API Academy

Sponsored by Layer7

A black hole with blue light coming out of it.

Implementing Microservices

By Bill Oakes, CISSPPosted on

I recently wrote about what microservices were, and why they are becoming so important.  In this discussion, we’ll talk about implementing microservices, as well as touch on APIs and API Management – turns out they are crucial to a microservice architecture.

Just a quick note – while you may see microservice and microservice architecture used interchangeably, they are not quite the same.  A microservice architecture is a style of engineering highly-automated, evolvable software systems made up of capability-aligned microservices.

In that blog, I ended with a quick discussion on what you gain, at what cost, if you implement a microservice architecture.  Let’s finish that discussion with a question – are microservices right for you and your enterprise? 

My favorite answer – it depends.  A couple of things you need to evaluate:

  • Have you adopted DevOps?
  • Do you, or can you, create multiple small teams of developers?
  • Can you break down your current, or new, application into simpler services based on capabilities or functions?

If you can say answer “yes†to these, then you may indeed be ready.

Microservice components only become valuable when they can communicate with other components in the system; they each have an interface or API for that communication.. Just as we need to achieve a high level of separation, independence and modularity of our code, we need to make sure that our APIs, the component interfaces, are also loosely coupled. Otherwise, you won’t be able to deploy two microservices independently, which should be one of your primary goals to balance speed and safety.

An API layer in front of microservices can facilitate the support for client side applications (such as mobile) as it isolates the fine grained microservice from the app. This layer is ideal for doing microservice orchestration and to apply security.  And THAT is why an API gateway is so crucial – they provide:

  • Centralized security enforcement for authentication, authorization and threat protection
  • Routing and mediation to protected resources across various protocols
  • Service level management for enforcing business-level rate limits and quotas
  • Service orchestration
  • Service façades for exposing application-specific interfaces from monolithic back ends

The gateway applies security on behalf of microservices, and provides the integration into existing identity management systems – even enabling SSO.  However, there is also typically an OAuth provider that manages security sessions, is usually tightly integrated with the API gateway, and works side by side with that gateway.

We talked about building and deploying microservices in our previous session, and how they’re language agnostic.  As we discussed above, by breaking your development into teams, each team can focus on specific aspects of the app’s tasks, working in parallel with each other.

So we’ve covered most of the pieces you really need to implement a microservices-based app – microservices design, development, and deployment. We’ve talked about how key an API management solution is to complete your microservices architecture.  The last piece you will need is a monitoring and management solution for your microservices.  As I mentioned, this new architecture has a lot of moving parts, and it’s important to have an automated solution that can manage your Docker containers and the components of your services and apps. 

In the last two discussions, we’ve covered quite a bit of material – some of which can be rather daunting – maybe even overwhelming.  With that in mind, I’ll leave you with some invaluable info….The API Academy is a team of thought leaders in the API and microservices space.  We provide organizations the education and best practices they need to build better APIs, improve software delivery, and execute broader digital strategies.

We also “wrote the book”. For next steps, I highly recommend reading Microservice Architecture: Aligning Principles, Practices & Culture, followed by Microservice Security.