We are excited to announce General Availability (GA) of the Tetrate Service Bridge. Tetrate is on a mission to take the complexity of application networking and make it simple for application developers and operators. And today marks an important milestone on our path.
There was an idea
Tetrate was started with an idea that application networking should be compute agnostic. We believe that this is the key to agility and speed in building and delivering applications in any organization. This is increasingly relevant with today’s applications, which run on heterogeneous compute environments (e.g. Kubernetes and Virtual Machines) across multiple clouds and on-premise infrastructure. Unmanaged, this sprawl can lead to unbearable operational cost and complexity. Enterprises need a consistent way to configure, secure, and observe their applications and to keep their systems resilient to meet SLOs.
Tetrate Service Bridge
Using best-in-class open source projects: Istio, Envoy Proxy, and Apache SkyWalking, which Tetrands actively contribute to and maintain, we started building prototypes to solve the challenges of application networking. We worked closely with Fortune 500 companies and the support of their amazing teams to validate our idea and product. They have been and continue to be instrumental in us building our product to solve real use cases in this continually evolving landscape. We built a platform to help organizations manage their application networking in heterogeneous computes across multi-cloud, and multi-cluster environments. This platform meets organizations exactly where they are so that they can modernize and/or migrate safely and incrementally, at their own pace.
We named this platform Tetrate Service Bridge (TSB). A bridge provides a way to connect and that is what we enable. TSB is a bridge
- to modernize enterprise applications.
- to connect any service from anywhere.
- to bring different teams together to manage and operate application services.
Edge-to-workload networking
At its core, Tetrate Service Bridge provides a single management plane to configure connectivity, security, and reliability across the three layers that form your application network:
- The Application Edge Gateway that acts as an entry point for incoming traffic and then distributes the traffic across multiple clusters.
- The Application Ingress Gateway that acts as an entry point for traffic entering a single cluster and distributes the traffic to one or more workloads running in that cluster. This also includes API gateway capabilities such as authentication, authorization, rate limiting, and many more.
- Service Mesh Sidecars that act as a proxy to allow connectivity between workloads, control service access and collect metrics and traces to provide full observability.
Tetrate Service Bridge sits at the application edge, at cluster ingress, and within your clusters to route and load balance north-south traffic across Kubernetes clusters and traditional compute as well as connect east-west workloads within a cluster.
A platform for multiple teams
In any organization, multiple teams come together to build and deliver applications, specifically: application, platform, and security teams. Each of these teams comes with different sets of concerns and expectations.
- Platform teams want to provision a multi-cluster service mesh in their infrastructure and maintain it.
- Application development teams want to configure, observe and troubleshoot their Applications and APIs.
- Security teams want to consistently apply security policies and workflows for user and service access.
We’ve built Tetrate Service Bridge to align with the requirements of these teams to accelerate organization success.
Provisioning and maintaining a multi-cluster service mesh
Multi-cluster, multi-cloud, hybrid cloud
With Tetrate Service Bridge, you can connect and manage applications across clusters, clouds, and data centers. Tetrate Service Bridge supports any of the upstream conformant distributions of Kubernetes from major cloud vendors. This includes, but is not limited to Google Kubernetes Engine (GKE), Amazon Elastic Kubernetes Service (EKS), Azure Kubernetes Service (AKS), Openshift, and Mirantis Kubernetes Engine (MKE). Tetrate Service Bridge also supports onboarding Virtual Machine (VM) and bare-metal workloads to the mesh.
Cluster Lifecycle Management
Tetrate Service Bridge provides visibility of Istio and Envoy running across all of your clusters, including info like the versions deployed, configuration state across each cluster, and more. Further, you can use Tetrate Service Bridge to manage that full inventory of mesh deployments and upgrade them incrementally, with confidence, and without fear of downtime.
Configuring and observing applications and APIs
Consistent and safe experience
Tetrate Service Bridge’s management plane provides a consistent experience for platform owners and app developers to control the connectivity, security, and observability of any applications in any environment.
Tetrate Service Bridge also provides a safer configuration model that allows application teams to author and validate Istio configurations, ensuring correctness by construction. Service-level isolation and organizational controls guarantee that only the correct mesh configuration reaches your application at runtime.
Single pane observability
Tetrate Service Bridge collects, stores, and aggregates metrics, traces, and proxies logs from multiple clusters and environments and provides a single interface to see the topology of your services and their dependency relationships to understand application health at a glance.
Extend mesh functions
Tetrate Service Bridge provides an extensibility point for authentication and authorization, observability, or manipulation of request attributes through WASM Extension. This allows the application team to add functions that can be tailored to organization-specific needs.
Securing the mesh
Multitenancy
With Tetrate Service Bridge, you can create tenants for your teams and workspaces within your business to define fine-grained access control, editing rights, and maintain zero trust as a standard. Tetrate Service Bridge conforms with NIST standards for microservice security (SP800-204a and -204b, co-authored with NIST by Tetrate engineers) and implementation of Next Generation Access Control.
Security policy
Tetrate Service Bridge allows you to apply security policy consistently in the mesh so application developers don’t have to. Tetrate Service Bridge has out-of-the-box conformance with NIST standards for microservices security and enables zero trust.
What’s next
To learn more about Tetrate Service Bridge visit our page and register for the upcoming webinar, Intro to TSB: Connecting and Securing your Apps wherever they Run. Contact us to get a TSB demonstration and see how TSB can help you manage the complexity of application networking. The path to modernization isn’t simple but we’re ready to lay down the bridge and support you every step of the way.