VMware acquired a network virtualization solution called Nicira NVP in 2012 which later became the now well-known NSX. Network virtualization has become a big part of the SDDC over the past several years and is gaining more and more traction and adopters. Network virtualization offers great flexibility compared to physically managed networks when it comes to east-west routing and firewalling (micro-segmentation), layer 2 over layer 3 overlays for multisite networking, VPN services, you name it…
Meanwhile, another area of enterprise IT was growing exponentially that also caught the attention of VMware: Microservices. Docker revolutionized the industry when they launched their container engine back in 2013 and GA’d in 2014. Like most big players in the IT field, VMware jumped on the container train from different angles including their support for Kubernetes with PKS (Pivotal Container Service) and the recent acquisition of Heptio, a start-up specialized in Kubernetes.
The best of both worlds
By default, micro-service cannot communicate with one another without using a service mesh.
What is a service mesh ?
A service mesh is a language-independent dedicated infrastructure layer aimed at managing security, routing, monitoring and tracing for service-to-service communication (flow of traffic and API calls) while making them visible, manageable and controllable. The range of service mesh solutions is wide and ever expanding with names like Linkerd, Envoy, Conduit, Istio…
Istio service mesh
VMware announced recently a new product called NSX Mesh Services which is in Beta for now. It is built on the foundation of the open-source service mesh Istio. As stated earlier, the main purpose is to provide a better way to handle communications between micro-services. The SDDC leader is aiming at further integrating its PKS offerings into their ecosystem via the support VMware has included for the Container Network Interface (CNI) within NSX-T.
VMware is striving to provide a unique approach to implementing a service mesh by integrating it with the control plane used for NSX-T which should account for easier and clearer management of micro-services’ networking. The plan is also to include the data accessed and the users initiating a transaction in the service discovery. NSX Service Mesh will provide a consistent way to monitor and better secure communications for microservices, data, and users across multiple cloud-native platforms.
The beta version of NSX service mesh, set to start early 2019, will only support Cloud PKS at the start, a Kubernetes-as-a-Service offering available through the VMware Cloud services platform (formerly VKE – VMware Kubernetes Engine). Support for PKS on other platforms will follow later during the year and should be extended to other Kubernetes distributions when the product reaches maturity.
Difficult to draw a conclusion from a product that has just been announced for a beta release but what is great to conclude for is VMware’s strategy to provide a complete ecosystem for the cloud, hybrid-cloud and on-premise SDDC. They have made incredible progress over the years by creating their network virtualization solution, then expanding it with NSX-T while in parallel building on container technologies and their partnerships with cloud providers to finally merge all of the above toward the end goal. You can find some more information about NSX Service Mesh in the white paper.