Tetrate Istio Subscription PlusVersion: LatestFrequently Asked Questions
Here is a comprehensive list of frequently asked questions and answers about Tetrate Istio Subscription Plus (TIS+):
General Questions
What is Tetrate Istio Subscription Plus (TIS+)?
Tetrate Istio Subscription Plus (TIS+) is a hosted Day 2 operations solution for Istio that is designed to simplify and enhance the workflows of platform and support teams. It provides production visibility across environments with self-service application troubleshooting for developers and rapid root cause analysis for admins. Key features include:
- A global status and troubleshooting console
- Service inventory
- Visualization of upstream/downstream dependencies
- Aggregation of Istio metrics across instances and environments
- Support for bring-your-own Istio (BYOI)
- Multi-tenant and role-based access control (RBAC) platform
TIS+ is built on some of the observability components of Tetrate's Service Bridge (TSB) product and is designed to provide a streamlined, easy-to-use observability experience for existing Istio deployments.
How does TIS+ differ from the regular Tetrate Istio Subscription (TIS)?
While Tetrate Istio Subscription (TIS) provides enterprise support and assurance for Istio, TIS+ adds global visibility for Istio with self-service application troubleshooting, rapid root-cause analysis tooling, and a live, global troubleshooting console. TIS+ is an add-on to TIS that enhances observability and troubleshooting capabilities.
What are the key features of TIS+?
TIS+ offers several key features:
- Global Service Dashboard: A centralized platform that consolidates metrics, traces, and logs.
- Multi-Cluster Visibility: Aggregates data from multiple clusters for a comprehensive view.
- Service Topology Visualization: Provides clear insights into service interactions across the entire mesh.
- Workspace-Based Access Control: Implements fine-grained access controls based on "workspaces."
- Bring-Your-Own Istio (BYOI) Support: Extends enterprise-grade support to upstream Istio deployments.
- Aggregated Metrics: Pre-aggregated metrics across all running instances.
- Distributed Tracing & Streaming Logs: Troubleshooting essentials to identify issues in services spread across clusters.
- Proxy Tools: Diagnostics for Envoy Proxies that are attached to Service workloads
Who is TIS+ designed for?
TIS+ is designed for:
- App Developers: Provides self-service application troubleshooting tools.
- Platform Teams: Offers global visibility and management capabilities.
- Support Teams: Enables rapid root cause analysis.
- Organizations using Istio: Particularly beneficial for those with multi-cluster or complex Istio deployments.
Technical Questions
How does TIS+ support bring-your-own Istio (BYOI)?
TIS+ supports BYOI by:
- Allowing customers to use their existing Istio deployments (within the expanded TIS support window of four releases behind the latest GA version).
- Enabling onboarding of BYOI clusters in a lightweight "observe" mode into TIS+.
- Providing a unified TIS+ user interface that centralizes the consumption of all metrics, distributed tracing, and live streaming logs from BYOI clusters.
How does TIS+ handle multi-cluster deployments?
TIS+ is designed to handle multi-cluster deployments by:
- Aggregating data from multiple clusters to provide a comprehensive view of services, regardless of their location.
- Offering a centralized platform that consolidates metrics, traces, and logs from all clusters.
- Providing a service topology visualization that shows service interactions across the entire mesh, spanning multiple clusters.
What environments does TIS+ support?
TIS+ supports a range of Kubernetes platforms. It has been tested on:
- Vanilla Kubernetes
- Amazon EKS
- Azure AKS
- Google GKE
TIS+ can work with Istio installations performed using helm, istioctl, or using EKS Addons or Azure Marketplace.
Usage and Implementation
How do I get started with TIS+?
To get started with TIS+, the following are the high level steps:
- Ensure you have access to the TIS+ Management Plane.
- Verify that all required TIS+ images are available in your target repository.
- Perform necessary pre-checks on your cluster.
- Follow the onboarding process to connect your Istio-enabled clusters to the TIS+ platform.
Please follow the Cluster Onboarding Guide for more details.
Comparison and Integration
How does TIS+ compare to Tetrate Service Bridge (TSB)?
While TIS+ and TSB share some components, they differ in several ways:
- Focus: TIS+ is focused on observability for existing Open Source Istio deployments, while TSB is a comprehensive service mesh management solution.
- Deployment: TIS+ is a hosted, cloud-based solution, while TSB is installed on customers' premises and is customer-managed.
- Scope: TIS+ works with existing Istio setups without modifying configurations, while TSB offers full lifecycle management for Istio.
- Features: TSB includes additional features like traffic management, advanced security features, and support for complex multi-tenant deployments that need full management of the data path.
Can TIS+ integrate with other monitoring tools?
While TIS+ provides its own comprehensive monitoring solution, it can complement existing monitoring tools. It aggregates Istio-specific metrics and provides unique insights into service mesh operations that can enhance the overall monitoring strategy when used alongside other tools.
How does TIS+ leverage Istio's built-in observability features?
TIS+ takes full advantage of Istio's built-in observability features:
- Metrics: It collects and aggregates the detailed metrics Istio generates about service-to-service communications.
- Distributed Tracing: It utilizes Istio's distributed tracing capabilities to provide end-to-end visibility of requests.
- Access Logs: It centralizes and analyzes the access logs generated by Istio for each request.
TIS+ abstracts Istio's Golden Signals into Service Oriented RED metrics that represent:
- Rate (the number of requests per second)
- Errors (the number of those requests that are failing)
- Duration (the amount of time those requests take)
Support and Maintenance
What kind of support is provided with TIS+?
TIS+ comes with enterprise-grade support from Tetrate, which includes:
- Extended Istio version support and CVE fixes beyond upstream Istio (release date plus 14 months).
- Access to Tetrate's team of Istio experts for troubleshooting and best practices.
- Proactive notification of critical security updates.
How often is TIS+ updated?
The hosted TIS+ Management Plane is updated upon new feature availability and sufficient staging stability. The on-Cluster Control Planes can be upgraded based on customers' schedule preferences.
We typically releases updates to our Istio distributions within two weeks of an upstream Istio release. For critical security fixes, the updated release is made available in a matter of few days.
Does TIS+ support FIPS compliance?
Yes, Tetrate Istio Subscription, which is a part of TIS+, includes FIPS-validated builds of the Tetrate Istio distributions. These implementations contain a cryptographic module that complies with the requirements of the FIPS-140-2 standard.