 Hi, this is Hoseppan Bhatia and welcome to a special edition of TfLestalk here in Amsterdam. We are at KubeCon EU. And today we have with us Eric Freberg, chief operating officer at Tetrate. Eric, it's great to have you on the show. Swap, it's great to be here. Since I think it's the second day of the event, right? You folks, you know, have your presence here. Talk a bit about, you know, when folks come to your booth, you also attend a lot of, you know, media, you know, you're talking to customers, potential customers, or just the folks who are coming to your booth. What kind of discussion you're seeing here in the context of sandwich mesh and what it should look like? Yeah, well, first off, you know, I've been in the last couple of KubeCon's and this one feels like it's the first one back after COVID that's fully staffed. You know, they like to talk about 10,000 attendees. You can see by the, called the vibrancy of the audience. It's a real trade show. And so it's a real event. So first off, like just the crowds and the vibe and all that is fantastic. As far as like people to show, we really see kind of two groups of people. One is the, I'll call them the veterans, you know, they're familiar down their Kubernetes journey. They've been doing it for years. They have things in clusters. And they come and talk to us about, hey, we've been using Istio for a while. We want to progress. We're looking at service meshes. We're looking at API gateways. And they're, I'll call it advanced questions. They want to know X, Y or Z, how can they get going? There's sort of another group that is more of the emerging people. So one of the interesting facts they talked about was I think 58% of the audience is it's their first KubeCon ever. And you can see them, they walk up and they're like, hey, I'm just learning. It's kind of discovery. What do you guys do? How can you help me? So they're early on in their journey. And it's great to have from Tetra. We have products at both ends. So we can help the individuals coming up, kind of learning and starting on their Kubernetes journey and microservices. And then the veterans who've been here quite a while. When you do talk about veteran or adoption of Kubernetes, I mean, in some cases it looks like it's new technology. But when you look at it, it's old technology now. But when you do look at adoption in production, you know, how mature you see it is now. Because a lot of technologies, things are still like, even if you look at the whole service mesh space, you know, Istio's or Lingerty and all those, you know, a lot of things are still in a very kind of dynamic phase. So how mature you see is the market for it? Yeah, it's interesting because, you know, I read a lot of surveys and a lot depends on the question you ask. So if you ask, are you using it, you can get really big numbers because you're like, oh, yeah, we're using it somewhere in my corporation, somewhere corporation X, we're using Kubernetes, we're using Istio, we're using these things. But then if you start to ask, well, how many clusters are you in production? You know, are you doing things like hybrid? The numbers really drop. So we kind of see, I think it's like I said, Istio is a little over five years old, but it's very new in the market as far as companies putting production workloads, migrating significant volumes and really getting into the point where, oh, I've got multiple teams, I have multiple applications. We're doing these things in, you know, real scale environments where I start to adopt some of these technologies like Istio, which is a control plane and products like Tetrate Service Spreads, which are a management plane on top of that. Can you also talk a bit about the evolution of service mesh space also? What happens with a lot of these open source technologies that we start them with a specific problem in mind, but as the user base grows, they start using it in a different, you know, totally you did not in Fathom, or even in vision and suddenly you see the user base is growing, which also means that your projects has to evolve and change with that. The market has changed. So what kind of evolution you have seen of service mesh? Yeah, there's really kind of two trends, specific service mesh we see. One is lots of companies are very familiar with an API gateway. So they're managing east-west traffic and this could be on top of VMs, this could be on top of microservices. But as they evolve, then they start to look at more east-west traffic, especially as they start to move to more microservices. So as they start to do more of this, what happens is complexity really increases. So things that were easy to manage before now become, you know, more difficult. And you combine this with their, you know, migration to the cloud, you have large organizations moving to microservices, rolling out new services and now they're like, oh, five or six of these services are under Kubernetes clusters, but three of them are back at our corporate data center and we now need to integrate all these together into a production environment. So they care about traffic management, they care about security, they care about observability. And then they go from there and start to say, okay, this complexity is increasing dramatically. So the idea is I think that for five years old, we're early in our journey because companies are really now starting to come into this environment with larger scale production environments where they really need an essence of management playing on top of Istio. They have multiple clusters of Istio, they need to work together. Excellent, thank you. And let's just talk about Tetrate also with this evolution. How is company evolving, you know, which also means your products, how they are evolving? So Tetrate, up until very recently, had two products in the marketplace. One we had our Tetrate Istio distribution, which was one of the most popular Istio distributions in the marketplace. And so what we do, this is target this at the entry level user. You're coming into Istio, you want to learn it, you're doing usually network management and MTLS encryption for your Kubernetes clusters. And then the high end we had Tetrate service bridge. And this was really targeted at environments where you had dozens to hundreds of clusters. You had multiple instances of Istio. You often had a hybrid environment with Istio on-premium in the cloud. And you also had multiple teams. And so you needed something to help you not just manage all of your Istio environments, but also all your teams. So I want multi-tenant workspaces, I want to implement zero trust security. I need to give individual teams observability around just the services that they are offering. And so those in essence were, you could tell, the low end of the market and the high end of the market. And so what we announced is Tetrate service express. And so Tetrate service express is sort of in that mid-market, single application, single team. It doesn't mean a small application, it could be a very large application. But it's not just targeted at that team, is we've worked with Amazon and tailored it to the AWS environment. So you're using EKS clusters. You're using Route 53, you're using a set of load balancing services. So it's designed to understand those services and make it very easy for an EKS or AWS user to leverage an Istio-based service mesh. We have been talking about security a lot these days. It's kind of becoming a very important topic. So when we do look at service mesh space, talk a bit about what role does it play when it comes to security. So and also talk about the work you folks are doing. Certainly. So with Istio, one of the three things that it talks about is not just traffic management, but security and observability. So security is a core issue. Lots of customers look at it as, first off, North-South traffic, API gateway. But usually the major use case is East-West traffic. So first off, how do I use MTLST to secure traffic? And basically move away from that perimeter defense into an environment where I don't assume, I check for trust. I encrypt traffic. There's five tenets around zero trust. And a lot of people look at those tenets and say, how do I implement that with a service mesh like Istio? And so we work with a lot of customers on how I implement a zero trust environment. In fact, just today, a new SP207A, which is a standard from this came out about how do I implement a zero trust environment. And their recommendations are usually for government entities, but they get picked up across the industry. And so that's, again, a new, we've been working with this quite a lot to focus in on these SP announcements and how you should design security within your application. So we're excited about what we're doing with them and how we can improve a zero trust architecture within these applications. And when it comes to zero trust architecture or, you know, the whole Shiflet movement, whole DevSecOps movement, as you're talking about, you know, the new two surveys, it depends on what kind of questions you ask, you know, suddenly you say, hey, yes, everybody's embracing, you know, but in reality then, so how much adoption you're seeing that is happening in real versus, you know, that, yeah, we all want security, but what are you doing about that? Yeah, no, it's interesting because, you know, first off, I think encryption is something everybody's looking at. In fact, I've seen surveys where MTLS is the number one feature people want out of Istio, but beyond that, people want to start to, you know, understand identity, basically harden and move away from the perimeter defense. So authentication and authorization, role-based access, those types of things become very prevalent in their implementation of zero trust. So, you know, kind of what we talked about before, I think, again, we're early on to this, encryption seems like the essentials. And now as you progress further into what organizations want to do, they're having discussions about how much of this I want to implement, what does it really mean for each type of entity? Is it cluster to cluster? Is it service to service? Is it node to node? You know, what is our perimeter and how much are we ready to implement today? Just the way we're talking about adoption of technology, Istio and Kubernetes, how much adoption you are seeing there? Yeah, no, it's definitely quite of an adoption. One of the things that we distribute as part of our Tetra Istio distribution is a FIPS certified version of Istio. And so what you see is one trend people adopting, I'll just say zero trust principles, which we just talked about. Others are looking at this part of a broader initiative, like a FedRAMP program. Part of my business is to the federal government or other different agencies, or I just like the FedRAMP concept, so I'm going to implement that because I'm a financial services company. And so in that area, you're seeing a lot of adoption of FIPS-compliant Istio as part of an overall program around security. Or they come with a goal of, you know, I have 50 or 100 control points I want to implement as part of an approach to security. And so they ask, hey, how can Tetrate Service Bridge help me implement these secure control points across my environment? And these could be in areas like authentication or authorization or encryption or other aspects of a zero trust architecture. But they approach it from an overall security program. And I would say, you know, the vast majority of our customers are coming with some type of agenda like that. How do you see the evolution of the whole Service Mesh Istio space? You know, of course, Google contributed eventually. So the whole market, you know, is also kind of, you know, aligning or changing. Yeah, I think where Service Mesh is heading is up to this point has been a lot of questions around, you know, Istio in particular and what it can Service Mesh do. Now that's shifting to be more of what I really want is a platform for delivering, you know, developing, delivering and securing applications. And so they want Istio as part of a platform, but Envoy is incredibly important to them, Istio as well as other technologies. And you also see the emergence of platform engineering. And then you focus on the platform engineering team and evolve that role. So traditionally a platform engineer might be doing A, B and C, but today we want to now add things like application networking. So how can I enable a set of standard ways I want to route traffic around low balancing or failover or resiliency, and not make every developer figure that out, have the platform engineer push that out. Same thing we talked about security, how do I embed encryption, authorization as part of a platform engineering function. And again, have him do it centrally, but maybe customize it for all the teams. And then third around the area of observability. You know, I don't want to observe everything of a developer. I want a service level view. And so I see this evolution of moving from Istio as an individual point technology to incorporate it into a larger platform and then the role primarily of a platform engineer within a company. So it's less about the technology, it's more about basically getting work done. Eric, thank you so much for taking time out today. And of course talk about the company and talk about the whole evolution of Service Mesh. And it was a great discussion and I would love to have you back on the show. I'd be happy to join you again. It's great seeing you again here in Amsterdam. And I hope you have a great time here at SWAP.