Confidential │ ©2018 VMware, Inc.

VMware NSX Service MeshBringing Consistent Visibility & Control

Across Service, Data, and Users

December 2018

2Confidential │ ©2018 VMware, Inc.

VMware Cloud Native InvestmentsManage, Secure, Operate Across Any Cloud

Cost Management

Security & Compliance

Resource Optimization

Insights & Analytics

Automation & Governance

Containers, VMs, Serverless

NSX Service Mesh

NSX Data Center; NSX Cloud

Cloud Health Cloud Assembly

Service Broker

Code Stream Wavefront Secure State

Enterprise Service Mesh

Consistent Infrastructure, Operations, and Developer Experience

3Confidential │ ©2018 VMware, Inc.

The Next Step in VMware’s Networking VisionMake the business more efficient

Physical Network: Connectivity and scaling using physical switches, routers, and LBs in data centers (IP addresses, protocols, ports)

Network Virtualization: Security, automation, and app continuity (e.g., policy, self service, portability, DR) between VMs, Containers, BM

Service Meshes: Automated, observable, and secure communications between users, services, and data across multiple clouds

Microservices: Developer velocity, agility, and innovation – with application elasticity and resiliency

Cloud Native ApplicationsMicroservices (Cloud PKS, PKS)

Application Platform LayerService Mesh (NSX Service Mesh)

Physical Infrastructure Layer

Switches and Routers

Virtual Infrastructure Layer

Network Virtualization (NSX Data Center, NSX Cloud)

4Confidential │ ©2018 VMware, Inc.

Cloud-Native App ArchitecturesDistributed and Heterogeneous

MOBILE APP

WEB APP

API Gateway

REST API

WEB UI

WEB

ServiceA

ServiceB

ServiceC

REST API

REST API

REST API

ServiceD

REST API

5Confidential │ ©2018 VMware, Inc.

Microservices: Lots of Promise, but challenging to…

Pinpoint the source of any problems

Identify who is accessing what data

Know if microservices are performing as expected

Gain visibility across platforms

6Confidential │ ©2018 VMware, Inc.

Istio Open Source Service Mesh

Service Mesh offers a transparent and language-independent way to automate and control application interactions

Istio is an open platform to connect, secure, and observe service to service communications

VMware is actively involved in the Istio community and contributing to the open source project

7Confidential │ ©2018 VMware, Inc.

Istio ArchitectureService connectivity, security, control, and visibility

PodPod

Pod

ServiceB

Istio

Pod

ServiceA

Control Plane

Data Plane

HTTP, gRPC, TCP

with / without mTLS

Controls traffic flow during request processing

Traffic flow

L7 Proxy(Envoy)

L7 Proxy(Envoy)

Source – https://istio.io

TLS Certs(Citadel)

Policy & Telemetry(Mixer)

Config(Pilot)

Not Pictured:Istio IngressIstio Initializer

8Confidential │ ©2018 VMware, Inc.

What if You Could… Discover and gain visibility into microservicesSecure, monitor, & control services, data, and users

Do this across environments, from end-to-end

9Confidential │ ©2018 VMware, Inc.

NSX Data Center | NSX Cloud

NSX Service Mesh VisionEnterprise-Grade Service Mesh Across any Kubernetes Environment

Third-party componentsFederation

Enables observability &

remediationSecurity

OpenShift

Discovery

Cloud PKS

NSX Service Mesh

PKS GKE EKS AKS

NSX Service Mesh NSX Service Mesh NSX Service Mesh NSX Service Mesh NSX Service Mesh

NSX Service Mesh

Users Services Data

* Focus for initial Beta

*

DataPlane

10Confidential │ ©2018 VMware, Inc.

NSX Service Mesh Use Cases

Multiple Clouds and Multiple Clusters w/ Federation

Inventory of Services, Data, Users, and Infrastructure

App SLO Policies and Progressive Rollouts

Services, Users, and Data-Centric Security & Compliance

ONBOARDING CLUSTERS & ADVANCED FEDERATION

DISCOVERY of SERVICES, DATA, & USERS

SERVICE / API VISIBILITY& REMEDIATION

SERVICES, USERS, and DATA SECURITY POLICIES

Build on Open CommunitiesISTIO SERVICE MESH CAPABILITES

11Confidential │ ©2018 VMware, Inc.

Improved development velocity, with rapid time to app value and better experiences for app users.

Operational consistency across cloud-native apps – regardless of the app platform or cloud.

Unified protection, visibility, and regulatory compliance for users, apps, and data.

Discovery, visibility, and control of services, users, and data

Developers & Service Owners Infrastructure & Operations(DevOps, SREs)

Security & Compliance

NSX Service Mesh

. . . on any platform or any cloud

Enterprise-grade Service Mesh Across any Kubernetes Environment

12Confidential │ ©2018 VMware, Inc.

NETWORKING AND SECURITY MANAGEMENT AND AUTOMATION

vRealize AutomationEnd-to-end workload automation

Network InsightNetwork discovery and insights

Cloud-Based Management Workflow Automation Blueprints / Templates Insights / Discovery Visibility

NETWORK AND SECURITY VIRTUALIZATION

AppDefenseModern application

security

NSX Hybrid ConnectData center and cloud

workload migration

NSX CloudNetworking and

security for Public Cloud workloads

Security Integration Extensibility Automation Elasticity

NSX Data CenterNetworking and

security for data centerworkloads

NSX SD-WANby VeloCloud

WAN connectivity services

VMware NSX PortfolioThe Foundation of the Virtual Cloud Network

NSX Service MeshVisibility & Control

Across Services, Users, and Data

13Confidential │ ©2018 VMware, Inc.

BRANCH

BRANCH

BRANCH

BRANCH

BRANCH

BRANCH

BRANCH

BRANCH

TELCO/NFV

TELCO/NFV

EDGE/IOT

TELCO/NFV

BRANCH

BRANCH

EDGE/IOT

EDGE/IOT

The Virtual Cloud NetworkConnect and Protect your Business

Confidential │ ©2018 VMware, Inc.

Thank You