Organizations everywhere are moving away from monolithic, homogeneous cloud applications toward microservices that execute in multi-cloud environments. As these requirements grow, the need for a standard microservices mesh has arisen.
Heretofore, DevOps professionals have confronted serious challenges when attempting to deploy and scale microservices dynamically in multicloud scenarios. Though each cloud provider ecosystem may provide high-quality tools for service discovery, load balancing and failure recovery in its own platform, the range of tools that can implement these services uniformly across myriad multi-cloud scenarios is limited. Typically, DevOps teams have needed to write custom code to manage their own specific heterogeneous mix of cross-platform microservices in a unified fashion.
To address this emerging marketplace requirement, IBM, Google, and Lyft have announced the launch of Istio. This defines an open-source framework for connecting, managing, and securing microservices across heterogeneous clouds, platforms, and vendors. Reminiscent of the service oriented architecture-era concept of an enterprise service bus, Istio defines a standard approach for managing microservices traffic flow management, access policy enforcement and the telemetry data aggregation in complex multi-clouds.
Intensifying the need for service-mesh frameworks such as Istio is the fact that there are not enough people in the world who understand how to build and manage Internet-scale cloud-native applications. The pool of technical professionals who know how to build and manage those apps across cloud-native environments—in other words, as distributed, containerized, and orchestrated microservices–is even smaller. And those who can manage all of that across complex multi-cloud environments are vanishingly rare, though growing in number. Organizations such as Istio’s partners clearly understand how to do all of that, and they have many of the leading professionals in the world responsible for multi-cloud, cloud-native, Internet-scale deployments of staggering complexity.
So what, specifically, is Istio? Essentially, it simplifies and enhances how microservices in an application talk to each other over the single or multiple cloud-native platforms. It provides a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data.
At a high level, here are the pillars of the Istio microservice-mesh management framework:
• Container orchestration: Istio currently orchestrates deployment and updates to containerized applications on Kubernetes platforms. However, Istio is not is not platform specific and the partners plan to add support for CloudFoundry and other microservices orchestration platforms going forward.
• Traffic routing management: Istio enables fine-grained control of microservices traffic behavior with rich routing rules, fault tolerance, and fault injection. It supports automatic zone-aware load balancing and failover for HTTP/1.1, HTTP/2, gRPC, and TCP traffic.
• Policy management: Istio provides a pluggable microservices policy layer and configuration API supporting access controls, rate limits and quotas.
• Proxy services: Istio places proxy servers into the network path between services. Through proxies, Istio provides sophisticated traffic management controls such as load-balancing and fine-grained routing. provides uses proxies to form micrservices meshes on both the client and server sides. On the client side, it handles discovery & load balancing, credential injection, connection management, and monitoring & logging. On the server side, it handles rate limiting & flow control, protocol translation, authentication & authorization, and monitoring & logging.
• Monitoring: Istio monitors extensive data about microservices traffic behavior. This data can be used to enforce policy decisions such as fine-grained access control and rate limits that operators can configure. It exposes all metrics, logs and traces for all traffic within a cluster, including all flows of data into and out of clusters and apps, without ingress and egress of data in clusters and apps.
• Programmability: Istio provides an abstraction for programmatic access to all routing, policy management, and other functionality, enabling easy integration with DevOps continuous integration/deployment pipelines.
• Identity and security: Istio provides secure service-to-service authentication with strong identity assertions between microservices. It enforces authentication and authorization between any pair of communicating services. Communications are automatically secured via mutual TLS authentication with automatic certificate management.
If implemented consistently by cloud providers and their ecosystem of tool providers, Istio can enable more unified end-to-end programmability, visibility, and control across diverse cloud-native environments. And if incorporated natively into cloud platforms, Istio might enable DevOps professionals to access these capabilities without need to write custom code to access diverse multi-cloud environments.
Istio’s partners each contributed important technologies to the initiative. IBM leveraged technologies from its Amalgam8 project, a unified service mesh that was created and open sourced last year. This is the core of Istio’s traffic routing fabric with a programmable control plane to support with A/B testing, canary releases, enable mesh resilience against failures. Google contributed a service mesh control plane for policy enforcement as well as gathering telemetry data from microservices and proxies. Lyft contributed the core technology for Istio’s proxy services.
Istio’s partners report early project commitment and support from the following community members: Red Hat (with Red Hat Openshift and OpenShift Application Runtimes); Pivotal (with Pivotal Cloud Foundry); Weaveworks (with Weave Cloud and Weave Net 2.0); and Tigera (with the Project Calico Network Policy Engine)
Here is a link for developers to get started with Istio. And here is a sample application with four separate microservices for easy deployed to demonstrate an Istio-based mesh. Here is a statement of Google’s support for Istio. Here is a statement from IBM. Last but not least, the Istio GitHub repo is here.