Tetrate officially launched on March 13, announcing its enterprise service mesh platform that is built on top of the open-source Istio and Envoy projects.
The concept of a service mesh has been an emerging trend over the past year as an approach that enables networking connectivity and security policies to be managed and deployed in a fabric that can span multicloud environments. Among the leading proponents of the service mesh idea has been the open-source Istio project, whose co-founder Varun Talwar is now leading Tetrate as CEO.
“At Tetrate, we are building a next-generation networking product that is more secure, flexible and ranges from the ingress to the workload to a running service,” Talwar told eWEEK. “It’s all built using Envoy and Istio as components, and we are enabling our platform not just for Kubernetes and containers, but also for virtual machines [VMs] and bare metal for both on-premises and cloud deployment.”
The open-source Envoy project is part of the Cloud Native Computing Foundation (CNCF) and was originally developed by ride sharing company Lyft. Envoy is a service mesh reverse proxy technology that is used to help scale microservices data traffic. Multiple vendors, including Google, IBM, AWS, F5 Networks, Avi Networks and VMware, have embraced the Istio and Envoy model and have announced their own services based on the technology.
Alongside Tetrate’s official launch, the company also announced that it has raised $12.5 million in funding led by Dell Technologies Capital with participation from 8VC, Intel Capital, Rain Capital and Samsung NEXT.
Security
Tetrate aims to differentiate itself from others in a number of ways, including user experience and security capabilities. Istio by default does not have a secure configuration, which security vendor Twistlock has identified as an area of concern.
Talwar said that Tetrate is looking to make its platform pluggable with existing security infrastructure that organizations already have deployed. He added that Tetrate is also making the promise of providing an identity for every workload at scale. Additionally, Talwar said that his firm’s technology is providing an enhanced approach to authorization that can unify a variety of controls.
“You can specify access controls for users and services in a consistent fashion and be able to enforce that uniformly,” Talwar said.
Creating a uniform policy across a distributed service mesh deployment is no easy task. The Kubernetes container orchestration system, for example, integrates with Role Based Access Control (RBAC), but the goal of Tetrate is to have a uniform policy that stretches beyond Kubernetes. Talwar said Tetrate plans on announcing an open-source tool in the coming weeks that will help organizations with security policies.
How Tetrate Works
With Kubernetes deployments, Istio to date has been deployed in an approach known as a side car proxy. With that approach, the service mesh is deployed in a cluster alongside other running containers and works as a proxy for policy and traffic. For non-Kubernetes deployments, using the side car approach isn’t always possible, which is where Tetrate has invested resources to develop what Talwar referred to as the company’s “secret sauce” for deployment.
“We have figured out a way to set up the service mesh in a gradual, incremental way, where you can have it as an ingress to the application running on VMware or bare metal and then even as a side car,” Talwar said. “That’s one of the key places where we bring our differentiation on top of the Istio and Envoy projects.”
Overall, having a uniform policy and an approach that enables the service mesh to be deployed across different types of environments is what Talwar sees as the key to success for his startup.
“The premise and the promise of service mesh is that it’ll provide a consistent policy experience,” he said. “But if 85 percent of your workloads are on VMware, you don’t want to only have consistency for the other 15 percent. We’re trying to deliver the promise of consistent experience by covering all infrastructure.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.