What is are microservices?

Microservices are component parts of an application that are designed to run independently. A microservices-based application is a collection of loosely coupled services that are lightweight and independently deployable and scalable. Because each individual microservice is modular and runs its own processes, it can be modified without affecting the entire application. Many hundreds or thousands of microservices can make up a single application. 

It is not necessary for all microservices in an application to be written in the same programming language or by the same development team. When building microservices-based applications, many development teams, or DevOps teams, choose to use open source tools, which are published by their creators to publicly available repositories such as GitHub. Still other development teams prefer a mix of open source tools and commercial off-the-shelf software.

Explore additional microservices topics: 

What are the characteristics of microapps?

Microservices have the following characteristics:

  • All microservices run their own processes and communicate with other components and databases via their respective application programming interfaces (APIs).
  • Microservices use lightweight APIs to communicate with each other over a network
  • Because microservices are individually developed and maintained, each microservice can be modified independently without having to rework the entire application.
  • Every microservice follows a software development lifecycle designed to ensure it can perform its particular function within the application.
  • Each individual microservice performs a specific function, such as adding merchandise to a shopping cart, updating account information, or transacting a payment.
  • The functionality of a microservice may be exposed and orchestrated by the application’s API, enabling development teams to reuse portions of an existing application to build new applications without starting from scratch.

The use of microservices is sometimes referred to as cloud native. However, the cloud native approach to application development more broadly encompasses modern software development practices and the use of containers along with container orchestrators and other tools in addition to microservices. A commonly accepted definition of cloud native applies to applications composed of microservices that are packaged and deployed in containers and managed on scalable cloud infrastructure using agile DevOps processes and continuous delivery workflows.

Why are microservices being adopted?

Organizations are moving to microservices to take advantage of the agility benefits they provide. Because each microservice can be developed, deployed, and scaled independently, IT teams can quickly make changes to any part of an application to get products and services to market faster and stay ahead of competitors.

And since microservices are device and platform agnostic, organizations can develop applications that provide consistent user experiences regardless of the underlying infrastructure.

When adopting microservices and modernizing application architectures, organizations also need to modernize their application delivery. An application delivery controller (ADC) is key for improving the availability, performance, and security of microservices-based applications.

Most companies that adopt cloud native architectures are building microservices in public cloud environments to take advantage of the on-demand scalability provided by Amazon Web Services (AWS), Microsoft Azure, Google Cloud, and others.


Embrace microservices application architecture

See how you can bridge the gap between traditional and DevOps app delivery.

How do microservices work? 

A microservice is a lightweight modular component, or service, that performs a unique function within an application. Microservices work together as independent parts of a whole to deliver the complete functionality for an application. By isolating software functionality into multiple modules that are developed and maintained independently, development teams can improve and evolve applications and services more quickly. Individual microservices communicate with each other using APIs, often via the HTTP protocol using a REST API or messaging queue.

Microservices are a modern approach to software development. Yet for all the benefits they provide, microservices development presents challenges. Because they are distributed systems, microservices have additional requirements beyond what monolithic applications demand. Development teams must plan how to handle service discovery, messaging protocols between the client and services and between microservices, API performance monitoring, traffic management, and many other aspects of microservices development that are made more complex by the greater number of endpoints.

Microservices integration is another major consideration when designing a microservices-based application. A best practice is to develop the business logic code as part of the service and to offload the network communication logic to a type of infrastructure called a service mesh. The service mesh manages communications between the individual microservices, but should not contain business logic.

And lastly, microservices architecture uses a framework of what's referred to as “smart endpoints and dumb pipes.” This is a concept that essentially means that the microservices themselves, employ the logic to manage integration for the entire application.

Meanwhile, Microservices deployment follows an agile, scalable, and repeatable process called continuous integration and continuous delivery, or CI/CD for short. A primary benefit of CI/CD is that it effectively merges application development and operations to reduce microservices deployment times.

DevOps teams can make near-instantaneous changes to applications, but with that agility also comes more responsibility. They must plan for and manage performance, high availability, security, and resiliency for their part of the application themselves rather than rely on other more specialized teams within IT as they once had when the waterfall style of application development was popular.

What does microservices architecture look like?

Microservices are not a new take on application development: Microservices architecture has roots in the design principles of Unix-based operating systems and in the popular service-oriented architecture (SOA) model. SOA introduced the concept of independent services that can access software, perform business functions, and enable general modularity and reuse across IT.

Microservices architecture extends the SOA concept by enabling complex applications to be broken down into many autonomous components that can be wholly managed by small teams of developers. This is a preferred approach for IT organizations looking to make complex applications more agile, scalable, and resilient as well as easier to manage with fewer developer resources.

A microservices architecture that uses container-based microservices is a common architectural style. Kubernetes is an open-source platform for managing containerized workloads and services. As a container orchestrator, Kubernetes automates the management, deployment, and scaling of containers across multiple servers by abstracting the underlying infrastructure. Because it is extensible, Kubernetes makes it easier for developers and operators to automate much of the manual work of container management by using their preferred open source and commercial software tools.

Another architectural style choice to be determined is how to expose the microservices within containers when they receive a request from an external client. A common method is use an ingress controller, which works as a reverse proxy, or load balancer. All external traffic is routed to the ingress controller and then to the appropriate services.

A microservices-based application may also use an API gateway to provide a single point of entry for requests made to a defined group of microservices. An API gateway helps minimize the complexity of API management by enabling DevOps teams to automate their continuous integration and continuous delivery (CI/CD) workflows.

Each microservice has its own API, which manages requests over a protocol such as HTTP to communicate with other microservices and with the application as a whole. A microservices-based application typically contains numerous microservices and APIs. An API gateway ensures better performance for application traffic by reducing latency associated with multiple hops of TCP or TLS decryption.

An API gateway enables DevOps to:

  • Enforce authentication policies
  • Rate limit access to services
  • Enact advanced content routing
  • Perform flexible and comprehensive transformation of HTTP transactions using the rewrite and responder policies
  • Enforce web application firewall policies

What are the types of microservices?

The primary types of microservices are stateful and stateless.

Stateful microservices

A stateful microservice records the state of data after an action for use in a subsequent session. For example, online transaction processing such as bank account withdrawals or changes to an account’s settings are stateful because they must be saved so that they persist across sessions. These stateful components are somewhat complex to manage, since they need stateful load balancing and can only be replaced by other components that have saved the same state.

Stateless microservices

A stateless microservice doesn’t store anything. Its outputs depend solely on events rather than any saved data. In cloud environments, stateless microservices are usually preferable because they can be spun up only as needed and are fully interchangeable with one another. That reduces complexity and avoids the need to pre-commit compute, storage, and networking resources.

Benefits of microservices 

As organizations increasingly choose multi-cloud strategies for application deployment, they are relying on containerized microservices for application portability across on-premises and public cloud. Because each individual microservice can be developed, deployed, and scaled independently, IT teams can quickly make changes to any part of a production application without affecting the application's end users. While microservices benefits are many, the primary benefit is to enable more rapid software development to get products and services to market faster and into the hands of customers.

Companies need agility and flexibility to accelerate innovation. To achieve that, many organizations are moving their applications to public clouds. But simply shifting monolithic applications to the cloud does not allow them to take full advantage of the agile, scalable, and resilient features that public cloud infrastructure provides.

Because microservices are device and platform agnostic, they enable organizations to develop microservices-based applications that provide a consistent user experience regardless of the underlying infrastructure. Key advantages include the following:

  • Each microservice can be built and deployed independently, allowing for more rapid releases because development work can be spread across multiple teams, and key components can be easily shared and reused.
  • Developers are not limited to using the same frameworks and languages for the entire application because microservices function as independent processes.
  • Microservices can be easily scaled with tools like Kubernetes to handle an increased number of requests.
  • Microservices don't require complex integration testing, but rather can use simple automated testing as part of the CI/CD pipeline for deploying the application to production.

How organizations benefit from microservices

The use of microservices benefits organization by helping them realize their business objectives, whether that's an overarching focus like digital transformation or a specific need like refactoring an on-premises legacy application to run in a highly scalable cloud environment.

Because of the portability that containers provide and the agility that microservices and cloud afford, many companies are adopting a cloud native approach to application deployment to gain or maintain a competitive advantage in the market.

By developing applications using microservices that can be independently tested and deployed, organizations don’t need to rewrite their entire codebases to add or modify a feature, which enables them to deliver their products and services to market faster.

How software development teams benefit from microservices

Microservices are modular, loosely coupled services with lightweight protocols, so they are easier for developers to develop, test, and deploy—and also easier to change and maintain. Additionally, microservices give developers the opportunity to focus on specific functions performed by the application rather than on the entire application itself.

The use of microservices paired with such DevOps practices as assembling small teams rather than large teams enables an agile approach to software development. By narrowing the scope of what they are responsible for developing while also owning the entire software development life cycle for a particular function, DevOps teams can continually release new features and functionality at a faster pace.

How end users benefit from microservices

When a monolithic application must be rebuilt or redeployed for any reason including to release a major update or to fix a minor bug, the application end-user experience can suffer. With microservices-based applications, developers can quickly make updates to only the affected microservices and release them quickly. For customers and other application end users, there should be no discernible difference in their application experience when microservices are updated in production.

Microservices best practices

Microservices best practices typically involve automation. With the rapid pace of continuous integration and continuous delivery (CI/CD), development teams can be challenged by the frequent release cycles of a microservices deployment. To efficiently manage large clusters of containers in which microservices run, Kubernetes is the container orchestrator of choice for the majority of organizations. Kubernetes controls how and where the containers will run.

However, Kubernetes environments can be inherently difficult to deploy and troubleshoot depending on developers' skill sets, so many organizations struggle to deploy microservices-based applications quickly and reliably. By addressing open questions and challenges in the architectural planning phase of development, DevOps can effectively solve for such microservices best practices concerns as:

  • Choosing the right architecture for providing the greatest benefits relative to the complexity of implementation and available skill sets
  • Using automated processes and tools to manage at scale
  • Gaining visibility into microservices at scale
  • Minimizing the complexity of testing a large number of services that each have unique dependencies
  • Achieving better performance and scale for large clusters with a lower memory footprint and lower latency
  • Eliminating the observability blind spot for east-west traffic between microservices
  • Quickly pinpointing issues when a service fails or a server goes down
  • Ensuring a consistent security posture across all microservices and APIs, including for ingress (north-south) traffic and intra-cluster (east-west) traffic

Microservices security and authentication

Microservices security and authentication starts with adopting a zero trust approach where all requests to all resources must be authenticated and authorized. Enforcing security within a Kubernetes cluster and securing ingress and egress are key to protecting containerized applications, but it can be challenging to correctly apply role-based access control (RBAC) permissions and security policies in Kubernetes.

Microservices management

One challenge of microservices management is maintaining the speed of development without sacrificing security. In microservices-based applications, there are two types of traffic that must be protected: traffic into the application (north-south traffic) and traffic between the individual microservices (east-west traffic).

Many of the same security challenges that are present with monolithic applications also exist in microservices-based applications, especially with regard to north-south traffic that requires:

  • Controlled access to the application
  • Prevention of unauthorized bot traffic
  • Verification of requests to prevent application attacks
  • Traffic steering to the right resources to be processed
  • Encrypted traffic needs to protect data in transit

Communications between microservices (east-west traffic) typically require similar protections with regard to authentication, encryption, and inspection

Microservices access control

From an identity and access management perspective, microservices access control at the user level requires all users to be uniquely identified. By using a central directory service as a single source of identity and authentication, DevOps teams can abstract the function of global authentication and authorization away from individual microservices.

A microservices-based architecture for an application that runs in a containerized environment must solve for providing secure access to dynamic services whose locations change. An API gateway acts as the single point of entry and ensures secure and reliable access to the APIs and microservices within the application. Rather than calling services directly, the API web client calls the API gateway, which forwards the call to the appropriate services on the back end.

The use of security policies provide the ability to declare security parameters for pods and containers that are applied at runtime. Applying security at this level ensures a fine-grained approach so that the security applied to individual application components is appropriate.

Security at the individual service level starts with limiting access to only necessary resources so that a vulnerability in a single microservice won’t expose the rest of the system to an attack. The use of a distributed firewall that is cent

Microservices monitoring

Microservices monitoring is one of the three pillars of observability that along with distributed tracing and logging gives site reliability engineers (SREs) and developers a unified view of their environments. Monitoring the status of a large number of microservices is not trivial. And a large number of endpoints exposes an increased attack surface for bad actors to target. With a suspected security vulnerability, the ability to pinpoint the affected microservice and quickly resolve the issue is paramount.

It can often be difficult to identify and troubleshoot root causes of issues in dynamic applications. Teams must be able to troubleshoot individual microservices to see which service is failing, when it failed, why it failed, and which users are being affected. Monitoring key metrics with automated alerts plays a crucial role in helping to pinpoint issues with infrastructure, containers and their contents, and APIs and endpoints.

Citrix solutions for microservices

When adopting microservices and modernizing application architectures, organizations also need to modernize their application delivery and approach to security. An application delivery controller (ADC) is key for improving the availability, performance, and security of microservices-based applications.

Many companies are still running monolithic applications on-premises while at the same time planning to deploy new microservices-based applications in public cloud. Citrix ADC supports an organization's transition to microservices-based applications by providing operational consistency for application delivery across multi-cloud environments to ensure an optimal experience for the application end user.

Citrix offers production-grade, fully supported application delivery and security solutions that provide the most comprehensive integration with Kubernetes platforms and open source tools, greater scale and lower latency, consistent application and API security, and a holistic observability stack.

Additional resources