Why You Need a Service Mesh – InApps 2022

Aspen Mesh sponsored this post.

“Move fast and break things” may have worked for Facebook, but it’s a non-starter for most companies. Move fast? Yes. Break things? Not so much.

You’re probably working at a company that’s trying to balance the ability to move quickly — responding to customer needs in an ever-changing world — with the need to provide secure, reliable services that are always there when customers need them. You’re trying to achieve agility with stability and it’s why you may need a service mesh; a configurable infrastructure layer for a microservices application that helps make communication between service instances flexible, reliable, and fast.

We work with a variety of customers, from small startups to large enterprises, but they’re all deploying and operating microservices applications at scale. No matter the company size or industry, we tend to get three common requirements:

• I need to move quickly.
• I need to quickly identify and solve problems.
• I need everything to be secure.

Let’s explore these three needs, as we often hear about them from platform owners and DevOps leads who are building and running next-generation microservices platforms.

I Need to Move Quickly

This is where it all starts. You’re moving to microservices so that you can push code to your customers faster than your competition. This is how you differentiate and win in a market where the way you interact with your customers is through applications.

To win in these markets, you want your application developers focused on solving customer problems and delivering new application value. You don’t want them thinking about how they’re going to capture metrics for their app, or what library they’re going to use to make it more fault tolerant, or how they’re going to secure it. This is what you want your platform team solving — at scale — across your entire engineering organization.

A service mesh enables your platform team to implement organization-wide solutions like observability, advanced developer tooling, and security. This allows your application developers to focus on pushing the new features that will help you win in the market. Focus drives speed and a service mesh creates focus.

I Need to Be Able to Quickly Identify Problems and Solve Them

In breaking your monolith down into microservices, things get more complex. That becomes painfully obvious the first time you need to respond to a production issue and it takes hours of trolling through log files to even figure out where the problem occurred — let alone getting to solve it.

A service mesh can provide you with the metrics and observability you need to effectively identify, troubleshoot, and solve problems in your microservices environment. At the most basic level, you’ll get metrics, distributed tracing, and a service graph to work with. For more advanced implementations, you can visualize key configuration changes that correlate with changes in metrics and traces to rapidly identify the root causes of problems. Then you can start fixing it.

A service mesh also makes it easy to establish and monitor SLOs and SLIs (service level objectives and indicators) so that you can prioritize critical fixes and easily share system status with the team. With a service mesh, platform owners can more quickly identify the root cause and gain a better understanding of their environments. This enables more resilient architecting in the future, to prevent outages occurring at all.

I Need Everything to Be Secure

Security is table stakes. They may say that all publicity is good publicity, but you do not want to be in the news for a security breach. It’s an existential threat to your business and your career. Defense in depth is the way to go, and a service mesh provides a powerful set of security tools to accomplish this.

Firstly, you can encrypt all the traffic moving among your microservices with mutual TLS that’s easy to set up and manage. That way, should an attacker compromise your perimeter defenses, they’ll find it difficult to do much in a fully encrypted environment. Client and server-side encryption ensures common microservices vulnerabilities, such as man-in-the-middle attacks, are prevented.

Secondly, don’t just monitor all the traffic that’s entering and leaving your microservices environment. You need to also implement fine-grained RBAC that makes the principle of least privilege a reality in your environment. Admission controls and secure ingress allow platform operators to ensure that developers are following secure and compliant practices, and also make it easy for applications to communicate securely to the internet.

And thirdly, take advantage of the observability that a service mesh provides into the security posture of your microservices so that you have confidence everything is operating as expected.

If you’re working for a company that’s trying to walk the razor’s edge of agility with stability, check out service mesh. It provides a powerful set of tools that help you operate a platform where application developers move quickly, while relying on the platform to solve the observability, traffic management and security challenges that come with a modern microservices environment.

Feature image via Pixabay.