Cloud Native ComputingContributory Expert VoicesDevelopersDevOpsKubernetesSecurity

Managing the Enterprise Configuration Complexity Clock for Modern Application Networks

0

At scale, an Enterprise has to deal with integration configurations that may consist of K8s, service mesh, 3rd party tooling, and infrastructure. The management and governance of these configurations, especially under a Zero Trust environment, are complex and sophisticated. Misconfigurations easily lead to security vulnerabilities and governance nightmares. In the IT Operations world, it is critical to be able to maintain configurations easily, which is the so-called configuration complexity issue.

To solve this issue, the IT industry has evolved configuration management solutions from hard-coded data, to value-managed configurations, to rules engines, and eventually Domain Specific Languages (DSLs). With DSLs, engineers can do many things. However, as the configuration complexity increases, DSLs become harder to understand, maintain and afford, especially for proprietary DSLs. In the end, the efforts spent on maintaining DSLs equal that of maintaining hard-coded configurations. We find ourselves back at zero, trapped in the Configuration Complexity Clock (CCC) issue.

Enterprises are increasingly migrating from traditional software environments to more dynamic ones where the application becomes the network. These applications consist of distributed workloads, connected via APIs, and running on hosts that are multi-cloud and hybrid. The configuration complexity becomes unmanageable and unaffordable. The market calls for a robust, resilient, and transparent application network management framework.

What is Application Networking Management?

As defined by Gartner VP Analyst Kevin Matheny in the “Solution Path for Applying Microservices Architecture Principles” report in December 2021, the core capabilities of a microservices platform consist of several core capabilities including a runtime platform, external gateway, service mesh, backing services, developer experience, and telemetry. The aforementioned service mesh and external gateway are just two of the functional components of application networking management, which also include multi-tenant team enablement, configuration management, and enterprise governance.

As organizations shift toward more granular architectures they find themselves dealing with a paradoxical situation. The complexity of individual services decreases, but as the ecosystem grows the surrounding configuration complexity increases. A large portion of the complexity is driven by the declarative connectivity networking requirements as outlined by Gartner Analysts Simon Richard and Gary Olliffe in their 21 September 2021 article “Using Emerging Service Connectivity Technology to Optimize Microservice Application Networking.” The Introduction of technologies such as Envoy, eBPF, NATS, CNI, and more have enabled a new level of operational control. This enables developers and DevOps engineers to concisely specify network protocols, policies, and services. Their applications essentially now are the network. This also creates more complexity, more risk, unknown vulnerabilities, and an inability to manage critical assets for an enterprise.

An application networking management layer abstracts this complexity and ensures enterprise governance. It performs the hard work of integrating these additional technologies to provide the management, control, security, and visibility needed by today’s software development teams. It provides ample functionality for enterprise teams to create governance and rules to adhere to while shifting the pace of development and delivery from I&O teams to application teams.

For example, security-focused Network / Security Operations teams can better perform their jobs, because the application teams leveraged the provided enterprise default modules for microservices at scale. These modules and rules are seamlessly embedded into an application developer’s DevSecOps pipeline without having to instrument or write specific code. Their applications, APIs, and enterprise service calls will capture advanced telemetry, detect anomalies, conduct active and passive health checks, and surface heuristic insights. These kinds of application networking management functions can also prioritize security requirements to enable zero-trust network access, redefining the blast radius from a network construct like a VPC, namespace, or POD, to the application and its service level calls.

On the Role of Automation in an Application Networking Management

Application networking management enables a number of automation capabilities designed to alleviate cognitive and repetitive stress on developer and DevOps teams. For example, some enterprises have introduced GitOps, the operational framework that applies DevOps best practices to infrastructure automation. GitOps ensures tracking of changes and movement from environment to environment. This represents a cultural shift for some. Those that do not adopt it will likely suffer detrimental performance impacts as they work to keep up with their industry competitors who have already adopted the framework. Enterprises should implement an application networking management layer with GitOps, ensuring critical network policies are a separate concern from hosted infrastructure configuration and does not intrude upon software development application CI/CD needs.

With a GitOps-enabled application networking management, development and DevOps teams can:

Automate Hard Things

The combination of enterprise application networking and GitOps delivers the automated management and control necessary to solve the challenges of traditional Network Security Operations (NetSecOps) for software endpoints across your environments. GitOps-enabled application networking provides a centralized working repository, enterprise application networking configurations, and valuable heuristics collected about your application’s critical vulnerabilities. They also enable rapid responses to situations in your environment, and faster, more efficient scaling.

Improve Communications and Collaboration

GitOps centralizes your team’s application networking configuration as code into Git repositories, ensuring that any changes that are made are clear and concise for reviewing team members. This also creates a source of truth that is managed, backed up, versioned, and enables rollback to a given known state of “good”.

Enhanced Traffic Security

mTLS is a must today, but that is not enough when your applications become your network. When application network configurations are properly applied as an access control method, it enables the performance of various shaping functions at granular levels. These functions take the form of authN/Z type token exchanges per service, per route, and are well beyond when mutual trust is established between service A and service B. These configurations can be used to prevent unauthorized user access to internal and external API calls, data access or decryption, or even APIs that are part of your monetization strategy.

Illuminating Observables

The enterprise must be able to obtain various observable audit data on application, API, and service usage over time, such as who has been accessing enterprise assets and even what information particular users are looking for in your data. This vital information can be collected and aggregated into other tools, allowing you to visualize and analyze requests coming into and going out of your application network, study potential patches, or help you make software deprecation decisions.

Immediate Response

Rapid responses are sometimes needed to ensure availability and integrity. Application networking enables mechanisms to edit configurations directly, allowing you to add restrictions, limits, and mitigation options which can also be reverted if necessary. Some examples include canary routing, zone-aware routing, setting application or API-specific load balancing policies, and more.

What Other Kinds of Benefits Does Application Networking Management Provide?

Application networking management offers significant value to large-scale organizations. Teams can employ automation to concurrently deliver more consistent code much faster than before. This can also extend the lifespan of existing on-premises investments, bringing them into cloud-native parity.

Application networking management is critical to enterprise API integration, creating new business streams, while concurrently providing intelligent asset management and control over the entire enterprise applications stack. The unified nature of an application networking management layer enables zero-trust enforcement throughout the entire application’s sphere of influence.  A last benefit comes in the form of enhanced governance and insights across apps, services, data, and users.

Conclusion

The pace of innovation in today’s enterprise technology environment is not slowing down. The adoption journey to achieve greater application agility, flexibility, and scalability can be complex. Doing so means an increase in the number of apps, APIs, and services connected across the enterprise cloud. Application networking management platforms provide modern software development teams with a unified OOTB means of ensuring omni-directional traffic management and policy control, zero-trust security, operational insight, and automation at scale. These platforms provide an effective means of managing applications and networks across clouds and data centers, and should be on the short-list of any enterprise CIO or CTO seeking to enhance their critical IT infrastructure.

Disclaimer:

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. Gartner is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.


Chris Holmes, CEO, greymatter.io 

Don't miss out great stories, subscribe to our newsletter.

BigID Leverages Slim.AI Technologies to Ensure Application Security 

Previous article

PostgreSQL 15 Now Available With MERGE SQL Command, Improved Database Security

Next article
Login/Sign up