Infoblox Atlas: Delivering Cloud Native Applications
In this blog post, we will dive into Infoblox’s Atlas platform and explore how it's used to deliver cloud-native applications.
Infoblox is a world leader in on-prem DDI solutions. That leadership is also being carried forward as Infoblox prepares to deliver cloud-native network functions (CNFs). The CNFs that we are developing are lightweight containers managed from the cloud. To do that, we have created a platform that uses best-of-breed technologies to develop container-native applications. The platform addresses a range of concerns: authentication, authorization, tagging, logging, auditing, monitoring, notifications, scaling, and communication (RPC and pub/sub).
Atlas is entirely built on cloud-native applications. We have 120+ microservices that are deployed using Kubernetes; the services geographically distributed on AWS. These microservices use gRPC for service-to-service communication and gRPC-gateway for REST clients. Authentication, authorization (via Themis), tagging, and audit logging are all handled with gRPC middleware. The microservice approach has allowed us to simplify application development by letting application developers focus on the business logic they are delivering. We also leverage CoreDNS for service discovery. Infoblox contributed to the the CoreDNS project and lead it through the CNCF process from inception to graduation. The result is a lightweight, flexible and reliable system on which to build applications.
The on-prem portion of our cloud offering is also built with many of the same cloud-native components. Docker is used to deploy our on-prem footprint. Communication to the cloud is handled with gRPC. We’ve taken a microservice approach to our on-prem solution as well. This allows us to deliver any number of services without having to update an on-prem monolith. To prove this, we built CNFs like our on-prem DNS, DHCP, and DNS forwarding proxy. We’ve also built a white box router (WBR) with firewall support services to support our anycast and threat intelligence gateway for internal use. These CNFs (and others) can be delivered to our customers over the internet via our cloud portal. The cloud-based management also allows them to seamlessly receive updates.
We have taken a measured approach to build and reuse software components. In some cases, there was a gap in the open source offerings so we chose to build our own solutions: Themis, our Kubernetes AWS cloudformation template, CoreDNS plugins, and the Atlas toolkit are examples of solutions we developed in-house. GRPC, Prometheus, Elasticsearch, and Postgresql are examples of solutions we leveraged from the open-source community. We always strive to use or contribute to open-source projects when we can.
Sometimes, however, there’s no open solution that meets our needs. For example, for our cloud-based, secure recursive DNS service, we needed a policy engine that was fast and built on well-known principles. For that, we chose to develop an XACML-like policy engine: Themis. This engine powers our Active Trust Cloud offering, authorization on our Atlas platform, and our in-house k8s scale-out policy. It has also been contributed to the community as an open-source project.
The open-source and cloud-native community is not stagnant, however. As the cloud-native community develops robust solutions, we continually evaluate whether maintaining our own solution is worthwhile. Recently, Open Policy Agent has emerged as a policy engine that addresses some of the concerns of the container-native community; namely, ease of use and interoperability. We are evaluating OPA for some use cases for which we currently employ Themis. Kubernetes cluster management has also made large strides in the last two years. When Infoblox adopted Kubernetes, we developed a custom Kubernetes cluster creator due to our networking topology (which required anycast) and the lack of maturity in Kubernetes management tools. Since that time, however, there has been a lot of development in tools like Helm, kops, and CNI. Due to that maturity, we are now able to implement our anycast network configuration as a kops add-on while still retaining the benefits of the rich ecosystem kops has to offer.
Infoblox is also committed to integrating cloud-native functions across our product lines. Our flagship product (NIOS) will soon be able to be deployed within a container, as “cNIOS.” Soon, you will be able to use our cloud-native functions (like our DNS Forwarding Proxy) directly in cNIOS. Container-Native Functions will make delivery and management of venerable protocols easier than ever and Infoblox is leading the way.