What is a service mesh? A service mesh is an abstraction that allows application and service developers to focus on the business value of their services, as well as abstracting common secondary concerns for security, logging and monitoring. It allows these additional important concerns to be managed independently from changes to the business logic and managed in a common way across related services.
How does it work? A service mesh works by inserting a “proxy” service (AKA a sidecar) around each application service that is being managed. This sidecar manages the flow of API calls to the service and delegates decision-making for all of the non-application concerns.
Service Mesh Benefits
The benefits of having this are in the abstraction of changes and promotion of new service functions that can be managed separately from the infrastructure of the underlying network. Secondly, security and networking changes can be managed more globally and do not have to be applied separately to each individual service. This is how it helps separate “control” concerns from “data” communication concerns.
Also, a service mesh helps benefit cloud-based apps, containers and microservices by empowering agility in the organization through enabling separation of these functions. For example, “mesh agents” expose existing users’ microservices back into the view of their organizational APIs so they can manage APIs and services from the same “cockpit.” This is part becoming a common control plane to manage internal and external services, and then to manage the sharing of those APIs and services to their own consumers via a Unified Catalog.
How does it help manage the environment?
A service mesh can be managed by the local infrastructure manager or it can be remotely controlled by an external control plane. The physical management of the environment at an infrastructure level can take the form of local tooling integrated with a customer’s DevOps lifecycle.
Or, a service mesh can be externally managed by a common policy repository that is also integrated into a customer’s DevOps process. In both cases, the service mesh management takes the form of policies that are applied to a mesh environment to define the various rules that are applied by the proxy sidecars.
These policies are not visible to the application services in the cloud environment but are applied on their behalf by the service mesh.
What are the common features provided?
A service mesh allows you to manage your APIs, public and private services, along with the hybrid environments where they are located. Through a centralized SaaS control plane, you define the data plane where the governance policies are enforced (public cloud or your private cloud).
Mesh governance provides the following key capabilities:
- Manage your public and private services wherever they are located.
- Add a service mesh layer to your on-premise or private cloud hybrid environments.
- Connect and manage those hybrid environments and their service meshes.
- Manage your service mesh policies along with the environment’s related services and their associated APIs.
How will a service mesh make your enterprise safer and better?
A service mesh helps effectively manage your cloud environments by giving you a framework to consistently apply your organization’s policies to your microservices in those environments. It also allows you to standardize the microservices development lifecycle, along with the types of policies that can be applied to each new microservice as it is deployed into those environments.
What is the service mesh providing today? And for tomorrow?
Policies can be added to (mesh) proxies, mesh services, etc., to control the flow of API traffic inside the mesh. We do not expose native service mesh configurations directly to the customer.
We also use the native ability of the service mesh to create a basic Mesh Gateway that enables ingress into the mesh. This is configured automatically as mesh managed APIs are proxied and deployed. The policy service manages the policy application context in a canonical manner allow this to scale to other gateways and mesh environments in the future.
At the end of the day, a service mesh is a modern way to more efficiently manage your application lifecycle to abstract the growing and dynamically changing set of policies to need to manage them.
Want to learn more? Explore more information about Mesh governance.