Introducing VMware NSX Service Mesh

We are excited to introduce VMware NSX® Service Mesh. Built on the foundation of Istio, this VMware offering will extend the capabilities of the Istio service mesh technology to bring visibility, control, and security at the application layer to microservices, the data they access, the users that interact with them, as well as traditional monolithic applications. In short, NSX Service Mesh will enable visibility, control, and security for services, data, and users at the API level. This acts as a natural evolution of cloud-native constructs and will act as an extension of the NSX-T Data Center platform’s replication of networking and security services in software, which is applied directly to containers via the Container Network Interface (CNI).

The Rise of Microservices

With the rise of cloud-native architectures built on distributed microservices, developers are encountering challenges with visibility, management, and control of these new applications. The microservices that these apps are comprised of are developed on cloud-native platforms like Kubernetes or Cloud Foundry, using a variety of programming languages, and often across multiple cloud environments. In addition, these applications consist of many more endpoints to scale, secure, and monitor than in traditional ones. This ultimately leads to siloed services, leading to disjointed security, auditing and compliance, and is exacerbated by inconsistent operational visibility and remediation.

Enter Service Mesh

To address and overcome these challenges, the service mesh concept was created. A service mesh is a transparent and language-independent way to observe, automate, secure, and control microservices. It was designed to provide traffic management by controlling the flow of traffic and API calls between services, and to enhance security by managing authentication, authorization, and encryption of service communications. It will provide tracing, monitoring, and logging of a service transaction to gain visibility of the health and performance of an application’s microservices. And this can all be achieved without requiring developers to alter their code.

The most prevalent service mesh today is the Istio open source project, initially created by Google, IBM, and Lyft. The open source community around Istio has grown rapidly, and VMware is an active participant in the community and contributor to the open source project itself.

Building on the Service Mesh Foundation

NSX Service Mesh builds on the foundation of Istio, addressing problems we’re finding in cloud-native environments. For one, NSX Service Mesh will simplify the onboarding of Kubernetes clusters and federate across multiple clouds and Kubernetes clusters. This will enable the service mesh to plug into the broader NSX portfolio and platform, creating an unified and intelligent set of policies, network services, and visibility tools. NSX Service Mesh will also extend the discovery of services – a capability found in other service meshes – to include the data that they access, as well as the users initiating the microservice transactions. It will enable service and API visibility and remediation to help ensure consistent application service level objective policies and support progressive rollouts.

NSX Service Mesh will provide a consistent way to monitor and better secure communications for microservices, data, and users across multiple cloud native platforms. By aggregating policies and telemetry will provide platform operations teams and development teams with a common set of operational tools. It will allow for management of authentication, authorization, and encryption of service communications, and will enable tracing, monitoring, and logging for visibility into the health and performance of services. Finally, it will expand visibility and security to the data accessed by microservices, and the users of the applications based on these services.

The net result will be a service mesh that secures and provides visibility into the apps, data, and users across cloud-native application platforms. The NSX Service Mesh Beta will initially support Cloud PKS in early 2019, with support for PKS, creating a federated mesh, and additional platforms in the near future.

Check out the VMware NSX Service Mesh page to learn more and sign up for the beta program.