DEVOPSdigest

Tetrate, founded by creators and maintainers of Istio and Envoy, announced the general availability of Tetrate Service Bridge (TSB), Golden Gate release.

This latest release combines API Gateway, a web application firewall (WAF), and service mesh capabilities into a single management plane, delivering the industry’s first cloud-agnostic unified application connectivity platform. By unifying these capabilities, TSB brings centralized governance and decentralized enforcement to application networking—essential for implementing zero-trust security across legacy and modern workloads.

TSB’s Envoy-based application networking layer dissolves the distinction between north-south and east-west traffic: it's all just application traffic. Developers can now apply capabilities traditionally available only in an API gateway to any part of their application topology from edge to workload. The TSB Golden Gate release includes API Gateway and a comprehensive set of API governance capabilities out-of-the-box.

"As enterprises scale their cloud-native application environments, robust application connectivity and networking become both critically valuable and increasingly complex,” said Brad Casemore, VP for Research, Datacenter, and Multicloud Networking at IDC. “Somewhat paradoxically, application networking is most valuable when it is unseen—simple to provision and operate, and unobtrusive, yet elastically scalable and secure across highly distributed environments, not getting in the way of developers and their applications. With the latest release of Tetrate Service Bridge, Tetrate is responding to this need, bringing increased simplicity to centralized control over edge-to-workload connectivity spanning multiple clusters, clouds, and compute resources."

Gaining access and knowing how to configure application-specific network and security policies can be challenging for developers and ultimately impacts productivity. At the same time, networking and security teams lack the means to enforce policy mandates and ensure their implementation. This disconnect between access and knowledge leads to non-compliant networking and inconsistent policy enforcement, which then leads to security breaches. With the Golden Gate release, TSB enables developers to configure policies for their applications without needing to learn the complexities of new technologies like Envoy and Istio, while still being able to harness their power.

TSB is also now available as a fully-managed, Tetrate-hosted service, in addition to self-managed deployment. The TSB managed service greatly reduces the initial investment required to begin using zero trust architectures, encourages experimentation, and further reduces complexity for customers. The managed service can be used for pilot projects, smaller projects, or for all projects, depending on the needs of each customer.

“Application architectures are increasingly becoming distributed in nature,” said Varun Talwar, CEO and co-founder of Tetrate. “When combined with the need for multicloud infrastructures, application networking, and security policies, management becomes a complex problem. TSB elegantly simplifies this challenge with its management plane, a layer that binds the runtime system to the users and teams. Enterprises can implement controls for regulatory requirements with confidence and maintain many unrelated teams on the same infrastructure without shared-fate outages.”

The Golden Gate release comes on the heels of a highly successful year where more than 20 Fortune 500 organizations in financial services, healthcare, and retail adopted the original version of TSB, increasing the number of clusters under management by 10X year-over-year. Customers provided invaluable feedback toward key features of the new release, including:

- A unified application connectivity platform to deploy and manage WAF, API GW, service mesh, and egress controls

- A clean, declarative application developer experience to configure application traffic and security controls, where they can be defined once and applied anywhere

- ​​A single management pane to manage application traffic across heterogeneous environments including Kubernetes, virtual machines, bare-metal servers, on-premises, and in the cloud

- Multitenancy: creating tenants for teams within a business to define fine-grained access control and editing rights and to maintain zero trust as a standard; auditing changes to services and shared resources from start to finish

- Next-generation, out-of-the-box API governance with just enough baked-in API gateway capabilities for ease of use

- Deployment of WAF with blessed configuration wherever it’s needed, edge to workload, not just at a single firewall

- Deployment and lifecycle management of service mesh (Istio and Envoy) across multiple Kubernetes clusters

- Application-level segmentation: secure applications, not (just) networks