Virtualization Technology News and Information
VMblog Expert Interview: Idit Levine of Talks WebAssembly Hub, and Creating an Open Future for Simple and Secure Service Mesh and Orchestration

interview soloio levine 

Istio 1.5 was recently announced, with key enhancements that include a new model for extensibility.  The Google team worked closely with the team at who built the WebAssembly Hub, a service for building, sharing, discovering and deploying Wasm extensions.  With the WebAssembly Hub, Wasm extensions are as easy to manage, install and run as containers.  According to IBM's developer blog on Istio 1.5, "think of them like Docker images for Enjoy proxy to easily extend the platform."

To learn more, VMblog spoke with Founder and CEO Idit Levine on Istio 1.5, the WebAssembly Hub, and creating an open future for simple and secure service mesh and orchestration.

VMblog:  Can you give us an overview of WebAssembly Hub and your work with the Google and Istio team?

Idit Levine:  The work began back in December 2019 when we announced WebAssembly Hub. With that initial release we provided a developer workflow to quickly and easily build, share and deploy WebAssembly (Wasm) modules for Envoy proxy. As part of that release we added beta support for WebAssembly in Gloo, our API gateway which is built on Envoy proxy. 

Since then we've been collaborating with the Google team and Istio community to make WebAssembly consumable and accessible to more developers by building the best user experience for WebAssembly on Envoy. This joint effort is what you see in the latest Istio 1.5 release and the WebAssembly Hub announcement. A new model for extensibility in Envoy and Istio and updates to the WebAssembly Hub.

This collaboration included key areas of work including standards, user experience and team collaboration for Wasm modules. Here are more details:

  • Standards - We have defined an open spec for the bundling and distributing of any type Wasm modules as OCI image. Envoy proxy extensions are one example of a Wasm module, making the spec more universally applicable. More information on the spec can be found here:
  • Developer Experience - Provide a "Docker like" developer experience with easy pull, push and run, multi language support (out of the box C++, Rust and AssemblyScript with more coming soon), and automating version matching and cryptographic security.
  • Deployment Experience - A new WebAssembly Hub Operator uses declarative CRD-based configuration to deploy, configure and manage Wasm filters to the proxies.
  • Team Collaboration - WebAssembly Hub provides role based access, user and organization management to enable collaboration between developers and operators in building, sharing and deploying extensions.

VMblog:  How is impacting the transformation journey to cloud-native?

Levine:  Our mission at is to help organizations with their cloud-native transformation, no matter where they are on that journey - specifically to meet them where they are and provide a path that enables them to extend the life of their existing IT investments and iteratively transform them while adopting new technologies. We believe this is critical because it is not realistic for businesses to throw away their existing apps or wait until it is completely rewritten to provide new value (features and services) to their customers.

Our technology portfolio is designed to address three key phases of the journey from the modernization to microservices (Gloo), the adoption of service mesh (Service Mesh Hub) to enabling an adaptive mesh environment. WebAssembly Hub helps with the extensibility and customization of these environments because many application networks are enabled by Envoy proxy either at the edge or within the service mesh.

VMblog:  What makes WebAssembly (Wasm) a safe, secure, and dynamic environment for platform extension?

Levine:  WebAssembly (Wasm) is a fast, efficient, portable binary instruction format, providing an embeddable and safe execution environment for platform extensions. Wasm is a popular way to extend web based applications, where it provides security (by running in a sandbox), speed (running 50%-70% as fast as native C++), and portability. Wasm extensions are isolated from Envoy, thus making no changes to the Envoy code itself and providing resiliency if there is a failure. Additionally extensions can be dynamically added or modified to a running Envoy process without having to recompile or restart the environment. 

VMblog:  What does support for WebAssembly Hub and Gloo look like now?  And what can we expect from future support?

Levine:  With the 1.0 release of Gloo API gateway back in November 2019, we added early support for Wasm extensions and end users can start building their own extensions. Because Gloo is built on Envoy Proxy, it will support additional languages and capabilities of Wasm as they are supported in upstream  Envoy.

VMblog:  What has the reception been like among customers and partners?

Levine:  There has been a lot of interest in our innovation in this area, and we've been working hard to further the capabilities of WebAssembly Hub and the workflows it supports. The community is interested in building Wasm extensions for Envoy, Gloo and Istio. It's great to see the interest and creativity of the community in what they want to build for these solutions. Additionally, it has been great to collaborate with the Google team and the Istio community on the developer experience for Wasm with WebAssembly Hub.

VMblog:  Now that WebAssembly Hub fully automates the process of deploying Wasm extensions to Istio, how will this improve the developer experience?

Levine:  Our goal here is to build a "Docker-like" experience for developers using Wasm with the WebAssembly Hub. The workflow to build, publish, discover and deploy Wasm extensions streamlines and automates a bunch of things on behalf of the developer so they can focus on writing extensions. This includes things like automatic versioning between the extension and the target Envoy/Gloo/Istio to avoid unwanted behavior or bugs.  Wasm uses an Application Binary Interface (ABI) within the Envoy proxy they are deployed to and WebAssembly Hub provides versioning guarantees between the extension and Envoy/Istio/Gloo. Second, we ensure the images are trusted to run safely in dev and production by storing and distributing them as OCI images. Wasm extension images are therefore versioned and cryptographically secure. Lastly, we'll continue to expand support for more languages as a key benefit of Wasm is the ability to write modules in many languages. Today we support C++, Rust and AssemblyScript out of the box.

VMblog:  Finally, what are your hopes for the future of the WebAssembly Hub community?

Levine:  Community means collaboration and sharing. Our hope is to go beyond the stage of learning and to start seeing the community build and share their extensions with others so that it sparks even more ideas and creativity.


Published Wednesday, April 08, 2020 7:32 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<April 2020>