Istio: Weaving a Secure Service Mesh accepted

Abstract

With the rapid adoption of microservices, a new tool is needed to load-balance, route, secure and monitor the traffic that flows between microservices. Last year, Istio was announced by Google, IBM and Lyft, to address many of the challenges faced by developers and operators as monolithic applications transition towards a distributed microservice architecture. Istio provides an easy way to create a network of deployed services with load balancing, service-to-service authentication, monitoring, and more, without requiring any changes in service code, by leveraging many Envoy’s built-in features and extending it.

In this presentation, Lizan will focus on security features of Istio service mesh. He will first cover the overview of Istio and then describe and demonstrate the security features, how they help you secure service-to-service communication across clouds without application code changes, provide robust identity and strong authentication, and enforce powerful authorization policies for your applications. This includes live demo about key topics of Istio security:

  • Service-to-service authentication with mTLS, including identity provisioning and gradually adoption
  • End-user authentication with JWT
  • Role-based access control policies
  • Security stats monitoring

Video
Slides
Session Information
Confirmed confirmed
Starts On 9/7/18, 2:20 PM
Room Multi-Purpose Room 1
Session Duration Regular Session (60min)
Spoken Language English
Interpretation Available
Slide Language English