Gloo Mesh

With an application built from multiple services that are deployed independently, it is important that there is internal communication between each of the services. This traffic needs to be secured and available for internal use only. As applications scale, the complexity of managing and securing this internal, or “east-west”, traffic can be reduced by introducing a service mesh. When a service mesh is put into production, it becomes easier to manage a zero trust security model between the services and containers in an application.

Built from the leading service mesh, Gloo Mesh delivers Istio service mesh functionality and management for Kubernetes clusters, microservices and virtual machines. With support for sidecar-less and sidecar-based Istio deployments in parallel, Gloo Mesh brings simplicity together with the best of Istio security without compromise.

The Gloo Mesh path begins with ambient mesh and the efficiency of a secure tunnel model that reduces overhead and costs of implementing a service mesh in a sidecar-less fashion. If additional control of ports and protocols is required, Gloo Mesh can also support sidecar implementations of the Istio service mesh.

For platform engineers, Gloo Mesh means internal application traffic is:

• available (routing, high availability)
• secure (automatic mTLS)
• observable (out-of-the box or integrated with your existing tools)

With support for multi-tenancy, lifecycle management and integration with the API gateway, Gloo Mesh provides a holistic approach for maintaining traffic integrity to address business compliance.

Istio is the leading service mesh available today. The open source project is being graduated by the CNCF and is supported by the leading Kubernetes solution vendors (Solo, Google, Microsoft, Red Hat, and others). Istio has also been evolving to include multiple modes of deployment: with or without sidecars.

By introducing ambient mesh, Istio implementations are easier to deploy and manage for most use cases. For advanced use cases, the sidecar deployment model of Istio is still available to allow for a more in depth way to fine tune the set of ports and protocols that the proxy will accept for each pod. Solving the challenges of multi-cluster routing/failover, multi-tenancy and enhanced security can be addressed using the capabilities built into Istio.

For use cases that require an extra level of protection, using sidecars makes it easier to access or change security features without changing the rest of the application.

• strictest separation between services for security
• define ports and protocols allowed for incoming traffic
• restricting the set of services when forwarding outbound traffic

With or without sidecars, Gloo Mesh makes Istio easier to deploy and manage regardless of where you are in your service mesh journey.

When you build your solution with Gloo Mesh, you’re enjoying benefits that extend far past simply downloading the upstream Istio code. Our customers see these benefits in what they get from support and the Solo innovations on top of what the Istio community offers.

One of the largest benefits customers get from Gloo Mesh is in the lifecycle support. Instead of being an anonymous participant of the upstream community, Gloo Mesh users are engaging with the leaders of the community. Gloo Mesh customers get even more:

• 24/7 customer support
• N-4 Istio version support
• Insights of the future of Istio

You also have the benefit of Solo innovations that are ahead of where the community is today.

• FIPS certified release that has been verified by a third-party laboratory
• Ambient Mesh supported in production well ahead of community readiness
• Extending the CNI functions to improve security with Gloo Network integrations

Gloo Mesh and Gloo Network can combine to deploy even deeper security for your Kubernetes implementation. With Gloo Network, you can harness the power of Cilium in the Gloo ecosystem. Combine the application security of Istio and Gloo Mesh with the layer 4 and layer 3 network security of eBPF and build out the security profile of your containerized applications.

• Control traffic with policies
• Enhanced performance
• Central Gloo management

Gloo Mesh is frequently deployed for the following use-cases:

• Managing 3rd-party Istio service mesh deployments with long-term support
• Replace homegrown or open source service mesh with Enterprise Istio Service Mesh
• Integrated security and advanced routing for Kubernetes clusters
• Advanced multi-cluster routing for Kubernetes clusters
• Integrated zero trust aecurity
• Support for FIPS-certified distribution
• Integrated observability
• Application modernization
• Replacing Red Hat OpenShift’s integrated service mesh
• Replacing AWS, Azure or GCP native service mesh

At the core of Solo.io’s product offerings is Gloo Platform, which integrates API gateway, service mesh and networking technologies into a unified application networking platform. Gloo Gateway enables customers to significantly reduce their API gateway footprint (vs. legacy API gateways), as well as improve overall scalability and reduce application latency.