Overview of IBM Hybrid Cloud Mesh

IBM Hybrid Cloud Mesh (Mesh) is a multicloud, multicluster, application-centric, networking solution. It enables enterprises to use simple, scalable, seamless, and secure hybrid multicloud connectivity.

This software as a service (SaaS) solution delivers any service, anytime, anywhere, enabling application-centric networks by intelligently inferring network requirements from business intent. It aligns the networking operations, security operations, and DevOps across heterogeneous cloud environments.

Mesh automatically configures a software-defined network for the applications microservices, which are distributed among multiple clouds in an abstract manner. Mesh is an overlay network that eliminates the need for any reconfiguration of the underlying networks. For example, networks that support the Amazon Cloud, Microsoft Azure, and Google Cloud.

Mesh provides the following value to businesses:

  • Improved business agility: Mesh improves business agility by enabling clients to deploy new applications and services faster.
  • Enhanced performance and response time: Mesh can improve performance and the response time of the user experience.
  • Optimized security: Mesh improves security by reducing the attack surface.
  • Better visibility and seamless operation: Mesh gives networking and security professionals better visibility into their enterprise network security along with network and system performance, which provides better recommendations for improvement. At the same time, it saves DevOps and application developer professionals from the burden of juggling application connections across heterogeneous networks and cloud providers.

The following illustration shows the relationship between Mesh and your applications and cloud components:

Overview diagram

Functional overview

Adopting large numbers of multicloud applications where workloads are distributed across public clouds, edge devices, and on-premises data centers can cause unresponsive networks in Enterprise systems. The Mesh SaaS-based solution meets this challenge by delivering software that enables simple, scalable, seamless, and secure hybrid multicloud connectivity.

Mesh includes the following features:

Infrastructure Discovery
Creates an inventory of an enterprise's multicloud deployment infrastructure, which enables Mesh to understand the scope and breadth of the enterprise network. The results of this discovery provide enterprise CloudOps teams with full visibility into their mutlicloud infrastructure. This feature requires credentials that can access enterprise cloud accounts and interrogate the cloud's API for assets. Periodic infrastructure discovery ensures that Mesh has the most current model of the enterprise infrastructure. Mesh uses infrastructure models to correlate applications and services with their supporting infrastructure. Examples of infrastructure include clouds, locations, Virtual Private Clouds (VPCs), and Kubernetes clusters.
Application and Service Discovery
Creates an inventory of an enterprise's points of connectivity, which enables DevOps-driven policy intents to describe application and service connectivity. DevOps deploys applications and services on infrastructure for Infrastructure Discovery to discover. DevOps has the freedom to deploy new versions or to move deployments from one part of the infrastructure to another. Mesh uses Application and service discovery to ensure that it is aware of applications and services as they migrate throughout the infrastructure. Applications and services are the main points of connectivity in Mesh. For example, an application in the Store Kubernetes namespace that needs connectivity to a service in the Inventory Kubernetes namespace. The application requires that Mesh is aware of the deployment location of both the application and service, even as their deployment location changes over time.
Connectivity Management
Supports DevOps-focused policy authoring to support connecting applications and services. Mesh is aware of applications and services that need to be connected and their deployment locations. DevOps can write simple policies that express the intent to connect Store and Inventory wherever they are being deployed. The policies decouple policy authoring from the deployment mechanics of applications and services. It also enables a separation of concerns between the nature of the connection from the specifics of the endpoints being connected. To enforce the policies, the software gateways open ports at both ends of the gateway and create proxy services on the side of the point of origin.
Network Topology
Provides an overlay network that software gateways manage. The gateways are containers that are deployed in the namespace with the applications and services. They provide the following functions:
  • Discover application and services and manage their connectivity.
  • Provide service proxies to enable applications to communicate with remote services as if they are local resources.
The topology views provide visibility to CloudOps and DevOps, enabling collaboration between teams. The topology views include application-to-service metrics that describe network usage over time. For example, you can view the total number of bytes transmitted between an application and a service. For more information about the metrics, see Metrics in the topology view.