Using the open source Istio as a foundation, VMware has introduced the VMware NSX Service Mesh to provide application-level visibility, control, and security for enterprise-grade microservices, all managed through a developer-friendly application interface (API).
The software is integrated with VMware’s flagship cloud-networking platform, the NSX-T Data Center, with that software’s support for containers through the Container Network Interface (CNI). Istio is designed to work with the open source Kubernetes container orchestration engine.
VMware announced the new service, which will be available early next year initially as part of Cloud PKS service in early 2019, the Kubecon + CloudNativeCon conference, being held this week in Seattle. A stand-alone version will be ready later next year.
While Istio provides all the basic capabilities that cloud native computing users have come to expect, VMware wanted to provide an extra layer of functionality for enterprises users, which may not have the resources to develop these shimmies in-house.
“It’s not good enough to know what my services are doing by themselves, because they are doing it on behalf of somebody, the users who authenticate with those services,” said Pere Monclus, VMware chief technology officer for networking and security. Organizations may have compliance, policies and business metrics to understand through the metrics and controls provided by the service mesh,
“We need to extend the service mesh to understand what users do, what services do, and what the users experience in a way that aligns more to the way enterprise policies are defined,” Monclus said.
The microservice architecture, which breaks complex applications into sets of single-purpose networked components, can be a challenge to manage, as each microservice must be instrumented, secured and locatable in a dynamically reconfiguring network. In addition, multiple copies of microservices may be run in parallel, to meet the demands of a growing demand. Their traffic must be managed as well.
A service mesh, which attaches a sidecar to each microservice, standardizes and moves the development of these tasks from the individual developer. It manages the control of traffic, and secures the application through authentication, authorization, and service communication encryption. In addition, a good service mesh also sets the stage for fine-grained system monitoring through the logging of service transactions.
VMware NSX Service Mesh builds on the code base of Istio — which created by Google, IBM, and Lyft — but adds new features in to make microservices easier to use by the enterprise, including:
- Simplified deployment of Kubernetes clusters.
- Coordination of multiple Kubernetes clusters, working in a federation, across multiple clouds.
- Integration with the NSX platform, for unified policy management, network services, and visibility tools.
- Extended discovery of services to outside resources relied upon by the microservices.
- An extension of Istio’s service and API visibility/remediation to abstractions around the service level objective policies.
The Cloud Native Computing Foundation, Kubecon + CloudNativeCon, and VMware are sponsors of The New Stack.