SlideShare une entreprise Scribd logo

Microservice & Service Mesh Workshop

Télécharger en tant que PPTX, PDF
Claudio Acquaviva
Claudio Acquaviva

Microservice & Service Mesh Workshop

Logiciels
1  sur  27
Microservices & Service Mesh Workshop Claudio Acquaviva
"All problems in Computer Science can be solved by another level of indirection, except for the problem of too many layers of indirection”. David J. Wheeler, Computer Scientist Inventor of the "Closed Subroutine", 1927-2004.
All information are public. 3 main tasks • Content qualification • Content structuring • Content application
• Structured Design: Fundamentals of a Discipline of Computer Program and Systems Design, Larry Constantine, Ed Yourdon, 1979 • “Low coupling is a sign of a well structured computer system.” (Baixo acoplamento é um sinal de um sistema de computador bem estruturado). • “High cohesion tend to be preferable because it is associated with several desirable traits of software including robustness, reliability, reusability, and understandability.” (Alta coesão tende a ser preferível porque está associada com vários traços de software desejáveis incluindo robutez, confiabilidade, reusabilidade e compreensão) • “...Clearly, cohesion and coupling are interrelated. The greater the cohesion of individual modules in the system, the lower the coupling between modules will be...”. (Claramente, coesão e acoplamente estão inter-relacionados. Quanto maior a coesão dos módulos individuais em um sistema, menor será o acoplamente entre os módulos. Coupling and Cohesion
In summary, Service Orientation is an excellent principle. An ESB implementation approach is not a good solution though. Back in 2005, Anne Thomas Manes, Gartner’s VP, wrote the famous article “SOA is Dead; Long Live Services” (http://apsblog.burtongroup.com/2009/01/soa-is-dead-long-live-services.html). MSA by Adrian Cockcroft, AWS’ VP: “Service-oriented architecture composed of loosely coupled elements that have bounded contexts”. Same principles, distinct implementations. Monoliths -> Microservices Service Orientation – SOA and MSA MicroservicesMonolithDB DB A DB B ESB OrdersCustomers LB Microservice A Customers LB Microservice B Orders LB Microservice C Invoices LB Invoices DB C
• There is no way to build a unified domain model for all systems. • Complex system divided in “Bounded Contexts”. • Each “Context” defines its own unified model and its relationships with other contexts. • A contexto is implemented by a Microservice (or a set of Microservices). DDD – “Domain-Driven Design”
MSA Microservices Architecture API Gateway Legacy Systems Microservices Reference Architecture ERP MDM CRM Mainframe Firewall Firewall DMZ Microservice 1 ... Cloud APIs SaaS PaaS Message Channels Service Component Service Component ... Outer Architecture Inner Architecture Microservice 2 Service Component Service Component Inner Architecture Microservice 3 Service Component Service Component Inner Architecture Microservice N Service Component Service Component Inner Architecture A Guidance Framework for Architecting Portable Cloud and Multicloud Applications, Gartner Eric Knipp, Traverse Clayton, Richard Watson, Gartner, 16/12/16 Identity Provider Mobile Apps End Users 3rd Party Apps
Infraestrutura de Serviços ESB Firewall API Gateway AuthN & AuthZ Service Virtualization & Composition Data Transformation Throttling API Manager Versioning Knowledge Base Life Cycle Management Billing Firewall API Developers Portal AuthN & AuthZ Financials API ConsumersAPI Developers Identity Management AuthN & AuthZ Provisioning Analytics API Publication API Usage Credentials Billing Data TXs Data Service Invocation API Management Reference Architecture MSA API Monitoring API Usage Operational Analytics
Service Provider 1 (SP) Domain B i. e.: On Premises Service Provider 2 (SP) Domain C i. e.: Cloud Identity Provider Principal Identity Provider (IdP) Domain A Credentials (User/Passwd X.509 OTP tokens) Id Token (JWT) • IdP and SPs define a “Circle of Trust”. • OpenID Connect is the preferred standard AuthorizationAuthorizationUser Databases LDAP DBMS
What you have + what you know + what you are Security Factors + + PIN + PIN PIN+ PIN+ What you have + what you are What you have + what you know What you are What you know What you have Authentication Factors Digital Certificate Token OTP Token Personal Identification Number 1 Factor Authentication 2 Factor Authentication 3 Factor Authentication
Communication Models – Synchronous and Asynchronous • Synchronous Calls: • Asynchronous calls can be implemented as 1-to-1 or 1-to-many: API Gateway Service A Service CService B API Gateway Service A Service B HTTP HTTP HTTP HTTP Queue API Gateway Service A Service B HTTP Event Bus Service C
• Microservices are, by definition, a distributed and dynamic environment. • That is, the number of instances of a given Microservice might change overtime. Several reasons: Higher/lower throughput Canary Release A/B testing • How to deal with the policies change problem? Service Registration/Discovery Load Balancing Traffic Control • What about other requirements? Encrypted Communication Service ACL Service Logging Service Tracing Microservice 1 Microservice 2' Microservice 2'' Microservice 2''' Multiple Microservice instances
Microservice 1 (Business Logic) More Logic (non-functional logic) - Service Discovery - Load Balancing - Tracing - Traffic Control - Circuit Breaker - Health Check - Secure Data Transfer Microservice 2 Instances (Business Logic) - Service Discovery - Load Balancing - Tracing - Traffic Control - Circuit Breaker - Health Check - Secure Data Transfer Microservice-to-microservice Communication - Logging - Metrics - Access Control - Logging - Metrics - Access Control More Logic (non-functional logic)
Microservice 1 Standard capabilities - Service Discovery - Load Balancing - Traffic Control - Tracing - Circuit Breaker - Health Check - Secure Data Transfer - Logging - Metrics - Access Control Standard capabilities - Service Discovery - Load Balancing - Traffic Control - Tracing - Circuit Breaker - Health Check - Secure Data Transfer - Logging - Metrics - Access Control Microservice 2 Externalizing Capabilities
● Tightly-coupled Solution ● Difficult code distribution/upgrade ● It doesn't fit the Microservice polyglot principle Microservice Library - Service Discovery - Load Balancing - Traffic Control - Tracing - Circuit Breaker - Health Check - Secure Data Transfer - Logging - Metrics - Access Control Solution 1 - Library
● Loosely-coupled Solution ● Microservice code is not impacted by a proxy upgrade ● It doesn't need to follow the Microservice technology implementation decisions (i.e. programming language) ● All the income and outcome traffics are controlled by the proxy Microservice 1 Proxy - Service Discovery - Load Balancing - Traffic Control - Tracing - Circuit Breaker - Health Check - Secure Data Transfer - Logging - Metrics - Access Control Microservice 2 Proxy - Service Discovery - Load Balancing - Traffic Control - Tracing - Circuit Breaker - Health Check - Secure Data Transfer - Logging - Metrics - Access Control Solution 2 - Proxy
Microservice 1 Proxy Microservice 2'Proxy Microservice 2''Proxy Microservice 2'''Proxy Solution – Proxy – Multiple Microservice instances One problem remains: Who is in charge of the proxies configuration?
Microservice 1 Data Plane - Sidecar Data Plane - Sidecar Control Plane Policies Configuration Metrics Data Metrics Data Microservice 2 Service Mesh Pattern
● Proxies don't do "call-outs": it would be a very big network consuming architecture ● Instead, it's a "push-based" architecture. ● Control Plane ○ Responsible for configuring all the proxies based on policies changes and Microservices instances incarnation/termination ● Data Plane ○ The "runtime" part of the Service Mesh ○ Transparent proxy ○ Stores all the policies defined and pushed by the Control Plane ○ Reports the Control Plane with metrics Service Mesh
• Service Mesh is an “Architecture Pattern” to address the microservice-to-microservice communication requirements. • There are some Service Mesh implementations available today including Istio (http://www.istio.io), Kuma (https://kuma.io/), Linkerd (http://linkerd.io), etc. Sidecar (proxy) Service Mesh Pattern Microservice 1 Business Logic Load Balancing, Service Discovery, Circuit Breaker, Traffic Control, etc Sidecar (proxy) Microservice 2 Business Logic Load Balancing, Service Discovery, Circuit Breaker, Traffci Control, etc Service Mesh Control Plane
● The network is reliable. ● Latency is zero. ● Bandwidth is infinite. ● The network is secure. ● Topology doesn't change. ● There is one administrator. ● Transport cost is zero. ● The network is homogeneous. • L. Peter Deutsch, one of the original Sun "Fellows", is credited with penning the first seven fallacies in 1994 • Bill Joy and Tom Lyon had already identified the first four as "The Fallacies of Networked Computing” • James Gosling, another Sun Fellow and the inventor of Java, added the eighth fallacy in 1997 Fallacies of Distributed Computing
Service Mesh – Circuit Breaker
Service Mesh – Load Balancing & Service Discovery Microservice 1 Sidecar 1 Registry Service Registration Microservice 2 instances Microservice 2 Sidecar 2 Microservice 2 Sidecar 2 Microservice 2 Sidecar 2 Service Discovery Load Balancing
SidecarMicroservice Sidecar Microservice SidecarMicroservice Sidecar Microservice Control Plane API Gateway ● Coarse-grained policies ● (i.e. Global rate-limiting, User & App Authentication, IP Blacklist, etc.) Service Mesh Identity Provider Users & Apps Requests ● Fine-grained policies ● (i.e. Specific Microservice Cluster rate-limiting) API Management & Service Mesh - Security Revisited
Microservices Architecture Docker EngineDocker Engine API Gateway Firewall Firewall DMZ Docker Engine Outer Architecture Microservice 1 Service Component Service Component Inner Architecture Microservice 1 Service Component Service Component Inner Architecture Microservice 2 Service Component Service Component Inner Architecture Kubernetes Cluster Docker & Kubernetes Identity Provider Mobile Apps End Users 3rd Party Apps
Microservices Architecture Kubernetes PodKubernetes Pod API Gateway Firewall Firewall Mobile Apps End Users 3rd Party Apps DMZ Kubernetes Pod Outer Architecture Microservice 1 Service Component Service Component Inner Architecture Microservice 1 Service Component Service Component Inner Architecture Microservice 2 Service Component Service Component Inner Architecture Message Channels / Message Queues Sidecar 1 Sidecar 1 Sidecar 2 Service Discovery Circuit Breaker Health Checks Traffic Control Service Discovery Circuit Breaker Health Checks Traffic Control Service Discovery Circuit Breaker Health Checks Traffic Control Service Mesh Control Plane The Big Big Picture Kubernetes Cluster Identity Provider
Microservices & Service Mesh Workshop Claudio Acquaviva

Recommandé

Deployment driven security
Deployment driven securityDeployment driven security
Deployment driven securitycsandit
 
IRJET- Study of Blockchain and its Concepts
IRJET- Study of Blockchain and its ConceptsIRJET- Study of Blockchain and its Concepts
IRJET- Study of Blockchain and its ConceptsIRJET Journal
 
Hyperledger arch wg_paper_1_consensus
Hyperledger arch wg_paper_1_consensusHyperledger arch wg_paper_1_consensus
Hyperledger arch wg_paper_1_consensusCMR WORLD TECH
 
Ir.34 v14.0
Ir.34 v14.0Ir.34 v14.0
Ir.34 v14.0Pascalo
 
Debakshi_Chakraborty _CV
Debakshi_Chakraborty _CVDebakshi_Chakraborty _CV
Debakshi_Chakraborty _CVdebakshi chakraborty
 
MQTT Protocol: IOT Technology
MQTT Protocol: IOT TechnologyMQTT Protocol: IOT Technology
MQTT Protocol: IOT TechnologyShashank Kapoor
 
Blockchain Scalability - Architectures and Algorithms
Blockchain Scalability - Architectures and AlgorithmsBlockchain Scalability - Architectures and Algorithms
Blockchain Scalability - Architectures and AlgorithmsGokul Alex
 
Interconnect 2017: 6893 Keep out the bad guys by securing your MQ messaging e...
Interconnect 2017: 6893 Keep out the bad guys by securing your MQ messaging e...Interconnect 2017: 6893 Keep out the bad guys by securing your MQ messaging e...
Interconnect 2017: 6893 Keep out the bad guys by securing your MQ messaging e...Robert Parker
 

Recommandé

Deployment driven security
Deployment driven securityDeployment driven security
Deployment driven securitycsandit
 
IRJET- Study of Blockchain and its Concepts
IRJET- Study of Blockchain and its ConceptsIRJET- Study of Blockchain and its Concepts
IRJET- Study of Blockchain and its ConceptsIRJET Journal
 
Hyperledger arch wg_paper_1_consensus
Hyperledger arch wg_paper_1_consensusHyperledger arch wg_paper_1_consensus
Hyperledger arch wg_paper_1_consensusCMR WORLD TECH
 
Ir.34 v14.0
Ir.34 v14.0Ir.34 v14.0
Ir.34 v14.0Pascalo
 
Debakshi_Chakraborty _CV
Debakshi_Chakraborty _CVDebakshi_Chakraborty _CV
Debakshi_Chakraborty _CVdebakshi chakraborty
 
MQTT Protocol: IOT Technology
MQTT Protocol: IOT TechnologyMQTT Protocol: IOT Technology
MQTT Protocol: IOT TechnologyShashank Kapoor
 
Blockchain Scalability - Architectures and Algorithms
Blockchain Scalability - Architectures and AlgorithmsBlockchain Scalability - Architectures and Algorithms
Blockchain Scalability - Architectures and AlgorithmsGokul Alex
 
Interconnect 2017: 6893 Keep out the bad guys by securing your MQ messaging e...
Interconnect 2017: 6893 Keep out the bad guys by securing your MQ messaging e...Interconnect 2017: 6893 Keep out the bad guys by securing your MQ messaging e...
Interconnect 2017: 6893 Keep out the bad guys by securing your MQ messaging e...Robert Parker
 
MQTT - MQ Telemetry Transport for Message Queueing
MQTT - MQ Telemetry Transport for Message QueueingMQTT - MQ Telemetry Transport for Message Queueing
MQTT - MQ Telemetry Transport for Message QueueingPeter R. Egli
 
Microservices Security landscape
Microservices Security landscapeMicroservices Security landscape
Microservices Security landscapeSagara Gunathunga
 
Blockchain Scalability - Themes, Tools and Techniques
Blockchain Scalability - Themes, Tools and TechniquesBlockchain Scalability - Themes, Tools and Techniques
Blockchain Scalability - Themes, Tools and TechniquesGokul Alex
 
Where next for MQTT?
Where next for MQTT?Where next for MQTT?
Where next for MQTT?Ian Craggs
 
ppt
pptppt
pptVideoguy
 
Providing user security guarantees
Providing user security guaranteesProviding user security guarantees
Providing user security guaranteesKamal Spring
 
Introducing new Proof-of-Stake based networks - Why your network participatio...
Introducing new Proof-of-Stake based networks - Why your network participatio...Introducing new Proof-of-Stake based networks - Why your network participatio...
Introducing new Proof-of-Stake based networks - Why your network participatio...Michael Ng
 
MQTC 2016: IBM MQ Security deep dive including AMS
MQTC 2016: IBM MQ Security deep dive including AMSMQTC 2016: IBM MQ Security deep dive including AMS
MQTC 2016: IBM MQ Security deep dive including AMSRobert Parker
 
Blockchain explored
Blockchain explored Blockchain explored
Blockchain explored IBM Sverige
 
Secure Messages with IBM WebSphere MQ Advanced Message Security
Secure Messages with IBM WebSphere MQ Advanced Message SecuritySecure Messages with IBM WebSphere MQ Advanced Message Security
Secure Messages with IBM WebSphere MQ Advanced Message SecurityMorag Hughson
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...
Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...
Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...Dilum Bandara
 
Blockchin Architecture on Azure-Part-3
Blockchin Architecture on Azure-Part-3Blockchin Architecture on Azure-Part-3
Blockchin Architecture on Azure-Part-3Mohammad Asif
 
Blockchain Hyper Ledger Fabric : Bangkok Conference
Blockchain Hyper Ledger Fabric : Bangkok ConferenceBlockchain Hyper Ledger Fabric : Bangkok Conference
Blockchain Hyper Ledger Fabric : Bangkok ConferenceAraf Karsh Hamid
 
CTU 2017 - I168 IBM MQ in the cloud
CTU 2017 - I168 IBM MQ in the cloudCTU 2017 - I168 IBM MQ in the cloud
CTU 2017 - I168 IBM MQ in the cloudRobert Parker
 
Mq ssl channels_on_windows
Mq ssl channels_on_windowsMq ssl channels_on_windows
Mq ssl channels_on_windowskarthickmsit
 
531: Controlling access to your IBM MQ system
531: Controlling access to your IBM MQ system531: Controlling access to your IBM MQ system
531: Controlling access to your IBM MQ systemRobert Parker
 
SSL & TLS Architecture short
SSL & TLS Architecture shortSSL & TLS Architecture short
SSL & TLS Architecture shortAvirot Mitamura
 
Microservices Part 3 Service Mesh and Kafka
Microservices Part 3 Service Mesh and KafkaMicroservices Part 3 Service Mesh and Kafka
Microservices Part 3 Service Mesh and KafkaAraf Karsh Hamid
 
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18CodeOps Technologies LLP
 
Microservices: Where do they fit within a rapidly evolving integration archit...
Microservices: Where do they fit within a rapidly evolving integration archit...Microservices: Where do they fit within a rapidly evolving integration archit...
Microservices: Where do they fit within a rapidly evolving integration archit...Kim Clark
 
Do I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptxDo I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptxPINGXIONG3
 

Contenu connexe

Tendances

MQTT - MQ Telemetry Transport for Message Queueing
MQTT - MQ Telemetry Transport for Message QueueingMQTT - MQ Telemetry Transport for Message Queueing
MQTT - MQ Telemetry Transport for Message QueueingPeter R. Egli
 
Microservices Security landscape
Microservices Security landscapeMicroservices Security landscape
Microservices Security landscapeSagara Gunathunga
 
Blockchain Scalability - Themes, Tools and Techniques
Blockchain Scalability - Themes, Tools and TechniquesBlockchain Scalability - Themes, Tools and Techniques
Blockchain Scalability - Themes, Tools and TechniquesGokul Alex
 
Where next for MQTT?
Where next for MQTT?Where next for MQTT?
Where next for MQTT?Ian Craggs
 
Providing user security guarantees
Providing user security guaranteesProviding user security guarantees
Providing user security guaranteesKamal Spring
 
Introducing new Proof-of-Stake based networks - Why your network participatio...
Introducing new Proof-of-Stake based networks - Why your network participatio...Introducing new Proof-of-Stake based networks - Why your network participatio...
Introducing new Proof-of-Stake based networks - Why your network participatio...Michael Ng
 
MQTC 2016: IBM MQ Security deep dive including AMS
MQTC 2016: IBM MQ Security deep dive including AMSMQTC 2016: IBM MQ Security deep dive including AMS
MQTC 2016: IBM MQ Security deep dive including AMSRobert Parker
 
Blockchain explored
Blockchain explored Blockchain explored
Blockchain explored IBM Sverige
 
Secure Messages with IBM WebSphere MQ Advanced Message Security
Secure Messages with IBM WebSphere MQ Advanced Message SecuritySecure Messages with IBM WebSphere MQ Advanced Message Security
Secure Messages with IBM WebSphere MQ Advanced Message SecurityMorag Hughson
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...
Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...
Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...Dilum Bandara
 
Blockchin Architecture on Azure-Part-3
Blockchin Architecture on Azure-Part-3Blockchin Architecture on Azure-Part-3
Blockchin Architecture on Azure-Part-3Mohammad Asif
 
Blockchain Hyper Ledger Fabric : Bangkok Conference
Blockchain Hyper Ledger Fabric : Bangkok ConferenceBlockchain Hyper Ledger Fabric : Bangkok Conference
Blockchain Hyper Ledger Fabric : Bangkok ConferenceAraf Karsh Hamid
 
CTU 2017 - I168 IBM MQ in the cloud
CTU 2017 - I168 IBM MQ in the cloudCTU 2017 - I168 IBM MQ in the cloud
CTU 2017 - I168 IBM MQ in the cloudRobert Parker
 
Mq ssl channels_on_windows
Mq ssl channels_on_windowsMq ssl channels_on_windows
Mq ssl channels_on_windowskarthickmsit
 
531: Controlling access to your IBM MQ system
531: Controlling access to your IBM MQ system531: Controlling access to your IBM MQ system
531: Controlling access to your IBM MQ systemRobert Parker
 
SSL & TLS Architecture short
SSL & TLS Architecture shortSSL & TLS Architecture short
SSL & TLS Architecture shortAvirot Mitamura
 

Tendances (18)

MQTT - MQ Telemetry Transport for Message Queueing
MQTT - MQ Telemetry Transport for Message QueueingMQTT - MQ Telemetry Transport for Message Queueing
MQTT - MQ Telemetry Transport for Message Queueing
 
Microservices Security landscape
Microservices Security landscapeMicroservices Security landscape
Microservices Security landscape
 
Blockchain Scalability - Themes, Tools and Techniques
Blockchain Scalability - Themes, Tools and TechniquesBlockchain Scalability - Themes, Tools and Techniques
Blockchain Scalability - Themes, Tools and Techniques
 
Where next for MQTT?
Where next for MQTT?Where next for MQTT?
Where next for MQTT?
 
ppt
pptppt
ppt
 
Providing user security guarantees
Providing user security guaranteesProviding user security guarantees
Providing user security guarantees
 
Introducing new Proof-of-Stake based networks - Why your network participatio...
Introducing new Proof-of-Stake based networks - Why your network participatio...Introducing new Proof-of-Stake based networks - Why your network participatio...
Introducing new Proof-of-Stake based networks - Why your network participatio...
 
MQTC 2016: IBM MQ Security deep dive including AMS
MQTC 2016: IBM MQ Security deep dive including AMSMQTC 2016: IBM MQ Security deep dive including AMS
MQTC 2016: IBM MQ Security deep dive including AMS
 
Blockchain explored
Blockchain explored Blockchain explored
Blockchain explored
 
Secure Messages with IBM WebSphere MQ Advanced Message Security
Secure Messages with IBM WebSphere MQ Advanced Message SecuritySecure Messages with IBM WebSphere MQ Advanced Message Security
Secure Messages with IBM WebSphere MQ Advanced Message Security
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
 
Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...
Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...
Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...
 
Blockchin Architecture on Azure-Part-3
Blockchin Architecture on Azure-Part-3Blockchin Architecture on Azure-Part-3
Blockchin Architecture on Azure-Part-3
 
Blockchain Hyper Ledger Fabric : Bangkok Conference
Blockchain Hyper Ledger Fabric : Bangkok ConferenceBlockchain Hyper Ledger Fabric : Bangkok Conference
Blockchain Hyper Ledger Fabric : Bangkok Conference
 
CTU 2017 - I168 IBM MQ in the cloud
CTU 2017 - I168 IBM MQ in the cloudCTU 2017 - I168 IBM MQ in the cloud
CTU 2017 - I168 IBM MQ in the cloud
 
Mq ssl channels_on_windows
Mq ssl channels_on_windowsMq ssl channels_on_windows
Mq ssl channels_on_windows
 
531: Controlling access to your IBM MQ system
531: Controlling access to your IBM MQ system531: Controlling access to your IBM MQ system
531: Controlling access to your IBM MQ system
 
SSL & TLS Architecture short
SSL & TLS Architecture shortSSL & TLS Architecture short
SSL & TLS Architecture short
 

Similaire à Microservice & Service Mesh Workshop

Microservices Part 3 Service Mesh and Kafka
Microservices Part 3 Service Mesh and KafkaMicroservices Part 3 Service Mesh and Kafka
Microservices Part 3 Service Mesh and KafkaAraf Karsh Hamid
 
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18CodeOps Technologies LLP
 
Microservices: Where do they fit within a rapidly evolving integration archit...
Microservices: Where do they fit within a rapidly evolving integration archit...Microservices: Where do they fit within a rapidly evolving integration archit...
Microservices: Where do they fit within a rapidly evolving integration archit...Kim Clark
 
Do I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptxDo I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptxPINGXIONG3
 
How Cloud Computing will change how you and your team will run IT
How Cloud Computing will change how you and your team will run ITHow Cloud Computing will change how you and your team will run IT
How Cloud Computing will change how you and your team will run ITPeter HJ van Eijk
 
Do You Need A Service Mesh?
Do You Need A Service Mesh?Do You Need A Service Mesh?
Do You Need A Service Mesh?NGINX, Inc.
 
MicroServices architecture @ Ctrip v1.1
MicroServices architecture @ Ctrip v1.1MicroServices architecture @ Ctrip v1.1
MicroServices architecture @ Ctrip v1.1William Yang
 
ISTIO Deep Dive
ISTIO Deep DiveISTIO Deep Dive
ISTIO Deep DiveYong Feng
 
Service Mesh CTO Forum (Draft 3)
Service Mesh CTO Forum (Draft 3)Service Mesh CTO Forum (Draft 3)
Service Mesh CTO Forum (Draft 3)Rick Hightower
 
Best Practices Building Cloud Scale Apps with Microservices
Best Practices Building Cloud Scale Apps with MicroservicesBest Practices Building Cloud Scale Apps with Microservices
Best Practices Building Cloud Scale Apps with MicroservicesJim (张建军) Zhang
 
Service mesh from linkerd to conduit (cloud native taiwan meetup)
Service mesh from linkerd to conduit (cloud native taiwan meetup)Service mesh from linkerd to conduit (cloud native taiwan meetup)
Service mesh from linkerd to conduit (cloud native taiwan meetup)Chia-Chun Shih
 
Managing microservices with Istio Service Mesh
Managing microservices with Istio Service MeshManaging microservices with Istio Service Mesh
Managing microservices with Istio Service MeshRafik HARABI
 
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...apidays
 
Concurrency at Scale: Evolution to Micro-Services
Concurrency at Scale: Evolution to Micro-ServicesConcurrency at Scale: Evolution to Micro-Services
Concurrency at Scale: Evolution to Micro-ServicesRandy Shoup
 
Cloudhnologysstecociat
CloudhnologysstecociatCloudhnologysstecociat
CloudhnologysstecociatAnne Starr
 
Comparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesComparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesMirantis
 
2016 - 10 questions you should answer before building a new microservice
2016 - 10 questions you should answer before building a new microservice2016 - 10 questions you should answer before building a new microservice
2016 - 10 questions you should answer before building a new microservicedevopsdaysaustin
 
Microservices Architecture - Cloud Native Apps
Microservices Architecture - Cloud Native AppsMicroservices Architecture - Cloud Native Apps
Microservices Architecture - Cloud Native AppsAraf Karsh Hamid
 
WSO2Con ASIA 2016: Understanding Microservice Architecture
WSO2Con ASIA 2016: Understanding Microservice ArchitectureWSO2Con ASIA 2016: Understanding Microservice Architecture
WSO2Con ASIA 2016: Understanding Microservice ArchitectureWSO2
 

Similaire à Microservice & Service Mesh Workshop (20)

Microservices Part 3 Service Mesh and Kafka
Microservices Part 3 Service Mesh and KafkaMicroservices Part 3 Service Mesh and Kafka
Microservices Part 3 Service Mesh and Kafka
 
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18
 
Microservices: Where do they fit within a rapidly evolving integration archit...
Microservices: Where do they fit within a rapidly evolving integration archit...Microservices: Where do they fit within a rapidly evolving integration archit...
Microservices: Where do they fit within a rapidly evolving integration archit...
 
Do I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptxDo I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptx
 
How Cloud Computing will change how you and your team will run IT
How Cloud Computing will change how you and your team will run ITHow Cloud Computing will change how you and your team will run IT
How Cloud Computing will change how you and your team will run IT
 
Service mesh
Service meshService mesh
Service mesh
 
Do You Need A Service Mesh?
Do You Need A Service Mesh?Do You Need A Service Mesh?
Do You Need A Service Mesh?
 
MicroServices architecture @ Ctrip v1.1
MicroServices architecture @ Ctrip v1.1MicroServices architecture @ Ctrip v1.1
MicroServices architecture @ Ctrip v1.1
 
ISTIO Deep Dive
ISTIO Deep DiveISTIO Deep Dive
ISTIO Deep Dive
 
Service Mesh CTO Forum (Draft 3)
Service Mesh CTO Forum (Draft 3)Service Mesh CTO Forum (Draft 3)
Service Mesh CTO Forum (Draft 3)
 
Best Practices Building Cloud Scale Apps with Microservices
Best Practices Building Cloud Scale Apps with MicroservicesBest Practices Building Cloud Scale Apps with Microservices
Best Practices Building Cloud Scale Apps with Microservices
 
Service mesh from linkerd to conduit (cloud native taiwan meetup)
Service mesh from linkerd to conduit (cloud native taiwan meetup)Service mesh from linkerd to conduit (cloud native taiwan meetup)
Service mesh from linkerd to conduit (cloud native taiwan meetup)
 
Managing microservices with Istio Service Mesh
Managing microservices with Istio Service MeshManaging microservices with Istio Service Mesh
Managing microservices with Istio Service Mesh
 
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
 
Concurrency at Scale: Evolution to Micro-Services
Concurrency at Scale: Evolution to Micro-ServicesConcurrency at Scale: Evolution to Micro-Services
Concurrency at Scale: Evolution to Micro-Services
 
Cloudhnologysstecociat
CloudhnologysstecociatCloudhnologysstecociat
Cloudhnologysstecociat
 
Comparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesComparison of Current Service Mesh Architectures
Comparison of Current Service Mesh Architectures
 
2016 - 10 questions you should answer before building a new microservice
2016 - 10 questions you should answer before building a new microservice2016 - 10 questions you should answer before building a new microservice
2016 - 10 questions you should answer before building a new microservice
 
Microservices Architecture - Cloud Native Apps
Microservices Architecture - Cloud Native AppsMicroservices Architecture - Cloud Native Apps
Microservices Architecture - Cloud Native Apps
 
WSO2Con ASIA 2016: Understanding Microservice Architecture
WSO2Con ASIA 2016: Understanding Microservice ArchitectureWSO2Con ASIA 2016: Understanding Microservice Architecture
WSO2Con ASIA 2016: Understanding Microservice Architecture
 

Dernier

Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Rob Geurden
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsChristian Birchler
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Cizo Technology Services
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsSafe Software
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxAndreas Kunz
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalLionel Briand
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfDrew Moseley
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringHironori Washizaki
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationBradBedford3
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationvaddepallysandeep122
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprisepreethippts
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Developmentvyaparkranti
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 

Dernier (20)

Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data Streams
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive Goal
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdf
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their Engineering
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentation
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprise
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Development
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 

Microservice & Service Mesh Workshop

  • 2. "All problems in Computer Science can be solved by another level of indirection, except for the problem of too many layers of indirection”. David J. Wheeler, Computer Scientist Inventor of the "Closed Subroutine", 1927-2004.
  • 3. All information are public. 3 main tasks • Content qualification • Content structuring • Content application
  • 4. • Structured Design: Fundamentals of a Discipline of Computer Program and Systems Design, Larry Constantine, Ed Yourdon, 1979 • “Low coupling is a sign of a well structured computer system.” (Baixo acoplamento é um sinal de um sistema de computador bem estruturado). • “High cohesion tend to be preferable because it is associated with several desirable traits of software including robustness, reliability, reusability, and understandability.” (Alta coesão tende a ser preferível porque está associada com vários traços de software desejáveis incluindo robutez, confiabilidade, reusabilidade e compreensão) • “...Clearly, cohesion and coupling are interrelated. The greater the cohesion of individual modules in the system, the lower the coupling between modules will be...”. (Claramente, coesão e acoplamente estão inter-relacionados. Quanto maior a coesão dos módulos individuais em um sistema, menor será o acoplamente entre os módulos. Coupling and Cohesion
  • 5. In summary, Service Orientation is an excellent principle. An ESB implementation approach is not a good solution though. Back in 2005, Anne Thomas Manes, Gartner’s VP, wrote the famous article “SOA is Dead; Long Live Services” (http://apsblog.burtongroup.com/2009/01/soa-is-dead-long-live-services.html). MSA by Adrian Cockcroft, AWS’ VP: “Service-oriented architecture composed of loosely coupled elements that have bounded contexts”. Same principles, distinct implementations. Monoliths -> Microservices Service Orientation – SOA and MSA MicroservicesMonolithDB DB A DB B ESB OrdersCustomers LB Microservice A Customers LB Microservice B Orders LB Microservice C Invoices LB Invoices DB C
  • 6. • There is no way to build a unified domain model for all systems. • Complex system divided in “Bounded Contexts”. • Each “Context” defines its own unified model and its relationships with other contexts. • A contexto is implemented by a Microservice (or a set of Microservices). DDD – “Domain-Driven Design”
  • 7. MSA Microservices Architecture API Gateway Legacy Systems Microservices Reference Architecture ERP MDM CRM Mainframe Firewall Firewall DMZ Microservice 1 ... Cloud APIs SaaS PaaS Message Channels Service Component Service Component ... Outer Architecture Inner Architecture Microservice 2 Service Component Service Component Inner Architecture Microservice 3 Service Component Service Component Inner Architecture Microservice N Service Component Service Component Inner Architecture A Guidance Framework for Architecting Portable Cloud and Multicloud Applications, Gartner Eric Knipp, Traverse Clayton, Richard Watson, Gartner, 16/12/16 Identity Provider Mobile Apps End Users 3rd Party Apps
  • 8. Infraestrutura de Serviços ESB Firewall API Gateway AuthN & AuthZ Service Virtualization & Composition Data Transformation Throttling API Manager Versioning Knowledge Base Life Cycle Management Billing Firewall API Developers Portal AuthN & AuthZ Financials API ConsumersAPI Developers Identity Management AuthN & AuthZ Provisioning Analytics API Publication API Usage Credentials Billing Data TXs Data Service Invocation API Management Reference Architecture MSA API Monitoring API Usage Operational Analytics
  • 9. Service Provider 1 (SP) Domain B i. e.: On Premises Service Provider 2 (SP) Domain C i. e.: Cloud Identity Provider Principal Identity Provider (IdP) Domain A Credentials (User/Passwd X.509 OTP tokens) Id Token (JWT) • IdP and SPs define a “Circle of Trust”. • OpenID Connect is the preferred standard AuthorizationAuthorizationUser Databases LDAP DBMS
  • 10. What you have + what you know + what you are Security Factors + + PIN + PIN PIN+ PIN+ What you have + what you are What you have + what you know What you are What you know What you have Authentication Factors Digital Certificate Token OTP Token Personal Identification Number 1 Factor Authentication 2 Factor Authentication 3 Factor Authentication
  • 11. Communication Models – Synchronous and Asynchronous • Synchronous Calls: • Asynchronous calls can be implemented as 1-to-1 or 1-to-many: API Gateway Service A Service CService B API Gateway Service A Service B HTTP HTTP HTTP HTTP Queue API Gateway Service A Service B HTTP Event Bus Service C
  • 12. • Microservices are, by definition, a distributed and dynamic environment. • That is, the number of instances of a given Microservice might change overtime. Several reasons: Higher/lower throughput Canary Release A/B testing • How to deal with the policies change problem? Service Registration/Discovery Load Balancing Traffic Control • What about other requirements? Encrypted Communication Service ACL Service Logging Service Tracing Microservice 1 Microservice 2' Microservice 2'' Microservice 2''' Multiple Microservice instances
  • 13. Microservice 1 (Business Logic) More Logic (non-functional logic) - Service Discovery - Load Balancing - Tracing - Traffic Control - Circuit Breaker - Health Check - Secure Data Transfer Microservice 2 Instances (Business Logic) - Service Discovery - Load Balancing - Tracing - Traffic Control - Circuit Breaker - Health Check - Secure Data Transfer Microservice-to-microservice Communication - Logging - Metrics - Access Control - Logging - Metrics - Access Control More Logic (non-functional logic)
  • 14. Microservice 1 Standard capabilities - Service Discovery - Load Balancing - Traffic Control - Tracing - Circuit Breaker - Health Check - Secure Data Transfer - Logging - Metrics - Access Control Standard capabilities - Service Discovery - Load Balancing - Traffic Control - Tracing - Circuit Breaker - Health Check - Secure Data Transfer - Logging - Metrics - Access Control Microservice 2 Externalizing Capabilities
  • 15. ● Tightly-coupled Solution ● Difficult code distribution/upgrade ● It doesn't fit the Microservice polyglot principle Microservice Library - Service Discovery - Load Balancing - Traffic Control - Tracing - Circuit Breaker - Health Check - Secure Data Transfer - Logging - Metrics - Access Control Solution 1 - Library
  • 16. ● Loosely-coupled Solution ● Microservice code is not impacted by a proxy upgrade ● It doesn't need to follow the Microservice technology implementation decisions (i.e. programming language) ● All the income and outcome traffics are controlled by the proxy Microservice 1 Proxy - Service Discovery - Load Balancing - Traffic Control - Tracing - Circuit Breaker - Health Check - Secure Data Transfer - Logging - Metrics - Access Control Microservice 2 Proxy - Service Discovery - Load Balancing - Traffic Control - Tracing - Circuit Breaker - Health Check - Secure Data Transfer - Logging - Metrics - Access Control Solution 2 - Proxy
  • 17. Microservice 1 Proxy Microservice 2'Proxy Microservice 2''Proxy Microservice 2'''Proxy Solution – Proxy – Multiple Microservice instances One problem remains: Who is in charge of the proxies configuration?
  • 18. Microservice 1 Data Plane - Sidecar Data Plane - Sidecar Control Plane Policies Configuration Metrics Data Metrics Data Microservice 2 Service Mesh Pattern
  • 19. ● Proxies don't do "call-outs": it would be a very big network consuming architecture ● Instead, it's a "push-based" architecture. ● Control Plane ○ Responsible for configuring all the proxies based on policies changes and Microservices instances incarnation/termination ● Data Plane ○ The "runtime" part of the Service Mesh ○ Transparent proxy ○ Stores all the policies defined and pushed by the Control Plane ○ Reports the Control Plane with metrics Service Mesh
  • 20. • Service Mesh is an “Architecture Pattern” to address the microservice-to-microservice communication requirements. • There are some Service Mesh implementations available today including Istio (http://www.istio.io), Kuma (https://kuma.io/), Linkerd (http://linkerd.io), etc. Sidecar (proxy) Service Mesh Pattern Microservice 1 Business Logic Load Balancing, Service Discovery, Circuit Breaker, Traffic Control, etc Sidecar (proxy) Microservice 2 Business Logic Load Balancing, Service Discovery, Circuit Breaker, Traffci Control, etc Service Mesh Control Plane
  • 21. ● The network is reliable. ● Latency is zero. ● Bandwidth is infinite. ● The network is secure. ● Topology doesn't change. ● There is one administrator. ● Transport cost is zero. ● The network is homogeneous. • L. Peter Deutsch, one of the original Sun "Fellows", is credited with penning the first seven fallacies in 1994 • Bill Joy and Tom Lyon had already identified the first four as "The Fallacies of Networked Computing” • James Gosling, another Sun Fellow and the inventor of Java, added the eighth fallacy in 1997 Fallacies of Distributed Computing
  • 22. Service Mesh – Circuit Breaker
  • 23. Service Mesh – Load Balancing & Service Discovery Microservice 1 Sidecar 1 Registry Service Registration Microservice 2 instances Microservice 2 Sidecar 2 Microservice 2 Sidecar 2 Microservice 2 Sidecar 2 Service Discovery Load Balancing
  • 24. SidecarMicroservice Sidecar Microservice SidecarMicroservice Sidecar Microservice Control Plane API Gateway ● Coarse-grained policies ● (i.e. Global rate-limiting, User & App Authentication, IP Blacklist, etc.) Service Mesh Identity Provider Users & Apps Requests ● Fine-grained policies ● (i.e. Specific Microservice Cluster rate-limiting) API Management & Service Mesh - Security Revisited
  • 25. Microservices Architecture Docker EngineDocker Engine API Gateway Firewall Firewall DMZ Docker Engine Outer Architecture Microservice 1 Service Component Service Component Inner Architecture Microservice 1 Service Component Service Component Inner Architecture Microservice 2 Service Component Service Component Inner Architecture Kubernetes Cluster Docker & Kubernetes Identity Provider Mobile Apps End Users 3rd Party Apps
  • 26. Microservices Architecture Kubernetes PodKubernetes Pod API Gateway Firewall Firewall Mobile Apps End Users 3rd Party Apps DMZ Kubernetes Pod Outer Architecture Microservice 1 Service Component Service Component Inner Architecture Microservice 1 Service Component Service Component Inner Architecture Microservice 2 Service Component Service Component Inner Architecture Message Channels / Message Queues Sidecar 1 Sidecar 1 Sidecar 2 Service Discovery Circuit Breaker Health Checks Traffic Control Service Discovery Circuit Breaker Health Checks Traffic Control Service Discovery Circuit Breaker Health Checks Traffic Control Service Mesh Control Plane The Big Big Picture Kubernetes Cluster Identity Provider