Microservices Architecture Patterns: Working Together to Secure the Cloud
Published 12/27/2021
Written by the CSA Application Containers and Microservices Working Group
The secure development of microservices relies on architecture patterns. In the following blog, review these microservices architecture patterns and note how many are able to work together to form a secure cloud system. The eleven patterns interact with one another to support a resilient business solution.
1. Offload Pattern
An offloaded function is one that is frequently consumed by many other services as a shared service. It can be tightly coupled to API gateway functionality and the data access layer, and can be applied to authentication and authorization. This pattern's purpose is to demonstrate opportunities to consolidate technical capabilities in the enterprise plane.
2. Routing Pattern
The routing pattern is used when a single endpoint needs to expose multiple services behind it and route requests based on incoming ones. A use case of the pattern is routing to a new version of a service for limited time based on the source of the request as determined by the source IP address.
3. Aggregation Pattern
The aggregation pattern receives and makes requests to multiple microservices, then combines multiple requests to backend services into a single request to respond to the initial request. Other patterns, such as facade, proxy, and circuit breaker patterns may come into play depending on the application goals and communication characteristics.
4. Cache Pattern
The cache pattern aims to improve performance and scalability. Caching in application design addresses requirements for increasing availability, improving application performance, and reducing backend data reading and writing. To simplify debugging, cache in the same layer in the same place to avoid multiple cache instances falling out of sync.
5. Proxy
A proxy pattern is a hardware enabled construct which intermediates machine-to-machine readable data streams. A proxy brokers connections between the service consumer and the service provider. Transparent proxy functionality intercepts data and performs cashing, offloading, or redirection but doesn’t modify the data stream.
6. AuthN (Authentication) Pattern
The AuthN pattern ensures services and users that access microservices prove that they are who they say they are. An identity token is given to the relying party from the authentication server, containing claims about the authentication and identity information. This process establishes trust and verifies identities.
7. AuthZ (Authorization) Pattern
This determines what an authenticated user can do or what permissions they have. A standard way of passing these permissions is by encoding scopes into a JWT. Authorization is for a client to request permissions to resources and to determine permission to do so on behalf of the user.
8. Facade Pattern
A facade is a structural pattern serving as a front-end interface to more complex software coding underneath. Serving as a simplified means for client applications, the facade pattern allows for protocol mediation between the client and microservices to provide improved user experience. In the long-term, however, it is better to use a proxy pattern.
9. Strangler Fig Pattern
Using this pattern as an old to new transitional approach, a new code base replaces the older system’s functionality to the new architecture and the legacy system retires from services. Intermediate software architecture makes use of proxy and wrapper patterns so that new microservices can interact with the remaining legacy code base.
10. Circuit Breaker Pattern
A circuit breaker pattern is a means to limit request-response interaction to prevent a larger failure should a service enter a threatening state or stop working. This is a means to prevent failures from growing bigger and resides in the software plane. The circuit pattern builds a fault resilient system that can survive when downstream services are unresponsive.
11. Adapter (Wrapper/Translate/Transform) Pattern
An adapter pattern converts a data stream into a representation that an incompatible interface could not interpret, providing an interface to the data conversion/transformation capabilities. Adapter patterns create bridges between two independent unconnectable interfaces such that the pattern wraps an incoming request so that the receiving interface can make sense of it.
To learn more about these patterns and architecting, developing, and deploying microservices as a Microservices Architecture Pattern, read our Microservices Architecture Pattern document.
Related Articles:
How Cloud-Native Architectures Reshape Security: SOC2 and Secrets Management
Published: 11/22/2024
The Lost Art of Visibility, in the World of Clouds
Published: 11/20/2024
Group-Based Permissions and IGA Shortcomings in the Cloud
Published: 11/18/2024
9 Tips to Simplify and Improve Unstructured Data Security
Published: 11/18/2024