What Is Istio Ambient Service Mesh?

Istio, an open-source and widely used service mesh, is used to manage network and security for cloud-native applications. In September 2022, Istio project released ambient mesh — a modified and sidecar-less data plane for Istio developed for enterprises that want to deploy mTLS and other security features first, and seek to deploy an advanced network later.

Istio Ambient Mesh Architecture

Istio service mesh is a powerful software to enable zero trust by enabling authentication, authorization, and audit using mTLS and identity controls. Platform teams and cloud architects of large organizations have implemented security using Istio. To implement security, Istio involves the following components: a certificate authority (CA) for key management, API to distribute Authn/Authz policies to proxies, Policy Enforcement Points (PEPs) implemented using sidecars (Envoy proxies), and extensions to manage telemetry.