Avi Networks takes service mesh beyond containers with integrated Istio

New WAF attack timelines show the start and end of a threat.
No more logs. See how →

Service mesh is more than just a technology for microservices and containers. Avi Networks sees it as the future of application delivery, security, and visibility, with the potential to reshape the nearly $12B market for application services (load balancing, security, and monitoring). Avi Networks unveiled Universal Service Mesh, adding two enhancements to the Avi Vantage Platform.

Avi is delivering ingress and gateway services to Istio to facilitate secure connectivity for Kubernetes applications across multiple clusters, regions, or clouds. These include L4-L7 traffic management, security including WAF, and observability.

Avi Networks is integrating Istio within its Avi Controller and extending service mesh features to applications running on bare metal servers or virtual machines. This enables customers to deploy a single service mesh across all of their applications, traditional and containerized, both on-prem and in public clouds.

“As IDC noted in a recent report, the Avi Vantage software-defined platform, with its decoupled control plane and proxy-based data plane, prefigured and anticipated the formal emergence of open-source service meshes such as Istio,” said Brad Casemore, Research Vice President, Datacenter Networks at IDC. “In that respect, the integration of Avi’s Universal Service Mesh with Istio is a logical progression.”

Casemore added “What’s more, Avi recognizes that enterprise customers will require service-mesh capabilities—for traffic management, security, and observability—not only within a Kubernetes cluster, but across multiple clusters, multiple clouds, multiple regions, and spanning applications running on a wide array of heterogeneous infrastructure (containers, virtual machines, bare metal).”

Avi’s Universal Service Mesh builds on Avi Vantage’s existing container services for Kubernetes and OpenShift, which include north-south (ingress) load balancing, global server load balancing (GSLB), web application firewall (WAF), and east-west traffic management across multi-cluster, multi-region, and multi-cloud environments. The integration of Istio enhances Avi’s capabilities with identity-based security, real-time application monitoring, and enterprise-grade authentication and authorization.

Features of Avi’s Universal Service Mesh include:

Universality

  • Multi-cloud: A single service mesh for clusters across on-premises data centers and public clouds,
  • Multi-infrastructure: Extended for both traditional and cloud-native applications deployed in virtual machines and bare metal servers in addition to containers,
  • Multi-cluster: Inter/intra-cluster traffic management and secure gateways,
  • Multi-region: GSLB for multiple regions and geo-aware load balancing.

Traffic routing

  • Ingress gateway with integrated IPAM/DNS, blacklist/whitelist and rate limiting,
  • L4-7 load balancing with SSL/TLS offload,
  • Automated service discovery and application map.

Security

  • Zero-trust security model and encryption,
  • Distributed WAF for application security and DDoS,
  • Single sign-on (SSO) integration.

Observability

  • Real-time application performance monitoring and tracing,
  • Big-data-driven connection log analytics,
  • Machine-learning-based insights and app health analytics.

“The Avi Universal Service Mesh exemplifies our original vision of enterprise-grade services for traditional and modern applications across multi-cloud environments,” said Ranga Rajagopalan, CTO and co-founder at Avi Networks. “Integrating Avi’s platform with Istio extends and enhances the security, observability, and traffic management features of the service mesh across clouds and application architectures beyond containers. Jointly, we will accelerate the adoption of modern application services in enterprises.”

The Universal Service Mesh will be available in multiple phases starting Q1 2019, with phase one including Istio-integrated ingress and gateway services for Kubernetes. The Universal Service Mesh can be deployed as SaaS or customer managed.

Are you protecting your users and sensitive O365 data from being leaked? Learn how Specops Authentication for O365 can help.