Game of Thrones fans know the Iron Bank as a lender to governments, businesses, and individuals across the known world. But Iron Bank is also the repository for digitally signed container images that are accredited for use across the US Department of Defense. Iron Bank software is accessible to anyone who registers on the Iron Bank repository.
Iron Bank software must comply with relevant Federal Information Processing Standards (FIPS). Now, a FIPS-compliant version of Istio, provided and supported by Tetrate, has been accepted by the DoD and added to Iron Bank. This version of Istio is supported by the Tetrate support service, Tetrate Istio Subscription. Istio is now easily available for rapid deployment across the DoD and beyond.
The DoD is the largest organization in the world, by headcount (more than 2 million employees, civilian and military) and by budget (more than $700B per year.) About 100,000 of those 2 million employees are involved in software development and delivery. So the use of service mesh and Istio, along with Zarf (see below) and disconnected systems, by the DoD will have a large impact across the US government and beyond.
Deploy in Weeks, Not Years
Iron Bank plays a crucial role in the Platform One program, led by the US Air Force. Platform One derives from the observation that, as one officer put it, “85% of program offices have the exact same tech baseline.” So with Platform One, and the resources contained in Iron Bank, “On Day 1, you start out with an 85% solution.” Program leaders see “capabilities deployed in a matter of weeks, instead of months or years.”
Istio, the leading open source project for service mesh, is an important part of this tech baseline. The US Government is now required, by an Executive Order issued last year, to “advance toward Zero Trust Architecture” (ZTA). Tetrate has collaborated with the US National Institute of Standards and Technology (NIST) to help create a series of standards for zero trust architecture. Istio is the reference implementation for service mesh, which is the government’s recommended technology for microservices applications.
Tetrate is also working closely with Defense Unicorns to support DoD use of their software and services. Defense Unicorns develops Zarf, a lightweight tool used to support systems that run disconnected or semi-disconnected from the Internet (for instance, when a secure system is targeted by a cyber attack).
Anyone who wants to use this version of Istio can simply download the machine image from Iron Bank or select it when using the Big Bang infrastructure deployment available from Platform One. Support is available from Tetrate. By using this pre-approved version of Istio, developers make it easier for their applications to be approved by the DoD.
Defense Unicorns Working with Tetrate Across the Air Gap
Defense Unicorns and Tetrate work together to allow Istio to run on disconnected and disconnectable systems. This includes mobile systems, such as warships and warplanes, that are usually or always disconnected from the Internet. It also includes highly secure systems, some of which are routinely run disconnected, others of which must be able to run disconnected during a cyberattack.
Defense Unicorns are the creators of Zarf, but the usefulness of Zarf goes beyond defense requirements. Edge systems, embedded systems, and systems that need to be able to run on a local environment can all benefit from Zarf. As awareness of the need for security increases, Zarf is also beginning to be used for secure commercial systems.
Through the Government and Beyond
Istio’s important role in DoD and US government software development will be amplified by the importance of government software development and related procurement:
- As the US Government Executive Order on zero trust architecture from last year gains traction, federal government agencies will move toward service mesh in general and Istio in particular.
- Government suppliers, for everything from software services to jet fighters, will want to – or will be required to – use approved software, including Istio, in building solutions for the government.
- Companies in security-conscious industries, such as health care and financial services, often use government-approved solutions as they set their own standards.
- Other governments and standards-setting institutions around the world look to the US government for leadership on technical issues.
- The DoD, as a demanding user of open source software, makes many improvements to open source projects, especially in the area of security.
Making Withdrawals from Iron Bank
Tetrate is home to founders and key maintainers of Istio and the Envoy proxy software project that Istio depends on. Tetrate has also been highly involved in the development of Platform One, part of the DoD’s move to open source technology and DevSecOps – the integration of software development, operations support for software delivery, and security. You can learn more about Tetrate and Platform One from our blog post.
You can learn more about Platform One, Iron Bank, and related projects on the Platform One website. You can sign up for an account with Iron Bank and download hardened, accredited machine images for use in your own software. And you can learn more about Zarf and disconnected and disconnectable software from Defense Unicorns.
Tetrate provides up-to-date Istio machine images and support through our Tetrate Istio Subscription. Related products include Tetrate Service Bridge, a management plane for Istio. We also offer training and certification. Contact Tetrate to learn more.
###
If you’re new to service mesh, Tetrate has a bunch of free online courses available at Tetrate Academy that will quickly get you up to speed with Istio and Envoy.
Are you using Kubernetes? Tetrate Enterprise Gateway for Envoy (TEG) is the easiest way to get started with Envoy Gateway for production use cases. Get the power of Envoy Proxy in an easy-to-consume package managed by the Kubernetes Gateway API. Learn more ›
Getting started with Istio? If you’re looking for the surest way to get to production with Istio, check out Tetrate Istio Subscription. Tetrate Istio Subscription has everything you need to run Istio and Envoy in highly regulated and mission-critical production environments. It includes Tetrate Istio Distro, a 100% upstream distribution of Istio and Envoy that is FIPS-verified and FedRAMP ready. For teams requiring open source Istio and Envoy without proprietary vendor dependencies, Tetrate offers the ONLY 100% upstream Istio enterprise support offering.
Need global visibility for Istio? TIS+ is a hosted Day 2 operations solution for Istio designed to simplify and enhance the workflows of platform and support teams. Key features include: a global service dashboard, multi-cluster visibility, service topology visualization, and workspace-based access control.
Get a Demo