Avatar

With contributing writers: John Joyce and Peter Kisich


Cisco Intersight Kubernetes Service Advances Multi-cluster Observability with Service Mesh Manager

The release of Intersight Kubernetes Service (IKS) was just the first step to enable our customers in their digital transformation and cloud native initiatives.  We have now added a way for customers to easily scale, manage, and observe microservices across on-premises and cloud multi-cluster architectures with Cisco Service Mesh Manager (SMM).  SMM is now available from Cisco as an extension to Intersight Kubernetes Service and is included in the current IKS Advantage tier at no additional cost.

Why did we build Service Mesh Manager?

A microservices architecture puts application software functionality into multiple individual services that are independently deployable and easier to maintain and test.  As these services scale, the microservices architecture can quickly become very complex, including multiple clusters in multiple locations both on -premises and in the cloud. Visibility and security of these distributed microservices becomes difficult to manage. Therefore, modern enterprise deployments rely on Istio,  CNCF Survey’s  leading open-source service mesh, to provide a consistent and conformant way to enable connectivity, observability, and security between these microservices.

Service Mesh Manager builds upon the advantages of 100% upstream Istio by adding a powerful UI/API and tooling to manage complex multi-cluster applications and services across any cloud, any time, and from anywhere. All completely life cycle managed for you to simplify multi-cluster deployments with the benefit of security patching and upgrades.

How does it help?

Single Management Pane, with extended protocol support

Service Mesh Manager provides customers a simplified and scalable way to use the Istio service mesh.  Unlike Istio, which requires separate installation of one tool for metrics, another for topology and yet another for tracing, Service Mesh Manager integrates visibility into a single pane of glass so customers can maintain their application service level objectives over time.  It also off-loads cluster and mesh administration from developers and application security, visibility, and traffic management from DevOps and SRE teams. Developers, then, are free to focus on their code with a consistent framework in place.  SMM also includes traffic metrics for commonly used protocols such as MySQL and PostgreSQL in addition to all the protocols supported by Istio. For a demo, view the video.

 

 

Figure 1: Service Mesh Manager-Integrated Topology & Metrics View

 

Proactively track Service Level Objective (SLO) success  

Microservices are designed to accommodate failures with the assumption that the total recovery times across all the component microservice failures are fast enough to achieve customer Service Level Agreements (SLAs). To track customer SLA success, administrators can define the SLO for individual microservice levels and monitor if the projected total failure downtime might exceed the SLO’s error budget.

The advanced UI/API features of Cisco Service Mesh Manager includes the ability to set performance thresholds with alerts to help manage Service Level Objectives. Customer can proactively track SLA success by measuring SLOs and Error Budgets at component microservices and trigger alerts when projections exceed error budget thresholds to take corrective action as shown in Figure 2. For a demo, view the video.

 

Figure 2: Service Mesh Manager-SLO Burn rates and Alerting Strategy View

 

Apply Consistent Security Policies Across Multi-Cluster and Multi-Cloud

SMM helps manage security challenges before they arise. SMM UI includes a simple button to enable Mutual TLS (mTLS) and then provides a quick visibility of the security posture within the topology view. mTLS secures communication between microservices in a service mesh by using cryptographically secure technology to mutually authenticate individual microservice workloads and encrypt the traffic between them to help keep the worry of “eavesdroppers” off the table.  SMM also includes a UI to create/manage certificates and terminate TLS connections at ingress gateways for securing microservices that do not natively support TLS capabilities. For a demo, view the video.

 

Figure 3: Cisco Service Mesh Manager- Simple button to enable mTLS and view security posture

Day 2 Troubleshooting, Application Resiliency and Upgrades

Let’s face it, service downtimes usually mean you are losing money – either because your customers cannot interact or because you are breaking the SLA.

SMM simplifies Day 2 troubleshooting with functionality such as a timeline view to quickly zone-in on error details, a health view to detect outliers, and distributed tracing and traffic tapping/tracing to triage issues. This helps faster root cause resolution to reduce downtime and help organizations deliver on SLAs.

SMM UI/API supports a simple interface which enables timeouts and retries to increase application resiliency and minimize downtime. If network traffic becomes too heavy between the microservices, timeouts and retries can help improve the customer experience by smoothing out network latency and intermittent network instability.

SMM also supports intelligent canary upgrades rollout of new versions of the applications. During the rolling out of new versions of applications, instead of common patterns of rolling upgrades, SMM supports more intelligent canary upgrades where traffic is gradually migrated to the new service based on traffic success metrics. This shift-left canary upgrades, in which testing traffic success metrics is performed earlier in the deployment phase, drastically improves software quality, security, and time to market.

Conclusion

Observability, traffic management, and security are the pillars required for managing cloud native challenges. Cisco is excited to announce that SMM is now generally available and included in the current IKS Advantage tier. Our Service Mesh Manager is fast becoming one of the main architectures used to deploy and manage microservices environments because of the benefits it brings including advanced traffic management, holistic observability, and stronger security. Stay tuned as we will be adding exciting new capabilities in the upcoming months, continuously expanding the cloud native observability and security with weekly production pushes! And last but not least, we welcome you to give Service Mesh Manager a try with a free 90-day trial.

 


Resources:

Intro to Cisco Service Mesh Manager Video

Cisco Service Mesh Manager At-a-Glance



Authors

Meenakshi Kaushik

Product Manager, Engineering

Cloud