4. SOA TO MICROSERVICES
▪ Service Oriented Architecture (SOA) is a design approach where multiple
services collaborate to provide some set of capabilities.
▪ A service is an isolated process — and the inter-service communication
happens over the network.
▪ Microservices is the SOA done right!
▪ Provides focused, scoped and modular approach for application design.
4
15. TLS MUTUAL AUTHENTICATION
▪ Each microservice will have its own certificate to prove its identity
▪ How do we provision certificates to each microservice?
▪ How do we deal with certificate revocations?
▪ How do we deal with trust bootstrap?
▪ How do we deal with key rotation?
15
16. SPIFFE / SPIRE
▪ Secure Production Identity Framework for Everyone.
▪ SPIFFE tries to solve the trust bootstrap problem in a platform agnostic manner.
▪ SPIFFE provides an identity to each workload in a microservices deployment,
which is known as the SPIFFE ID.
E.g.: spiffe://acme.com/billing/payments
16
18. JWT (JSON WEB TOKEN)
▪ Defines a container to transport data between interested parties.
▪ There are multiple applications of JWT - in OpenID Connect the id_token is
represented as a JWT.
▪ Propagate one’s identity between interested parties.
▪ Propagate user entitlements between interested parties.
▪ Transfer data securely between interested parties over a unsecured channel.
▪ Assert one’s identity, given that the recipient of the JWT trusts the asserting party.
18
26. OPEN POLICY AGENT (OPA)
▪ A lightweight general-purpose policy engine that can be co-located with your
service.
▪ Can integrate OPA as a sidecar, host-level daemon, or library.
▪ Integrated with Spring, Service Mesh implementations (Istio, Linkerd), Kafka
▪ Netflix is an early adopter of OPA
26
28. DOCKER
▪ Docker (container technology) allows to run multiple services on the same host
machine, while not only exposing a different environment to each of them, but
also isolating them from each other, similarly to VMs, but with much less
overhead.
▪ A process running in a container runs inside the host’s operating system, like all
the other processes (unlike VMs, where processes run in separate operating
systems). But the process in the container is still isolated from other processes.
28
29. KUBERNETES
▪ Kubernetes abstracts away the hardware infrastructure and exposes your whole
datacenter as a single enormous computational resource.
▪ Allows to easily deploy and manage containerized applications on top of it.
▪ Uses Linux container technologies to provide isolation of running applications.
29
34. SERVICE MESH
34
▪ A decentralized application networking infrastructure between the services that
provides, resiliency, security, observability, and routing control.
▪ Comprised of a control plane and a data plane.