Buoyant has announced the commercial distribution of Linkerd designed to meet the unique demands of today’s enterprise adopters. Linkerd Enterprise extends the popular open source Linkerd project with additional enterprise-only capabilities, including zero trust and FIPS 140-2 compliance, a powerful new cost-aware load balancer, lifecycle automation, and more.

“We built Linkerd Enterprise to give the enterprise adopters the best of both worlds: all the features and capabilities of the world’s most advanced service mesh combined with the packaging, support, expertise, and unique features that are critical for running Linkerd in enterprise environments,” William Morgan, Buoyant CEO and one of the creators of Linkerd, said.

Linkerd Enterprise is already being leveraged at Mezmo, TrueLayer, and many other organizations tasked with delivering reliable and secure products to their customers.

For existing Linkerd adopters, Linkerd Enterprise is a drop-in upgrade for Linkerd. New capabilities and features of Enterprise Linkerd include:

• Cloud spend reduction through advanced load balancing

One of Linkerd Enterprise’s most powerful new features is a sophisticated zone-aware load balancer that can dramatically reduce cloud spend in multi-zone environments. The load balancer in Linkerd Enterprise dynamically routes traffic to the lowest-cost region during normal conditions and only sends traffic to higher-cost regions if the system goes under stress. In contrast to Kubernetes’s native topology-aware routing, Linkerd’s request-balancing approach provides both high availability and cost reduction, and supports both single-cluster and cross-cluster traffic, allowing even enterprises with complex application topologies to reduce cloud spend.

• Lifecycle automation

Linkerd’s Rust-based “micro-proxy” approach delivers not just lightning-fast performance without the security vulnerabilities of common C++ proxies, it provides a fundamentally simpler operational model without the complexity found in other service meshes such as Istio. Linkerd Enterprise further improves this simplicity with powerful lifecycle automation capabilities that allow Linkerd to be installed, upgraded (including across both control and data planes), and rolled back in a fully automated fashion, further reducing total cost of ownership and allowing devops and platform teams to focus on business priorities rather than system maintenance tasks.

• Zero trust security policy management

Linkerd provides an extremely powerful and flexible set of network security policies that extend far beyond Kubernetes’s native capabilities and allow any organization to adopt a true zero trust approach to network security, including encryption of all communication by default; authorization based on workload identity rather than insecure network identity; ultra-granular, per-pod security boundaries; and adherence to the zero trust principles of “authorize everywhere, every time”.

On top of these secure foundations, Linkerd Enterprise adds a robust layer of management capabilities that allow enterprises to adopt and manage these policies at scale and in a way that suits the complexities of enterprise engineering organizations.

• FIPS-140-2 support, software bills-of-material (SBOMs), hardened images, and more

Linkerd Enterprise also includes FIPS-140-2 compliance; software bills-of-material (SBOMs); continually-scanned, enterprise-hardened images that are tested in customer-specific environments; SLAs around vulnerability remediations; and much more.