Aporeto's Istio Solution Diagram

To address this opportunity, we are excited to offer qualified design partners access to the beta of Aporeto for Istio. Aporeto’s comprehensive microservices security platform and multi-platform application segmentation solution provides a unique security policy overlay for Istio. Aporeto for Istio combines easy and intuitive policy definition, distribution and enforcement with native Istio integration and enforcement. It helps development and security teams define Istio security policy, provides comprehensive visibility across all applications in the environment and provides a uniform security layer that extends from Istio to legacy applications.

Aporeto support for Istio provides the following benefits on an Istio environment:

  • Powerful and intuitive Istio authorization policy creation and management that leverages Envoy proxy for enforcement through an Aporeto Mixer adapter.
  • Uniform security policy across heterogeneous environments, so that your Istio service mesh environment can securely integrate with other Kubernetes, virtualized and even non-containerized workload environments and external APIs.
  • Enforcement of security policies in multi-cluster Istio environments to support customer applications requiring geo-redundancy or environmental segregation requirements.
  • End-to-end visibility and audibility for your application communications across service mesh and non service mesh environments helping with security compliance.
  • Security vulnerability management, threat detection, behavioral profiling, security auditing, alerting and orchestration in Istio environments.

The Aporeto integration with Istio is performed through the existing models of Istio architecture and can be introduced without any modifications of an operational service. It consists of an Istio Mixer adapter that provides authorization and data collection services and an Istio pilot web-hook that is extending the identity of services with the powerful multi-attribute model.