At the KubeCon + CloudNativeCon North America 2018 conference, VMware today announced a beta release of a service mesh for Kubernetes based on the open source Istio project.
Pere Monclus, CTO for the networking and security business at VMware, says VMware NSX Service Mesh will make it possible for IT organizations to leverage a curated instance of Istio to not only control access to microservices based on containers, but also eventually extend VMware NSX Service Mesh to other classes of microservices and even monolithic applications running on virtual machines. That integration will be accomplished via the support VMware has included for the Container Network Interface (CNI) within the NSX-T Data Center edition of the company’s network virtualization software.
That combination will enable organizations to apply policies across a virtual network based on a microsegmented architecture as well as on a more granular application programming interface (API) level, says Monclus. Any policy at the Istio level that conflicts with a policy defined at the NSX-T level would be automatically invalidated.
VMware NSX Service Mesh initially will be available only on Cloud PKS, an instance of Kubernetes packaged with NSX that runs as a cloud service in early 2019. Support for PKS on other platforms will soon follow as part of VMware’s overall hybrid cloud computing strategy. In time, VMware NSX Service Mesh support will be extended to other distributions of Kubernetes, says Monclus.
Fundamentally, a service mesh provides a language-independent way to observe, automate, secure and control microservices by controlling the flow of traffic and API calls between services. A service mesh also provides tracing, monitoring and logging of service transactions. In a world full of monolithic applications, many of those functions historically have been associated with load balancers. It will be up to each IT organization to determine when and where to rely on a service mesh versus a traditional load balancing software.
Monclus says that VMware’s approach to service meshes will be unique in that while VMware NSX Service Mesh is a standalone product, it will be integrated with the control plane VMware provides to manage network virtualization overlays based on NSX-T.
NSX Service Mesh will also extend the discovery of services to include the data they access and the users initiating the microservice transactions. Ultimately, NSX Service Mesh will provide a consistent way to monitor and secure communications for microservices, data and users across multiple cloud native platforms to centralize the management of authentication, authorization and encryption of service communications, says Monclus.
VMware has been making significant progress driving the adoption of network virtualization overlays as an alternative to upgrading physical networking switches to make networking more flexible. By supporting Istio, it’s apparent VMware now intends to leverage that success into the realm of microservices management. While VMware would clearly prefer that management to involve the distribution of Kubernetes it curates (along with sister company Pivotal) running on top of NSX and VMware hypervisors, it’s also becoming apparent that VMware aims to become as flexible as the microservices it hopes to manage.