Tetrate today generally made available a curated instance of the open source Istio service mesh that IT teams can deploy and manage themselves.
David Wang, head of product at Tetrate, said the company, via a Tetrate Istio Subscription (TIS), will provide those IT teams with support, including any patches needed to address remediations, for six months beyond the current eight months the Istio community provides. That extended support will better enable IT teams if they choose to upgrade Istio at a slower pace, he noted.
TIS is based on Tetrate Istio Distro (TID), an open source project from Tetrate that provides vetted builds of Istio that have been tested against all major cloud platforms. Tetrate already provides an instance of Istio it manages on behalf of organizations. TIS will also be configured to enable IT teams to meet Federal Risk and Authorization Management Program (FedRAMP) requirements and is fully compliant with the 207A specification for zero-trust IT architecture defined by the National Institute of Standards and Technology (NIST).
Most organizations initially adopt a service mesh such as Istio to manage application programming interfaces (APIs) that integrate microservices running across multiple Kubernetes clusters. Most organizations, however, also have legacy monolithic applications that will not be replaced anytime soon. That need to manage services across multiple classes of applications creates a need to extend Istio to centralize the management of APIs that Tetrate enables.
It’s still early days as far as the adoption of service mesh platforms in production environments is concerned, but management of networking and security services is on the cusp of major change. Instead of waiting for networking and security operations teams to provision services, each development team will be able to self-service their own requirements within a set of guidelines defined by a central IT organization or dedicated platform engineering team. That approach also promises to make it much simpler to integrate the provisioning of networking and cybersecurity services within DevOps workflows at the level of scale that is increasingly required as more applications are deployed.
There are, of course, no shortage of options when it comes to service mesh platforms, and it will undoubtedly take time for the culture within IT organizations to evolve so that provisioning of networking and cybersecurity services is integrated into those workflows. Each organization will need to decide the degree to which they want to manage Istio, which can be just as complicated an endeavor as the underlying Kubernetes cluster it runs on.
Most organizations that deploy cloud-native applications at any scale will, at some point, need a service mesh. APIs are rapidly multiplying beyond what can be managed using proxy software or an API gateway. The only issue left to be determined is how pressing an issue API management is becoming in an era where every cloud-native application deployed is made up of microservices—each of which expose an API that need to be tracked, secured, managed and regularly updated.