Google, IBM and Lyft launch Istio, an open-source platform for managing and securing microservices

Microservices, that is, breaking larger applications into small parts that communicate over APIs, is increasingly becoming the architectural style of choice for many developers (especially when coupled with containers). Managing this fleet of services introduces its own set of challenges, though. To help developers and DevOps professionals manage and secure their microservice-based applications, Google, IBM and Lyft today announced Istio, a new open platform that allows you to create a network of deployed services, and which includes tools for load balancing, service-to-service authentication and monitoring, among others.

It can do all of this without requiring any changes to the actual applications. That’s because Istio sits at the network level and uses a proxy to intercept all network communication between your microservices. At its core, Istio uses the Envoy proxy (which was developed by Lyft) and its built-in service discovery and load balancing tools, among other things.

“As monolithic applications are decomposed into microservices, software teams have to worry about the challenges inherent in integrating services in distributed systems: they must account for service discovery, load balancing, fault tolerance, end-to-end monitoring, dynamic routing for feature experimentation, and perhaps most important of all, compliance and security,” the Istio team explains. “Inconsistent attempts at solving these challenges, cobbled together from libraries, scripts and Stack Overflow snippets leads to solutions that vary wildly across languages and runtimes, have poor observability characteristics and can often end up compromising security.”

A company could standardize on a single library for managing the communication between services, but the team argues that that’s unlikely to happen, would leave out existing services and reduce flexibility.

Istio essentially provides developers with a single service mesh that provides the monitoring services to then implement the necessary load balancing, flow-control and security policies they need to keep their applications running even if the network isn’t reliable. Istio also allows developers to authenticate and secure the communications between different applications using a TLS connection (which means the developer doesn’t have to manage certificates, for example).

Given the fact that Google is involved, it probably doesn’t come as a surprise that Istio currently only supports the Kubernetes container orchestration service, though the plan is to support other environments in the future. The overall idea is to allow Istio to span various environments, no matter whether that’s a public cloud Kubernetes or Mesos, for example. Google also plans to bring Istio support to Cloud Endpoints and its Apigee API management platform (which it acquired for $625 million last year).

It’s worth noting that this isn’t all that different from linkerd, a similar project that is now part of the Cloud Native Computing Foundation, the home of the Kubernetes project. Linkerd already offers support for Docker and Mesosphere’s DC/OS, among others, though.