Istio has had years to mature into a robust solution for enterprise environments, but also continues to develop many new innovations with releases on a quarterly cadence. Enterprise Istio service mesh management enhances basic open source Istio with long-term production support, multi-cluster capabilities, advanced/federated security with FIPS-ready builds, software lifecycle management, and everything else you need for successful Day 2 operations.
Why you need Istio management
You can implement and manage Istio yourself, but you should think about what Istio is going to need in terms of investment. Open source Istio will require a lot of administrative effort to self-support and adapt to enterprise requirements, or you can choose a more comprehensive Istio management product which comes with enterprise production support. If you want to make it easier for your API producing and consuming developers, an Istio-native developer portal enables GitOps and CI/CD methodologies.
From a business standpoint, adopting an enterprise solution for Istio service mesh management means you will have reduced risk, increased security, and easier management of the connectivity between Kubernetes-based and legacy applications. Istio management even helps with application modernization and “migration to cloud” initiatives by smoothing the adoption process and providing ongoing updates and support.
Why choose Solo.io for service mesh management
Solo.io’s Gloo Mesh delivers robust service mesh management capabilities by enhancing open source Istio. By default, basic open source distributions of Istio don’t go far enough to deliver features needed for comprehensive application networking. Traffic routing alone isn’t enough, and if you use pure open source you inherit the burden of developing and maintaining missing enterprise features forever. Solo.io adds comprehensive functionality to your service mesh, reducing complexity while increasing security, reliability, and observability for consistent applications and microservices connectivity.
adminSubjects: - kind: User name: kubernetes-admin createAdminRole: true
Tame the Istio lifecycle
Istio has new releases every quarter, making it hard to keep current. Enjoy automated installation, no-interruption upgrades, inventory, and health checks, and get N-4 version long term support and patching so you can upgrade on your schedule.
Manage application connectivity for microservices
For traffic between microservices and traditional applications, you’ll need routing, circuit breaking, rate limiting, load balancing, and locality-aware failover to maintain reliable connections to your resources. Extend capabilities with WebAssembly (Wasm.)
apiVersion: networking.mesh.gloo.solo.io/v1 kind: TrafficPolicy metadata: namespace: gloo-mesh name: petstore spec: destinationSelector: - kubeServiceRefs: services: - clusterName: cluster-1 name: petstore namespace: default policy: requestTimeout: 100ms retries: attempts: 5 perTryTimeout: 5ms
Zero trust security for all connections
Establish comprehensive security controls where every connection is validated before being allowed. Integrate with your existing external authentication and authorization servers. Use mTLS encryption to protect data-in-motion on all connections.
Federate configurations across multiple clusters with policies as code
Manage application networking with common policies implemented consistently everywhere, from one cluster to thousands. Developers and operators can use declarative CRDs, usually as part of a DevOps or GitOps process, to manage traffic, implement security policy, and configure observability.
Limit access to resources in multi-tenant environments
Use granular role-based access controls and delegation to limit which clients and administrators have permissions to applications, resources, and management tools in custom-defined workspaces.
Create a developer portal to catalog APIs
Fully integrated with Gloo Mesh, Gloo Portal abstracts the complexity and enables developers to publish, document, share, discover, and use APIs with rich controls and comprehensive security information.
Application networking is a team sport
While not strictly a security feature of a service mesh, one important consideration is the availability of enterprise support and defined service-level agreements (SLAs) for response. Community support for open source software itself doesn’t meet the requirements for production deployments, so you need a vendor on standby to help you out. Inevitably there will be issues and when a CVE (common vulnerabilities and exposures) incident is discovered, it is reassuring to know that someone can quickly patch your code and even backport the fix to older versions if you haven’t kept up with the rapid pace of new releases.