This is an executive introduction to Istio service mesh. It’s the first in a four-part series that also takes a technical deep dive into the technology, analyses key characteristics, and outlines canary release and deployment capabilities.
Modernisation is a critical success factor for cloud transformation. But the transition from monolithic legacy programs to cloud-native applications can be a challenge. Developers must learn to manage applications using loosely linked microservices. Simultaneously, operations teams must manage new cloud-native applications in larger hybrid and multi-cloud settings. Istio service mesh offers a powerful and effective way to address these needs. It makes it easier and quicker to modernise applications, enabling teams to secure, connect, and monitor enterprise microservices.
About Istio Service Mesh
Istio is an open-source platform that allows businesses to execute distributed, microservices-based systems from any location. It regulates traffic flows between services, enforces access policies, and accumulates data. All of this is achieved without requiring changes to application code.
Because it seamlessly overlays existing distributed systems, Istio reduces deployment complexity so teams can accelerate cloud adoption. It also helps overcome challenges which can impact business performance, including budget overruns, lagging time-to-market (TTM), and time spent building custom solutions. We’ll touch on each of these areas here. We also share a case study where Istio halved cloud costs, reduced TTM from weeks to an hour, and released more time for innovation.
A common drain on business resources is the creation of multiple cloud environments for different teams. This duplicates effort and spend, as well as requiring additional support and maintenance, potentially causing budgets to overrun unnecessarily.
With Istio, smart routing allows the same environment to be used by multiple teams, reducing the overall number of active resources. In-built infrastructure tools also enable operations teams to conduct monitoring from a single unified dashboard, further reducing complexity, effort, and costs. A well thought out implementation results in fully automated, unified infrastructure management, enabling efficient use of human resources and budget.
To maintain or achieve competitive advantage, innovations need to get to market and deliver business value as quickly as possible. Legacy tools and traditional processes can be a significant barrier to this.
Effective implementation of Istio overcomes the TTM challenge by enabling quicker and more frequent execution of new ideas. For instance, canary deployment features allow teams to release new functionality via an incremental, experimental process rather than a big-bang approach. Small releases make it easier to handle the functional and operational impact in situations where failure occurs. This instils operations and support teams with a higher level of confidence and can reduce TTM to seconds or minutes rather than days or weeks. From a business perspective, this results in better agility and an improved change rate (failure and rollback) with shorter lead time.
Time Spent Building Custom Solutions
Teams often develop custom solutions to support specific use cases. This requires a great deal of time and effort, both for development and ongoing maintenance. It can also result in a high level of technical debt, which in turn hinders innovation and negatively impacts customer experience and value.
Istio’s advanced technical capabilities and production-ready service mesh eradicate the need for custom solutions and maintenance. It organically drives innovations that might previously have been limited by technical debt, freeing time for innovation. First class, pre-integrated support of tools is included, so teams can focus on developing business value, rather than reinventing the wheel. Standardisation is promoted across teams, so they can achieve more with less code. All of this results in higher productivity and an improved experience for developers, operators, and release managers. It enables more frequent delivery of business features and value.
In short, Istio enables enterprises to scale the delivery of distributed applications. It streamlines network operations such as traffic management, authorisation, and encryption, as well as auditing and observability for service-to-service networks.
Case Study: Digital Transformation for a Telecoms Leader
One of our Fortune 100 clients was undergoing a major modernisation of flagship customer applications. We were engaged to support the journey via change management, coordination, implementation, training, and execution. Keeping in mind the current and future business requirements, we performed analysis to determine which microservices to retire, refactor and/or re-platform. We also deployed an Istio service mesh with the appropriate sidecar to enable finer grain control, increased observability, and tighter security. Over a nine-month period, we ideated, designed, and implemented an enterprise-scale service mesh which laid the foundation for future modernisation with daytime canary releases. The following sections cover the transformation in greater detail.
Transformation of Software Supply Chain: Zero-Touch CI/CD
A major aspect of the transformation was the overhaul of the client’s CI/CD pipelines. Multiple separate pipelines were being used by different personas (e.g., developers, release managers, infra, etc.) for similar purposes. Moreover, the deployment pipeline was different for the infra support group responsible for user acceptance testing (UAT) and production environments, potentially leaving a parity gap among the lower and higher environments, decreasing the confidence level of new deployments.
Considering these issues, it was critical to have a single consolidated pipeline to serve all the use cases for different personas. By design, the pipeline considered appropriate defaults, removing the need for manual inputs at runtime and reducing the chance of human error. Identified technologies included Gitlab pipelines, Helm Chart and helmfile, Terraform, KOPS, and to some extent, argoCD for a few of the use cases.
Transformation of Microservices Platform
The introduction of an enterprise grade service mesh was central to the modernisation program. As a team, we considered various characteristics of the available service mesh solutions before selecting Istio, these included:
- Production readiness
- Number of actual production deployments or Go-Lives
- Community activity regarding new feature and support
- Governance and licensing
- Commercial support vendor echo system
- Comparison of list advance features supported
- Feature roadmap
- Out-of-the-box support of current business and technical use cases
Using a zero-touch, fully automated pipeline meant the team was able to create and destroy environments confidently to utilise different configuration aspects of a mesh. Istio enablement only required a minor declarative configuration change to transparently activate it in the current working environment without the development team needing to be aware of the change. Istio control plane configuration management was implemented using Istio Operator technology which ensured seamless change management. Important Istio features that were implemented included Ingress and Egress Gateway, Smart Routing, versioned deployment, and integration to Datadog, as well as out-of-the-box Kiali visualisation.
Service mesh adoption was not difficult for the development team, but it did require a new way of looking at how versioned deployment functions. This mindset shift was critical for canary deployment solutions, so teams began testing Istio service features and gained confidence in their use. What’s more, they became keen to leverage the technology’s full potential. This incremental conditioning of the team’s approach helped make the service mesh transformation a real success story.
The transformation enabled our client to:
- Halve cloud costs through resource optimisation and reuse.
- Reduce TTM from weeks to an hour.
- Perform daytime deployment, eliminating off-hours releases.
- Improve the developer experience.
- Deliver more business value to end customers.
- Release more experimentation time for product teams.
Ten Advantages and Characteristics of Service Mesh
From a technological perspective, Istio promotes 12 Factor App concepts and benefits from container/serverless orientation (as opposed to VM orientation). Other technical advantages include:
- Injection of service proxies at deployment time, avoiding the need for development-time handling while still allowing full capabilities to be used.
- Emphasis on differentiated code (application, infra) and avoidance of code-bloat, removing complexity in the application. Also, separation of code from configuration enables declarative adaptation or shaping of the environment without the risks of code change.
- Reduced friction, with as many non-functional requirements as possible implicit in the architecture compliance is transparent and consistent.
- Promotion of developer-centric workflow/experience, where the developers control all code and configuration.
- Transparency, portability, and consistency, as the features supported are cloud/platform/language agnostic in a polyglot environment and do not require a change in application code.
- Out-of-the-box traffic routing behavior to support canary, versioning, and performance testing.
- Organisational support through exposure of fine-grained telemetry of services, endpoints, and the connections between them – with no effort.
- Increased options for implementing resiliency patterns for both clients and servers (e.g., circuit breakers) as well as the enablement of chaos engineering through failure (HTTP code) and latency injection.
- A pluggable policy layer and configuration API to support access controls, rate limits, and quotas.
- Support of service-to-service authentication, encryption, and authorisation with no effort on the part of the developer.
To summarise, Istio service mesh is a breakthrough approach characterised by modern concepts of software development. It’s a great option for enterprises with complex and changing requirements. By driving more efficient use of time, resources, and technology it eases common challenges of cloud modernisation, enabling innovation and delivering better experiences.
Read the rest of our Istio service mesh series:
- A Technical Deep Dive into Istio Service Mesh
- An Analysis of Istio Service Mesh
- Canary Release and Deployment on Istio Service Mesh
Or contact us if you’d like guidance and support with your own service mesh implementation.
Kamesh is seasoned technology professional focused on solving real world problems of enterprises using modern, innovative architecture having high emphasis on zero-trust security. He has led some of the largest digital transformation projects end-to-end from solution to delivery. He keeps a high focus on customer orientation, security, innovation & quality.