No items found.
No items found.

Introducing Istio Ambient Mesh

September 7, 2022
Idit Levine

Today, Solo.io and Google will contribute a significant new architecture to the Istio project, called Istio Ambient Mesh. This contribution will not only provide exciting new capabilities for our Istio, Gloo Mesh and Gloo Platform customers, but it will continue to establish Solo.io as the leading innovator in the service mesh market.

New Choices for the Istio Community

Istio Ambient Mesh
Istio

This contribution is the culmination of nearly a year of engineering effort that began within Solo.io, and merged together with Google engineering as we discovered that we were both working towards similar goals for Istio. The Solo.io team played a significant role in all aspects of the project, with a specific focus on areas of architectural flexibility, security, and performance testing. Now that the code is available to the Istio community, we’re excited to see how this new architectural option for the Istio data plane evolves.

Istio Ambient Mesh

Solo.io will be the first company in the industry to support Istio Ambient Mesh in our commercial product, with early-access beginning with the launch of Gloo Mesh 2.1 next week.

What is Istio Ambient Mesh?

Expanding the flexibility of Istio

Istio Ambient Mesh builds on 5+ years of experience in the Istio community, with thousands of production deployments and contributions from nearly 1,000 engineers. It also builds on the proven security model of Istio.

Istio Ambient Mesh is the new Istio dataplane architectural alternative that does not rely on sidecars by default. Istio Ambient Mesh allows customers to have choices around the vectors of cost, operational transparency, and performance.

Istio Ambient Mesh enables Istio to deliver value to our Gloo Mesh customers in the following areas:

  • All Istio technology is open source and backed by more than five years of ongoing development, stabilization, and innovation – trusted, future-proofed, and supported for N-4 releases by Solo.io
  • Operational transparency choices for Proxy technologies – data plane runs outside applications for simple application onboarding, upgrading, and CVE patching
  • Cost optimization choices for Proxy technology – customers can more finely align the cost of operational and compute resources for “right size” usage
Istio Ambient Mesh
  • Flexible choice of sidecar (standard Istio architecture) or sidecar-less (Istio Ambient Mesh architecture, which can be mixed or matched to be aligned to customer’s application needs – customers can match the best setting to their application needs
Istio Ambient Mesh
  • Performance optimization choices for how Layer 4 or Layer 7 services are deployed – customers will get great performance in all configurations
  • Separation of application code from data plane gives a better security posture
Istio Ambient Mesh

Customer Choice, without Security Compromises

Istio has always had Zero-Trust Security built in and enabled by default. By enabling cryptographically-generated identity, Zero-Trust Security is never compromised with either sidecar or sidecar-less architectures. Security is never a tradeoff that customers need to worry about. What we’ve learned over time is that service mesh deployments involve multiple groups (CloudOps, DevOps, SRE).

Istio zero trust security

Istio is the Future of Service Mesh

At Solo.io, we’ve always believed in the future of Istio. It’s why we dedicate so many engineering resources to both project contributions and project leadership roles. We’ve been involved since the earliest days of Istio. But just as important to us is having a strong set of customers that give us feedback about how they use Istio and how to continue making the project better. This feedback was a driving force in why we started working on Istio Ambient Mesh. We want to give our customers choices, and we want to make it better for the entire community.

Now, more so than ever, we are convinced that Istio is the future of service mesh.

Learn More About Istio Ambient Mesh

Check out these resources to learn more:

Cloud connectivity done right