This article explores what is a service mesh and the benefits it brings to your enterprise.
Service mesh: What is it?
A service mesh is an abstraction that allows application and service developers to focus on the business value of their services, as well as abstracting common secondary concerns for security, logging and monitoring.
It allows these additional important concerns to be managed independently from changes to the business logic and managed in a common way across related services. Read how iPaaS changes API Management to mesh apps together faster.
The benefits of having this are in the abstraction of changes and promotion of new service functions that can be managed separately from the infrastructure of the underlying network. Secondly, security and networking changes can be managed more globally and do not have to be applied separately to each individual service. This is how it helps separate “control” concerns from “data” communication concerns.
Also, a service mesh helps benefit cloud-based apps, containers and microservices by empowering agility in the organization through enabling separation of these functions. For example, Axway’s “mesh agents” expose existing users’ microservices back into the AMPLIFY Central view of their organizational APIs so they can manage APIs and services from the same “cockpit” in AMPLIFY. This is part of AMPLIFY Central becoming a common control plane to manage internal and external services, and then to manage the sharing of those APIs and services to their own consumers via the AMPLIFY Unified Catalog.
How does it work?
A service mesh works by inserting a “proxy” service (AKA a sidecar) around each application service that is being managed. This sidecar manages the flow of API calls to the service and delegates decision-making for all of the non-application concerns.
How does it help manage the environment?
A service mesh can be managed by the local infrastructure manager or it can be remotely controlled by an external control plane. The physical management of the environment at an infrastructure level can take the form of local tooling integrated with a customer’s DevOps lifecycle. Discover more about DevOps.
Or, a service mesh can be externally managed by a common policy repository that is also integrated into a customer’s DevOps process. In both cases, the service mesh management takes the form of policies that are applied to a mesh environment to define the various rules that are applied by the proxy sidecars.
These policies are not visible to the application services in the cloud environment but are applied on their behalf by the service mesh.
What are the common features provided?
A service mesh via AMPLIFY Central allows you to manage your APIs, public and private services, along with the hybrid environments where they are located. AMPLIFY Central provides a centralized SaaS control plane, and you define the data plane where the governance policies are enforced (Axway public cloud or your private cloud).
AMPLIFY Central mesh governance provides the following key capabilities:
- Manage your public and private services wherever they are located.
- Add a service mesh layer to your on-premise or private cloud hybrid environments.
- Connect and manage those hybrid environments and their service meshes.
- Manage your service mesh policies along with the environment’s related services and their associated APIs.
How will a service mesh make your enterprise safer and better?
A service mesh helps effectively manage your cloud environments by giving you a framework to consistently apply your organization’s policies to your microservices in those environments. It also allows you to standardize the microservices development lifecycle, along with the types of policies that can be applied to each new microservice as it is deployed into those environments.
What is the service mesh providing today? And for tomorrow?
Today, AMPLIFY Central is exposing basic service mesh policies for east/west flow control. These policies can be added to (mesh) proxies, mesh services, etc., to control the flow of API traffic inside the mesh. We do not expose native service mesh configurations directly to the customer.
We also use the native ability of the service mesh to create a basic Mesh Gateway that enables ingress into the mesh. This is configured automatically as mesh managed APIs are proxied and deployed by AMPLIFY Central. The AMPLIFY Central policy service manages the policy application context in a canonical manner allow this to scale to other gateways and mesh environments in the future.
At the end of the day, a service mesh is a modern way to more efficiently manage your application lifecycle to abstract the growing and dynamically changing set of policies to need to manage them.
Want to learn more? Explore more information about Mesh governance.