“My best advice regarding service mesh is this: First, not using a service mesh today would be irresponsible, especially if you’re running containerized workloads. And, second, if reliability is required by your mission, you need to have some level of support. Tetrate is our go-to for Day 2 Istio operations. It’s hard to find people with deep experience running Day 2 operations on cloud-native technologies like service mesh, but Tetrate has it.”
Austen Bryan, Director of Product at Defense Unicorns
Defense Unicorns, a software integrator, specializes in simplifying software delivery for secure systems. With a team boasting decades of experience in delivering technology programs across the U.S. Department of Defense and the broader U.S. federal market, the company leverages both existing open source tools like Zarf, LeapfrogAI and Pepr to create its solutions. A key open source project in their arsenal is Istio’s service mesh, which plays a pivotal role in enabling DevSecOps practices across diverse environments, including cloud-based and high-security, air-gapped setups. Defense Unicorns and its clients frequently rely on AWS infrastructure services, including AWS GovCloud.
Tetrate serves as the backbone, providing Defense Unicorns with enterprise-grade Istio support, ensuring they harness the full operational and security advantages of Istio in managing distributed applications across AWS and on-premises environments. Austen Bryan, Director of Product at Defense Unicorns, underscores the importance of the service mesh in abstracting complexity from application developers while maintaining rigorous security:
“There’s this notion in the defense space that you want to disassociate the people building software capabilities from the people that have to secure those capabilities… We use an open source Istio service mesh to implement that. It is part of our core technology stack that we take to everybody everywhere.”
Challenge: Simplifying Kubernetes Complexity and Meeting Federal Zero Trust Mandates
Today, the defense sector and enterprises primarily build their new applications and capabilities on Kubernetes (K8s). While Kubernetes has become the foundation for modern, cloud-native workloads, navigating its intricacies while complying with rigorous federal zero trust mandates can be challenging. Cloud-native workloads are inherently composed of microservices distributed across numerous containers, making observation, management and security a complex endeavor, especially at scale.
A service mesh offers a holistic solution to streamline Kubernetes complexities and align seamlessly with strict Zero Trust requirements—a mandate for all civilian government agencies (by September 2024) and the Department of Defense (by 2027).
Solution: Defense Unicorns Relies on Tetrate’s Expertise to Guide Clients on Istio Implementation and Day 2 Operations
Austen Bryan, Director of Product at Defense Unicorns further advises, “My best advice regarding service mesh is this: First, not using a service mesh today would be irresponsible, especially if you’re running containerized workloads. And, second, if reliability is required by your mission, you need to have some level of support. Tetrate is our go-to for Day 2 Istio operations. It’s hard to find people with deep experience running Day 2 operations on cloud-native technologies like service mesh, but Tetrate has it.”
Results: Tetrate Saves 100s of Man Hours in the Compliance Process
Defense Unicorns chose Tetrate for Istio support due to its deep expertise in delivering a secure and reliable runtime while expediting compliance efforts. Bryan elaborates, “The organizations we work with have to go through a third-party accreditation process to ensure the security of data… The more secure the data must be, the deeper the audits and compliance checks… Tetrate saves downstream users ~ 100s of man hours in the compliance process, and it’s one of the driving factors for why we want Tetrate to be involved in the projects we do for the Department of Defense, the Centers for Medicare and Medicaid Services, and others in the government arena. Tetrate helps us move faster to compliance and reduces the risk of regulatory fines caused by accidental non-compliance.”
Results: Streamline Application Delivery to Boost Dev Velocity
Bryan highlights the potential to dramatically reduce lead time for delivering applications and capabilities, transitioning from weeks to mere days or minutes with the right automation across all layers. He underscores the need for collaboration between developers and platform teams to establish a centralized workflow for cloud adoption and accelerated delivery. A robust DevOps foundation facilitates developer collaboration and reduces manual intervention. The service mesh plays a pivotal role by taking connectivity and security responsibilities, particularly certificate management, away from developers, placing them in a dedicated infrastructure layer largely invisible to developers. For platform teams, the service mesh offers these capabilities and assurances as a product, empowering development teams as internal customers. With Tetrate, development teams can seamlessly access connectivity, security and resiliency as cloud services, eliminating the need to build these functions from scratch.
Results: A Trusted Partner with Shared Values
Bryan, who joined Defense Unicorns in February 2022 after nearly 12 years of active duty in the Air Force, underscores the importance of value alignment when choosing partners. He states, “Over the years, in choosing who to work with, I have learned to seek value alignment more than anything… Tetrate helps us move faster to compliance and reduces the risk of regulatory fines caused by accidental non-compliance.” Tetrate’s collaboration with NIST, commitment to zero trust, and open-source contributions align with Defense Unicorns’ values, making Tetrate a trusted partner in their mission. Bryan concludes, “We trust Tetrate. They have proved through our relationship that they are going to show up and help.”
###
If you’re new to service mesh and Kubernetes security, Tetrate has a bunch of free online courses available at Tetrate Academy that will quickly get you up to speed with Istio and Envoy. If you’re looking for the surest way to get to production with Istio, check out Tetrate Istio Distribution (TID), Tetrate’s hardened, fully upstream Istio distribution, with FIPS-verified builds and support available. It’s a great way to get started with Istio knowing you have a trusted distribution to begin with, an expert team supporting you, and also have the option to get to FIPS compliance quickly if you need to.