Ready for KubeCon + CloudNativeCon 2023? Attending the show? Make sure to visit with Tetrate.
KubeCon + CloudNativeCon takes place November 6 - 9, 2023 in Chicago, Illinois.
Read this exclusive interview between VMblog and Devin Davis, VP of
Marketing of
Tetrate, the company bringing Istio and Envoy to the enterprise.
VMblog: If you were giving a KubeCon attendee a quick
overview of the company, what would you say?
How would you describe the company?
Devin Davis: Tetrate provides application networking and security
solutions, powered by open source projects like Istio and Envoy. The company
delivers a suite of products including service mesh and API gateway for
enterprises increasing their rate of application delivery in multicloud and
hybrid environments. As applications evolve into collections of decentralized
microservices, monitoring and managing the network communications and security
among those myriad services becomes challenging. This is why some of the
largest financial institutions, governments and other enterprises rely on
Tetrate to help them innovate with speed and safety.
VMblog: Your company is sponsoring this year's
KubeCon + CloudNativeCon event. How can
attendees of the event find you? What do
you have planned at your booth this year?
What type of things will attendees be able to do at your booth?
Davis: Attendees can find us at booth L12. We’ll be talking about the tech preview of our new Envoy offering. The new product provides a quick path to getting started with Envoy, and easy operations once in production. There will be popcorn at our booth and coffee just steps away, and we’re entering folks to win an e-bike if they come by for a chat.
VMblog: What do you attribute to the success and
growth of the cloud native space?
Davis: The
diversity of application use cases that the cloud native community of projects
and professionals has made possible is breathtaking. In less than 10 years, the
community has grown from Kubernetes to more than 150 different projects, all
powered by open source licenses and open communities. The growth of the cloud
native space is driven by a combination of the right idea (CNCF) at the right
time (the acceleration of cloud adoption) and the right market circumstances
(continuous differentiation powered by software). We're happy to be a part of
it, providing zero trust architecture and gateway proxy solutions that simplify
the consistent application of security policies to keep cloud native developers
moving at the speed of innovation.
VMblog: Do you have any speaking sessions during the
event? If so, can you give us the
details?
Davis: We're
co-sponsoring the Day of Security on Monday with Chainguard and Sysdig. The
event includes technical sessions digging into Falco, Wolfi, and Istio open
source projects. This free event is open to all participants, but pre registration is required.
Separately, anyone interested in zero trust should come hear
one of the author's of the NIST standard on zero trust, Tetrate Founding
Engineer Zack Butcher, talk about "Identity-Based Segmentation: An Emerging Standard for
Zero Trust from NIST". It happens at 2:30 on Wednesday, November 15.
Zack will talk about how zero trust replaces implicit trust
(perimeter security and network access) with explicit trust (identity and
runtime authorization). This means authenticating and authorizing workloads in
addition to end users, driving new patterns like identity-aware proxies and the
service mesh for enforcing access. He'll talk about the NIST Special
Publication 800-207A on a Zero Trust Architecture model for access control in
cloud native applications in multi-location environments. His talk presents a
succinct and easy-to-understand definition of a "zero trust
architecture" and discusses how a common use case-application
communication from cloud to on-premises through a DMZ-can be simplified with
identity aware proxies (and policy!), leading to improved security without
sacrificing organizational agility.
VMblog: Can you double click on your company's
technologies? And talk about the types
of problems you solve for a KubeCon + CloudNativeCon attendee.
Davis: The best way to address this is by providing a quick overview of the products–beyond the Envoy product we're launching on Tuesday.
With Tetrate Istio Subscription (TIS) users build their own
service mesh deployment with the closest commercial product to the upstream
open source Istio code, supported by the Tetrate team, which includes Istio
co-creators. This product is a FIPS-verified Istio build with FIPS-validated
open source crypto. It includes N-4 support from the current Istio version and
Kubernetes compatibility testing.
Tetrate Service Express (TSE) is how users unlock service
mesh value fast for agile teams on Amazon EKS. It provides quick installation
on EKS, including native integration with AWS services like Route 53 and NLB
and one-step encryption between services with mTLS. TSE is the only Istio-based
service mesh to offer automated failover across EKS clusters and AWS regions
along with an integrated view of metrics, events, logs and traces.
Tetrate Service Bridge (TSB) is our platform solution for
service mesh technology, offering security, high availability and observability
across any cloud and on-prem. Specifically designed for the most complex
multi-cloud, multi-team, multi-environment organizations, TSB delivers
enterprise-wide multi-tenancy with fine-grained access control by role. This
product also automates policy enforcement by organizational hierarchy and
automates VM onboarding.
VMblog: While thinking about your company's
solutions, can you give readers a few examples of how your offerings are
unique? What are your differentiators? What sets you apart from the competition?
Davis: Our
offerings are unique for three reasons. First, our engineering team helped
create the core Istio and Envoy open source projects that our products are
based on. Tetrate customers get support from people who know the underlying
technologies inside and out. Second, our product are closely aligned with the
pure open source projects they're based on. This gives our customer the
confidence of knowing they're protected
from proprietary lock in. Finally, our products provide a rapid certification
path for FIPS and FedRAMP certifications, which are table stakes for users in
highly regulated industries.
VMblog: Are
companies going all in for the cloud? Or
do you see a return back to on-premises?
Are there roadblocks in place keeping companies from going all
cloud?
Davis: The
rebound to on-prem is largely driven by cost management among companies with
sufficiently deep operations capabilities that they can reliably run their own
infrastructure, especially for workloads without a great deal of scaling needs
or those that require very specific networking, security or audit standards
that can best be achieved on prem. That said, the ongoing growth of public
cloud services is not slowing appreciably, so we see opportunity in both areas.
VMblog: The keynote stage will be covering a number
of big topics, but what big changes or trends does your company see taking
shape as we head into 2024?
Davis: The
biggest trend we see in our space is the convergence toward a standard in zero
trust. With the finalization of NIST publication 207A, anyone creating or
operating software for the U.S. Federal Government has an approved zero trust
architecture roadmap to follow. This removes uncertainty on which zero trust
approaches will win out, and it gives vendors and developers a reliable
standard to follow. As a result, we expect zero trust to gain in momentum
throughout 2024.
VMblog: Do you have any advice for attendees of the
show?
Davis: Walk the
marketplace floor and talk to people. You can learn a lot just by chatting up
people at their booths that goes way beyond the products or services they're
selling. KubeCon has evolved to become one of the most valuable networking
events in our industry, so take advantage of that!
##