API Management

Grow Bigger by Thinking Smaller: Getting Started with Microservices

How to clear security, visibility, and dependency hurdles when implementing microservices


It sounds contradictory, but if your enterprise plans to scale in today’s digital-first world, it’s time to start thinking smaller.

Today, many of the most innovative enterprises are scaling up their applications by breaking them into smaller pieces. This approach to IT architecture—microservices, as it’s commonly known—is a way of restructuring applications into component services that can be scaled independently (depending on whether a team needs more compute resources, memory, or IO), and then having them talk to each other via API service interfaces.

Using microservices, companies reap not only the benefits of agility and speed when building software, but also the ability to easily share and reuse services across the enterprise and beyond. In effect, these smaller services make it possible to achieve both simplicity and complexity at the same time.

According to one recent survey of over 1800 IT professionals, nearly 70% of organizations are either using or investigating microservices, with nearly one-third of organizations using them in production. At Netflix, one of the earliest adopters of microservices, roughly 30 independent teams have delivered over 500 microservices. Amazon, another long-time champion of microservices, has employed the technique to ensure effective communication within teams and enable hundreds of code deployments per day. Numerous other examples, from the open-source Kubernetes project to the Walgreens digital platform strategy, speak to this growing momentum.

But just as microservices present new opportunities for organizational efficiency and growth, they also pose common stumbling blocks—chief among them security, usage and performance visibility, and agility/reuse.

Security: Managing microservices in a zero-trust environment

The microservices architectural model has been both successful and challenging—for many of the same reasons. In essence, developers often build APIs and microservices without the kind of centralized oversight that once existed, and then they deploy them more widely than ever. This can lead to inconsistent levels of security—or no security at all.

When developers deploy microservices in the public cloud and neglect to deploy common API security standards or consistent global policies, they expose the enterprise to potential security breaches. Companies therefore must assume a zero-trust environment. As research firms have noted, a well-managed API platform can help enterprises overcome these threats by enabling the implementation of security and governance policies like OAuth2 across all of their microservices APIs.

Reliability: Delivering performance and enforcing SLAs

Microservices involve building dependencies among your software, which means all of your microservices depend on all the rest of them. By extension, it also means there are interdependency problems not unlike those that exist for SOA.

There are many ways to stress-test the reliability of microservices infrastructure, but visibility is one of the best. Which services are talking to which other services? Which ones are dependent on which other ones? These are important questions to answer—especially when microservices are used by disparate teams in a large enterprise, or by partners and customers.

Echoing the previous section, one way to answer these questions is to implement a management platform for microservices APIs. API management platforms provide the analytics and reporting capabilities that enable enterprises to measure microservices’ usage and adoption, developer and partner engagement, traffic composition, total traffic, throughput, latency, errors, and anomalies.

Armed with this information, companies can iterate quickly, reinforcing components with promising usage trends and fixing interdependency problems as they’re identified. This speed and agility are important: stress-testing and optimization can cause a company to lose momentum as it examines unlikely theoretical scenarios—which is deeply problematic, given that for many enterprises, microservices and APIs are valuable because they can dramatically shorten a new service’s time to market.

With real-time insight into API behavior, companies can balance speed, scale, and reliability by launching new services, collecting analytics, and implementing a broad range of improvements after only a few weeks of development sprints.

Adaptability: Building agile microservices for clean reuse

Many existing and legacy services are not built for modern scale. Consequently, many enterprises are replacing monolithic applications in favor of microservices that adapt legacy resources to modern architectures. In most cases, however, many applications take advantage of services from the monoliths. This means the transition from monolith to microservices must be done in a way that makes it a seamless proposition—in other words, it should be invisible to those other applications and developers using the monolith services.

Furthermore, microservices are typically purpose-built for particular use cases. But as soon as a microservice is shared outside the “two-pizza team,” developers need the ability to adapt it for wider use. And what’s a service that’s meant to be shared and reused across teams and even outside of your company? It’s an API.

An API platform serves as an API facade, delivering modern APIs (RESTful, cached, and secured) for the legacy SOAP services of the monolith apps, and exposing the new microservices. This makes it possible for mobile and web app developers to continue consuming an enterprise’s services without needing to worry about the heterogeneous environment or any transitions from monolith app to microservices by the service provider.

The way forward

As microservices become increasingly popular throughout the enterprise, more and more of them are being shared—both internally and externally. And when it comes to sharing services, it comes down to APIs.

As a result, companies are increasingly looking to API management platforms to provide the security, reliability, visibility, and adaptability they need to properly run microservices architecture. Also known as “managed microservices,” this deployment model provides enterprises with a single window for managing all microservices APIs across microservices stacks and clouds—and it’s transforming enterprises far and wide.

To learn more, read the Apigee eBook, "Maximizing Microservices."  

Image: Wikimedia Commons