Frequently Asked Questions

Quick answers for some of your most common questions.

What is Greymatter?

Greymatter is an enterprise-proven multi-cloud services management platform. Greymatter offers zero-trust security, unmatched business intelligence, and automated performance optimization. Our platform is the most effective way for teams to securely work and collaborate across any infrastructure. 

Is Greymatter a service mesh?

Greymatter is full service – mesh networking platform based in a service based architecture.

Greymatter uses a version of the open source EnvoyProxy as its open source baseline. However, its control plane, data plane, AI, and platform services are unique builds. Greymatter is flexible enough to interoperate with and enhance other service meshes.

Who uses Greymatter?

Greymatter is ideal for any enterprise-scale company or organization investigating, planning for, or already in the middle of an IT modernization effort involving hybrid/multi-cloud, or decentralized service-based architectures.

Greymatter’s full, flexible feature set includes capabilities tailored to support the needs of any enterprise customer in any user role, from developers and DevOps engineers, to architects, and decision makers alike.

Greymatter is currently in use by Global Enterprise customers within the Government/Public Sector, with pilot programs within the banking and financial services, and Telecom industries.

What container and cloud platforms does Greymatter work with?

Greymatter is designed to be platform agnostic, and is capable of operating in any public, private, hybrid, or multi-cloud or container orchestration platform including multi-platform support, for K8s, AWS EKS, Azure AKS, Openshift OCP, OKD, Konvoy, and bare metal. Greymatter is also container agnostic, supporting K8s, Docker, CoreOS, Open Shift, Rancher, etc, or even no container at all. 

What monitoring services does Greymatter support?

Greymatter has full support to configure distributed tracing within the control plane. This allows fleet wide enforcement of tracing with minimal developer overhead (i.e., only requires header forwarding). Greymatter also support seamless integration with existing tracing frameworks to include: DataDog, Jaeger, LightStep and ZipKin.

What visualization and observability tools does Greymatter support?

Greymatter provides layer 3,4, and 7-level observability for the network’s most granular tasks, delivering high-order contextual data with direct relevance to department or company-wide business decision-making. The platform’s deep observability is made accessible via an elegant configurable UI providing easy to understand context and control. Users can manage and control everything deployed and running on the network from microservice to mesh in a multi-cloud architecture. 

Greymatter’s mesh networking platform creates an overwatch view of every endpoint on your network including applications, APIs, event infrastructure, object stores and databases. Using AI, telemetry and detailed audit tapping, the platform provides instant reporting on health and usage in a NOC/SOC style overview. This allows for rapid identification and view of aggregate enterprise level health metrics or deep analysis into granular instances of real time activity. 

Greymatter also integrates easily with other enterprise tools such as Grafana, Data Dog, Elastic, Splunk, Zipkin, or Jaeger for further observability analysis and management.

What routing features does Greymatter provide?

Greymatter controls East/West connections to/from applications, services, and network functions. Upon being deployed alongside each application, service, and network function the Greymatter data plane acts as both an inbound and outbound proxy for all instances. This eliminates point to point direct connections each with their own separate configuration from sprawling throughout your enterprise networks. Greymatter also controls North/South traffic operating as an API Gateway.

Greymatter uniquely supports routing traffic at both L3 and L7, with numerous options for how to shape traffic as well as improving resiliency. Traffic splitting is enabled across all protocols, and HTTP traffic can be routed based on path, method, header, cookies, and query parameters. Traffic through Greymatter gains added resiliency through circuit breaking, automatic retries, outlier detection, and active health checking. 

Greymatter enables enterprise traffic reprioritization based on a number of request parameters or traffic patterns caused by legitimate high volume or malicious/rogue consumers. This protects the function being accessed from overload and cascade failures and is managed via software configuration and segmentation. 

What resilience features does Greymatter provide?

Greymatter employs all of the mechanics of the Envoy Proxy to include: circuit breaking, outlier detection, retries only on certain error codes and w/ exponential backoff. rate limit services (globally and locally).

The platform also supports 5 different load-balancing algorithms.Schemes include weighted round robin, weighted least request, ring hash, maglev, and random. These schemes can be set differently per cluster of data planes, improving operational efficiency and performance. 

What authentication, authorization, and encryption features does Greymatter provide?

Greymatter offers unparalleled zero trust security, compliance insight, and operations management. This is the most effective way for teams to securely work and collaborate across infrastructures.

The platform is fundamentally based upon the first principle of zero-trust security: “never trust, always verify.”

Greymatter employs zero-trust functions such as service-to-service mTLS connection, key rotation, service cryptographic identity, observability (i.e. continuous monitoring), service level management, and policy management throughout the enterprise service fleet.

Greymatter uniquely enables security at layer 3, 4, and 7 levels throughout the architecture. The platform’s configurable command and control access and policy control introduce secure connectivity from endpoint to route to data object, protecting your most sensitive enterprise assets, everywhere. This depth of observability and access is one of the platform’s core features and is critical to zero-trust security, automation and secure orchestration across services.

Other features include:

  • API hooks for CI/CD pipelines to automate deployments. 
  • APIs for integration with common tools for security provisioning of new services and applications, with a common control (i.e. management) plane.
  • End-to-end encryption for north/south and east/west communication. Providing data integrity and avoiding eavesdropping and man-in-the-middle attacks.
  • RBAC, ABAC, and NGAC policy enforcement
  • Data plane policy enforcement through a lightweight sidecar based on Envoy.
  • Enhanced observability and analytic data points on how capabilities are being used.
  • Detection and the ability to block malicious bot activity, securing APIs and mitigate denial-of-service attacks.
  • Data segmentation and protection – ensuring data being shared is protected (i.e. credit card and customer information is encrypted and masked)


Greymatter’s authentication scheme establishes identities for every transaction within the platform.

There are two types of identities: users and services. 

User Authentication methods: 

  • OpenID Connect (OIDC) and mTLS x.509 certificates (Distinguished names represent who the user is) 


Service-to-Service Authentication methods: 

  • mTLS x.509 certificates (SPIFFE identities are incorporated into the x.509 certificate) While distinct, these identities are not mutually exclusive. 


Greymatter uses the authenticated identities and their attributes to support fine-grained access controls using the following methods: 

  • Authorization Filters and Data Authorization via the Greymatter Data Platform Service 


Greymatter also supports SPIFFE identities with SPIRE workflow.  This allows for SPIFFE non-person identities, certificate management, and an attestation model that works regardless of platform.

Is Greymatter open source?

Greymatter is a closed system but is built atop an open infrastructure. The platform uses open source EnvoyProxy as its end-to-end network and purposefully designed to flexibly support any system or service in any hybrid/multi-cloud, or on-prem environment.

How much latency does Greymatter introduce?

Greymatter employs and out of band architecture.  Our latency is no more or less than that of Envoy.  The tradeoffs of this latency vs. the features of using this technology are not a match and most enterprises should not consider the low amount of Envoy latency as an impediment for network control.

What developer and management tools does Greymatter support?

Greymatter is ready OOTB with support for Git, Github, Kafka, Splunk, Jenkins, Zookeeper, and the ELK stack. The platform also supports Ansible, Helm, and Terraform tooling for installation on multiple environments. Greymatter is also optimized for tools such as Prometheus, Grafana, Jaeger, Zipkin, and Elasticsearch. The platform also supports K8s (any K8s PaaS) and Docker, XDS or consul discovery as required, AWS ECS and EKS, Azure AKS.  We certify each mode of discovery and deployment model.

What is the Greymatter support model?

Greymatter is an enterprise software product. It is fully supported by dedicated Greymatter experts with decades of combined experience supporting effective service-based architecture, decentralized services, and cloud-native operations and management.  We provide full self service support up through tiered support models to include both phone and on-site support as needed.  Furthermore, we have training modules available to assist customers with getting their teams up to speed on these implementations and patterns.

How does Greymatter enable service discovery?

Greymatter service discovery provides a cost-effective, secure way to ensure operational continuity across geographically separated systems atop a microservices architecture.  We authored the Go-control-plane Incremental XDS implementation in the open source and have added that to our industry leading 8 modes for Discovery which include: XDS both incremental and state of the world, ECS, EKS, Azure AKS, Consul, and bare metal.

How does Greymatter enable load-balancing?

Greymatter employs six different automatic load balancing policies: least request, round_robin, ring_hash, random, maglev, cluster_provided. Services running in a distributed mesh have different performance profiles, and simplistic approaches to load balancing can cause havoc in certain circumstances.  More options for this crucial piece of the mesh provide more ways to tune how each application handles load and improve resilience and uptime.

How does Greymatter encrypt and decrypt service requests?

Greymatter uses mTLS cryptographic service identities and multimesh jump points to provide unified, seamless, transparent and secure communications across meshes and clouds. The platform uses SPIFFE runtime environments and SPIRE secure production identity frameworks to create mTLS cryptographic identities for services. Multi-mesh network fabric communication channels can then grant each mesh control over who, what, when and how information is sent.

Uniform observability and continuous monitoring can also be enabled at different levels (full/partial payload, time-based monitoring, etc.) Further, under such a design, key rotation patterns can help mitigate cyber intrusions or attacks impacts by quarantining malicious code.

How does Greymatter ensure service health?

Greymatter provides circuit breakers at every point in the mesh. The most common place for this to occur is at the edge, where a DDOS could overwhelm the edge nodes themselves. To solve this, we employ Rate Limiting, which can protect the edge node from accepting too many requests and opening too many file handles and crashing. With proper configuration, each sidecar ceases queueing new requests before they’re overwhelmed, allowing the service time to heal. This ensures capabilities can withstand malicious attacks and accidental recursive network calls without going down.

How does Greymatter track and tracing request paths, find latency, and id bottlenecks?

Greymatter provides support for configuring distributed tracing within the control plane for fleet wide enforcement of tracing with minimal developer overhead. The platform also provides seamless integration with existing tracing frameworks to include: DataDog, Jaeger, LightStep and ZipKin.

Greymatter support for distributed tracing within the control and data planes:


  • Allows first order (i.e., service to service) tracing to be performed without any modification to source code, thereby reducing technical debt.
  • Allows for end to end tracing to be performed by simply passing a header from an incoming request to all related outgoing requests, thereby reducting implementation time, implementation complexity and reducing technical debt.
  • Enables fleetwide management of tracing configuration via a single authoritative source, thereby simplifying management and operational complexity.
  • Provides a normalized tracing capability across all deployed services, thereby increasing operational understanding and dependency issues.
  • Provides a unified view of the deployed architecture and usage patterns, thereby increasing situation awareness and supporting architectural decisions.
  • Provides integration with multiple tracer implementations, thereby allowing for impelemations to be switched as needed and without code modification.
  • Provides integration with multiple tracer implementation, thereby reducing vendor lockin and cost to migrate between implementation.
  • Provides increased visibility into usage patterns, thereby supporting informed infrastructure investment decisions.
  • Extends visibility into the mesh configuration by exposing more filter configuration options via the Greymatter dashboard.
  • Supports full observability of HTTP mesh traffic. This capability allows users to understand not only the flow of traffic through their mesh, but the content of that traffic. Sinks for this information include asynchronous messaging systems like Apache Kafka and the file system.

How does Greymatter inject faults and latency for resiliency verification?

Greymatter sidecars can be configured with fault injection in order to test resiliency and failures. The platform enables the injection of delays and abort requests with custom error codes in order to simulate various failure scenarios (e.g. service failures, overloads, high network latency, network partitions, etc). It can be configured for a given upstream cluster of a request and/or a set of predefined request headers.

How does Greymatter support intelligent routing?

Greymatter supports Intelligent routing, load balancing, and resiliency for maximum systems availability and resource management.

Functions include:


  • Advanced load balancing for ephemeral services,
  • Intelligent routing through A/B testing and canary deployment, and
  • Resiliency through timeouts, retries, circuit breakers, and bulkheads