Deploying a Secure Cloud Native Microservices Platform

Microservices architecture has been evolving over the years and there is a lot of open source and vendor components that you can use to deploy a secure microservices platform.

Below I am putting together the key components and how you can manage the distribute the different capabilities needed to build out and deploy a modular plug and play platform that you can scale and that meets all the security needs. The above diagram can look daunting but to build a scalable reliable platform does take some effort. I have tried to use most open source technologies as possible to put this together but in some cases it just makes sense to leverage the vendor products such as apigee and cloudflare as it’s probably not worth it to build out those capabilities yourself from a cost, coordination perspective. The main focus of the team should be to build the microservices and anything that can keep it easy to manage, deploy, orchestrate etc. should be transparent to them and available at their fingertips.

We can break down the architecture into 4 major architectural layers to segregate key roles and responsibilities of your platform

1. Outer Architecture

The major focus of this layer is security with a focus on protecting your microservices from reducing the threat vectors and your attack surface protecting you from external attacks such as bots, DDOS etc and giving you visibility and ability to manage and monitor the traffic coming in, along with providing some key capabilities to scale and manage your platform entry points.

This has 3 key components-

a. Cloud Security Access Brokers (CASB) / Web Application Firewall (WAF)

This is your entry point and is the firewall that can help secure your website/infrastructure, prevent attacks and filter only the meaningful traffic for your site on appropriate protocols and also manage any firewall rules for outgoing traffic .

b. API Gateway

Mediates (proxies) access to your APIs

c. CDN

A content delivery network (CDN) provide fast delivery of Internet content allowing for the quick transfer of assets needed for loading Internet content including HTML pages, javascript files, stylesheets, images, and videos.

2. Inner Architecture

This is what you need to manage your microservices including, api management, api security, service to service communication , performance, reliability and scalability and monitoring and collecting the metrics to manage the overall platform.

This includes 3 key components

a. Service mesh Architecture

The two main goals of a service mesh are to allow insight into previously invisible service communications layers, and to gain full control of all microservices communication logic, like dynamic service discovery, load balancing, timeouts, fallbacks, retries, circuit breaking, distributed tracing, and security policy enforcement between services. The insights are provided by traffic audit and tracing features.

b. Event Mgmt. Infrastructure -

This layer helps manage the event and streamlining the flow of communication inside and outside your microservices platform.

c. Microservices Architecture

This is where you define how granular you want to build your microservices based on a domain driven and behavioral design approach . The first layer an be your data orchestration services, followed more by your domain capability services and then more granular data and functional services.

3. Data Architecture

These are the data stores that you need to store and cache you data, and your data analytics, data warehouse capabilities to manage your platform. you could use a mix of databases here with different capabilities based on need for caching, document data, transactional data.

4. Platform Management Architecture

This defines how to manage the platform focusing on your internal team and the various functions needed to build the platform, deploy your services and monitor them in production.

a. Development

This is the developer toolbox which helps them manage the api lifecycle end to end and integrates with the devops capabilities to manage your codebase and deliver it to your test or production environments.

b. DevOps

This includes you CI/CD capabilities including managed you builds, containers mgmt, kubernetes pods management, deployment, scaling and swapping out services, versioning etc to have an efficient pipeline to migrate code into various environments.

c. Production Mgmt

This is about managing your infrastructure including distributed tracing, monitoring/ alerting capabilities, ability to index logs, search and retrieve them and your dashboards to view your key metrics. Some these can also feed into your CI/CD pipeline depending on how much automation and scalability you want to build into the platform.

This is first in several sets of posts on microservices architecture. I will go into each architecture level deeper and talk about them in more details in subsequent posts.

I have no affiliation with any of the companies mentioned above in the article. I have collected this data based solely on my research and what seemed like the best option to me keep it as vendor agnostic as possible. There might be other similar options existing that can provide the same feature set and you also have a build vs buy decision in some cases or you could use some of the capabilities provided by your cloud provider.