Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

[WSO2 API Day Toronto 2019] Extending Service Mesh with API Management

44 views

Published on

In this deck, we discuss how to augment service mesh functionality with API management capabilities, so you can create an end-to-end solution for your entire business functionality — from microservices to APIs, to end-user applications.

Published in: Technology
  • Be the first to comment

[WSO2 API Day Toronto 2019] Extending Service Mesh with API Management

  1. 1. Extending Service Mesh with API Management Laslo Pastor Associate Director/Solutions Architect
  2. 2. Agenda: ● Evolution of Applications ● Why microservice architecture? ● Challenges with microservices? ● Why Service Mesh? ● Why API Management? ● WSO2 API Manager with Istio / Demo
  3. 3. Evolution of Applications Disaggregated architectures drive 50 billion endpoints to grow >1 trillion CONSUMER DEMAND SUPPLIERS DISAGGREGATE ARCHITECTURE TO MEET DEMAND 1 10 102 103 105 109 MONOLITHIC BUSINESS APP ENTERPRISE APPS DEPARTME NTAL APPS SAAS APPS PUBLIC / PRIVATE APIS 1970s | MAINFRAME 1980s | IT AWAKENING 1990s | INTERNET 2000s | MOBILE 2010s | IoT/AI 2020+ | DIGITAL NATIVE SERVERLESS & MICROSERVICES
  4. 4. What is Microservices Architecture? ● Microservice architectural style is an approach to developing a single application as a suite of small services. ● Each running in its own process and communicating with lightweight mechanisms. ● These services are built around business capabilities. ● Independently deployable by fully automated deployment machinery.
  5. 5. Why Microservices Architecture? ● Individual components. Running, testing, deploying individually. ● Agility, flexibility and speed to market. ● Adapt microservice development for fast innovation. ● Smaller teams, agile software development life cycles. ● Freedom to use heterogeneous technologies, early feedback cycles.
  6. 6. Challenges with Microservices
  7. 7. ● Network resiliency (retry, failower, circuit breaker) ● Governance overhead in orchestration (multi language libs) ● Service discovery (no hard coded endpoints) ● Disaggregation of architecture increases number of endpoints ● Secure communication (zero tolerance) ● Analytics, tracing, monitoring (Observability) ● Risk of new releases (roll out new version - Canary deployment) Challenges with Microservices
  8. 8. 8 assumptions of distributing computing: 1. Network is reliable 2. Latency is zero 3. Bandwidth is infinite 4. Network is secure 5. Topology does not change 6. There is one administrator 7. Transport cost is zero 8. Network is homogeneous
  9. 9. How Can this be Solved?
  10. 10. Service Mesh A service mesh is a dedicated infrastructure layer that controls service-to-service communication over a network. It provides a method in which separate parts of an application can communicate with each other. source:techtarget.com
  11. 11. Istio is an open source service mesh implementation which provides behavioral insights and operational control over the service mesh as a whole, offering a complete solution to satisfy the diverse requirements of microservice applications. Istio
  12. 12. Istio Component Overview ● Mixer enforces access control and usage policies across the service mesh, and collects telemetry data from the Envoy proxy and other services. ● Pilot provides service discovery for the Envoy sidecars, traffic management capabilities for intelligent routing, and resiliency. ● Citadel enables strong service-to-service and end-user authentication with built-in identity and credential management.
  13. 13. Istio Component Overview Istio Architecture (source — https://istio.io/docs/concepts/what-is-istio/)
  14. 14. API vs APIM
  15. 15. Demo
  16. 16. User Story
  17. 17. User Story
  18. 18. Type Service Mesh API Management Routing L3/L4 HTTP, GRPC, GraphQL Security Service identity and mTLS User/App Authentication and Authorization(OAuth / JWT) Analytics Service operational analytics Business and developer focus analytics Rate Limiting RPC level rate limiting Business related rate limiting Personas and Portal DevOps portals Publisher, Developer, CXO portal
  19. 19. ● When users need to expose microservices services to outside in a secured and a controlled manner. ● When fine grained security should be enforced on APIs exposed. ● When stats need to be collected on API usage for monetization and billing. ● When it is required to offer a marketplace for APIs for easy discovery and adoption. When is API Management required in a Service Mesh
  20. 20. Istio + WSO2 API Manager Istio Architecture (source — https://istio.io/docs/concepts/what-is-istio/) WSO2 Mixer Adaptor Separately Hosted WSO2 API Manager
  21. 21. Servicemesh and API Management
  22. 22. Steps Involved
  23. 23. Artifacts to Istio
  24. 24. JWT Validation Process
  25. 25. JWT Token Validation Process
  26. 26. OAuth 2.0 Validation Process
  27. 27. Analytics Process
  28. 28. API Analytics
  29. 29. What’s Coming Up In The Future ● API usage analytics from API Manager. ● Automated binding creation and deployment to Istio. ● Monetization on usage. ● Throttling and rate limiting of APIs.
  30. 30. WSO2 - Istio adapter https://github.com/wso2/istio-apim/tree/1.0 Demo code - https://github.com/pubudu538/microservices-samples
  31. 31. THANK YOU wso2.com

×