Secure Sockets Layer (SSL) technology encrypts a link between server and client. An SSL certificate encrypts data sent from a client computer to a server. While doing so, “HTTP” turns into “HTTPS”. The added "S" means secure. Grey Matter’s sidecar supports 2-way SSL during the entire HTTP request transport.
An ACL filter tells an operating system which users or processes can access objects such as files. It dictates operations users can perform on these objects. Each object has a security attribute that identifies its ACL. Grey Matter’s sidecar supports ACL impersonation of whitelisted server Distinguished Names (DN).
Server application threads often impersonate a client to access objects on the server or to validate access to a client’s own objects. Impersonation lets a thread execute with different security information from the process that owns the thread. Grey Matter uses an ACL impersonation filter to establish user privileges and permissions.
AWS is a secure cloud service platform that offers power, storage, and content delivery. CloudWatch lets you track log files, metrics, and alarms. It can monitor Amazon databases and customized metrics. Grey Matter’s sidecar supports Amazon Web Services (AWS) CloudWatch metrics.
EC2 is a web service that provides scalable computing capacity in the AWS cloud. Grey Matter can be deployed to the AWS EC2 platform. Using EC2, developers can build and deploy their applications without hardware constraints. Grey Matter has the ability to autoscale in EC2.
AWS S3 is an object storage service that offers industry-leading scalability, data availability, security, and performance. Customers of all sizes and industries can use it to store and protect any amount of data for a range of use cases (websites, mobile apps, backup and restore, archive, enterprise applications, IoT, big data analytics).
Kafka is a fast, scalable, durable, and fault-tolerant publish-subscribe messaging system. Kafka is often used in place of traditional message brokers like JMS and AMQP because of its higher throughput, reliability, and replication. Grey Matter uses Kafka to perform asynchronous communications, such as emitting observable information and data replication across regions.
ZooKeeper is a centralized service for distributed applications. It offers a naming registry and features for maintaining configuration information. It also provides group services and distributed synchronization. It is applied to C or Java in combination with a service component. Grey Matter’s sidecar supports ZooKeeper for easy service discovery within the existing microservice infrastructure. Grey Matter leverages ZooKeeper in two ways: first as a dependency of Kafka and second as a service discovery mechanism when deployed with the Grey Matter ZooKeeper xDS.
Artificial Intelligence for IT Operations (AIOps) is the application of machine learning against multiple system and device operations big data sources in order to identify and set optimal performance parameters for each system on the service mesh. The algorithms predict and correct anomalies in real-time without human intervention.
Authorization is a security mechanism used to determine user/client privileges and access rights to resources related to information security and computer security. Authorization is normally preceded by authentication for user identity verification. OAuth, TLS/SSL, and other forms of security and authorization must not be hard-coded into the service. Every PKI key must be able to be overridden by the correct environment certificates at runtime.
Automatic network routing minimizes cycles and storage for routing packets through intermediate nodes. The system selects the routing path for each connection. Microservice instances have dynamically assigned network locations, and service instances change dynamically due to dynamic behaviors. There are two main service discovery patterns: client-side and server-side discovery.
The amount of data transmitted during a fixed time. Bandwidth is usually expressed in bits or bytes per second (bps).
A blacklist is an ACL configuration option that denies no Distinguished Names (DNs) at first. It denies only specified DNs when given a non-default string.
The CPU is the part of the computer that performs calculations, actions, and runs programs. CPU utilization describes the percentage a service requires of the CPU over time.
When making a request to a service, a client finds the service instance location by querying a service registry.
Command-line options pass parameters to a program, and flags modify those parameters. Most command-line options are single letters preceded by a “-”. Setting command-line options and flags is a good runtime configuration approach for services running outside of Docker (as a local binary or package).
A runtime system includes the software and hardware resources needed to execute a program, regardless of the programming language being used. Grey Matter recommends setting configuration options from environment variables at runtime.
Thresholds are user-specified values that determine when metrics exceed or drop below certain limits. Using thresholds lets you focus on pertinent data. From the Grey Matter dashboard, you can configure most thresholds by clicking on a service, then clicking the Configuration tab.
The Grey Matter Control Planeis responsible for the configuration and policy management of all microservices running atop a service mesh. The control plane is a dedicated and decentralized miniature infrastructure layer comprised of sidecar proxies responsible for handling service-to-service communications, security compliance, optimization and automation. In the case of Grey Matter Fabric, the control plane orchestrates the operations of all distributed sidecar proxies operating on the service mesh.
DDNs are comprised of a globally-distributed network of edge servers that optimize web data delivery by bringing data closer to its ultimate user end-point. In the case of Grey Matter, the DDN lets secure enterprise data capture, store, sync, cache, move and share of any kind, to and from consumers and services, anywhere around the globe.
The service mesh data plane is responsible for observing, capturing, and communicating every discovery, routing, health check, load balancing, and authentication action that occurs atop the service mesh from instance to instance. In the case of the Grey Matter Data Distribution Network (DDN), the data plane also allows secure enterprise data capture, store, sync, cache, move and share of any kind, to- and from- consumers and services, anywhere around the globe.
DC/OS is an open-source distributed operating system based on the Apache Mesos distributed systems kernel. Grey Matter can be deployed to DC/OS and Grey Matter has the ability to autoscale on the DC/OS platform. DC/OS manages multiple machines in the cloud or on-premises from a single interface; deploys containers, distributed services, and legacy applications into those machines; and provides networking, service discovery, and resource management to keep the services running and communicating with each other.
Microservices typically depend on additional microservices, databases, or servers. Grey Matter requires dependent services to be configurable at runtime. Dependencies must be accounted for at all phases of development and operations. For example, in the case of infrastructure modernization, dependencies that violate a target module structure need to be resolved before code can be extracted from a monolithic code base into a new module.
Each microservice is built and deployed as a set of service instances that can be measured for throughput and availability. Services must be independently deployable and scalable and isolated from one another, so users can monitor the behavior of each service instance. Each container should have one responsibility and one process.
A DN is a fully-qualified path that traces an entry back to the root of the tree. A DN has a unique name that identifies an entry at the appropriate hierarchy.
Docker is a software virtualization platform that allows users to create a container inside their computer. A container is a small preconfigured virtual computer with its own OS that lets users run any software just as on the main computer.
The system the internet uses to regulate and track domain names and addresses.
EGRESS 2-Way SSL refers to network traffic going from our sidecar to a deployed service. EGRESS processes and mechanisms protect services and information from unintended or unauthorized use, change, or destruction.
To enable ACL, a filesystem must be mounted with the ACL option. The Grey Matter Sidecarsupports custom mutual TLS impersonation logic. This logic allows one service (A) to impersonate any user (X) when making a call to another service (B). Provided the client certificate presented by service A is on the access control list configured for service B.
An encryption key is a random string of bits that scrambles and unscrambles data. Asymmetric, or public/private encryption, uses a pair of keys. An asymmetric key pair consists of a public key that encrypts, and a private key that decrypts. Data encrypted with one key is decrypted only with the other key in the public/private key pair.
Endpoints are any device on the edge of the network or outside the corporate firewall, such as a laptop, tablet, mobile phone that connects to a central network, cloud storage, and/or VPN. Endpoints compute across any device or network, with always-on security protecting companies and users across local and cloud-enabled storage.
Environmental variables are dynamic-named values that can affect the way running processes behave on a computer. They are part of the environment in which a process runs. Each process has its own separate set of environment variables. Once unique to Unix systems, they know exist in other common computing environments.
Envoy is a high-performance C++ distributed proxy designed for single services and applications. It is a communication bus and universal data plane designed for large microservice mesh architectures. Envoy features advanced load balancing, observability, and robust APIs for configuration management. Our sidecar leverages the strength of Envoy with custom filters and logic to enhance the microservice mesh.
The error rate is the percentage of errors during data transmission over a communications or network connection. Higher error rates mean less reliable connections or data transfer.
Go is a popular language used in cloud-native, distributed systems. It is a statically-typed, high-level, multi-threaded language designed for fast compiling and efficient garbage collection. Go kit is a toolkit for building microservices that encourages good design principles. The kit includes three major components: a transport layer, and endpoint layer, and a service layer.
Decipher’s Grey Matter intelligent service mesh is a platform and network agnostic service mesh designed to simplify the complexities of enterprise microservice adoption, application development, and management. The platform facilitates the build, operation, and management of connected microservice-based applications across the enterprise.
If your system implements a RESTful Interface, and your services are configurable at runtime, you can get started configuring Grey Matter. See our Configuration pages for more information.
Grey Matter Data is an Enterprise-to-Edge mesh delivery network delivering secure, trusted data globally. Data provides highly secure edge data distribution enabling Enterprise micro- and nano-services to move secure, targeted data from service to service, across markets, and around the globe. Grey Matter Data leverages Enterprise-scale data access control APIs and strong encryption layers atop storage backends such as AWS S3, Disk, Microsoft, Azure, and others. Data handles massive stores of almost any data type, and provides powerful analytics, metrics, and business insight.
Grey Matter Fabric is the control and data plane managing the entire mesh. Fabric serves as a fleet-wide distributed control and data plane, capable of abstracting complexity, further easing infrastructure and network burden.
The Grey Matter Dashboard is a ingle touch point for CTOs, CIOs, and developers that shows the overall status of the microservice mesh network. The Grey Matter dashboard is composed of several features: an error pane, a link to the current version API, language view options, Settings, the Summary, and Search features. The Summary feature shows three counters: Services Down, Services Warning, and Services Running. The Search feature contains a search bar, a Group filter, and two view options (Card and List).
Grey Matter Sense provides cognitive network automation and AI for network operations, business insight, and Service-Level Objectives (SLOs). Sense extends network situational awareness through the surface, conversion, process, and summarization of relevant information derived from dynamic neural network and machine learning algorithms, providing data-driven context to the Enterprise.
Grey Matter's ACL impersonation filter lets whitelisted server distinguished names (DNs) impersonate on behalf of users.
IaaS is a method of delivering computing, storage, networking and other capabilities via the Internet. IaaS lets companies use web-based operating systems, applications and storage without having to purchase, manage and support the underlying cloud infrastructure. It is one of three main categories of cloud computing, along with SaaS and PaaS.
Ingress shows HTTP/HTTPS incoming routes to services. Ingress offers load balancing, SSL termination, and name-based virtual hosting. An ingress controller can fulfill the ingress with a load balancer. Alternately, it can configure an edge router to handle traffic.
The concept of connecting any device with an on and off switch to the Internet (and/or to each other). These may be anything from mobile devices and headphones to washing machines or coffee makers.
Inter-process communication refers to mechanisms an operating system uses to let processes to manage shared data. IPC may synchronize processes or leave it up to processes and threads to communicate among themselves using shared memory. Common IPC approaches include: files, signals, sockets, message queues, pipe, shared memory, message passing, and memory-mapped files.
JSON is a syntax for storing and exchanging data in an organized, easy-to-access manner. It provides a human-readable collection of data in a logical manner.
JWT is a compact URL-safe means of representing claims to be transferred between two parties.
An abstract computing machine that lets a computer run a Java program. There are three notions of the JVM: specification, implementation, and instance. JVM mimics a real Java processor, enabling Java bytecode to be executed as actions or operating system calls on any processor regardless of the operating system.
JVM is a series of Java-based frameworks for building modular, testable microservices. They can have fast startup time, low memory footprints, small sizes, and zero dependencies.
Kubernetes is an open source platform designed to manage a cluster of Linux containers as a single system. Kubernetes manages and runs Docker containers on a large number of hosts, and also provides the co-location and replication of a large number of containers.
Latency refers to the round trip time data takes to travel from the browser to the server. Latency manifests as a delay before the transfer of data following a transfer instruction. Latency determines how fast the contents within a pipe can be transferred. Latency is different from bandwidth and throughput.
Auth methods are the components that perform authentication and assign identity and a set of policies to a user. Each auth method publishes its own set of API paths and methods. Grey Matter's ListAuth filterrestricts access to a proxied microservice based on a user’s Distinguished Name (DN). This filter provides a whitelist to allow given DNs and a blacklist to forbid the given DNs.
Load balancing is the dynamic allocation of local workloads evenly across nodes using scalable storage techniques. Load balancing provides cost advantages, flexibility, and reliable service availability.
Memory is not managed as a single component, such as a CPU or disk, but as a collection of small components. When the OS needs to allocate memory to a process, it looks for unused memory. In addition to throughput and response times, another key performance indicator of an application’s performance is referred to as utilization. Resource utilization tracks how busy various resources of a computer system are when running a performance test.
The business and technical criteria used to measure and tune a system’s performance.
Grey Matter's Metrics filter supports observability by acquiring measurements of system performance and making metrics data available. Grey Matter uses JSON metrics through HTTP, Prometheus metrics scraped by a Prometheus server, and CloudWatch metrics through AWS.
Microservices are a collection of small, distributed modular programs each serving a specific business role, loosely bound to other similar cloistered programs. Microservices operate independent of each other, having no awareness of the functions of their cohort services or the network.
Microservice-based architecture is an alternative to a monolithic architecture. Microservices architecture supports the continuous delivery and deployment of large, complex applications. Microservice modularity mitigates any long-term commitment to a technology stack. Several enterprise-scale websites, including Netflix, Amazon, and eBay, have evolved from a monolithic architecture to a microservice architecture.
Microservice fleets refer to a collection of loosely coupled microservices and/or services sharing data and inter-related processes across an enterprise’s body of cloud capabilities.
NFV is a tool for organizing several virtual computers on one real computer. In sum, all the resources of virtual computers are equal to the resources of one real computer. Each virtual computer can have its own OS and perform its tasks without interfacing with others. In short, network function virtualization is just the virtualization of some network component (e.g., a router) into a virtual machine that runs on commodity hardware.
Network Service Orchestration (NSO), refers to a software solution that helps network operators configure and automate multiple network elements as per a given service definition. Software-defined networking (SDN) orchestration is the process of automatically programming the behavior of a network, so it coordinates with the hardware and the software elements to further support applications and services.
Grey Matter's OAuth 2.0 filter supports authorization and authentication throughout the entire HTTP request transport. OAuth 2.0 is an open authorization protocol based on HTTP that gives a third person limited access to protected resources of a user without having to pass a login and password. It is used for website authorization using already existed accounts like Google, Facebook, etc.
Observables are time-related data that model events and asynchronous requests. They can be transformed, combined, and consumed. They offer significant benefits over other techniques for event handling, asynchronous programming, and handling multiple values. Observables are declarative (users define a function for publishing values--but it is not executed until a consumer subscribes to it.
Grey Matter's Observables filter lets developers monitor the lifecycle of their server. The filter emits events based on requests. Message-publishing defaults to
stdout but can be optionally published to a Kafka topic as well. The observables filter only allows items through that pass a user-specified predicate function test.
OpenShift is a RedHat container application platform for building, developing and deploying any infrastructure; a supported distribution of Kubernetes that uses DevOps tools and Docker containers for application development. Grey Matter can be deployed to OpenShift and can autoscale on the OpenShift platform.
PaaS is a cloud-based computing environment that lets users develop, run, and manage web applications without infrastructure to build apps. Like IaaS, PaaS includes infrastructure – servers, storage, and networking – but also middleware, development tools, business intelligence services, and more.
Packer is an open-source software that automates the process of creating machine images which have a particular operating system and pre-installed software. It can also be used with configuration management tools (Chef or Puppet). Grey Matter uses tools such as Packer to create a simple, scripted infrastructure.
Microservices are typically language-agnostic. They may be built with different programming languages, meaning the service mesh must be capable of understanding and translating all program languages.
A port is an endpoint of communication. In computer networking, physical and wireless connections end at ports of hardware devices. At the software level, a port is a logical construct that identifies a specific process or type of network service. Ports are identified for each protocol and address by 16-bit unsigned numbers, commonly known as a port number.
Prometheus is a monitoring system with a dimensional data model, flexible query language, efficient time series database and modern alerting approach. All components of Prometheus communicate with each other via the HTTP protocol. Grey Matter uses Prometheus to assist in the visualization of captured metrics.
A proxy server acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server, and the proxy server evaluates the request to simplify and control its complexity. Proxies were invented to add structure and encapsulation to distributed systems.
A RESTful interface is an API that provides a standard protocol for interacting with a microservice. It uses
HTTP requests to
DELETE data. A RESTful API breaks down a transaction to create a series of small modules. Each module addresses a particular underlying part of the transaction. A RESTful Interface is required to work with Grey Matter on your system.
Microservices handle requests from an application’s clients. Services collaborate using an inter-process communication protocol (IPC) to handle those requests.
Route-level SLOs are a feature on the Grey Matter Dashboard Configuration tab that allows users to set thresholds for latency, error rates, and request rates on specific service routes.
When a client makes a request to a service, a router, or load balancer, intercepts the request. The router queries a service registry, then forwards the request to an available service instance. Compared to client-side discovery, the client code is simpler. All the client does in server-side discovery is make a request to the router.
Service discovery is the way applications and microservices find each other on a dynamic network, and it's the way the service mesh dynamically adds and removes instances of each microservice. Discovery adds the initial instances that come online, and modifies the mesh to react to any scaling actions that happen. Service discovery ensures that a microservices application is processing requests efficiently and that it can cope with changes in workloads and changes in the microservices application itself. Service discovery exploits network orchestration and uses multiple layers to manage network tasks and load balancing.
Microservices are deployed as a set of service instances to increase throughput and availability. Each service instance is packaged as a Docker image and clustered in a framework such as Kubernetes or AWS EC2. Each service instance is separate from the others. It is easy to scale a service up and down by changing the number of container instances.
SLAs are an integral part of an IT vendor contract that clearly states responsibilities and performance expectations. SLA defines the level of service expected by a customer from a supplier, laying out the metrics by which that service is measured, and the remedies or penalties, if any, should the agreed-on service levels not be met. Service requirements and capabilities are dynamic, so SLAs must be kept up-to-date.
SLOs are a key element of a SLA between a service provider and customer. SLOs are agreed upon as a means of measuring the performance of the Service Provider. SLOs are outlined to avoid disputes between the two parties.
A service mesh is a dedicated, configurable infrastructure proxy layer that orchestrates all microservice operations and policy adherence. A service mesh lets service instances communicate to enable flexible, reliable, and fast operations for distributed systems.
Service instances must be registered with and deregistered from the service registry. There are a few ways to handle the registration and de-registration. One way is for service instances to register themselves, the self-registration pattern. The other is for another system component to manage the registration of service instances, the third-party registration pattern.
The service registry is a key part of service discovery. The service registry is a database that contains the network locations of available service instances. The service registry provides a management API and a query API. Service instances are registered with and deregistered from the service registry using the management API. The query API is used by system components to discover available service instances.
A service registry needs to be highly available and up to date. Clients can cache network locations obtained from the service registry. However, that information eventually becomes out of date and clients become unable to discover service instances. Consequently, a service registry consists of a cluster of servers that use a replication protocol to maintain consistency.
Setting microservice configurations via physical files on disk is a common and convenient method that also adds overhead to containerized deployments.
The Grey Matter Sidecar is an Envoy-based proxy coupled to the microservice atop the service mesh that is responsible for policy compliance, reporting, identification, detection, prevention, and monitoring filters. Our sidecar can manifest as an edge node, and can deploy automatically and at scale with a preconfigured security and communication stack.
SaaS is a cloud computing software distribution model through which end users can access and use an application remotely via Internet browsers. A SaaS vendor houses and maintains the hardware that runs the app.
SDN architecture aims to make networks agile and flexible by improving network control. It lets enterprises and service providers respond quickly to changing business requirements. SDN network engineers and administrators can control traffic without touching individual switches in the network. It has three layers: the application layer, the control layer, and the infrastructure layer.
Systems automation refers to controlling a process by automatic methods while reducing human intervention.
Terraform is a tool used to create, change and improve production infrastructure. It changes APIs into declarative configuration files that team members can share, treat as code, edit, review, and version.
Throughput is the rate of data transfer and processing over a given time. Each interaction between a microservice and a dependency contributes to throughput.
A whitelist is an ACL configuration option that allows all by default, then allows only the specified DNs if given a non-default string.