Rafay Systems Releases Service Mesh Manager and Network Policy Manager for Kubernetes

Rafay Systems, a platform provider for Kubernetes management and operations, announced two new services—Service Mesh Manager and Network Policy Manager—to empower platform, developer, and DevSecOps teams to centrally manage transport security and application traffic for cloud-native applications.

“While traffic management and transport security are critical considerations for enterprise Kubernetes operations and management, they are often an unintended afterthought for overburdened platform, developer and DevSecOps teams. This adds business and technical risks,” said Mohan Atreya, SVP of products and services for Rafay Systems. “A sure way to accelerate innovation without compromising security is to bake in security capabilities upfront—which Rafay now delivers as easy-to-consume turnkey services in our Kubernetes Operations Platform.”

The Rafay Service Mesh Manager, powered by CNCF project Istio, delivers centralized configuration of security controls and traffic management policies for microservices fleet-wide.

Key features allow enterprises to:

  • Automatically apply and enforce application communication policies at the cluster and namespace level;
  • View dashboards for observability to monitor service-to-service communication in real time and retrospectively;
  • Control access to management and visibility based on roles and assets, allowing platform teams to unblock developers and empowering them to view traffic for their respective applications or namespaces while still maintaining role-based access control (RBAC);
  • Selectively enable mutual TLS (mTLS) across different parts of the infrastructure based on organizational or specific application needs.

The Rafay Network Policy Manager, powered by CNCF project Cilium, delivers centralized management and visibility into pod and namespace communication to ensure isolation boundaries and reduce the lateral attack surface fleet-wide. Key features allow enterprises to:

  • Isolate communication between applications and namespaces in both shared (multi-tenant) and dedicated cluster environments;
  • View real-time and historical network traffic flows to monitor and troubleshoot communication controlled with centralized RBAC;
  • Provide a self-service experience for developers to view network traffic for applications in their namespaces based on their assigned role;
  • Automatically enforce network policy standards cluster-wide and at an individual namespace level.

For more information about these services, visit