Service Mesh at VMworld 2019

Back in 2018 VMware began a beta program based on Istio, a service mesh management platform. VMware has extended the capabilities of this offering to bring visibility, control, and security through microservices at the API level into their offering called NSX Service Mesh.

NSX Service Mesh works as an extension of the NSX-T Data Center platform for cloud-native applications like kubernetes containers and applies security and networking directly to the containers through the Container Network Interface (CNI).  In short, a service mesh is a configurable infrastructure layer that makes it easier to manage microservices and Istio, an open source project backed by Google, IBM, and Lyft, is probably the best-known service mesh.

VMware has been a contributor to Istio and has participated in open source community projects like this. Basing the NSX Service Mesh on Istio, VMware makes it easier to on-board Kubernetes clusters and federate across multiple clouds and Kubernetes clusters.

Bringing security, control, and visibility services directly to the containers you can now manage the transactions from services and better control the data they have access to through microservices transactions. This enhances security by managing authentication, authorization, and encryption of service communications. This will also provide the ability to trace, monitor, and log of a service transaction to gain visibility of the health and performance of an application’s microservices.

The NSX Service Mesh also brings the following benefits:

• Traffic Management - Based on the envoy L7 proxy, a distributed load balancer attached to each microservice or sidecar for Kubernetes. 
• Traffic Splitting - Allows for sending a percentage of traffic from one version of a service to another version. This assists with rolling upgrades.
• Traffic Steering - Brings control to incoming traffic to determine where it is sent based on attributes like authentication, location, device, etc.
• Ingress and Egress Traffic Control - Brings monitoring and routing rules at the edge for ingress and egress and to other entities not part of the mesh.
• Service Discovery - NSX Service Mesh brings platform-independent service discovery across Kubernetes clusters in multiple clouds not restricted to a particular site or specific cluster. 
• Security - Brings capabilities for L7 identity services to users and data.
• mTLS Authentication - Allows for payload encryption for L7 services. 
• Role Based Access-Control - Access based on User Identity.

NSX Service Mesh will be featured at VMworld 2019 and for those interested in learning more about this offering below are some of my recommendations from the published content catalog. 

NSX Service Mesh [MTE6098U]
SPEAKERS
Niran Even-Chen, Principal Systems Engineer, VMware

Introduction to NSX Service Mesh [CNET1033BU]
SPEAKERS
Niran Even-Chen, Principal Systems Engineer, VMware
Oren Penso, Cloud Native Staff Systems Engineer, VMware

Getting Started with Service Mesh [CODE3102U]
SPEAKERS
Anderson Duboc, Sr. Systems Engineer, VMware

Cross-Cluster and Cross-Cloud Service Mesh Architecture and Use Cases [KUB1939BU]
SPEAKERS
Mark Schweighardt, Director, Product Management, VMware

The Future of Networking with NSX [CNET1296BU]
SPEAKERS
Bruce Davie, CTO, APJ, VMware
Marcos Hernandez, Chief Technologist - Networking and Security, VMware