maxkabakov - Fotolia
In the ongoing refactoring of the IT environment around cloud-ready architectures and microservices, the DevOps-friendly, containerized micro-application delivery controller has two pivotal roles. First, as load balancers, ADC features form the core of transaction management, distributing requests for a service across nodes and helping guarantee resilience as well as performance. Second, as gateways into the microservices architecture and as centralized communications hubs, ADCs can be crucial to securing the services.
Because they are both gateways and general intermediaries in key transactions, ADC features provide security in several ways: as access control points, as filters and verifiers of transactions, as encryption offload points and as logging engines.
Latest ADC features provide security and more
ADCs have long played a role in providing access control at the edges of enterprise networks, enabling remote workers to access enterprise services through a secure gateway. In newer architectures, they can play the same role, not just for humans seeking to use a system, but also for microservices attempting to participate in a service domain and for other systems seeking to interact with the microservices architecture (MSA). By providing a point where the identity of other systems and components can be verified, ADCs form a crucial part of both a standard defense-in-depth architecture as well as the emerging zero-trust architecture.
Likewise, ADCs can provide some of the same security functions as an enterprise service bus or a web application firewall. They can examine the transactions they are mediating and provide both content- and context-relevant security at Layer 7. For example, they can watch for malformed requests and throw them out or log them or help prevent denial of service attacks at Layer 7 by metering the flow of requests through the architecture.
As encryption-offload points, ADC features can lighten the compute load borne by other services as well as simplify their construction and operation. Encrypted channels are coming to be the norm for nearly all communications among systems. Consequently, the ability to selectively offload and concentrate the burden in systems optimized to handle these operations will become increasingly useful, and as a result, make ADCs more attractive as service components.
Finally, ADCs have features now that can help secure the environment. It's not only because they touch so much, but also because they see so much. That is, they can make the inner workings of the application visible for security purposes, making it possible to offload logging as well as encryption. Moreover, they can log the activities of entities that never manage to communicate with the rest of the application. As gateways, they can log failed attempts to get in and failed attempts to verify identity and provide a clearer picture of hostile activity around a system.
ADCs: Smaller, yet more powerful
As ADCs evolve by getting smaller, scriptable, portable and more componentized, they will become more flexible too. Each ADC instance will likely be sized as small as possible and equipped only with the functions it needs; for example, those in edge gateway roles will contain and run code that those in central load-balancing positions don't. If a role has to change as the MSA evolves, an ADC instance able to serve the new role can be spun up in an instant to replace the old one.
In the end, the many and varied security roles the ADC features can fill in a microservices architecture suggest they will be central to such deployments for a long time to come.