November 25th, 2019 by Adam Armstrong
NSX Service Mesh Now On VMware Tanzu
Back in August, VMware announced its Tanzu portfolio that is aimed at changing how enterprises build software on Kubernetes. Not only would Tanzu change software build, it is said to help consistently run Kubernetes across clouds as well as help manage Kubernetes fleets from a single control point. VMware just recently announced that it has introduced NSX Service Mesh on VMware Tanzu.
All the above benefits sound great to enterprises looking to leverage Kubernetes more. The big drawback being how to consistently connect and secure traffic between the services distributed across all clusters and clouds, while delivering on application SLAs. NSX Service Mesh is VMware's answer, as they company states it can provide an application connectivity and security fabric that can span across all of users Kubernetes clusters and cloud environments. NSX Service Mesh does this through intelligently controlling and observing traffic and API calls between services and implement consistent security and compliance policies across clouds, or connect and protect.
For Connect, NSX Service Mesh is said to provide fine-grained, rule-based traffic management to give users control over how traffic and API calls flow between services. MSX Service Mesh allows for an easy configuration of global load balancing with failover across clusters in multiple zones or regions, split traffic and route requests based on percentages or request content, and implement application resiliency using timeouts/retries and circuit breakers. There is also integration with open source and third-party monitoring and troubleshooting tools.
For Protect, NSX Service Mesh implements a zero-trust security model for modern, cloud-based applications. This is done through the following:
- Strongly authenticating the identities of users and services
- Authorizing users and services to communicate by analyzing the request context
- Encrypting application traffic traversing inside and across clusters and clouds
- Logging all request and access events for auditing and compliance
NSX Service Mesh also introduces a new isolation element through Global Namespaces (GNS). GNS consists of a global namespace of microservices distributed across multiple Kubernetes clusters and clouds. Each GNS is said to provide its own identity management, policies (e.g., security and SLOs), naming / DNS, and traffic routing.