Skip to content

Introduction to the Service Mesh

The Service Mesh service provides a dedicated infrastructure layer for making your microservices communication secure, reliable, and observable. It gives you granular control over your service-to-service traffic, enhances your security posture with zero-trust networking, and provides deep insights into the behavior of your distributed applications.

As you adopt a microservices architecture, the number of services communicating with each other grows, and managing this communication becomes increasingly complex. While the Service Proxy handles traffic entering and leaving the cluster (North-South traffic), a service mesh is designed to manage the communication between services inside the cluster (East-West traffic).

Our managed Service Mesh is built on Istio, the industry-standard, open-source service mesh platform. It works by deploying a lightweight proxy (called a sidecar) next to each of your application pods. These proxies intercept all network traffic, allowing you to enforce policies and collect telemetry without making any changes to your application code.

Key Capabilities

A service mesh provides a wide range of capabilities that can be grouped into three main pillars: Connect, Secure, and Observe.

Connect (Intelligent Traffic Management)

Gain fine-grained control over how your services route traffic.

  • Dynamic Routing: Use advanced deployment strategies like canary releases and A/B testing by dynamically shifting traffic between different versions of a service.
  • Resilience: Automatically improve the resilience of your application with features like request retries, timeouts, and circuit breakers, which help prevent cascading failures.
  • Fault Injection: Intentionally inject delays and failures into your system to test the resilience of your applications in a controlled manner.

Secure (Zero-Trust Networking)

Enforce a zero-trust security model for all communication within your cluster.

  • Automatic Mutual TLS (mTLS): Istio automatically encrypts all traffic between your services, ensuring that communication is secure and authenticated, without requiring any changes to your application.
  • Fine-Grained Authorization: Create powerful authorization policies that define which services are allowed to communicate with each other. For example, you can enforce a policy that only the frontend service is allowed to call the payments service.

Observe (Deep Telemetry)

Gain deep, real-time insights into how your services are performing and interacting.

  • Automatic Telemetry: The service mesh automatically generates detailed metrics, distributed traces, and access logs for all service-to-service traffic.
  • Service Topology Visualization: Understand the dependencies and communication patterns between your services with automatically generated topology graphs.
  • Performance Monitoring: Monitor the "golden signals" (latency, traffic, errors, and saturation) for every service in your mesh without any instrumentation in your code.

Features

  • Transparent Operation: The service mesh operates transparently to your applications, which remain unaware of the proxies.
  • Centralized Control Plane: Configure all traffic management, security, and observability policies from a single, unified control plane.
  • Fully Managed: We handle the complex task of installing, configuring, upgrading, and operating the Istio control plane, so you can focus on leveraging its powerful features.

Tip

For general information about pricing, legal or support concerning the platform, services or components, consult your contract or see the contact page.