Community Blog Simplified Management with Service Mesh

Simplified Management with Service Mesh

This article explains Service Mesh and how it works with zero-trust security architecture, microservices, and containers.

By Raghav K.

Service Mesh manages the network traffic between services. The service has been designed to provide a more scalable and easy approach by cutting down on manual intervention, implementing an error-free workflow, and getting rid of operational burdens through automation and a unified solution structure. Alibaba Cloud Service Mesh (ASM) works between the core infrastructure and Kubernetes to enable seamless communications between services and heightened security and reliability.

Core Functionality

Service Mesh enables path tracking of a service using the routing rules. It controls the flow of traffic and dynamically adjusts it to accelerate delivery. Service Mesh creates clear isolation between the business logic associated with the application, network, security policies, and monitoring and observability scenarios.

Service Mesh enables high service discovery and communication between microservices. ASM controls the flow of traffic between services with an intelligent routing capability. This allows ASM to implement deployment strategies, such as blue/green releases and canary deployments.

Alibaba Cloud Service Mesh enables secure communication between services as it controls the flow of information using policies to allow or deny communication requests. This also works towards the implementation of the zero-security model that outlines a least privilege models to deny access to any service from any environment.

ASM allows extensive observability of your distributed microservices system. It allows you to discover any dependencies between services, monitor the traffic flow, and provide tracing capabilities.

Alibaba Cloud ASM showcases a highly capable system that provides operational control and observability for the entire network of distributed microservices. Distributed architecture and microservices are complex and require deeper capabilities to ensure smooth functioning. Cloud-native allows for a more secure, integrated, and available service scenario. Alibaba Cloud Service Mesh plays a critical role when you need to work with bandwidth-hogging microservices workloads.

Service Mesh Features

1.  Microservices Model

  I. Alibaba Cloud ASM enables agile development and deployment to speed up the evolution of business models. Alibaba Cloud’s image repositories help you manage workloads by working with microservice applications within the production environment. Alibaba Cloud ASM helps you focus more on feature updates by scheduling, orchestrating, deploying, and implementing the canary releases of microservice applications.

  II. Alibaba Cloud Service Mesh has an integration scenario with the Server Load Balancer (SLB). The Service Mesh has a unique discovery system to forward requests and allocate services to backend containers.

  III. When it comes to disaster recovery, Alibaba Cloud ASM offers a wide array of scheduling and disaster recovery policies. You can easily schedule the services based on requirement projections and utilize high availability across zones for effective disaster recovery.

  IV. Alibaba Cloud ASM offers a superb system to monitor your microservices and containers with an enhanced capability to adjust scaling to scale in or out based on traffic load requirements.

2.  Observability

Alibaba Cloud ASM enables you to observe services in meshes. ASM can detect and resolve issues at the earliest opportunity by leveraging a robust and powerful monitoring system. With Alibaba Cloud Tracing Analysis, Service Mesh offers a wide range of tools that enable the developers to identify performance clogs within the distributed applications. When using the microservices architecture, the cloud tracing analysis helps developers improve the development efficiency and troubleshooting applications.

3.  Security

Alibaba Cloud Service Mesh gives you extensive security architecture implementation, including the zero-trust security model. With Alibaba Cloud ASM, you can:

  • Enable mTLS authentication using modes like the permissive mode and the strict mode.
  • Secure the communication between services and between users and services.
  • Enable mTLS authentication for services without modifying the service code.
  • Enable role-based authentication for each service to enable access between services across clusters and cloud platforms.
  • Use the authorization method of Istio to only allow verified and authorized clients to access services that contain sensitive data.
  • Enable role-based access control (RBAC) to leverage the namespace-, service-, and method-level access control for services in a mesh.
  • Ensure RBAC-centric role-based semantics, service-to-service, and user-to-service authorization.
  • Define service roles and service role bindings using role-based authentication.
  • Use the key and certificate management features of Istio and enable Alibaba Cloud ASM to automatically generate, distribute, rotate, and revoke keys and certificates.

4.  Traffic Management

Alibaba Cloud ASM offers traffic management capabilities for applications deployed over multiple region or applications deployed on multi-cloud or hybrid cloud environments using Kubernetes. The Service Mesh workflow is listed below:


  • You can leverage ASM with dedicated or managed Kubernetes clusters running on Alibaba Cloud Elastic Compute Service (ECS).
  • With ASM, traffic management is isolated from infrastructure management, and traffic can be managed without using the application code.
  • ASM allows you to continue managing your application even if your application scales up or down.
  • You can configure service discovery, traffic routing, and load balancing for all services within a mesh.
  • You can use an ASM instance to manage multiple clusters in different environments and manage application traffic across regions in hybrid clouds using the Cloud Enterprise Network (CEN).

Fault Recovery

Alibaba Cloud has offered fault tolerance with almost every solution they have released, including Service Mesh. Any solution that is used to manage an application to ensure high availability should be efficient.

Alibaba Cloud ASM is efficient and offers fault recovery out of the box. Distributed architecture is a little complex. It requires a little more than usual to maintain the stability and high-availability of the infrastructure. This brings about a greater need for O&M scenarios to maintain the business structure.

Sharing its DNA with lstio, Alibaba Cloud ASM offers chaos engineering. Chaos engineering follows multiple service associations that help maintain a fault recovery scenario for better business intelligence. These scenarios include circuit breaking, outlier detection, service retry, and fault injection.

In the End - What Matters?

Service Mesh is a vital solution that provides the zero-trust security architecture along with traffic management and shaping scenarios for microservices and containers. Its association with Kubernetes allows for industry-leading practices of management for enhanced business intelligence and continuity. There is a lot you can achieve using Service Mesh. You can work through the complexities to gain a higher level of productivity.

Upcoming Articles

  1. Smarter DevOps With AIOps – A Different Take
0 0 0
Share on

Alibaba Clouder

2,600 posts | 750 followers

You may also like