Emerging Technologies & Open Source


Cloud / ContainersNews

How to use SPIFFE and SPIRE with ease

0

It’s a win-win game for the cloud-native ecosystem.

Open Source has a unique and much more sustainable and healthy business model as compared to license-based legacy models. The way open source business models work is that you build a very healthy ecosystem of users and vendors (competitors) around the project. Then you offer services and support around open source. Different companies can build their own specialization and share the pie…which continues to grow. It’s a positive sum game where everyone wins as compared to the proprietary model where someone has to lose someone to to win.

Scytale is playing the same positive sum, win-win game. After helping establish SPIFFE (Secure Production Identity Framework For Everyone) as a reliable open source project for cloud-native, Scytale is now offering services around the project.

According to Brian Grant, a principal engineer at Google and member of the CNCF’s Technical Oversight Committee (TOC), “SPIFFE provides one of the most important missing capabilities needed to enable cloud-native ecosystems.”

Grant explained that SPIFFE enables development and operations teams to easily and consistently authenticate and authorize microservices, and control (and audit) infrastructure access without needing to individually provision, manage and rotate credentials per application and service.

Last year in March, CNCF accepted SPIFFE as their sandbox project. One of the core components of SPIFFE is SPIRE (SPIFFE Runtime Environment). It’s an open-source SPIFFE implementation that enables organizations to provision, deploy, and manage SPIFFE identities throughout their heterogeneous production infrastructure.

With SPIFFE, cloud-native users get another powerful tool to accompany other CNCF projects like Envoy and gRPC.

SPIFFE already has the mindshare a new project would dream of. It’s backed by names like Google, Pinterest, Square and Uber. All of these companies are tech companies, they have in-house talent to deploy SPIFFE. What about the rest? That’s why Scytale has launched two new offerings to help those customers who want to consume SPIFFE without having to worry about dedicating expensive engineering resources towards it.

These offerings are Scytale Essentials and Scytale Professional Services.

“Essentials is a distribution that extends the open-source SPIRE project with support, root cause analysis and immediate access to bug-fixes and security fixes,” explained Umair Khan, product marketing at Scytale.io. “Professional services is meant for consulting required around either SPIRE or Essentials, where customers can get access to our production experience for assisting with architectural planning, conducting PoCs and PoVs and extending and customizing SPIRE for their particular production needs.”

As a distribution of SPIRE, Essential is designed to be as close to the open-source as possible. It presents the same APIs and doesn’t differentiate on features.

The value customers get from Essential is that they will get access to patches and bug fixes immediately. They won’t have to wait like the rest of the upstream users who will have to wait for the patch or bug fixes to go through the community review process.

When asked about the disparity between Essentials and SPIRE, as the customers will get access to fixes immediately, Khan explained, “We aim to provide bug fixes to Essentials and SPIRE at the same time, but necessary community due diligence means that fixes to SPIRE tend to take longer to be merged in.”

Bug fixing and support are not the only value paying customers will get. Like most commercial open source projects, based on customer feedback users will also get access to additional features that they need.

Once again, being true to open source Scytale will actually push features to both the open source and essentials edition together. “But since there is a committee overseeing bugs/feature additions to an open source release there might be a delay or even a rejection of a feature (in case it’s a unique “one off”),” explained Khan.

A typical open source commercialization story – adding value on top of what already exists (or in this case, what Scytale helped create in the first place).

Who should pay for Essentials?

If you can’t build, buy. Simple. According to Khan, any organization who is looking to adopt SPIFFE/SPIRE but wants to work with a supportive and experienced partner to make the projects successful for the organization is the ideal buyer of these services. “They get to have the benefits of vendor-neutral open-source software and a partner that complements their engineering teams.”

Check out these services here.


Get news directly in your inbox, subscribe to our daily Newsletter

* indicates required
Swapnil Bhartiya
I have more than 12 years of experience covering Enterprise Open Source, Cloud, Containers, IoT, Machine Learning and general tech. My stories cover a very broad spectrum - traditional Linux, data center and Free Software to contemporary emerging technologies like 'serverless'. Widely Read: My stories have appeared in a multitude of leading publications including CIO, InfoWorld, Network World, The New Stack, Linux Pro Magazine, ADMIN Magazine, HPE Insights, Raspberry Pi Geek Magazine, SweetCode, Linux For You, Electronics For You and more.