Citrix Supercharges Microservices-Based Application Delivery
November 19, 2019 – Citrix Systems, Inc. (Nasdaq: CTXS) today announced five new ways it is helping companies on their journey to microservices, including:
- Google Anthos integration extended to on-prem
- A holistic observability stack to tame the observability challenge
- mTLS support for securing Istio service mesh environments
- Improved ingress security for APIs
- A simpler way to manage TCP/UDP based applications in Kubernetes
Google Anthos integration extended to on-prem
Google Anthos is a Kubernetes-based platform that helps you organizations build microservices applications and run them anywhere. Citrix, as a Google technology partner, is excited to announce the validation of Citrix® ADC™ for Google Anthos on-prem. This means customers can integrate their existing on-prem Citrix ADCs like MPX, VPX and CPX into Google Anthos with confidence. And, because Citrix VPX and CPX were previously validated for Google Anthos cloud environment, they can maintain operational and policy consistency for their Citrix ADC between on-prem and cloud environments easing application migration.
Customers can also use Citrix ADM Service Graphs to visualise microservice maps, gain insights about microservice health and detect anomalies and potential problems. Further, pooled capacity licensing allows them to seamlessly shift Citrix ADC licenses when they migrate applications between on-prem and cloud.
A holistic stack to tame the observability challenge
Citrix views observability as a stack for microservices not as individual, disjointed components. To support this vision, the company is introducing a holistic observability stack for microservices with four pillars- logging, metrics, tracing and service graphs. Citrix ADC integrates with leading open source tools for logging (Elasticsearch, Kibana), metrics (Prometheus, Grafana) and tracing (OpenTracing with Zipkin) and extends the capabilities of these open source tools by delivering more telemetry for TCP, HTTP, security and SSL.
Using Citrix ADM Service Graphs, companies can dynamically and graphically represent microservices and their interdependencies and visualise their microservices maps at a glance to identify issues via simple color coding and composite health scores. In addition, a DVR-like function allows SREs to rewind the time line to a specific time period, speeding the time to diagnose issues, remediate and conduct post-mortems.
mTLS support for securing Istio service mesh environments
With the rise of cloud native deployments, companies are increasingly exploring service mesh architectures and considering Istio as an open source control plane. To secure the communication between microservices, Citrix ADC will now support mutual TLS (mTLS) authentication using Itsio control plane, providing a high-performance gateway device (MPX, VPX) and a lightweight, low-latency, sidecar proxy (CPX as sidecar) to deliver the functionality required to enforce security policies defined with Istio.
Enhanced ingress security for APIs
APIs are the cornerstone of microservices and they need to be protected. And to do this, Citrix ADC as an ingress proxy now supports IP address whitelisting and blacklisting, rate limiting and content routing to ensure that only trusted traffic is allowed into the Kubernetes cluster. This functionality is enabled via Custom Resource Definitions (CRDs) for easier integration with Kubernetes environments.
Citrix is also introducing SSL Profiles for microservices environments on Citrix ADC. By defining acceptable SSL settings (e.g. ciphers, protocol, key strength) and binding them to different entities, developers can ensure consistent encryption policies that meet appropriate security requirements.
Simpler ingress management for TCP/UDP applications with Citrix Ingress Controller
While Kubernetes Ingress provides a standard way to control and route HTTP(s) traffic into the cluster, operators are left to use inconsistent mechanisms for non-HTTP traffic such as type LoadBalancer (only supported in the Cloud) or NodePort (not optimal for production). Citrix Ingress Controller now offers support for type LoadBalancer with a built-in IP address manager that is consistent across clouds and on-premises deployments. The support for standard Kubernetes concepts and the deep L4-L7 telemetry afforded by Citrix ADC provides a solid foundation for high-velocity team to operate across traditional apps, modernized microservices apps, and across hybrid cloud implementations.
To learn more about these innovations and how they can help companies accelerate their journey to microservices-based applications with confidence, agility and security, visit: www.citrix.com/products/citrix-adc