Traffic Management, Monitoring, and Security in Microservices Framework with Citrix ADC

Prepared by: Gökay Aydın – Sekom – SS&IP Services Team Leader

Microservices Framework and Requirements

Today, many companies are transitioning their applications from Monolithic Architecture to Microservices Framework. In a Microservices Framework, different functions of applications operate as independent services. The traffic occurring between these services is referred to as east-west traffic.

Managing, monitoring, and securing this east-west traffic in a Microservices Framework is of critical importance. At this point, Citrix ADC, Citrix’s load balancing solution, stands out with its flexible deployment options, licensing, and centralized management solution, Citrix ADM (Application Delivery Management).

Citrix ADC Solutions

Citrix ADC offers solutions in various forms that utilize the same software code. These include:

• MPX: Hardware appliance
• SDX: Multi-tenant appliance
• VPX: Virtual appliance
• BLX: Bare-metal solution
• CPX: Containerized solution

Since each form uses the same software code, management is straightforward and consistent. Additionally, the Pool Licensing Model provides highly efficient and flexible capacity management. License capacities can be adjusted between factors as needed, without any impact on traffic, enabling optimal use of idle resources.

Deployment Topologies in Microservices Framework

• Single-tier
• Dual-tier
• Service-Mesh Lite (the most commonly used topology)

Service Mesh Lite

In the Service Mesh Lite topology, there are essentially two layers.

In the first layer, the ADC is located outside the Kubernetes environment. This is the ADC solution that already exists in your data center:

• The primary function of this ADC is to manage north-south traffic. It directs traffic from the user to the relevant CPX within the Kubernetes environment.
• Additionally, with the SSL Offloading feature, it takes over the encryption task from the application and performs it itself. This reduces the resource requirements of the application.
• The second most important function is ensuring security. With the WAF (Web Application Firewall) feature, it protects the application against known and unknown attacks. Through learning, the application is thoroughly understood and protected within a defined framework. Additionally, the Bot Management feature detects and blocks malicious bots. DDoS protections and Rate Limit features also prevent attacks on applications.
• Furthermore, it optimizes both the traffic and the application. Through TCP-level optimization, it ensures efficient use of network resources. Additionally, with Cache and Compression features, it delivers data to the user faster, enhancing the user experience.

The second layer is the environment where applications running in the microservices framework are located:

• This layer includes Citrix CPX, Citrix’s pod-based solution that shares the same source code as other ADC solutions. Citrix CPX is responsible for load balancing the traffic received from the upper layer to the relevant pods for applications and managing the east-west traffic occurring between pods.
• SSL Offloading is also performed in this layer.
• In terms of traffic management, it supports advanced load balancing algorithms such as Least Connection, Least Response Time, etc.
• Since it can inspect traffic content, it allows traffic to be routed, permitted, or blocked based on any parameter within the traffic.
• Since both north-south and east-west traffic passes through ADC devices, it provides advanced visibility for traffic circulating within the data center.

One of the gray areas in transitioning to a microservices framework is analyzing the problem in case of a potential issue. When there are many pods and different services, this process becomes quite challenging. At this point, Citrix’s ADM product comes into play.

Citrix ADM is a management software that enables centralized management of all Citrix ADC devices, automates operations, and provides detailed reports on application traffic through Web Insight.

Thanks to the Appflow Data provided by Citrix CPX, it provides visibility for each layer in terms of application traffic through the ADM Service Graph with performance, statistics, and analytics data. Response time values and errors in application traffic provide pinpoint information about where the problem is occurring.

Citrix ADC also integrates with many open-source tools. The main ones include Kibana, Elastic Search, Prometheus, Grafana, Zipkin, etc.

In conclusion, the Citrix ADC product family offers solutions that meet the needs of every aspect of the transition to a Microservices Framework.

For more information about the Citrix ADC product family, you can contact our experienced team!