Service Mesh Policy: The Best Way to Control and Secure Microservices Applications

A policy can make or break your application

Picture this:

You’re the director of engineering at an enterprise organization. You have had a successful career managing small engineering teams and you’re now balancing the demands of managing an engineering organization with the demands of contributing to overall planning and strategy as part of senior staff.

You see a future with your company where you can grow your influence by more closely tying your organization’s work to the bottom line of the business. You have many responsibilities, including ensuring that your team is able to deliver well-behaved, resilient and intuitive applications that provide amazing user experiences.

Your policies are critical as they specify how your application responds after an action. When your policy works well, your stakeholders are happy.  Sometimes, policies are guardrails: the mistakes of engineers can’t cause failures on the user side. They could be optimizers: automatically run clusters where it’s cheapest. They could fix or mitigate faults: when an enhanced shopping cart is unhealthy, use the basic cart instead.  Security policy, access policy, scheduling policy - many different kinds, but they all encode what response should happen automatically when some event occurs.

When your policy doesn’t work well? Problems ensue - creating more work for your team, problems for your end users or cause you to be in the news for an outage or breach.

Agility + Stability = Win

It’s no secret that agility is a company’s number one business advantage. It’s the catalyst for digital transformation, causing companies to define new ways of working. Sound familiar? The need to stay agile is why companies like yours are looking to develop new architectures and embrace microservices and container technologies like Kubernetes and Istio.

Fun facts:

56%

are already employing containers

69%

are executing digital transformation leveraging containers in order to meet increasing customer demands

But we all know that agility alone won’t help your company reach its goals. Agility + stability will be your number one competitive advantage. When you’re able to meet evolving customer needs (while staying out of the news for downtime and security breaches), your competitors will be eating your dust.

Service Mesh Policy

The result of companies embracing DevOps and microservice architectures is that teams can move faster and more autonomously than ever before.  While that means faster time to market for applications, it also means more risk to the business.

So, who’s on the hook for understanding and managing the company’s security and compliance requirements? You’ve got it – application teams that generally don’t have the experience or desire to take on this burden.

The good news is service mesh allows you to remove the infrastructure burden from application teams and let platform operators handle it. Service mesh policy allows you to make disparate, ephemeral microservices act as a resilient system through controlling how services communicate with each other and external systems. It also allows engineers to easily implement policies that can be mapped to application behavior outcomes, making it easy to ensure great end user experiences.

How Aspen Mesh Can Improve Your Policies

We’re assuming you’re familiar with Istio, the industry standard open source service mesh. Aspen Mesh is built on Istio. It lets you configure custom policies for your application to enforce rules at runtime such as:

Circuit breaking and fast retries for added resiliency

Rate limiting to dynamically limit the traffic to a service

Denials, whitelists, and blacklists, to restrict access to services

What you may or may not know is that Istio policy is powerful, but, unless you’re an expert, it can be a pain in the neck to get right. That’s where we come in. We simplify how you create and enforce Istio policy through the Aspen Mesh policy framework. This helps you securely and efficiently deploy microservices applications while limiting risk and unlocking DevOps productivity. Our superpower? The ability to synthesize business-level goals, regulatory or legal requirements, operational metrics, and team-level rules into high performance service mesh policy that sits adjacent to every application. And yep, it easily integrates with your development tools and workflows.

Making Policy Easier to Manage

Many companies cope with the headache of specifying policy in several different places using many different tools. This adds risks around failures in compliance, increases the effort to modify policies, and creates challenges in ensuring policies are both correct and applied appropriately to applications. Aspen Mesh relieves that pain, making it easy to create, test, review and improve policy – even when it includes contributions from many different roles in an organization.

To get a bit granular, Aspen Mesh builds on the Istio policy features set by providing:

  • An advanced policy framework that allows users to describe business goals that are enforced in the application’s runtime environment
  • A policy catalogue developed and tested by industry experts that makes it easy to implement policies without having to build them yourself 
  • Role based policy management that enables teams within organizations to create, and apply policies according to their needs
  • Streamlined application deployment packages that provide a uniform approach to API authentication and authorization with JWTs, mutual TLS, and secure ingress. 
  • Deploying and scaling applications globally obeying your compliance rules and business-driven cost optimization goals.
  • Integration into GitOps workflows and the Aspen Mesh graphical user interface.
Take Aspen Mesh for a Test Drive

Aspen Mesh is the simple, production-ready service mesh. Start your 30-day free trial to find out what it can do for you.

Start Your Trial