This next evolution is called Istio Ambient Mesh, which is billed as a next-generation architecture that provides greater flexibility, security and performance for cloud-native applications. Alongside Google, Solo.io is one of the lead developers of Istio, which is an open-source service mesh layer that helps to connect, monitor and secure containers in Kubernetes clusters.
Containers are used to host the components of modern applications, while Kubernetes is an orchestration tool that’s used to manage various nodes, which consist of one or more containers, along with file systems and other components. A microservices architecture might have dozens of different nodes, each representing different app features and functionality. Kubernetes is used to manage the availability and resource consumption of those nodes, adding pods as demand increases. Istio injects additional containers into the pod to provide security, management and monitoring.
Solo.io explains that Istio’s community has come up against a number of challenges as their applications evolve. Some of the problems include being unable to boost the performance of apps that use a service mesh, reducing the compute and memory overheads required to run it, and simplifying the ongoing operations of service meshes.
In addition, it has become clear that there’s a need for greater flexibility for applications that do not require the full capabilities offered by Istio. And enabling multitenancy for applications using Istio has proven to be challenging, the company said.
Istio Ambient Mesh is designed to solve these problems by providing a more flexible architectural choice. Until now, Istio has always been centered on a “sidecar” architecture model that ensures maximum security and observability. Solo.io now realizes that a “sidecar-less” architecture might be more suitable for some users, as it will give them more flexibility to pick and choose which of Istio’s capabilities they want to apply to their apps.
With that in mind, Istio Ambient Mesh supports a “sidecar-less” architectural model that shifts proxy functionality from the pod-level to the node-level to help improve overall application performance with more granular configuration capabilities. With this option, users will see their compute and memory overheads reduced by 10 to 20 times, Solo.io said.
Other benefits include a more transparent experience for applications, simplifying operations and making it easier to deploy system upgrades and new applications into an existing service mesh. Finally, Istio Ambient Mesh delivers a new, optional security element called policy enforcement point.
Solo.io co-founder and Chief Executive Idit Levine said Istio Ambient Mesh provides a new level of flexibility for companies that work with Istio, helping them to boost performance and ease of operation while reducing costs.
“Our work on the Istio Steering Committee and Istio Technical Oversight Committee has placed us in the unique position to chart the course of Istio,” Levine said. “We have customers running 30 billion transactions a day — and the number, scope, and scale of these workloads is always increasing. Istio Ambient Mesh allows companies to adjust for cost, observability, and performance based on their individual application needs — this is a market first, and a ‘must-have’ for modern enterprises.”
Holger Mueller of Constellation Research Inc. said Solo.io has been evolving Istio quickly and has not stopped at re-evaluating previously untouchable design principles, such as the sidecar concept. “The result of this is that Istio’s services and capabilities have been moved closer to the container or application core, and it’s a move that has both pros and cons,” he explained. “But it is good to see the progress and increased choice for users of Istio. Executives will also expect performance, scalability and cost advances from this move. Only the future can tell.”
Early adopters have welcomed the update. Joe Searcy, a member of the technical staff at T-Mobile USA Inc., said that the biggest enemy of service mesh adoption has always been the complexity involved. So he’s pretty excited to see how Solo.io is simplifying things with today’s update.
“The resource and operational overhead to manage service mesh for a large enterprise has continued to make adoption cumbersome, even as projects like Istio have worked to decrease complexity,” Searcy said. “The opportunities that Ambient Mesh provides are extremely exciting. With better transparency to applications, fewer moving parts, simpler invocation, and huge potential in savings of compute resources and engineering hours, all I can say is: Sign me up!”
Istio Ambient Mesh is available now as part of the existing open-source Istio project. It’s also available in beta as a tech preview within Gloo Mesh, which is Solo.io’s commercial, managed version of Istio. It’s expected to become generally available later this year with the upcoming Solo.io Gloo Mesh 2.1 release.
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.