By William Choe, VP Marketing/Product of Octarine
Istio delivers a new approach to networking for cloud native applications. With applications componentized to discrete functions, tremendous scalability and agility is achieved. However, network service identity based on the five-tuple and a centralized architecture is no longer effective. Istio network services are optimized for cloud native apps with key capabilities such as service discovery, routing, and load balancing. Once all the upstream and backend microservices are identified, Istio routing selects the right upstream service cluster and load balancing determines which service instance the request should be sent with the right policy (e.g. retries, timeouts). Further, for each request, detailed statistics, logs, and trace data are generated for traffic flow and forensic data visibility. This is service mesh butter…enabling a predictive and optimized cloud-native experience.
While Istio provides cloud-native network services and associated telemetry, Octarine provides total visibility, easy policy management, and ease of management. Integrating with Istio’s Mixer, visibility and access control for service-to-service communication is enabled with a logging adapter and an authorization adapter, respectively. The logging adapter forwards traffic info based on report API calls to the Octarine Controller, whereas the authorization adapter pulls policy from the Octarine Controller and applies it to incoming check API calls.
Based on these constructs and Istio primitives, Octarine provides total visibility of topology, policy, and forensic data. Topological cluster views include highlighting service-to-service relationships, activity, and statistics. The ability to zoom in and zoom out on microservices, review historical activity, and see detailed access methods are foundational to establishing rules and iteratively tighten them for a least privilege policy. Traffic forensics such as load statistics, out of band pings, and distributed trace data coupled with detailed microservice activity helps operators understand application behavior and debug problems as they occur. With Octarine’s Controller and Dashboard, devops teams gain a single pane of glass for easy policy management and troubleshooting.
Policy definition and implementation is easy to adjust to current conditions and keep enforcement aligned with business and security objectives with the Octarine framework. To get started, a policy configuration file can be imported to the Octarine Controller to establish known access controls. As insights and visibility are gained during staging or production; new rules can be easily added via the Octarine CLI, API, or Dashboard. For example, the Octarine Dashboard gives the user a simple way to define policy based on observed activity with the Activity to Policy feature. Policy definition is modeled after the Principal, Action, Resource, and Condition (PARC) framework. For example, Principal is the entity (e.g. service, user) for which a policy is applied. Action, as an example could be HTTP’ GET and POST method requests. Resource is the object or objects being requested. Lastly, Condition is a rule parameter and can be based on Istio provided objects (e.g. quota, preconditions). With the PARC framework, policy definition is easily adapted to compliance, security, and/or business requirements.
Bring your Istio cluster to life with ease of management. Using Octarine’s intuitive CLI, strong API, and rich UI, it’s simple to define policy, gain total visibility, troubleshoot issues, accelerate deployment, simplify operations and more. To demonstrate the power of Octarine with Istio, this video highlights a simple policy with the book review Istio cluster. If you would like more information, contact us at firstname.lastname@example.org.