SlideShare una empresa de Scribd logo

Microservice & Service Mesh Workshop

Descargar como PPTX, PDF
Claudio Acquaviva
Claudio Acquaviva

Microservice & Service Mesh Workshop

Software
1 de 27
Microservices & Service Mesh Workshop Claudio Acquaviva
"All problems in Computer Science can be solved by another level of indirection, except for the problem of too many layers of indirection”. David J. Wheeler, Computer Scientist Inventor of the "Closed Subroutine", 1927-2004.
All information are public. 3 main tasks • Content qualification • Content structuring • Content application
• Structured Design: Fundamentals of a Discipline of Computer Program and Systems Design, Larry Constantine, Ed Yourdon, 1979 • “Low coupling is a sign of a well structured computer system.” (Baixo acoplamento é um sinal de um sistema de computador bem estruturado). • “High cohesion tend to be preferable because it is associated with several desirable traits of software including robustness, reliability, reusability, and understandability.” (Alta coesão tende a ser preferível porque está associada com vários traços de software desejáveis incluindo robutez, confiabilidade, reusabilidade e compreensão) • “...Clearly, cohesion and coupling are interrelated. The greater the cohesion of individual modules in the system, the lower the coupling between modules will be...”. (Claramente, coesão e acoplamente estão inter-relacionados. Quanto maior a coesão dos módulos individuais em um sistema, menor será o acoplamente entre os módulos. Coupling and Cohesion
In summary, Service Orientation is an excellent principle. An ESB implementation approach is not a good solution though. Back in 2005, Anne Thomas Manes, Gartner’s VP, wrote the famous article “SOA is Dead; Long Live Services” (http://apsblog.burtongroup.com/2009/01/soa-is-dead-long-live-services.html). MSA by Adrian Cockcroft, AWS’ VP: “Service-oriented architecture composed of loosely coupled elements that have bounded contexts”. Same principles, distinct implementations. Monoliths -> Microservices Service Orientation – SOA and MSA MicroservicesMonolithDB DB A DB B ESB OrdersCustomers LB Microservice A Customers LB Microservice B Orders LB Microservice C Invoices LB Invoices DB C
• There is no way to build a unified domain model for all systems. • Complex system divided in “Bounded Contexts”. • Each “Context” defines its own unified model and its relationships with other contexts. • A contexto is implemented by a Microservice (or a set of Microservices). DDD – “Domain-Driven Design”
MSA Microservices Architecture API Gateway Legacy Systems Microservices Reference Architecture ERP MDM CRM Mainframe Firewall Firewall DMZ Microservice 1 ... Cloud APIs SaaS PaaS Message Channels Service Component Service Component ... Outer Architecture Inner Architecture Microservice 2 Service Component Service Component Inner Architecture Microservice 3 Service Component Service Component Inner Architecture Microservice N Service Component Service Component Inner Architecture A Guidance Framework for Architecting Portable Cloud and Multicloud Applications, Gartner Eric Knipp, Traverse Clayton, Richard Watson, Gartner, 16/12/16 Identity Provider Mobile Apps End Users 3rd Party Apps
Infraestrutura de Serviços ESB Firewall API Gateway AuthN & AuthZ Service Virtualization & Composition Data Transformation Throttling API Manager Versioning Knowledge Base Life Cycle Management Billing Firewall API Developers Portal AuthN & AuthZ Financials API ConsumersAPI Developers Identity Management AuthN & AuthZ Provisioning Analytics API Publication API Usage Credentials Billing Data TXs Data Service Invocation API Management Reference Architecture MSA API Monitoring API Usage Operational Analytics
Service Provider 1 (SP) Domain B i. e.: On Premises Service Provider 2 (SP) Domain C i. e.: Cloud Identity Provider Principal Identity Provider (IdP) Domain A Credentials (User/Passwd X.509 OTP tokens) Id Token (JWT) • IdP and SPs define a “Circle of Trust”. • OpenID Connect is the preferred standard AuthorizationAuthorizationUser Databases LDAP DBMS
What you have + what you know + what you are Security Factors + + PIN + PIN PIN+ PIN+ What you have + what you are What you have + what you know What you are What you know What you have Authentication Factors Digital Certificate Token OTP Token Personal Identification Number 1 Factor Authentication 2 Factor Authentication 3 Factor Authentication
Communication Models – Synchronous and Asynchronous • Synchronous Calls: • Asynchronous calls can be implemented as 1-to-1 or 1-to-many: API Gateway Service A Service CService B API Gateway Service A Service B HTTP HTTP HTTP HTTP Queue API Gateway Service A Service B HTTP Event Bus Service C
• Microservices are, by definition, a distributed and dynamic environment. • That is, the number of instances of a given Microservice might change overtime. Several reasons: Higher/lower throughput Canary Release A/B testing • How to deal with the policies change problem? Service Registration/Discovery Load Balancing Traffic Control • What about other requirements? Encrypted Communication Service ACL Service Logging Service Tracing Microservice 1 Microservice 2' Microservice 2'' Microservice 2''' Multiple Microservice instances
Microservice 1 (Business Logic) More Logic (non-functional logic) - Service Discovery - Load Balancing - Tracing - Traffic Control - Circuit Breaker - Health Check - Secure Data Transfer Microservice 2 Instances (Business Logic) - Service Discovery - Load Balancing - Tracing - Traffic Control - Circuit Breaker - Health Check - Secure Data Transfer Microservice-to-microservice Communication - Logging - Metrics - Access Control - Logging - Metrics - Access Control More Logic (non-functional logic)
Microservice 1 Standard capabilities - Service Discovery - Load Balancing - Traffic Control - Tracing - Circuit Breaker - Health Check - Secure Data Transfer - Logging - Metrics - Access Control Standard capabilities - Service Discovery - Load Balancing - Traffic Control - Tracing - Circuit Breaker - Health Check - Secure Data Transfer - Logging - Metrics - Access Control Microservice 2 Externalizing Capabilities
● Tightly-coupled Solution ● Difficult code distribution/upgrade ● It doesn't fit the Microservice polyglot principle Microservice Library - Service Discovery - Load Balancing - Traffic Control - Tracing - Circuit Breaker - Health Check - Secure Data Transfer - Logging - Metrics - Access Control Solution 1 - Library
● Loosely-coupled Solution ● Microservice code is not impacted by a proxy upgrade ● It doesn't need to follow the Microservice technology implementation decisions (i.e. programming language) ● All the income and outcome traffics are controlled by the proxy Microservice 1 Proxy - Service Discovery - Load Balancing - Traffic Control - Tracing - Circuit Breaker - Health Check - Secure Data Transfer - Logging - Metrics - Access Control Microservice 2 Proxy - Service Discovery - Load Balancing - Traffic Control - Tracing - Circuit Breaker - Health Check - Secure Data Transfer - Logging - Metrics - Access Control Solution 2 - Proxy
Microservice 1 Proxy Microservice 2'Proxy Microservice 2''Proxy Microservice 2'''Proxy Solution – Proxy – Multiple Microservice instances One problem remains: Who is in charge of the proxies configuration?
Microservice 1 Data Plane - Sidecar Data Plane - Sidecar Control Plane Policies Configuration Metrics Data Metrics Data Microservice 2 Service Mesh Pattern
● Proxies don't do "call-outs": it would be a very big network consuming architecture ● Instead, it's a "push-based" architecture. ● Control Plane ○ Responsible for configuring all the proxies based on policies changes and Microservices instances incarnation/termination ● Data Plane ○ The "runtime" part of the Service Mesh ○ Transparent proxy ○ Stores all the policies defined and pushed by the Control Plane ○ Reports the Control Plane with metrics Service Mesh
• Service Mesh is an “Architecture Pattern” to address the microservice-to-microservice communication requirements. • There are some Service Mesh implementations available today including Istio (http://www.istio.io), Kuma (https://kuma.io/), Linkerd (http://linkerd.io), etc. Sidecar (proxy) Service Mesh Pattern Microservice 1 Business Logic Load Balancing, Service Discovery, Circuit Breaker, Traffic Control, etc Sidecar (proxy) Microservice 2 Business Logic Load Balancing, Service Discovery, Circuit Breaker, Traffci Control, etc Service Mesh Control Plane
● The network is reliable. ● Latency is zero. ● Bandwidth is infinite. ● The network is secure. ● Topology doesn't change. ● There is one administrator. ● Transport cost is zero. ● The network is homogeneous. • L. Peter Deutsch, one of the original Sun "Fellows", is credited with penning the first seven fallacies in 1994 • Bill Joy and Tom Lyon had already identified the first four as "The Fallacies of Networked Computing” • James Gosling, another Sun Fellow and the inventor of Java, added the eighth fallacy in 1997 Fallacies of Distributed Computing
Service Mesh – Circuit Breaker
Service Mesh – Load Balancing & Service Discovery Microservice 1 Sidecar 1 Registry Service Registration Microservice 2 instances Microservice 2 Sidecar 2 Microservice 2 Sidecar 2 Microservice 2 Sidecar 2 Service Discovery Load Balancing
SidecarMicroservice Sidecar Microservice SidecarMicroservice Sidecar Microservice Control Plane API Gateway ● Coarse-grained policies ● (i.e. Global rate-limiting, User & App Authentication, IP Blacklist, etc.) Service Mesh Identity Provider Users & Apps Requests ● Fine-grained policies ● (i.e. Specific Microservice Cluster rate-limiting) API Management & Service Mesh - Security Revisited
Microservices Architecture Docker EngineDocker Engine API Gateway Firewall Firewall DMZ Docker Engine Outer Architecture Microservice 1 Service Component Service Component Inner Architecture Microservice 1 Service Component Service Component Inner Architecture Microservice 2 Service Component Service Component Inner Architecture Kubernetes Cluster Docker & Kubernetes Identity Provider Mobile Apps End Users 3rd Party Apps
Microservices Architecture Kubernetes PodKubernetes Pod API Gateway Firewall Firewall Mobile Apps End Users 3rd Party Apps DMZ Kubernetes Pod Outer Architecture Microservice 1 Service Component Service Component Inner Architecture Microservice 1 Service Component Service Component Inner Architecture Microservice 2 Service Component Service Component Inner Architecture Message Channels / Message Queues Sidecar 1 Sidecar 1 Sidecar 2 Service Discovery Circuit Breaker Health Checks Traffic Control Service Discovery Circuit Breaker Health Checks Traffic Control Service Discovery Circuit Breaker Health Checks Traffic Control Service Mesh Control Plane The Big Big Picture Kubernetes Cluster Identity Provider
Microservices & Service Mesh Workshop Claudio Acquaviva

Recomendados

Deployment driven security
Deployment driven securityDeployment driven security
Deployment driven securitycsandit
 
IRJET- Study of Blockchain and its Concepts
IRJET- Study of Blockchain and its ConceptsIRJET- Study of Blockchain and its Concepts
IRJET- Study of Blockchain and its ConceptsIRJET Journal
 
Hyperledger arch wg_paper_1_consensus
Hyperledger arch wg_paper_1_consensusHyperledger arch wg_paper_1_consensus
Hyperledger arch wg_paper_1_consensusCMR WORLD TECH
 
Ir.34 v14.0
Ir.34 v14.0Ir.34 v14.0
Ir.34 v14.0Pascalo
 
Debakshi_Chakraborty _CV
Debakshi_Chakraborty _CVDebakshi_Chakraborty _CV
Debakshi_Chakraborty _CVdebakshi chakraborty
 
MQTT Protocol: IOT Technology
MQTT Protocol: IOT TechnologyMQTT Protocol: IOT Technology
MQTT Protocol: IOT TechnologyShashank Kapoor
 
Blockchain Scalability - Architectures and Algorithms
Blockchain Scalability - Architectures and AlgorithmsBlockchain Scalability - Architectures and Algorithms
Blockchain Scalability - Architectures and AlgorithmsGokul Alex
 
Interconnect 2017: 6893 Keep out the bad guys by securing your MQ messaging e...
Interconnect 2017: 6893 Keep out the bad guys by securing your MQ messaging e...Interconnect 2017: 6893 Keep out the bad guys by securing your MQ messaging e...
Interconnect 2017: 6893 Keep out the bad guys by securing your MQ messaging e...Robert Parker
 

Recomendados

Deployment driven security
Deployment driven securityDeployment driven security
Deployment driven securitycsandit
 
IRJET- Study of Blockchain and its Concepts
IRJET- Study of Blockchain and its ConceptsIRJET- Study of Blockchain and its Concepts
IRJET- Study of Blockchain and its ConceptsIRJET Journal
 
Hyperledger arch wg_paper_1_consensus
Hyperledger arch wg_paper_1_consensusHyperledger arch wg_paper_1_consensus
Hyperledger arch wg_paper_1_consensusCMR WORLD TECH
 
Ir.34 v14.0
Ir.34 v14.0Ir.34 v14.0
Ir.34 v14.0Pascalo
 
Debakshi_Chakraborty _CV
Debakshi_Chakraborty _CVDebakshi_Chakraborty _CV
Debakshi_Chakraborty _CVdebakshi chakraborty
 
MQTT Protocol: IOT Technology
MQTT Protocol: IOT TechnologyMQTT Protocol: IOT Technology
MQTT Protocol: IOT TechnologyShashank Kapoor
 
Blockchain Scalability - Architectures and Algorithms
Blockchain Scalability - Architectures and AlgorithmsBlockchain Scalability - Architectures and Algorithms
Blockchain Scalability - Architectures and AlgorithmsGokul Alex
 
Interconnect 2017: 6893 Keep out the bad guys by securing your MQ messaging e...
Interconnect 2017: 6893 Keep out the bad guys by securing your MQ messaging e...Interconnect 2017: 6893 Keep out the bad guys by securing your MQ messaging e...
Interconnect 2017: 6893 Keep out the bad guys by securing your MQ messaging e...Robert Parker
 
MQTT - MQ Telemetry Transport for Message Queueing
MQTT - MQ Telemetry Transport for Message QueueingMQTT - MQ Telemetry Transport for Message Queueing
MQTT - MQ Telemetry Transport for Message QueueingPeter R. Egli
 
Microservices Security landscape
Microservices Security landscapeMicroservices Security landscape
Microservices Security landscapeSagara Gunathunga
 
Blockchain Scalability - Themes, Tools and Techniques
Blockchain Scalability - Themes, Tools and TechniquesBlockchain Scalability - Themes, Tools and Techniques
Blockchain Scalability - Themes, Tools and TechniquesGokul Alex
 
Where next for MQTT?
Where next for MQTT?Where next for MQTT?
Where next for MQTT?Ian Craggs
 
ppt
pptppt
pptVideoguy
 
Providing user security guarantees
Providing user security guaranteesProviding user security guarantees
Providing user security guaranteesKamal Spring
 
Introducing new Proof-of-Stake based networks - Why your network participatio...
Introducing new Proof-of-Stake based networks - Why your network participatio...Introducing new Proof-of-Stake based networks - Why your network participatio...
Introducing new Proof-of-Stake based networks - Why your network participatio...Michael Ng
 
MQTC 2016: IBM MQ Security deep dive including AMS
MQTC 2016: IBM MQ Security deep dive including AMSMQTC 2016: IBM MQ Security deep dive including AMS
MQTC 2016: IBM MQ Security deep dive including AMSRobert Parker
 
Blockchain explored
Blockchain explored Blockchain explored
Blockchain explored IBM Sverige
 
Secure Messages with IBM WebSphere MQ Advanced Message Security
Secure Messages with IBM WebSphere MQ Advanced Message SecuritySecure Messages with IBM WebSphere MQ Advanced Message Security
Secure Messages with IBM WebSphere MQ Advanced Message SecurityMorag Hughson
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...
Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...
Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...Dilum Bandara
 
Blockchin Architecture on Azure-Part-3
Blockchin Architecture on Azure-Part-3Blockchin Architecture on Azure-Part-3
Blockchin Architecture on Azure-Part-3Mohammad Asif
 
Blockchain Hyper Ledger Fabric : Bangkok Conference
Blockchain Hyper Ledger Fabric : Bangkok ConferenceBlockchain Hyper Ledger Fabric : Bangkok Conference
Blockchain Hyper Ledger Fabric : Bangkok ConferenceAraf Karsh Hamid
 
CTU 2017 - I168 IBM MQ in the cloud
CTU 2017 - I168 IBM MQ in the cloudCTU 2017 - I168 IBM MQ in the cloud
CTU 2017 - I168 IBM MQ in the cloudRobert Parker
 
Mq ssl channels_on_windows
Mq ssl channels_on_windowsMq ssl channels_on_windows
Mq ssl channels_on_windowskarthickmsit
 
531: Controlling access to your IBM MQ system
531: Controlling access to your IBM MQ system531: Controlling access to your IBM MQ system
531: Controlling access to your IBM MQ systemRobert Parker
 
SSL & TLS Architecture short
SSL & TLS Architecture shortSSL & TLS Architecture short
SSL & TLS Architecture shortAvirot Mitamura
 
Microservices Part 3 Service Mesh and Kafka
Microservices Part 3 Service Mesh and KafkaMicroservices Part 3 Service Mesh and Kafka
Microservices Part 3 Service Mesh and KafkaAraf Karsh Hamid
 
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18CodeOps Technologies LLP
 
Microservices: Where do they fit within a rapidly evolving integration archit...
Microservices: Where do they fit within a rapidly evolving integration archit...Microservices: Where do they fit within a rapidly evolving integration archit...
Microservices: Where do they fit within a rapidly evolving integration archit...Kim Clark
 
Do I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptxDo I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptxPINGXIONG3
 

Más contenido relacionado

La actualidad más candente

MQTT - MQ Telemetry Transport for Message Queueing
MQTT - MQ Telemetry Transport for Message QueueingMQTT - MQ Telemetry Transport for Message Queueing
MQTT - MQ Telemetry Transport for Message QueueingPeter R. Egli
 
Microservices Security landscape
Microservices Security landscapeMicroservices Security landscape
Microservices Security landscapeSagara Gunathunga
 
Blockchain Scalability - Themes, Tools and Techniques
Blockchain Scalability - Themes, Tools and TechniquesBlockchain Scalability - Themes, Tools and Techniques
Blockchain Scalability - Themes, Tools and TechniquesGokul Alex
 
Where next for MQTT?
Where next for MQTT?Where next for MQTT?
Where next for MQTT?Ian Craggs
 
Providing user security guarantees
Providing user security guaranteesProviding user security guarantees
Providing user security guaranteesKamal Spring
 
Introducing new Proof-of-Stake based networks - Why your network participatio...
Introducing new Proof-of-Stake based networks - Why your network participatio...Introducing new Proof-of-Stake based networks - Why your network participatio...
Introducing new Proof-of-Stake based networks - Why your network participatio...Michael Ng
 
MQTC 2016: IBM MQ Security deep dive including AMS
MQTC 2016: IBM MQ Security deep dive including AMSMQTC 2016: IBM MQ Security deep dive including AMS
MQTC 2016: IBM MQ Security deep dive including AMSRobert Parker
 
Blockchain explored
Blockchain explored Blockchain explored
Blockchain explored IBM Sverige
 
Secure Messages with IBM WebSphere MQ Advanced Message Security
Secure Messages with IBM WebSphere MQ Advanced Message SecuritySecure Messages with IBM WebSphere MQ Advanced Message Security
Secure Messages with IBM WebSphere MQ Advanced Message SecurityMorag Hughson
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...
Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...
Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...Dilum Bandara
 
Blockchin Architecture on Azure-Part-3
Blockchin Architecture on Azure-Part-3Blockchin Architecture on Azure-Part-3
Blockchin Architecture on Azure-Part-3Mohammad Asif
 
Blockchain Hyper Ledger Fabric : Bangkok Conference
Blockchain Hyper Ledger Fabric : Bangkok ConferenceBlockchain Hyper Ledger Fabric : Bangkok Conference
Blockchain Hyper Ledger Fabric : Bangkok ConferenceAraf Karsh Hamid
 
CTU 2017 - I168 IBM MQ in the cloud
CTU 2017 - I168 IBM MQ in the cloudCTU 2017 - I168 IBM MQ in the cloud
CTU 2017 - I168 IBM MQ in the cloudRobert Parker
 
Mq ssl channels_on_windows
Mq ssl channels_on_windowsMq ssl channels_on_windows
Mq ssl channels_on_windowskarthickmsit
 
531: Controlling access to your IBM MQ system
531: Controlling access to your IBM MQ system531: Controlling access to your IBM MQ system
531: Controlling access to your IBM MQ systemRobert Parker
 
SSL & TLS Architecture short
SSL & TLS Architecture shortSSL & TLS Architecture short
SSL & TLS Architecture shortAvirot Mitamura
 

La actualidad más candente (18)

MQTT - MQ Telemetry Transport for Message Queueing
MQTT - MQ Telemetry Transport for Message QueueingMQTT - MQ Telemetry Transport for Message Queueing
MQTT - MQ Telemetry Transport for Message Queueing
 
Microservices Security landscape
Microservices Security landscapeMicroservices Security landscape
Microservices Security landscape
 
Blockchain Scalability - Themes, Tools and Techniques
Blockchain Scalability - Themes, Tools and TechniquesBlockchain Scalability - Themes, Tools and Techniques
Blockchain Scalability - Themes, Tools and Techniques
 
Where next for MQTT?
Where next for MQTT?Where next for MQTT?
Where next for MQTT?
 
ppt
pptppt
ppt
 
Providing user security guarantees
Providing user security guaranteesProviding user security guarantees
Providing user security guarantees
 
Introducing new Proof-of-Stake based networks - Why your network participatio...
Introducing new Proof-of-Stake based networks - Why your network participatio...Introducing new Proof-of-Stake based networks - Why your network participatio...
Introducing new Proof-of-Stake based networks - Why your network participatio...
 
MQTC 2016: IBM MQ Security deep dive including AMS
MQTC 2016: IBM MQ Security deep dive including AMSMQTC 2016: IBM MQ Security deep dive including AMS
MQTC 2016: IBM MQ Security deep dive including AMS
 
Blockchain explored
Blockchain explored Blockchain explored
Blockchain explored
 
Secure Messages with IBM WebSphere MQ Advanced Message Security
Secure Messages with IBM WebSphere MQ Advanced Message SecuritySecure Messages with IBM WebSphere MQ Advanced Message Security
Secure Messages with IBM WebSphere MQ Advanced Message Security
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
 
Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...
Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...
Modeling Multi-Layer Access Control Policies of a Hyperledger-Fabric-Based Ag...
 
Blockchin Architecture on Azure-Part-3
Blockchin Architecture on Azure-Part-3Blockchin Architecture on Azure-Part-3
Blockchin Architecture on Azure-Part-3
 
Blockchain Hyper Ledger Fabric : Bangkok Conference
Blockchain Hyper Ledger Fabric : Bangkok ConferenceBlockchain Hyper Ledger Fabric : Bangkok Conference
Blockchain Hyper Ledger Fabric : Bangkok Conference
 
CTU 2017 - I168 IBM MQ in the cloud
CTU 2017 - I168 IBM MQ in the cloudCTU 2017 - I168 IBM MQ in the cloud
CTU 2017 - I168 IBM MQ in the cloud
 
Mq ssl channels_on_windows
Mq ssl channels_on_windowsMq ssl channels_on_windows
Mq ssl channels_on_windows
 
531: Controlling access to your IBM MQ system
531: Controlling access to your IBM MQ system531: Controlling access to your IBM MQ system
531: Controlling access to your IBM MQ system
 
SSL & TLS Architecture short
SSL & TLS Architecture shortSSL & TLS Architecture short
SSL & TLS Architecture short
 

Similar a Microservice & Service Mesh Workshop

Microservices Part 3 Service Mesh and Kafka
Microservices Part 3 Service Mesh and KafkaMicroservices Part 3 Service Mesh and Kafka
Microservices Part 3 Service Mesh and KafkaAraf Karsh Hamid
 
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18CodeOps Technologies LLP
 
Microservices: Where do they fit within a rapidly evolving integration archit...
Microservices: Where do they fit within a rapidly evolving integration archit...Microservices: Where do they fit within a rapidly evolving integration archit...
Microservices: Where do they fit within a rapidly evolving integration archit...Kim Clark
 
Do I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptxDo I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptxPINGXIONG3
 
How Cloud Computing will change how you and your team will run IT
How Cloud Computing will change how you and your team will run ITHow Cloud Computing will change how you and your team will run IT
How Cloud Computing will change how you and your team will run ITPeter HJ van Eijk
 
Do You Need A Service Mesh?
Do You Need A Service Mesh?Do You Need A Service Mesh?
Do You Need A Service Mesh?NGINX, Inc.
 
MicroServices architecture @ Ctrip v1.1
MicroServices architecture @ Ctrip v1.1MicroServices architecture @ Ctrip v1.1
MicroServices architecture @ Ctrip v1.1William Yang
 
ISTIO Deep Dive
ISTIO Deep DiveISTIO Deep Dive
ISTIO Deep DiveYong Feng
 
Service Mesh CTO Forum (Draft 3)
Service Mesh CTO Forum (Draft 3)Service Mesh CTO Forum (Draft 3)
Service Mesh CTO Forum (Draft 3)Rick Hightower
 
Best Practices Building Cloud Scale Apps with Microservices
Best Practices Building Cloud Scale Apps with MicroservicesBest Practices Building Cloud Scale Apps with Microservices
Best Practices Building Cloud Scale Apps with MicroservicesJim (张建军) Zhang
 
Service mesh from linkerd to conduit (cloud native taiwan meetup)
Service mesh from linkerd to conduit (cloud native taiwan meetup)Service mesh from linkerd to conduit (cloud native taiwan meetup)
Service mesh from linkerd to conduit (cloud native taiwan meetup)Chia-Chun Shih
 
Managing microservices with Istio Service Mesh
Managing microservices with Istio Service MeshManaging microservices with Istio Service Mesh
Managing microservices with Istio Service MeshRafik HARABI
 
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...apidays
 
Concurrency at Scale: Evolution to Micro-Services
Concurrency at Scale: Evolution to Micro-ServicesConcurrency at Scale: Evolution to Micro-Services
Concurrency at Scale: Evolution to Micro-ServicesRandy Shoup
 
Cloudhnologysstecociat
CloudhnologysstecociatCloudhnologysstecociat
CloudhnologysstecociatAnne Starr
 
Comparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesComparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesMirantis
 
2016 - 10 questions you should answer before building a new microservice
2016 - 10 questions you should answer before building a new microservice2016 - 10 questions you should answer before building a new microservice
2016 - 10 questions you should answer before building a new microservicedevopsdaysaustin
 
Microservices Architecture - Cloud Native Apps
Microservices Architecture - Cloud Native AppsMicroservices Architecture - Cloud Native Apps
Microservices Architecture - Cloud Native AppsAraf Karsh Hamid
 
WSO2Con ASIA 2016: Understanding Microservice Architecture
WSO2Con ASIA 2016: Understanding Microservice ArchitectureWSO2Con ASIA 2016: Understanding Microservice Architecture
WSO2Con ASIA 2016: Understanding Microservice ArchitectureWSO2
 

Similar a Microservice & Service Mesh Workshop (20)

Microservices Part 3 Service Mesh and Kafka
Microservices Part 3 Service Mesh and KafkaMicroservices Part 3 Service Mesh and Kafka
Microservices Part 3 Service Mesh and Kafka
 
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18
 
Microservices: Where do they fit within a rapidly evolving integration archit...
Microservices: Where do they fit within a rapidly evolving integration archit...Microservices: Where do they fit within a rapidly evolving integration archit...
Microservices: Where do they fit within a rapidly evolving integration archit...
 
Do I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptxDo I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptx
 
How Cloud Computing will change how you and your team will run IT
How Cloud Computing will change how you and your team will run ITHow Cloud Computing will change how you and your team will run IT
How Cloud Computing will change how you and your team will run IT
 
Service mesh
Service meshService mesh
Service mesh
 
Do You Need A Service Mesh?
Do You Need A Service Mesh?Do You Need A Service Mesh?
Do You Need A Service Mesh?
 
MicroServices architecture @ Ctrip v1.1
MicroServices architecture @ Ctrip v1.1MicroServices architecture @ Ctrip v1.1
MicroServices architecture @ Ctrip v1.1
 
ISTIO Deep Dive
ISTIO Deep DiveISTIO Deep Dive
ISTIO Deep Dive
 
Service Mesh CTO Forum (Draft 3)
Service Mesh CTO Forum (Draft 3)Service Mesh CTO Forum (Draft 3)
Service Mesh CTO Forum (Draft 3)
 
Best Practices Building Cloud Scale Apps with Microservices
Best Practices Building Cloud Scale Apps with MicroservicesBest Practices Building Cloud Scale Apps with Microservices
Best Practices Building Cloud Scale Apps with Microservices
 
Service mesh from linkerd to conduit (cloud native taiwan meetup)
Service mesh from linkerd to conduit (cloud native taiwan meetup)Service mesh from linkerd to conduit (cloud native taiwan meetup)
Service mesh from linkerd to conduit (cloud native taiwan meetup)
 
Managing microservices with Istio Service Mesh
Managing microservices with Istio Service MeshManaging microservices with Istio Service Mesh
Managing microservices with Istio Service Mesh
 
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
 
Concurrency at Scale: Evolution to Micro-Services
Concurrency at Scale: Evolution to Micro-ServicesConcurrency at Scale: Evolution to Micro-Services
Concurrency at Scale: Evolution to Micro-Services
 
Cloudhnologysstecociat
CloudhnologysstecociatCloudhnologysstecociat
Cloudhnologysstecociat
 
Comparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesComparison of Current Service Mesh Architectures
Comparison of Current Service Mesh Architectures
 
2016 - 10 questions you should answer before building a new microservice
2016 - 10 questions you should answer before building a new microservice2016 - 10 questions you should answer before building a new microservice
2016 - 10 questions you should answer before building a new microservice
 
Microservices Architecture - Cloud Native Apps
Microservices Architecture - Cloud Native AppsMicroservices Architecture - Cloud Native Apps
Microservices Architecture - Cloud Native Apps
 
WSO2Con ASIA 2016: Understanding Microservice Architecture
WSO2Con ASIA 2016: Understanding Microservice ArchitectureWSO2Con ASIA 2016: Understanding Microservice Architecture
WSO2Con ASIA 2016: Understanding Microservice Architecture
 

Último

%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park masabamasaba
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationJuha-Pekka Tolvanen
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...Jittipong Loespradit
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareJim McKeeth
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxAnnaArtyushina1
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024VictoriaMetrics
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...masabamasaba
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...masabamasaba
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrandmasabamasaba
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in sowetomasabamasaba
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 

Último (20)

%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - Keynote
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 

Microservice & Service Mesh Workshop

  • 2. "All problems in Computer Science can be solved by another level of indirection, except for the problem of too many layers of indirection”. David J. Wheeler, Computer Scientist Inventor of the "Closed Subroutine", 1927-2004.
  • 3. All information are public. 3 main tasks • Content qualification • Content structuring • Content application
  • 4. • Structured Design: Fundamentals of a Discipline of Computer Program and Systems Design, Larry Constantine, Ed Yourdon, 1979 • “Low coupling is a sign of a well structured computer system.” (Baixo acoplamento é um sinal de um sistema de computador bem estruturado). • “High cohesion tend to be preferable because it is associated with several desirable traits of software including robustness, reliability, reusability, and understandability.” (Alta coesão tende a ser preferível porque está associada com vários traços de software desejáveis incluindo robutez, confiabilidade, reusabilidade e compreensão) • “...Clearly, cohesion and coupling are interrelated. The greater the cohesion of individual modules in the system, the lower the coupling between modules will be...”. (Claramente, coesão e acoplamente estão inter-relacionados. Quanto maior a coesão dos módulos individuais em um sistema, menor será o acoplamente entre os módulos. Coupling and Cohesion
  • 5. In summary, Service Orientation is an excellent principle. An ESB implementation approach is not a good solution though. Back in 2005, Anne Thomas Manes, Gartner’s VP, wrote the famous article “SOA is Dead; Long Live Services” (http://apsblog.burtongroup.com/2009/01/soa-is-dead-long-live-services.html). MSA by Adrian Cockcroft, AWS’ VP: “Service-oriented architecture composed of loosely coupled elements that have bounded contexts”. Same principles, distinct implementations. Monoliths -> Microservices Service Orientation – SOA and MSA MicroservicesMonolithDB DB A DB B ESB OrdersCustomers LB Microservice A Customers LB Microservice B Orders LB Microservice C Invoices LB Invoices DB C
  • 6. • There is no way to build a unified domain model for all systems. • Complex system divided in “Bounded Contexts”. • Each “Context” defines its own unified model and its relationships with other contexts. • A contexto is implemented by a Microservice (or a set of Microservices). DDD – “Domain-Driven Design”
  • 7. MSA Microservices Architecture API Gateway Legacy Systems Microservices Reference Architecture ERP MDM CRM Mainframe Firewall Firewall DMZ Microservice 1 ... Cloud APIs SaaS PaaS Message Channels Service Component Service Component ... Outer Architecture Inner Architecture Microservice 2 Service Component Service Component Inner Architecture Microservice 3 Service Component Service Component Inner Architecture Microservice N Service Component Service Component Inner Architecture A Guidance Framework for Architecting Portable Cloud and Multicloud Applications, Gartner Eric Knipp, Traverse Clayton, Richard Watson, Gartner, 16/12/16 Identity Provider Mobile Apps End Users 3rd Party Apps
  • 8. Infraestrutura de Serviços ESB Firewall API Gateway AuthN & AuthZ Service Virtualization & Composition Data Transformation Throttling API Manager Versioning Knowledge Base Life Cycle Management Billing Firewall API Developers Portal AuthN & AuthZ Financials API ConsumersAPI Developers Identity Management AuthN & AuthZ Provisioning Analytics API Publication API Usage Credentials Billing Data TXs Data Service Invocation API Management Reference Architecture MSA API Monitoring API Usage Operational Analytics
  • 9. Service Provider 1 (SP) Domain B i. e.: On Premises Service Provider 2 (SP) Domain C i. e.: Cloud Identity Provider Principal Identity Provider (IdP) Domain A Credentials (User/Passwd X.509 OTP tokens) Id Token (JWT) • IdP and SPs define a “Circle of Trust”. • OpenID Connect is the preferred standard AuthorizationAuthorizationUser Databases LDAP DBMS
  • 10. What you have + what you know + what you are Security Factors + + PIN + PIN PIN+ PIN+ What you have + what you are What you have + what you know What you are What you know What you have Authentication Factors Digital Certificate Token OTP Token Personal Identification Number 1 Factor Authentication 2 Factor Authentication 3 Factor Authentication
  • 11. Communication Models – Synchronous and Asynchronous • Synchronous Calls: • Asynchronous calls can be implemented as 1-to-1 or 1-to-many: API Gateway Service A Service CService B API Gateway Service A Service B HTTP HTTP HTTP HTTP Queue API Gateway Service A Service B HTTP Event Bus Service C
  • 12. • Microservices are, by definition, a distributed and dynamic environment. • That is, the number of instances of a given Microservice might change overtime. Several reasons: Higher/lower throughput Canary Release A/B testing • How to deal with the policies change problem? Service Registration/Discovery Load Balancing Traffic Control • What about other requirements? Encrypted Communication Service ACL Service Logging Service Tracing Microservice 1 Microservice 2' Microservice 2'' Microservice 2''' Multiple Microservice instances
  • 13. Microservice 1 (Business Logic) More Logic (non-functional logic) - Service Discovery - Load Balancing - Tracing - Traffic Control - Circuit Breaker - Health Check - Secure Data Transfer Microservice 2 Instances (Business Logic) - Service Discovery - Load Balancing - Tracing - Traffic Control - Circuit Breaker - Health Check - Secure Data Transfer Microservice-to-microservice Communication - Logging - Metrics - Access Control - Logging - Metrics - Access Control More Logic (non-functional logic)
  • 14. Microservice 1 Standard capabilities - Service Discovery - Load Balancing - Traffic Control - Tracing - Circuit Breaker - Health Check - Secure Data Transfer - Logging - Metrics - Access Control Standard capabilities - Service Discovery - Load Balancing - Traffic Control - Tracing - Circuit Breaker - Health Check - Secure Data Transfer - Logging - Metrics - Access Control Microservice 2 Externalizing Capabilities
  • 15. ● Tightly-coupled Solution ● Difficult code distribution/upgrade ● It doesn't fit the Microservice polyglot principle Microservice Library - Service Discovery - Load Balancing - Traffic Control - Tracing - Circuit Breaker - Health Check - Secure Data Transfer - Logging - Metrics - Access Control Solution 1 - Library
  • 16. ● Loosely-coupled Solution ● Microservice code is not impacted by a proxy upgrade ● It doesn't need to follow the Microservice technology implementation decisions (i.e. programming language) ● All the income and outcome traffics are controlled by the proxy Microservice 1 Proxy - Service Discovery - Load Balancing - Traffic Control - Tracing - Circuit Breaker - Health Check - Secure Data Transfer - Logging - Metrics - Access Control Microservice 2 Proxy - Service Discovery - Load Balancing - Traffic Control - Tracing - Circuit Breaker - Health Check - Secure Data Transfer - Logging - Metrics - Access Control Solution 2 - Proxy
  • 17. Microservice 1 Proxy Microservice 2'Proxy Microservice 2''Proxy Microservice 2'''Proxy Solution – Proxy – Multiple Microservice instances One problem remains: Who is in charge of the proxies configuration?
  • 18. Microservice 1 Data Plane - Sidecar Data Plane - Sidecar Control Plane Policies Configuration Metrics Data Metrics Data Microservice 2 Service Mesh Pattern
  • 19. ● Proxies don't do "call-outs": it would be a very big network consuming architecture ● Instead, it's a "push-based" architecture. ● Control Plane ○ Responsible for configuring all the proxies based on policies changes and Microservices instances incarnation/termination ● Data Plane ○ The "runtime" part of the Service Mesh ○ Transparent proxy ○ Stores all the policies defined and pushed by the Control Plane ○ Reports the Control Plane with metrics Service Mesh
  • 20. • Service Mesh is an “Architecture Pattern” to address the microservice-to-microservice communication requirements. • There are some Service Mesh implementations available today including Istio (http://www.istio.io), Kuma (https://kuma.io/), Linkerd (http://linkerd.io), etc. Sidecar (proxy) Service Mesh Pattern Microservice 1 Business Logic Load Balancing, Service Discovery, Circuit Breaker, Traffic Control, etc Sidecar (proxy) Microservice 2 Business Logic Load Balancing, Service Discovery, Circuit Breaker, Traffci Control, etc Service Mesh Control Plane
  • 21. ● The network is reliable. ● Latency is zero. ● Bandwidth is infinite. ● The network is secure. ● Topology doesn't change. ● There is one administrator. ● Transport cost is zero. ● The network is homogeneous. • L. Peter Deutsch, one of the original Sun "Fellows", is credited with penning the first seven fallacies in 1994 • Bill Joy and Tom Lyon had already identified the first four as "The Fallacies of Networked Computing” • James Gosling, another Sun Fellow and the inventor of Java, added the eighth fallacy in 1997 Fallacies of Distributed Computing
  • 22. Service Mesh – Circuit Breaker
  • 23. Service Mesh – Load Balancing & Service Discovery Microservice 1 Sidecar 1 Registry Service Registration Microservice 2 instances Microservice 2 Sidecar 2 Microservice 2 Sidecar 2 Microservice 2 Sidecar 2 Service Discovery Load Balancing
  • 24. SidecarMicroservice Sidecar Microservice SidecarMicroservice Sidecar Microservice Control Plane API Gateway ● Coarse-grained policies ● (i.e. Global rate-limiting, User & App Authentication, IP Blacklist, etc.) Service Mesh Identity Provider Users & Apps Requests ● Fine-grained policies ● (i.e. Specific Microservice Cluster rate-limiting) API Management & Service Mesh - Security Revisited
  • 25. Microservices Architecture Docker EngineDocker Engine API Gateway Firewall Firewall DMZ Docker Engine Outer Architecture Microservice 1 Service Component Service Component Inner Architecture Microservice 1 Service Component Service Component Inner Architecture Microservice 2 Service Component Service Component Inner Architecture Kubernetes Cluster Docker & Kubernetes Identity Provider Mobile Apps End Users 3rd Party Apps
  • 26. Microservices Architecture Kubernetes PodKubernetes Pod API Gateway Firewall Firewall Mobile Apps End Users 3rd Party Apps DMZ Kubernetes Pod Outer Architecture Microservice 1 Service Component Service Component Inner Architecture Microservice 1 Service Component Service Component Inner Architecture Microservice 2 Service Component Service Component Inner Architecture Message Channels / Message Queues Sidecar 1 Sidecar 1 Sidecar 2 Service Discovery Circuit Breaker Health Checks Traffic Control Service Discovery Circuit Breaker Health Checks Traffic Control Service Discovery Circuit Breaker Health Checks Traffic Control Service Mesh Control Plane The Big Big Picture Kubernetes Cluster Identity Provider