SlideShare ist ein Scribd-Unternehmen logo
1 von 39
Downloaden Sie, um offline zu lesen
Service Mesh
TWO BIG WORDS BUT DO YOU NEED IT?
| ©2020 F52
About Speaker
- 10 years working with distributed systems.
- Long time NGINX user, joined NGINX team early 2020
Ravi Vagadia - Solutions Engineer, F5 (NGINX BU)
@ravirdv
https://www.linkedin.com/in/ravi-vagadia/
| ©2020 F53
Agenda
• Modern Application Overview
• What is a Service Mesh?
• What does a Service Mesh solve?
• When do you need it?
| ©2020 F54
Modern Application Overview
| ©2020 F55
Kubernetes becoming platform
for developing, testing and
running applications
Traditional CI/CD products being retrofitted
to run on Kubernetes
Emergenceof Kubernetes-native CI/CD
tools for defining and running pipelines on
Kubernetes using native Kubernetes
constructs
Portability makes this particularly attractive
Kubernetes in production is
growing rapidly
NGINX Survey: about half of customers use
Kubernetes in production
CNCF 2019 survey: 84% use containers in
production
What we see in the market
KUBERNETES-CENTRIC PERSPECTIVE
SOURCE: INFORMATIONEXAMPLE
Adoption of managed and
commercial Kubernetes platforms
We see rapid adoption of OpenShiftand
Rancher in the private cloud space
EKS and GKE adoption in public cloud
42%
Actively using
Microservices
in Production
37%
Investigating
or using in
pre-production
NGINX User Survey 2018, 2019
Who is using Microservices in Production?
| ©2020 F57
ModernApps Require a ModernArchitecture
From Monolithic ... ... to Dynamic
Three-tier, J2EE-style architectures
Complex protocols (HTML, SOAP)
Persistent deployments
Fixed, static Infrastructure
Big-bang releases
Silo’ed teams (Dev, Test, Ops)
Microservices
Lightweight (REST, gRPC, GraphQL)
Containers, VMs, Functions
Infrastructure as Code
Continuous delivery
DevOps Culture
| ©2020 F58
Operating a distributed application is hard
Static, Predictable Monolith: Dynamic, Distributed App:
Fast, reliable function calls
Local debugging
Local profiling
Calendared, big-bang upgrades
‘Integration hell’ contained in dev
Slow, unreliable API calls
Distributed fault finding
Distributed tracing
In-place dynamic updates
‘Continuous integration’ live in prod
More things can go wrong, it’s harder to find the faults, everything happens live
| ©2020 F59
What’s In A Service Mesh!
| ©2020 F510
WHAT’S MISSING IN K8S AND WHAT DO YOU REALLY WANT AND NEED FROM A MESH?
What Is A Service Mesh?
Service mesh aims to improve application
traffic control, observability and security for
distributed systems.
- The New Stack
| ©2020 F511
L7 Logic (Ingress)
L3-L4 Networking
L3 – L7 Network
Management ==
Service Mesh
An Overly Simplified Picture
| ©2020 F512
WHAT’S MISSING IN K8S AND WHAT DO YOU REALLY WANT AND NEED FROM A MESH?
What Is A Service Mesh?
• A service mesh adds L7 traffic management & security:
• sidecar deployment
• policy management
• application availability/health,
• Service mesh isn’t just one “thing”, it’s a lot of managed and dependent
components
• Takes over where K8s networking stops (service/pod IP endpoints)
• “Traffic management for containers”
| ©2020 F513
What DoesA Service Mesh Do?
Service Mesh controls communications between pods and external apps
Secure Traffic
End-to-end encryption (Mutual TLS / mTLS), ACLs
Manage All Service Traffic
Load Balance, Circuit breaker, B|G, Rate Limiting…
Orchestration
Injection and sidecar management, K8s API integration
Measure Traffic
Generate transaction traces and real-time monitoring
| ©2020 F514
What Is A Sidecar?
A Sidecar is a containerized service that another containerized service
depends on for some function: “Helper Containers”
• Not just networking, can be used for any separationof process:API GW, logging, data mining, etc.
In our world, a Sidecar would be a reverse proxy that sits beside an
application service container (in the same pod) and provides all inbound and
outbound network routing to that application container
App Pod
| ©2020 F515
HowAre Sidecars Deployed?
Separate Container In The App Pod
• The separate container is attached to the app service container in a pod
• Networking in the app container is altered via a policy from the mesh that tells the app “You can only talk to
your sidecar for network access.”
• Policy and architecture are defined and orchestrated via the control plane,managed with a combo of
ConfigMap and control plane.
• A Service Mesh takes care of auto-associating the sidecar with the app container in the same pod via
Sidecar Injection
App Pod
| ©2020 F516
Use Cases – Securing InternalTraffic (mTLS)
Pod A Pod B
Pod A Pod B
NSM
Traffic Flow Without Service Mesh:
Traffic Flow With Service Mesh:
| ©2020 F517
Use Cases – Control Traffic Flow
Target-svc
Target-v1 Target-v2
0% 100%
| ©2020 F518
Use Cases – Telemetry | Tracing
Pod A
Pod B Pod C
| ©2020 F519
Service Mesh Policies
© 2017 F5 Networks
Network Policy
• Serviceto servicerouting
• Serviceavailability
• Servicediscovery
Access Policy
• IP allow/deny
• Allow/Deny
• JWT
Security Policy
• SSL/mTLSTermination
• DDoS
• WAF
E
F
THE MOST IMPORTANT (AND DIFFICULT) PART
| ©2020 F520
NSM Service Mesh
The “Data Plane” Service Mesh
| ©2020 F521
What is the NGINX Service Mesh?
Data Plane
East/West traffic
Control
Plane
Management
Plane
Infrastructure
Kubernetes VMware AWS Bare Metal
SVC SVCSVCSVCSVC SVC
Conf DbKubernetes Service Registry Inventory VMware, AWS… Inventory
| ©2020 F522
What is the NGINX Service Mesh?
Data Plane
East/West traffic
Control
Plane
Management
Plane
Infrastructure
Kubernetes VMware AWS Bare Metal
Conf DbKubernetes Service Registry Inventory VMware, AWS… Inventory
SVC SVCSVCSVCSVC SVC
| ©2020 F523
What is the NGINX Service Mesh?
Data Plane
East/West traffic
Control
Plane
Management
Plane
Infrastructure
Kubernetes VMware AWS Bare Metal
NGINX Service Mesh control plane
SVC SVCSVCSVCSVC SVC
Topology Policies
Conf DbKubernetes Service Registry Inventory VMware, AWS… InventoryCLI / API
$>_
| ©2020 F524
What is the NGINX Service Mesh?
Data Plane
East/West traffic
Control
Plane
Management
Plane
Infrastructure
Kubernetes VMware AWS Bare Metal
NGINX Service Mesh control plane Topology Policies
Conf DbKubernetes Service Registry Inventory VMware, AWS… Inventory
SPIRE
SVC SVCSVCSVCSVC SVC
CLI / API
$>_
| ©2020 F525
What is the NGINX Service Mesh?
Data Plane
East/West traffic
Control
Plane
Management
Plane
Infrastructure
Kubernetes VMware AWS Bare Metal
NGINX Service Mesh control plane Topology Policies
Conf DbKubernetes Service Registry Inventory VMware, AWS… Inventory
SPIRE Grafana OpenTracing
SVC SVCSVCSVCSVC SVC
CLI / API
$>_
| ©2020 F526
What is the NGINX Service Mesh?
Data Plane
East/West traffic
Control
Plane
Management
Plane
Infrastructure
Kubernetes VMware AWS Bare Metal
NGINX Service Mesh control plane Topology Policies
Conf DbKubernetes Service Registry Inventory VMware, AWS… Inventory
SPIRE Grafana OpenTracing
SVC SVCSVCSVCSVC SVC
CLI / API
$>_
NGINX
Ingress
NGINX
Egress
| ©2020 F527
What is the NGINX Service Mesh?
Data Plane
East/West traffic
Control
Plane
Management
Plane
Infrastructure
Kubernetes VMware AWS Bare Metal
NGINX Service Mesh control plane Topology Policies
Conf DbKubernetes Service Registry Inventory VMware, AWS… Inventory
SPIRE Grafana OpenTracing
NGINX Controller
Centralized management
Service Mesh connector Integrations
SVC SVCSVCSVCSVC SVC
CLI / API
$>_
NGINX
Ingress
NGINX
Egress
| ©2020 F528
NSM Components
• NSM runs within a K8s cluster
• Securely manages ingress/egress
traffic to external services
• Can be deployed in any K8s cluster
platform
| ©2020 F529
NSM Features
| ©2020 F530
Security
• Zero-trust model
• mTLS enforcement
• Service identity
• Access control CRDs
• Access control via mTLS
• Single source of truth for network (K8s) and identity
(Spire)
• Ingress mTLS
• Egress opt-in allowlist
SVC
| ©2020 F531
Integrated N/S Ingress/Egress
• NGINX Plus for sidecars and KIC
• Ingress traffic treated as S2S service
traffic
• Full integration with Spire identity and
SSL key store
• mTLS for ingress into NSM
• Egress name service support
| ©2020 F532
Traffic Management
• Full support for microservice traffic models
− Circuit Breaker
− Blue/Green
− Canary
− Weighted distribution
• Rate shaping and QoS/priority queueing
• Container-based load balancing
• Dynamic service availability
• SSL keepalive for performance
SVC
| ©2020 F533
Lightweight andAgile
• Control plane designed to
optimize NGINX Plus data plane
• Standards-based: SPIFFE, SMI-
spec
• Single CLI for management of all
mesh services
• CI/CD pipeline’able for
orchestrated deployment and
policy management
| ©2020 F534
Demo!
| ©2020 F535
A reality check…
Service Mesh technology addresses one specific set of problems
It’s not a magic bullet that makes all applications ‘better’
There are many other, well-proven ways to address the same problems
Service Mesh technology is very complex ever-evolving
Cost of operating a mesh in production can be high, and there can be many
risks
| ©2020 F536
WhenAm I Ready For A Service Mesh?
✓ You have a mature, fully-automated CI/CD pipeline (GitOps-enabled)
✓ You are fully invested in microservices and using Kubernetes
✓ You are deploying frequently to production (at least once per day)
✓ You have a zero-trust production environment (so need mTLS)
✓ You need/want additional visibility of container traffic interaction
| ©2020 F537
• Flexible Traffic Management
• Secure Internal Communication
• In-depth monitoring and distributed tracing
• NGINX Service Mesh is available as free
download,check this link for more info : NGINX
Service Mesh
CONFIDENTIAL
Download NGINX Service Mesh
| ©2020 F538
Questions?
Service Mesh: Two Big Words But Do You Need It?

Weitere ähnliche Inhalte

Was ist angesagt?

Ravello – the Easiest Way to Cloud
Ravello – the Easiest Way to CloudRavello – the Easiest Way to Cloud
Ravello – the Easiest Way to CloudMarketingArrowECS_CZ
 
Enterprise Application Migration
Enterprise Application MigrationEnterprise Application Migration
Enterprise Application MigrationVMware Tanzu
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykNext Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykDevOps.com
 
InfoSec: Evolve Thyself to Keep Pace in the Age of DevOps
InfoSec: Evolve Thyself to Keep Pace in the Age of DevOpsInfoSec: Evolve Thyself to Keep Pace in the Age of DevOps
InfoSec: Evolve Thyself to Keep Pace in the Age of DevOpsVMware Tanzu
 
Application Security in the Cloud - Best Practices
Application Security in the Cloud - Best PracticesApplication Security in the Cloud - Best Practices
Application Security in the Cloud - Best PracticesRightScale
 
DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..Siddharth Joshi
 
Infrastructure less development with Azure Service Fabric
Infrastructure less development with Azure Service FabricInfrastructure less development with Azure Service Fabric
Infrastructure less development with Azure Service FabricSaba Jamalian
 
App-First & Cloud-Native: How InterMiles Boosted CX with AWS & Infostretch
App-First & Cloud-Native: How InterMiles Boosted CX with AWS & InfostretchApp-First & Cloud-Native: How InterMiles Boosted CX with AWS & Infostretch
App-First & Cloud-Native: How InterMiles Boosted CX with AWS & InfostretchInfostretch
 
Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)
Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)
Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)VMware Tanzu
 
July 30: How User-Centered Design Drives Impactful Products and Services
July 30: How User-Centered Design Drives Impactful Products and ServicesJuly 30: How User-Centered Design Drives Impactful Products and Services
July 30: How User-Centered Design Drives Impactful Products and ServicesVMware Tanzu
 
Monitoring Your AWS EKS Environment with Datadog
Monitoring Your AWS EKS Environment with DatadogMonitoring Your AWS EKS Environment with Datadog
Monitoring Your AWS EKS Environment with DatadogDevOps.com
 
Four considerations when monitoring microservices
Four considerations when monitoring microservicesFour considerations when monitoring microservices
Four considerations when monitoring microservicesJason Bloomberg
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)DevOps.com
 
Build cloud native solution using open source
Build cloud native solution using open source Build cloud native solution using open source
Build cloud native solution using open source Nitesh Jadhav
 
Cloud Native DevOps
Cloud Native DevOpsCloud Native DevOps
Cloud Native DevOpsJim Bugwadia
 
Stability anti patterns in cloud-native applications
Stability anti patterns in cloud-native applicationsStability anti patterns in cloud-native applications
Stability anti patterns in cloud-native applicationsAna-Maria Mihalceanu
 
Tectonic Summit 2016: Ticketmaster's Public Cloud & Kubernetes Strategy
Tectonic Summit 2016: Ticketmaster's Public Cloud & Kubernetes StrategyTectonic Summit 2016: Ticketmaster's Public Cloud & Kubernetes Strategy
Tectonic Summit 2016: Ticketmaster's Public Cloud & Kubernetes StrategyCoreOS
 
Tectonic Summit 2016: Preparing for Cloud Native
Tectonic Summit 2016: Preparing for Cloud Native Tectonic Summit 2016: Preparing for Cloud Native
Tectonic Summit 2016: Preparing for Cloud Native CoreOS
 
Using Pivotal Cloud Foundry with Google’s BigQuery and Cloud Vision API
Using Pivotal Cloud Foundry with Google’s BigQuery and Cloud Vision APIUsing Pivotal Cloud Foundry with Google’s BigQuery and Cloud Vision API
Using Pivotal Cloud Foundry with Google’s BigQuery and Cloud Vision APIVMware Tanzu
 
Adopting Azure, Cloud Foundry and Microservice Architecture at Merrill Corpor...
Adopting Azure, Cloud Foundry and Microservice Architecture at Merrill Corpor...Adopting Azure, Cloud Foundry and Microservice Architecture at Merrill Corpor...
Adopting Azure, Cloud Foundry and Microservice Architecture at Merrill Corpor...VMware Tanzu
 

Was ist angesagt? (20)

Ravello – the Easiest Way to Cloud
Ravello – the Easiest Way to CloudRavello – the Easiest Way to Cloud
Ravello – the Easiest Way to Cloud
 
Enterprise Application Migration
Enterprise Application MigrationEnterprise Application Migration
Enterprise Application Migration
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykNext Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and Snyk
 
InfoSec: Evolve Thyself to Keep Pace in the Age of DevOps
InfoSec: Evolve Thyself to Keep Pace in the Age of DevOpsInfoSec: Evolve Thyself to Keep Pace in the Age of DevOps
InfoSec: Evolve Thyself to Keep Pace in the Age of DevOps
 
Application Security in the Cloud - Best Practices
Application Security in the Cloud - Best PracticesApplication Security in the Cloud - Best Practices
Application Security in the Cloud - Best Practices
 
DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..
 
Infrastructure less development with Azure Service Fabric
Infrastructure less development with Azure Service FabricInfrastructure less development with Azure Service Fabric
Infrastructure less development with Azure Service Fabric
 
App-First & Cloud-Native: How InterMiles Boosted CX with AWS & Infostretch
App-First & Cloud-Native: How InterMiles Boosted CX with AWS & InfostretchApp-First & Cloud-Native: How InterMiles Boosted CX with AWS & Infostretch
App-First & Cloud-Native: How InterMiles Boosted CX with AWS & Infostretch
 
Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)
Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)
Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)
 
July 30: How User-Centered Design Drives Impactful Products and Services
July 30: How User-Centered Design Drives Impactful Products and ServicesJuly 30: How User-Centered Design Drives Impactful Products and Services
July 30: How User-Centered Design Drives Impactful Products and Services
 
Monitoring Your AWS EKS Environment with Datadog
Monitoring Your AWS EKS Environment with DatadogMonitoring Your AWS EKS Environment with Datadog
Monitoring Your AWS EKS Environment with Datadog
 
Four considerations when monitoring microservices
Four considerations when monitoring microservicesFour considerations when monitoring microservices
Four considerations when monitoring microservices
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
 
Build cloud native solution using open source
Build cloud native solution using open source Build cloud native solution using open source
Build cloud native solution using open source
 
Cloud Native DevOps
Cloud Native DevOpsCloud Native DevOps
Cloud Native DevOps
 
Stability anti patterns in cloud-native applications
Stability anti patterns in cloud-native applicationsStability anti patterns in cloud-native applications
Stability anti patterns in cloud-native applications
 
Tectonic Summit 2016: Ticketmaster's Public Cloud & Kubernetes Strategy
Tectonic Summit 2016: Ticketmaster's Public Cloud & Kubernetes StrategyTectonic Summit 2016: Ticketmaster's Public Cloud & Kubernetes Strategy
Tectonic Summit 2016: Ticketmaster's Public Cloud & Kubernetes Strategy
 
Tectonic Summit 2016: Preparing for Cloud Native
Tectonic Summit 2016: Preparing for Cloud Native Tectonic Summit 2016: Preparing for Cloud Native
Tectonic Summit 2016: Preparing for Cloud Native
 
Using Pivotal Cloud Foundry with Google’s BigQuery and Cloud Vision API
Using Pivotal Cloud Foundry with Google’s BigQuery and Cloud Vision APIUsing Pivotal Cloud Foundry with Google’s BigQuery and Cloud Vision API
Using Pivotal Cloud Foundry with Google’s BigQuery and Cloud Vision API
 
Adopting Azure, Cloud Foundry and Microservice Architecture at Merrill Corpor...
Adopting Azure, Cloud Foundry and Microservice Architecture at Merrill Corpor...Adopting Azure, Cloud Foundry and Microservice Architecture at Merrill Corpor...
Adopting Azure, Cloud Foundry and Microservice Architecture at Merrill Corpor...
 

Ähnlich wie Service Mesh: Two Big Words But Do You Need It?

Data Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service MeshData Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service MeshNGINX, Inc.
 
Get the Most Out of Kubernetes with NGINX
Get the Most Out of Kubernetes with NGINXGet the Most Out of Kubernetes with NGINX
Get the Most Out of Kubernetes with NGINXNGINX, Inc.
 
Next Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiNext Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiMyNOG
 
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...apidays
 
Control Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINXControl Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINXNGINX, Inc.
 
Cisco Connect Toronto 2017 - NFV/SDN Platform for Orchestrating Cloud and vBr...
Cisco Connect Toronto 2017 - NFV/SDN Platform for Orchestrating Cloud and vBr...Cisco Connect Toronto 2017 - NFV/SDN Platform for Orchestrating Cloud and vBr...
Cisco Connect Toronto 2017 - NFV/SDN Platform for Orchestrating Cloud and vBr...Cisco Canada
 
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPSecuring Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPOlivia LaMar
 
F5 and HashiCorp Multi-Cloud
F5 and HashiCorp Multi-CloudF5 and HashiCorp Multi-Cloud
F5 and HashiCorp Multi-Cloudabenyeung1
 
Control Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINXControl Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINXNGINX, Inc.
 
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018   sd-wan - delivering intent-based networking to t...Cisco Connect Toronto 2018   sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...Cisco Canada
 
Juniper Networks®, Tech Mahindra & CA Discuss New Perspectives & Partnership...
Juniper Networks®, Tech Mahindra & CA  Discuss New Perspectives & Partnership...Juniper Networks®, Tech Mahindra & CA  Discuss New Perspectives & Partnership...
Juniper Networks®, Tech Mahindra & CA Discuss New Perspectives & Partnership...CA Technologies
 
Cisco Connect 2018 Malaysia - Innovation towards SP transformation
Cisco Connect 2018 Malaysia - Innovation towards SP transformationCisco Connect 2018 Malaysia - Innovation towards SP transformation
Cisco Connect 2018 Malaysia - Innovation towards SP transformationNetworkCollaborators
 
The Future of Service Mesh
The Future of Service MeshThe Future of Service Mesh
The Future of Service MeshAll Things Open
 
Modernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Modernizing Application Deployments with HashiCorp Consul on Microsoft AzureModernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Modernizing Application Deployments with HashiCorp Consul on Microsoft AzureMitchell Pronschinske
 
API Gateway or Service mesh - Complementary or excluding concepts
API Gateway or Service mesh - Complementary or excluding conceptsAPI Gateway or Service mesh - Complementary or excluding concepts
API Gateway or Service mesh - Complementary or excluding conceptsSven Bernhardt
 
API Gateway or Service Mesh - Complementary or excluding concepts
API Gateway or Service Mesh - Complementary or excluding conceptsAPI Gateway or Service Mesh - Complementary or excluding concepts
API Gateway or Service Mesh - Complementary or excluding conceptsSven Bernhardt
 
Cisco Connect 2018 Thailand - Innovation towards sp transformation mr.sean wa...
Cisco Connect 2018 Thailand - Innovation towards sp transformation mr.sean wa...Cisco Connect 2018 Thailand - Innovation towards sp transformation mr.sean wa...
Cisco Connect 2018 Thailand - Innovation towards sp transformation mr.sean wa...NetworkCollaborators
 
The Current And Future State Of Service Mesh
The Current And Future State Of Service MeshThe Current And Future State Of Service Mesh
The Current And Future State Of Service MeshRam Vennam
 
Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...
Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...
Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...Amazon Web Services
 
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco Canada
 

Ähnlich wie Service Mesh: Two Big Words But Do You Need It? (20)

Data Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service MeshData Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
 
Get the Most Out of Kubernetes with NGINX
Get the Most Out of Kubernetes with NGINXGet the Most Out of Kubernetes with NGINX
Get the Most Out of Kubernetes with NGINX
 
Next Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiNext Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF Chui
 
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...
 
Control Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINXControl Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINX
 
Cisco Connect Toronto 2017 - NFV/SDN Platform for Orchestrating Cloud and vBr...
Cisco Connect Toronto 2017 - NFV/SDN Platform for Orchestrating Cloud and vBr...Cisco Connect Toronto 2017 - NFV/SDN Platform for Orchestrating Cloud and vBr...
Cisco Connect Toronto 2017 - NFV/SDN Platform for Orchestrating Cloud and vBr...
 
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPSecuring Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
 
F5 and HashiCorp Multi-Cloud
F5 and HashiCorp Multi-CloudF5 and HashiCorp Multi-Cloud
F5 and HashiCorp Multi-Cloud
 
Control Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINXControl Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINX
 
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018   sd-wan - delivering intent-based networking to t...Cisco Connect Toronto 2018   sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
 
Juniper Networks®, Tech Mahindra & CA Discuss New Perspectives & Partnership...
Juniper Networks®, Tech Mahindra & CA  Discuss New Perspectives & Partnership...Juniper Networks®, Tech Mahindra & CA  Discuss New Perspectives & Partnership...
Juniper Networks®, Tech Mahindra & CA Discuss New Perspectives & Partnership...
 
Cisco Connect 2018 Malaysia - Innovation towards SP transformation
Cisco Connect 2018 Malaysia - Innovation towards SP transformationCisco Connect 2018 Malaysia - Innovation towards SP transformation
Cisco Connect 2018 Malaysia - Innovation towards SP transformation
 
The Future of Service Mesh
The Future of Service MeshThe Future of Service Mesh
The Future of Service Mesh
 
Modernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Modernizing Application Deployments with HashiCorp Consul on Microsoft AzureModernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Modernizing Application Deployments with HashiCorp Consul on Microsoft Azure
 
API Gateway or Service mesh - Complementary or excluding concepts
API Gateway or Service mesh - Complementary or excluding conceptsAPI Gateway or Service mesh - Complementary or excluding concepts
API Gateway or Service mesh - Complementary or excluding concepts
 
API Gateway or Service Mesh - Complementary or excluding concepts
API Gateway or Service Mesh - Complementary or excluding conceptsAPI Gateway or Service Mesh - Complementary or excluding concepts
API Gateway or Service Mesh - Complementary or excluding concepts
 
Cisco Connect 2018 Thailand - Innovation towards sp transformation mr.sean wa...
Cisco Connect 2018 Thailand - Innovation towards sp transformation mr.sean wa...Cisco Connect 2018 Thailand - Innovation towards sp transformation mr.sean wa...
Cisco Connect 2018 Thailand - Innovation towards sp transformation mr.sean wa...
 
The Current And Future State Of Service Mesh
The Current And Future State Of Service MeshThe Current And Future State Of Service Mesh
The Current And Future State Of Service Mesh
 
Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...
Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...
Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...
 
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
 

Mehr von DevOps.com

Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareDevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...DevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...DevOps.com
 
Vulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudVulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudDevOps.com
 
2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and PredictionsDevOps.com
 
A New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionA New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionDevOps.com
 
Don't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDon't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDevOps.com
 
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureCreating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureDevOps.com
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportDevOps.com
 
Monitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogMonitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogDevOps.com
 
Deliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDeliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDevOps.com
 
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid finalDevOps.com
 
How to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureHow to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureDevOps.com
 
The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021DevOps.com
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsDevOps.com
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...DevOps.com
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...DevOps.com
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...DevOps.com
 
How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...
How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...
How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...DevOps.com
 
The Importance of Visibility and Security of Critical Applications in Cloud E...
The Importance of Visibility and Security of Critical Applications in Cloud E...The Importance of Visibility and Security of Critical Applications in Cloud E...
The Importance of Visibility and Security of Critical Applications in Cloud E...DevOps.com
 

Mehr von DevOps.com (20)

Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source Software
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
 
Vulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudVulnerability Discovery in the Cloud
Vulnerability Discovery in the Cloud
 
2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions
 
A New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionA New Year’s Ransomware Resolution
A New Year’s Ransomware Resolution
 
Don't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDon't Panic! Effective Incident Response
Don't Panic! Effective Incident Response
 
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureCreating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
 
Monitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogMonitoring Serverless Applications with Datadog
Monitoring Serverless Applications with Datadog
 
Deliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDeliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or Privately
 
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid final
 
How to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureHow to Build a Healthy On-Call Culture
How to Build a Healthy On-Call Culture
 
The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift Environments
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
 
How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...
How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...
How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...
 
The Importance of Visibility and Security of Critical Applications in Cloud E...
The Importance of Visibility and Security of Critical Applications in Cloud E...The Importance of Visibility and Security of Critical Applications in Cloud E...
The Importance of Visibility and Security of Critical Applications in Cloud E...
 

Kürzlich hochgeladen

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 

Kürzlich hochgeladen (20)

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 

Service Mesh: Two Big Words But Do You Need It?

  • 1. Service Mesh TWO BIG WORDS BUT DO YOU NEED IT?
  • 2. | ©2020 F52 About Speaker - 10 years working with distributed systems. - Long time NGINX user, joined NGINX team early 2020 Ravi Vagadia - Solutions Engineer, F5 (NGINX BU) @ravirdv https://www.linkedin.com/in/ravi-vagadia/
  • 3. | ©2020 F53 Agenda • Modern Application Overview • What is a Service Mesh? • What does a Service Mesh solve? • When do you need it?
  • 4. | ©2020 F54 Modern Application Overview
  • 5. | ©2020 F55 Kubernetes becoming platform for developing, testing and running applications Traditional CI/CD products being retrofitted to run on Kubernetes Emergenceof Kubernetes-native CI/CD tools for defining and running pipelines on Kubernetes using native Kubernetes constructs Portability makes this particularly attractive Kubernetes in production is growing rapidly NGINX Survey: about half of customers use Kubernetes in production CNCF 2019 survey: 84% use containers in production What we see in the market KUBERNETES-CENTRIC PERSPECTIVE SOURCE: INFORMATIONEXAMPLE Adoption of managed and commercial Kubernetes platforms We see rapid adoption of OpenShiftand Rancher in the private cloud space EKS and GKE adoption in public cloud
  • 6. 42% Actively using Microservices in Production 37% Investigating or using in pre-production NGINX User Survey 2018, 2019 Who is using Microservices in Production?
  • 7. | ©2020 F57 ModernApps Require a ModernArchitecture From Monolithic ... ... to Dynamic Three-tier, J2EE-style architectures Complex protocols (HTML, SOAP) Persistent deployments Fixed, static Infrastructure Big-bang releases Silo’ed teams (Dev, Test, Ops) Microservices Lightweight (REST, gRPC, GraphQL) Containers, VMs, Functions Infrastructure as Code Continuous delivery DevOps Culture
  • 8. | ©2020 F58 Operating a distributed application is hard Static, Predictable Monolith: Dynamic, Distributed App: Fast, reliable function calls Local debugging Local profiling Calendared, big-bang upgrades ‘Integration hell’ contained in dev Slow, unreliable API calls Distributed fault finding Distributed tracing In-place dynamic updates ‘Continuous integration’ live in prod More things can go wrong, it’s harder to find the faults, everything happens live
  • 9. | ©2020 F59 What’s In A Service Mesh!
  • 10. | ©2020 F510 WHAT’S MISSING IN K8S AND WHAT DO YOU REALLY WANT AND NEED FROM A MESH? What Is A Service Mesh? Service mesh aims to improve application traffic control, observability and security for distributed systems. - The New Stack
  • 11. | ©2020 F511 L7 Logic (Ingress) L3-L4 Networking L3 – L7 Network Management == Service Mesh An Overly Simplified Picture
  • 12. | ©2020 F512 WHAT’S MISSING IN K8S AND WHAT DO YOU REALLY WANT AND NEED FROM A MESH? What Is A Service Mesh? • A service mesh adds L7 traffic management & security: • sidecar deployment • policy management • application availability/health, • Service mesh isn’t just one “thing”, it’s a lot of managed and dependent components • Takes over where K8s networking stops (service/pod IP endpoints) • “Traffic management for containers”
  • 13. | ©2020 F513 What DoesA Service Mesh Do? Service Mesh controls communications between pods and external apps Secure Traffic End-to-end encryption (Mutual TLS / mTLS), ACLs Manage All Service Traffic Load Balance, Circuit breaker, B|G, Rate Limiting… Orchestration Injection and sidecar management, K8s API integration Measure Traffic Generate transaction traces and real-time monitoring
  • 14. | ©2020 F514 What Is A Sidecar? A Sidecar is a containerized service that another containerized service depends on for some function: “Helper Containers” • Not just networking, can be used for any separationof process:API GW, logging, data mining, etc. In our world, a Sidecar would be a reverse proxy that sits beside an application service container (in the same pod) and provides all inbound and outbound network routing to that application container App Pod
  • 15. | ©2020 F515 HowAre Sidecars Deployed? Separate Container In The App Pod • The separate container is attached to the app service container in a pod • Networking in the app container is altered via a policy from the mesh that tells the app “You can only talk to your sidecar for network access.” • Policy and architecture are defined and orchestrated via the control plane,managed with a combo of ConfigMap and control plane. • A Service Mesh takes care of auto-associating the sidecar with the app container in the same pod via Sidecar Injection App Pod
  • 16. | ©2020 F516 Use Cases – Securing InternalTraffic (mTLS) Pod A Pod B Pod A Pod B NSM Traffic Flow Without Service Mesh: Traffic Flow With Service Mesh:
  • 17. | ©2020 F517 Use Cases – Control Traffic Flow Target-svc Target-v1 Target-v2 0% 100%
  • 18. | ©2020 F518 Use Cases – Telemetry | Tracing Pod A Pod B Pod C
  • 19. | ©2020 F519 Service Mesh Policies © 2017 F5 Networks Network Policy • Serviceto servicerouting • Serviceavailability • Servicediscovery Access Policy • IP allow/deny • Allow/Deny • JWT Security Policy • SSL/mTLSTermination • DDoS • WAF E F THE MOST IMPORTANT (AND DIFFICULT) PART
  • 20. | ©2020 F520 NSM Service Mesh The “Data Plane” Service Mesh
  • 21. | ©2020 F521 What is the NGINX Service Mesh? Data Plane East/West traffic Control Plane Management Plane Infrastructure Kubernetes VMware AWS Bare Metal SVC SVCSVCSVCSVC SVC Conf DbKubernetes Service Registry Inventory VMware, AWS… Inventory
  • 22. | ©2020 F522 What is the NGINX Service Mesh? Data Plane East/West traffic Control Plane Management Plane Infrastructure Kubernetes VMware AWS Bare Metal Conf DbKubernetes Service Registry Inventory VMware, AWS… Inventory SVC SVCSVCSVCSVC SVC
  • 23. | ©2020 F523 What is the NGINX Service Mesh? Data Plane East/West traffic Control Plane Management Plane Infrastructure Kubernetes VMware AWS Bare Metal NGINX Service Mesh control plane SVC SVCSVCSVCSVC SVC Topology Policies Conf DbKubernetes Service Registry Inventory VMware, AWS… InventoryCLI / API $>_
  • 24. | ©2020 F524 What is the NGINX Service Mesh? Data Plane East/West traffic Control Plane Management Plane Infrastructure Kubernetes VMware AWS Bare Metal NGINX Service Mesh control plane Topology Policies Conf DbKubernetes Service Registry Inventory VMware, AWS… Inventory SPIRE SVC SVCSVCSVCSVC SVC CLI / API $>_
  • 25. | ©2020 F525 What is the NGINX Service Mesh? Data Plane East/West traffic Control Plane Management Plane Infrastructure Kubernetes VMware AWS Bare Metal NGINX Service Mesh control plane Topology Policies Conf DbKubernetes Service Registry Inventory VMware, AWS… Inventory SPIRE Grafana OpenTracing SVC SVCSVCSVCSVC SVC CLI / API $>_
  • 26. | ©2020 F526 What is the NGINX Service Mesh? Data Plane East/West traffic Control Plane Management Plane Infrastructure Kubernetes VMware AWS Bare Metal NGINX Service Mesh control plane Topology Policies Conf DbKubernetes Service Registry Inventory VMware, AWS… Inventory SPIRE Grafana OpenTracing SVC SVCSVCSVCSVC SVC CLI / API $>_ NGINX Ingress NGINX Egress
  • 27. | ©2020 F527 What is the NGINX Service Mesh? Data Plane East/West traffic Control Plane Management Plane Infrastructure Kubernetes VMware AWS Bare Metal NGINX Service Mesh control plane Topology Policies Conf DbKubernetes Service Registry Inventory VMware, AWS… Inventory SPIRE Grafana OpenTracing NGINX Controller Centralized management Service Mesh connector Integrations SVC SVCSVCSVCSVC SVC CLI / API $>_ NGINX Ingress NGINX Egress
  • 28. | ©2020 F528 NSM Components • NSM runs within a K8s cluster • Securely manages ingress/egress traffic to external services • Can be deployed in any K8s cluster platform
  • 29. | ©2020 F529 NSM Features
  • 30. | ©2020 F530 Security • Zero-trust model • mTLS enforcement • Service identity • Access control CRDs • Access control via mTLS • Single source of truth for network (K8s) and identity (Spire) • Ingress mTLS • Egress opt-in allowlist SVC
  • 31. | ©2020 F531 Integrated N/S Ingress/Egress • NGINX Plus for sidecars and KIC • Ingress traffic treated as S2S service traffic • Full integration with Spire identity and SSL key store • mTLS for ingress into NSM • Egress name service support
  • 32. | ©2020 F532 Traffic Management • Full support for microservice traffic models − Circuit Breaker − Blue/Green − Canary − Weighted distribution • Rate shaping and QoS/priority queueing • Container-based load balancing • Dynamic service availability • SSL keepalive for performance SVC
  • 33. | ©2020 F533 Lightweight andAgile • Control plane designed to optimize NGINX Plus data plane • Standards-based: SPIFFE, SMI- spec • Single CLI for management of all mesh services • CI/CD pipeline’able for orchestrated deployment and policy management
  • 35. | ©2020 F535 A reality check… Service Mesh technology addresses one specific set of problems It’s not a magic bullet that makes all applications ‘better’ There are many other, well-proven ways to address the same problems Service Mesh technology is very complex ever-evolving Cost of operating a mesh in production can be high, and there can be many risks
  • 36. | ©2020 F536 WhenAm I Ready For A Service Mesh? ✓ You have a mature, fully-automated CI/CD pipeline (GitOps-enabled) ✓ You are fully invested in microservices and using Kubernetes ✓ You are deploying frequently to production (at least once per day) ✓ You have a zero-trust production environment (so need mTLS) ✓ You need/want additional visibility of container traffic interaction
  • 37. | ©2020 F537 • Flexible Traffic Management • Secure Internal Communication • In-depth monitoring and distributed tracing • NGINX Service Mesh is available as free download,check this link for more info : NGINX Service Mesh CONFIDENTIAL Download NGINX Service Mesh