First let’s go to your Laravel project And create new modal Settings

And go to your Laravel project and your controller use app

And go to your Laravel project and your controller function and defied your data other table

And go to your Laravel project and your controller function and return view

And go to your blade file view page them your data

The post How to get data other project a table with modal source appeared first on Artificial Intelligence.

It’s not unusual for developers and architects who jump into microservices for the first time to “want it all” in terms of performance, uptime and resiliency. After all, these are the goals that drive a software team’s decision to pursue this type of architecture design. The unfortunate truth is that trying to create an application that perfectly embodies all of these traits will eventually steer them to failure.

This phenomenon is summed up in something called the CAP theorem, which states that a distributed system can deliver only two of the three overarching goals of microservices design: consistency, availability and partition tolerance. According to CAP, not only is it impossible to “have it all” — you may even struggle to deliver more than one of these qualities at a time.

When it comes to microservices, the CAP theorem seems to pose an unsolvable problem. Which of these three things can you afford to trade away? However, the essential point is that you don’t have a choice. You’ll have to face that fact when it comes to your design stage, and you’ll need to think carefully about the type of application you’re building, as well as its most essential needs.

In this article, we’ll review the basics of how the CAP theorem applies to microservices, and then examine the concepts and guidelines you can follow when it’s time to make a decision.

CAP theory and microservices

Let’s start by reviewing the three qualities CAP specifically refers to:

• Consistency means that all clients see the same data at the same time, no matter the path of their request. This is critical for applications that do frequent updates.
• Availability means that all functioning application components will return a valid response, even if they are down. This is particularly important if an application’s user population has a low tolerance for outages (such as a retail portal).
• Partition tolerance means that the application will operate even during a network failure that results in lost or delayed messages between services. This comes into play for applications that integrate with a large number of distributed, independent components.

Databases often sit at the center of the CAP problem. Microservices often rely on NoSQL databases, since they’re designed to scale horizontally and support distributed application processes. And, partition tolerance is a “must have” in these types of systems because they are so sensitive to failure.

You can certainly design these kinds of databases for consistency and partition tolerance, or even for availability and partitioning. But designing for consistency and availability just isn’t an option.

The PACELC theorem

This prohibitive requirement for partition-tolerance in distributed systems gave rise to what is known as the PACELC theorem, a sibling to the CAP theorem. The acronym PACELC stands for “if partitioned, then availability and consistency; else, latency and consistency.” In other words: If there is a partition, the distributed system must trade availability for consistency; if not, the choice is between latency and consistency.

Designing your applications specifically to avoid partitioning problems in a distributed system will force you to sacrifice either availability or user experience to retain operational consistency. However, the key term here is “operational” — while latency is a primary concern during normal operations, a failure can quickly make availability the overall priority. So, why not create models for both scenarios?

It may help to frame CAP concepts in both “normal” and “fault” modes, provided that faults in a distributed system are essentially inevitable. This enables you to create two database and microservices implementation models: one that handles normal operation, and another that kicks in during failures. For example, you can design your database to optimize consistency during a partition failure, and then continue to focus on mitigating latency during normal operation.

Applying PACELC to microservices

If we use PACELC rather than “pure CAP” to define databases, we can classify them according to how they make the trades.

• In PACELC terms, relational database management systems and NoSQL databases that implement ACID (atomicity, consistency, isolation, urability) are designed to assure consistency, classifying them as PC/EC. Typical business applications, like human resources apps and ticketing systems, will likely use this model, particularly if there are multiple users using different component instances. Google’s Bigtable database is a good example of this.
• In-memory databases like MongoDB and Hazelcast fit into a PA/EC model, which is best suited for things like e-commerce apps, which need high availability even during network or component failures.
• Real-time applications, such as IoT systems, fit into the PC/EL model that databases like PNUTS provide. This is the case in any application where consistency across replications is critical.
• Database systems based on the PA/EL model, such as Dynamo and Cassandra, are best for real-time applications that don’t experience frequent updates, since consistency will be less of an issue.

Know the tradeoffs

The bottom line is this: It’s critical to know exactly what you’re trading in a PACELC-guided application, and to know which scenarios call for which sacrifice. Here are three things to remember when making your decision:

• Consistency is most valuable where many users update the same data elements.
• Availability is critical for applications involving consumers (who get frustrated easily) and also for some IoT applications.
• Latency is most likely critical for real-time and IoT applications where processing delays must be kept to a minimum.

Make your database choice wisely. Then, design your microservices workflows and framework to ensure you don’t compromise your goals.

The post The CAP theorem, and how it applies to microservices appeared first on Artificial Intelligence.

Microservice architecture is growing in popularity and its adopters are enjoying considerable success, suggests a new report from O’Reilly. 

The “Microservices Adoption in 2020” report, based on a poll of 1,500 software engineers, systems and technical architects, engineers and decision-makers, states that more than three quarters (77 percent) of businesses have now adopted microservices.

Of those adopters, meanwhile, almost all (92 percent) reported a high level of success. Further, a significant portion of businesses (29 percent) are “betting big” on the technology, looking migrate the majority of their systems to microservices.

“The majority of organisations have already started to migrate their monolithic systems, applications, and architectures to microservices, and many more are looking to begin that transition,” said Mary Treseler, Vice President of Content Strategy at O’Reilly.

“Breaking a monolith into microservices has clear engineering benefits including improved flexibility, simplified scaling, and easier management – all of which result in better customer experiences.”

Containers are also an important factor, according to the report, as half (49 percent) of businesses that claim “complete success” with microservices also deploy at least three quarters of their microservices in containers.

Overall, almost two thirds (62 percent) used containers to deploy at least some of their microservices.

“While container adoption in microservices contributes to microservices success, we saw a lower percent of container adoption than we did in our 2018 report,” said Treseler.

“For some adopters, technical debt from proprietary or monolithic systems might constrain them from using containers and it might be faster and less costly, at least in the short term, to deploy microservices in a database or application server.”

The post Microservice architecture growing in popularity, adopters enjoying success appeared first on Artificial Intelligence.

BaoTech Corporation and Neutrinos have partnered to offer new-age digital insurance applications to insurance carriers, brokers and InsurTechs.

These applications will be powered by eBaoTech’s Insurance PaaS platform eBaoCloud InsureMO (InsureMO) and Neutrinos’ Low Code Multi-Experience Development Platform (MXDP).

Joint customers can utilise the front-end application development capabilities for Omni-channels offered by Neutrinos’ Low Code platform.

They will also able to leverage the rich insurance APIs for policy whole lifecycle provided by eBaoCloud InsureMO.

eBaoCloud InsureMO is a containerised industry middleware based on microservices architecture.  It is said to accelerate fast innovations and deep connectivity for insurers, brokers, agents, MGA, affinity channels, and InsurTech startups.

The platform includes common APIs needed to manage the whole life cycle of General, Life and Health insurance policies, such as quotation, illustration, underwriting, payment, and claims.

Furthermore, it can seamlessly integrate with external applications and services such as OCR, voice recognition, payment and location by API calls.

Neutrinos’ MXDP offers a range of digital insurance distribution solutions to help insurers rapidly build applications on disruptive technologies and cater to customer demands.

The Neutrinos Suite of Insurance solutions is said to offer cost, resource, and time optimization.

Commenting on the latest development, eBaoTech corporate vice-president and Sales and Strategy head Rajat Sharma said: “We are excited to partner with Neutrinos and leverage the power of Low code platforms to deliver Insurance applications powered by InsureMO.

“With over 3,000 products from over 120 insurance companies across more than 10 countries configured on eBaoCloud InsureMO, we are sure that together with Neutrinos we will create enormous value for rapid digital transformation in the Insurance industry.”

The post Neutrinos, eBaoTech partner to offer digital insurance applications appeared first on Artificial Intelligence.

Microservice architecture works on the principle of displaying only the relevant details to the end-user. It conceals the complexities associated with software and hardware, operating systems, and development toolkits inside a standard service available to employees on network.

IT personnel refer to this functionality as an “abstraction layer”. If an employee is using a certain application and even if its vendors completely modify the physical location of the data center, hardware, or the programing language, the productivity of the application will not be affected in any manner. CIOs will find that for an internal software application, they no longer have to worry about the time-consuming and expensive labor of rewriting complex connections and interfaces between systems when using microservice architecture. The architecture runs on a standardized order management process and will deliver the exact results regardless of the application used, and the shift to a different platform will be seamless for any application that uses the service.

Best ways to implement a microservice architecture

IT leaders state that the best way to integrate the service is by using them in the organization’s service architecture. Most business applications and modern end-user applications are high-level logic and end-user interface that interacts via multiple microservices.

CIOs must be aware that these services require keys or registration and some services require payment after a point. This investment is however, less compared to building custom codes and maintaining them. Employees working on building microservices can identify the key services that the organization can deploy either externally or internally. Some examples of internal microservice include customer information that can be utilized by the organization’s customer support team, call center, and logistics application.

Microservices as a part of the technology tack

CIOs acknowledge that microservices have leveled the technology playing area to a huge extent. They are considering investing in it, as a measure to decrease the dependency on the legacy and proprietary systems. Using internal microservices ensures that organizations are independent of particular software or hardware third-party vendor and can easily upgrade parts of the infrastructure without affecting other applications.

Many IT leaders have put the concept of exploring microservices on hold as they consider the idea to be confusing and complex, but the service is pretty easy to be implemented.

The post Advantages of Embracing Micro services appeared first on Artificial Intelligence.

Large-scale software services fight the efficiency battle on two fronts—efficient software that is flexible to changing consumer demands, and efficient hardware that can keep these massive services running quickly even in the face of diminishing returns from CPUs. Together, these factors determine both the quality of the user experience and the performance, cost, and energy efficiency of modern data centers.

A change on one front requires adjustments on the other, and a new software architecture growing in popularity has posed a challenge to the hardware solutions current in most data centers. Called microservices, this modular approach to designing big enterprise software has left something to be desired in its interactions with another major rising force in datacenter efficiency, hardware accelerators.

To bring these two promising technologies together more effectively, CSE Ph.D. student Akshitha Sriraman, working with researchers from Facebook, has designed a way to measure exactly how much a hardware accelerator would speed up a datacenter. Appropriately named Accelerometer, the analytical model can be applied in the early stages of an accelerator’s design to predict its effectiveness before ever being installed.

Still a somewhat new technology in general computing usage, the effectiveness of hardware accelerators isn’t as easy to predict as CPUs, which have decades of experience behind them. Investing in this sort of diverse custom hardware presents a risk at scale, since it might not live up to its expectations.

But the potential for a big impact is there. Designed to perform one type of function extremely quickly, accelerators could theoretically be called upon for all the redundant, repetitive tasks used in common by bigger applications.

That includes microservices. This software architecture approach conceives of a larger application as a collection of modular, task-specific services that can each be improved upon in isolation. This allows for changes to be made to the larger application without needing to change one huge, central codebase. It also allows for more services to be added more easily.

Sriraman demonstrated that as few as 18% of most microservices’ CPU cycles are spent executing instructions that are core to their functionality. The remaining 82% are spent on common operations that are ripe for accelerating.

“Accelerating these overheads we identified can indeed improve speedup to a significant extent,” Sriraman says. Beyond speed, it would make all of the datacenter’s functions cheaper and more energy efficient. “Acceleration will allow us to pack more work for the same power constraints and improve resource utilization at scale, so data center energy and cost savings will improve greatly.”

The issue with microservices is that their designs can turn out to be quite dissimilar, particularly with regard to how they interact with hardware. For example, a microservice can communicate with an accelerator while continuing to run other instructions on a CPU, or it could bring all of its functions to a halt while it offloads to the accelerator. Both of these cases face different “offload overheads” (the time spent sending a task from one processor to another), which becomes lost time for the datacenter if it’s not accounted for.

“Each of these software design choices can result in different overheads that affect the overall speedup from acceleration,” says Sriraman. This overhead is left out of the picture in prior work, she continues, as is the impact of the different microservice designs on performance.

Additionally, accelerators themselves have to be used judiciously to have a net positive effect.

“Throwing an accelerator at every problem is ridiculous because it takes a lot of time, cost, and effort to build, test, and deploy each one,” she concludes. “There is a real need to precisely understand what and how to accelerate.”

Accelerometer is an analytical model that measures exactly how much performance would be improved by installing a given processor, if at all, with all of these nuances taken into account. That means it measures the positive effect of acceleration as well as the negative effect of spending time shuffling instructions around between computing components. And its capabilities aren’t limited to new accelerators—the model can be applied to any kind of hardware, ranging from a simple CPU optimization to an extremely specialized remote ASIC.

The tool was validated in Facebook’s production environment using three retrospective case studies, demonstrating that its real speedup estimates have less than 3.7% error.

The model is sufficiently accurate to already be put to use by Facebook, with early interest from other companies.

“We have received word that several of the big cloud players have started using Accelerometer to quickly discard bad accelerator choices and identify the good ones, to make well-informed hardware investments,” Sriraman says. Facebook is using the model to explore new accelerators, incorporating it as a first step to quickly sort out good and bad hardware choices.

The post Analytical model predicts exactly how much a piece of hardware will speed up data centers appeared first on Artificial Intelligence.

Chicago – January 29, 2020 – Instana, the leading provider of automatic Application Performance Management (APM) solutions for microservice applications, today announced new capabilities for monitoring the VMware vSphere Suite, as well as applications running on vSphere infrastructure.

Known for the ability to correlate infrastructure and application performance metrics and deliver actionable information to all stakeholders from development to operations, Instana’s latest release includes the ability to discover, map and monitor components running on VMware’s vSphere suite. Like the other supported infrastructure components Instana supports, application performance metrics are analyzed along with the new vSphere metrics.

“As organizations evolve their application environment to leverage the latest advancements in application and infrastructure, it’s critical that their operational tools provide the broadest flexibility and intelligent analysis, regardless of the infrastructure chosen,” said Chris Farrell, Technical Director and APM Strategist at Instana. “The addition of vSphere support to our cloud, container, orchestration and microservice platform monitoring allows users to understand how different architectural and infrastructure choices impact overall service levels and application performance.”

The vSphere announcement continues Instana’s legacy of excellence in monitoring applications and their underlying infrastructure together. Whether organizations run hosts physically, virtually or in the cloud, Instana enables them to quickly and easily see exactly how applications are performing and how the infrastructure is impacting those applications. With the ability to trace distributed requests end-to-end, the ability to see any and every possible infrastructure stack provides a complete picture of performance to Instana users.

Unlike other APM solutions, Instana fully automates the entire lifecycle of application monitoring including application discovery and mapping, monitoring sensor and agent deployment, and application infrastructure health monitoring. Whenever an application or infrastructure change occurs within dynamic applications, Instana recognizes the change in real time, instantly adjusting its application service maps, monitoring thresholds and health dashboards.

“Application migration is one particular use case for which Instana’s broad infrastructure and architectural support are a perfect combination to add value,” continued Farrell. “Whether migrating from monolith to microservices, physical to virtual hosts, or private to hybrid clouds, Instana’s automated discovery and performance monitoring provides the absolute quickest way to capture and compare different deployment options.”

The vSphere support and monitoring capabilities are available today as part of Instana’s automated APM solution. Learn more about Instana and their application monitoring solution at https://instana.com.

The post Instana Adds Vsphere Support To Automated Microservice Application And Infrastructure Monitoring Solution appeared first on Artificial Intelligence.

Application performance management (APM) solutions need to adapt now that the age of monolithic applications has evolved into microservice-based architectures, which are innately distributed and complex and therefore harder to monitor. 

Collecting vast troves of data on how apps are performing is no longer enough, and APM providers have been adding new ways to analyze that data that will drive meaningful and hyper-fast solutions to expose any bottlenecks or code dependencies. Whether that’s by adding AI, ML, new plugins or methods of monitoring, reliability and speed is on everyone’s mind. 

“It’s not just enough to monitor specific isolated metrics because it’s not enough to just detect that something’s wrong. You need to act fast because the environment is fast. The end user reaction to degradation is catastrophic,” said Daniella Pontes, the senior product marketing manager at InfluxData. “If you are in a big event day, you are talking about hundreds of thousands of dollars per minute or billions per day. So you can’t afford a degradation that can not be quickly identified and most importantly, fixed.”

In 2017, The Economist reported that the world’s most valuable resource is no longer oil, but data.

But data in application monitoring isn’t effective if it can’t be analyzed, which makes it all the more crucial to have easy-to-use and intuitive monitoring to transform that data into outcomes, Pontes added. 

Most commonly, teams use APM tools when they find out that their app is running slow, according to Denny LeCompte, the general manager of application management at SolarWinds. 

“You’re then trying to find out as rapidly as you can, is it the code? Is it the infrastructure? Is it the network? Is it the database? You’re trying to figure out where in the stack it is. If you can provide an application team a way to reduce the meantime to resolution or meantime to innocence, that’s it,” LeCompte explained.

APM solutions leverage data that is collected through API gateways, service mesh, business transaction tracking, log analytics and container APIs to determine both the performance experienced by end users of an application and to measure the computational resources to see whether there is an adequate capacity to support a load and to find potential bottlenecks. 

Service mesh is a relatively new method that aids APM in microservices. 

“Instead of using an API gateway which can be challenging, service meshes are a very new modern way that we can concentrate, be a proxy, and provide a point that all microservices can report to,” said Charley Rich, a senior director analyst at Gartner. “And then a monitoring tool can inquire to the service mesh to capture the collection of data. So it can act as a collection point and you can help in terms of ease of deployment and potentially performance.”

Another trend is the use of OpenTracing. OpenTracing is a CNCF project that includes a set of vendor-neutral APIs and instrumentation that is used for distributed tracing. 

“OpenTracing, census telemetry, service mesh and others need to be explored and utilized,” Rich said. “We’re moving from an era of the monitoring solutions go out and collect the data they need to an area where the infrastructure and applications are reporting back that information.”

Another major change in who uses the APMs in an organization has shifted more towards the developers, according to LeCompte. 

“Ten years ago the app dev guys would not have cared. That was not their problem. Whereas now, they’re definitely more involved and when there is a problem, they are more likely to go into the tool and expect the monitor tool to help them understand,” LeCompte said. “It’s getting to the point where any sort of application team would feel naked without a tool to provide them with visibility.”

Meanwhile, Pontes said APM solutions have evolved to a point where all parts of a team are using it. The developers are using APM to understand how fragmented code performs before moving forward with it in the production environment. The CI/CD teams are using it to understand what kind of impact that change can do and IT teams are using it to make sure everything stays as it should.

What used to be one slowly changing monolith is now all of a sudden dozens of quickly changing microservices that get changed on a weekly or even daily cadence, according to Ivo Mägi, the CEO of Plumbr. 

“Every change is risky by nature so you need to keep a closer eye on your microservices-based architecture because errors are just more likely to happen in situations where you have really agile release cadences,” Mägi said.

He added that APM helps users with availability metrics so that whenever those metrics drop below tolerable levels, the teams are aware of the issues emerging. Another important aspect is the distributed tracing throughout all the microservices in the back end that allows one to zoom in to the exact service failing and, better yet, into the single line of source code in a particular service failing. These functionalities cut down the time to resolution for every incident. 

“Technical monitoring solutions like APMs are similar to sport watches in the sense that through some sensors they gather data and turn it  into information. It would be like monitoring the heart rate or steps done during the day. Now if I just see that I did 3000 steps during the day, I don’t know whether I just broke the world record or am I the laziest guy in the world.. I actually haven’t changed my habits nor really gained anything It’s just a distraction after a while,” Mägi explained. “But if I know that 10,000 steps a day keeps the doctor away and that coupling this with an actual action and doing the remaining 7,000 steps, I have gained quality in my life. And to me this is really similar to what APMs are able to do. If you understand how and why performance and availability can impact your business and know when to respond then you can actually have a significant impact on your business.”

However, despite all of its benefits, creating an effective APM solution comes with a set of challenges. According to Rich, the biggest challenge when monitoring microservices is its ephemerality, and APM vendors have to adapt to work with it. 

“Usually agents for most cases are specific, so that’s problematic for a lot of vendors. To package agents in the containers, I need to know in advance what’s going to go into a container image. That’s a lot of work. And it also makes me more static when I’m trying to be agile,” Rich said. “They’re just there for moments, then gone and somewhere else, which makes monitoring challenging. That’s different from the traditional approaches to monitoring within an enterprise in a cloud,”

Another challenge, according to a Gartner report, is that many organizations don’t provide production visibility for the application development and DevOps teams that build microservice-based applications, resulting in an isolation from the IT teams that are responsible for operational deployment.

To fix these problems, Gartner recommends companies adopt a coordinated monitoring strategy between operations, developers and DevOps teams, enabling service discovery by using the API gateway layer, leveraging service mesh and maintaining up-to-date service metrics. 

Rich said companies that are undergoing digital transformation are the primary candidates for using APM solutions. Mode 2 applications that emphasize agility and speed need to be monitored the most because these are the ones that change frequently. Sometimes changes occur several times a day; therefore, protecting the money-making applications is most critical.

“Anything that’s built now really does need some sort of APM. I don’t really think there’s an application in modern times that doesn’t do better with some level of  monitoring,” SolarWind’s LeCompte said. “Lots of customers only monitor the most mission-critical things, but if you built it and it’s running part of your business, then if you’re not monitoring it, you’re just going to be surprised.”

LeCompte said this includes things many people would not immediately regard as an application, such as websites. Yet, web dev and web operations teams are constantly monitoring how different users are perceiving it. 

He added that users expect an APM solution to work out-of-the-box and to automate agent deployment. 

“Customers don’t want to have to spend weeks rolling this thing out. We do not think that a modern product should require some third party to go spend a bunch of time and money to make it work. It should all be a sort of automatic out of the box,” LeCompte said. 

Increasing automation to keep up with continuous deployment
In order to keep up with the rapid pace of monitoring, many APM solutions are adding AI and ML capabilities. Manual APMs are no longer equipped to deal with the dynamism and the scale that microservices require, said Pontes.

“You need to feed the data into artificial intelligence and machine learning frameworks to start automating certain aspects of the workflow. Because the human factor is actually the bottleneck,” Pontes said.

These machine learning additions do things like correlation and analysis to reduce the volume of alerts, preventing a storm, reducing false alarms, detecting anomalies and finding unusual values to then correlate them and then predicting the potential impact, Rich added.

“Machine learning has been embedded in many APM solutions, not necessarily to do anything new but to do what they did before much better,” Rich said. 

The post APMs are more important than ever for microservice-based architectures appeared first on Artificial Intelligence.

MATRIXX Software this week introduced what it claims as the industry’s first 5G digital commerce platform including a 5G 3GPP-compliant Converged Charging System (CCS).

The newly released MATRIXX Digital Commerce Platform delivers operational efficiencies and cost benefits by harnessing microservices and containers orchestrated with Kubernetes, says the Company. It features open-source Cloud Native Computing Foundation (CNCF) components with web scale advantages enabling platform independence. 

It also supports the full spectrum of monetization across 3G, 4G and 5G networks, providing a single platform on which operators can standardize their offerings while simplifying their IT infrastructure. The extreme scalability coupled with the business configurability of MATRIXX Digital Commerce enables new use cases requiring ultra-low latency and dynamic network slices, including right-sized Service Level Agreements (SLAs) and pricing. 

Marc Price, CTO, MATRIXX
Implementing MATRIXX’s 5G-ready solution provides operators a head start on innovative packaging and pricing ahead of 5G standalone deployments. MATRIXX is working with operators to plan 5G standalone deployments, where 5G services will demand the agility of a cloud native digital commerce platform.

John Abraham, Principal Analyst, Analysys Mason
An architecturally agile, elastic charging engine with support for standardized interfaces is key for the effective monetization of new services enabled by 5G.

The post MATRIXX’s New 5G-Compliant Charging System Supports Microservices and Containers Orchestrated with Kubernetes appeared first on Artificial Intelligence.

At the present time, there is a remarkable trend for application modularization that splits the large hard-to-change monolith into a focused microservices cloud-native architecture. The monolith keeps much of the state in memory and replicates between the instances, which makes them hard to split and scale. Scaling up can be expensive and scaling out requires replicating the state and the entire application, rather than the parts that need to be replicated.

In comparison to microservices, which provide separation of the logic from the state, the separation enables the application to be broken apart into a number of smaller more manageable units, making them easier to scale. Therefore, a microservices environment consists of multiple services communicating with each other. All the communication between services is initiated and carried out with network calls, and services exposed via application programming interfaces (APIs). Each service comes with its own purpose that serves a unique business value.

Within a microservices deployment, one must assume that the perimeter is breachable.  Traditional security mechanisms only provide a layer of security for a limited number of threats. Such old-fashioned mechanisms are unable to capture the internal bad actors where most compromises occur. Therefore, it is recommended to deploy multiple security layers and employ zero trust as the framework. This way, the new perimeter and decision point will be at the microservice.

In this day and age, we must somehow enforce separation along with consistent policy between the services, while avoiding the perils of traditional tight coupling, and not jeopardize security. We need to find a solution so that the policy is managed centrally. However, at the same time, the policy should be enforced in a distributed fashion to ensure the workloads perform as designed and do not get compromised.

The cost of agility

The two main drivers for change are agility and scale. Within a microservices environment, each unit can scale independently, driving massively scalable application architectures. Yet, this type of scale was impossible when it was necessary to couple heavy data services along with the application.

The ability to scale and react rapidly increases business velocity, which allows organizations to reap the benefit in terms of cost and resilience and also improved ways of managing and building the application. However, the decentralized nature of agile deployments introduces challenges in terms of governance.

We should keep in mind that we now have a distributed organization with sub-teams responsible for individual microservices, In addition, the patching and updates are carried out in real time. Eventually, this creates a gap that needs to be filled. The gap consists of visibility and the ability to scale policy in a distributed fashion.

Complexity is the enemy of security

The cloud-native approach introduces considerable complexity. Besides complexity, the end user is responsible for securing their own environment. With microservices, there are many more moving pieces and paths of communication, introducing complexity that must be managed. We need to manage this complexity while keeping the holistic view of the application and visibility as to how each component is operating.

The attempt to secure a complex deployment using existing tools does not work and leads to a complicated security solution with complex policies. Complexity is the enemy of security. As security solutions become more complex, they become unmanageable and less secure. There is a requirement for a new unified security framework that can adapt to the different microservice environments while still providing full visibility along with simplified policy management.

You really need to know who is talking at any given point, authenticate the source, and authorize the type of transaction the API communication is trying to do. You should be aware of the specific communication, which is going on within these channels and what should be authenticated and authorized to communicate.

This is impossible to do efficiently unless changes are introduced to the microservices architecture. Microservice deployments are susceptible to an array of security threats. API vulnerabilities, logic attacks, lateral movements, and the inadequacy of traditional security tools bring the systems to a halt like a house of cards tumbling down.

Diverse traffic patterns

Today’s traffic patterns are different from those of the past. Nowadays, there are a lot of APIs connecting inbound and outbound along with internal communication. The APIs are all public, open and customer facing. The administrators are permitting this type of communication in and out of the public and private data center.

There is typically considerable asymmetry between the front-end ingress API and the backend APIs. Considering the customer environment, there is an initial consumer API call, but that propagates numerous other backend API calls to carry out, for example, user and route lookups.

As the microservice environment develops more components, it is difficult to monitor and make sure everything is secure. The deployment of web application firewalls (WAFs) to secure the public APIs and the use of next-gen firewalls filtering at strategic network points cover only a part of the attack surface. We must still assume that the perimeter is breachable along with the high potential for internal bad actors.

Traditional security mechanisms fall short

The network perimeter was born in a different time and traditional security mechanisms based on Internet Protocol (IP) and 5-tuple no longer suffice. The traditional perimeter consists of the virtual or physical appliance such as a firewall, IPS/IDS or API gateway located at strategic network points. Actually, the traditional perimeter with its traditional security mechanisms only provides the first layer of security. Even though it is labeled as defense in depth, still it is far from reaching that status in a microservices environment.

For example, API gateways are meant to manage the inbound calls. APIs are registered with the API gateway, which changes the workflow. They don’t scale in a microservices environment where there could be hundreds of services, each one exposing a number of API’s and each service containing multiple instances.

The API gateway needs to scale not just with the external traffic, but also with east to west internal traffic. This is the order of magnitude that holds the significant share of total traffic. Web application firewalls (WAFs) do not change the workflow but they share some of the challenges of API gateways. It is impossible to create and manage security when policies are not distributed to the workloads. There is a lot of work to be done for just a limited number of APIs that exponentially grow with internal communications. This is clearly not practical in case of microservices deployments.

Next-gen firewalls are typically the central security resource. They are more suitable for north to south traffic flows but not for internal east to west. In this world where everything is HTTP, firewalls do not offer the best visibility and access control. A firewall typically forces security on the source and destination IP and protocols, but in a microservices environment, the regular communication port is 80/443. It is very common for all to use the same port and protocol for communication.

For this to work, the firewall would need to follow the identity of the source and destination IP address along with the source and destination port numbers. It should have the ability to deal with an orchestration system, changing the identity all the time.

Enforcement should be done in a distributed fashion, right down at the workload level. If what you are monitoring and protecting is accessible to the application and application behavior, it matters less where the attacks come from. However, security frameworks based on traditional mechanisms can leave many avenues for bad actors to camouflage their attacks.

The larger attack surface requires a new perimeter

If the security cannot follow the microservices, you need to bring the security to the microservice and embed the security with the microservice. An effective perimeter is the decision point at the microservice that is not set at the strategic points located within the network. The new perimeter is at the microservice layer and everywhere that has an API. This is the only way to protect, especially when it comes to logic attacks.

Logic attacks become more prevalent in a microservices environment. This type of threat is carried out by a sophisticated attacker, not a script kiddy using a readily accessible tool. They take their time to penetrate into the perimeter to silently explore the internal environment and to go unnoticed while accessing valuable assets.

Cloud native applications expose their logic in multiple layers, not just one. Each microservice exposes some application logic through an API and these APIs if not efficiently secured, can be manipulated by a bad actor. A practical example would be an API that is meant to give you information about a single entry in a database. If the bad actor is able to modify the query slightly, they can pull multiple entries in the database that they do not have authority to access. Now, this can be exploited in every single API, which presents a much larger attack surface than before. This can bring about the opportunity for advanced persistent threat (APT).

As stated earlier, the distributed architectures give a much larger surface area. Each one of these small components is exposed to threats. The surface area is the sum of all APIs and the interactions both internal and external of the application. If you examine an API that is exposed to the outside, you would see hundreds of API calls. This offers numerous ways to exploit the vulnerabilities of an externally facing API. Within a kill-chain, the API is not just used to gain access but also as a way to perform lateral movements.

We also have challenges with traffic encryption. A large part of security in the new age of east to west traffic is the ability to have everything encrypted. It is the role of the application to perform the encryption.

In a microservices environment, key management is a difficult task. Besides, IPsec has a very coarse granularity. If you are looking for encryption with finer granularity in this environment then you need a new type of solution.

Solution components: identity

Workloads can be encapsulated in a number of ways such as a virtual machine (VM), bare metal or container. As a result, what’s required is a mechanism to provide a provable and secure identity to the application, not just to the server or container but also to the actual workload that is running. Ideally, identity can be a list of attributes. Think of them as the key-value pairs that describe an object to the level of detail that you want. Indeed, the more detail you have, the better.

The process of providing identity to a service is called identity bootstrapping. You have to trust something in order to provide application identity i.e. there needs to be an external source of truth. Companies such as AWS, VMware, and Octarine provide this by integrating with the orchestration system.

The orchestration system could be anything from vCenter to AWS ECS to Kubernetes. The system monitors events of new workloads being spawned. After validating the newly spawned workload, the workload is provided with the credentials it needs to prove its identity. After validating that it is legitimate, the newly spawned workload is provided with the credentials it needs to prove its identity. This way, the secrets are never kept in the code, container image, or in kubernetes.

Solution components: visibility

Once the identity is taken care of, we must create security based on the secured identity. How do you enforce policy and how does it get represented when you communicate it to something else?

Firstly, you need to rely on the application identity and monitoring traffic at layer 7. This is because on every API call the caller identifies oneself. You can add the identity on the client side and server side, validate the identity and log the API call to a central system.

The central system aggregates all API calls in all deployments for the customer’s environment and provides extensive visibility. This visibility extends over time to include the history of any changes. Such visibility is useful in agile environments.

Solution components: anomaly detection

You must try as much as possible to enforce the policy at the endpoint. However, sometimes in order to detect sophisticated attacks, you have to correlate multiple sequences, such as time of the day, payloads, and geographic access patterns.

Anomaly detection is needed that comprises a component responsible for looking at all the signals at a given time. Further, it should recognize small deviations from the baseline that could not be detected if you are looking at a single endpoint.

Solution components: policy

In the past, policy presented two prevailing themes – ACL distributed policy solutions and segmentation based on VLANs. You really need to start to think about policy being centrally administered but highly scalable and distributed by way of enforcement.

The policy should be based on workload identity and not network identity. With cloud-native, there is no alignment between the identity of a workload and its network identity. You cannot enable security enforcement through pre-defined network policies laid on traditional means.

The policy should also be driven by visibility, enabling feedback about policy and information about violations. This would allow the administrators to update the policy as required.

The promise of cloud-native applications and agile environments has many benefits for business. Cloud-native deployments left to the default lacks proper security tools and methodologies. However, with a guarded approach, you can reach a secure cloud-native agile environment.

The post Securing microservice environments in a hostile world appeared first on Artificial Intelligence.