Traditional network security relies on a strong defensive perimeter around a trusted internal network to keep bad actors out and sensitive data in. In an increasingly complex networking environment, maintaining a robust perimeter is increasingly difficult.
Implementing Zero Trust for Applications with the Tanzu Application Platform and Tetrate Service Bridge (TSB)
More and more organizations today use microservices and distributed architectures to achieve agility and scale; the most recent CNCF survey, for example, finds that more than 50% of organizations are using Kubernetes in production. At the same time, we’re seeing a growing number (including most of our customers), adopting a multi-cloud strategy – due to changing business needs. Enterprises now require the ability to allow different parts of the organization to use best-in-class functionality for their use cases, or an acquisition driven business model. They deploy their applications into the public cloud (Google, Amazon, Azure, etc.) as well as on-premises, including both Kubernetes and virtual machine-based workloads.
Centralized governance, local enforcement for your application traffic
We are pleased to announce the general availability of the Golden Gate release of our flagship product, Tetrate Service Bridge (TSB). TSB Golden Gate adds capabilities that enable application developers to define traffic and security controls for all their applications and APIs. Importantly, it adds Web Application Firewall (WAF) and API gateway capabilities to the Envoy data plane and lets application developers and platform owners collaborate on the same platform to configure them properly for their applications, while enabling an end-to-end zero trust implementation. There is an entirely new developer experience for configuring applications and troubleshooting configurations for both personae.
What is High Availability in microservices
High availability systems are designed to provide continuous and uninterrupted service to the end customer by using redundant software performing similar functions. In highly available microservices, all the hosts must point to the same storage. So, in case of failure of one host, the workload in one host can failover to another host without downtime. The redundant software can be installed in another virtual machine (VM), or Kubernetes clusters in multicloud or hybrid cloud.
Tetrate and NIST are hosting their third annual ZTA conference, ZTA and DevSecOps for Cloud Native Applications (virtual), on Wednesday, Jan. 26th (training) and Thursday, Jan. 27th (sessions). The conference provides the most valuable opportunity this year for organizations to gather a practical understanding of how to secure critical infrastructure. You will learn how to put together a ZTA stack for end-user traffic from the ground up.
With the severity of data breaches escalating, including damage to critical US infrastructure, executive orders have been issued, calling for federal agencies to adopt Zero Trust Architecture (ZTA). The DevSecOps approach is seen as essential to achieving high operational assurance for microservices-based applications. But many organizations face challenges in implementation. NIST and Tetrate are presenting the third annual edition of this conference to dive deeply into this new architectural model, which yields enhanced security and other benefits. Their work to date has already yielded ZTA standards for cloud-native applications.
As the service mesh architecture concept gains traction and the scenarios for its applications emerge, there is no shortage of discussions about it in the community. I have worked on service mesh with the community for 4 years now, and will summarize the development of service mesh in 2021 from this perspective. Since Istio is the most popular service mesh, this article will focus on the technical and ecological aspects of Istio.
Today, every major organization is going through a massive digital transformation, adopting cloud, mobile, microservices, and container technologies to deliver services efficiently, meet critical business demands, and catch up with market expectations. Organizations’ Platform and DevOps teams have to model distributed and multi-cloud applications and services accessible from anywhere and anytime to be agile. This has given rise to two significant trends within the organizations:
- As a growing number of organizations adopt multi-cloud, they deploy their applications into the public cloud (Google, Amazon, Azure, etc.), which means that the data is out of their perceived safety of on-prem data centers.
- Organizations use microservices and distributed architecture to achieve agility and scale.
As we shift into 2022, we’d like to share some of the highlights and milestones Tetrate has reached in 2021 with your support. Since its founding in March 2018, Tetrate has been growing its capacity to fulfill what it set out to do– to reimagine application networking. This, our fourth year, was bookended by our Series B fundraising round led by Sapphire Ventures and our recent designation as a Gartner Cool Vendor for Cloud Computing. Here’s a snapshot of top company milestones we accomplished together in 2021:
It’s been more than four years since Istio launched in May 2017, and while the project has had a strong following on GitHub and 10+ releases, its growing open-source ecosystem is still in its infancy.
You can use Istio to do multi-cluster management, API Gateway, and manage applications on Kubernetes or virtual machines. In my last blog, I talked about how service mesh is an integral part of cloud native applications. However, building infrastructure can be a big deal. There is no shortage of debate in the community about the practicability of service mesh and Istio– here’s a list of common questions and concerns, and how to address them.
- Is anyone using Istio in production?
- What is the impact on application performance due to the many resources consumed by injecting sidecar into the pod?
- Istio supports a limited number of protocols; is it scalable?
- Will Istio be manageable? – Or is it too complex, old services too costly to migrate, and the learning curve too steep?
I will answer each of these questions below.