Service Mesh is Not Enough

As software modernization efforts continue to increase, many software development and DevOps teams at large enterprises have begun adopting a variety of cloud-native services from multiple cloud vendors, along with containers, micro- and nano-services, serverless APIs, and data sources to increase the flexibility, scalability and modularity of software applications.

Although there is no debate that these technologies help organizations meet customer demands for better user experiences, these software applications are inherently more complex, resulting in a series of trade-offs that leave enterprise IT departments with a need to maintain control, security, and visibility across a growing portfolio of modern software applications that are often distributed across on-premise data centers, container orchestration platforms, or a combination of hybrid- and multi-cloud environments.

What is a Service Mesh?

Over the last few years, some large organizations have begun to adopt open-source service mesh solutions to provide an infrastructure layer for managing internal service-to-service communications, traffic routing, and load balancing, primarily in Kubernetes environments, using a centralized, configurable control plane.

Because of the distributed nature of modern software applications, a service mesh enables separate application components to communicate with each other by routing internal east-west application traffic, for example, from service A to service B, based on pre-defined configuration policies that are deployed from a central control plane to a series of proxies attached to each microservice.

Despite service mesh technology becoming popular within the open-source developer community, Gartner® positions service mesh in the “Trough of Disillusionment” in the July Hype Cycle™ for Open-Source Software, 2022 report.¹

Given service mesh technology’s limited support for enterprise-grade application networking, security, and visibility, several managed services companies have emerged to address missing feature sets, offering paid support on top of the open-source project in an attempt to leverage the open-source community, fill project gaps and gain market share.

However, a service mesh on its own is not enough to fulfill the complex software development needs of large enterprises and government agencies. These large-scale organizations seek to govern enterprise architectures across on-premise, container, or hybrid- and multi-cloud environments, accelerate software delivery, and increase speed to market across DevOps and PlatformOps teams, while ensuring zero-trust application security.

What is an Application Networking Platform?

As defined by Gartner VP Analyst Kevin Matheny in the “Solution Path for Applying Microservices Architecture Principles” report in December 2021,² an Application Networking Platform consists of several functional components and core capabilities including a runtime platform, external gateway, application networking, backing services, developer experience, and telemetry. Service mesh is one of the functional components of application networking.

So, while a service mesh enables east-west traffic routing within a distributed software application, an application networking platform includes service mesh capabilities along with additional functionality. These capabilities may include the ability to manage multi-tenant teams, simplify configuration management, and control north-south traffic between external APIs.

Additional enterprise capabilities allow Network / Security Operations Center teams to take recommended actions based on capturing advanced telemetry, detecting anomalies with AI and machine learning, conducting health checks, and surfacing heuristic insights.

Application networking platforms also prioritize security requirements to enable zero-trust network access to control the blast radius of potential application data breaches by segmenting applications, data and users. As organizations break down monolithic software applications into separate micro- and nano-service instances operating across multiple cloud environments, developers must also enable several security protocols to protect application data in transit. These include Mutual Transport Layer Security (mTLS) encryption, user authentication, token management and exchanges, granular policy enforcement points (PEP) and policy information points (PIP), role-based access control, and certificate rotation.

Additionally, an application networking platform provides organizations with in-depth governance capabilities, for example, allowing software architects and DevOps engineers to create, govern, expose, and manage application and API policy configurations across a fleet of micro- or nano-services, the data sources they access, as well as the applications themselves, while auditing every transaction throughout the network to enforce compliance with FIPS, PCI, HIPAA, GDPR, and other industry regulations.

What Else Does an Application Networking Platform Do?

An application networking platform does the hard work of integrating all the additional technologies not included in a stand-alone service mesh to provide the missing management, control, security, and visibility needed by today’s leading software development teams, while enabling elastic growth, unprecedented interoperability, and the rapid development of new application services.

• Service Mesh – manages east/west application traffic policies
• API Gateway – manages north/south application traffic policies
• Control Plane – manages, controls, and supervises the fleet of data plane proxies.
• Infrastructure Intelligence – provides additional telemetry data beyond just transaction counters, including number of changes made to policy, health of upstream and dependent services, visibility into what application is running on which service mesh, and more.
• Service Discovery – catalogs and curates all available services, including non-Kubernetes services, to prioritize and shape traffic to meet application performance demands
• Configuration Store – provides version control of config files in a multi-tenant way, while automatically rolling back changes that are not working right to provide instantaneous healing
• Data Mesh – decentralizes and federates data ownership across a collection of APIs and databases by shifting policy management closer to the source for faster, more secure data access and availability
• Cyber Mesh – enables dynamic access controls throughout the application network for greater enterprise-wide security, while also serving as a real-time telemetry feed source for SIEM and other traditional security tools

Which Option is Right for Your Organization?

If your organization is just getting started with microservices, or is only building greenfield solutions using Kubernetes environments software applications without the need to migrate legacy infrastructure, then an Istio-based service mesh solution might be all your DevOps team needs to manage basic service-to-service communications to allow “service A to talk to service B.”

However, if your enterprise needs more granular control over the complexity that microservices and hybrid- and multi-cloud application architectures introduce to your development team, built-in security to provide fine-grain access controls over which users can access which services and data sources, or real-time visibility into the black box of distributed software application performance, an application networking platform is a better investment.

Although existing service mesh solutions may not address all your organization’s needs to manage, secure and observe its microservices-based applications, the final decision might depend on the number of available software developers, the sophistication of your software architects, the platform requirements of your DevOps engineers, or the software delivery timelines set by your CIO/CTO executives.

What Can Greymatter.io Do For Your Enterprise?

Greymatter.io is the best way to control the complexity of modern software applications. Our enterprise application networking platform delivers unprecedented control, security, and visibility across any hybrid or multi- cloud environment. Our unified solution combines service mesh, API management and infrastructure intelligence to reduce complexity, ensure security, enforce compliance, and optimize performance.

The world’s largest enterprises and government agencies depend on our platform to govern enterprise architectures, accelerate software delivery, and increase speed to market. Founded outside Washington, D.C. in 2015, greymatter.io is widely deployed worldwide throughout mission-critical defense and intelligence environments and is backed by Elsewhere Partners.

Contact us today to schedule a demo of our enterprise application networking platform to help your organization maximize its microservices investments, reduce its coding, integration, and tooling costs, and save months or even years of development time.

Footnotes:

1. “Hype Cycle for Open-Source Software, 2022,” Oleksandr Matvitskyy, Mark Driver, Anne Thomas, Gartner, July 2022
2. “Solution Path for Applying Microservices Architecture Principles,” Kevin Matheny, Gartner, December 2021

Disclaimer:

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. Gartner is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.