reborn55 - Fotolia
Enterprises architects are beginning to look deeper at service mesh technology to provide better management, monitoring...
and governance of microservice-based applications. Experts say this is built on growing momentum around the use of containers for service deployment and Kubernetes for service orchestration.
A service mesh simplifies the ability to integrate microservices across the boundaries between Kubernetes clusters. In the long run, service mesh should improve security, traffic management and visibility. And while no true service mesh standards have emerged, there is significant industry interest coming together around the open platform Istio.
Vendors are racing to provide tools that make it simpler to mesh up microservices, said Torsten Volk, a senior analyst with Enterprise Management Associates. This is a strategy to gain market share among the increasing number of development shops focused on microservices.
"Microservice-to-microservice networking will become critical to enable intelligent microservices [that] obtain information and capabilities from wherever they are available in a secure and compliant manner," Volk said.
Evolution of container abstractions
There have been three major developments around containers and microservices. First, kernel containers, such as Docker, became a standard way to package individual microservices.
Second, in the past year, the market converged around Kubernetes as an orchestration layer.
The third phase in the evolution of microservice abstractions is the current rise of service mesh, which provides better application layer abstractions on top of Kubernetes. This allows developers to focus on applications by making standard calls to the service mesh. Enterprise architects can then focus a dedicated team that architects capabilities for service discovery, service authentication, load balancing and distributed tracing.
What this means for developers
The use of a service mesh will allow developers to hand over some of the control that once was part of their application management. This is accomplished through features such as client-side circuit breakers and service discovery, said Rich Sharples, senior director of product management at Red Hat. Service mesh platform policy and traffic management capabilities can also allow for a more consistent experience, given that the mesh features are not dependent on a specific programming language, he added.
One limitation of Kubernetes is that it abstracts away from the functionality of services, which creates a complex, multilayer environment that's hard to secure. Service mesh provides a common security API across all microservices that will help manage communications and behavior among microservices applications. Security testing can consume the APIs for monitoring.
"Security can be applied within and among all of this activity, because the service mesh operates on a data plane," said John Martinez, VP of security at Evident.io. "This allows security to be managed more transparently when communications can be observed on a plane, between services."
Within a service mesh, endpoints are available on a control plane. Access and operational controls can be applied to these endpoints, which makes the service mesh a logical framework in which to apply security, Martinez said. This will be important as functional compute opportunities are created and applied within an organization's cloud environment.
Early challenges to adoption
Service mesh technologies are still new and changing rapidly. One good service mesh adoption practice is to focus on building a robust API, Sharples said. This allows organizations to adopt new service mesh capabilities with little impact on the associated applications.
Enterprise architects should also inventory their current app infrastructure to assess their readiness to implement service mesh technologies. There are many cases where organizations are ready to try service mesh, but the underlying app infrastructure won't allow it, Sharples explained. It's also important to look at the scope of the service mesh and how it may clash with existing technologies, including load balancers, service registries, application performance management and API management tools.
New uses on the way
Going forward, some experts believe that service meshes could include other capabilities, too. While some capabilities, such as tracing and monitoring, are more obvious, there may be more in store for those working with microservices, said Georgi Matev, head of product at Kasten, a cloud data management vendor.
"There is also a high likelihood for standardization at the microservice application level … of higher-level operational activities," Matev said. "[This includes] data management around protection, migration and copy management."