Mohammed Faizuddin (@thehyphen)

Microservices are awesome 😎

small, contained boxes

clear bounded context

polyglot


🔥

Sweet!

Let's get real for

a moment.

Netflix's Deathstar Diagram
Amazon's Deathstar Diagram

At scale, might look like:

100s of microservices

1000s of production changes a day

10,000s of instances

1,000,000s of users

Security at

massive scale

Many services — many surface areas of attack

Polyglot does not make it any easier

Code Duplication & Developer Productivity

Dependency Tree

Dependency "Forest"

Securing

Microservices

Zero Trust Network

Abstract common parts

Secure interservice communication

Authenticate with Sessions

Session Token Authentication

💡

If only John Snow spoke the truth!

Perhaps a secret system can help?

OAuth 2.0

Facebook
OAuth
JSON Web Token
eyJ1c2VybmFtZSI6IkpvaG4gRG9lIiwicm9sZSI6ImFkbWluIn0.

Payload

{ "username": "John Snow", "role": "prince" }
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.

Header

{ "alg": "HS256", "typ": "JWT" }
mOBYBH329PYBuyxXNX-vfKPIBu3eW-li43Hz_q4nyvE

Signature

Algorithm: HMACSHA256

Stateless & self contained

Lightweight

Polyglot support

Okay, JWT looks cool. Now what?

Securing

Microservices

Zero Trust Network

Abstract common parts

Secure interservice communication

Service Mesh

Main purpose:
faster, reliable, secure communication

The side car pattern

Istio

Kong

Sidecar implemented with Envoy Proxy

"We've got dragons, we totally got this war"

mTLS and own Certificate Authority

Istio Architecture

Securing

Microservices

Zero Trust Network

Abstract common parts

Secure interservice communication

👾

Bonus!

RBAC / ABAC

In conclusion

2 things

Always use tokens

Service Meshes can drastically simplify things