Skip to content
  • A Microsoft Company
  • Support

Affirmed Networks

Powering the World Wide Wireless Web

MENUMENU
  • Solutions
        • NFV Solutions
          Go

          Affirmed Networks’ fully virtualized, cloud-native mobile solutions enable operators to handle more traffic, simplify network operations and rapidly create and launch new revenue-generating services. Our solutions are now an integral part of the Azure for Operators initiative, Microsoft’s strategy to meet operators wherever they are on the path towards transforming their networks and services to the cloud.

        • Affirmed Private Network Service

          A managed private network service for operators to monetize the enterprise opportunity.

        • Virtual Evolved Packet CoreTransform your network with the only fully virtualized, cloud-native solution.
        • Affirmed UnityCloud – 5G Core5G and webscale technology to drive the Telco digital transformation.
        • Affirmed Private Network ServiceA managed private network service for operators to monetize the enterprise opportunity.
        • UnityCloud OperationsSimplify operations of Any G network functions to accelerate 5G deployments and migrations.
        • Affirmed Cloud Edge – Mobile Edge ComputingA Mobile Edge Computing (MEC) solution for telecom operators
        • IoT Mobile Core SolutionsQuickly create, optimize and monetize a wide variety of IoT services.
        • Content & Security ServicesCreate customized policies with virtualized GiLAN and Security Services.
        • Virtual Probe & AnalyticsGather real-time network intelligence with an integrated virtual probe and analytics.
        • Network SlicingDeliver customized and differentiated services with network slicing.
        • Virtualized Wi-FiImprove network coverage with a virtualized Wi‑Fi featuring TWAG and ePDG.
        • Global Professional ServicesOur experts put MNOs on the fast track to virtualization and 5G services
  • Company
        • Company
          Go

          Now part of the Microsoft Azure for Operator initiative, Affirmed technology is helping the world’s most forward-thinking service providers in transforming their network architectures and businesses models.

        • About Affirmed Networks
        • Careers for Experienced Professionals
        • Student and Graduate Roles
  • Customers
  • Resources
  • News
        • News & Events
          Go

          This is an archive of Affirmed press releases and media coverage. Please visit the Azure Blog for the most recent updates on the Azure for Operators product portfolio.

        • Press Release
        • In the news
        • Upcoming Events
  • Blog
  • Contact

Home > Why Service Mesh for Microservices Makes Sense

Why Service Mesh for Microservices Makes Sense

May 16, 2019

by Ron Parker

Containers, Kubernetes, and microservices form the foundation of a cloud-native architecture, but they’re not the only considerations. In fact, as I write this, the Cloud-Native Computing Foundation (CNCF) is considering adding a fourth pillar to their cloud-native requirements: the service mesh. A service mesh architecture for microservices makes sense, and in this blog, we explain why.

 

What is Service Mesh?

When it comes to understanding and managing microservices, the service mesh for microservices is critical. Microservices are very small and tend to move around a lot, making them difficult to observe and track. At the service mesh layer, network operators can finally and clearly see how microservices interact with one another (and with other applications), secure those interactions, and manage them based on customizable policies.

 

The Importance of Service Mesh Architecture

  1. Provides Load Balancing for Microservices
  2. Improves Microservices Security
  3. Provides Visibility of Microservices

 

Provides Load Balancing for Microservices

One of the functions that a service mesh provides is load balancing for microservices. Recalling that microservices are instantiated in a dynamic fashion—that is, they can appear and disappear quickly—traditional network management tools aren’t granular enough to manage these microservice life cycle events. The service mesh, however, understands which microservices are active, which microservices are related (and how), and can provide policy enforcement at a granular level by deciding how workloads should be balanced. For example, if a microservice is upgraded, the service mesh decides which requests should be routed to the microservices running the stable version and which requests should be routed to the microservices running the upgraded version. This policy can be modified multiple times during the upgrade process and serves as the basis for what the industry calls a “canary upgrade” approach.

 

Improves Microservices Security

Another area where the service mesh plays a valuable role is in microservices security. It is considered best practice to use the same security guidelines for communications between microservices and for their communications with the “outside” world. This means authentication, authorization, and encryption need to be enforced for all intra-microservice communications. The service mesh enforces these security measures without affecting application code, as well as enforce security-related policies such as whitelists/blacklists or rate-limiting in the event of a denial-of-service (DoS) attack. But the service mesh doesn’t stop at security between microservices; it extends security measures to inbound/outbound communications that take place through the ingress and egress API gateways that connect microservices to other applications.

 

Provides Visibility of Microservices

Finally, the service mesh provides much-needed visibility into the microservices themselves. There are several tools available today that help with this:

  • Istio, which provides the control plane for microservices.
  • Envoy, a microservices sidecar that acts as the communications proxy for the API gateway functions.
  • Kiali, which visualizes the service mesh architecture at a given point in time and displays information such as error rates between microservices.

If you’re unfamiliar with the sidecar concept, you can think of it as an adjunct container attached to the “main” microservice container that provides a supporting service—in the case of Envoy, intercepting both inbound and outbound REST calls.

 

While CNCF will likely decide in favor of adding the service mesh to their cloud-native requirements, you can get those benefits today with Affirmed Networks. It’s just another example of our forward-thinking approach since it makes a lot more sense to include those capabilities into our cloud-native architecture right from the beginning than to mesh around it with later.

 

24 Shares
  • Twitter
  • LinkedIn
  • Facebook
  • Email
BLOG

Subscribe to our Blog

* Required Field

  • This field is for validation purposes and should be left unchanged.

Related

  • Azure for Operators 5G SA Solution, UnityCloud Achieves 2nd Consecutive Leader Ranking in GlobalData 5G Mobile Core Disruptor Report
  • Sierra Wireless selects Affirmed to help speed IoT application deployments
  • What is Private LTE? How Operators Can Benefit from P-LTE Networks

Archives

  • Year 2021 blogs
  • Year 2020 blogs
  • Year 2019 blogs
  • Year 2018 blogs

Products & Solutions

  • Virtual Evolved Packet Core (vEPC)
  • Affirmed UnityCloud
  • Affirmed Private Network Service
  • UnityCloud Operations
  • Affirmed Cloud Edge – Mobile Edge Computing
  • IoT
  • Content & Security
  • Virtual Probe & Analytics
  • Network Slicing
  • WiFi
  • Global Professional Services

Company

  • About Affirmed Networks
  • Careers
  • Contact Affirmed
  • Terms of use
  • About Microsoft
  • Privacy at Microsoft
  • Partners
  • Customers
  • Cookie Policy (EU)

News & Events

  • Press Releases
  • In the News
  • Events
  • Resources
  • Blog

Contact

+1-978-268-0800
AN_Marketing@microsoft.com

  • Facebook
  • Twitter
  • LinkedIn
  • Vimeo

Copyright © 2023 Affirmed Networks | Privacy Policy

Manage Cookie Consent
We use cookies to improve our website, track page views and provide more personalized services to you.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}
Affirmed is now part of Microsoft

azure-dalle

Learn more about Azure for Operators

CLICK HERE