Confidential │ ©2018 VMware, Inc. VMware NSX Service Mesh Bringing Consistent Visibility & Control Across Service, Data, and Users December 2018
Confidential │ ©2018 VMware, Inc.
VMware NSX Service MeshBringing Consistent Visibility & Control
Across Service, Data, and Users
December 2018
2Confidential │ ©2018 VMware, Inc.
VMware Cloud Native InvestmentsManage, Secure, Operate Across Any Cloud
Cost Management
Security & Compliance
Resource Optimization
Insights & Analytics
Automation & Governance
Containers, VMs, Serverless
NSX Service Mesh
NSX Data Center; NSX Cloud
Cloud Health Cloud Assembly
Service Broker
Code Stream Wavefront Secure State
Enterprise Service Mesh
Consistent Infrastructure, Operations, and Developer Experience
3Confidential │ ©2018 VMware, Inc.
The Next Step in VMware’s Networking VisionMake the business more efficient
Physical Network: Connectivity and scaling using physical switches, routers, and LBs in data centers (IP addresses, protocols, ports)
Network Virtualization: Security, automation, and app continuity (e.g., policy, self service, portability, DR) between VMs, Containers, BM
Service Meshes: Automated, observable, and secure communications between users, services, and data across multiple clouds
Microservices: Developer velocity, agility, and innovation – with application elasticity and resiliency
Cloud Native ApplicationsMicroservices (Cloud PKS, PKS)
Application Platform LayerService Mesh (NSX Service Mesh)
Physical Infrastructure Layer
Switches and Routers
Virtual Infrastructure Layer
Network Virtualization (NSX Data Center, NSX Cloud)
4Confidential │ ©2018 VMware, Inc.
Cloud-Native App ArchitecturesDistributed and Heterogeneous
MOBILE APP
WEB APP
API Gateway
REST API
WEB UI
WEB
ServiceA
ServiceB
ServiceC
REST API
REST API
REST API
ServiceD
REST API
5Confidential │ ©2018 VMware, Inc.
Microservices: Lots of Promise, but challenging to…
Pinpoint the source of any problems
Identify who is accessing what data
Know if microservices are performing as expected
Gain visibility across platforms
6Confidential │ ©2018 VMware, Inc.
Istio Open Source Service Mesh
Service Mesh offers a transparent and language-independent way to automate and control application interactions
Istio is an open platform to connect, secure, and observe service to service communications
VMware is actively involved in the Istio community and contributing to the open source project
7Confidential │ ©2018 VMware, Inc.
Istio ArchitectureService connectivity, security, control, and visibility
PodPod
Pod
ServiceB
Istio
Pod
ServiceA
Control Plane
Data Plane
HTTP, gRPC, TCP
with / without mTLS
Controls traffic flow during request processing
Traffic flow
L7 Proxy(Envoy)
L7 Proxy(Envoy)
Source – https://istio.io
TLS Certs(Citadel)
Policy & Telemetry(Mixer)
Config(Pilot)
Not Pictured:Istio IngressIstio Initializer
8Confidential │ ©2018 VMware, Inc.
What if You Could… Discover and gain visibility into microservicesSecure, monitor, & control services, data, and users
Do this across environments, from end-to-end
9Confidential │ ©2018 VMware, Inc.
NSX Data Center | NSX Cloud
NSX Service Mesh VisionEnterprise-Grade Service Mesh Across any Kubernetes Environment
Third-party componentsFederation
Enables observability &
remediationSecurity
OpenShift
Discovery
Cloud PKS
NSX Service Mesh
PKS GKE EKS AKS
NSX Service Mesh NSX Service Mesh NSX Service Mesh NSX Service Mesh NSX Service Mesh
NSX Service Mesh
Users Services Data
* Focus for initial Beta
*
DataPlane
10Confidential │ ©2018 VMware, Inc.
NSX Service Mesh Use Cases
Multiple Clouds and Multiple Clusters w/ Federation
Inventory of Services, Data, Users, and Infrastructure
App SLO Policies and Progressive Rollouts
Services, Users, and Data-Centric Security & Compliance
ONBOARDING CLUSTERS & ADVANCED FEDERATION
DISCOVERY of SERVICES, DATA, & USERS
SERVICE / API VISIBILITY& REMEDIATION
SERVICES, USERS, and DATA SECURITY POLICIES
Build on Open CommunitiesISTIO SERVICE MESH CAPABILITES
11Confidential │ ©2018 VMware, Inc.
Improved development velocity, with rapid time to app value and better experiences for app users.
Operational consistency across cloud-native apps – regardless of the app platform or cloud.
Unified protection, visibility, and regulatory compliance for users, apps, and data.
Discovery, visibility, and control of services, users, and data
Developers & Service Owners Infrastructure & Operations(DevOps, SREs)
Security & Compliance
NSX Service Mesh
. . . on any platform or any cloud
Enterprise-grade Service Mesh Across any Kubernetes Environment
12Confidential │ ©2018 VMware, Inc.
NETWORKING AND SECURITY MANAGEMENT AND AUTOMATION
vRealize AutomationEnd-to-end workload automation
Network InsightNetwork discovery and insights
Cloud-Based Management Workflow Automation Blueprints / Templates Insights / Discovery Visibility
NETWORK AND SECURITY VIRTUALIZATION
AppDefenseModern application
security
NSX Hybrid ConnectData center and cloud
workload migration
NSX CloudNetworking and
security for Public Cloud workloads
Security Integration Extensibility Automation Elasticity
NSX Data CenterNetworking and
security for data centerworkloads
NSX SD-WANby VeloCloud
WAN connectivity services
VMware NSX PortfolioThe Foundation of the Virtual Cloud Network
NSX Service MeshVisibility & Control
Across Services, Users, and Data
13Confidential │ ©2018 VMware, Inc.
BRANCH
BRANCH
BRANCH
BRANCH
BRANCH
BRANCH
BRANCH
BRANCH
TELCO/NFV
TELCO/NFV
EDGE/IOT
TELCO/NFV
BRANCH
BRANCH
EDGE/IOT
EDGE/IOT
The Virtual Cloud NetworkConnect and Protect your Business
Confidential │ ©2018 VMware, Inc.
Thank You