Overview of IBM Hybrid Cloud Mesh
IBM Hybrid Cloud Mesh (Mesh) is a multicloud, multicluster, application-centric, networking solution. It enables enterprises to use simple, scalable, seamless, and secure hybrid multicloud connectivity.
This software as a service (SaaS) solution delivers any service, anytime, anywhere, enabling application-centric networks by intelligently inferring network requirements from business intent. It aligns the networking operations, security operations, and DevOps across heterogeneous cloud environments.
Mesh automatically configures a software-defined network for the applications microservices, which are distributed among multiple clouds in an abstract manner. Mesh is an overlay network that eliminates the need for any reconfiguration of the underlying networks. For example, networks that support the Amazon Cloud, Microsoft Azure, and Google Cloud.
Mesh provides the following value to businesses:
- Improved business agility: Mesh improves business agility by enabling clients to deploy new applications and services faster.
- Enhanced performance and response time: Mesh can improve performance and the response time of the user experience.
- Optimized security: Mesh improves security by reducing the attack surface.
- Better visibility and seamless operation: Mesh gives networking and security professionals better visibility into their enterprise network security along with network and system performance, which provides better recommendations for improvement. At the same time, it saves DevOps and application developer professionals from the burden of juggling application connections across heterogeneous networks and cloud providers.
The following illustration shows the relationship between Mesh and your applications and cloud components:
Functional overview
Adopting large numbers of multicloud applications where workloads are distributed across public clouds, edge devices, and on-premises data centers can cause unresponsive networks in Enterprise systems. The Mesh SaaS-based solution meets this challenge by delivering software that enables simple, scalable, seamless, and secure hybrid multicloud connectivity.
Mesh includes the following features:
- Infrastructure Discovery
- Creates an inventory of an enterprise's multicloud deployment infrastructure, which enables Mesh to understand the scope and breadth of the enterprise network. The results of this discovery provide enterprise CloudOps teams with full visibility into their mutlicloud infrastructure. This feature requires credentials that can access enterprise cloud accounts and interrogate the cloud's API for assets. Periodic infrastructure discovery ensures that Mesh has the most current model of the enterprise infrastructure. Mesh uses infrastructure models to correlate applications and services with their supporting infrastructure. Examples of infrastructure include clouds, locations, Virtual Private Clouds (VPCs), and Kubernetes clusters.
- Application and Service Discovery
- Creates an inventory of an enterprise's points of connectivity, which enables DevOps-driven
policy intents to describe application and service connectivity. DevOps deploys applications and
services on infrastructure for Infrastructure Discovery to discover. DevOps has the freedom to
deploy new versions or to move deployments from one part of the infrastructure to another. Mesh uses Application and service discovery to ensure that it is aware of
applications and services as they migrate throughout the infrastructure. Applications and services
are the main points of connectivity in Mesh. For example, an
application in the
Store
Kubernetes namespace that needs connectivity to a service in theInventory
Kubernetes namespace. The application requires that Mesh is aware of the deployment location of both the application and service, even as their deployment location changes over time. - Connectivity Management
- Supports DevOps-focused policy authoring to support connecting applications and services.
Mesh is aware of applications and services that need to be
connected and their deployment locations. DevOps can write simple policies that express the intent
to connect
Store
andInventory
wherever they are being deployed. The policies decouple policy authoring from the deployment mechanics of applications and services. It also enables a separation of concerns between the nature of the connection from the specifics of the endpoints being connected. To enforce the policies, the software gateways open ports at both ends of the gateway and create proxy services on the side of the point of origin. - Network Topology
- Provides an overlay network that software gateways
manage. The gateways are containers that are deployed in the namespace with the applications and
services. They provide the following functions:
- Discover application and services and manage their connectivity.
- Provide service proxies to enable applications to communicate with remote services as if they are local resources.