4. Business Drivers for Application Modernization
Reduce Costs
/ Shift Capex
to Opex
Access to
Innovation
Increase flexibility
and Capacity
of Infrastructure
Increase Velocity of
Development
Reduce Risk
Monolithic Microservices
5. The Way We Build Applications
Monolithic
On-Prem
Built on
a VM+OS
Large Teams
Microservices
Cloud
Built on
Kubernetes
Agile Teams
6. Challenges with Microservices
● How to observe interactions among
services?
● How to secure service to service
communication?
● How to manage transient failures?
● How to control traffic?
11. Why Envoy for Service Mesh Data Plane
● Neutral Foundation (CNCF)
● Large, diverse, vibrant community
● Built ground up for dynamic services
environment
● Dynamic configuration, driven by API
● Highly extensible
● L7 filters (HTTP/1, HTTP/2, gRPC,
redis, mysql, Kafka, etc)
● Deep signals telemetry out of the box
● Versatile deployment options
12. Istio - Open Source Service Mesh
2017
Istio Launched
Data Plane
Enhancements
2019-20
7 New Community Releases
1000s Production Users
~ 1000 Community Contributors
2022
CNCF
2019-2022
21. Network Security in Kubernetes
Default State
!!!
Desired State
“Zero Trust Security”
22. DIY … Whoops !
○ 81% of companies experienced a certificate-related outage in the
past two years
○ 65% are concerned about the increased workload and risk of outages
caused by shorter SSL/TLS certificate lifespans.
○ Human error was a major contributing factor in 95% of breaches
24. Resiliency - There will be Failures
Common Mitigations
● Waiting indefinitely is bad
● Trying again is good
● Degrade gracefully when services are
overwhelmed
32. Life without ServiceMesh `vs` Life with ServiceMesh
Business Logic
Security Logic
Traffic Management Logic
Golden Metrics/
Observability Logic
Resiliency Logic
Managed by
Developer
- Multiple Tasks
- Multiple Frameworks
- Language Specific
- Poor Dev Experience
- 100s of Manual Steps
Business Logic
Security Logic
Traffic Management Logic
Golden Metrics/
Observability Logic
Resiliency Logic
Managed by
Developer
- Focus on Biz Logic
- Developer Productivity
Managed by
ServiceMesh
- Automated Workflow
- Deploy Consistent
Infrastructure Layer
- Eliminate Language
Specific Libraries
- Consistent Security &
Observability across LOBs
Before Service Mesh After Service Mesh
Microservice App Microservice App
34. Istio Ambient Mesh (Sidecar-less Architecture)
A recent, open source contribution to the Istio project,
that defines a new sidecar-less data plane.
Improve
Performance
Simplify
Operations
Cost
Reduction
https://istio.io/latest/blog/2022/introducing-ambient-mesh/
38. ● the Istio Ingress Gateway doesn’t provide the capabilities of an enterprise API
gateway
● It’s complex to use and to manage, especially in a multi-cloud context
● mTLS across the clusters
● Lifecycle management for control planes and istio gateways
● Global Observability (centralized metrics and access logging)
● Long term support
Something to think about …