VMware NSX Service Mesh · Additions with NSX-SM NSX Service Mesh Extends Istio Focus on service to...
Transcript of VMware NSX Service Mesh · Additions with NSX-SM NSX Service Mesh Extends Istio Focus on service to...
Confidential │ ©2019 VMware, Inc.
VMware NSX Service MeshOverview
KubeCon NA
San Diego
November 2019
Confidential │ ©2019 VMware, Inc. 2
Multi-Cluster, Multi-Cloud Strategy VMware
VMware Tanzu VMware NSX
Build Run Manage Connect Protect
Confidential │ ©2019 VMware, Inc. 3
VMsPublic Clouds Kubernetes ServerlessSaaS
Discovery SecurityVisibility Control
Service Mesh VisionVMware’s Enterprise-Class
Users Services Data
Confidential │ ©2019 VMware, Inc. 4
App silos—running in multiple platforms and clouds
Many endpoints to monitor, scale, and make resilient
Inconsistent operational and remediation policies
Disjointed security, auditing, and compliance
Consistent visibility, control, and security across any cloud
The Ideal Solution: Enterprise-Class Service Mesh
Multi-platform and multi-cloud federation
Centralized visibility and remediation
Global policies for users, services and data
Centralized security, audit, and compliance
No changes to application code
Public Clouds VMs ServerlessSaaSKubernetes
Confidential │ ©2019 VMware, Inc. 5
Across Users, Services, and Data
NSX Service Mesh Use Cases
Business Continuity
High Availabilityand Failover
App SLO Policies & Intelligent Autoscaling
Security
E2E Encryption for Compliance
Context-based Security Policies w/ Auditing
Agility
App Mobility and Migration
Hybrid and Multi-Cloud Application Patterns
Visibility
Controlled Service Deployments and Upgrades
v1 v2
Visibility for DevOps, SREs, and SecOps
6Confidential │ ©2019 VMware, Inc.
Backup
Confidential │ ©2019 VMware, Inc. 7
Multi-Cluster, Multi-Platform
Connect and Secure Kubernetes Clusters on Any Cloud
Google KE
NSX Service Mesh Control Plane Visibility Control Security Third-Party ComponentsDiscovery
PodPodPodNSX Service Mesh
Local Controller
NSX Service MeshData Plane
NSX Service MeshLocal Controller
NSX Service MeshData Plane
NSX Service MeshLocal Controller
NSX Service MeshData Plane
Users Services Data
Confidential │ ©2019 VMware, Inc. 8
Global Namespace 2
Global Namespace 1
Apps wherever they are deployed across Kubernetes clusters
Discover, Observe, Connect, and Secure
prod.app1.acme.com
staging.app1.acme.com
APIGW
Identity
Policies
Traffic Routing
Discovery
Confidential │ ©2019 VMware, Inc. 9
Users Services Data
Mesh Federation community efforts
Federation and Interoperability
Interoperability via Federation APIs
Identity, Service Discovery, mTLS
Control and data plane neutral
Service Mesh
NSX Service Mesh
Open Source Community Collaborations and Contributions
Confidential │ ©2019 VMware, Inc. 10
Teams Using NSX Service Mesh
Development Velocity Consistent Operations
Secure by Default
Security, SecOps, and Compliance Owners
App Developers and Service Owners
DevOps, SREs, PREs, and Platform Owners
On any platform or any cloud
Confidential │ ©2019 VMware, Inc. 11
App silos—running in multiple platforms and clouds
Many endpoints to monitor, scale, and make resilient
Inconsistent operational and remediation policies
Disjointed security, auditing, and compliance
How to consistently connect, control, monitor, and remediate cloud native apps?
Application Transformation Challenges
Public Clouds Kubernetes VMs / Monoliths
Confidential │ ©2019 VMware, Inc. 12
Monolithic Application Microservices Application
Why enterprises are pursuing
Application Transformation
Confidential │ ©2019 VMware, Inc. 13
Traditional Service Mesh Limited to Microservices
Kubernetes
Services
VMsPublic Clouds ServerlessSaaSKubernetes
Users Services Data
Confidential │ ©2019 VMware, Inc.
Expands the service mesh to services, users, and data
Rich set of policies and tools for developers, operations, and security
Advanced federation across multiple clouds and application platforms
Makes service mesh enterprise-grade for application platform teams
Additions with NSX-SM
NSX Service MeshExtends Istio
Focus on service to service communications
Control the flow of traffic and API calls between services
Enforce authn/z and encryption for service communications
Telemetry data – traces, metrics, and logs to enable observability
What you get with Istio
Confidential │ ©2019 VMware, Inc. 15
Global Orchestrator
Across any infrastructure
Connecting and Securing Services
NSX Service MeshGlobal Orchestrator
Customer Clusters with Service Mesh
NSX Service Mesh Control Plane
VMsContainers Public Clouds ServerlessSaaS
SidecarsSidecars / Federation
Integrations
Users Services Data