Learn the 10 things you should know before starting with Istio

Gloo Mesh Notext

Gloo Mesh Comparison Matrix

Compare Gloo Mesh editions and basic open source Istio.

Feature Comparisons

SECUREGloo Mesh EnterpriseGloo Mesh Open SourceBasic Open Source Istio
TLS/mTLS encryption
Provides end-to-end encryption to protect data in motion between end points
Multi-tenancy and isolation
Lets service meshes share resources securely
Federated trust domains
Safely authenticate users and applications across environments
Federated role-based access control and delegation
Grants permissions to users appropriate to their responsibility and applies them consistently everywhere
Safe handling of signing cert and Root rotation
Manage and execute SSL certificates from a centralized platform
Multi-cluster observability metrics/graph
Provides complete observability and auditability of all activity across the system
FIPS (140-2) compliant
Validated to meet strict security standards
Secure configuration model for cluster relay
Safely shares configurations across the system
Secrets integration (with Kubernetes & HashiCorp Vault)
Manages sensitive credentials like passwords, tokens, and keys
OIDC/Oauth 2.0 flows Manages authentication of users and applications
Manages authentication of users and applications
Built-in web application firewall (WAF)
Open source ModSecurity screens traffic for threats and stops attacks
Data loss prevention (DLP)
Monitors for data breaches or exfiltration to prevent data loss and data leaks
External Authentication
Integrates with API keys, JSON web tokens (JWT), lightweight directory access protocol (LDAP), OAuth, OpenID Connect (OIDC), and custom services
Open Policy Agent (OPA) for authorization
Defines service API policies as code
Vulnerability scanning and publications
Finds, addresses, and alerts on weaknesses in the system
ReliableGloo Mesh EnterpriseGloo Mesh Open SourceBasic Open Source Istio
Multi-cluster dynamic routing
Steers connections on-the-fly to available resources across clusters as needed
Retries, circuit breaker, timeouts
Handle exceptions and issues in connections gracefully
Priority failover routing
Defines in which order alternate resources should receive re-directed traffic in the event of a service outage
No-interruption updates
Rolls out new configurations and policies without requiring restarts or pausing operations
Published SLAs
Provide assurance that issues are responded to in a timely manner
Dynamic scaling to thousands of nodes
Robustly manages regular and unexpected variations and spikes in workloads
Simplified Global-Service Naming
Use consistent naming across all clusters
Health checks
Confirm that the system is operating as expected
Advanced rate limiting
Define custom policies to handle more complex situations
Configuration validation
Makes sure that the system is deployed and defined correctly
UnifiedGloo Mesh EnterpriseGloo Mesh Open SourceBasic Open Source Istio
Distributed tracing (integration with Jaeger)
Facilitates root cause analysis of issues across the system
Multi-cluster security policies
Implement consistently across all environments to avoid exposure or risk of errors
Multi-version compatibility
Enables running different versions of Istio together so you can upgrade at will
Multi-mesh support
Gives you the ability to operate and manage heterogeneous multiple service meshes together
Multi-cluster observability (including Prometheus and Grafana)
Collects system metrics for observability to monitor and troubleshoot, and auditing for investigation Displays system metrics in user-friendly graphs and enables building custom dashboards
Cross-origin resource sharing (CORS)
Set policies for and pre-verifies which origins are allowed to connect to specified resources
Global service discovery
Finds and defines upstream resources (applications/microservices) that can be targets for connections
Admin dashboard GUI with multi-cluster views
Gives centralized observability and control of the whole system
Gloo Developer Portal (API mgmt)
Enables publishing, sharing, GitOps calling, and monetization of defined APIs
Workspace for multi-tenancy
Users can work within their own workspace domain