Skip to main content
logoTetrate Service ExpressVersion: Latest

Comparing TSE and TSB

Built on Tetrate Service Bridge (TSB)

Tetrate Service Express (TSE) is built on the foundation of Tetrate's Service Bridge (TSB) product, with modifications to address AWS use cases and to streamline the user experience. TSE omits the multi-user, multi-role organization-and-tenant hierarchy that TSB provides; instead, TSE supports a single organization (tse), a single tenant (tse) and a single tse-admin role for all users.

For a detailed explanation of the TSE Architecture and advanced configuration, you can refer to the TSB documentation and related content.

Comparing Tetrate Service Express and Tetrate Service Bridge

Tetrate Service Express (TSE) is built using many of the same components as the Tetrate Service Bridge (TSB) product, to the extent that they share the same version numbering and release process.

Whereas TSB is a complex, multi-cloud-capable solution that scales across large teams and organizational hierarchies, TSE is a streamlined solution for Amazon EKS, operated by a single PlatformOps team. TSE is ideal for experimental, discovery-based deployments.

Why is this important to know?

Tetrate Service Express provides a simpler, quicker way to deploy Tetrate's mesh management technology within Amazon EKS. The TSE documentation reflects these use cases. Sophisticated users may wish to also refer to the TSB documentation for detailed explanations of architecture and advanced use cases.

How does TSE differ from TSB?

The following differences may change in future TSE and TSB releases.

TSE is designed (and licensed) for AWS alone:

  • TSE uses an optimized installer for Amazon EKS. The installation process is faster and more direct.
  • TSE includes integrations for AWS services. Integrations for EKS, Amazon Load Balancing, Route 53, and AWS VPC Lattice, with more to follow, deliver a simpler user experience on AWS.

TSE simplifies the user experience:

  • Opinionated Configuration Choices such as automatic generation of certificates and passwords, drive faster deployments
  • Embedded Databases simplify the user experience, compared to TSB's requirement that the user manages the necessary databases
  • Preconfigured for GitOps reduces the time to create a GitOps-driven configuration flow

TSE makes user interface optimizations for simpler use cases:

  • Getting Started workflow offers an opinionated, optimized process to onboard clusters and applications
  • Simpler Configuration by concealing complex configuration options, replacing them with quicker choices

Tetrate Service Bridge provides richer capabilities for more advanced use cases:

  • Multi-Cloud Support, whereas TSE only supported (and is licensed for) AWS
  • Next-Generation Access Control for role-based access control, whereas TSE provides a single 'Platform Operations' user role
  • Rich Organizational Hierarchy based on an organization, multiple tenants and many workspaces, whereas TSE provides a simpler Workspace-based architecture

In addition, Tetrate Service Bridge offers additional capabilities for more sophisticated deployments and additional use cases. Complex capabilities such as Isolation Boundaries and Security Domains are not supported in TSE, and features that are not related to the TSE use case such as Web Application Firewall are not supported.

Using the TSB Documentation

Expert users may find the TSB documentation useful to extend their understanding of how TSE functions and can be configured. When referring to the TSB documentation, be aware of the following differences:

  • The multi-user RBAC (based on Next Generation Access Control) is not available in TSE. TSE provides a single 'TSE' admin user with a Platform Operations role.
  • The ability to configure the Organization and to create multiple Tenants is not available in TSE. Where the TSB documentation refers to user-defined orgs and tenants, TSE supports a single tse org and tse tenant.
  • Certain advanced features such as Isolation Boundaries, Security Domains and Web Application Firewall are not described in the TSE documentation, and are not supported in the TSE product