Overview
Linkerd is a service mesh that provides critical reliability, security, and observability for organizations running modern applications on Kubernetes. The enterprise version (Buoyant) extends Linkerd with powerful features designed to meet the most stringent compliance and security requirements for both public sector contractors and government agencies.
Accelerate Compliance
FIPS-Validated Encryption
Whether you’re a government agency or a government contractor, Buoyant Enterprise for Linkerd offers FIPS validated encryption to FIPS-140-2 and FIPS-140-3 standards, as outlined in NIST 800-53. These FIPS-validated builds of Linkerd cover both the control plane and its data plane, allowing your application to have FIPS validated encryption without needing to change the code. By offloading encryption to the service mesh, FIPS can be managed in one centralized place instead of in every single application. This helps free up development resources, provides more uniform security, and accelerates the time to compliance.
FedRAMP ATO
In addition to helping to accelerate FedRAMP compliance through FIPS validated encryption, Linkerd can help operationalize additional security controls required by FedRAMP.
- Automatic mTLS
FedRAMP mandates the protection of data in transit. Linkerd automatically enables mutual TLS (mTLS) for all communication between your services within the mesh. Enterprise Linkerd helps manage Linkerd updates and automates the auditing process for mTLS.
- Authorization Policies
A fundamental principle of FedRAMP is least privilege. Linkerd allows you to create fine-grained authorization policies that dictate exactly which services are allowed to communicate with each other.
- Observability and Auditing
FedRAMP requires robust auditing and monitoring capabilities. Linkerd gives you uniform, detailed telemetry about all traffic flows, success/failure rates, and latencies. By centralizing the auditing to the service mesh layer (as opposed to auditing each individual microservice), it makes it easier to monitor, report, and respond to anomalous traffic behavior.
Improve Reliability
Reduce Your Cloud Spend without Sacrificing Reliability
Spreading workloads across multiple AZs is a foundational best practice for applications that need high availability and resilience against isolated failures. In AWS, every byte of data that traverses the boundary of an AZ incurs a charge. Cross zone traffic doesn’t become a huge concern until you’re running Kubernetes at scale in multi-zone environments. To mitigate these costs without sacrificing high availability, the enterprise version of Linkerd has a feature that keeps all traffic within the same zone when conditions are stable but will dynamically send traffic to other availability zones when necessary to preserve overall reliability.
Secure by Design
Memory access errors are a common source of bugs, crashes, and security vulnerabilities. These errors are especially prevalent in programming languages that allow direct, unchecked memory access, like C and C++. Luckily, Linkerd is built in Rust, a modern programming language designed to prevent these dangerous memory errors. Learn how Linkerd provides a more secure foundation compared to other service meshes.