Secure, manage and monitor microservices traffic with the integration of Istio as a control plane and the battle-tested Citrix ADC as a data-plane proxy.

The Citrix ADC portfolio is now integrated with the Istio control plane as an ingress gateway and as a sidecar proxy. This enables you to tightly secure and better optimize traffic into, and within, your microservice-based application environment with the Citrix ADC data plane and the Istio control plane.

Why Is Istio Important?

Enterprises are rapidly adopting microservice-based architectures for their applications to improve business agility and enhance customer and user experience. Istio is an emerging open source control plane for microservice-based applications and offers three key functionalities:

  • Traffic management and resiliency (Pilot module)
  • Identity and credential management (Citadel module)
  • Access control and telemetry collection (Mixer module)

Originally a collaborative effort between Google, Lyft, and IBM, Istio is now an open-source project embraced by the technology community at large and has become one of the most popular choices for customers who want a consistent and simplified approach to controlling their service-mesh environment.

Istio and Open Source Integration

Choice is a key tenet of your strategy — choice to deploy your applications where you want, how you want, and to access them from any device, anywhere. Now, you have the choice to use Istio as control plane for rich Citrix ADC data plane for your microservices-based applications.

This compelling integration with Istio deepens our commitment to open source infrastructure stacks in use in modern application architectures. The list is long and includes Prometheus, Grafana, Spinnaker, ElasticSearch, Fluentd, Kibana, and many more, bringing you the choice you need to monitor, troubleshoot, and secure your microservices.

Citrix and Istio: Better Together

You can integrate Citrix ADC with Istio in two ways:

  • As an ingress gateway to the service mesh environment
  • As a sidecar proxy to control inter-microservice communication

While you can use either integration independently, you can also combine both modes to provide a unified data plane solution.

An Istio ingress gateway acts as an entry point for incoming north-south traffic and secures and controls access to the service mesh from outside. Forged and perfected over time in the harshest conditions, the single code base of the Citrix ADC portfolio means that it offers the broadest industry support for Istio. You can deploy a broad range of Citrix ADC form-factors (MPX, VPX, CPX, etc.) to route and load balance your traffic as it enters your microservices cluster in accordance with Istio-defined policies. This means you can use your existing ADC infrastructure (and even the same ADC devices) for other non-microservice-based applications, as well.

Citrix ADC CPX is a containerized form-factor and can be deployed as a sidecar to each microservice pod in the Istio service mesh to act as a proxy for inter-microservice communications using the Istio control plane. By intercepting traffic in and out of the microservice, the sidecar can apply Istio-defined traffic management policies and remove the burden from the service itself.

In addition, the industry-leading performance Citrix ADC CPX brings to the Istio data plane minimizes latency under demanding conditions and enhances throughput better than many other proxy options.

Added Functionality with the Istio Module

Traffic Management and Resiliency

The integration of Citrix ADC with Istio Pilot enables you to employ advanced traffic management features in the data plane like service discovery, load balancing, secure ingress, weighted clusters, HTTP rewrite, HTTP redirect, and HTTP fault injection. With Istio as your control plane, you can get very granular about your traffic flows and how your microservices respond to requests.

Identity and Credential Management

Citrix ADC’s integration with the Istio Citadel module provides an effective enforcement point for enhanced security, with functionality like end-user or origin authentication using JSON web tickets (JWT), as well as service-to-service authentication using mutual TLS. With Istio Citadel monitoring and managing the various certificates and keys for these services and Citrix ADC working in the data plane, your microservices security is simplified.

Stay tuned for more great information in upcoming blog posts, where we’ll look in detail at how to deploy your Citrix ADC in an Istio environment. And you can learn more about Citrix and Istio on the Citrix Github page.