Where are you using WebAssembly?
Wasm promises to let developers build once and run anywhere. Are you using it yet?
At work, for production apps
At work, but not for production apps
I don’t use WebAssembly but expect to when the technology matures
I have no plans to use WebAssembly
No plans and I get mad whenever I see the buzzword
Service Mesh / Tech Culture

The Art of the Service Mesh Policy

Nov 17th, 2019 4:00am by
Featued image for: The Art of the Service Mesh Policy

Aspen Mesh sponsored this post.

Andrew Jenkins
Andrew, Aspen Mesh’s CTO, co-founded Aspen Mesh because he observed containerized microservices making communication resiliency ever more important, but also more challenging to build and manage at scale. His software and hardware engineering background is in communication and networking including building and standardizing the nascent Interplanetary Internet and adding core datapath programmability to LineRate, a successful Boulder, CO-based startup. He loves the exhilaration of fixing the impossible bug.

Picture this: You’re the director of engineering at an enterprise organization. You have had a successful career managing small engineering teams and you’re now balancing the demands of managing an engineering organization while contributing to overall planning and strategy as part of senior staff.

You see a future with your company where you can grow your influence by more closely tying your organization’s work to the bottom line of the business. You have many responsibilities, including ensuring that your team is able to deliver well-behaved, resilient and intuitive applications that provide amazing user experiences.

Your policies are critical as they specify how your application responds after an action. When your policy works well, your stakeholders are happy. Sometimes, policies are guardrails, as well, so that the mistakes of engineers can’t cause failures on the user side. They could be optimizers, such as boosting network efficiency by automatically running clusters where it’s cheapest. They could also fix or mitigate faults, such as when an enhanced shopping cart is unhealthy, a more basic cart could be implemented instead. Security, access and scheduling policies all encode what response should happen automatically when an event occurs.

Your policy is obviously not working well when problems create more work for your team and cause your end-user to suffer. Among the greatest fears of those in the DevOps world is waking up to read about an outage or breach the team caused, either directly or indirectly, that you read about in the news.

Agility + Stability = Win

Agility is a company’s number-one business advantage — it’s the catalyst for digital transformation, enabling companies to define new ways of working. The need to stay agile is why companies like yours are looking to develop new architectures and embrace microservices and container technologies, such as Kubernetes and Istio.

Fun fact: According to F5’s “2019 State of Application Service Report,” 56% of the organizations surveyed were already employing containers and 69% were executing digital transformation by leveraging containers in order to meet increasing customer demands.”

But we all know that agility alone won’t help your company reach its goals. Agility plus stability will be your number one competitive advantage. When you’re able to meet evolving customer needs (while staying out of the news for downtime and security breaches), your competitors will be eating your dust.

Service Mesh and Policy

The result of companies embracing DevOps and microservice architectures is that teams can move faster and more autonomously than ever before. While that means faster time to market for applications, it also means more risk to the business.

So, who’s responsible for understanding and managing the company’s security and compliance requirements? You’ve got it — application teams that may not have the experience or desire to take on this burden.

The good news is that some service meshes allow you to remove the infrastructure burden from application teams in order to let platform operators handle it. Service mesh policy allows you to make disparate, ephemeral microservices act as a resilient system through controlling how services communicate with each other as well as with external systems. It also allows engineers to easily implement policies that can be mapped to application behavior outcomes, ensuring great end-user experiences.

Here are some additional benefits you can expect from the service mesh policy:

  • Provide a better user experience: Meet SLOs and SLAs and make it clear that business objectives are being met by system behavior.
  • Optimize cost: Service mesh can help you get the ideal mix of cost savings and uptime.
  • Decrease risk: Being secure and compliant and ensuring data integrity is key to your company’s success.
  • Drive progressive delivery: Decouple developers from the business side, so your dev team is free to develop as they like, but your business controls when customer-facing features are pushed.

 Policy Frameworks: Making Policy Easier to Manage

Many companies cope with the headache of specifying policy in several different places using many different tools. This adds risks around failures in compliance, increases the effort to modify policies and creates challenges in ensuring policies are both correct and applied appropriately to applications. Policy frameworks can help to relieve that pain, making it easy to create, test, review and improve policy — even when it includes contributions from many different roles in an organization.

Look for options that allow you to build on policy features sets by providing:

  • Advanced policy frameworks that allow users to describe business goals that are enforced in the application’s runtime environment.
  • A tested and hardened policy catalog that makes it easy to implement policies without having to build them yourself.
  • Role-based policy management that enables teams within organizations to create and apply policies according to their needs.
  • Streamlined application deployment packages that provide a uniform approach to API authentication and authorization with JWTs, mutual TLS and secure Ingress.
  • Deploying and scaling applications globally obeying your compliance rules and business-driven cost optimization goals.
  • Integration into GitOps or other tech workflows and a graphical user interface.

In other words, a service mesh allows you to remove the burden of managing infrastructure from application teams. It is also emerging as an essential tool for platform operators to manage Kubernetes platforms. Other capabilities a service mesh offers includes being able to make disparate microservices act as a resilient system through controlling how services communicate with each other and with external systems while managing it through a single control plane. Additionally, a service mesh allows engineers to easily implement policies that can be mapped to application behavior outcomes, making it easy to ensure great end-user experiences.

The next time you’re thinking about how to solve these challenges, take a look at some service meshes and policy frameworks to see if they could help.

Feature image via Pixabay.

Group Created with Sketch.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.