Application Service Mesh
Application Service Mesh
- What's New
- Product Bulletin
- Service Overview
- Billing
- Getting Started
-
User Guide
- Application Service Mesh
- Buying a Service Mesh
- Mesh Management
- Service Management
- Gateway Management
- Grayscale Release
- Mesh Configuration
- Traffic Management
- Security
-
Best Practices
- Upgrading Data Plane Sidecars Without Service Interruption
- Service Governance for Dubbo-based Applications
- Reserving Source IP Address for Gateway Access
- Creating a Service Mesh with IPv4/IPv6 Dual Stack Enabled
- How Do I Query Application Metrics in AOM?
- Reducing the Agency Permissions of ASM Users
- Istio-ingressgateway HA Configuration
-
FAQs
- Service Mesh Cluster
-
Mesh Management
- Why Cannot I Create a Mesh for My Cluster?
- Why Are Exclusive Nodes Still Exist After Istio Is Uninstalled?
- How Do I Upgrade ICAgent?
- How Do I Enable Namespace Injection for a Cluster?
- How Do I Disable Sidecar Injection for Workloads?
- What Can I Do If A Pod Cannot Be Started Due to Unready Sidecar
- How Do I Handle a Canary Upgrade Failure?
-
Adding a Service
- What Do I Do If an Added Gateway Does Not Take Effect?
- Why Does It Take a Long Time to Start the Demo Application in Experiencing Service Mesh in One Click?
- Why Cannot I Access the page of the Demo Application After It Is Successfully Deployed?
- Why Cannot I Select the Corresponding Service When Adding a Route?
- How Do I Inject a Sidecar for the Pod Created Using a Job or CronJob?
- Performing Grayscale Release
-
Managing Traffic
- Why Are the Created Clusters, Namespaces, and Applications Not Displayed on the Traffic Management Page?
- How Do I Change the Resource Requests of the istio-proxy Container?
- Does ASM Support HTTP/1.0?
- How Can I Block Access from Some IP Address Ranges or Ports for a Service Mesh?
- How Do I Configure max_concurrent_streams for a Gateway?
- How Do I Fix Compatibility Issues Between Istio CNI and Init Containers?
-
Monitoring Traffic
- Why Cannot I View Traffic Monitoring Data Immediately After a Pod Is Started?
- Why Are the Latency Statistics on the Dashboard Page Inaccurate?
- Why Is the Traffic Ratio Inconsistent with That in the Traffic Monitoring Chart?
- Why Can't I Find Certain Error Requests in Tracing?
- Why Cannot I Find My Service in the Traffic Monitoring Topology?
- How Do I Connect a Service Mesh to Jaeger or Zipkin for Viewing Traces?
- Videos
-
More Documents
-
User Guide (ME-Abu Dhabi Region)
- Service Overview
- Getting Started
- User Guide
-
FAQs
- Service Mesh Cluster
- Mesh Management
-
Adding a Service
- What Do I Do If an Added Gateway Does Not Take Effect?
- Why Does It Take a Long Time to Start the Demo Application in Experiencing Service Mesh in One Click?
- Why Cannot I Access the page of the Demo Application After It Is Successfully Deployed?
- Why Cannot I Select the Corresponding Service When Adding a Route?
- Performing Grayscale Release
-
User Guide (ME-Abu Dhabi Region)
- General Reference
On this page
Help Center/
Application Service Mesh/
Service Overview/
Application Scenarios/
End-to-End Transparency and Security
Copied.
End-to-End Transparency and Security
Application Scenarios
Splitting traditional monolithic applications into microservices brings various benefits, including better flexibility, scalability, and reusability. The new security requirements microservices have are as follows:
- Traffic encryption is required to defend against man-in-the-middle attacks.
- TLS and fine-grained access control policies are required for flexible service access control.
- Audit tools are needed to determine who can do what at what time.
ASM provides a comprehensive security solution, including authentication policies, transparent TLS encryption, and authorization and audit tools, to address these requirements.
Product Benefits
- Default security: No modification is required on application code and architecture to ensure security.
- In-depth defense: ASM can integrate with existing security systems to provide comprehensive defense.
- Zero-trust network: The security solution is built assuming that all the network is untrusted.
Product Advantages
- Non-intrusive security: ASM provides service meshes as infrastructure with built-in security capabilities. It allows you to focus more on the development and O&M of your services. No code refactoring is required to ensure service access security. ASM provides a transparent, distributed security layer and underlying secure communication channels, which manage authentication, authorization, and encryption for service communication. ASM provides communication security between pods and services. Developers only need to focus on application-level security based on this security infrastructure layer.
- Fine-grained authorization: After authentication, access authorization between services can be managed. Authorization management can be performed on a specific service or a specific API of a service. For example, you can authorize all services in a specific namespace or only a specific service. The source service and destination service can be in different clusters. Pods of the source service can be in different clusters. Pods of the destination service can be in different clusters.
Parent topic: Application Scenarios
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot