Product >

Buoyant Enterprise for Linkerd

Auditable zero trust

A feature of Buoyant Enterprise for Linkerd

Defense in depth and in practice, so you can secure everything, every time. Encrypt, authorize, and authenticate every network call between every application component in your environment. Buoyant Enterprise for Linkerd delivers zero trust networking in the real world.

auditable zero trust scheme
noEnterpriseLinkerd
Bel
Without Buoyant Enterprise for Linkerd
Standard network access and control relies only easily-spoofed IP addresses
alert
With Buoyant Enterprise for Linkerd
Linkerd Enterprise provides true, zero-trust network security for every workload
mtls

Mutual TLS

Transparently add encryption and bidirectional authentication to every network connection using industry-standard mutual TLS 1.3, the same standard that secures confidential traffic across the open internet. Buoyant Enterprise for Linkerd delivers a universal, secure-by-default level of communication between pods, clusters, and even clouds.

Learn more

Service Mesh at Scale: How Xbox Cloud Gaming Secures 22,000 Pods with Linkerd

We have offloaded the time and effort needed to develop and maintain the in-house mTLS solution, saving valuable engineering hours

mtls

Workload identity, not IP addresses

Automatically authenticate connections using cryptographic proof of workload identity, not easily-spoofed IP addresses. Buoyant Enterprise for Linkerd  provides true workload identity based on Kubernetes ServiceAccount tokens or SPIFFE identities for all communication within the mesh, authenticating both sides for every single connection established.

Learn more
mtls

Universal authorization policies

Build human-readable, least-privilege access policies that cover workload identity, HTTP routes, gRPC methods, and more. Buoyant Enterprise for Linkerd provides a rich and flexible policy layer, encoded as native Kubernetes resources, that allows you to control exactly which types of communication are allowed in your environment, down to individual HTTP routes.

Learn more
mtls

Fine-grained security boundaries

Go beyond firewalls and perimeter defense by building per-pod and per-instance security boundaries around every application component. Buoyant Enterprise for Linkerd delivers encryption, authentication, and authorization at the level of individual components, allowing you to truly follow the zero-trust principle of “verify everywhere, every time”..

Learn more

A Zero Trust Reference Architecture

A deep dive into zero trust and how these projects can work together in a well-defined reference architecture.

A Zero Trust Reference Architecture

Interested in a quote?

Get a tailored quote for Buoyant Enterprise for Linkerd, delivered straight to your inbox.

SIGN UP FOR THE SERVICE MESH NEWSLETTER

No junk. No spam. Just the latest and greatest service mesh news, from the company that invented the service mesh.