Announcing Linkerd Enterprise

Announcing Linkerd Enterprise

William Morgan

Oct 17, 2023

Today we're happy to announce the public release of Linkerd Enterprise, the first ever distribution of Linkerd focused specifically on the enterprise.

Over the past 18 months, enterprise adoption of Linkerd has skyrocketed, with companies like Adidas, Microsoft, Plaid, and DB Schenker publishing case studies on how they've brought security, compliance, and reliability to their mission-critical production infrastructure with Linkerd. We've created Linkerd Enterprise as a direct response to the demands of running the world's most advanced service mesh in enterprise environments.

Linkerd Enterprise sticks closely to open source Linkerd, the project we created in 2016 and which we've maintained and improved ever since. It also includes a set of exciting, enterprise-focused capabilities that are not available in open source, including a powerful cost-optimizing load balancer that can dramatically reduce cloud spend; lifecycle automation tooling; compliance enhancements; FIPS-140-2 support; and more.

Mission-critical companies like Mezmo and TrueLayer are already running Linkerd Enterprise today. Linkerd Enterprise is a drop-in upgrade, and the vast majority of existing Linkerd adopters should be able to upgrade their systems to Linkerd Enterprise in minutes.

Cloud spend reduction through advanced load balancing

One of Linkerd Enterprise's most exciting new features is a sophisticated cost-optimizing load balancer that can dramatically reduce cloud spend in multi-zone environments.

This new load balancer dramatically outperforms the simple topology-aware routing provided by Kubernetes and is capable of providing both the HA benefits of multi-zone clusters at the cost of a single-zone cluster. By dynamically segmenting endpoints into cost tiers and routing individual HTTP and gRPC requests to the appropriate zone, Linkerd Enterprise ensures that traffic remains in the lowest-cost region during normal conditions, only adding endpoints from high-cost regions only if the system goes under stress. This support even extends to cross-cluster traffic, allowing enterprises with complex topologies comprising multiple clusters across multiple zones to dramatically reduce cloud spend.

In high-traffic environments, Linkerd Enterprise can reduce a significant component of cloud spend—for some customers, on the order of millions of dollars!

Lifecycle automation

Linkerd is not just the fastest, lightest service mesh, it's also the simplest and most secure, with a unique Rust-based "micro-proxy" approach that delivers lightning-fast performance without the security vulnerabilities of common C++ proxies. This approach also avoids the complexity of other service meshes, which make use of large, cumbersome proxies that require constant tuning and maintenance.

Linkerd Enterprise improves even upon this simplicity with powerful lifecycle automation capabilities that allow Linkerd to be installed, upgraded (including across both control and data planes), and even rolled back with ease and confidence. This means even Enterprise is even simpler for devops and platform teams.

Zero-trust security policy management

Linkerd provides an extremely powerful and flexible set of authentication and authorization policies that allow any organization to adopt a true zero-trust approach to network security, including:

  • Workload identity rather than network identity (aka "don't trust the network")
  • Encryption of all communication by default
  • Ultra-granular, per-pod security boundaries
  • Adherence to the "authorize everywhere, every time" principle
  • Expressive authorization policies that can cover access to individual HTTP and gRPC routes

On top of these secure foundations, Linkerd Enterprise adds a powerful layer of management capabilities that allow enterprises with pre-existing applications and network traffic to adopt Linkerd's robust zero trust security policies immediately, without needing to build complex configuration from scratch, and, in the future, will allow enterprises to manage these in a way that suits the complexities of enterprise engineering organizations.

FIPS-140-2 support, SBOMs, hardened images, and more

Linkerd Enterprise includes a robust set of additional features, including FIPS-140-2 compliance; software bills-of-material for every release; continually-scanned, enterprise-hardened images that are tested in customer-specific environments; and much more. 

But this is all just the beginning. Our roadmap for Linkerd Enterprise is just as exciting as for Linkerd itself, and we can't wait to show you what's coming next to the world's simplest, most secure service mesh—now with additional enterprise capabilities.

What does this mean for open source Linkerd?

In a word: nothing. Linkerd is the world's simplest, lightest, and fastest service mesh, and we remain committed to keeping that promise to our open source users. Linkerd Enterprise gives us a mechanism by which we can serve the unique needs of our enterprise customers, and does not detract from that core mission.

Open source Linkerd has a long and exciting roadmap that includes mesh expansion in the next release, ingress and egress controls shortly thereafter, and much more. We're more excited about Linkerd than ever.

Want to learn more?

If you want to learn more about Linkerd Enterprise, I'll be hosting some live Q&A sessions over the next few weeks. Please join me on Wednesday, October 25 9 am ET or Tuesday, November 14 at 3 pm ET.  And of course, if you're at Kubecon NA in Chicago this November, please come find me and the rest of Buoyant over at the booth. We'd be happy to walk you through Linkerd Enterprise first-hand.

Further reading
Further reading
Further reading
Further reading
Further reading