HEADSET CHANNEL 5

#vFORUMAU#vFORUMAU

5

Ryan Douglas, VMware

What is Service Mesh and Why Do I Need One?

#vFORUMAU

Disclaimer

This presentation may contain product features or functionality that are currently under development.

This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.

Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.

Technical feasibility and market demand will affect final delivery.

Pricing and packaging for any new features/functionality/technology discussed or presented, have not been determined.

This information is confidential.

The information in this presentation is for informational purposes only and may not be incorporated into any contract. There is no commitment or obligation

to deliver any items presented herein.

#vFORUMAU

Agenda Why Service Mesh

What’s the big deal?

What is Service Mesh

Tell me more

What’s VMware doing in this space?

Didn’t know you guys did that!

#vFORUMAU

Why Service MeshTwitter tells me I need Service Mesh

#vFORUMAU

Applications have changed

#vFORUMAU

Why Enterprises are Pursuing Application Transformation

Complexity – As it grows, can be difficult to understand

Anti-Agility – Long release cycles and change windows

Availability – Bug can bring down the entire application

Technology – Long-term commitment to a stack

Monolithic Application

#vFORUMAU

Benefits of the Microservices Architecture

Velocity – Innovation and business value

Elasticity – Horizontally and independently

Resiliency – Faults are quickly isolated

Technology – Adopt new frameworks and languages

What is IT doing to adjust to this new world?

#vFORUMAU

Operations Concerns

App silos - running in multiple platforms

and clouds

Inconsistent operational visibility

and remediation

Many endpoints to monitor, scale, and

make resilient

Polyglot – many different languages

and app frameworks

Enterprise PKS

How to consistently connect, control, monitor, and remediate microservices

#vFORUMAU

What is Service MeshBasics of what it does

#vFORUMAU

What is Service mesh?

service mesh is an abstraction layer that takes care of

service to service communication (Service discovery,

encryption), observability (monitoring and tracing) and

resiliency (circuit-breakers and retries)

abstraction layer

#vFORUMAU

Service

D

ServiceC

Service

B

Service

A

Web APP

Mobile APP

Let’s dig deeper

REST API

REST API

REST API

API Gateway

REST API

REST API

Web UIWeb

DB

DB

DB

#vFORUMAU

How is this different ?

REST API

web

service

Interact with additional services

Find these services

Connection details (secure, not secure, how secure)

Different languages

Error handling

Service

BREST API

ServiceC

REST API

Latency detection and response

Get metrics

Send metrics

Self healing? Failure detection and handling

web service

Connection

Metrics

Retires

L7 Proxy

Abstraction Layer

Business logic - Fetch data and present it on a web page

#vFORUMAU

K8s Cluster

Istio ArchitectureEnvoy – the heart of the service mesh

PodPod

Pod

ServiceB

Istio

Pod

ServiceA

HTTP, gRPC, TCP

with / without mTLS

Controls traffic flow during

request processing

Traffic flow L7 Proxy(Envoy)

L7 Proxy

(Envoy)

Source – https://istio.io

TLS Certs

(Citadel)

Policy & Telemetry(Mixer)

Config

(Pilot)

Project started by Lyft and is now owned by CNCF.

High performance open source proxy implemented as a sidecar:

TCP

HTTP (both HTTP/1&2)gRPC

Provides discovery and load balancing capabilities

Can create mTLS sessions with other proxies

Control Plane(Istio)

Data Plane(Envoy)

#vFORUMAU

What are you guys doing in this spaceIntroducing NSX Service Mesh

#vFORUMAU

Making the business more efficientVMware’s Expanding NSX Portfolio

Physical Network: Connectivity and scaling using physical switches, routers, and LBs in data centers (IP addresses, protocols, ports)

Network Virtualization: Security, automation, and app continuity (e.g., policy, self-service, portability, DR) between VMs, containers, and bare metal.

Service Mesh: Discovery, visibility, control, and security for communications across end-users, microservices, and data for cloud native apps.

Service Mesh

(NSX Service Mesh)

Application Platform

(VMware PKS / Kubernetes)

Physical Infrastructure

Switches, Routers

Network Virtualization

(NSX Data Center)

Application Platform: Deployment, configuration, upgrade, and scaling of Kubernetes clusters and containerized applications.

#vFORUMAU

Services

Data

VMware’s Enterprise-Class Service Mesh Vision

Users

DiscoveryVisibility

Control Security

VMs

Public Clouds Kubernetes

ServerlessSaaS

#vFORUMAU

ServerlessSaaSVMsContainers Public Clouds

Visibility Control SecurityThird-Party

Components

Users Services Data

Customer Clusters

VMwareSaaS / Cloud

Discovery

VMware’s Enterprise-Class Service Mesh Vision

SidecarsSidecars /

FederationPlugins

Istio

Business-Level Policies

#vFORUMAU

Across Users, Services, and Data

NSX Service Mesh Use Cases

Multi-cluster and mesh federation

across application platforms and public

cloud services

End-to-end topologies, monitoring, tracing,

and behavior analytics across users, services,

and data

Automate service mesh operations, resiliency, and remediation (e.g.,

SLO policies and progressive rollouts)

Business-level security policies and monitoring for protection of users, services, and data – by

default

Discover and analyze the relationships and

dependencies between users,

services, and data

CONTROLVISIBILITY SECURITYDISCOVERY FEDERATION

#vFORUMAU

Multiple Use CasesStart with one and incrementally adopt others over time NSX

Service Mesh

#vFORUMAU

Enterprise-Grade Service Mesh Across any EnvironmentNSX Service Mesh

on any Platform or any Cloud

Discovery, Visibility, Control, and Security – of Users, Apps, and Data

App Developers & Service Owners

DevOps, SREs, PREs, and Platform Owners

Security, SecOps, and Compliance Owners

Development Velocity Consistent Operations Secure by Default

#vFORUMAU#vFORUMAU

5

Thank You!

#vFORUMAU

Join the conversation

#vFORUMAU @VMwareAU