Download Grey Matter

Our Nexus repository provides all Grey Matter artifacts as Docker images and tar files . These formats give you the flexibility to use Grey Matter in many environments and with many deployment strategies.

Docker

The full list of available images and versions can be browsed .

Login to the Docker registry. When prompted, supply the username and password given to you by the Decipher team. given to you by the Decipher team:

After which images can be pulled normally via Docker:

Tar

The full list of available tars and versions can be browsed .

Tar artifacts can be downloaded directly from the web UI, or programmatically though scripts or CLI tools like curl (enter password when prompted):

Questions?

Check out these resources to learn more about the Grey Matter ecosystem and dependencies.

• Apache Kafka

• Amazon Web Services (AWS) CloudWatch

• AWS Elastic Compute Cloud (EC2)

Not sure where to start?

Check out these quick links to get Grey Matter, get help, and figure out what you need to get started.

Questions?

The following pages provide basic information about Grey Matter, its dependencies, standards and compliance, and where to get Grey Matter.

What does it take to run Grey Matter in your environment? See our System Requirements to find out.

Learn about the Grey Matter ecosystem and our dependencies, including locations for our binaries and knowledge base.

Learn more about the standards, compliance laws, and regulations that inform Grey Matter's design.

Check out our if need to look up a common definition.

Questions?

We require the following dependencies to run the suite of Grey Matter core microservices. Flexibility is key when it comes to microservice architectures, so we keep hard dependencies to a minimum.

Core Requirements

Optional

Questions

****FIPS (Federal Information Processing Standards) are standards describing the document processing, encryption algorithms and other information technology standards for use by non-military US Government agencies and the contractors and vendors working with them.

FIPS are developed by National Institute of Standards and Technology (NIST) when required by statute and/or as needed due to compelling federal government cyber security requirements. NIST issues FIPS publications pursuant to the Section 5131 of the Information Technology Management Reform Act of 1996 (Public Law 104-106), and the Computer Security Act of 1987 (Public Law 100-235).

Applicability

The (FISMA) of 2002 (as amended by the (FISMA) of 2014) does not include a statutory provision allowing federal agencies to waive the provisions of mandatory FIPS publications. Such waivers were previously allowed under the Computer Security Act which was superseded by FISMA.

FIPS publications are not applicable to national security systems.

Questions?

Our knowledge base contains detailed information about using Grey Matter, including the following scenarios:

• How to Use the Grey Matter Intelligence 360

• How to Configure the Grey Matter Sidecar

• How to Configure Audits

• How to use Grey Matter Data objectPolicy

• How to Enable Audits to Be Ingested into Elasticsearch with Kibana

For more information on using Grey Matter, including how to install Grey Matter locally, deploy services, and configure your mesh, see our .

Questions?

Grey Matter's configuration is guided by several laws, regulations, and standards to meet evolving market directions, security issues, and customer needs. These regulations address the following technical challenges and provide the benefits associated below.

The Federal Risk and Authorization Management Program (FedRAMP) is an accreditation process for cloud computing and cloud services to ensure security for use by the federal government. It is overseen by CIOs from DoD, DHS, and GSA, which make up the Joint Authorization Board for FedRAMP. Before FedRAMP, individual organizations had to do their own accreditation.

The process consists of a preselected subset of NIST 800-53 controls for Low- and Medium-impact (according to FIPS 199 class) cloud services. Under this process, cloud services are evaluated for impact on existing systems, and then appropriate preselected controls are tested by a third-party accreditation organization to certify the product.

Questions?

At its heart, the EU General Data Protection Regulation (GDPR) is intended to strengthen the rights of EU citizens to determine how their personal data is processed by organizations operating in the EU and abroad.

Per the official EU GDPR web portal, the regulation impacts all companies who “offer goods or services to—or monitor the behavior of—EU data subjects…regardless of the company’s location.” Unlike previous policies and directives, the GDPR is backed by significant penalties for non-compliance.

Intended Use

Under GDPR, organizations may only use customer-provided data for the purpose in which said customers have provided consent. For geographically and transnationally dispersed enterprise companies this represents an area of considerable GDPR compliance concern. For instance, under GDPR, Personal Data collected by a company from a customer to complete a transaction cannot be shared with that company’s marketing department unless the customer has also provided explicit consent for that purpose. The GDPR empowers both customers to control their Personal Data, and the regulatory bodies conducting oversight on their behalf. To that end, ensuring and reporting upon data provenance will receive increased scrutiny.

Right to Forget

GDPR also ensures customers have the “right to be forgotten.” By nature of legacy data handling architecture and business process, this may present the most difficult GDPR compliance challenge an enterprise-scale company is likely to face.

Derived Data

Not only does the right to be forgotten include the Personal Data directly related to a particular user, but it may also include data derived from the analysis of that user’s overall profile. For example, algorithmically derived recommender data generated by the analysis of a customer’s purchase history also falls under the GDPR rubric.

Questions?

The Federal Information Security Management Act (FISMA) of 2002, enacted as Title III of another law, requires each federal agency to develop, document, and implement a program to provide information security to all information systems supporting that agency. It mandates FIPS 200 (basic security requirements) and uses NIST Special Publication 800-53 controls to evaluate information systems.

Nine Steps to FISMA Compliance

1. Categorize the information to protect using FIPS 199 categories.

2. Select the minimum baseline controls for each category.

3. Refine with risk assessment procedures.

4. Document the controls in a system security plan.

The system security plans must follow NIST SP 800-18. FISMA assigns specific responsibilities to certain federal agencies to follow up and monitor compliance.

Questions?

HIPAA is the acronym for the 1996 HIPAA enables the following healthcare PII-related protocols:

• Transfers and continues health insurance coverage for millions of American workers and their families when they change or lose their jobs

2-Way SSL

Secure Sockets Layer (SSL) technology encrypts a link between server and client. An SSL certificate encrypts data sent from a client computer to a server. While doing so, “HTTP” turns into “HTTPS”. The added "S" means secure. Grey Matter’s sidecar supports 2-way SSL during the entire HTTP request transport.

Access Control List (ACL) Filter

An ACL filter tells an operating system which users or processes can access objects such as files. It dictates operations users can perform on these objects. Each object has a security attribute that identifies its ACL. of whitelisted server Distinguished Names (DN).

ACL Server Impersonation Filter

Server application threads often impersonate a client to access objects on the server or to validate access to a client’s own objects. Impersonation lets a thread execute with different security information from the process that owns the thread. to establish user privileges and permissions.

Amazon Web Services (AWS) CloudWatch

AWS is a secure cloud service platform that offers power, storage, and content delivery. CloudWatch lets you track log files, metrics, and alarms. It can monitor Amazon databases and customized metrics. supports Amazon Web Services (AWS) CloudWatch metrics.

AWS Elastic Compute Cloud (EC2)

EC2 is a web service that provides scalable computing capacity in the AWS cloud. Grey Matter can be deployed to the AWS EC2 platform. Using EC2, developers can build and deploy their applications without hardware constraints. Grey Matter has the ability to autoscale in EC2. `

AWS Simple Storage Service (S3)

AWS S3 is an object storage service that offers industry-leading scalability, data availability, security, and performance. Customers of all sizes and industries can use it to store and protect any amount of data for a range of use cases (websites, mobile apps, backup and restore, archive, enterprise applications, IoT, big data analytics).

Apache Kafka

Kafka is a fast, scalable, durable, and fault-tolerant publish-subscribe messaging system. Kafka is often used in place of traditional message brokers like JMS and AMQP because of its higher throughput, reliability, and replication. Grey Matter uses Kafka to perform asynchronous communications, such as emitting observable information and data replication across regions.

Apache ZooKeeper

ZooKeeper is a centralized service for distributed applications. It offers a naming registry and features for maintaining configuration information. It also provides group services and distributed synchronization. It is applied to C or Java in combination with a service component. Grey Matter’s sidecar supports ZooKeeper for easy service discovery within the existing microservice infrastructure. Grey Matter leverages ZooKeeper in two ways: first as a dependency of Kafka and second as a service discovery mechanism when deployed with the Grey Matter ZooKeeper xDS.

Artificial Intelligence for IT Operations (AIOps)

Artificial Intelligence for IT Operations (AIOps) is the application of machine learning against multiple system and device operations big data sources in order to identify and set optimal performance parameters for each system on the service mesh. The algorithms predict and correct anomalies in real-time without human intervention.

Authorization

Authorization is a security mechanism used to determine user/client privileges and access rights to resources related to information security and computer security. Authorization is normally preceded by authentication for user identity verification. OAuth, TLS/SSL, and other forms of security and authorization must not be hard-coded into the service. Every PKI key must be able to be overridden by the correct environment certificates at runtime.

Automatic Routing & Discoverability

Automatic network routing minimizes cycles and storage for routing packets through intermediate nodes. The system selects the routing path for each connection. Microservice instances have dynamically assigned network locations, and service instances change dynamically due to dynamic behaviors. There are two main service discovery patterns: client-side and server-side discovery.

Bandwidth

The amount of data transmitted during a fixed time. Bandwidth is usually expressed in bits or bytes per second (bps).

blacklist

A blacklist is an ACL configuration option that denies no Distinguished Names (DNs) at first. It denies only specified DNs when given a non-default string.

Central Processing Unit (CPU) Utilization

The CPU is the part of the computer that performs calculations, actions, and runs programs. CPU utilization describes the percentage a service requires of the CPU over time.

Client-Side Discovery

When making a request to a service, a client finds the service instance location by querying a service registry.

Command-line Options and Flags

Command-line options pass parameters to a program, and flags modify those parameters. Most command-line options are single letters preceded by a “-”. Setting command-line options and flags is a good runtime configuration approach for services running outside of Docker (as a local binary or package).

Configurable at Runtime

A runtime system includes the software and hardware resources needed to execute a program, regardless of the programming language being used. Grey Matter recommends setting configuration options from environment variables at runtime.

Configuration Thresholds

Thresholds are user-specified values that determine when metrics exceed or drop below certain limits. Using thresholds lets you focus on pertinent data. From the Grey Matter dashboard, you can configure most thresholds by clicking on a service, then clicking the Configuration tab.

Control Plane

The is responsible for the configuration and policy management of all microservices running atop a service mesh.The control plane is a dedicated and decentralized miniature infrastructure layer comprised of sidecar proxies responsible for handling service-to-service communications, security compliance, optimization and automation. In the case of Grey Matter Fabric, the control plane orchestrates the operations of all distributed sidecar proxies operating on the service mesh.

Data Distribution Network (DDN)

DDNs are comprised of a globally-distributed network of edge servers that optimize web data delivery by bringing data closer to its ultimate user end-point. In the case of Grey Matter, the DDN lets secure enterprise data capture, store, sync, cache, move and share of any kind, to and from consumers and services, anywhere around the globe.

Data Plane

The service mesh data plane is responsible for observing, capturing, and communicating every discovery, routing, health check, load balancing, and authentication action that occurs atop the service mesh from instance to instance. In the case of the Grey Matter Data Distribution Network (DDN), the data plane also allows secure enterprise data capture, store, sync, cache, move and share of any kind, to- and from- consumers and services, anywhere around the globe.

DC/OS (Distributed Cloud Operating System)

DC/OS is an open-source distributed operating system based on the Apache Mesos distributed systems kernel. Grey Matter can be deployed to DC/OS and Grey Matter has the ability to autoscale on the DC/OS platform. DC/OS manages multiple machines in the cloud or on-premises from a single interface; deploys containers, distributed services, and legacy applications into those machines; and provides networking, service discovery, and resource management to keep the services running and communicating with each other.

Dependency Links

Microservices typically depend on additional microservices, databases, or servers. Grey Matter requires dependent services to be configurable at runtime. Dependencies must be accounted for at all phases of development and operations. For example, in the case of infrastructure modernization, dependencies that violate a target module structure need to be resolved before code can be extracted from a monolithic code base into a new module.

Deploying a Microservice

Each microservice is built and deployed as a set of service instances that can be measured for throughput and availability. Services must be independently deployable and scalable and isolated from one another, so users can monitor the behavior of each service instance. Each container should have one responsibility and one process.

Distinguished Name (DN)

A DN is a fully-qualified path that traces an entry back to the root of the tree. A DN has a unique name that identifies an entry at the appropriate hierarchy.

Docker

Docker is a software virtualization platform that allows users to create a container inside their computer. A container is a small pre-configured virtual computer with its own OS that lets users run any software just as on the main computer.

Domain Name System (DNS)

The system the internet uses to regulate and track domain names and addresses.

EGRESS 2-Way SSL Request Security

EGRESS 2-Way SSL refers to network traffic going from our sidecar to a deployed service. EGRESS processes and mechanisms protect services and information from unintended or unauthorized use, change, or destruction.

Enabling ACL

To enable ACL, a filesystem must be mounted with the ACL option. The supports custom . This logic allows one service (A) to impersonate any user (X) when making a call to another service (B). Provided the client certificate presented by service A is on the access control list configured for service B.

Encryption Keys

An encryption key is a random string of bits that scrambles and unscrambles data. Asymmetric, or public/private encryption, uses a pair of keys. An asymmetric key pair consists of a public key that encrypts, and a private key that decrypts. Data encrypted with one key is decrypted only with the other key in the public/private key pair.

Endpoints

Endpoints are any device on the edge of the network or outside the corporate firewall, such as a laptop, tablet, mobile phone that connects to a central network, cloud storage, and/or VPN. Endpoints compute across any device or network, with always-on security protecting companies and users across local and cloud-enabled storage.

Environment Variables

Environmental variables are dynamic-named values that can affect the way running processes behave on a computer. They are part of the environment in which a process runs. Each process has its own separate set of environment variables. Once unique to Unix systems, they know exist in other common computing environments.

Envoy Proxy

Envoy is a high-performance C++ distributed proxy designed for single services and applications. It is a communication bus and universal data plane designed for large microservice mesh architectures. Envoy features advanced load balancing, observability, and robust APIs for configuration management. Our leverages the strength of Envoy with and logic to enhance the microservice mesh.

Error Rate

The error rate is the percentage of errors during data transmission over a communications or network connection. Higher error rates mean less reliable connections or data transfer.

GO kit Microservice

Go is a popular language used in cloud-native, distributed systems. It is a statically-typed, high-level, multithreaded language designed for fast compiling and efficient garbage collection. Go kit is a toolkit for building microservices that encourages good design principles. The kit includes three major components: a transport layer, and endpoint layer, and a service layer.

Grey Matter

Decipher’s Grey Matter intelligent service mesh is a platform and network agnostic service mesh designed to simplify the complexities of enterprise microservice adoption, application development, and management. The platform facilitates the build, operation, and management of connected microservice-based applications across the enterprise.

Grey Matter Configuration

If your system implements a RESTful Interface, and your services are configurable at runtime, you can get started configuring Grey Matter. See our pages for more information.

Grey Matter Data

is an Enterprise-to-Edge mesh delivery network delivering secure, trusted data globally. Data provides highly secure edge data distribution enabling Enterprise micro- and nanoservices to move secure, targeted data from service to service, across markets, and around the globe. Grey Matter Data leverages Enterprise-scale data access control APIs and strong encryption layers atop storage backends such as AWS S3, Disk, Microsoft, Azure, and others. Data handles massive stores of almost any data type, and provides powerful analytics, metrics, and business insight.

Grey Matter Fabric

Grey Matter Fabric is the control and data plane managing the entire mesh. Fabric serves as a fleet-wide distributed control and data plane, capable of abstracting complexity, further easing infrastructure and network burden.

Grey Matter Dashboard

The Grey Matter Dashboard is a ingle touchpoint for CTOs, CIOs, and developers that shows the overall status of the microservice mesh network. The Grey Matter dashboard is composed of several features: an error pane, a link to the current version API, language view options, Settings, the Summary, and Search features. The Summary feature shows three counters: Services Down, Services Warning, and Services Running. The Search feature contains a search bar, a Group filter, and two view options (Card and List).

Grey Matter Sense

provides cognitive network automation and AI for network operations, business insight, and Service-Level Objectives (SLOs). Sense extends network situational awareness through the surface, conversion, process, and summarization of relevant information derived from dynamic neural network and machine learning algorithms, providing data-driven context to the Enterprise.

Impersonation Filter

Grey Matter's ACL lets whitelisted server distinguished names (DNs) impersonate on behalf of users.

Infrastructure as a Service (IaaS)

IaaS is a method of delivering computing, storage, networking and other capabilities via the Internet. IaaS lets companies use web-based operating systems, applications and storage without having to purchase, manage and support the underlying cloud infrastructure. It is one of three main categories of cloud computing, along with SaaS and PaaS.

INGRESS 2-Way SSL Request Security

Ingress shows HTTP/HTTPS incoming routes to services. Ingress offers load balancing, SSL termination, and name-based virtual hosting. An ingress controller can fulfill the ingress with a load balancer. Alternately, it can configure an edge router to handle traffic.

Internet of Things (IoT)

The concept of connecting any device with an on and off switch to the Internet (and/or to each other). These may be anything from mobile devices and headphones to washing machines or coffee makers.

Inter-process Communication Protocol (IPC)

Inter-process communication refers to mechanisms an operating system uses to let processes to manage shared data. IPC may synchronize processes or leave it up to processes and threads to communicate among themselves using shared memory. Common IPC approaches include: files, signals, sockets, message queues, pipe, shared memory, message passing, and memory-mapped files.

JavaScript Object Notation (JSON)

JSON is a syntax for storing and exchanging data in an organized, easy-to-access manner. It provides a human-readable collection of data in a logical manner.

JSON Web Token (JWT)

JWT is a compact URL-safe means of representing claims to be transferred between two parties.

JVM (Java or Scala)

An abstract computing machine that lets a computer run a Java program. There are three notions of the JVM: specification, implementation, and instance. JVM mimics a real Java processor, enabling Java bytecode to be executed as actions or operating system calls on any processor regardless of the operating system.

JVM Microservice

JVM is a series of Java-based frameworks for building modular, testable microservices. They can have fast startup time, low memory footprints, small sizes, and zero dependencies.

Kubernetes

Kubernetes is an open source platform designed to manage a cluster of Linux containers as a single system. Kubernetes manages and runs Docker containers on a large number of hosts, and also provides the co-location and replication of a large number of containers.

Latency

Latency refers to the round trip time data takes to travel from the browser to the server. Latency manifests as a delay before the transfer of data following a transfer instruction. Latency determines how fast the contents within a pipe can be transferred. Latency is different from bandwidth and throughput.

ListAuth Filter

Auth methods are the components that perform authentication and assign identity and a set of policies to a user. Each auth method publishes its own set of API paths and methods. restricts access to a proxied microservice based on a user’s Distinguished Name (DN). This filter provides a whitelist to allow given DNs and a blacklist to forbid the given DNs.

Load Balancing

Load balancing is the dynamic allocation of local workloads evenly across nodes using scalable storage techniques. Load balancing provides cost advantages, flexibility, and reliable service availability.

Memory Utilization

Memory is not managed as a single component, such as a CPU or disk, but as a collection of small components. When the OS needs to allocate memory to a process, it looks for unused memory. In addition to throughput and response times, another key performance indicator of an application’s performance is referred to as utilization. Resource utilization tracks how busy various resources of a computer system are when running a performance test.

Metrics

The business and technical criteria used to measure and tune a system’s performance.

Metrics Filter

supports observability by acquiring measurements of system performance and making metrics data available. Grey Matter uses JSON metrics through HTTP, Prometheus metrics scraped by a Prometheus server, and CloudWatch metrics through AWS.

Microservices

Microservices are a collection of small, distributed modular programs each serving a specific business role, loosely bound to other similar cloistered programs. Microservices operate independent of each other, having no awareness of the functions of their cohort services or the network.

Microservice Architecture Pattern

Microservice-based architecture is an alternative to a monolithic architecture. Microservices architecture supports the continuous delivery and deployment of large, complex applications. Microservice modularity mitigates any long-term commitment to a technology stack. Several enterprise-scale websites, including Netflix, Amazon, and eBay, have evolved from a monolithic architecture to a microservice architecture.

Microservice Fleets

Microservice fleets refer to a collection of loosely coupled microservices and/or services sharing data and inter-related processes across an enterprise’s body of cloud capabilities.

Network Function Virtualization (NFV)

NFV is a tool for organizing several virtual computers on one real computer. In sum, all the resources of virtual computers are equal to the resources of one real computer. Each virtual computer can have its own OS and perform its tasks without interfacing with others. In short, network function virtualization is just the virtualization of some network component (e.g., a router) into a virtual machine that runs on commodity hardware.

Network Orchestration

Network Service Orchestration (NSO), refers to a software solution that helps network operators configure and automate multiple network elements as per a given service definition. Software-defined networking (SDN) orchestration is the process of automatically programming the behavior of a network, so it coordinates with the hardware and the software elements to further support applications and services.

OAuth 2.0 Filter

supports authorization and authentication throughout the entire HTTP request transport. OAuth 2.0 is an open authorization protocol based on HTTP that gives a third person limited access to protected resources of a user without having to pass a login and password. It is used for website authorization using already existed accounts like Google, Facebook, etc.

Observables

are time-related data that model events and asynchronous requests. They can be transformed, combined, and consumed. They offer significant benefits over other techniques for event handling, asynchronous programming, and handling multiple values. Observables are declarative (users define a function for publishing values--but it is not executed until a consumer subscribes to it.

Observables Filter

Grey Matter's filter lets developers monitor the lifecycle of their server. The filter emits events based on requests. Message-publishing defaults to stdout but can be optionally published to a Kafka topic as well. The observables filter only allows items through that pass a user-specified predicate function test.

OpenShift

OpenShift is a RedHat container application platform for building, developing and deploying any infrastructure; a supported distribution of Kubernetes that uses DevOps tools and Docker containers for application development. Grey Matter can be deployed to OpenShift and can autoscale on the OpenShift platform.

Platform as a Service (PaaS)

PaaS is a cloud-based computing environment that lets users develop, run, and manage web applications without infrastructure to build apps. Like IaaS, PaaS includes infrastructure – servers, storage, and networking – but also middleware, development tools, business intelligence services, and more.

Packer

Packer is an open-source software that automates the process of creating machine images which have a particular operating system and pre-installed software. It can also be used with configuration management tools (Chef or Puppet). Grey Matter uses tools such as Packer to create a simple, scripted infrastructure.

Polyglottal Microservices

Microservices are typically language-agnostic. They may be built with different programming languages, meaning the service mesh must be capable of understanding and translating all program languages.

Ports

A port is an endpoint of communication. In computer networking, physical and wireless connections end at ports of hardware devices. At the software level, a port is a logical construct that identifies a specific process or type of network service. Ports are identified for each protocol and address by 16-bit unsigned numbers, commonly known as a port number.

Prometheus

Prometheus is a monitoring system with a dimensional data model, flexible query language, efficient time series database and modern alerting approach. All components of Prometheus communicate with each other via the HTTP protocol. Grey Matter uses Prometheus to assist in the visualization of captured metrics.

Proxy Server

A proxy server acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server, and the proxy server evaluates the request to simplify and control its complexity. Proxies were invented to add structure and encapsulation to distributed systems.

Representational State Transfer (RESTful) Interface

A RESTful interface is an API that provides a standard protocol for interacting with a microservice. It uses HTTP requests to GET, PUT, POST and DELETE data. A RESTful API breaks down a transaction to create a series of small modules. Each module addresses a particular underlying part of the transaction. A RESTful Interface is required to work with Grey Matter on your system.

Requests

Microservices handle requests from an application’s clients. Services collaborate using an inter-process communication protocol (IPC) to handle those requests.

Route-level SLOs

Route-level SLOs are a feature on the Grey Matter Dashboard Configuration tab that allows users to set thresholds for latency, error rates, and request rates on specific service routes.

Server-Side Discovery

When a client makes a request to a service, a router, or load balancer, intercepts the request. The router queries a service registry, then forwards the request to an available service instance. Compared to client-side discovery, the client code is simpler. All the client does in server-side discovery is make a request to the router.

Service Announcement and Discovery

Service discovery is the way applications and microservices find each other on a dynamic network, and it's the way the service mesh dynamically adds and removes instances of each microservice. Discovery adds the initial instances that come online, and modifies the mesh to react to any scaling actions that happen. Service discovery ensures that a microservices application is processing requests efficiently and that it can cope with changes in workloads and changes in the microservices application itself. Service discovery exploits network orchestration and uses multiple layers to manage network tasks and load balancing.

Service Instance

Microservices are deployed as a set of service instances to increase throughput and availability. Each service instance is packaged as a Docker image and clustered in a framework such as Kubernetes or AWS EC2. Each service instance is separate from the others. It is easy to scale a service up and down by changing the number of container instances.

Service Cluster

Service-Level Agreement (SLA)

SLAs are an integral part of an IT vendor contract that clearly states responsibilities and performance expectations. SLA defines the level of service expected by a customer from a supplier, laying out the metrics by which that service is measured, and the remedies or penalties, if any, should the agreed-on service levels not be met. Service requirements and capabilities are dynamic, so SLAs must be kept up-to-date.

Service-Level Objective (SLO)

SLOs are a key element of a SLA between a service provider and customer. SLOs are agreed upon as a means of measuring the performance of the Service Provider. SLOs are outlined to avoid disputes between the two parties.

Service Mesh/Enterprise Service Mesh

A service mesh is a dedicated, configurable infrastructure proxy layer that orchestrates all microservice operations and policy adherence. A service mesh lets service instances communicate to enable flexible, reliable, and fast operations for distributed systems.

Service Registration

Service instances must be registered with and deregistered from the service registry. There are a few ways to handle the registration and de-registration. One way is for service instances to register themselves, the self-registration pattern. The other is for another system component to manage the registration of service instances, the third-party registration pattern.

Service Registry

The service registry is a key part of service discovery. The service registry is a database that contains the network locations of available service instances. The service registry provides a management API and a query API. Service instances are registered with and deregistered from the service registry using the management API. The query API is used by system components to discover available service instances.

A service registry needs to be highly available and up to date. Clients can cache network locations obtained from the service registry. However, that information eventually becomes out of date and clients become unable to discover service instances. Consequently, a service registry consists of a cluster of servers that use a replication protocol to maintain consistency.

Setting Files

Setting microservice configurations via physical files on disk is a common and convenient method that also adds overhead to containerized deployments.

Sidecar

The is an Envoy-based proxy coupled to the microservice atop the service mesh that is responsible for policy compliance, reporting, identification, detection, prevention, and monitoring filters. Our sidecar can manifest as an edge node, and can deploy automatically and at scale with a preconfigured security and communication stack.

Software as a Service (SaaS)

SaaS is a cloud computing software distribution model through which end users can access and use an application remotely via Internet browsers. A SaaS vendor houses and maintains the hardware that runs the app.

Software-Defined Networking (SDN)

SDN architecture aims to make networks agile and flexible by improving network control. It lets enterprises and service providers respond quickly to changing business requirements. SDN network engineers and administrators can control traffic without touching individual switches in the network. It has three layers: the application layer, the control layer, and the infrastructure layer.

Systems Automation

Systems automation refers to controlling a process by automatic methods while reducing human intervention.

Terraform

Terraform is a tool used to create, change and improve production infrastructure. It changes APIs into declarative configuration files that team members can share, treat as code, edit, review, and version.

Throughput

Throughput is the rate of data transfer and processing over a given time. Each interaction between a microservice and a dependency contributes to throughput.

Whitelist

A whitelist is an ACL configuration option that allows all by default, then allows only the specified DNs if given a non-default string.

****National Institute of Standards and Technology (NIST) 800-37 offers guidelines for the application of Risk Management Framework (RMF) to information systems. The guideline defines RMF roles, responsibilities, and lifecycle processes for systems and organizations. RMF offers a flexible structured process for security and privacy risk management. This process covers IT categorization; implementation, controls, and assessment; system and common control authorizations; and continuous monitoring.

Mitigate Risk

The RMF also prepares organizations to mitigate risk. IT common control authorization provides senior leaders and executives with the necessary information to make cost-effective risk management decisions. RMF also incorporates security and privacy into the development lifecycle. RMF management process tasks are linked from the system level to risk management organization level. In addition, RMF establishes responsibility and accountability for organizational IT system controls and those inherited by their systems.

Questions?