Getting value from your API gateways and service mesh

Nikki Rouda
| August 9, 2021

A lot of people ask, “why do I need Solo?” when they think about getting value from API gateways and service mesh. Let’s answer this question by looking at the macro-trends in tech, the implications, what solutions are needed to address these implications, and finally why Solo is uniquely positioned to help.

Industry trends push for API gateways and service mesh

First, let’s start with some predictions, based on data and insights from an industry analyst firm, IDC, in their report: IDC FutureScape: Worldwide Cloud 2020 Predictions:

  • By 2021, over 90% of enterprises worldwide will rely on a mix of on-premises/dedicated private clouds, several public clouds, and legacy platforms 
  • By 2022, 90% of new digital services will be built as composite applications using public and internal API-delivered services
  • By 2022, 70% of enterprises will deploy unified VMs, Kubernetes, and multicloud management processes and tools to support robust multi-cloud management and governance across on-premises and public clouds
  • By 2023, half of enterprise applications will be deployed in a containerized hybrid cloud/multi-cloud environment 
  • By 2024, 50% of large global enterprises will rely on third-party service providers for help with containers, open source, and cloud-native application development

Your organization probably has multiple modernization and cloud initiatives going around these trends now, and if not now very soon. Here are the implications. First, you will need to connect on-premises, hybrid, and multi-cloud environments. Second, you will need to interconnect modern Kubernetes and containerized microservices applications. Third, you will need to connect your existing applications running on bare metal or virtual machines (VMs) or container-based applications too, bridging between legacy monoliths and more modern application architectures.

What are API gateways and service mesh anyway?

There are a couple of technologies which address the requirements above. You’ll need an API gateway, which directs requests from users or applications on the edge to the appropriate applications. The API gateway most often handles “ingress” clusters or other resources, acting as the entry point for inbound connections and responses, also called “North-South traffic.” The API gateway is often installed as a “side car” riding along with your Kubernetes clusters. For example, your bank has to manage different types of incoming connection requests, like from a mobile app to check your balance, a web portal to see your statements, or from other banking applications for wire transfers. An API gateway can also handle connections coming from different operating environments, be they on-premises, hybrid, one cloud, or multi-cloud. The open source project Envoy Proxy is the most popular API gateway for Kubernetes and cloud environments, as it was designed to be modern and native, not a retrofit of older, legacy API software. Solo’s Gloo Edge is an API gateway building on the strengths of Envoy Proxy.

The other technology you’ll likely need is a service mesh. Your API gateway might actually just be one component of a service mesh, not as a standalone solution. Behind the scenes in your bank there will be microservices or distributed applications, separated so they can be developed and run independently, often with Kubernetes as a container orchestrator to manage them. A service mesh interconnects these microservices so they can talk to one another. Your bank may have different clusters and pods to handle customer login, money transfers, statements, and databases behind them. Your bank probably also has redundant copies of these apps and databases to handle scale and business continuity with failover in case of problems. The lateral connections between these services is referred to as East-West traffic, though North-South traffic is typically controlled by the service mesh too. The open source project Istio is the most popular service mesh for Kubernetes and cloud environments, as it was designed to be modern and native, not a retrofit of older, legacy application networking software. Solo’s Gloo Mesh is a service mesh building on the strengths of Istio.

Getting value from your API gateways and service mesh

Be warned: not all API gateways and service meshes are created equal, even if some start from the same open source. Since the connections between users and applications and operating environments are essential for distributed applications, it’s clear that both traditional and new IT requirements must be met. Specifically, you will need these solutions to meet the following six principles, which overlap a bit:  

  1. Secure – You need a zero trust model and end-to-end controls to meet best practices and strict regulations, or you will face increased effort and risk.
  2. Reliable – You need robustness for mission-critical workloads, with centralized control, or you will face increased risk.
  3. UnifiedYou need consistent observability and management at scale for your choice of environments and policies, or you will face increased effort and risk.
  4. SimplifiedYou need reduced complexity and expert advice so you can innovate and modernize faster, or you will face increased effort and risk.
  5. ComprehensiveYou need complete solutions, configurable and extensible for all your specific needs, or you will face increased effort.
  6. Modern & openYou need a solution designed, not retro-fitted, for industry trends including Kubernetes, cloud, microservices, and open source, or you will face increased effort and risk.

These principles are perhaps not surprising, but few options on the market can meet these needs well. At Solo, we have had hundreds of in-depth conversations with large organizations and what we consistently hear is where there are feature gaps in open source software or a vendor’s offering, it becomes your responsibility to fill them. This means more effort developing and maintaining custom code to make it work. We get asked a lot about build vs buy, and while we love to help you customize and create your own approaches, why not save yourself all the extra effort and risk? Do-it-yourself solutions carry a real — if soft — cost (staff salaries), an opportunity cost (higher value things you could be doing instead), delays (writing and maintaining custom code takes time), and increased risk (compatibility issues, security breaches, and service outages, and initiative failures.)

Solo advantages for getting value from your API gateways and service mesh

For example, Vonage said,Our first set of challenges came when it was time to upgrade to a newer version of Envoy Proxy. Some of the APIs we were using to build our bridge to the authentication service had changed, upgrading took days and we didn’t have a deep bench of C++ expertise just to support Envoy — so we started to look for alternatives.”

Only Solo can meet all these requirements, with unique capabilities that should quickly eliminate other alternatives from your consideration. More importantly, this is a durable advantage for you, because we got there by starting from the right platform with the right team. DIY with open source may look easy, but there are many hidden costs and risks, and they will be forever issues, not a one-time effort. 

Here are some examples of features to prove the point, aligned to the six principles above:

  1. Secure – Gloo Edge offers Open Policy Agent (OPA) authorizartion, federated role-based access control, vulnerability scanning, and extensible authentication with API Keys, JWT, LDAP, OAuth, OIDC, or your own custom tool. Gloo Mesh is FIPS-ready and federates security policies for consistency everywhere.
  2. Reliable – Gloo Edge has advanced rate limiting based on metrics and configs, and cross-cluster failover. Gloo Mesh has priority failover routing and locality aware load-balancing to keep your application running. Both offer long term support and patching back-ported three versions from the latest builds.
  3. Unified – Gloo Edge has federation and automation and scale your management to handle more than ten thousand virtual services and tens of thousands of routes with observability from one admin dashboard. Gloo Mesh has mult-cluster operations and policies, multi-mesh support across cloud providers, and multi-version compatibility.
  4. Simplified – Gloo Edge and Gloo Mesh both tame the wildness of open source, and bring Solo’s expert help via Slack, enterprise support, and a huge community to make it easier. Plus you can use the Gloo Portal for developers to easily publish and use APIs. 
  5. Comprehensive – Gloo Edge and Gloo Mesh bring a full-feature stack that operates the same in any environment, cloud, on-premises. Gloo Mesh has support for ARM processors and serverless functions like AWS Lambda, as well as global service routing to cover you anywhere you want to run.
  6. Modern & open – Gloo Edge and Gloo Mesh both work with WebAssembly (Wasm) so you can write your own filters to your needs. Some vendors have started from the wrong foundation (something not originally built for Kubernetes or cloud) or picked the wrong project to back (without market adoption or momentum to keep it going.)

What this means is you don’t have to reinvent all of those features above. You can find success much faster with much less effort and much less risk if you choose Solo.

Helping customers with expert advice and best practices

ParkMobile partnered with Solo.io because we were looking for the most innovative and flexible solutions on the market to power our growing platform. With over 16 million users of our application and a complex ecosystem of integrations, ParkMobile relies on Gloo Edge Enterprise and the supporting product suite for best-in-class API gateway and hybrid application communications that also adds in the power of monitoring and security to ensure peak performance of our platform at all times,” said Matt Ball, CTO.

There’s also an intangible advantage to Solo, and that’s our team. We have the best and the brightest standing ready to help you whenever you need us, such as for enterprise Istio support. Our leadership team has come from Google, VMware, AWS, IBM, Red Hat, EMC, Intel, Apigee, and Gartner, but they’ve all recognized the special opportunity Solo has to solve critical needs in the market. We are active in the Istio open source community and contribute back regularly. We collectively have over 200 patents and more coming. We’ve literally written the books on these technologies (Lin Sun’s “Istio Explained” and Christian Posta’s “Istio in Action”.) We deliver regularly with a track record of innovation. Our products aren’t an under-funded “hedge-our-bets” play in a huge company’s portfolio, we are 100% focused on API gateways and service mesh. 

 “Collaborating with the team at Solo.io has been great. They are very responsive in helping us with our Gloo environment, brainstorming ideas on how to solve our issues and even beyond Gloo Edge, and responding to the questions we’ve had on Kubernetes like load balancing and how the ecosystem of tools works together. They are truly invested in our success,” said Jonathan Lane, senior manager, software engineering, API platform at Vonage.

Ask an expert and you can save yourself a lot of time and effort and help you in getting value from your API gateways and service mesh.

To see the difference on how we’ve enhanced open source Istio and Envoy Proxy, check out our feature comparison charts for Gloo Mesh and Gloo Edge. We’ve sorted our features by these categories to help you find the value faster.

Gloo Mesh Istio feature comparisons

 

Back to Blog