Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

[WSO2 API Day Chicago 2019] Extending Service Mesh with API Management

39 views

Published on

In this deck, we discuss how to augment service mesh functionality with API management capabilities, so you can create an end-to-end solution for your entire business functionality — from microservices to APIs, to end-user applications.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

[WSO2 API Day Chicago 2019] Extending Service Mesh with API Management

  1. 1. Extending Service Mesh with API Management Nirmal Fernando Senior Lead Solutions Engineer
  2. 2. Agenda: • Evolution of Applications • Why microservice architecture? • Challenges with microservices? • Why Service Mesh? • Why API Management? • WSO2 API Manager with Istio / Demo
  3. 3. Evolution of Applications Disaggregated architectures drive 50 billion endpoints to grow >1 trillion CONSUMER DEMAND SUPPLIERS DISAGGREGATE ARCHITECTURE TO MEET DEMAND 1 10 102 103 105 109 MONOLITHIC BUSINESS APP ENTERPRISE APPS DEPARTME NTAL APPS SAAS APPS PUBLIC / PRIVATE APIS 1970s | MAINFRAME 1980s | IT AWAKENING 1990s | INTERNET 2000s | MOBILE 2010s | IoT/AI 2020+ | DIGITAL NATIVE SERVERLESS & MICROSERVICES
  4. 4. What is Microservices Architecture? ● Architectural and organizational approach to software development ● Designed to speed-up deployment cycles, foster innovation and ownership, improve maintainability and scalability ● Composed of small independent services, each of which is built around a single business capability ● Services are owned by small self-contained teams
  5. 5. Why Microservices Architecture? ● Agility - small independent teams are empowered to work independently and quickly, thus shortening the cycle times ● Innovation - teams can act autonomously and choose appropriate technologies, frameworks and low cost of failure ● Quality - dividing into small well-defined modules improves reusability, composability and maintainability of code ● Scalability - fine-grained decoupling of microservices allows you to horizontally scale each service independently from each other ● Availability - easier to implement failure isolation, thus improve the overall availability of your application
  6. 6. Challenges with Microservices
  7. 7. • Network resiliency (retry, failover, circuit breaker) • Architectural complexity (complexity in interactions) – service discovery – service authentication • Operational complexity – Analytics, tracing, monitoring (Observability) – How to deploy a new version of a service (roll out new version - Canary deployment) Challenges with Microservices
  8. 8. How to address these challenges?
  9. 9. Service Mesh A service mesh is a dedicated infrastructure layer that controls service-to-service communication over a network. It provides a method in which separate parts of an application can communicate with each other. source:techtarget.com
  10. 10. Istio is an open source service mesh implementation which provides behavioral insights and operational control over the service mesh as a whole, offering a complete solution to satisfy the diverse requirements of microservice applications. Istio
  11. 11. Istio Component Overview • Pilot is responsible for configuring the data plane, defining basic proxy behaviour, providing service discovery for the Envoy sidecars, traffic management capabilities for intelligent routing, and resiliency. • Mixer can respond to various queries from the data plane such as authorization, access control or quota checks, and collects telemetry data from the Envoy proxy and other services. • Citadel enables strong service-to-service and end-user authentication with built-in identity and credential management. Allows you to build zero-trust environments.
  12. 12. Istio Component Overview Istio Architecture (source — https://istio.io/docs/concepts/what-is-istio/)
  13. 13. Demo
  14. 14. Type Service Mesh API Management Routing L3/L4 HTTP, GRPC, GraphQL Security Service identity and mTLS User/App Authentication and Authorization(OAuth / JWT) Analytics Service operational analytics Business and developer focus analytics Rate Limiting RPC level rate limiting Business related rate limiting Personas and Portal DevOps portals Publisher, Developer, CXO portal
  15. 15. • When users need to expose microservices services to outside in a secured and a controlled manner. • When fine grained security should be enforced on APIs exposed. • When stats need to be collected on API usage for monetization and billing. • When it is required to offer a marketplace for APIs for easy discovery and adoption. When is API Management required in a Service Mesh
  16. 16. Istio + WSO2 API Manager Istio Architecture (source — https://istio.io/docs/concepts/what-is-istio/) WSO2 Mixer Adaptor Separately Hosted WSO2 API Manager
  17. 17. Service Mesh and API Management
  18. 18. Artifacts to Istio
  19. 19. Demo https://github.com/nirmal070125/istio-ballerina-service-rollout
  20. 20. What just happened?
  21. 21. JWT Validation Process
  22. 22. JWT Token Validation Process
  23. 23. OAuth 2.0 Validation Process
  24. 24. Analytics Process
  25. 25. API Analytics
  26. 26. THANK YOU wso2.com
  27. 27. WSO2 - Istio adapter https://github.com/wso2/istio-apim/tree/1.0 WSO2 - Istio Web Page https://wso2.com/api-management/microservices/istio/

×