Tetrate Announces General Availability of Istio Subscription 

Tetrate, the application-aware networking and parent company to Istio, the Kubernetes service mesh, has unveiled Tetrate Istio Subscription (TIS). This offering combines unwavering expert support, industry best practices, continuous protection against Common Vulnerabilities and Exposures (CVEs) in open-source components, and a streamlined path to achieving Federal Risk and Authorization Management Program (FedRAMP) compliance.

Istio, for those of you who don't know, is an open-source service mesh that connects, monitors, and secures containers in a Kubernetes cluster. Built on top of the open-source Envoy proxy, it enables microservices sharing distributed applications to communicate and work with one another. As Matt Klein, Envoy's creator, wrote, Istio provides modern microservice and cloud-native applications with a "unified control plane that ties the pieces together in a coherent way."

Istio's features include:

• Connecting, monitoring, and securing containers in a Kubernetes cluster

• Automating application network functions

• Controlling how microservices share data with one another

• Integrating into any logging platform, telemetry, or policy system

• Abstracting the control plane and data plane from the applications and physical infrastructure

Istio is used by architects and engineers alike in building cloud-native applications or following microservice architecture approaches. As a service mesh, Istio is independent of any specific programming language. While natively, it works only with Kubernetes, you can write extensions enabling it to run on any cluster software.

To get back to TIS, it's built upon the Tetrate Istio Distro (TID). This is a Tetrate open-source project that offers verified Istio builds compatible with major cloud platforms. In addition to this, TIS enriches the Istio experience with training, architectural workshops, expert enterprise production support, best practices, and extended CVE support.

The latter CVE feature provides six additional months of backported patches, supplementing the eight months of support offered by the Istio project. This extended support allows teams to minimize the frequency of upgrades between Istio versions. TIS also fully complies with NIST 207A, the publication that defines the US federal zero-trust architecture standard.

Tetrate's founder, Varun Talwar, reflecting on Istio's journey, said, "Istio started life as an open-source project created by engineers at Google, who then left to start Tetrate. When Istio became a Cloud Native Computing Foundation (CNCF) project, it began a steady march toward maturity. Now, with the project graduated, we have a mature and proven application networking technology that’s standardized by NIST and acceptable to a wide array of Federal and large enterprise decision-makers. A supported, open-source, enterprise-ready version of Istio is a big deal, and Tetrate has one."

While Talwar is very pleased, as he should be, I must agree. This new offering is a significant step forward in making Istio production ready for commercial users. Indeed, Istio is already in production with companies such as Boeing, CVS Health, and the Navy Federal Credit Union.

David Wang, Head of Product at Tetrate, added, "TIS gives enterprises the power of service mesh with the simplicity of a supported solution, all with the assurance and risk-mitigation of a widely deployed open source technology stack that is FIPs certified and FedRAMP compliant. As a supported distro of fully upstream Istio, there is nothing proprietary to lock users in when they select TIS. Better yet, the TIS Starter Package makes it easy to install and get going quickly, along with enterprise-grade support from the people who helped create Istio and know it best."

Sounds interesting? Check out TIS. You'll be glad you did.

Noteworthy Linux and open-source stories:

• Super-long-term stable Linux Kernel arrives

• Ubuntu Desktop 23.10 arrives: A glimpse into Ubuntu Linux's future

• Nasty bug discovered in widely used Linux utility curl, and patches already rolled out