What is ASM? - Alibaba Cloud Service Mesh - Alibaba Cloud Documentation Center

Service Mesh (ASM) is a fully managed service mesh platform. ASM is compatible with open source Istio. ASM allows you to manage services in a simplified manner. For example, you can use ASM to route and split inter-service traffic, secure inter-service communication with authentication, and observe the behavior of services in meshes. This greatly reduces your workload in development and O&M.

Architecture

The following figure shows the architecture of ASM.

ASM integrates and manages all components on the Istio control plane to simplify your use of ASM. This way, you can focus on application development and deployment. In addition, ASM is compatible with open source Istio. You can use declarative parameters to define flexible routing rules, and centrally manage traffic between services in a mesh.

An ASM instance with the managed control plane supports application services from multiple Kubernetes clusters or application services that run in Elastic Container Instance-based pods.

Core features

ASM builds managed and unified service mesh capabilities for hybrid cloud, multi-cloud, and multi-cluster scenarios. ASM provides the following benefits:

Centralized management mode
ASM manages application services that run in managed, dedicated, and serverless clusters of Container Service for Kubernetes (ACK) and registered clusters in hybrid cloud and multi-cloud environments in a centralized manner. This provides unified observability and traffic management for application services.
Centralized traffic management
ASM centrally manages the traffic in hybrid cloud, multi-cloud, and multi-cluster scenarios.
Managed core components of the control plane
ASM manages core components of the Istio control plane. This helps minimize your resource overhead and O&M costs.

The following table introduces the core features of ASM. For more information, see Features.

Feature	Description	References
Full lifecycle management of ASM instances	ASM manages all components on the Istio control plane and allows you to deploy, upgrade, and delete ASM instances with a few clicks. This simplifies the use and O&M of ASM instances.	Instance Management
Management of applications in multiple types of clusters	ASM allows you to manage applications in ACK clusters, ACK Serverless clusters, edge clusters, and registered external Kubernetes clusters.	Manage applications in clusters
Unified ingress and egress gateways	ASM provides ingress and egress gateways to control inbound and outbound traffic and implement end-to-end encryption.	Overview of ASM gateways
Multiple types of traffic management	ASM provides the following features for you to manage traffic: protocol-specific traffic management, end-to-end canary release, circuit breaking, local throttling, warm-up, and traffic shifting.	Traffic Management
Non-intrusive zero trust security system	ASM provides an out-of-the-box zero trust security solution. This solution can be easily configured and provides features such as identity authentication, security certificate, policy implementation, and visual analytics.	Overview of zero trust security
Extensibility for custom logic	Multiple out-of-the-box extensions are provided in the plug-in marketplace, and custom Envoy filters are supported.	Plug-in Center
Perfect ecosystem integration	ASM allows you to use GitOps, Knative, and KServe to support serverless and AI services.	Ecosystem Integration

Editions

ASM provides the following editions that support different features and capabilities: Standard Edition, Enterprise Edition, and Ultimate Edition. Compared with Standard Edition, Enterprise Edition and Ultimate Edition support more protocols, enhance dynamic extension capabilities, provide fine-grained service governance, and improve the zero-trust security system. In addition, Enterprise Edition and Ultimate Edition enhance performance, provide better support for large-scale clusters, and simplify the use of ASM instances in production environments. Enterprise Edition and Ultimate Edition are applicable to scenarios in which you require cross-language interoperability and fine-grained service governance and want to apply the service mesh technology in production environments on a large scale.

Edition		Description
Commercial editions	Enterprise Edition	This edition is applicable to scenarios in which the number of pods does not exceed 1,000. This edition provides enterprise-class capabilities and service level agreements (SLAs) are provided for this edition.
Commercial editions	Ultimate Edition	This edition is applicable to scenarios in which the number of pods does not exceed 10,000. This edition provides enterprise-class capabilities and SLAs are provided for this edition.

For more information about the features of Enterprise Edition and Ultimate Edition, see Features.
For more information about how to change the edition of an ASM instance, see Change the edition of an ASM instance.
For more information about the specifications of ASM instances, see Announcement on the launch of commercial editions.

Procedure

The following figure shows the overall procedure of deploying the Bookinfo application and viewing the topology of the application.

Dingtalk_20230713161031-国际站.png

The following section describes the overall procedure:

Create an Alibaba Cloud account and activate ASM, Auto Scaling, Resource Access Management (RAM), and ACK. Obtain the following permissions. For more information, see Grant permissions to RAM users and RAM roles.
- AliyunServiceMeshDefaultRole
- AliyunCSClusterRole
- AliyunCSManagedKubernetesRole
  Note
  You are charged for Alibaba Cloud services that are used together with ASM instances. For more information, see Related Alibaba Cloud services.
Create an ASM instance and a Kubernetes cluster, and add the cluster to the ASM instance. For more information, see Getting started overview.
Deploy an ingress gateway and an application, route traffic to different versions of a service based on the specified ratio, and then use Mesh Topology to view the traffic flows and the communication between workloads. For more information, see Getting started overview.
View the bills incurred by ASM. For more information, see Billing rules.

Methods

You can use the following methods to create and manage your ASM instances:

Use the ASM console. The ASM console provides a web UI for you to access features. For more information, see Create an ASM instance.
Use ASM CLI. ASM CLI is integrated into Alibaba Cloud Command Line Interface (CLI). You can obtain the latest version of ASM CLI by downloading the unified aliyun-cli release package. For more information, see Install and use ASM CLI.

Billing

ASM provides the following editions that support different features and capabilities: Standard Edition, Enterprise Edition, and Ultimate Edition. Standard Edition is free of charge, and Enterprise Edition and Ultimate Edition are commercial editions. The billing methods vary depending on the edition. For more information about the billing of ASM, see Billing rules.

Related Alibaba Cloud services

Alibaba Cloud service	Required	Description	Billing rule
Classic Load Balancer (CLB)	Yes	This service is used to access the Istio control plane and API server. For more information, see What is SLB?	Pay-as-you-go
Virtual Private Cloud (VPC)	Yes	This service is used to build a network environment and create routing rules for Service Mesh instances. For more information, see What is a VPC?	Billing
Elastic IP Address (EIP)	No, but recommended	This service is used to expose the API server to the Internet. For more information, see What is an EIP?	Billing overview
Managed Service for Prometheus	No, but recommended	This service is used to monitor ASM instances and generate alerts when exceptions are detected. For more information, see What is Managed Service for Prometheus?	Pay-as-you-go
Simple Log Service	No, but recommended	This service is used to collect access logs of ASM gateways and sidecar proxies in ASM instances. For more information, see What is Simple Log Service?	Billing overview

References

Link

Description

Istio

Istio is an open source service mesh that provides a uniform and more efficient way to connect, secure, control, and monitor services. Istio provides a comprehensive microservices governance solution for you to handle issues related to microservices management, network connection, and security management. ASM integrates and manages all components on the Istio control plane. ASM instances allow you to focus on application development and deployment without the need to maintain the Istio control plane. ASM instances are easy to use and provide high availability at low cost.