Wouldn’t it be great if there were a way to take advantage of Istio Service Mesh – the open source service mesh for securing and monitoring microservices – without the hassle of provisioning and managing it on your own? Yes, of course it would, I hear you say. But wouldn’t it be even better if you could take advantage of an enterprise-grade mesh manager which provides full-fledged support for traditional virtual machine based applications that aren’t part of Istio Service Mesh itself? Of course it would!
Good news: With Calisti - The Cisco Service Mesh Manager, you can have your cake, and eat it too. Calisti is an enterprise-grade service mesh that is built on top of Istio. It delivers all the core features of Istio Service Mesh, plus extra functionality, without the provisioning headaches that come with“vanilla” open source tooling.
Whether you’re an IT engineer, SRE or DevOps specialist, Calisti is a great way to simplify your cloud native computing experience, while also enhancing the security and observability of your microservices.
Istio service mesh basics
Let’s begin by defining why you would want a service mesh in the first place.
The main reason is that service meshes lay the foundation for managing microservices effectively. If you have a microservice that is not managed by a service mesh, you can’t easily connect it to other microservices, secure it with robust access control policies, enforce network traffic rules, or collect observability data from it.
However, with a service mesh, you can do all of the above. And you can do it from day 0, as soon as your microservice is deployed. This is very important because you need to start monitoring and securing microservices as soon as they enter production, not weeks or months later.
For these reasons, service meshes play a central role in helping to unify the various parts of modern, cloud native apps. Ideally, they can also help you manage legacy workloads that didn’t previously live in the cloud, but that need to run alongside containers or other cloud native security resources.
How Calisti simplifies service meshes and bridges the gap between cloud native and non cloud native world
There are several great open source service meshes available today, Istio being one of the most popular. But these tools are subject to two main limitations.
Firstly they aren’t designed to integrate easily with legacy, or monolith applications or services – meaning those that weren’t designed explicitly to operate in a cloud native environment. Tools like Istio expect your microservices to run primarily in containers, not VMs. Vanilla Istio can support VMs, but even the Istio Service Mesh developers themselves admit that it’s very hard to set this up!
Therefore, while Istio is great if you’re in the envious position of building an entire app from scratch using a cloud native architecture, it’s less than ideal if you need to integrate legacy resources into a cloud native environment. Istio just wasn’t designed for this use case.
The second limitation of open source service meshes is that they are difficult to work with. You need deep expertise in multiple areas including overlay networking, microservices APIs, cloud native security among others. In other words, Istio Service Mesh is designed for cloud native experts, not engineers who just want to get their cloud native environment up and running.
Thankfully, Calisti solves both of these problems. For one, it makes legacy apps first-class citizens in an Istio-based environment. It achieves this by seamlessly integrating VMs into the Calisti service mesh, which means your legacy apps can live happily alongside cloud native microservices.
Benefits of using Calisti for bridging this gap
When you use Calisti instead of a vanilla open source service mesh, you get:
- Automation: Cisco Service Mesh Manager lets you automate lifecycle management of Istio, observability for any type of workload – cloud native or legacy (such as applications deployed on virtual machines) – via features like topology view, service/workload overview, integrated tracing and traffic tapping.
- Simplicity: After you’ve integrated a resource into the service mesh, Calisti automatically updates the configuration of the VM to ensure that it remains a part of the mesh, even as the mesh environment evolves or the state of the VM changes.
- Maintainability: With Calisti, patching and updating the service mesh is really a cake walk.
- Built-in auditing: Calisti generates audit trails automatically, so you always know who did what and when, within your mesh environment.
- Security by default: Calisti is designed to be as secure as possible out-of-the-box, via features like advanced mTLS configurations per service, per namespace or cluster-wide.
Conclusion
When it comes to cloud native service meshes, you can do things the easy way or the hard way.
The hard way is deploying an open source service mesh like Istio on your own, then trying to figure out how to get it to play nicely with your legacy workloads - A difficult, if not impossible task!
The easy way is to leverage Calisti, which provides all of Istio’s capabilities while also delivering an enhanced user experience. Calisti treats both legacy and cloud native workloads as first-class citizens, while also building in security, observability and maintainability features missing from Istio itself.
Learn more about Calisti and how to obtain it for your workloads.
