Grey Matter is composed of Fabric, Data, and Sense. Internal to each component is a series of microservices that offers several core features. Each feature simplifies technical challenges associated with service management, such as:
The following diagram shows the workload distribution between Grey Matter's core components.
Fabric powers the zero-trust hybrid service mesh, which consists of the Edge, Control, Security, and Sidecar. You can use Fabric to connect services regardless of language, framework, or runtime environment.
Secure network fabrics provide bridge points, observability, routing, policy assertion, and more between on-premise, multi-cloud, and multi-PaaS capabilities. Fabric offers workload distribution and management within a hybrid environment.
Grey Matter supports multiple runtime environments with multi-mesh bridges as shown below. These environments include:
Multiple cloud providers (i.e. AWS and Azure)
Container management solutions (i.e., K8s, OpenShift and ECS)
Fabric operates at OSI model layers 3 (network), 4 (transport), and 7 (application) simultaneously. Providing a powerful, performant, and unified platform to run, manage, connect, and perform distributed workloads across a hybrid architecture.
Layer 3 operates at the TCP level. Responsible for transferring data“packets” from one host to another using IP addresses, TCP ports, etc., determining which route is the most suitable from source to its destination. At this level, network-segmentation is able to be performed using ABAC, RBAC, and NGAC policies set within each sidecar. More details can be found in the Security Model section.
Layer 4 coordinates data transfer between clients and hosts. Adding load balancing, rate limiting, discovery, health checks, observability, and more built on top of TCP/IP. Layer 3 and 4 alone live within the TCP/IP space and are unable to make routing decisions based on different URLs to backend systems or services. This is where layer 7 comes into the architecture.
Layer 7 sits at the top of the OSI model, interacting directly with services and applications responsible for presenting data to users. HTTP requests and responses accessing services, webpages, images, data, etc. are layer 7 actions.
The following graphic shows Fabric's basic capabilities--access, routing decisions, rate limits, health checks, discoverability, observability, proxying, network and micro-segmentation--and how they leverage all features found within each of the OSI layers described above.
Grey Matter Edge handles north/south trafficflowing through the mesh. Multiple edge nodes can be configured depending on throughput or regulatory requirements requiring segmented routing or security policy rules.
Traffic flow management in and out of the hybrid mesh.
Hybrid cloud jump points.
Load balancing and protocol control.
Edge OAuth security.
Automatic discovery throughout your hybrid mesh.
Templated static or dynamic sidecar configuration.
Telemetry and observable collection and aggregation.
Neural net brain.
API for advanced control.
Grey Matter Fabric offers the following security features:
Verifies that tokens presented by the invoking service are trusted for such operations.
Performs operations on behalf of a trusted third party within the Hybrid Mesh.
Add Grey Matter to services by deploying a sidecar proxy throughout your environment. This sidecar intercepts all network communication between microservices.
The Grey Matter Sidecar offers the following capabilities:
Multiple protocol support.
Observable events for all traffic and content streams.
Certified, Tested, Production-Ready Sidecars.
Native support for gRPC, HTTP/1, HTTP/2, and TCP.
Once you've deployed the Grey Matter Sidecar, you can configure and manage Grey Matter with its control plane functionality.
Automatic load balancing for HTTP, gRPC, WebSocket, and TCP traffic
Fine-grained control of traffic behavior with rich routing rules, retries, failover, and fault injection
A policy layer and configuration API supporting access controls, rate limits and quotas
Automatic metrics, logs, and traces for all traffic within a cluster, including cluster ingress and egress
Secure service-to-service communication in a cluster with strong identity-based authentication and authorization
The following diagram shows how the Grey Matter Sidecar would operate in a North/South traffic pattern.
Grey Matter Data is an API that enables secure and flexible access control for your microservices. Data consists of Grey Matter Data and JWT server, and includes an API Explorer to help you manage the API.
The Grey Matter application is our user dashboard that paints a high-level picture of the service mesh. The Grey Matter application includes the following features:
Running state of all services
Search, sort and filter options
Historical metrics per service
SLA warnings/violations (powered by SLO)
Real-time metrics per service instance
Service instance drill down
Grey Matter Service Level Objectives (SLOs) allows users to manage objectives towards service-level agreements. These objectives can be internal to business operations or made between a company and its customers. They are generic and are valuable in more than one use case.
SLOs combine with Grey Matter application time-series charts to visualize warning and violation thresholds for targeted performance analysis. These objectives are used even further to train Sense AI for service scaling recommendations.
Business Impact allows users to set metadata on services with the goal of associating how critical a service is towards the operations of a company, mission, or customer. Business Impact provides a list of values (Critical, High, Medium, Low) that correlates each service's business impact. Sense lets users of the Grey Matter application configure these values themselves, which can be used to filter and search via the mesh overview.
Grey Matter Catalog acts as an interface between the data plane (network of sidecars) of the service mesh and the Grey Matter application. Catalog provides a user-focused representation of the mesh.
Learn how to use the Catalog here.