
Gloo Mesh
Today's Kubernetes environments need help in scaling, securing and observing modern cloud-native applications. Gloo Mesh, based on the industry's leading Istio service mesh, simplifies multi-cloud and multi-cluster management of service mesh for containers and virtual machines. Gloo Mesh helps platform engineering teams to reduce costs, reduce risks, and improve application agility. Gloo Mesh is a modular component of Gloo Platform.
Simplify Kubernetes Security
Secure
Secure traffic to your application with automatic mTLS and make your applications more resilient and safe
Scale
Use GitOps to consistently automate and centrally manage across multi-cloud and multi-cluster environments
Simplify

Platform Engineers can easily add security and observability of service-to-service traffic across distributed applications
Application Identity, Network Security and Business Compliance
With an application built from multiple services that are deployed independently, it is important that there is internal communication between each of the services. This traffic needs to be secured and available for internal use only. As applications scale, the complexity of managing and securing this internal, or “east-west”, traffic can be reduced by introducing a service mesh. When a service mesh is put into production, it becomes easier to manage a zero trust security model between the services and containers in an application.

Deliver Results With Your Infrastructure

The service mesh allows for application-aware network tasks to be managed independently from the application, adding observability, security, and reliability to distributed applications.
By introducing the service mesh to your applications, you can:
- Simplify the application layer
- Provide more insights into your traffic
- Increase the security of your application
Introducing Gloo Mesh
Built from the leading service mesh, Gloo Mesh delivers Istio service mesh functionality and management for Kubernetes clusters, microservices and virtual machines. With support for sidecar-less and sidecar-based Istio deployments in parallel, Gloo Mesh brings simplicity together with the best of Istio security without compromise.
The Gloo Mesh path begins with ambient mesh and the efficiency of a secure tunnel model that reduces overhead and costs of implementing a service mesh in a sidecar-less fashion. If additional control of ports and protocols is required, Gloo Mesh can also support sidecar implementations of the Istio service mesh.
For platform engineers, Gloo Mesh means internal application traffic is:
- available (routing, high availability)
- secure (automatic mTLS)
- observable (out-of-the box or integrated with your existing tools)
With support for multi-tenancy, lifecycle management and integration with the API gateway, Gloo Mesh provides a holistic approach for maintaining traffic integrity to address business compliance.

The Simplicity of Ambient Mesh

With Istio ambient mesh, there’s no need for sidecar proxies anymore. The secure tunnel means most service mesh use cases are supported in a way that removes many of the complexities that used to be associated with Istio. With ambient mesh, you get the benefits of the Istio industry standard, but using fewer of your compute resources … and making it easier to manage.
The ambient mesh secure tunnel still manages and monitors each application’s incoming and outgoing network traffic, but it operates at the node level. Ambient mesh was designed in a way that doesn’t sacrifice security or functionality and maintains the core features of Istio:
- zero trust security
- telemetry
- traffic management
The Power of Istio
Istio is the leading service mesh available today. The open source project is being graduated by the CNCF and is supported by the leading Kubernetes solution vendors (Solo, Google, Microsoft, Red Hat, and others). Istio has also been evolving to include multiple modes of deployment: with or without sidecars.
By introducing ambient mesh, Istio implementations are easier to deploy and manage for most use cases. For advanced use cases, the sidecar deployment model of Istio is still available to allow for a more in depth way to fine tune the set of ports and protocols that the proxy will accept for each pod. Solving the challenges of multi-cluster routing/failover, multi-tenancy and enhanced security can be addressed using the capabilities built into Istio.
For use cases that require an extra level of protection, using sidecars makes it easier to access or change security features without changing the rest of the application.
- strictest separation between services for security
- define ports and protocols allowed for incoming traffic
- restricting the set of services when forwarding outbound traffic
With or without sidecars, Gloo Mesh makes Istio easier to deploy and manage regardless of where you are in your service mesh journey.

More Than Upstream Istio
When you build your solution with Gloo Mesh, you’re enjoying benefits that extend far past simply downloading the upstream Istio code. Our customers see these benefits in what they get from support and the Solo innovations on top of what the Istio community offers.
One of the largest benefits customers get from Gloo Mesh is in the lifecycle support. Instead of being an anonymous participant of the upstream community, Gloo Mesh users are engaging with the leaders of the community. Gloo Mesh customers get even more:
- 24/7 customer support
- N-4 Istio version support
- Insights of the future of Istio
You also have the benefit of Solo innovations that are ahead of where the community is today.
- FIPS certified release that has been verified by a third-party laboratory
- Ambient Mesh supported in production well ahead of community readiness
- Extending the CNI functions to improve security with Gloo Network integrations

Connect with Network Security
Gloo Mesh and Gloo Network can combine to deploy even deeper security for your Kubernetes implementation. With Gloo Network, you can harness the power of Cilium in the Gloo ecosystem. Combine the application security of Istio and Gloo Mesh with the layer 4 and layer 3 network security of eBPF and build out the security profile of your containerized applications.
- Control traffic with policies
- Enhanced performance
- Central Gloo management
Include GraphQL

Your internal services are designed to communicate through APIs. For developers to connect to another service, they need to be able to learn about the available APIs and interact with the APIs available for them to use. GraphQL simplifies developer access to APIs.
- Combine developer-friendly GraphQL with Istio’s ability to secure, manage, and observe application traffic
- Simplify how developers build their next set of modern applications
- No additional GraphQL Servers required!
Solve Real Problems with Gloo Mesh
Gloo Mesh is frequently deployed for the following use-cases:
- Managing 3rd-party Istio service mesh deployments with long-term support
- Replace homegrown or open source service mesh with Enterprise Istio Service Mesh
- Integrated security and advanced routing for Kubernetes clusters
- Advanced multi-cluster routing for Kubernetes clusters
- Integrated zero trust aecurity
- Support for FIPS-certified distribution
- Integrated observability
- Application modernization
- Replacing Red Hat OpenShift’s integrated service mesh
- Replacing AWS, Azure or GCP native service mesh

At the core of Solo.io’s product offerings is Gloo Platform, which integrates API gateway, service mesh and networking technologies into a unified application networking platform. Gloo Gateway enables customers to significantly reduce their API gateway footprint (vs. legacy API gateways), as well as improve overall scalability and reduce application latency.
