Today at VMware Explore, we are pleased to announce the addition of more enterprise and application resiliency capabilities into VMware Tanzu Service Mesh.
Connecting, securing, and scaling modern applications automatically becomes a key need for enterprises to be successful in a Kubernetes environment. Tanzu Service Mesh provides enterprise-grade service mesh capabilities based on the popular Istio technology, plus numerous add-ons that address critical enterprise-level needs for connectivity, security, visibility, and scale. In the past year, the Tanzu Service Mesh team has been focusing on enterprise-grade capabilities across several industry verticals.
Here are some of the ways Tanzu Service Mesh is expanding to do even more.
Support for customer-owned enterprise certificate authority through integration with Venafi
Tanzu Service Mesh uses a sophisticated trust implementation, mTLS, that allows generating certificates to services deployed in multiple clusters and clouds that are part of the same global namespace (GNS). The new release provides enterprises a way to integrate their Tanzu Service Mesh tenant with the certificate authority (CA) of their choice through the integration with the Venafi machine identity management platform. This allows the certificates generated for services to be part of the organizational CA trust chain. Learn more about how to get started.
“It’s exciting to see VMware simplify customers’ cloud native journey to modernize for speed. Platform operators and developers get the power of consistency and speed by tapping into the control plane for machine identity management that’s frictionless and security-team approved,” says Kevin Bocek, vice president of security strategy and threat intelligence at Venafi.
“We are thrilled about the integration with Venafi, enabling our customers to use Tanzu Service Mesh in their own enterprise CA trust chain and use their own registry system,” says Pere Monclus, vice president and chief technology officer at VMware.
Improved security with enterprise-approved container image registries
Users are now able to pull all Tanzu Service Mesh and Istio images used by Tanzu Service Mesh from the enterprise’s own registry system instead of the public VMware registry. This aligns with many organizations’ policies of scanning images first locally before using them in their networks, securing the entire supply chain. Find more information in the documentation here.
Data services support in global namespace
A service mesh usually focuses on layer 7 protocols. However, application data services—for example, databases—operate at a lower layer, TCP. A common use case for this capability is to place the stateless services in one cluster and the data services in another, as they have different operational models and backup requirements. Tanzu Service Mesh uses a federated approach in which the configuration and management is done at the SaaS level and trickled down to the local deployment. The new Tanzu Service Mesh release adds support for data services such as RabbitMQ, Kafka, Postgres, Redis, and MongoDB to communicate with the rest of the service mesh layer 7 environment across multi-cluster Kubernetes through the global namespace mechanism. More information can be found in the documentation here.
External services support in global namespace
When a service in a global namespace of Tanzu Service Mesh requires access to an external database or web service that is running outside the mesh (SaaS, virtual machines, containers, bare metal, for example), the communication flows through the envoy proxy as a sidecar, which allows all traffic by default. With the external services support, as long as the external service is presented via an URL, Tanzu Service Mesh can now automate the creation of routing rules, destination rules, and gateway configuration for these external services and enable the communication with the global namespace services. More information can be found in the documentation here.
Improved service-level visibility
Tanzu Service Mesh enables improved service-level visibility with the global SLO dashboard, providing a unified service-level objective (SLO) dashboard on the console. The global SLO dashboard allows developers and site-reliability engineers (SREs) to view SLOs for all managed services assigned to their projects and GNS, as well as how they perform to their SLOs. This helps with capacity planning, troubleshooting, and understanding the summary of the health of their multi-cluster applications all from one place. Further information about how to get started can be found here.
The global SLO dashboard in Tanzu Service Mesh
We invite you to try out Tanzu Service Mesh with a test drive and to get in contact with us through our product page.
And be sure to check out these sessions at VMware Explore:
- SECB2529US – Mastering API Security (link to session)
- SECB2528US – Connect, Secure, Scale and Operate Modern Apps Anywhere with CVS Health
- TAM1701US – Tanzu Service Mesh global namespace, the multi-cloud VPC with zero trust
Read about all of our VMware Tanzu–related announcements from VMware Explore.