We were at MesosCon 2016 in Denver couple of weeks ago, and we will be at DockerCon and VelocityConf in Seattle and Santa Clara next week. Aside from bringing together the cognoscenti of container-based microservices, these events are serving a critical need.
With engineers and developers constituting more than half of the attendee segments, these conferences create the ideal environment for technology professionals to network and share learnings from their experiences. In fact, almost every organization we met at MesosCon had deployed at least a few container clusters, either in test or limited production environments. The innovation driven by Mesos, Kubernetes, and Docker Swarm hasn’t quite reached cruising altitude yet, but enterprises adopting these technologies are evolving quickly to limited production deployments.
We found a few recurring themes in our interactions with application developers and solution architects. They are facing a common set of challenges in their journey from lab to production. Many enterprises are experimenting with a combination of open source technologies as well as commercially available solutions. Our CTO, Ranga Rajagopalan, recently wrote a post about the various application services that organizations must keep in mind as they begin to deploy microservices in container clusters. Here are a few aspects that come to my mind as I prep my demos for VelocityConf (and as my colleague preps his demos for DockerCon):
- Service delivery and visibility pose new challenges
As we move from monolithic applications to an architectural model that constitutes tens or hundreds of microservices, service delivery poses new challenges. Ensuring that a microservice can discover the other services that it needs to interact with becomes an important problem to solve. Service discovery is necessary to bring the pieces of the "application puzzle" together. When service discovery is combined with visibility to service interactions and dependencies an important part of the tool chain for microservices applications is addressed.
- Retooling for microservices and CI/CD get challenging
It is clear that the industry as a whole realizes that it is just impractical to "fall back on the familiar" when it comes providing the L4 - L7 services necessary for microservices applications. For example, legacy appliance-based load balancing solutions lack the portability or the programmability to address the dynamic nature of microservices applications. The only option is to trombone traffic to the edge-of-the-network load balancing appliances that are not application-aware and simply can't keep pace with the ephemeral application components behind them. On the other hand, open-source solutions are great to satisfy the proof-of-concept in development environments but lack the enterprise-grade features needed for the prime time. A similar story plays itself out when it comes to firewalling with appliance-based firewalls vs. tools that enable micro-segmentation of services based on easy denylisting and allowlisting of service interactions using visual tools.
- Troubleshooting microservices get complicated
If troubleshooting a single application took weeks and months of TCP dumps to comb through, just imagine the complexity of troubleshooting tens of microservices. There is also almost never a way for networking teams to quickly record and replay network incidents to pinpoint specific issues that may or may not be a result of network issues.
- Scaling is not easy
When you break up a monolithic application into microservices, the services may be deployed across servers, thereby exacerbating the challenges presented by the increase in transactions/second. Scaling appliance-based load balancers often results in overcompensating for peak usage which defeats the objectives of flexibility and agility that enterprises want to choose with microservices architectures.
- Security is still an impediment for CI/CD
The attack surface grows exponentially with an increase in the number of microservices applications as opposed to a single, monolithic application. Security for east-west traffic, inter-service API calls, URL filtering, denylisting/allowlisting of microservices, micro-segmentation, etc. are just a few of the security measures that are not easy to implement with appliance-based solutions.
Developers who stopped by to see the Avi Networks demo at MesosCon saw the power of traffic management, service discovery, application maps, and micro-segmentation delivered by our fully software-based application services solution that creates a services fabric across the cluster. Check out this short demo of the Avi Networks working with Docker Swarm to provide comprehensive container services.
Whether its load balancing, blue-green upgrades, traffic management, or micro-segmentation - we have an answer for you.
See you next week!