what is service mesh and why do i need one? · http, grpc, tcp with / without mtls controls traffic...
Post on 22-May-2020
9 Views
Preview:
TRANSCRIPT
HEADSET CHANNEL 5
#vFORUMAU#vFORUMAU
5
Ryan Douglas, VMware
What is Service Mesh and Why Do I Need One?
#vFORUMAU
Disclaimer
This presentation may contain product features or functionality that are currently under development.
This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.
Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.
Technical feasibility and market demand will affect final delivery.
Pricing and packaging for any new features/functionality/technology discussed or presented, have not been determined.
This information is confidential.
The information in this presentation is for informational purposes only and may not be incorporated into any contract. There is no commitment or obligation
to deliver any items presented herein.
#vFORUMAU
Agenda Why Service Mesh
What’s the big deal?
What is Service Mesh
Tell me more
What’s VMware doing in this space?
Didn’t know you guys did that!
#vFORUMAU
Why Service MeshTwitter tells me I need Service Mesh
#vFORUMAU
Applications have changed
#vFORUMAU
Why Enterprises are Pursuing Application Transformation
Complexity – As it grows, can be difficult to understand
Anti-Agility – Long release cycles and change windows
Availability – Bug can bring down the entire application
Technology – Long-term commitment to a stack
Monolithic Application
#vFORUMAU
Benefits of the Microservices Architecture
Velocity – Innovation and business value
Elasticity – Horizontally and independently
Resiliency – Faults are quickly isolated
Technology – Adopt new frameworks and languages
What is IT doing to adjust to this new world?
#vFORUMAU
Operations Concerns
App silos - running in multiple platforms
and clouds
Inconsistent operational visibility
and remediation
Many endpoints to monitor, scale, and
make resilient
Polyglot – many different languages
and app frameworks
Enterprise PKS
How to consistently connect, control, monitor, and remediate microservices
#vFORUMAU
What is Service MeshBasics of what it does
#vFORUMAU
What is Service mesh?
service mesh is an abstraction layer that takes care of
service to service communication (Service discovery,
encryption), observability (monitoring and tracing) and
resiliency (circuit-breakers and retries)
abstraction layer
#vFORUMAU
Service
D
ServiceC
Service
B
Service
A
Web APP
Mobile APP
Let’s dig deeper
REST API
REST API
REST API
API Gateway
REST API
REST API
Web UIWeb
DB
DB
DB
#vFORUMAU
How is this different ?
REST API
web
service
Interact with additional services
Find these services
Connection details (secure, not secure, how secure)
Different languages
Error handling
Service
BREST API
ServiceC
REST API
Latency detection and response
Get metrics
Send metrics
Self healing? Failure detection and handling
web service
Connection
Metrics
Retires
L7 Proxy
Abstraction Layer
Business logic - Fetch data and present it on a web page
#vFORUMAU
K8s Cluster
Istio ArchitectureEnvoy – the heart of the service mesh
PodPod
Pod
ServiceB
Istio
Pod
ServiceA
HTTP, gRPC, TCP
with / without mTLS
Controls traffic flow during
request processing
Traffic flow L7 Proxy(Envoy)
L7 Proxy
(Envoy)
Source – https://istio.io
TLS Certs
(Citadel)
Policy & Telemetry(Mixer)
Config
(Pilot)
Project started by Lyft and is now owned by CNCF.
High performance open source proxy implemented as a sidecar:
TCP
HTTP (both HTTP/1&2)gRPC
Provides discovery and load balancing capabilities
Can create mTLS sessions with other proxies
Control Plane(Istio)
Data Plane(Envoy)
#vFORUMAU
What are you guys doing in this spaceIntroducing NSX Service Mesh
#vFORUMAU
Making the business more efficientVMware’s Expanding NSX Portfolio
Physical Network: Connectivity and scaling using physical switches, routers, and LBs in data centers (IP addresses, protocols, ports)
Network Virtualization: Security, automation, and app continuity (e.g., policy, self-service, portability, DR) between VMs, containers, and bare metal.
Service Mesh: Discovery, visibility, control, and security for communications across end-users, microservices, and data for cloud native apps.
Service Mesh
(NSX Service Mesh)
Application Platform
(VMware PKS / Kubernetes)
Physical Infrastructure
Switches, Routers
Network Virtualization
(NSX Data Center)
Application Platform: Deployment, configuration, upgrade, and scaling of Kubernetes clusters and containerized applications.
#vFORUMAU
Services
Data
VMware’s Enterprise-Class Service Mesh Vision
Users
DiscoveryVisibility
Control Security
VMs
Public Clouds Kubernetes
ServerlessSaaS
#vFORUMAU
ServerlessSaaSVMsContainers Public Clouds
Visibility Control SecurityThird-Party
Components
Users Services Data
Customer Clusters
VMwareSaaS / Cloud
Discovery
VMware’s Enterprise-Class Service Mesh Vision
SidecarsSidecars /
FederationPlugins
Istio
Business-Level Policies
#vFORUMAU
Across Users, Services, and Data
NSX Service Mesh Use Cases
Multi-cluster and mesh federation
across application platforms and public
cloud services
End-to-end topologies, monitoring, tracing,
and behavior analytics across users, services,
and data
Automate service mesh operations, resiliency, and remediation (e.g.,
SLO policies and progressive rollouts)
Business-level security policies and monitoring for protection of users, services, and data – by
default
Discover and analyze the relationships and
dependencies between users,
services, and data
CONTROLVISIBILITY SECURITYDISCOVERY FEDERATION
#vFORUMAU
Multiple Use CasesStart with one and incrementally adopt others over time NSX
Service Mesh
#vFORUMAU
Enterprise-Grade Service Mesh Across any EnvironmentNSX Service Mesh
on any Platform or any Cloud
Discovery, Visibility, Control, and Security – of Users, Apps, and Data
App Developers & Service Owners
DevOps, SREs, PREs, and Platform Owners
Security, SecOps, and Compliance Owners
Development Velocity Consistent Operations Secure by Default
#vFORUMAU#vFORUMAU
5
Thank You!
#vFORUMAU
Join the conversation
#vFORUMAU @VMwareAU
top related