Hybrid IT and the New East-West Network

That’s right, there’s a new east-west network that needs securing, and as AI adoption ramps up, you can bet one of those security needs is going to be for APIs.

Lori MacVittie

February 23, 2024

3 Min Read
Hybrid IT and the New East-West Network
(Credit: 3D generator / Alamy Stock Photo)

For the last decade or so, east-west traffic was just the traffic within a container cluster. That is the communication that happens between microservices, usually in Kubernetes. Service Mesh is an example of a solution that emerged to address the special need for security and visibility of east-west traffic.

But with organizations not only operating applications in a multicloud environment but deploying multiple components of an application in multiple environments (a.k.a. hybrid apps), east-west traffic is no longer contained by the cluster. It reaches across network boundaries, across the big bad Internet.

null

East-west-traffic.jpg

Now, just to make things even more exciting, our research tells us that the AI applications organizations are planning to deploy will be mostly hybrid. That is, while part of the application may be deployed in a public cloud (likely the LLM or ML model), other components (data sources, interfaces, agents, etc.) may reside on-premises. This is particularly true of components that augment generic LLMs with domain or business-specific data by employing a Retrieval-Augmented Generation (RAG) pattern.

That’s not conjecture. We asked everyone where they planned to deploy AI Engines (LLMs, ML Models) and AI Apps (apps that use the AI engines) in our annual research, and that's what respondents told us.

east-west traffic

east-west-image-2.jpg

So, if the apps and engines are deployed in different places, how do they communicate? Thanks for asking!

The answer is, of course, APIs. There is no question at this point that APIs are going to be one of the most important parts of AI applications, nor that their security will be paramount. And not just regular old APIs (REST and JSON) but APIs supporting data sources (vector databases) and knowledge graphs (GraphQL). The delivery and security of all sorts of APIs is going to be needed on the new east-west data path that traverses core, cloud, and even edge.

Hybrid changes everything

Distributed applications today are not just about deploying different tiers (presentation, logic, data) in different locations but about deploying different components in the same tier in different locations. Microservices may have broken up the network, but hybrid is breaking up the data path by tossing application components to the four winds.

That means it’s not just about the regular old network now; it's about the application network. The top of the network stack, where apps and APIs communicate. The services that deliver and secure those apps and APIs must also be distributed.

If you haven’t heard about multicloud networking (MCN) yet, you might be one of the 4% of respondents in our annual research that operates only on-premises and therefore have no challenges trying to wrangle with multicloud complexity.

But for the rest of you, multicloud complexity is a real thing, and multicloud networking is one of the ways you can begin taming that beast. That's because MCN creates a secure, consistent network experience across core, cloud, and even edge. Put another way, MCN secures the new east-west highway between applications.

And because the ‘cars’ on that highway are largely APIs, that MCN solution will need to offer API Security, as well.  

Ultimately, the reality of multicloud and its ensuing complexity is driving app delivery and security to evolve. And not just to include APIs. In much the same way we watched the ADC evolve from basic proxies, we are seeing the emergence of distributed app delivery and security from MCN. The result will be a platform capable of not only connecting core, cloud, and edge at the lower network layers but also securing the apps and APIs traversing the upper layers of that network.

Because the network doesn't stop at layer 3 (really, it doesn't), it goes all the way up the stack to layer 7.  

Related articles:

About the Author

Lori MacVittie

Principal Technical Evangelist, Office of the CTO at F5 Networks

Lori MacVittie is the principal technical evangelist for cloud computing, cloud and application security, and application delivery and is responsible for education and evangelism across F5's entire product suite. MacVittie has extensive development and technical architecture experience in both high-tech and enterprise organizations. Prior to joining F5, MacVittie was an award-winning Senior Technology Editor at Network Computing Magazine, where she authored articles on a variety of topics aimed at IT professionals. She holds a B.S. in Information and Computing Science from the University of Wisconsin at Green Bay, and an M.S. in Computer Science from Nova Southeastern University. She also serves on the Board of Regents for the DevOps Institute and CloudNOW, and has been named one of the top influential women in DevOps.

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights