Kubernetes / Networking / Service Mesh

Tetrate Service Bridge to Close Enterprise Application Networking Gap via Service Mesh

14 May 2021 9:00am, by

At some point, you’ve got to stop building something you think people need and start putting it out there to test in the market. You have to go get users. This is where the first engineers of the Istio service mesh at Google found themselves about four years ago. But, like many things in the still-emerging cloud native space, the first response was: Well, what is it? Who else is using it?

Zack Butcher, among those first engineers who have been working with service mesh, and is now on the Istio contributor and steering committee, said that three or more years ago, anyone could’ve been the first user. Now we know Istio is a mechanism that allows you not only to connect services but to secure and observe each service and to control how they communicate with each other.

Makes sense right? But what if Istio only works with Kubernetes? What if your organization is still transitioning from a monolithic environment? With multicloud or hybrid cloud or on-premise — or a mix? How can an enterprise secure all these disparate, distributed services of all sizes?

Butcher and a few co-founders of Tetrate built the Tetrate Service Bridge to act as an application connectivity platform or a technical bridge to take you from those legacies to those modern environments, and to increase reliability and availability. Also called TSB, it looks to solve the issue of networking for heterogeneous workloads.

Tetrate Service Bridge, built on Istio and now in general availability, presents itself as the solution to enterprise-grade challenges that can’t be just abstracted out with a Kubernetes layer. The Tetrate team has built out the core set of functionality around controlling traffic across an entire fleet of services, from the edge to the mesh.

Butcher says TSB bridges the gap between having service mesh capabilities and actually realizing those capabilities in a way that is safe.

He said, “This service mesh is great, but how do I actually use it in my enterprise? How do I change my process to take advantage of the mesh? And actually changing processes is really expensive, so how do I not change my process either?”

And those enterprise processes aren’t simple either. They look to use service mesh to enforce security and compliance requirements. Or to gain control and visibility across entire complex infrastructures. How to put security controls in place across highly heterogeneous environments.

“Service mesh serves a lot of problems I have but you are telling me I can only have it in Kubernetes? I want those things to help me get from my legacy to a modern environment, not already in that,” Butcher said.

TSB helps you manage across the full breadth of compute, connecting Kubernetes and legacy infrastructure. He gives examples you can use to link with Istio and Envoy and just start assembling your application network.

“Tetrate Service Bridge is a platform for applications to communicate securely and successfully without having to get into the weeds of what lives there.”— Zack Butcher, Founding Engineer, Tetrate

Butcher says then there’s the enterprise management side, teams need to be able to prove they are using service mesh correctly and securely. He says TSB enables teams to divvy up their physical infrastructure and cloud-based environments, with multitenancy and controls, so you can use service mesh to “do cool things at runtime.”

The connectivity tool works not only with Istio and the Envoy proxy but also Apache Skywalking, enabling observability across whole systems.

They are clear that while they are a tool to ease the use of these open source tools and the whole Tetrate team is contributors to the open source projects they depend on, they are not an open core company, intentionally.

“In my opinion, there’s this really big tension in open-core companies. If me, as a developer, I have to decide project or product that people pay for — he doesn’t want to make the value prop decision,” Butcher explained.

He continued, “We are building a layer on top of the open source pieces. We are assembling these open source pieces together in a coherent system.”

Another part of this decision is that, since they are still essentially using open source tools, enterprises can do so in a relatively cheap way through Tetrate.

Butcher points to the fundamental difference between enterprise closed source products like TCB and the open source projects it serves.

“Capabilities go in open source and then how you manage those capabilities and how you use them within an organization, that’s what you put in the product,” he said.”

While they only went fully public with TSB in April, they built it alongside adopters from the start.

Butcher, paraphrasing Socrates, said that after the “pain of adopting Istio — we were in a cave without users” they were determined to build hand in hand with users.

One such early adopter was FICO, the organization that creates the predominant credit risk score in the U.S. One emerging use case for service mesh is encryption in transit to ensure compliance to ever-changing regulations and standards from HIPAA and GDPR to automate enforcement of PCI-DSS controls. This is especially crucial when financial institutions are still transitioning to microservices architecture.

FICO has been using Istio since 2019 but needed Tetrate to operationalize Istio for PCI compliance, which mandates that all data is encrypted in transit and remains encrypted when “at rest” in databases.

This March, Tetrate also announced it had raised $40 million in Series B funding, led by Sapphire Ventures.

Feature Image par Полина Андреева de Pixabay

A newsletter digest of the week’s most important stories & analyses.