1、#CiscoLive#CiscoLiveIvan Padilla Technical Marketing Engineer-ivanlab71Tim Szigeti Principal Technical Marketing Engineer-tim_szigetiBRKETI-2005Securely Connecting,Observing,and Managing Your Apps and Streaming Data with Calisti 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#Cisco

2、LiveEnter your personal notes hereCisco Webex App 3Questions?Use Cisco Webex App to chat with the speaker after the sessionFind this session in the Cisco Live Mobile AppClick“Join the Discussion”Install the Webex App or go directly to the Webex spaceEnter messages/questions in the Webex spaceHowWebe

3、x spaces will be moderated by the speaker until June 9,2023.12343https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKETI-2005Agenda 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicIntroductionNew App Use-CaseWhy You Need a Service MeshSecuring ConnectionsInte

4、grating ObservabilityManaging TrafficIncorporating Asynchronous CommunicationsCalisti ArchitectureKey TakeawaysBRKETI-20054Introduction 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIDC Market Note-Doc#US48441921-Dec 2021750 Million New Cloud Native Applications by 20256

5、BRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive7Application Architectures Used to Look Like ThisBRKETI-2005Customer UIStore UICatalogInventoryBillingShippingBusiness InsightsLoggingAnalyticsSocial MediaCall CentreRatingsCartMy Account 2023 Cisco and/or its aff

6、iliates.All rights reserved.Cisco Public#CiscoLive8Now They Look Like ThisCatalogCatalogShippingShippingBillingBillingCartCartStoreStoreUIUICustCustUIUIBIBILoggingLoggingRatingsRatingsSocialSocialCallCallCentreCentreDiagsDiagsMyMyAcct.Acct.InventoryInventoryQuestionQuestionWhat does this look like?B

7、RKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive9Why Cisco?CatalogCatalogShippingShippingBillingBillingCartCartStoreStoreUIUICustCustUIUIBIBILoggingLoggingRatingsRatingsSocialSocialCallCallCentreCentreDiagsDiagsMyMyAcct.Acct.InventoryInventoryTo us,To us,This lo

8、oks like a networkBRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive10Why Cisco?CatalogCatalogShippingShippingBillingBillingCartCartStoreStoreUIUICustCustUIUIBIBILoggingLoggingRatingsRatingsSocialSocialCallCallCentreCentreDiagsDiagsMyMyAcct.Acct.InventoryInventor

9、yAnd like any network it requires:Secure ConnectivitySecure ConnectivityObservabilityObservabilityPolicyPolicyManagementManagementBRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive11Why Cisco?CatalogCatalogShippingShippingBillingBillingCartCartStoreStoreUIUICustC

10、ustUIUIBIBILoggingLoggingRatingsRatingsSocialSocialCallCallCentreCentreDiagsDiagsMyMyAcct.Acct.InventoryInventoryOur Vision for Cloud Native:Our Vision for Cloud Native:Secure connectivity,observability and managementSecure connectivity,observability and managementfromfrom any application/service/wo

11、rkloadany application/service/workloadtoto any application/service/workloadany application/service/workloadBRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMicroservices Are the New Standard But These Come at a Price!Internal process calls are now unreliable ext

12、ernal RPCsSecure process,intra-node communications are replaced with insecure network callsAccess control becomes now mandatoryLatencies are introducedNeed to discover the right micro-serviceBRKETI-200512 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFlying was easy in t

13、he 30sReaching the 80s,it was getting somehow more complex Advancements in TechnologyBring Inherent ComplexityBRKETI-200513 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveNew Tools Are Required To Restablish the BalanceBRKETI-200514 2023 Cisco and/or its affiliates.All ri

14、ghts reserved.Cisco Public#CiscoLive15Introducing CalistiIntroducing CalistiSecurely Connecting,Observing,and Managing Your Apps and Streaming DataBRKETI-2005Calisti Use-Case Example:Delivering a Next Generation App 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCalisti E

15、xample Use-Case:Delivering A Next Generation Business Travel AppMeet Lisa(Target User)Full-time sales professional in a global enterpriseBusiness travel requires too many uncoordinated apps,which wastes valuable time17BRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#Cisc

16、oLiveCalisti Example Use-Case:Next Gen Travel AppDay 1:Registering for a ConferenceLisa registers to attend a sales conferenceApp automatically books flights,hotels and rides(based on Lisas preferences)App automatically creates chatroom,blocks calendars,and updates project boards18BRKETI-2005 2023 C

17、isco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCalisti Example Use-Case:Next Gen Travel AppDay T-1:Day Before TravelApp provides Lisa a travel forecast to help her packApp automatically creates and posts Out-of-Office messages for Lisas email and chatrooms19BRKETI-2005 2023 Cis

18、co and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCalisti Example Use-Case:Next Gen Travel AppDay T:Day of TravelApp informs Lisa of flight delaysApp automatically rebooks rides to and from airport&informs hotel of amended ETA and provides Lisa with all updates20BRKETI-2005 2023 Cis

19、co and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCalisti Example Use-Case:Next Gen Travel AppDay T:Day of TravelArrival Lisa is greeted by name and her check-in is expeditedLisa chats with colleagues and suggests dinner plansApp automatically books restaurant and rides for the grou

20、p21BRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCalisti Example Use-Case:Next Gen Travel AppApplication ArchitectureFlight and Hotel BookingRideshareBookingRestaurantBookingChat AppCalendaring AppFlight Status Event Service(Publisher)Credit Card Event Servic

21、e(Publisher)Legacy Project Management App(hosted on VM)Weather Service(serverless function)22BRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveApplication Delivery ChallengesTime-to-MarketSecurity and complianceHeterogeneous App EnvironmentsBusiness has a hybrid/

22、multi-cloud environmentAlso some legacy systems in various stages of cloud-migrationNeed to deliver the highest levels of application experience in every region23BRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveChallenge#1:Securing ConnectionsBusiness needs and

23、compliance regulations require data to be encryptedPlacing this burden on developers will Reduce Time-to-MarketImpact performanceIntroduce disparity24BRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveChallenge#2:Delivering Premium App ExperiencesApps may sporadic

24、ally or periodically experience heavy loads,causing delay and errorsPoor application experiences frustrate users and may motivate them to use alternate appsEffective and efficient tools are needed to monitor,ensure,and troubleshoot application service levels89.6 89.6 rpsrps92.7 92.7 rpsrps25BRKETI-2

25、005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveChallenge#3:Evolving and Adapting the AppLocation-specific features may be needed to support users in certain geographic regionsNew features will be needed to attract new markets or to maintain relevanceFlexibility is nee

26、ded to deploying new features in a risk-averse mannerbookingsBOOKINGS26BRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveChallenge#4:Supporting HeterogenousApplication EnvironmentsMost businesses are in various stages of their cloud native migration/journeyApplic

27、ations and services can thus take many form-factors,including:Virtual machinesContainersServerless functionsEtc.Regardless of form-factor,applications and services need first-class treatments for encryption,observability and managementSCHEDULINGschedulerLegacy Project Management App(hosted on VM)Wea

28、ther Service(serverless function)27BRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveChallenge#5:Supporting Event Driven ApplicationsNot all application components are synchronous;some will be event driven(i.e.asynchronous)Therefore,modern applications need a str

29、eaming data platform to tie both types of components together,providing each with encryption,observability and managementThe most widely-deployed event driven application is Apache Kafka;however new solutions are emerging in this space28BRKETI-2005Why You Need a Service Mesh 2023 Cisco and/or its af

30、filiates.All rights reserved.Cisco Public#CiscoLiveRetriesApps/Services Have Many Additional Extra Functions to Perform30AuthenticationLoad balanceMy codehttp:/dbApi.LogsChoose RegionMy codedB_get()Operating SystemDBMicro-serviceProcessBRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved

31、.Cisco Public#CiscoLiveApplicationContainerAuthenticationSecurity PolicyRequest RoutingConnectionManagementLoad BalancingLogging&MetricsApplicationContainerAuthenticationSecurity PolicyRequest RoutingConnectionManagementLoad BalancingLogging&MetricsApplicationContainerAuthenticationSecurity PolicyRe

32、quest RoutingConnectionManagementLoad BalancingLogging&MetricsMany of these are Common Functions31BRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAuthenticationSecurity PolicyRequest RoutingConnectionManagementLoad BalancingLogging&MetricsAuthenticationSecurity

33、 PolicyRequest RoutingConnectionManagementLoad BalancingLogging&MetricsAuthenticationSecurity PolicyRequest RoutingConnectionManagementLoad BalancingLogging&MetricsMany of these are Common Functions32ApplicationContainerApplicationContainerApplicationContainerBRKETI-2005 2023 Cisco and/or its affili

34、ates.All rights reserved.Cisco Public#CiscoLiveWe Can Place These in a ProxyBRKETI-200533 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveService Mesh BenefitsA Service Mesh enables you to connect,secure,control and observe microservicesBenefits:Consistent developmentConsi

35、stent deploymentConsistent security of microservicesScalability of microservice architectureAuthenticationSecurity PolicyRequest RoutingConnectionManagementLoad BalancingLogging&MetricsService MeshBRKETI-200534Securing Connections 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#Cis

36、coLiveChallenge#1:Securing ConnectionsBusiness needs and compliance regulations require communications to be encryptedPlacing this burden on developers will Reduce Time-to-MarketImpact performanceIntroduce disparity36BRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#Cisco

37、LiveSecurity for Modern Apps The Problem37Inter-process calls are now unencrypted network RPCs to different nodes or cloudsWe could add encryption programming to each microservice,but that would be time consuming That would also make very inconsistent the overall app if each microservice is program

38、by different teamsCalisti will automatically enable encryption everywhere by defaultBRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveHow can we solve it?38Using the mesh,microservices are attached to a sidecar proxy in the same podEnvoy proxy acts as a gateway f

39、or the service,so all traffic going to the service must go through the proxyProxys in each pod will take care of automatically encrypting all traffic going throughEncryptionPodPodBRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveHow does it looks with Calisti?Cal

40、isti enables mTLS enables mTLS in every link by defaultby defaultEach green lock indicates a secure linkEverything is transparently handled(certificates,key rotation)without without devsdevsinterventioninterventionEncryption is homogeneouslyhomogeneously treated through the app BRKETI-200539 2023 Ci

41、sco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDEMO-Simplifying EncryptionA single click on a service will inform us about the encryption configmTLS policies can be set per link basis:Strict,Permissive,orDisable a tool that simplifies secure connectivity and observabilityBRKETI-

42、200540DemoIntegrating Observability 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveChallenge#2:Delivering Premium App ExperiencesApps may sporadically or periodically experience heavy loads,causing delay and errorsPoor application experiences frustrate users and may motiv

43、ate them to use alternate appsEffective and efficient tools are needed to monitor,ensure,and troubleshoot application service levels89.6 89.6 rpsrps92.7 92.7 rpsrps43BRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveService Mesh Observability ChallengesTopology C

44、onsoleTopology ConsoleMetrics UtilityMetrics UtilityEvents ToolEvents ToolLogging OperatorLogging OperatorTracing SystemTracing SystemService MeshService MeshAuthenticationEncryptionAccessPolicyRequest RoutingLoad BalancingTraffic ManagementConnectionManagementMetrics&EventsLogging&TracingBRKETI-200

45、544 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCan You Spot the Failure?45BRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAnd Now?46BRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDetect Ser

46、vice and Workload Anomalies47The topology view shows anomalies with different colors to alert about possible problems in service and workloadsYou can also discover intuitively how a failure can be affecting other downstream servicesAffected ServicesHigh LatencyBRKETI-2005 2023 Cisco and/or its affil

47、iates.All rights reserved.Cisco Public#CiscoLiveAlerting App SLOs48Service Level Objectives and Burn Rates can be defined per services in order to trigger alarms and obtaining metrics about compliance.Historical charts shows the behavior of service metrics over a time window.BRKETI-2005 2023 Cisco a

48、nd/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTimeline49The ability to set the time back to a particular instant helps to troubleshoot root troubleshoot root cause issuescause issues,These can eventually affect adjacent upstream or downstream services,deteriorating the overall behav

49、ior of the appBRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWorkload View-Timeline50In the Workload View,we can check the historical status of the different microservices on a timelineBRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Publ

50、ic#CiscoLiveWorkload View-Timeline51Clicking on one block,will give us insights of the health parameters for a specific Workload at specific point in timeBRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAlso Services!52Here we can check how a Service has been im

51、pacted by high latency at a specific momentBRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTarffic tapping low level communications53Another observability tool for troubleshooting is Calistis ability to tap into the traffic flows in real time with a single clic

52、k,while keeping the end to end encryption intact even across different clustersBRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOverview Dashboard54BRKETI-2005DemoManaging Traffic 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveChallen

53、ge#3:Evolving and Adapting the AppLocation-specific features may be needed to support users in certain geographic regionsNew features will be needed to attract new markets or to maintain relevanceFlexibility is needed to deploying new features in a risk-averse mannerbookingsBOOKINGS57BRKETI-2005 202

54、3 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveService Mesh Blue/Green Deployments58MLMLv1.0v1.0MLMLv2.0v2.0BlueBlueGreenGreenBRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCanary Deployment with Traffic-Management59MLMLv1.0v1.0MLMLv2.

55、0v2.080%20%BRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive60Canary Deployments 60/30/10%Calisti allows you to easily modify complex layer 7 traffic management rules embedded in Istio YAML,by exposing forms that are automatically translated into policiesBRKETI-

56、2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive61Verify in YAML Resource FilesBRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive62But it is Quite a Bit More Complex That WayBRKETI-2005 2023 Cisco and/or its affiliates.All rights r

57、eserved.Cisco Public#CiscoLiveCircuit Breaking63HealthHealthBRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive64Circuit Breaking ConfigurationCircuit breaking triggersMax connectionsTimeoutsPending requestsMax requestsRequests per connectionRetriesConsecutive err

58、orsBRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveChallenge#4:Supporting HeterogenousApplication EnvironmentsMost businesses are in various stages of their cloud native migration/journeyApplications and services can thus take many form-factors,including:Virtua

59、l machinesContainersServerless functionsEtc.Regardless of form-factor,applications and services need first-class treatments for encryption,observability and managementSCHEDULINGschedulerLegacy Project Management App(hosted on VM)Weather Service(serverless function)65BRKETI-2005DemoIncorporating Asyn

60、chronous Communications 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveChallenge#5:Supporting Event Driven ApplicationsNot all application components are synchronous;some will be event driven(i.e.asynchronous)Therefore,modern applications need a streaming data platform to

61、 tie both types of components together,providing each with encryption,observability and managementThe most widely-deployed event driven application is Apache Kafka;however new solutions are emerging in this space68BRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiv

62、eapiapiCalisti Asynchronous MessagingA service mesh is optimized for synchronous request/reply messaging patternsHowever,Event Driven Architectures(EDAs),such as Apache Kafka,generate asynchronous data streams,as these enable higher-levels of scaling by decoupling communicationsCiscos Istio distribu

63、tion and Calisti optimize and secure both synchronous and both synchronous and asynchronous messaging,asynchronous messaging,bringing security and observability benefits to EDAs,such as Apache KafkaCalistiCalisti is the only hybrid service is the only hybrid service mesh management solution to mesh

64、management solution to support both synchronous and support both synchronous and asynchronous microservice asynchronous microservice communicationscommunicationsK8S Control Planec-mc-c-metcdschednodek-rpoxykubeletpodK8S Control Planec-mc-c-metcdschednodek-rpoxykubeletpodService Mesh Control PlaneSer

65、vice Mesh Control PlaneService MeshService MeshGatewayGatewayAsynchronous Event MessageAsynchronous Event MessageBRKETI-200569 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveApplication and Microservices DecouplingSynchronous and Asynchronous Patterns with Microservices70

66、APIAccountServiceApache Kafka Deploy Kafka on K8s in the same cluster as your Istio Mesh Automatic mTLS based encrypted and authenticated communication between all components Lowest latency possible for microservices producers and consumers Declarative topics and user management through custom resou

67、rces(CRs)Kubernetes ClusterAPIOrderServiceAPICatalogServiceTopicsSynchronousAPI CallsAsynchronous event messagesIstio MeshBRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCreate a Kafka Cluster for your AppWith a Single Line71BRKETI-2005$smm sdm create n default

68、$kubectl get kafkacluster n defaultNAME CLUSTER STATE CLUSTER ALERT COUNT LAST SUCCESSFUL UPGRADE UPGRADE ERROR COUNT AGEkafkaClusterRunning0 0 36s 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive72Encrypted Communications for Kafka Components by DefaultZero-config mTLS fo

69、r internal and external workloads and client appsBRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive73Extend Observability to Event Driven ArchitecturesCalisti topology view shows the status of all kafka infrastructure,allowing to monitor the current overall statu

70、s,load and performance details per node,broker and serviceBRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive74Management and Graceful ScalingCalisti provides automatic brokers scaling,rebalancing and alerting using koperatorkoperator,and easy management of partit

71、ion,topics and replication factorsAll in a totally secure environmet,with Kubernetes native Kafka ACL management BRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveStreaming Data ManagerKubernetes ClusterIstio MeshApp 4App 3App 2App 1SourcesAI/ML on K8sAnalytics C

72、lusterMicroservicesAnalytics AppsDashboardsDB Migrate Kafka from VMs To Kubernetes for easier Application Lifecycle Management with Operator Pattern Provide Access to internal and external applications(w/in K8s Cluster and External to it)Strong Authentication/ACLs mTLS for apps inside and outside th

73、e MeshTopicsIstio MeshFinancial Institution Use-Case75BRKETI-2005Calisti Architecture 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIntegrated SecurityIntegrated ObservabilityCalistiCalistiHow Calisti Ties It All Together77Streaming Data Streaming Data ApplicationsApplic

74、ations(Synchronous)(Synchronous)ApplicationsApplicationsBRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCalisti ArchitectureCloud HWCloud HWCloud HWnodenodenodenodeCalistiIstioK8SworkloadworkloadworkloadworkloadIstio GatewayCloud ProviderCloud HWCloud HWCloud H

75、WKafka brokerKoperatorcruise controlIstio GatewayKafka brokerCross-cluster service discoveryKafka brokerApplicationMicroservices ClusterKafka ClusternodenodenodenodeZookeeper OperatorBRKETI-200578 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCalisti Kafka ArchitectureKa

76、fka brokerZooKeeperZooKeeper OperatorOperatorCalistiPODKafka brokerPODKafka brokerPODKoperatorIstio OperatorIntegrationsControllerAlert ManagerData PlaneControl PlanePrometheusGrafanaCruise ControlBRKETI-200579 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCalisti Kopera

77、tor ArchitectureKafka brokerCruise ControlKafka brokerKafka brokerPrometheusAPI API ServerServerKoperatorAlarmsAlarmsPODPODPODBRKETI-200580 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive81Calisti can be deployed inPublic Cloud providersMost of on prem Kubernetes deployme

78、nts(Kubernetes,Kubespray,Rancher,MiniKube,Kind.)Support for OpenshiftBRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive82Life Cycle-Openshift Support StartOpenshiftshiftv v4.114.11V V1.101.10IstioIstiov v1.131.13V V1.221.22V V1.111.11IstioIstiov v1.141.14V V1.231

79、.23v v1.121.12Openshiftshiftv v4.114.11IstioIstiov v1.151.15v v1.241.24BRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive83Deployment ModelsInteractivelyclismmtoolOperatorhelmchart availableGitOpsBRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Ci

80、sco Public#CiscoLiveStep 1:Install Calisti ComponentsStep 2:Install the Demo App(Optional)Step 3:Assign Admin Roles(needed only when using a cloud provider)Step 4:Launch the DashboardAnd everything you need issmm install-a-install-sdm-cluster-name smm demoapp installkubectl create clusterrolebinding

81、 user-cluster-admin-clusterrole=cluster-admin-user=smm dashboardBRKETI-200584Key Takeaways 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSummaryCisco is bringing its Cisco is bringing its decades of thoughtdecades of thought-leadership in networking leadership in network

82、ing into Cloud Native into Cloud Native application architecturesapplication architecturesCalistiCalisti provides provides customers the following customers the following key value propositionskey value propositionsMesh managementIntegrated observabilityAdvanced use-case supportCalistiCalisti is the

83、 ONLY is the ONLY service mesh offering to service mesh offering to enableenableMulti-primary gateway supportMuti-tenancy and direct-connect supportAsynchronous messaging optimizationBRKETI-200586 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveKey takeawaysCalisti can be

84、downloaded for free fromcalisti.appFollow Cisco Emerging Technologies There are no feature limitations,nor time limitationsOnly a scalability limitation of 10 nodesAdditional node support can be licensedBRKETI-200587 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive88BRKETI

85、-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicContinue your educationVisit the Cisco Showcase for Calisti demosBook your one-on-oneMeet the Engineer meetingAttend the interactive education with DevNet,Capture the Flag,and Walk-in LabsVisit the On-Demand Library for more sess

86、ions at www.CiscoL 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicVisit Outshift in the World of Solutions!Take a picture of this slide and bring it to the Outshift booth in the World of Solutions.(#3307)Get your badge scanned to be entered into our daily drawing for an Apple iPad!

87、Learn More about Calisti!90BRKETI-2005 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFill out your session surveys!Attendees who fill out a minimum of four session surveys and the overall event survey will get Cisco Live-branded socks(while supplies last)!91BRKETI-2005Th

88、ese points help you get on the leaderboard and increase your chances of winning daily and grand prizesAttendees will also earn 100 points in the Cisco Live Challenge for every survey completed.Thank you#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive93Gamify you

89、r Cisco Live experience!Get points Get points for attending this session!for attending this session!Open the Cisco Events App.Click on Cisco Live Challenge in the side menu.Click on View Your Badges at the top.Click the+at the bottom of the screen and scan the QR code:How:123493 2023 Cisco and/or it

90、s affiliates.All rights reserved.Cisco PublicBRKETI-2005#CiscoLiveAppendix:Additional Slides For Your Reference 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMicroservices need the following functions to support modern business applicationsRelease flexibilityHigh availab

91、ility and superior application experienceEncrypted and secured communicationsMicroservice visibility and insightsBRKETI-200596 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCalisti Core Value Propositions97BRKETI-2005Turnkey solution for KafkaAutomatic mTLS encryption fo

92、r all components Extend observability to event driven messaging applicationsGraceful upscale/downscaleSelf-healingAlert-based storage expansionAutomated authentication Integrated Service ObservabilityProvide actionable insights to operators;not just metricsDetect outliers that affect service and wor

93、kload healthGenerate alerts to maintain application service level objectivesSpeed up root cause analysis of issues with timelines and topologyDive deep into communications with Traffic Tap,while maintaining end-to-end encryptionVisualize communications in context with distributed tracingSimplified M

94、esh ManagementAutomate Istio management to remove toil and risk from installs and updatesValidate configurations prior to deployment to maximize availabilityMigrate virtual machines to your mesh to begin your cloud native journeyAdd workloads flexibly to a mesh to support evolving business needsSupp

95、ort complex multi-mesh architectures with easeIntegrate external services to provide additional features and functionsDe-risk upgrades with canary deploymentsProvide superior levels of application experience with circuit breakers 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#Cisc

96、oLiveThe Cisco Calisti Difference Multi primary control planeThe only service mesh manager with multi-primary control plane support and cross-cluster service discovery Multi-tenancy and direct-connect supportMulti-gateway support and direct connect for mTLS communications for workloads from external

97、 clientsIndustry-first Apache Kafka solution on a service meshSecures both synchronous and asynchronous messaging,decoupling communications to enable scaleFIPS 140-2 Level 1 complianceFully compliant with the rules for cryptographic modules of FIPS 140-2 Security Level 1;the ciphers used are even mo

98、re secure the minimum allowed by the standardProtocol specific observability and DNS capture and reportingDetects and captures protocol-specific metrics,such as PostgreSQL,to enhance observability;it can also capture DNS requests and report these API endpoints for additional securityTLS Interception

99、 and storing information in certificatesUses the mesh Certificate Authority to peer into TLS-encrypted traffic flows;it can also support the storing of workload-specific information into the certificate for more granular reporting and policy optionsBRKETI-200598 2023 Cisco and/or its affiliates.All

100、rights reserved.Cisco Public#CiscoLiveCalisti Integrates With Tools You Already UseMANAGESECUREOBSERVELEARNENABLEBRKETI-200599 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveService Mesh Operational ChallengesOperating a service mesh presents new challenges,including:Life

101、cycle management(every 3 months)Disparate/fragmented observabilityMulti-cluster challenges:AvailabilityCross-cluster service discoveryInter-cluster traffic management policyMulti-TenancyHandling asynchronous messagingAuthenticationEncryptionAccessPolicyRequest RoutingLoad BalancingTraffic Management

102、Service MeshConnectionManagementMetrics&EventsLogging&TracingBRKETI-2005100 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCalisti Can Enable a Multi-Primary Control PlaneBy default,service meshes are deployed on a cluster-by-cluster basisService meshes can be extended ac

103、ross clusters,such as by extending the control plane from a primaryprimary cluster to a remote remote clusterHigher availability can be realized by deploying multiple control planes across clusters,which is called a multia multi-primary primary control planecontrol planeA multi-primary control plane

104、 presents complex challenges with crosscross-cluster service cluster service discoverydiscoveryCalisti is the only service mesh Calisti is the only service mesh management solution to offer management solution to offer multimulti-primary control plane primary control plane support with crosssupport

105、with cross-cluster cluster service discoveryservice discoveryhttps:/smm-docs.eticloud.io/docs/mesh-management/multi-cluster/attach-peer-cluster/K8S Control Planec-mc-c-metcdschednodek-rpoxykubeletpodK8S Control Planec-mc-c-metcdschednodek-rpoxykubeletpodService Mesh Control PlaneService Mesh Control

106、 PlaneapiapiService MeshService MeshBRKETI-2005101 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveapiapiCalisti Supports Multi-Tenancy and Direct-ConnectTypically,service meshes support only a single gateway per meshCiscos Istio distribution includes a custom resource def

107、inition that enables multimulti-gateway support,gateway support,providing ingress/egress flexibility and extended policy options,such as multi-tenancy support for MSPsAdditionally,Cisco supports direct connectdirect connect,which enables mTLS communication to a workload from an external clientThese

108、additional capabilities not only provide policy flexibility,but present more sustainable solutions by intelligent resource re-useCalistiCalisti is the only service mesh is the only service mesh management solution to offer management solution to offer multimulti-gateway support and gateway support and direct connectdirect connectK8S Control Planec-mc-c-metcdschednodek-rpoxykubeletpodK8S Control Planec-mc-c-metcdschednodek-rpoxykubeletpodService Mesh Control PlaneService Mesh Control PlaneService MeshService MeshGatewayGatewayGatewayExternal clientGatewayBRKETI-2005102