What advice do you have for others considering Istio?

If someone is looking for a service mesh, I would recommend Istio over any other options. I would recommend not implementing all the features at once. Istio can quickly become difficult if you try to use every feature right from the start. You're likely to get frustrated and might even consider giving up, thinking that Istio isn't necessary. I suggest starting with the simplest and most basic features that Istio offers, like mTLS, to help implement your zero-trust service environment. From there, you can gradually build out authorization, Envoy filters, and other extensibility features as needed. Overall, I would rate it an eight out of ten. There’s a lot of new technology coming out that challenges Istio's usability. For instance, eBPF-based CNIs like Cilium are developing their own mesh solutions, which may or may not use sidecars and work very quickly. Istio is facing some competition. Also, due to its complexity, Istio hasn’t taken off as much as it should have. It’s not meant for every use case, but in many, it works very well. So, I’d rate it an eight.

I worked on a project involving over 500,000 users worldwide. I had to create policies and roles for these users. My boss warned me to be careful based on a previous employee's mistake: They accidentally gave a user access they shouldn't have had. To avoid issues, I tested the policies thoroughly. I tested them with my boss and managers in different regions, such as the United States, Europe, and Asia. I looked at each user's email address and location to group them by country. I sorted users from the Philippines, China, Thailand, India, Germany, Australia, and the UK. For the US, I separated users into east and west regions. I made sure each policy matched the specific country, user type, and position. This careful sorting was crucial to prevent problems. Thankfully, I didn't encounter any issues. I kept checking to ensure everything was correct because the roles and policies were very important. Some people use Istio for this kind of work. When I finished, my boss didn't point out any mistakes and said I did a good job. I recommend Istio. It's a tool that puts many people months ahead. In interviews, I've explained Istio to people who weren't familiar with it, and they liked the idea. I once had clients in Asia, specifically China, who asked about identity access management. At that time, I proposed SharePoint because it was really good, as IBM wasn't there yet. I preferred SharePoint because it has a unified governance platform. This includes ubiquity, risk factors, analytics, policy, roles, and governance processes. Understanding compliance for different verticals, such as healthcare, Hyperion, CSM, and others, is important. You need to know about SOX, SOC 2, and SOX 404 for enterprises. Understanding cloud auditing, IPMs integration, and different ISO standards like 27001 to 27035 is crucial. You must also know about FISMA, PCI for banking systems, and NIST standards. These are widely used because of compliance and governance requirements in specific areas we're engaged with, like Secure Health Care and HIPAA. I rate the overall product a nine out of ten.

We mention all the traffic and routing within YAML files. We mention which service it will come from, where it will route the traffic, to which service it should route, and to which port it should route, and we manage it within the cluster. We use Istio in our private cluster. We use the solution's TLS security for Service Discovery and routing traffic. There were no challenges in integrating Istio with microservices. If we have more than ten microservices running, Istio can help them communicate with each other or route the traffic to other services. Istio has a very good integration with our existing ecosystem. I would recommend the solution to other users. Istio is more secure than other tools like Consul for Service Discovery, routing traffic, and security. Overall, I rate the solution a nine out of ten.

Istio is deployed on both Google and AWS clouds in our organization. Istio requires a version upgrade twice a year, which is pretty straightforward. Our company decided to go with Istio as a service because we didn't want to use out-of-the-box managed service or pay for that. When we deploy, we want to know how the data flows so that our application team can know and do it much better in future releases. Overall, I rate Istio an eight out of ten.

I would give Istio a rating of eight out of ten.

As with all evaluations, it depends on what you are benchmarking it against. When we look at how we evaluated it and how we arrived at it, in our case, it worked out quite well. There is no pricing involved because we are using open-source. We simply download it and then incorporate it into our code. Now, from that perspective, if the company has a good number of developers who are willing to read, understand, and adapt to the culture of innovation, this doesn't become an issue. These are the things that people will have to do. No matter which tool you use, you will have to eventually get to these things. The control plane of Istio understands the backend service plane or the data plane. It actually discovers it, configures it, and then puts the certificate in a proper place. I would rate Istio an eight out of ten.