Service Mesh University Class 201: Foundations of Service Mesh Video transcript

Welcome to Service Mesh University class 201: Foundations of Service Mesh. I’m Shawn Wormke, General Manager and one of the Founders of Aspen Mesh, and I’ll be your guide today. In this class, we’ll talk about:

So let’s start off by talking about the service mesh landscape.

Service mesh is helping to take the cloud native and open source communities to the next level, and we’re starting to see increased adoption across many types of companies — from start-ups to the enterprise - even service providers.

For any company, there are many tools and products used to manage microservices and a service mesh is another powerful tool in your tool box. A service mesh has a broad set of use cases that at times can compliment or in some cases replace many existing tools already in use.So let’s talk through some technologies related to service mesh, so you can see how they fit with commonly-used container tools:

• Container orchestration: Kubernetes provides scheduling, auto-scaling and automation functionality that solves most of the build and deploy challenges that come with containers. Where it leaves off, and where service mesh steps in, is solving critical runtime challenges with containerized applications. A service mesh provides traffic management, uniform metrics, distributed tracing, encryption between services and fine-grained observability of how yourneed to cluster is behaving at runtime.

• API gateway: Are applications that route requests to the appropriate service or services in order to enable functionality such as billing. While a service mesh does not implement all of the features of the most common API gateways like Kong and Apigee, for basic API routing a service mesh it may be enough.

• The service mesh landscape,• How a service mesh helps your team and end users,• And some prerequisites you’ll need before getting

started with a service mesh

• Global load balancing efficiently distributes network traffic across multiple services. A good example of this is F5 Networks’ BIG-IP.

• Configuration and policy allow you to dictate the way a system operates, and responds when something happens. Service mesh allows you to insert this policy into your environment transparent to the applications and with out requiring changes to the application’s code.

• Ingress and egress management allow you to monitor and control traffic entering and exiting your clusters. This helps you maintain better security and control of which services are exposed to the outside world.

• Client and server side verification establishes mTLS to add end-to-end security and encryption to services running in Kubernetes clusters.

• Service discovery and health checking enables the finding of new pods and services, routing and load-balancing traffic, and surfacing the health status of services. The CNCF’s Envoy product is a good example of this.

• Authentication and authorization help you establish identities in order to manage your security at the next level. AuthN and AuthZ, along with role-based access control are at the core of Zero-Trust security tennents.

• And finally, logging, metrics and tracing allow you to more easily monitor and debug distributed systems. Datadog and Jaeger currently provide solutions for this.

Now that we’ve talked about the service mesh landscape, what exactly does it have to do with you? Let’s switch gears to talk about how a service mesh actually helps your team -- and more importantly, your end users.

A service mesh is an infrastructure layer that helps you manage communication between your microservices. It provides better security, reliability, and faster services than you would otherwise get. This helps not only your teams, but your customers or end users as well:

1. So what does this mean for your teams? Operators and developers are on the hook as the core value drivers in application-centric organizations. Developers need to spend their time writing business logic that adds new value, which means operators must provide a stable, secure and scalable platform that removes the need to focus on infrastructure. You need to be able to quickly release new features and ensure application stability and security. A service mesh provides your teams with the toolset they need to work more efficiently, driving value for your customers.

2. Ok, so how would a service mesh help your customers or end users? A service mesh provides your microservices-based application with more uptime and a smoother, improved user experience. A well-known example of success with a service mesh at scale is Netflix. By using a service mesh to manage communication between their microservices, they are able to provide viewers with fewer interruptions and faster issue resolutions.

In short, the increased uptime and efficiency that a service mesh provides makes for a better user experience, all while saving your company time and money.

But, you need a way to ensure not only team efficiency and good user experiences; your company also needs a long-term technology strategy to achieve growing success over time. I like to talk about this in terms of stability with agility.

A business’s agility is what allows them to rapidly grow its revenue streams, respond to customer needs and defend against disruption. It is the need for agility that drives digital transformations and pushes companies to define new ways of working, develop new application architectures and embrace cloud and container technologies.

But agility alone won’t get businesses where they need to be; agility with stability is the critical competitive advantage. Companies that can move faster and rapidly meet evolving customer needs — while staying out of the news for downtime and security breaches — will be the winners of tomorrow.

Service meshes help organizations achieve agility with stability by increasing the visibility and observability of their microservices, allowing them to gain control over a complex solution and to enforce their applications’ security and compliance requirements. As companies continue to adopt cloud native technologies, they must not lose sight of ensuring that the applications they deliver are secure and compliant and a service mesh provides many components in its toolbox that allows them to do that.

If you’re interested in learning more about how to get a service mesh up and running, let’s take a moment to talk about what you need before you start. The only real prerequisites are that you’re running microservices, and you’re using Kubernetes. Once you have those, it’s up to you to decide when you’re ready to think about adding a service mesh into the mix.

So how do you know when the time is right for you to deploy a service mesh? Most people start needing service mesh when they run into one or a combination of:

• Your microservices architecture is too big to keep in your head or draw on a piece of paper. If this is the case it is very likely that your microservices are not behaving the way you expect and visibility into that is key to understanding your environment.

• You have security or compliance needs that require encryption of traffic or strict security and access policies. Many regulated industries have strict compliance needs. Expecting everyone in your DevOps organization to understand them is unrealistic. Deploying a service mesh allows you a single point of control to ensure your security needs are met.

• You’re operationalizing your kubernetes environment or moving it into production. Ensuring that you have the right tools in place to ensure the best user experience for your customers is key to your company’s success. A service mesh can give you the visibility and control you need to ensure that your application stays running smoothly. In the unfortunate case that it fails, a service mesh gives you the insights you need to identify the problem and get it back online as quickly as possible - reducing your Mean-Time-To-Recovery and ensuring your SLAs and KPIs are met.

Thanks for joining me today to learn more about the foundations of service mesh - you can download a summary and transcript of this video, and as always, feel free to reach out to us at hello@aspenmesh.io with any service mesh questions.