Announcing Tetrate Agent Operations Director for GenAI Runtime Visibility and Governance

Learn more
< Back

Tetrate Service Express technical preview now available in Amazon EKS

Tetrate Service Express technical preview now available. You can sign-up now to get access to the technical preview. You will get early access to upda

Tetrate%20Service%20Express%20technical%20preview%20now%20available%20in%20Amazon%20EKS

Tetrate Service Express technical preview now available.

You can sign-up now to get access to the technical preview. You will get early access to updates, documentation, and collaboration with our product team to provide feedback.

We are excited to announce Tetrate Service Express, a service connectivity, security and resilience automation solution for Amazon EKS. We built Tetrate Service Express on open source service mesh components such as Istio and Envoy and optimized it for easy installation, configuration and operation on AWS. If your team is experimenting with service mesh on AWS and you need to quickly prove the ROI without mastering complex Istio and AWS primitives, then try Tetrate Service Express. If your team already has a service mesh on a single cluster, but want to extend your mesh to multiple clusters or even regions, Tetrate Service Express can help also.

For the impatient, watch a quick 3-minute demo below, and get on the waitlist for your evaluation copy today. 

If you want to get a deeper overview of Tetrate Service Express’s new features, read on.

Why Tetrate Service Express

If your organization wants to create a better customer experience, improve operational efficiency, or protect intellectual property, chances are it must build and run software—higher quality, faster releases, better uptime. And most likely, app dev teams, operations teams and platform teams are pursuing these objectives with the aid of two innovative trends: the flexibility of cloud infrastructure and microservices.

Many teams are opting for the convenience of Amazon EKS as they build microservices in the cloud. However, as they scale EKS workloads they find themselves asking questions such as:

  • How do I secure microservice components distributed across AWS?
  • How do I maintain reliability when individual components fail during updates or under load?
  • How do I manage traffic to, from, and between services when everything is dynamic and manual configuration no longer works?

Increasingly, a Platform Operations team will create a dedicated infrastructure layer on top of microservices—a service mesh—that provides service discovery, security, authentication, and observability across the microservice components. Istio and Envoy are open source standards for the service mesh control and data plane, but Istio and Envoy are only partial solutions because they add new operational complexities for teams running Amazon EKS.

Service mesh challenges on Amazon EKS

Tetrate Service Express provides service mesh automation for the Platform team on top of Istio and Envoy. It handles the installation and configuration of open source components on Amazon EKS, integrates with AWS services and provides a management console for platform operators to configure the service mesh for security, resilience, and observability faster.

Tetrate Service Express provides a consistent, automatable way to connect, secure and observe services within and across Amazon EKS

Fast installation on Amazon EKS and integration with AWS services

Getting Istio up and running on EKS might be becoming easier (for example with the Tetrate Istio Distro EKS add-on), but a lot more needs to be done before you can operate a functional service mesh:

  • How do I ensure all service mesh components are installed and configured correctly?
  • How do I define the network infrastructure around Istio and Envoy to enable secure, cross-cluster connectivity and availability?
  • How do I observe and troubleshoot services on the mesh to assist in scaling and optimization?

TSE can be installed easily with helm charts on EKS, and integrates easily with Route 53 and NLB (or other AWS load balancer types) so that you can quickly:

  • Position edge and ingress gateways for your services to manage and secure the entry points, ingress, and egress traffic.
  • Deliver APIs from your applications with authentication, rate limiting, HA and security built-in.
  • Obtain MELT (Metrics, Events, Logs, Traces) for your services and apps.
Getting started with Tetrate Service Express and sample configuration

One-step encryption between services with mTLS

One of the first use cases of a service mesh is to enable inter-service encryption with mTLS, but things get complicated quickly once you expand beyond a single cluster:

  • How can I establish and manage a single root-of-trust across clusters?
  • How do I enforce mTLS everywhere, to support a zero-trust posture?
  • How can I rotate my certificates regularly, and respond in the event of a leaked or compromised cert?

Tetrate Service Express makes it easy to encrypt services and apply a zero-trust posture by providing:

  • A built-in, easy-to-use certificate authority that rotates and manages certificates across all of your clusters.
  • The ability to define, at an administrative level, the need for mTLS for all services.
  • The ability to create fine-grained access policies, beginning with a Deny-All posture by default.
Set up mTLS by default

Easy failover set up between clusters and regions

As you define your application infrastructure, one of the more complicated things to set up is internal HA of your services, especially across regions. Some of the complication you might encounter include:

  • How do I configure Route53, Amazon Load Balancing and other load balancing services to achieve reliable HA across different clusters?
  • How do I set up cross-cluster communications and internal high-availability without hairpinning?
  • How do I automate network configuration changes when a service fails?

Tetrate Service Express makes achieving service HA easy by providing:

  • Automatic configuration of ingress, Amazon load balancing and Route 53 for service publishing.
  • Automatic configuration of internal and east / west gateways for internal high availability.
  • Dynamic reconfiguration of networking rules to fail traffic over across and between clusters with minimal interruption in service.
Configuring cross-region failover

What’s next

Now in Technical Preview, sign-up now to access the evaluation software, access to a new docs portal, and a slack community channel.

Product background Product background for tablets
New to service mesh?

Get up to speed with free online courses at Tetrate Academy and quickly learn Istio and Envoy.

Learn more
Using Kubernetes?

Tetrate Enterprise Gateway for Envoy (TEG) is the easiest way to get started with Envoy Gateway for production use cases. Get the power of Envoy Proxy in an easy-to-consume package managed via the Kubernetes Gateway API.

Learn more
Getting started with Istio?

Tetrate Istio Subscription (TIS) is the most reliable path to production, providing a complete solution for running Istio and Envoy securely in mission-critical environments. It includes:

  • Tetrate Istio Distro – A 100% upstream distribution of Istio and Envoy.
  • Compliance-ready – FIPS-verified and FedRAMP-ready for high-security needs.
  • Enterprise-grade support – The ONLY enterprise support for 100% upstream Istio, ensuring no vendor lock-in.
  • Learn more
    Need global visibility for Istio?

    TIS+ is a hosted Day 2 operations solution for Istio designed to streamline workflows for platform and support teams. It offers:

  • A global service dashboard
  • Multi-cluster visibility
  • Service topology visualization
  • Workspace-based access control
  • Learn more
    Decorative CTA background pattern background background
    Tetrate logo in the CTA section Tetrate logo in the CTA section for mobile

    Ready to enhance your
    network

    with more
    intelligence?