Today, we are excited to announce our collaboration with Google and IBM in the Istio project. Istio is an open, language-agnostic framework that connects, manages, and secures microservices. Combined with a cloud-native platform like Pivotal Cloud Foundry, a service mesh framework like Istio is a key ingredient for any implementation of a microservices-style architecture. Istio and the Open Service Broker API may be used as part of a broader solution to manage the lifecycle of production grade services.
Pivotal Cloud Foundry has been helping enterprises adopt, deploy, and manage microservices for years. And we also take an ecosystem approach to bringing solutions to the enterprise. Bringing Istio to the Pivotal Cloud Foundry ecosystem gives users new options.
In this post, I'll cover what this announcement means for enterprise users: their microservices requirements, the implications of Pivotal’s growing ecosystem, and making cloud-native application development and deployment a reality for enterprises.
What microservices need
Microservices is not a new topic for Pivotal. Operating microservices securely and at scale have a few major categories of requirements:
- Distributed security. There are many layers to the cloud-native security puzzle. Microservices architectures need a means for service-to-service authentication and encryption. As Justin Smith recently noted, “There’s no one size fits all solution” when it comes to encrypting data in motion. Istio provides a way to uniformly apply mutual TLS service to service authentication in a language-agnostic way. Ensuring consistency is usually in itself a security enhancement.
- Intelligent traffic management. Adding capabilities at the traffic management layer have been essential for web-scale services. This includes load balancing, policy enforcement, health checks, and more. Practices and technologies here go back fifteen years. Traditional traffic shaping focused on scaling web front-ends of “classic” three tier architectures. With microservices, traffic management gains some added complexity. There are many types of front-ends and exponentially more “layers”. To support the shift from three-tier to microservices architectures, service discovery and circuit breakers have emerged. There are different approaches of *how* to deploy intelligent traffic management. Istio builds upon Envoy, a high-performance proxy, deployed as a sidecar to the relevant service, regardless of language.
- Visibility. Distributed architectures need a different approach to troubleshooting. Enter: Distributed tracing. It has emerged as a powerful approach to understanding the interactions between services. But, as Charity Majors recently noted, "the problem with distributed tracing is: what do I trace?". On Pivotal Cloud Foundry, all traffic is instrumented with OpenTracing headers, which power the Trace Explorer feature in PCF Metrics. If you want to use Zipkin more generally, the Spring team has developed Spring Cloud Sleuth to instrument Spring apps accordingly. Istio also supports Zipkin to implement distributed tracing transparently to applications written in any language.
Istio brings an alternative implementation to meet these requirements that some of our customers are interested in taking advantage of.
Ecosystem: Bringing many solutions to a problem
At Pivotal, we often talk about the opinionated nature of the Cloud Foundry platform. Those opinions, no doubt, are a huge source of operational leverage for our customers. But, as Richard Seroter recently noted, one of the misconceptions about Cloud Foundry is that you have to use all those opinions. That would mean restricting important choices for enterprises.
When it comes to supporting microservices, we already work with Google Apigee, MuleSoft, ForgeRock, and, of course, the Spring ecosystem. Not to mention all the other partners that make up the more than fifty services available on the Pivotal Network. And I expect the number to keep growing. Why? Because the unique requirements of our enterprise customers demand it.
The many extensibility points of Cloud Foundry allow us to support an ecosystem of choice for our customers and still drive tremendous operational efficiencies. Whether it's databases, monitoring, security, and – yes – microservices infrastructure.
Solving for the enterprise-ready microservices platform
It's the early days for Istio – many enterprises are just learning about it today. We are excited to partner with our customers interested in adopting in a way that meets their enterprise requirements. If you are interested in working together on this, let us know.
