This GigaOm Research Reprint Expires: Jan 10, 2023

GigaOm Solution Profile: Grey Matter

An Exploration Based on Key Criteria for Evaluating Service Mesh

1. Summary

Developed in-house from the ground up and released in February 2019, Grey Matter is an enterprise-proven, universal service mesh networking platform offering zero-trust security, exceptional Layer 3, 4, and 7 visibility, unmatched business intelligence for modern governance, risk, and compliance (GRC) control, and automated performance optimization. Addressing many of the challenges introduced by a service-based architecture (SBA), Grey Matter combines proprietary algorithms with open source technologies, enabling granular service mesh-enabled observability, analytics, and automation to optimize traffic throughput across on-premises, multi-cloud, or hybrid environments with or without the use of Kubernetes.

Grey Matter At-a-Glance

The platform comprises an internally developed control plane for service-based architectures, and either an Envoy or Hashicorp Consul-based sidecar data plane with extended filters for east-west internal traffic routing. An API gateway controls north-south traffic flows. In addition, Grey Matter integrates with Open Policy Agent (OPA) for zero-trust, policy-based access control at every point on the mesh, and is flexible and open enough to interoperate with other service meshes.

Delivering a comprehensive audit-compliance engine and SPIFFE/SPIRE identity authorization out of the box, Grey Matter provides service audit compliance reporting without special instrumentation. (Note: SPIRE is a production-ready implementation of SPIFFE—the Secure Production Identity Framework for Everyone.) Real-time audit taps at Layers 3, 4, and 7 provide a single source of truth for every user and action on the mesh throughout the lifespan of each object.

Designed to treat proxy-based service mesh telemetry as a source of business intelligence, Grey Matter leverages AI and machine learning to analyze data, including Layers 3, 4, and 7 network insights, for automated performance optimization and resource control. Powered by recurrent neural autoencoders, Grey Matter’s anomaly detection capabilities capture minute operational inconsistencies, predict potential issues, and alert users to inconsistencies against normal operational patterns via an intuitive contextual UI to take remedial action.

Grey Matter is designed to be platform-agnostic and polyglot. The platform wraps existing IT investments in a ubiquitous Layer 3, 4, and 7 network, securely connecting existing operations support system and business support system (OSS/BSS) layers to cloud-native technologies. Capable of operating in any public, private, hybrid, or multi-cloud or container orchestration platform, Grey Matter comes with built-in support for K8s, AWS EKS, Azure AKS, OpenShift OCP, OKD, Konvoy, and bare metal. It is also container-agnostic, supporting Docker, CoreOS, OpenShift, Rancher, and other containers.

How to Read this Report

This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding consider reviewing the following reports:

Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.

GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.

Solution Profile: An in-depth vendor analysis that builds on the framework developed in the Key Criteria and Radar reports to assess a company’s engagement within a technology sector. This analysis includes forward-looking guidance around both strategy and product.

2. Key Criteria Analysis

Key criteria provide the basis upon which organizations can make informed decisions about which solutions to adopt for their particular needs. For additional context, you can read the full Key Criteria report here.

Key Criteria

Platform Service Proxy Configurability Extensibility Monitoring & Observability Routing Resiliance Security
Grey Matter 3 2 3 3 3 2 2 3
3 Exceptional: Outstanding focus and execution
2 Capable: Good but with room for improvement
2 Limited: Lacking in execution and use cases
2 Not applicable or absent

Grey Matter is designed to be platform agnostic, and is capable of operating in any public, private, hybrid-cloud, multi-cloud, or container orchestration platform, and includes multi-platform support for K8s, AWS EKS, Azure AKS, Openshift OCP, OKD, Konvoy, and bare metal. Grey Matter is also container agnostic, supporting K8s, Docker, CoreOS, OpenShift, Rancher, and so forth, or even no container at all.

Service Proxy
Grey Matter uses open source EnvoyProxy (and Consul). The platform also contains a number of bespoke features and functions designed to provide unique additive technical and business value.

Configurability determines the ease with which developers and operators can set up and test the service mesh. Grey Matter provides outstanding dev-friendly, template-driven declarative application network layer delivery integration into any development pipeline that is fast, secure, and scalable across both on-premises and multi-cloud environments.

Extensibility is one of Grey Matter’s strengths. Since the application and use case requirements vary significantly from one organization to another, service meshes must be easy to customize or alter. Using the Grey Matter template-driven model makes it easy for enterprises to tailor, manage, and configure new deployment models within hours.

Monitoring and Observability
Grey Matter has full support for configuring distributed tracing within the control plane. This allows fleet-wide enforcement of tracing with minimal developer overhead (it only requires header forwarding). Grey Matter provides Layer 3, 4, and 7 observability for the network’s most granular tasks, delivering high-order contextual data with direct relevance to department or company-wide business decision-making. Grey Matter’s mesh networking platform creates an overwatch view of every endpoint on the network, including applications, APIs, event infrastructure, object stores, and databases.

Grey Matter also integrates easily with other enterprise tools, such as Grafana, Data Dog, Elastic, Splunk, Zipkin, or Jaeger, for further observability analysis and management.


Grey Matter controls east/west connections to and from applications, services, and network functions. It also controls north/south traffic operating as an API gateway. Grey Matter supports routing traffic at both L3 and L7, with numerous options for how to shape traffic as well as for improving resiliency. Grey Matter enables enterprise traffic reprioritization based on a number of request parameters or on traffic patterns caused by legitimate high volume or malicious or rogue consumers.

Grey Matter employs all of the mechanics of the Envoy Proxy to include: circuit breaking, outlier detection, retries only on certain error codes and with exponential backoff, rate limit services (globally and locally), and active health checking. The platform also supports five different load-balancing algorithms.

Grey Matter offers unparalleled zero-trust security, compliance insight, and operations management. At its core, the platform is based on the first principle of zero-trust security: “Never trust, always verify.” Grey Matter employs zero-trust functions such as a service-to-service mTLS connection, key rotation, service cryptographic identity, micro-segmentation, observability (that is, continuous monitoring), service-level management, and policy management throughout the enterprise service fleet.

Grey Matter uniquely enables security at Layer 3, 4, and 7 throughout the architecture. Grey Matter’s configurable command and control access and policy control introduce secure connectivity from endpoint to route to data object, protecting your most sensitive enterprise assets, everywhere. This depth of observability and access is one of the platform’s core features and is critical to zero-trust security, automation, and secure orchestration across services.

3. Evaluation Metrics Analysis

Evaluation metrics are used to evaluate the impact that a solution might have on an organization.

Evaluation Metrics

Features Openness Performance Resource Consumption Management Pricing & TCO Ecosystem Support Roadmap & Vision
Grey Matter 3 2 2 2 3 2 3 3 2
3 Exceptional: Outstanding focus and execution
2 Capable: Good but with room for improvement
2 Limited: Lacking in execution and use cases
2 Not applicable or absent

Grey Matter’s exceptionally full, flexible feature set includes capabilities tailored to support the needs of any enterprise customer in any user role, from developers and DevOps engineers to architects and decision-makers. Through this feature set, Grey Matter removes the burden of security concern from developer hands. Grey Matter ensures optimal uptime and user satisfaction while keeping tabs on every action occurring across the multi-environment service-based architecture. Grey Matter provides full-spectrum insight and control, and delivers the secure multi-environment insight, connectivity, and control decision-makers need to ensure optimal network performance, GRC management, and business priority alignment.

Grey Matter is a closed system but is built atop an open infrastructure. The platform uses open source EnvoyProxy as its end-to-end network and is purposefully designed to flexibly support any system or service in any hybrid/multi-cloud or on-prem environment.

Starting in 2020, the company placed specific emphasis on increasing its open source community engagement. Since that time, it has become significantly more engaged in the Envoy open source community.

Grey Matter employs an out-of-band architecture. Its latency is no more or less than that of Envoy. The tradeoffs of this latency versus the features you get using this technology are not a match, and most enterprises should not consider the low amount of Envoy latency as an impediment for network control.

Resource Consumption
Since a sidecar implementation doubles the number of active containers, some resource overhead is incurred when implementing a service mesh. Grey Matter reports that the proxy container resource requirement is negligible at scale and does not consume large amounts of RAM or CPU.

While some service meshes are complex to manage—particularly at scale—others are relatively simple to operate with advanced control plane dashboards. Grey Matter is the latter. It uses template-driven dev approaches rooted in GITOPS workflows. Additionally, there is a packaged VS Code plugin, a CLI client, and a fully abstracted REST API to ensure no access to underlying infrastructure YAML configuration is required (which protects the underlying infrastructure setup).

Pricing and Total Cost of Ownership (TCO)
This will vary based on the overall implementation and topology.

Grey Matter has a strong and growing ecosystem. It is ready out of the box with support for Git, Github, Kafka, Splunk, Jenkins, Zookeeper, and the ELK stack. The platform also supports Ansible, Helm, and Terraform tooling for installation on multiple environments. In addition, Grey Matter is optimized for tools such as Prometheus, Grafana, Jaeger, Zipkin, and Elasticsearch. The platform also supports K8s (any K8s PaaS) and Docker, XDS or consul discovery as required, AWS ECS and EKS, and Azure AKS. Grey Matter certifies each mode of discovery and deployment model.

Grey Matter is an enterprise software product. It is fully supported by dedicated Grey Matter experts with decades of combined experience supporting effective service-based architecture, decentralized services, and cloud-native operations and management. The company provides full self-service support up through tiered support models to include both phone and on-site support as needed. Furthermore, it has training modules available to assist customers in getting their teams up to speed on these implementations and patterns.

Grey Matter is working to build out a Mesh Operations Center SaaS platform for real-time management and tipping/queuing across your global mesh network operations, regardless of control plane or data plane. It is also focused on leveraging its AI in more areas to include network segmentation management and network policy. And it intends to double down on support for the Envoy Proxy open source projects and release further Grey Matter-specific open source.

4. Bottom Line

Grey Matter is an enterprise-proven universal mesh networking platform offering zero-trust security, unmatched business intelligence, GRC management, and automated performance optimization. The platform is composed of its own control plane for service-based architectures, an Envoy-based data plane with Grey Matter extended filters for L3, L4, and L7, north/south edge gateways, integration with SPIRE and Open Policy Agent for ZTA at every point on the mesh, and extended platform services for an enterprise data mesh, along with support for third-party engineering visualizations, and an integrated AI-driven application overwatch system for all meshes and infrastructure running.

In addition to providing a robust, enterprise-ready, container-agnostic, multi-environment platform, Grey Matter’s mesh-enabled AI contextual awareness and analytics offer enhanced observability and optimization, improving resource management and availability with intelligent auto-scaling, routing, and load balancing. The automated OPA distribution helps implement governance and ensure compliance, with comprehensive audit trails for improved management and control.

5. About Chris Grundemann

Chris Grundemann

Chris Grundemann is a passionate, creative technologist and a strong believer in technology’s power to aid in the betterment of humankind. He is currently expressing that passion by helping technology businesses grow and by helping any business grow with technology.

Chris has well over a decade of experience as both a network engineer and solution architect designing, building, securing, and operating large IP, Ethernet, and Wireless Ethernet networks. He has direct experience with service provider and enterprise environments, design and implementation projects, for-profit and not-for-profit organizations, big picture strategic thinking and detailed tactical execution, and standards and public policy development bodies. Chris frequently works with C-level executives and senior engineering staff at internet and cloud service providers, media and entertainment companies, financials, healthcare providers, retail businesses, and technology start-ups.

Chris holds eight patents in network technology and is the author of two books, an IETF RFC, a personal weblog, and a multitude of industry papers, articles, and posts. In addition to being the lead research analyst for all networking and security topics at GigaOm, he is the co-host of Utilizing AI, the Enterprise AI podcast. He is also a cofounder and Vice President of IX-Denver and Chair of the Open-IX Marketing committee. Chris has given presentations in 34 countries on 5 continents and is often sought out to speak at conferences, NOGs, and NOFs the world over.

Currently based in West Texas, Chris can be reached via Twitter.

6. About GigaOm

GigaOm provides technical, operational, and business advice for IT’s strategic digital enterprise and business initiatives. Enterprise business leaders, CIOs, and technology organizations partner with GigaOm for practical, actionable, strategic, and visionary advice for modernizing and transforming their business. GigaOm’s advice empowers enterprises to successfully compete in an increasingly complicated business atmosphere that requires a solid understanding of constantly changing customer demands.

GigaOm works directly with enterprises both inside and outside of the IT organization to apply proven research and methodologies designed to avoid pitfalls and roadblocks while balancing risk and innovation. Research methodologies include but are not limited to adoption and benchmarking surveys, use cases, interviews, ROI/TCO, market landscapes, strategic trends, and technical benchmarks. Our analysts possess 20+ years of experience advising a spectrum of clients from early adopters to mainstream enterprises.

GigaOm’s perspective is that of the unbiased enterprise practitioner. Through this perspective, GigaOm connects with engaged and loyal subscribers on a deep and meaningful level.

7. Copyright

© Knowingly, Inc. 2022 "GigaOm Solution Profile: Grey Matter" is a trademark of Knowingly, Inc. For permission to reproduce this report, please contact