What is Control Plane?

Overview

In a nutshell: Control Plane lets you focus on dev. It handles the ops, so you don't have to.

Control Plane is a multi-cloud, multi-region workload orchestration platform. It harnesses the power of all the major clouds and their geographically-dispersed regions to provide developers with an unbreakable global environment for backend apps and services. Running on Control Plane, microservices 'believe' they are running simultaneously on AWS, GCP, and Azure. Developers don't need to deal with credentials or secrets. Instead, the platform handles identity conveyance and authorization uniformly, utilizing best-practices/least privilege principles consistently and securely. The full power of the cloud providers' native services is available without any least-common-denominator constraints. From the developer's perspective and the running workloads', it is as if AWS, Azure, and GCP have virtually merged, having turned into one uber-cloud.

The platform has a secure-wormhole feature. It enables your microservice to access native AWS, GCP, and Azure services within and across VPCs. It can also access endpoints behind firewalls on-prem and even on the developer's laptop during development.

While Kubernetes orchestrates workloads within a single cluster, Control Plane orchestrates an unlimited number of hardened, security-isolated Kubernetes clusters in all the regions of the major clouds. Rather than standing up clusters and dealing with the complexity of K8s, Control Plane enables developers to focus solely on the 'dev' side and not the 'ops' side. The platform completely alleviates the developers' need to deal with or have in-depth knowledge of Kubernetes, Istio, TLS, DNS geo-routing, load balancing, secrets management, logging, metrics, scaling up/down, and many day-2, ops-related concerns associated with running apps & microservices in production.

Why run on Control Plane?

When running backend apps in production, the ops-related activities are monumental - regardless of whether you run a single line of code or ten million. Here is a partial list of the non-dev related tasks most services require:

• Choosing the cloud provider
• Choosing the runtime environment (e.g., Lambda, ECS, K8s, etc.)
• Choosing regions to run on and how to orchestrate deployment across the chosen regions correctly
• Configuring and managing complex build/deploy pipelines
• Managing secrets, keys, tokens, and key-rotation procedures
• Monitoring
• Logging and log aggregation across regions
• Metrics and metrics aggregation across regions
• Alerting
• Quota management
• Denial of service attack mitigations
• Private container/artifact repository management and securing it properly
• Digitally signing and verifying container images against supply chain and other attacks and vulnerabilities
• Load balancing
• Service discovery
• TLS termination and MTLS between internal services
• Scaling - from zero in some regions (to reduce cost) and a large number in other locations - accommodate an elastic number of users up to billions
• Configuring network routes and security
• Cluster configuration and upgrades
• Service mesh configuration and upgrades
• And much more

Rather than invest a substantial portion of the cost, time, and energy on the above non-business-value-adding aspects of your system, Control Plane frees you to focus on the development part, where your unique effort adds real value.

Single cloud/region apps greatly benefit from substantial simplification, uniformity, audit-trail, fine-grained authorization, and cost savings. However, the advantages grow in an exponential curve when your service needs to:

• Consume services from more than one cloud (e.g., S3 from AWS & Big Query from GCP).
• Run in multiple regions for high availability and minimum latency.
• Scale down to zero containers (incur zero cost) or up to a maximum-specified quantity of running containers.
• Run without the cost of operating Kubernetes clusters.
• Run in an indestructible manner, such that even if a whole cloud experiences issues, your consumers aren't affected.
• Get deployed fast without the complexity of a particular cloud platform. Preserve the freedom to switch clouds with a click of a button.
• Connect workloads to services within VPCs and behind firewalls, virtually extending the network perimeter without limitations.

Unified interface

The cloud platforms differ substantially from one another in their APIs, CLIs, and UIs. Each has its specialized, often convoluted interface surface, with its unique and steep learning curve.

Control Plane takes usability and ease of use to the next level. It enables developers to deploy and manage workloads uniformly to multiple clouds simultaneously, from a single, intuitive and consistent interface, making workload deployment and day-2 operations a breeze. The cost & energy developers expand to run the "Ops" side of DevOps can be reinvested into "Dev" activities, making a significant contribution to the business.

Automated day-2 operations

Getting a container or a set of containers deployed is merely the beginning. Ensuring that customers are never affected by any component failure while not spending a fortune is another matter altogether. As consumption of your microservices grows, the needs of the service change. To maintain high performance, security, and availability, you evolve your architecture to include topics such as:

• Load balancing
• Automatic failover to different availability zones, regions, or even clouds
• Log data, taking into account retention and log correlation
• Collect and analyze metrics to analyze your workloads and to get alerted when metrics point to a problem
• Rotate keys to maintain a healthy security posture
• There are about 75 additional items to put in place for your day-2 ops to deliver reliable backend services

A convergence of all cloud services

A unique capability of Control Plane is its ability to provide workloads a union of all the native cloud services of the major cloud platforms. Your workloads can mix-n-match any combination of the services (e.g., S3 from AWS, Cloud SQL from GCP, and Active Directory on Azure) from different clouds simultaneously. The platform's unique architecture merges all the clouds, making them consumable as one, by virtually unifying the networking and identity and authorization policies across all supported clouds.

Enhanced performance for the end-user

Control Plane utilizes advanced, redundant health monitoring and geographically-distributed DNS infrastructure. The platform automatically re-routes traffic to healthy regions and clusters. It removes unhealthy and unreachable nodes from rotation, so the end-users measured availability and latency are optimal. A user from one part of the world experiences ultra-low-latency responses, while a user on the other side of the planet experiences similar ~20-30 ms latency.

Multi-region is as easy as clicking a button. Workloads can easily be spun up in any cloud region on any continent simultaneously. Of course, one could deploy to multiple regions without Control Plane, but the difference in cost, complexity, and time-to-market is substantial.

Any workload runs serverless, regardless of code

Whether your app has a Dockerfile or not, regardless of whether you designed the app to run serverless, the platform runs your microservice with elastic scalability - from zero to any scale you specify.

Granular and uniform access control

Control Plane provides advanced, consistent, yet easy-to-use fine-grained authorization controls. These controls are identical whether administering Control Plane itself or your custom workloads.

This unique capability sets the platform apart from other cloud or third-party solutions on the market. Your workloads get an out-of-the-box fine-grained authorization "dial tone" that uniformly handles simple and complex use cases alike.

Built-in audit trail

Control Plane exposes a tamper-proof audit trail facility for both the Control Plane actions you take as well as for custom workloads. In other words, when building a microservice, an audit trail is one less detail developers need to develop.

Your code writes to a configured localhost port, and your audit events are correctly captured and secured. The audit data is indexed and can efficiently be searched programmatically from your user interface.