Continuing its full-steam-ahead push into containers, VMware today announced a beta program for its new NSX Service Mesh. It’s based on Istio, and it extends VMware’s NSX networking and security capabilities across Kubernetes clusters via the Container Network Interface.
A service mesh is a configurable infrastructure layer that makes it easier to manage microservices. It gives developers visibility into microservices without the need to change the application code, thus improving control and security at the application layer.
And Istio, an open source project backed by Google, IBM, and Lyft, is probably the best-known service mesh.
NSX has become the de facto standard for SDN, said Pere Monclus, CTO of networking and security at VMware. But now that customers are moving toward containers and microservices, they want to extend these same networking and security capabilities across Kubernetes clusters.
They need help managing “not one, but many Kubernetes clusters across multiple environments and most likely from different vendors,” he said. “They also want to enable end-to-end connectivity and security and bring a level of enterprise-class visibility to this.”
Built on Istio
VMware has contributed code to Istio and participated in the open source community around the project. By building its service mesh on top of Istio, VMware can simplify the onboarding of Kubernetes clusters and federate across multiple clouds and Kubernetes clusters.
But NSX Service Mesh also extends the discovery of services to include the data that they access and users initiating the microservices transactions — capabilities that aren’t found in other service meshes, Monclus said.
“Yes, it’s great to have secure communication between services,” he said. “But the problem is, from an enterprise point of view, what they were missing was who was consuming those services.” To that end, VMware worked to extend this service mesh visibility and security across apps, data, and users.
The NSX Service Mesh beta will initially support Cloud PKS (formerly known as VMware Kubernetes Engine or VKE) in early 2019. It will also support Pivotal Container Service (PKS), creating a federated mesh, and additional platforms in the near future. “We are working to extend it to any Kubernetes environment,” Monclus said.
VMware’s Container Push
The new service mesh also continues VMware’s container and multi-cloud push. “What we have is a very conscious strategy toward helping out enterprise customers be able to transition to this multi-cloud world, and not only from an infrastructure point of view but also from a cloud-native point of view,” Monclus said.
Last week VMware CEO Pat Gelsinger said the company’s top three 2019 priorities are NSX, cloud, and containers, and in that order. “If we come out of next year and let people really see us lead in those domains… score,” he said, during his keynote at the Barclays Global Technology, Media, and Telecommunications Conference.