VMware Tanzu service mesh tie-in syncs multi-cloud networks
Newly tightened integration between VMware's Tanzu service mesh and Avi load balancer is meant to simplify provisioning, facilitate multi-cloud failover and automate cloud bursting.
VMware has combined its Tanzu service mesh with its NSX Advanced Load Balancer to help IT teams synchronize the complex layers of network infrastructure required for cloud-native apps.
Tanzu service mesh is VMware's version of the network architecture, used with container-based microservices, which enforces network and security policy through a set of software components called sidecar proxies. VMware Tanzu service mesh creates what the vendor calls global namespaces, abstractions that coordinate application services among multiple clouds.
NSX Advanced Load Balancer comes from VMware's acquisition of Avi Networks in 2019, and includes a software-based load balancer, a web application firewall (WAF), and an ingress gateway for Kubernetes container clusters.
The two components could be used together before, but the new combination, dubbed the VMware Modern App Connectivity Solution, means that every time Tanzu service mesh SaaS users provision a new workload, they will automatically get an instance of the NSX load balancer built in, which will link applications with deeper layers of network infrastructure without separate configuration steps.
Previously, such integrations had to be set up manually to perform functions such as automated failover between Kubernetes clusters, and that manual process was error-prone, according to VMware officials.
Pere Monclus
"Before, you had to go to the [Tanzu service mesh] SaaS portal and configure certain things, go to the on-premises [NSX] portal and configure other things … and pray that everything works as you thought," said Pere Monclus, CTO in VMware's network and security business unit. "Now, you just configure the global namespace policies and as workloads come, the load balancer and WAF automatically gets configured."
The new integration goes beyond simplifying setup, Monclus said -- it will make multi-cluster and multi-region failover more reliable, and means Tanzu service mesh can now provision empty Kubernetes clusters for cloud bursting when existing resources are depleted. Tying in the load balancer will also facilitate linking the service mesh to traditional VMs.
"Under the umbrella of a global namespace, we abstracted [the infrastructure] in a way that you don't have to worry about the specifics of technology," Monclus said. "You create a global namespace, and now you have a multi-cloud resilient app, with end-to-end encryption and a WAF [that] lives in the global namespace, not in a [specific] cluster."
Future releases of Tanzu service mesh this year will further expand integrations with other parts of the VMware portfolio, such as Mesh7, a startup VMware acquired in March. Mesh7 uses filters within the Envoy sidecar proxy to perform security, policy management and monitoring operations on API calls, including configuration drift and anomaly detection.
Kubernetes platform vendors tout multi-cloud
VMware's focus on cloud-native network integration comes as Kubernetes enters a new phase of maturity among mainstream enterprises. Many companies now look to Kubernetes to centrally manage multi-cloud infrastructures and plan to use multiple Kubernetes clusters for various purposes within those environments.
But enterprises aren't interested in the DIY approach used by early adopters to integrate all the open source software components required for this, which is where platform vendors such as VMware and Red Hat come in, said Brad Casemore, an analyst at IDC.
How many organizations will be capable of acting as their own integrator and putting together all of these pieces?
Brad CasemoreAnalyst, IDC
"As we shift to this early mainstream [adoption of containers], how many organizations will be capable of acting as their own integrator and putting together all of these pieces?" Casemore said. "A lot of organizations will want to eliminate the stitching that they're required to do."
The Modern App Connectivity product bundles Tanzu service mesh and NSX Advanced Load Balancer for sale to new users, but the integration will be added free for existing Tanzu service mesh customers. It will be sold as part of the broader Tanzu Kubernetes platform as well, but the integration can work with other Kubernetes distros, including Red Hat's OpenShift.
But it's an open question how widely VMware's products will appeal to those outside its existing customer base, Casemore said.
"The greenfield opportunities that organizations will spawn as they begin to get serious about cloud-native application architectures are still to come," he said.
In the meantime, both VMware and Red Hat face stiff competition from hyperscale cloud vendors, most notably Kubernetes creator Google, which markets Anthos for multi-cloud and hybrid cloud management. Not all customers will pursue a multi-cloud strategy, and cloud providers such as AWS will try to entice such users with highly competitive prices, too, Casemore said.
"[Vendors such as VMware] are trying to find a way of making [Kubernetes platforms] not about the commoditized pieces," he said. "They're trying to say, 'we have to make it easier [to manage], or we have to provide [wider] integrations, or do multi-cluster and multi-cloud better, because if we just go into organizations that are locked in to AWS, they're going to kill us on pricing.'"
Beth Pariseau, senior news writer at TechTarget, is an award-winning veteran of IT journalism. She can be reached at [email protected] or on Twitter @PariseauTT.
Pere Monclus
Brad Casemore
