Deepa Kalani and Ramiro Salas from the VMware team spoke at SpringOne 2020 Conference last week about the Tanzu Service Mesh (TSM) product and how it helps developers with Global Namespaces to implement access control and security policies, as well as visualization tools to show application-centric metrics.
A service mesh decouples services from having to know about the network and helps developers to focus on business logic. A typical service mesh can provide:
- Service discovery
- Weighted routing (for A/B deployments)
- Mutual TLS based authentication (including certificate rotation)
- Advanced telemetry for in-depth observability
- Fault injection and retries
- Circuit breakers
Today developers are working on cloud native applications and need to deal with monolithic apps, microservices, and serverless functions (FaaS) based models. A service mesh must be able to support all of the corporate developer use cases. It also needs to be transparent and it needs to be out of the way, so developers can be productive by focusing on application functionality and business logic.
Salas and Kalani also talked about VMware's service mesh vision which incudes eliminating fragmentation by consistently connecting, controlling and monitoring software hosted on traditional VM's as well as Kubernetes and public clouds. Tanzu Service Mesh consits of an SaaS based control plane that supports multi-cluster and multi-platform infrastructure.
Salas discussed Global Namespaces support in the service mesh, which helps with isolating and decoupling the applications from infrastructure. TSM also leverages sidecar technologies like Envoy that don’t need to add a lot of overhead and can reach out to the edge of the VM’s.
He also talked about some of the new projects they are working on, like Project Hamlet, an open-source initiative to define service discovery API for federated service meshes. The project supports federation with third-party platforms and service meshes like Google Anthos or Hashicorp Consul Connect.
Tanzu Service Mesh's Policy Framework provides a continuous security model for cloud-native applications. Policy enforcement can be based on end-users, services/api, or the data. The framework includes an Identity Engine, Resource Grouping Model and a risk-based policy actions module.
Kalani demonstrated the different features of Tanzu Service Mesh and showed how to view the service graph to monitor the calls to each service. For more information about SpringOne Conference, checkout the conference main website and the schedule. The conference material (videos and slides) will be made available to the community starting this week.