between services on any compute, from microservices in Kubernetes to monoliths running on virtual machines or bare metal

  • Flexible routing
  • Timeouts
  • Retries
  • Circuit breakers
  • Fault injection

Builds
Vetted, FIPS compatible builds
Comprehensive mesh lifecycle management with tested builds of upstream Istio and Envoy vetted by Tetrate to work in your environment. FIPS-compatible builds available for those operating in a federal regulatory environment,

Open Source
Best of open source
Built by founders and core contributors to Istio, Envoy, and Skywalking, Tetrate has open source service mesh in its DNA.

Istio, Envoy and Skywalking

Consistent observability for your entire fleet

Measure, correlate, alert & remediate SLO violations
See the topology of your services and their dependency relationships to understand application health at a glance. Correlated metrics, traces, logs, and lifecycle events make it easier to troubleshoot apps and reduce mean time to identification and resolution.

Consistent metrics from all apps, at scale
Roll out global SLOs with consistent and unified service and app-level metrics. Apache SkyWalking under the hood means data collection will scale efficiently with your apps.

Metrics

Single pane of glass for developers and SREs
Give app teams a view of their service topology and dependencies at a glance.  Ensure alerts instantly reach the right teams so they can take action before customers notice.

Find out before there’s an outage
Create, measure, and monitor both app and service-level SLOs across your fleet. You can then recognize anomalies and take action before there’s an outage.

Centralized Management
Centralized Management. Istio is the de facto standard service mesh for a single Kubernetes cluster. TSB adds a global management plane that extends Istio to multi-cluster, multi-cloud, and hybrid cloud deployments.

Multi-tenancy
Multi-tenancy. Governance and regulatory compliance are driving use cases for service mesh adoption. Tetrate has partnered with NIST to define service mesh security standards for all. TSB makes it easy to control who in your organization can change what, audit those changes, and ensure your mesh deployment conforms to secure best practices.


Workflows and process integration. Build workflows to match your existing business processes to fit cleanly into modern infrastructure-as-code and CI/CD practices while incrementally modernizing your applications. Your teams execute at their own pace, but safely within the guardrails you’ve provided.

Service Inventory
Service Inventory. Get a complete view of all your applications wherever they’re running––in modern or traditional environments––including real-time health, endpoints, and performance. View and manage applications in your data centers and the cloud with a consistent set of tools and processes.

Lifecycle Management
Comprehensive Istio & Envoy lifecycle management. Manage centrally and upgrade incrementally with a full inventory of your mesh deployments, versions, and current state.

Configuration Safeguards
Configuration safeguards. Author and validate Istio configuration ensuring correctness by construction. Service-level isolation and organizational controls guarantee that only correct configuration reaches your runtime.

See TSB in Action

Traffic

View traffic between services historically and in real time

Health

Check traffic health at a glance

Metrics

View connectivity metrics between services everywhere

Service Metrics

Drill down to individual service metrics

Subset and Envoy Metrics

Look at Envoy under the hood

Service Dependencies

Inspect as-built service dependency graphs

Topology

View cross-cluster traffic

Cluster Inventory

View and manage configuration in every cluster

Configs

View and manage configuration in every cluster

Resource level Policies

Set auth policy for your org and view audit logs

Roles

Configure roles based on your directory service

AuthN and AuthZ

Configure authentication and authorization

Features

Governance and Compliance

Application aware

First-class support for OpenAPI-driven configuration combined with unified, application-level metrics makes it easy for development teams to manage their operating environments.

Governance and Compliance

Centralized management, any environment

A single management plane across heterogeneous environments including Kubernetes, virtual machines, and bare metal servers in the cloud or on premises offers consistent and unified application management for any compute.

Multitenancy

Multi-tenancy

Use TSB’s fine-grained access control and isolation to apportion your shared infrastructure safely across teams. Audit changes to service and shared resources from start to finish.

Open Source Management Platform

Best of open source

Built on the best-in-class open source projects—Istio, Envoy, and Apache SkyWalking—TSB provides a management platform on top of them for a consumable application connectivity platform that integrates with your organization.

Multi-cluster

Multi-cluster

Multi-cluster out of the box to coordinate app connectivity across all of your infrastructure—multi-cluster, multi-cloud, on-premises—from a single point of management.

Lifecycle management

Lifecycle management

Manage centrally and upgrade incrementally with a full inventory of your mesh deployments, versions, and current state. Platform owners can manage the lifecycle of Istio and Envoy consistently and safely across their entire fleet.

Global service inventory

Global service inventory

Gain deep insight into all the services in your system—their dependencies, behavior, health history, and who owns them—with a complete view of your applications wherever they’re running.

Vetted Istio

Enterprise Istio

Powered by a vetted and validated build of upstream Istio with FIPS-compatible options available. Tested by Tetrate on all major Kubernetes environments including EKS, EKS Anywhere, GKE, and AKE.

Schedule a demo

Resources

White Paper
Service Bridge – Bridging Brownfield and Greenfield
Envoy, is a self-service, multi-tenant platform to weave and manage the service mesh across VMs and Kubernetes clusters, on-prem and cloud.

Download ›

Video

Starting out with
Service Mesh
Envoy creator Matt Klein (Lyft) advises organizations starting with service mesh to make changes incrementally, to solve problems one piece at a time.

Watch Now ›

Case Study

Encryption & PCI Compliance with Istio Service Mesh
Service mesh architecture provides a rich set of features for controlling and securing communications among services. Encryption in transit…

Read More ›