DEVOPSdigest

Solo.io introduced Istio Ambient Mesh, an evolution of Istio and a next-generation architecture that gives applications and infrastructure teams greater flexibility, security, and performance.

The new framework meets the ever-changing requirements of forward-looking enterprises as they deploy more diverse applications at greater scale. Solo.io co-developed Istio Ambient Mesh with Google, and the new Istio Ambient Mesh architectural framework will be contributed to the Istio Project.

“Istio is the future of service mesh, and Ambient Mesh brings a whole new level of flexibility for companies that deploy Istio — along with ease of use, boosted performance, and reduced cost,” said Idit Levine, CEO and co-founder, Solo.io. “Since its inception five years ago, Istio has become the de facto service mesh standard. All along, we have listened to customers and recognized the need to enable larger, more diverse types of applications. Our work on the Istio Steering Committee and Istio Technical Oversight Committee has placed us in the unique position to chart the course of Istio. We have customers running 30 billion transactions a day — and the number, scope, and scale of these workloads is always increasing. Istio Ambient Mesh allows companies to adjust for cost, observability, and performance based on their individual application needs — this is a market first, and a ‘must-have’ for modern enterprises.”

Solo.io works with some of the largest production deployments of Istio in the industry and, given the company’s Istio community leadership, is well-prepared to meet these enterprise needs.

Until now, the Istio architecture has been centered around a sidecar architecture that ensured maximum security and observability. But as microservice architectures evolved, the need for a strict sidecar architecture for all applications has evolved, with many applications requesting the optimizations of a sidecarless architecture. Istio Ambient Mesh delivers both sidecar or sidecarless architectures, with a consistent control plane for any deployment model. Companies now have greater flexibility to deploy applications on Istio, while continuing to have a proven model for scaling and securing applications.

The Istio community receives a wide variety of feedback from users about how they deploy service mesh to enable microservices applications — everything from performance and security to resource utilization to ease of use. Istio Ambient Mesh addresses several challenges the Istio community has reported, including:

- Improving the performance of applications that use a service mesh

- Reducing the compute/memory overhead resources required for a service mesh

- Simplifying ongoing operations of the service mesh

- Enabling greater flexibility for applications that do not always require full Layer 7 services from the service mesh (for example, if only Layer 4 is needed)

- Enabling multi-tenancy applications using the service mesh, with the full flexibility of both high performance and high security

- Addressing the modularity of future technologies that may be incorporated into the service mesh

Istio Ambient Mesh offers a more flexible set of architectural choices, meaning that performance, security, and application offload can now be configured on a highly granular basis. The new framework also delivers on three critical areas that will improve the overall experience for Istio users. Istio Ambient Mesh:

- Enables a sidecarless architecture that moves the proxy functionality from the pod-level to the node-level, improving overall application performance — and this new architectural option delivers 10-20x less compute and memory overhead, significantly reducing overall cost.

- Delivers a fully transparent experience for applications, which will not only simplify operations, but also make it easier for system upgrades and new applications to be deployed into the mesh.

- Offers a new optional security element, PEP (“policy enforcement point”), that delivers full Layer 7 security inspection.

Istio Ambient Mesh is fully compatible with sidecar-based Istio deployments, and either sidecar or sidecarless deployments are managed by the Istio control plane. With the Ambient Mesh enhancements, Istio delivers both modes with a consistent control plane. Also, with Istio Ambient Mesh, there is no loss of platform or policy management capabilities on the overall service mesh, no loss of application-specific security and application offload capabilities, and no need for application or infrastructure teams to immediately learn new programming languages.

Istio Ambient Mesh is fully open source and part of the Istio project; it is also fully compatible with Istio. Istio Ambient Mesh is an optional configuration of Istio and can co-exist with previous configurations of Istio.

Istio Ambient Mesh is currently available in beta to Solo.io customers and will be fully GA in the upcoming Solo.io Gloo Mesh 2.1 platform release. It is currently available as a tech preview in Gloo Mesh.