Alibaba Cloud Service Mesh:Scenarios

Traffic management

In ASM, you can set parameters to manage traffic:

• Traffic management is separated from infrastructure management. ASM provides many traffic management features that live outside your application code. Even if your application services scale up, you still can manage traffic with ease.

• You can configure service discovery, traffic routing, and load balancing for a Service Mesh instance. Such configurations apply to all services in the instance. This simplifies how you configure some settings that are required by each service, such as the timeout and retry settings.

Security management

In ASM, you can enable mutual Transport Layer Security (mTLS) authentication for services:

• You can enable mTLS authentication in different modes, such as the permissive mode and the strict mode. mTLS authentication can secure the communication between services and between users and services.

• When you enable mTLS authentication for services, you do not need to modify the service code. mTLS provides role-based authentication for each service so that users can access each other across clusters and cloud platforms.

In ASM, you can authorize services to access each other as required:

• Based on the authorization method of Istio, ASM allows only verified and authorized clients to access services that contain sensitive data.

• ASM supports role-based access control (RBAC) that provides namespace-, service-, and method-level access control for services in a service mesh. RBAC includes role-based semantics and service-to-service and user-to-service authorization. In addition, RBAC allows you to define service roles and service role bindings with custom properties.

ASM supports key management:

• Based on the key and certificate management of Istio, ASM can automatically generate, distribute, rotate, and revoke keys and certificates.

Fault recovery

ASM provides out-of-the-box fault recovery:

• Distributed systems are complex, which brings risks to the stability of infrastructure, application logic, and O&M. This may lead to failures in business systems.

• Based on Istio, ASM supports chaos engineering, including circuit breaking based on connection pool settings and outlier detection, service retry, and fault injection.

Observability

ASM allows you to observe services in service meshes with ease. Thanks to powerful, reliable, and easy-to-use monitoring features, ASM can help you detect and resolve issues at the earliest opportunity.

ASM integrates Managed Service for OpenTelemetry, which provides a wide range of tools to help developers identify performance bottlenecks of distributed applications. This helps developers improve the efficiency of developing and troubleshooting applications that are built as microservices. The provided tools can be used to map traces, offer trace topologies, analyze application dependencies, and calculate the number of requests.

Migration from monolithic applications to microservices

ASM enables agile development and deployment to help enterprises speed up the evolution of business. Your workload in the production environment is divided into multiple microservice applications. These microservice applications are managed by Alibaba Cloud image repositories. Alibaba Cloud can schedule and orchestrate resources, deploy microservices applications, and implement the canary releases of microservices applications. Therefore, you can focus on feature updates.

• ASM is integrated with Server Load Balancer (SLB) and a service discovery system. This allows ASM to forward Layer 4 and Layer 7 requests and bind services to backend containers.

• ASM provides a variety of scheduling and disaster recovery policies for you to schedule resources based on affinity rules and implement high availability and disaster recovery across zones.

• ASM allows you to monitor microservices and containers. It also enables automatic scaling of microservices.