Service Mesh Agility Stability Aspen Mesh

Agility with Stability: Why You Need a Service Mesh

“Move fast and break things” may have worked for Facebook, but it's a non-starter for most companies.  Move fast? Yes. Break things? Not so much.  

You're probably working at a company that's trying to balance the ability to move quickly — responding to customer needs in an ever-changing world — with the need to provide secure, reliable services that are always there when customers need them.  You're trying to achieve agility with stability and it's why you may need a service mesh; a configurable infrastructure layer for a microservices application that helps make communication between service instances flexible, reliable, and fast.

We work with a variety of customers, from small startups to large enterprises, but they’re all deploying and operating microservices applications at scale. No matter the company size or industry, we tend to get three common requirements:

  • I need to move quickly.
  • I need to quickly identify and solve problems.
  • I need everything to be secure.

Let's explore these three needs, as we often hear about them from platform owners and DevOps leads who are building and running next generation microservices platforms.

I Need to Move Quickly

This is where it all starts. You're moving to microservices so that you can push code to your customers faster than your competition.  This is how you differentiate and win in a market where the way you interact with your customers is through applications.

To win in these markets, you want your application developers focused on solving customer problems and delivering new application value.  You don't want them thinking about how they're going to capture metrics for their app, or what library they're going to use to make it more fault tolerant, or how they're going to secure it.  This is what you want your platform team solving - at scale - across your entire engineering organization.

A service mesh enables your platform team to implement organization-wide solutions like observability, advanced developer tooling, and security. This allows your application developers to focus on pushing the new features that will help you win in the market.  Focus drives speed and a service mesh creates focus.

I Need to Be Able to Quickly Identify Problems and Solve Them

In breaking your monolith down into microservices, things get more complex.  That becomes painfully obvious the first time you need to respond to a production issue and it takes hours of trolling through log files to even figure out where the problem occurred - let alone getting to solve it.  

A service mesh can provide you with the metrics and observability you need to effectively identify, troubleshoot, and solve problems in your microservices environment.  At the most basic level, you'll get metrics, distributed tracing, and a service graph to work with. For more advanced implementations, you can visualize key configuration changes that correlate with changes in metrics and traces to rapidly identify the root causes of problems. Then you can start fixing it.  

A service mesh also makes it easy to establish and monitor SLOs and SLIs (service level objectives and indicators) so you can prioritize critical fixes and easily share system status with the team. With a service mesh, platform owners can more quickly identify the root cause and gain a better understanding of their environments. This enables more resilient architecting in the future, to prevent outages occurring at all. 

I Need Everything to Be Secure

Security is table stakes.  They may say that all publicity is good publicity, but you do not want to be in the news for a security breach.  It's an existential threat to your business and your career. Defense in depth is the way to go, and a service mesh provides a powerful set of security tools to accomplish this.

Firstly, you can encrypt all the traffic moving among your microservices with mutual TLS that’s easy to set up and manage.  That way, should an attacker compromise your perimeter defenses, they’ll find it difficult to do much in a fully encrypted environment. Client and server side encryption ensures common microservices vulnerabilities such as man-in-the-middle attacks are prevented.

Secondly, don't just monitor all the traffic that's entering and leaving your microservices environment. You need to also implement fine-grained RBAC that makes the principle of least privilege a reality in your environment.  Admission controls and secure ingress allow platform operators to ensure that developers are following secure and compliant practices, and also make it easy for applications to communicate securely to the internet.   

And thirdly, take advantage of the observability that a service mesh provides into the security posture of your microservices, so that you have confidence everything is operating as expected.

If you’re working for a company that’s trying to walk the razor’s edge of agility with stability, check out service mesh.  It provides a powerful set of tools that help you operate a platform where application developers move quickly, while relying on the platform to solve the observability, traffic management and security challenges that come with a modern microservices environment.


Aspen Mesh Enterprise Service Mesh

Aspen Mesh for Self-hosted Environments

We’re excited to announce the launch of our first self-managed version of Aspen Mesh, designed for deployment to your infrastructure within any cloud or on-premises.  With Aspen Mesh 1.2.5-am1 you get the advanced functionality, the rich dashboard, and the expert support you’re used to from Aspen Mesh, all built on the open source power of Istio 1.2.5.

With this release, we're making it easy for enterprises with self-hosted environments to get all the benefits of Aspen Mesh.  This means you can now use your existing Prometheus, Grafana and Jaeger with Aspen Mesh and we no longer require customers to send data out of their clusters.  We’re deprecating prior versions of Aspen Mesh that include these hosted elements. All Aspen Mesh customers will need to upgrade to Aspen Mesh 1.2.5-am1 before October 17, 2019.

If you’d like any help with this upgrade, reach out your account rep or email us at support@aspenmesh.io.

Why the change?

We first started building Aspen Mesh in the summer of 2017, launching the first version built on Istio 0.2.4. Since then, we’ve focused on helping enterprises harness the power of service mesh by delivering an integrated solution that provided the core elements of Istio along with a hosted solution for Prometheus, Grafana, and Jaeger. 

What we’ve found is that while enterprises are looking to work with someone like Aspen Mesh to better harness the power of service mesh, they usually have existing installations of Prometheus, Grafana, and Jaeger and don’t want or need a hosted, integrated, supported solution.  And customers who wanted to get started with basic insights right away had to conduct security audits before they could send us service metrics and trace headers.

Installing Aspen Mesh in your environment

With those obstacles out of the way, it’s now much easier to get started using Aspen Mesh in your environment.  All you need is a Kubernetes cluster that has Prometheus and Helm/Tiller and you’re ready to go. Follow the detailed instructions in our Getting Started Guide and reach out to us on support@aspenmesh.io if you have any questions.  If you don’t have an account yet, sign up now so you can view our releases and documentation.

What’s next?

We’re heads down working on our next set of features that will help enterprises better take advantage of the rich telemetry available in the mesh and better harness the power of mesh policy at scale within their organizations.  Keep an eye on this space for more.