This next evolution is called Istio Ambient Mesh, which is touted as a next-generation architecture that provides increased flexibility, security, and performance for cloud-native applications. Along with Google, Solo.io is a lead developer of Istio, which is an open-source service mesh layer that helps connect, monitor, and secure containers in Kubernetes clusters.
Containers are used to host the components of modern applications, while Kubernetes is an orchestration tool used to manage various nodes, which consist of one or more containers, along with file systems and other components. A microservices architecture can have dozens of different nodes, each representing different application features and functionality. Kubernetes is used to manage the availability and resource consumption of these nodes, adding pods as demand increases. Istio injects additional containers into the pod for security, management, and monitoring.
Solo.io explains that the Istio community has come up against a number of challenges as their applications evolve. Some of the issues include not being able to increase the performance of applications that use a service mesh, reducing the computational and memory overhead needed to run it, and simplifying the ongoing operations of service meshes.
Additionally, it has become apparent that there is a need for greater flexibility for applications that do not require all of the functionality offered by Istio. And enabling multitenancy for apps using Istio has proven difficult, the company said.
Istio Ambient Mesh is designed to solve these problems by providing more flexible architectural choice. Until now, Istio has always been centered on a “sidecar” architecture model that ensures maximum security and observability. Solo.io now realizes that a “sidecarless” architecture might be more suitable for some users, as it will give them more flexibility to choose which Istio features they want to apply to their apps.
With this in mind, Istio Ambient Mesh supports a “sidecarless” architectural pattern that moves proxy functionality from the pod level to the node level to help improve overall application performance with more configurable capabilities. granular. With this option, users will see their compute and memory costs reduced by 10 to 20 times, Solo.io said.
Other benefits include a more seamless experience for applications, simplified operations, and easier deployment of system upgrades and new applications into an existing service mesh. Finally, Istio Ambient Mesh provides a new optional security element called the Policy Enforcement Point.
Solo.io co-founder and managing director, Idit Levine, said Istio Ambient Mesh offers a new level of flexibility for companies working with Istio, helping them improve performance and ease of use while reducing the costs.
“Our work on the Istio Steering Committee and the Istio Technical Oversight Committee has placed us in a unique position to chart the course for Istio,” Levine said. “We have customers executing 30 billion transactions per day, and the number, scope, and scale of these workloads continue to grow. Istio Ambient Mesh allows enterprises to tune cost, observability, and performance based on the needs of their individual applications. It is a first on the market and a “must have” for modern companies. »
Holger Mueller of Constellation Research Inc. said Solo.io evolved Istio quickly and didn’t stop to reevaluate previously untouchable design principles, such as the sidecar concept. “The result is that Istio’s services and capabilities have been moved closer to the container or application core, and that’s a move that has both advantages and disadvantages,” he explained. . “But it’s good to see progress and increased choice for Istio users. Executives will also expect improvements in performance, scalability, and cost from this move. Only the future will tell.”
Early adopters have welcomed the update. Joe Searcy, a technical staff member at T-Mobile USA Inc., said the biggest enemy of service mesh adoption has always been the complexity involved. So he’s excited to see how Solo.io makes things easier with today’s update.
“The resources and operational overhead to manage the service mesh for a large enterprise has continued to make adoption cumbersome, even as projects like Istio have worked to reduce complexity,” Searcy said. “The opportunities offered by Ambient Mesh are extremely exciting. With better transparency for apps, fewer moving parts, simpler invocation, and huge potential to save compute resources and engineering hours, all I can say is: sign me up !”
Istio Ambient Mesh is now available as part of the existing Istio open source project. It is also available in beta as a technical preview in Gloo Mesh, which is the commercial and managed version of Istio by Solo.io. It should be generally available later this year with the upcoming release of Solo.io Gloo Mesh 2.1.