Service Mesh (ASM) provides the following editions that support different features and capabilities: Standard Edition, Enterprise Edition, and Ultimate Edition. Standard Edition is free of charge, and the other editions are commercial editions. This topic describes the features supported by different ASM editions.
Compared with Standard Edition, Enterprise Edition and Ultimate Edition support more protocols, enhance dynamic extension capabilities, provide fine-grained service governance, and improve the zero-trust security system. In addition, Enterprise Edition and Ultimate Edition enhance performance, provide better support for large-scale clusters, and simplify the use of ASM instances in production environments. Enterprise Edition and Ultimate Edition are applicable to scenarios in which you require cross-language interoperability and fine-grained service governance and want to apply the service mesh technology in production environments on a large scale. For more information about how to change the edition of an ASM instance, see Change the edition of an ASM instance. For more information about ASM editions, see Announcement on the launch of commercial editions.
Features supported on the ASM control plane
Mesh management
Feature | Open source edition | Standard Edition | Enterprise Edition | Ultimate Edition |
Full lifecycle management of ASM instances such as instance deployment and upgrade management in the ASM console | ||||
Support for Container Service for Kubernetes (ACK) clusters (including ACK managed clusters and ACK dedicated clusters) of all compatible Kubernetes versions and the ACK on ECI mode | ||||
Support for Container Compute Service (ACS) clusters | ||||
Support for ACK Serverless clusters of all compatible Kubernetes versions | ||||
Support for registered external Kubernetes clusters | ||||
Support for ACK edge clusters | ||||
Support for multi-cluster deployment across virtual private clouds (VPCs) and regions in production environments | ||||
Supported operating systems | Alibaba Cloud Linux 2 | Alibaba Cloud Linux 2 | Alibaba Cloud Linux 2 and Alibaba Cloud Linux 3 | Alibaba Cloud Linux 2 and Alibaba Cloud Linux 3 |
Automatic diagnostics of mesh configuration issues | Partially supported | |||
Rollback of Istio resources to an earlier version | ||||
Support for Kubernetes clusters on the data plane to access Istio resources by using the Kubernetes API in multi-cluster mode |
Management of data plane components
Feature | Open source edition | Standard Edition | Enterprise Edition | Ultimate Edition |
Configurations of sidecar proxies at global, namespace, and workload levels | Partially supported | |||
Configuration of the sidecar injector in the console | ||||
Support for Container Network Interface (CNI) plug-ins in ACK clusters |
ASM gateway management
Feature | Open source edition | Standard Edition | Enterprise Edition | Ultimate Edition |
Full lifecycle management of ASM gateways such as creation, upgrades, deletion, and configuration updates of an ASM gateway | ||||
Route management in the console | ||||
Advanced features, such as graceful shutdown, horizontal pod autoscaling (HPA), upgrades without service disruption, and Transport Layer Security (TLS) acceleration | ||||
Integration of envoy.ext_authz, which allows customers to configure custom authorization services in the console | ||||
Integration with the OpenID Connect (OIDC) based single sign-on (SSO) feature | ||||
Integration with the throttling and circuit breaking features | ||||
Certificate management | ||||
Integration with observability features | ||||
High availability |
Traffic management
Feature | Open source edition | Standard Edition | Enterprise Edition | Ultimate Edition |
Compatibility with the concepts of VirtualService, DestinationRule, and Gateway defined in open source Istio | ||||
Configuration of traffic routing rules in the console | ||||
Local throttling | Partially supported | Partially supported | ||
Support for Spring Cloud services | ||||
Graceful start and shutdown of services | ||||
Traffic lane and traffic labeling | ||||
Route-level circuit breaking | ||||
Intra-zone Provider First | ||||
Warm-up | ||||
Traffic management based on services | ||||
Layer 7 load balancing of east-west gateways |
Observability management
Feature | Open source edition | Standard Edition | Enterprise Edition | Ultimate Edition |
Visual service mesh topology for easy analysis | Partially supported | Partially supported | ||
Integration with a self-managed Prometheus service | Partially supported. The self-managed Prometheus service must be independently deployed. | |||
Integration with Application Real-Time Monitoring Service (ARMS) of Alibaba Cloud | ||||
Integration with Simple Log Service | ||||
Custom metrics | Partially supported | Partially supported | ||
Enhanced built-in common dashboards | ||||
Service level objective (SLO) policies | ||||
SLO-driven application scaling |
Security management
Feature | Open source edition | Standard Edition | Enterprise Edition | Ultimate Edition |
Integration with the Resource Access Management (RAM) system to support various features such as RAM authorization | ||||
Configuration of security policies in the console | ||||
Easy configuration of security policies based on scenarios (support for OIDC-based SSO and JWT-based authentication) | ||||
Fine-grained access control by using the Open Policy Agent (OPA) policy engine | ||||
OpenAPI operation audit | ||||
Kubernetes API operation audit | ||||
Integration with the authorization system for Alibaba Cloud accounts | ||||
Trial run of ASM authorization policies |
Scalability and ecosystem integration
Feature | Open source edition | Standard Edition | Enterprise Edition | Ultimate Edition |
Plug-in marketplace | ||||
Compatibility between Envoy filters and multiple API versions | ||||
Connect to third-party service registries | ||||
Integration with the cloud-native inference service KServe | ||||
Best practices for application release with Argo CD, Argo Rollouts, and KubeVela | ||||
Support for Terraform |
Performance optimization and best practices
Feature | Open source edition | Standard Edition | Enterprise Edition | Ultimate Edition |
TLS acceleration by using Multi-Buffer | ||||
Configuration of the selective service discovery feature in the console | ||||
Automatic recommendation of sidecars based on access log analysis | ||||
Performance optimization by using Node Feature Discovery (NFD) to detect hardware and software capabilities, such as the support for Advanced Vector Extensions (AVX) and QuickAssist Technology (QAT) acceleration | ||||
Best practices that include standardized service definitions and optimized parameter configurations |
Stability and supported scale
Feature | Open source edition | Standard Edition | Enterprise Edition | Ultimate Edition |
Supported scale on the data plane | We recommend that you use this edition only for development and testing purposes. | 50 Pod | 1000 Pod | 10000 Pod |
Managed Istiod components on the control plane | - | Single replica | Multiple replicas | Multiple replicas |
Take note of the following considerations for supported scale on the data plane in Standard Edition:
This edition is suitable only for development and testing purposes.
To ensure cluster stability, ASM checks the number of pods in clusters on the data plane before an upgrade. If the number of pods exceeds the limit, you must change the edition of the ASM instance before the upgrade. Otherwise, your business may be affected. For more information about how to change the edition of an ASM instance, see Change the edition of an ASM instance.
ASM calculates the number of pods based on the namespaces that are detected during service discovery and automatically excludes the following system namespaces: istio-system, arms-prom, kube-node-lease, kube-public, and kube-system.
References for features of ASM commercial editions
Feature | References |
Mesh management | |
ASM gateways | |
Traffic management |