Microservices / Networking

Kong Applies Machine Learning to Microservice Management

1 Apr 2019 9:11am, by

Kong, the company building out a service control platform based on the open source Kong API gateway, has added artificial intelligence and machine learning — Kong Brain and Kong Immunity — to the mix to help provide visibility, security and governance at scale.

“Enterprises are moving to microservices, but don’t have the right platform in place to learn from the traffic these microservices are executing,” said Marco Palladino, Kong Chief Technology Officer.

“We’re dealing with a new scale of things. The way we have been securing our services when we had only a handful of services cannot possibly work when we’re dealing with hundreds and thousands of APIs.”

Kong Immunity creates machine learning models asynchronously based on the data being exchanged for each service from Kong running as a sidecar or proxy for each of the different services without affecting performance.

It first sets a baseline “normal” for each service, then flags traffic that deviates from the expected patterns. It then automatically sends an alert to the specified person. It allows users to adjust settings to allow a certain amount of deviation from expected norms.

APIs are being created, versioned, connected, decommissioned continuously with traffic patterns that also continuously change, Palladino said.

“We cannot anticipate who is going to be the client making the request, so we cannot know which request can be potentially malicious. So we have to build machine learning models to determine which traffic is valid and which is not.”

It alerts users not only to external threats, but also internal threats, he pointed out.

With microservices, the clients for these services increasingly are inside the organization. It can prevent a team from doing something that could crash a microservice and on the dashboard provide visualization of whether anyone in the organization is making requests that might be a threat.

“We do that automatically. With one configuration can enforce this for any microservice. You do not have to create specific rule sets for each microservice,” he said.

Kong Brain uses OpenAPI spec files to automate the configuration for Kong Enterprise deployment. It uses a real-time collector to ingest documentation and data flows, analyze changes and take action.

Once a team pushes a new or updated service to Kong Enterprise, Kong Brain generates new OpenAPI documentation to the developer portal. It also cares a real-time visual map of services across teams, regions and platforms.

As it continues to learn about the environment, it will flag potential redundancies, bottlenecks and other issues.

“[One of the] reasons microservices fail is because the documentation is not up to date, so teams do not know how to consume other teams’ APIs. When that happens, you lose trust. When they lose trust, rather than relying on others’ work, they create over and over again the same microservices. This defies the purpose of a microservice architecture,” Palladino said.

“Documentation is also changing very rapidly. If the organization is creating all these services, then modifying them, versioning them, decommissioning them, the documentation has to change accordingly. Otherwise, it becomes a mess and nobody knows how to use these microservices.”

Kong Brain auto-generates documentation pushes it to the developer portal, which becomes a catalog of available microservices.

“Documentation now becomes a trusted authority within the enterprise. It gives trust to developers who have to consume another teams’ APIs,” he said.

Intelligent Decisions

Kong CEO and co-founder Augusto “Aghi” Marietti, in a previous post for The New Stack, cited the need for a new service control platform to manage APIs. Rather than just transporting information, it will understand the information and make intelligent decisions about what to with it, regardless of the environment, deployment pattern, language, or transport method used, he said.

Kong is built atop the NGINX reverse proxy server. It provides services including a RESTful API interface for the enrollment of APIs in a kind of registry and a platform for plugins, providing a base of common functions from which microservices are frequently borrowing.

Formerly known as Mashape, the company released Kong 1.0 last September with support for service mesh. Last week it released Kong 1.1 with declarative config and DB-less deployment capabilities.

It also just announced a $43 million Series C round led by Index Ventures, bringing total funding to $71 million.

Feature image via Pixabay.

A newsletter digest of the week’s most important stories & analyses.

View / Add Comments

Please stay on topic and be respectful of others. Review our Terms of Use.