Improve your application with service mesh

Improving Your Application with Service Mesh

Engineering + Technology = Uptime 

Have you come across the term “application value” lately? Software-first organizations are using it as a new form of currency. Businesses delivering a product or service to its customers through an application understand the growing importance of their application’s security, reliability and feature velocity. And, as applications that people use become increasingly important to enterprises, so do engineering teams and the right tools 

The Right People for the Job: Efficient Engineering Teams 

Access to engineering talent is now more important to some companies than access to capital. 61% of executives consider this a potential threat to their business. With the average developer spending more than 17 hours each week dealing with maintenance issues, such as debugging and refactoring, plus approximately four hours a week on “bad code” (representing nearly $85 billion worldwide in opportunity cost lost annually), the necessity of driving business value with applications increases. And who is it that can help to solve these puzzles? The right engineering team, in combination with the right technologies and tools. Regarding the piece of the puzzle that can solved by your engineering team, enterprises have two options as customer demands on applications increase:  

  1. Increase the size and cost of engineering teams, or  
  2. Increase your engineering efficiency.  

Couple the need to increase the efficiency of your engineering team with the challenges around growing revenue in increasingly competitive and low margin businessesand the importance of driving value through applications is top of mind for any business. One way to help make your team more efficient is by providing the right technologies and tools. 

The Right Technology for the Job: Microservices and Service Mesh 

Using microservices architectures allows enterprises to more quickly deliver new features to customers, keeping them happy and providing them with more value over timeIn addition, with microservices, businesses can more easily keep pace with the competition in their space through better application scalability, resiliency and agility. Of course, as with any shift in technology, there can be new challenges.  

One challenge our customers sometimes face is difficulty with debugging or resolving problems within these microservices environments. It can be challenging to fix issues fast, especially when there are cascading failures that can cause your users to have a bad experience on your applicationThat’s where a service mesh can help. 

Service mesh provides ways to see, identify, trace and log when errors occurred and pinpoint their sources. It brings all of your data together into a single source of truth, removing error-prone processes, and enabling you to get fast, reliable information around downtime, failures and outages. More uptime means happy users and more revenue, and the agility with stability that you need for a competitive edge. 

Increasing Your Application Value  

Service mesh allows engineering teams to address many issues, but especially these three critical areas: 

  • Proactive issue detection, quick incident response, and workflows that accelerate fixing issues 
  • A unified source of multi-dimensional insights into application and infrastructure health and performance that provides context about the entire software system 
  • Line of sight into weak points in environments, enabling engineering teams to build more resilient systems in the future  

If you or your team are running Kubernetes-based applications at scale and are seeing the advantages, but know you can get more value out of them by increasing your engineering efficiency and uptime for your application's’ users, it’s probably time to check out a service mesh. You can reach out to the Aspen Mesh team on how to easily get started or how to best integrate service mesh into your existing stack at hello@aspenmesh.io. Or you can get started yourself with a 30-day free trial of Aspen Mesh. 


Secure Application Deployment with Istio on Kubernetes

Learn How To Securely Deploy Your Application with Istio in this New liveProject from Manning

We are excited to announce that a new liveProject from Manning Publications is now available. A liveProject is a project for you to complete where you can tackle a real-world scenario learning new skills as you go. You’ll develop your own solution and get just enough help to succeed.

In “Secure Application Deployment with Istio on Kubernetes” created by Neeraj Poddar, our Co-Founder and Chief Architect, you will get an overview of Istio’s service mesh, learn how to expose your application to users securely via HTTPS, learn how to protect sensitive user information by utilizing Istio Auth policies, understand application behavior by using Istio telemetry, and efficiently debug your service mesh. 

In addition, you’ll have the opportunity to:

  1. Get hands-on experience of safely and securely exposing an ecommerce microservices-based store using Istio  
  2. Iteratively build in new security features step-by-step, mastering Istio as you go  
  3. Handle deploying your application with Istio and Kubernetes, encrypting traffic to your application via self-managed TLS certificate, understanding application behavior by using Istio telemetry 
  4. Finish up with an efficient debug of your app using the Istio service mesh 
     

Istio service mesh gives you complete visibility over your large scale microservices applications, making it easy to enforce security, manage traffic, spot and debug errors, and improve user experience. 

By the time you’re done with this liveProject, you’ll have the skills to ensure the security of your app, and start making the move away from error-prone manual management of microservices.  

Head over to Manning’s website to get access to this project. 

If you’re looking for even more power for your service mesh, check out what Aspen Mesh adds to Istio. From policy frameworks, an easy to use UI, analytics and alerting as well as first-class support, Aspen Mesh can help your service mesh accomplish even more. 


istiocon 9 trends

Top 9 Takeaways from IstioCon 2021

At the beginning of last year, we predicted the top three developments around service mesh in 2020 would be:

  1. A quickly growing need for service mesh
  2. Istio will be hard to beat
  3. Core service mesh use cases will emerge that will be used as models for the next wave of adopters

And we were right about all three, as evidenced by what we learned at IstioCon.

As a new community-led event, IstioCon 2021 provided the first organized opportunity for Istio’s community members to gather together on a large, worldwide scale, to present, learn and discuss the many features and benefits of the Istio service mesh. And this event was a resounding success.

With over 4,000 attendees — in its first year, and as a virtual event — IstioCon attendance exceeded expectations by multiples. The event showcased the lessons learned from running Istio in production, first-hand experiences from the Istio community, and featured maintainers from across the Istio ecosystem including Lin Sun, John Howard, Christian Posta, Neeraj Poddar, and more. With sessions presented across five days in English, as well as keynotes and sessions in Chinese, this was indeed a worldwide effort. It is well-known that the Istio community reaches far and wide, but it was fantastic to see that so many people interested in, considering, and even using Istio in production at scale were ready to show up and share.

But apart from the outstanding response of the Istio community, we were particularly excited to dig into what people are really using this service mesh for and how they’re interacting with it. So, we’ve pulled together the below curated list of top Istio trends, hot topics, and our top three list of sessions you don’t want to miss.

Top 3 Istio Service Mesh Trends to Watch

After watching each session (so you don’t have to!), we’ve distilled the top three service mesh and Istio industry takeaways that came out of IstioCon that you should keep on your radar.

1. Istio is production-ready. No longer just a shiny new object, this nascent technology has transformed over the past few years from a new infrastructure technology into the microservices management technology that people are using, now, in production and at scale at real companies. We saw insightful user story presentations from T-Mobile, Airbnb, eBay, Salesforce, FICO, and more.

2. Istio is more versatile than you thought. Did you know that Istio is being used right now by users and companies to manage everything from user-facing applications like Airbnb to behind-the-scenes infrastructure like running 5G?

3. Istio and Kubernetes have a lot in common. There are lots of similarities between Istio and Kubernetes in terms of how these technologies have developed, and how they are being adopted. It’s well known that Kubernetes is “the defacto standard for cloud native applications.” Istio is being called ”the most popular service mesh” according to the CNCF annual user survey. But more than this, the two are growing closer together in terms of the technologies themselves. We look forward to the growth of both technologies.

Top 3 Hot Topics

In addition to higher level industry trends, there were many other hot topics that surfaced as part of this conference. From security to Wasm, multicluster, integrations, policies, ORAS, and more, there is a lot going on in the service mesh marketplace that many folks may not have realized. Here are the three hot topics we’d like you to know about:

1. Mulitcluster. You can configure a single mesh to include multiple clusters. Using a multicluster deployment within a single mesh affords capabilities beyond that of a single cluster deployment, including fault isolation and fail over, location-aware routing, various control plane models, and team or project isolation. It was indeed a hot topic at IstioCon, with an entire workshop devoted to Istio Multicluster, plus two additional individual sessions and a dedicated office-hours session about multicluster.

2. Wasm. WebAssembly (Wasm) is a sandboxing technology that can be used to extend the Istio proxy (Envoy). The Proxy-Wasm sandbox API replaces Mixer as the primary extension mechanism in Istio. Over the past year, Wasm has come further to the forefront in terms of interest, as seen here by garnering two sessions plus its own office-hours session.

3. Security. Let’s face it, we’re all concerned about security, and with good reason. Istio has decided to face security challenges head on, and while not exactly a new topic, it’s one worth reiterating. The Istio Product Security Working Group had a session, plus we saw two more sessions featuring security as a headliner, and a dedicated office-hours session. 

Side note: Aspen Mesh had a tie with one another hot topic; debugging Istio. If you get a chance, check out the three recorded sessions on debugging as well.

Top 3 Sessions You Will Want to Watch On-demand

Not everyone has time to watch a conference for five days in a row. And that’s ok. There are about 77 sessions we wish you could watch, but we’ve also identified the top three we think you’ll get the most out of. Check these out:

1. Using Istio to Build the Next Generation 5G Platform. As the most-watched session at this event, we have to start here. In this session, Aspen Mesh’s Co-founder and Chief Architect Neeraj Poddar and David Lenrow, Senior Principal Cloud Security Architect at Verizon, covered what 5G is and why it matters, architecture options with Istio, platform requirements, security, and more.

2. User story from Salesforce - The Salesforce Service Mesh: Our Istio Journey. In this session, Salesforce Software Architect Pratima Nambiar talked us through their background around why they needed a service mesh, their initial implementation, Istio’s value, progressive adoption of Istio, and features they are watching and expect to adopt. 

3. User story from eBay - Istio at Scale: How eBay is Building a Massive Multitenant Service Mesh Using Istio. In this session, Sudheendra Murthy covered eBay’s story, from their applications deployment to service mesh journey, scale testing, and future direction.

What’s Next for Istio?

We were excited to be part of this year’s IstioCon, and it was wonderful to see the Istio community come together for this new event. As our team members have been key contributors to the Istio project over the past few years, we’ve had a front row seat at the growth of the project itself along with the community.

To learn more about what the Istio project has coming up on the horizon, check out this project roadmap session. We’re looking forward to the continued growth of this open source technology, so that more companies — and people — can benefit from what it has to offer.


IstioCon 2021

Aspen Mesh to Sponsor IstioCon 2021

Aspen Mesh is excited to join the Istio community as a Platinum sponsor of the very first conference dedicated to Istio; IstioCon 2021.  

IstioCon is a new, community-led event showcasing the lessons learned from running Istio in production, hands-on experiences from the Istio community, and featuring maintainers from across the Istio ecosystem.  

The conference will offer a mix of keynotes, technical talks, lightning talks, workshops and roadmap sessions. 

We're excited for this new Istio community event and we hope you can join us. You'll find several Aspen Meshers scheduled to give presentations, so be sure to stop by:

  • "Using Istio to Build the Next Generation 5G Platform" with Neeraj Poddar (Aspen Mesh) and David Lenrow (Verizon)
  • "Simple Certificate Management (Pilot-Agent Environmental Variables)" with Jacob Delgado (Aspen Mesh)
  • "Istio Project Roadmap" with Neeraj Poddar (Aspen Mesh) and Louis Ryan (Google)
  • "Istio Product Security Working Group - What It Is and Why It's Important" with Jacob Delgado (Aspen Mesh) and Brian Avery (Red Hat)

Find more information about IstioCon here. 

IstioCon 2021


How Service Mesh Helps Application Management Aspen Mesh

How Service Mesh Helps Application Management

Manage Microservices More Efficiently

Microservice-based applications come with some serious upside, but keeping track of every single service is a challenge — especially for the platform teams that can't narrow their vision to a single microservice. If you’re operating or developing in a microservices architecture, there’s a good chance part of your days are spent wondering what your services are up to. It's frustrating to move from service to service and have to relearn everything; how it's configured, what telemetry you'll have, how it manages certs and keys.

With the adoption of microservices, problems can also emerge due to the sheer number of services that exist in large systems. For a monolith, issues like security, load balancing, monitoring and rate limiting only had to be solved once, but for microservices, those issues now have to be handled separately for each service. 

The good news though? A service mesh helps address many of these challenges so engineering teams – and businesses – can deliver applications more quickly and securely.

 

Take Your Digital Transformation Further

There are many things to think about as companies embrace digital transformation by migrating from legacy or monolithic systems to microservices. Starting with, well, microservices. It’s easy to understand why microservice-based applications are becoming more and more common. Through microservice architectures, enterprises are seeing: 

  • Improved scalability
  • Increased development velocity
  • Easier debugging
  • Rapid alignment between development and user requirements 

As companies build or convert to more modern applications, they’re leveraging microservices to drive differentiation and market leadership. As a side effect, they realize that they are increasing complexity and decentralizing ownership and control. These new challenges require new solutions to effectively monitor, manage and control microservice-based applications at runtime.

Keep in mind that Kubernetes has become the defacto method for enterprises to orchestrate containers. Kubernetes is a superb tool when it comes to deploying, scheduling and running containerized applications through a basic approach to networking that doesn't provide rich service-to-service communication.

That’s where service mesh comes in. A service mesh like Aspen Mesh adds observability, security and policy capabilities to Kubernetes. A service mesh helps to ensure resiliency and uptime – it provides solutions that enable engineering teams to more effectively monitor, control and secure the modern application at runtime. Companies are adopting service mesh as a way to enhance Kubernetes, as it provides a toolbox of features that address various microservices challenges that modern enterprises are facing.

 

Get the Most Out of Your Service Mesh

Fill out the form below to get the free eBook "Getting the Most Out of Your Service Mesh" to keep learning about what a service mesh can do to help, and how to get the most out of it.




3 Ways Service Mesh Helps DevOps

3 Ways Service Mesh Helps DevOps Teams

How exactly can a service mesh help DevOps teams? Our three co-founders were each recently interviewed by The New Stack Maker’s podcast, where they each addressed how service mesh can help DevOps teams. Below are some key takeaways that we hope will be useful for your team. 

1. Istio Boosts Engineering Efficiency 

In the first of this three-part podcast series, Neeraj Poddar, Aspen Mesh’s Chief Architect and Dan Berg, IBM Cloud’s Distinguished Engineer, discussed how the core capabilities of Istio can make engineering teams more efficient.

Microservices have provided new benefits for organizations, including better security and increased uptime, but on the flip side, there is also added infrastructure complexity. Service meshes like Istio have emerged as a way to provide better management of this complexity at scale. The core capabilities of the Istio service mesh—connection, security, control, and observability—help make engineering teams more efficient in many ways, and especially when it comes to running multicluster applications. “It’s a natural evolution to fit where we are today with cloud native applications based on containers,” Berg said. 

Providers like Aspen Mesh also play a role in helping DevOps teams take advantage of Istio’s traffic management, security, and general networking capabilities, said Berg. “Generally speaking, there are traffic management capabilities and things like that a developer would use, because you’re defining your routes and characteristics specific to your application, as well as the rollout of your deployment,” Berg said.

The future of Istio in terms of how it builds upon running multicluster applications on Kubernetes should include evolving to “talk to the language of applications,” Poddar said. “That’s where the real value will kick in and service mesh will still be a key player there, but it will be a part of an ecosystem where other pieces are also important and all of them are giving that information and we are correlating it,” Poddar said. “We’re still very early, as people are just getting used to understanding service meshes. So telling them that we need to coordinate all of this information in an automated way is scary — but we will get there.”

Listen to the podcast here.

 

2. The Importance of Knowing When You Need a Service Mesh 

In the second part of the series, Aspen Mesh’s CTO, Andrew Jenkins, and Tetrate’s Founding Engineer, Zack Butcher, talked about how service mesh is the gateway to cloud migration, and when you do—or don’t—need a service mesh.

A service mesh helps organizations migrate to cloud native environments by bridging the management gap between on-premises data center deployments to containerized-cloud environments. Once implemented, a service mesh relieves the complexity of this process. And for many DevOps team members, the switch to a cloud native environment and Kubernetes cannot be done without a service mesh.

In a typical environment split between on-premises servers and multicloud deployments, a service mesh provides the “common substrate,” by enabling “communication of those components that need to communicate across these different environments,” Butcher said.

There are also some cases where a service mesh may not be needed for DevOps. “I don’t think it’s honest to say, ‘hey, everybody absolutely must use this new thing,’” Jenkins said. “There are actually problems where you don’t need Kubernetes and you may not need containers at all or if you look at serverless, for example.”

As organizations consider which technologies to adopt in order to meet their software development and deployment goals, there are many tools and solutions to choose from. Ultimately, organizations are turning to service meshes as an answer for “not just a deployment problem,” but as a way to “integrate all the pieces together” during a cloud native journey, explained Jenkins.

Listen to the podcast here.

 

3. Service Mesh Amplifies Business Value 

Shawn Wormke, Aspen Mesh VP and General Manager, and Tracy Miranda, CloudBees Director of Open Source Community, met with the TNS team to discuss how exactly a service mesh can amplify business value for organizations in the third and final installment of this three-part podcast series.

Service meshes are increasingly providing DevOps teams with new ways to gain observability into the events that cause application deployment and management problems. Ideally, a service mesh should also help DevOps teams determine who should take the appropriate actions.

“What we’ve seen with our customers is they want to move [the maintenance work] down underneath the application, and let the application owners really focus on business-value code,” said Wormke. “They also want to let the operations team that is the ‘Ops’ part of DevOps really work on providing them the tooling and the common infrastructure it takes to run those things in production in a large enterprise environment.”

Service meshes offer powerful capabilities that teams can exploit, once they get past the learning curve. “We just need an easy way to get [service meshes] into folks’ hands and help them steer clear of the pitfalls so that they can get to all the real magic that you can start to do once you’ve got this orchestration and all these things connected,” said Miranda. “You can start to do pretty clever things.”

Listen to the podcast here.


What Are Companies Using Service Mesh For?

We recently worked with 451 Research to identify current trends in the service mesh space. Together, we identified some key service mesh trends and patterns around how companies are adopting service mesh, and emerging use cases that are driving that adoption. Factors driving adoption include how service mesh automates and bolsters security, and a recognition of service mesh observability capabilities to ease debugging and decrease Mean Time To Resolution (MTTR). Check out this video for more from 451 Research's Senior Analyst in Application and Infrastructure Performance, Nancy Gohring, on this topic:

Who’s Using Service Mesh 

According to data and insights gathered by 451 Research, service mesh already has significant momentum, even though it is a young technology. Results from the Voice of the Enterprise: DevOps, Workloads & Key Projects 2020 survey tell us that 16% of respondents had adopted service mesh across their entire IT organizations, and 20% had adopted service mesh at the team level. Outside of those numbers, 38% of respondents also reported that they are in trials or planning to use service mesh in the future. As Kubernetes dominates the microservices landscape, the need for a service mesh to manage layer 7 communication is becoming increasingly clear. 

451 Research Service Mesh Adoption

In tandem with this growing adoption trend, the technology itself is expanding quickly. While the top driver of service mesh adoption continues to be supporting traffic management, service mesh provides many additional capabilities beyond controlling traffic. 451 found that key new capabilities the technology provides includes greatly enhanced security as well as increased observability into microservices.

Service Mesh and Security

Many organizations—particularly those in highly regulated industries such as healthcare and financial services—need to comply with very demanding security and regulatory requirements. A service mesh can be used to enforce or enhance important security and compliance policies more consistently, and across teams, at an organization-wide level. A service mesh can be used to:

  • Apply security policies to all traffic at ingress, and encrypt traffic using mTLS traveling between services
  • Add Zero-Trust networking
  • Govern certificate management for authenticating identity
  • Enforce level of least privilege with role-based access control (RBAC)
  • Manage policies consistently, regardless of protocols and runtimes 

These capabilities are particularly important for complex microservices deployments, and allow DevOps teams to ensure a strong security posture while running in production at global scale. 

Observability and Turning Your Data into Intelligence

In addition to helping enterprises improve their security posture, a service mesh also greatly improves observability through traces and metrics that allow operators to quickly root cause any failures and ensure resilient applications. Enabling the rapid resolution of performance problems allows DevOps teams to reduce mean time to resolution (MTTR) and optimize engineering efficiency

The broader market trends around observability and advanced analytics with open source technologies are also key to the success of companies adopting service mesh. There are challenges around managing microservices environments, and teams need better ways of identifying the sources of performance issues in order to resolve problems faster and more efficiently. Complex microservices-based applications generate very large amounts of data. Many open source projects are addressing this by making it easier for users to collect data from these environments, and advancements in analytics tools are enabling users to extract the signal from the noise, quickly directing users to the source of performance problems. 

Overcoming this challenge is why we created Aspen Mesh Rapid Resolve. It allows users to see any configuration or policy changes made within Kubernetes clusters, which is almost always the cause of failures. The Rapid Resolve timeline view makes it simple for operators to look back in time to pinpoint any changes that resulted in performance degradation. 

Aspen Mesh Rapid Resolve

This enables Aspen Mesh users to identify root causes, report actions and apply fixing configurations all in one place. For example, the Rapid Resolve suite offers many new features including:

  • Restore: a smarter, machine-assisted way to effectively reduce the set of things an operator or developer has to look through to find the root cause of failure in their environment. Root causing in distributed architectures is hard. Aspen Mesh Restore immediately alerts engineers to any performance outside acceptable thresholds and makes it obvious where any configuration, application or infrastructure changes occurred that are likely to be breaking changes.
  • Replay: a one-stop shop for application troubleshooting and reducing time to recovery. Aspen Mesh Replay gives you the current and the past view of your cluster state, including microservices connectivity, traffic and service health, and relevant events like configuration changes and alerts along the way. This view is great for understanding and diagnosing cascading failures. You can easily roll back in time and detect where a failure started. It's also a good tool for sharing information in larger groups where you can track the health of your cluster visually over time.

The Future of Service Mesh

Companies strive for stability with agility, which allows them to meet the market and users where they are, and thrive even in an uncertain marketplace. According to 451 Research,

“Businesses are employing containers, Kubernetes and microservices as tools that allow them to more quickly respond to customer demands and competitive threats. However, these technologies introduce new and potentially significant management challenges. Advanced organizations have turned to service mesh to help solve some of these problems. Service mesh technology can remove infrastructure burdens from developers, enabling them to focus on creating valuable application features rather than managing the mechanics of microservices communications. But managing the communications layer isn’t the only benefit a service mesh brings to the table. Increasingly, users are recognizing the role service meshes can play in collecting and analyzing important observability data, as well as their ability to support security requirements.”

The adoption of containers, Kubernetes and service mesh is continuing to grow, and both security and observability will be key drivers that increase service mesh adoption in the coming years.

 


what is service mesh

What’s a Service Mesh?

What is a service mesh? It’s an infrastructure layer that helps you manage the communication between your microservices.

What is a service mesh

Designed to handle a high volume of service-to-service communications using APIs, a service mesh ensures that communication among your containerized application services is fast, reliable and secure. 

A service mesh helps address many of the challenges that arise when your application is being consumed by your end users. The ability to monitor what services are communicating with each other, knowing if those communications are secure, and being able to control the service-to-service communication in your clusters is key to ensuring your applications are running securely and resiliently. You can think about service mesh as being the lexicon, API and implementation around the next tier of communication patterns for microservices.

Service Mesh Capabilities and Patterns

Some of the capabilities that a service mesh provides include service discovery, load balancing, encryption, observability, traceability, authentication and authorization, and the ability to control policy and configuration in your Kubernetes clusters. 

A service mesh sits at Layer 7, managing and securing traffic between your network and application, unlocking some patterns essential for healthy microservices. Some of these patterns include:

  • Zero-trust security that doesn’t assume a trusted perimeter
  • Tracing that shows you how and why every microservice communicated with another microservice
  • Fault injection and tolerance that lets you experimentally verify the resilience of your application
  • Advanced routing that lets you do things like A/B testing, rapid versioning and deployment and request shadowing

Check out these FAQs for answers to more general questions.

 

What Does a Service Mesh Provide?

A service mesh keeps your company’s services running the way they should. Service meshes designed for the enterprise, like Aspen Mesh, gives you all the observability, security and traffic management you need — plus access to configuration and policy patterns and expert support, so you can focus on adding the most value to your business.

A service mesh can provide many benefits: Security, reliability, observability, engineering efficiency/reduced burden, more holistic insights, operational control, and better tools for your DevOps team. The four main benefits that a service mesh provides include:

  1. Observability: A service mesh takes system monitoring a step further by providing observability. Monitoring reports overall system health, while observability focuses on highly granular insights into the behavior of systems along with rich context. 
  2. Security: A service mesh provides security features aimed at securing the services inside your network and quickly identifying any compromising traffic entering your cluster. 
  3. Operational control: A service mesh allows security and platform teams to set the right macro controls to enforce access controls, while allowing developers to make customizations they need to move quickly within these guardrails.
  4. A better user experience: A service mesh removes the burden of managing infrastructure from the developer, and provides developer-friendly features. But on top of that, the security and reliability that you get from a service mesh creates a smoother, better experience for your end users while they're using your systems or application. Building trust with your customers is invaluable.

Service mesh is new enough that codified standards have yet to emerge, but there is enough experience that some best practices are becoming clear. As early adopters develop their own approaches, it is often useful to compare notes and distill best practices. We’ve seen Kubernetes emerge as the standard way to run containers for production web applications. Standards are emergent rather than forced: It’s definitely a fine art to be neither too early nor too late to agree on common APIs, protocols and concepts.

 

When Do You Need a Service Mesh?

A service mesh provides a great way to help you manage microservices. But how do you know when it's the right time to adopt one? The answer is that it depends on your needs, but many companies we've worked with start needing a service mesh when they run into one or a combination of three things:

  1. You’re starting to run too many microservices for you to effectively manage based on team size or skills
  2. You want to free up application developers from managing infrastructure so they can spend more time adding business value to applications
  3. Your’e scaling or committed to scaling applications on Kubernetes

So how do you make sure that you and your end users get the most out of your applications and services? You need to have the right kind of access, security and support. If that’s true, then you’ve probably realized that microservices come with their own unique challenges, such as: 

  • Increased surface area that can be attacked 
  • Polyglot challenges 
  • Controlling access for distributed teams developing on a single application 

These are all scenarios where a service mesh shines. Service meshes are great at solving operational challenges and issues when running containers and microservices because they provide a uniform and highly observable way to secure, connect and monitor microservices. 

On a broader tech landscape level, we’ve been thinking about how microservices change the requirements from network infrastructure for a few years now. The swell of support and uptake for Istio demonstrated to us that there’s a community ready to develop and coalesce on policy specs, with a well-architected implementation to go along with it.

Thanks for reading! Check out Service Mesh University to learn more about service mesh at your own pace through an on-demand, video series.


Service Mesh University

Service Mesh University

We're Excited to Launch Service Mesh University

There’s a lot of talk -- and even more questions -- about service mesh these days.

Service Mesh University

What is it? Do you really need it? Who should own it? How do you get it running? Will it play nicely with your tech stack? How do you know it's working? How is it evolving?

Service mesh can be complex, so that’s why we’ve created Service Mesh University (SMU). This series of seven short classes enables you to find the answers to these questions, on-demand, at your own pace.

Each class is hosted by a different Aspen Mesh 'meshpert' and is tailored to each topic. In addition, transcripts of the videos, an outline and summary of each class, and extra links and materials where you can find additional related information is posted along with each video for you to take with you.

Why SMU?

Since 2017, Aspen Mesh has been at the forefront of service mesh technology. Aspen Meshers come from a myriad of startups and some of the most recognizable companies in the world, but the one thing we all have in common is a history of solving complex engineering and infrastructure challenges. Our engineers are experts in Istio, Envoy and Kubernetes, and we can help you get the most out of containerized applications. And we don't want to keep all that expertise to ourselves!

As a team intent upon driving improved operations through smarter and more efficient infrastructure, that is also reliable and easy to operate, we hope this new video collection helps you to learn how a service mesh can help you.

What You'll Learn

Class 101: Intro to Service Mesh (with Zach Jory and Rose Sawvel)

  • Learn what a service mesh is
  • Discover the basics of how a service mesh works
  • Explore functionality a service mesh provides

Class 201: Foundations of Service Mesh (with Shawn Wormke)

  • Learn about the service mesh landscape
  • Discover how a service mesh can help your team and your end users
  • Explore prerequisites you’ll need before getting started with a service mesh

Class 301: Service Mesh Architectures (with Andrew Jenkins)

  • Find out more about service mesh as the next tier of communication patterns for microservices
  • Learn about the Istio architecture and how it improves Kubernetes
  • Discover the different service mesh components and how they operate
  • See how service mesh enables more efficient engineering processes

Class 401: Security, Reliability, and Observability (with Granville Schmidt)

  • Learn about security, reliability and observability
  • Discover the power that a service mesh provides by combining these three elements

Class 501: Setting Up Your Service Mesh (with Jacob Delgado)

  • Learn about what you need before you start setting up the Aspen Mesh service mesh
  • Walk through how to set it up
  • Discover what it helps you do

Class 601: Maintaining and Improving Your Service Mesh (with Michael Davis)

  • Learn about common issues to watch out for when operating a service mesh
  • Discover best practices for keeping your service mesh up to date
  • Find out about integrations with other tools that could have an impact on how you use your service mesh

Class 701: The Future of Service Mesh (with Neeraj Poddar)

  • Learn about where service mesh is headed
  • Discover what that means for you if you’re already using a service mesh
  • Find out how technologies like service mesh are helping companies deliver greater value to their end users

We hope you'll join us to learn more about service mesh!

Please fill out the form below to access the classes.




digital transformation

Digital Transformation: How Service Mesh Can Help

Your Company’s Digital Transformation

It’s happening everywhere, and it’s happening fast. In order to meet consumers head on in the best, most secure ways, enterprises are jumping on the digital transformation train (check out this Forrester report). 

Several years ago, digital transformations saw companies moving from monolithic architectures towards microservices and Kubernetes, but service mesh was in its infancy. No one knew they'd need something to help manage service-to-service communication. Now, with increasing complexity and demands coupled with thinly-stretched resources or teams without service mesh expertise, supported service mesh is becoming a good solution for many--especially for DevOps teams.

Service Mesh for DevOps

"DevOps" is a term used to describe the business relationship between development and IT operations. Mostly, the term is used when referring to improving communication and collaboration between the two teams. But while Dev is responsible for creating new functionality to drive business, Ops is often the unsung--but extremely important--hero behind the scenes. In IT Ops, you’re on the hook for strategy development, system design and performance, quality control, direction and coordination of your team all while collaborating with the Dev team and other internal stakeholders to achieve your business’s goals and drive profitability. Ultimately, it’s the Dev and Ops teams who are responsibility to ensure that teams are communicating effectively, systems are monitored correctly, high customer satisfaction is achieved and projects and issue resolution are completed on time. A service mesh can help with this by enabling DevOps.

Integrating a Service Mesh: Align with Business Objectives

As you think about adopting a service mesh, keep in mind that your success over time is largely dependent on aligning with your company’s business objectives. Sharing business objectives like these with your service mesh team will help to ensure you get--and keep--the features and capabilities that you really need, when you need them, and that they stay relevant.

What are some of your company’s business objectives? Here are three we’ve identified that a service mesh can help to streamline:

1. Automating More Process (i.e. Removing Toil)
Automating processes frees up your team from mundane tasks so they can focus on more important projects. Automation can save you time and money.

2. Increasing Infrastructure Performance
Building and maintaining a battle-tested environment is key to your end users experience, and therefore churn or customer retention rates and your company’s bottom line.

In addition, much of your time is spent developing strategies to monitor your systems and working through issue resolution as quickly as possible--whether issues pop up during the workday, or in the middle of the night. Fortunately, because service mesh come with observability, security and resilience features, it can help alleviate these responsibilities, decreasing MTTD and MTTR.

3. Maintaining Delivery to Customers
Reducing friction in the user experience is the name of the game these days, so UX and reliability are key to keeping your end users happy. If you’re looking at a service mesh, you’re already using a microservices architecture, and you’re likely using Kubernetes clusters. But once those become too complex in production--or don’t have all the features you need-- it’s time to add a service mesh into the mix. Service mesh’s observability features like cluster health monitoring, service traffic monitoring, easy debugging and root cause identification with distributed tracing help with this. In addition, an intuitive UI is key to surfacing these features in a way that is easy to understand and manipulate, so make sure you’re looking at a service mesh that’s easy for your Dev team to use. This will help provide a more seamless (and secure) experience for your end users.

Evolution; Not Revolution

How do you actually go about approaching the process of integrating a service mesh? What will drive success is for you to have agility and stability. But that can be a tall order, so it can be helpful to approach integrating a service mesh as evolution, rather than revolution. Three key areas to consider while you’re evaluating a service mesh include:

  1. Mitigating risk
  2. Production readiness
  3. Policy frameworks

Mitigating Risk
Risk can be terrifying, so it’s imperative to take steps to ensure that risk is mitigated as much as possible. The only time your company should be making headlines is because of good news. Ensuring security, compliance, and data integrity is the way to go. With security and compliance at top of mind for many, it’s important to address security head on. 

With a well-designed enterprise service mesh, you can expect plenty of security, compliance and policy features so it’s easy for your company to get a zero-trust network. Features can include anything from ensuring the principle of least privilege and secure default settings to technical features such as fine-grained RBAC and incremental mTLS.

Production Readiness
Your applications are ready to be used by your end users, and your technology stack needs to be ready too. What makes a real impact here is reliability. Service mesh features like dynamic request routing, fast retries, configuration vetters, circuit breaking and load balancing greatly increase the resiliency of microservice architectures. Support is also a feature that some enterprises will want to consider in light of whether service mesh expertise is a core in-house skill for the business. Having access to an expert support team can make a tremendous difference in your production readiness and your end users’ experiences.

Policy Frameworks
While configuration is useful for setting up how a system operates, policy is useful in dictating how a system responds when something happens. With a service mesh, the power of policy and configuration combined provides capabilities that can drive outcome-based behavior from your applications. A policy catalog can accelerate this behavior, while analytics examines policy violations and understands the best actions to take. This improves developer productivity with canary, authorization and service availability policies.

How to Measure Service Mesh Success

No plan is complete without a way to measure, iterate and improve your success over time. So how do you go about measuring the success of your service mesh? There are a lot of factors to take into consideration, so it’s a good idea to talk to your service mesh provider in order to leverage their expertise. But in the meantime, there are a few things you can consider to get an idea of how well your service mesh is working for you. Start by finding a good way to measure 1) how your security and compliance is impacted, 2)  how much you’re able to change downtime and 3) differences you see in your efficiency.

Looking for more specific questions to ask? Check out the eBook, Getting the Most Out of Your Service Mesh for ideas on the right questions to ask and what to measure for success.