Nordstrom: Scale Global Ecommerce Infrastructure and Safeguard Customer PPI

Jul 1, 2020

The retail industry has been hit hard by the coronavirus pandemic. With brick-and-mortar locations locked down, websites have become most retailers’ sole avenue for revenue generation and customer service. This has posed a new challenge to Hema Lee and her colleagues at Nordstrom who are charged with managing the infrastructure for Nordstrom’s ecommerce operation.

“For all retailers, scaling infrastructure is no longer a challenge faced only on Black Friday or Cyber Monday,” said Lee. “It’s now more important than ever that our online platforms can scale to support high volume transactions, dynamic customer engagement, and responsive relationship management every day of the year.”

At the same time, security is a paramount concern. As shoppers peruse online stores, computer applications are at work behind the scenes, sharing credit card data, shipping addresses, and other personally identifiable information (PII) with one another to complete purchase transactions or deliver shopping options that meet a customer’s unique preferences. Needless to say, these sensitive communications between microservices must be both secure and fast, lest customers abandon carts or have their private information compromised to hackers.

The opportunity to address infrastructure challenges such as these drew Lee to Nordstrom after working for 15 years in the defense industry.

“Nordstrom is an industry innovator and was exploring hybrid cloud and using Kubernetes and microservices as those technologies were just emerging,” explained Lee. “When I came on board, Nordstrom had already built a cloud-native infrastructure from the ground up.”

We rely on Linkerd to help keep customer PPI confidential. If you want TLS, Linkerd takes care of it within the cluster automatically. With its strong identity and routing capabilities, it has worked out beautifully.

— Hema Lee, Sr. Software Engineer

Challenge

Lee joined the company just in time to witness the company’s exploration of service mesh as a scalable method for managing secure communications between microservices.

“Our services live in Kubernetes clusters, and we use TLS to secure the internet traffic between anything that is communicating back and forth in that compute environment.” she explained. “We knew a service mesh would give us a scalable way to securely manage the communication between applications, provide visibility into performance, and free our developers from having to worry about connecting their services.”

Solution

The Nordstrom team first explored building its own service mesh but quickly decided the smarter move was to choose an existing service mesh option such as Istio, Linkerd or Aspen Mesh.

The determining factor in the team’s decision was resource utilization. “Istio was too heavy, using more CPU and memory than we were comfortable sacrificing to the service mesh,” explained Lee. “In contrast, Linkerd gave us exactly the features we needed with relatively low resource utilization.”

“If you want TLS, Linkerd takes care of it within the cluster automatically. With its strong identity and routing capabilities, it has worked out beautifully. And that’s really what my team’s job is all about—providing ‘smooth sailing’ for our developers and helping them focus on solving business challenges rather than worrying about infrastructure.”

“Another instrumental factor in our decision to use Linkerd was that we wanted strong community support behind the choice,” continued Lee. “We wanted to be able to meet the team and work directly with them when making requests. I’ve been impressed by how helpful the Linkerd team has been in answering our questions and addressing our needs. Also, the documentation is very helpful. Getting up to speed was easy.”

“We’ve been very happy with our decision to use Linkerd!”

Ready to get started?

Sign up for Buoyant's service mesh newsletter