Service Mesh (ASM) provides the following features for you to manage application services: traffic management, security management, fault recovery, observability, and microservices model. This topic describes the typical scenarios of ASM.
Traffic management
In ASM, you can set parameters to manage traffic:
Traffic management is separated from infrastructure management. You can manage traffic without using the application code. Even if your application services scale up, you still can manage traffic with ease.
You can configure service discovery, traffic routing, and load balancing for a mesh. The configuration applies to all services in the mesh. This dispenses with some settings that are required by each service, such as the timeout and retry settings.
Security management
In ASM, you can enable mutual Transport Layer Security (mTLS) authentication for services.
You can enable mTLS authentication in different modes, such as the permissive mode and the strict mode. mTLS authentication can secure the communication between services and between users and services.
When you enable mTLS authentication for services, you do not need to modify the service code. mTLS provides role-based authentication for each service so that they can access each other across clusters and cloud platforms.
In ASM, you can authorize services to access each other as required.
Based on the authorization method of Istio, ASM only allows verified and authorized clients to access services that contain sensitive data.
ASM supports role-based access control (RBAC) that provides namespace-, service-, and method-level access control for services in a mesh. RBAC includes role-based semantics and service-to-service and user-to-service authorization. In addition, RBAC allows you to define service roles and service role bindings with custom properties.
ASM supports key management.
Based on the key and certificate management of Istio, ASM can automatically generate, distribute, rotate, and revoke keys and certificates.
Fault recovery
ASM provides out-of-the-box fault recovery.
Distributed systems are complex, which brings risks to the stability of infrastructure, application logic, and O&M. This may lead to failures in business systems.
Based on Istio, ASM supports chaos engineering, including circuit breaking based on connection pool settings and outlier detection, service retry, and fault injection.
Observability
ASM allows you to observe services in meshes with ease. Supported by powerful, reliable, and easy-to-use monitoring features, ASM can detect and resolve issues at the earliest opportunity.
ASM integrates Alibaba Cloud Tracing Analysis, which provides a wide range of tools to help developers identify performance bottlenecks of distributed applications. This helps developers improve the efficiency of developing and troubleshooting applications that use the microservices model. The provided tools can be used to map traces, offer trace topologies, analyze application dependencies, and calculate the number of requests.
Microservices model
ASM enables agile development and deployment to speed up the evolution of business models. Your workload in the production environment is divided into multiple microservice applications. These microservice applications are managed by Alibaba Cloud image repositories. Alibaba Cloud can schedule, orchestrate, deploy, and implement the canary releases of microservice applications. Therefore, you can focus on feature updates.
ASM is integrated with Server Load Balancer (SLB) and a service discovery system. This allows ASM to forward Layer 4 and Layer 7 requests and bind services to backend containers.
ASM provides a variety of scheduling and disaster recovery policies for you to schedule the affinity of services and implement high availability and disaster recovery across zones.
ASM allows you to monitor microservices and containers. It also enables microservices to automatically scale in and out.