Cilium networking in Istio with Gloo Mesh Get started now

Exit Icon

Why choose Solo.io for FIPS-ready service meshes and API gateways

Solo.io’s Gloo Mesh and Gloo Edge deliver secure service meshes and API gateways by enhancing open source Istio and Envoy Proxy. By default, basic open source distributions of Istio and Envoy don’t go far enough to meet FIPS requirements. Encryption alone isn’t enough, and if you use pure open source you inherit the burden of developing and maintaining missing security features forever.

We provide enterprise distributions of Istio through our Gloo Mesh product. This comes with enterprise SLAs, long-term support (LTS for 1 year of an Istio release), and expert guidance and architecture reviews. Some of our customers require a hardened FIPS 140-2 compliant version of Istio service mesh to run in their environments. At Solo.io, we provide FIPS 140-2 compliant builds of both Istio’s control plane and data plane (Envoy Proxy). We take security very seriously here at Solo.io and that shows in the way we build our products. While others take shortcuts and/or don’t fully understand security implications of their choices, our ethos at Solo.io is security first.

Get a FIPS-ready build of Istio

The quickest way to get started with FIPS Istio is to use one of our supported builds. Both the control plane AND the data plane are validated as FIPS compliant.

Comprehensively secure all connections

Establish a zero-trust environment where every inbound connection is validated before being allowed. Integrate with your existing external authentication and authorization servers. Use mTLS encryption to protect data-in-motion on all connections.

istioctl install
—set hub gcr.io/istio-enterprise
—set tag 1.7.5-fips2-distroless

Limit access to resources

Use granular role-based access controls and delegation to limit which clients and administrators have permissions to applications, resources, and management tools.

Dive deep into FIPS security for Istio

Learn about our FIPS 140-2 compliant version of Istio service mesh with enterprise SLAs, long-term support, and expert guidance

Application networking is a team sport

While not strictly a security feature, one important consideration is the availability of enterprise support and defined service-level agreements (SLAs) for response. Community support for open source software itself doesn’t meet the requirements for production deployments, so you need a vendor on standby to help you out. Inevitably there will be issues and when a CVE (common vulnerabilities and exposures) incident is discovered, it is reassuring to know that someone can quickly patch your code and even backport the fix to older versions if you haven’t kept up with the rapid pace of new releases.

Solo.io Joins the GraphQL Foundation
Read More
Blog
The Elephant (Payload) in the Room, Part 2: Handling Super-Sized Requests with Gloo API Gateway
Read More
Blog
Porting eBPF Applications to BumbleBee
Read More
Blog
The Elephant (Payload) in the Room: Handling Super-Sized Requests with Gloo Edge
Read More
Blog
Enabling Cilium in the Gloo Application Networking Platform
Read More
Blog
An IstioCon Recap
Read More
Blog
Get started with Gloo API Infrastructure
REQUEST A DEMO
Need help with design, security, or operations
TALK TO AN EXPERT
Production support for your Istio service mesh
REQUEST SUPPORT