A service mesh refers to the way that software code from cloud hosted applications is woven together at different levels of the webserver in integrated layers. Rather than functioning in an isolated runtime at the top layer of a web server stack configuration, cloud hosted application code can be built with APIs that facilitate calls to other software-driven services available at the level of the operating system, web server, network, or data center. A service mesh increases the potential functionality of software applications by extending the levels of interoperable communication between infrastructure elements in production.
A service mesh weaves together thousands of microservices across VMs in an elastic cloud data center through automated, cross-channel communication between running applications. Dedicated service-to-service communication functionality is required by cloud orchestration, load balancing, resource discovery SDN routing, API communication, database synchronization, and script optimization applications across all levels of data center operations. A service mesh can be used for better data analytics and traffic metrics for multi-tiered network architecture across millions of multi-tenant rack servers at a time.
A service mesh works through discovery and routing applications that are installed on every VM instance or node in an elastic web server network to register running microservices by IP address. A central registry is used for the configuration, management, and administration of all the simultaneously running microservices on a network. The service mesh can be referenced by parallel applications operating at the various layers of a web server, data center, or application to extend interoperable functionality through data analytics and network monitoring. This leads to increased data center automation at the level of IP routing, SDN definitions, firewall settings, filters, rules, and cloud load balancing.
API connections can reference the service mesh for definitions of where to discover running applications and microservice features for data transfers or required processing activity. Elastic web server platforms that scale automatically with Kubernetes use Istio as the central registry and configuration management utility for microservice discovery. Elastic web server platforms like AWS EC2 and Kubernetes utilize the service mesh for managing multiple copies of cloud applications in simultaneous runtimes while synchronizing changes to master database and storage information. A service mesh permits the application layer to communicate with the webserver, internet, and data center network resources through APIs, or vice versa, depending on the requirements of the microservice or code base.
A service mesh is based on an abstraction layer that is installed across VMs or containers in a cloud data center. Code is installed on every VM or node which communicates with a central administration software instance running the data center orchestration. Service mesh solutions like VMware NSX and Istio rely on Envoy to create the data plane at the node level. Envoy manages information related to the running microservices, licensed IP addresses, HTTPS encryption, active database formats, etc. for every VM or node. With NSX this includes distributed firewall integration at the level of the hypervisor. In elastic cloud networks, the data plane information for each VM or node is used for load balancing. API connections rely on service mesh architecture for inter-application routing requirements. Telemetry at Level 7 of the service mesh includes DNS, HTTP/S, SMTP, POP3, FTP, etc.
The service mesh implementation includes load balancing and service discovery across the SDN, IP address, Microservice, and API resources of a web/mobile application. The service mesh manages communication, synchronization, and encryption for connections in the webserver backend across hardware in an elastic web server architecture. In cloud applications, the script, database, and static web files are often separated on different hardware, then assembled on the final page of the web browser. The SDN routing between hardware, scripts, database, and files becomes even more complex with third-party APIs in the code. When all of this must be assembled across resources for every page load, the service mesh integrates, synchronizes, and standardizes the operation across VMs in elastic web server frameworks. The service mesh was created to meet a need that no other software provides in the data center. It also includes data analytics and user metrics from web traffic connections.
Istio is currently the most advanced open source service mesh project, with Envoy being used for the central features related to the management of the data plane across nodes. Istio was originally developed as part of the Cloud Native Computing Foundation (CNCF) and works within the VMware NSX Service Mesh and Enterprise PKS platforms. PKS is VMware’s Kubernetes distribution which orchestrates cloud web servers through containers. PKS is available as a self-hosted package for public and private cloud requirements or as a fully managed Containers-as-a-Service (CaaS) product. Istio is used for microservice communication in Kubernetes with complex IP address routing capabilities and encryption for elastic web server orchestration in enterprise data centers at scale. Linkerd, Conduit, Aspen, and Consul are other important open source projects being developed as components of service mesh frameworks.
An elastic service mesh is required to synchronize database and website files in a cloud hosting framework like AWS EC2 or Kubernetes. The service mesh controls the routing between VMs in the webserver backend for API and SDN requirements in software application support. When the service mesh is also used for discovery and load balancing in elastic web server networks, administrators can automate the allocation of data center resources to match the requirements of user traffic in production. Web servers can be configured to automatically launch or be terminated when no longer required for more efficient use of cloud hardware resources. The ability to embed real-time monitoring and analytics capabilities into a service mesh at the level of the VM or node provides software developers, programmers, and web publishers with the ability to create new features for applications using microservices.
A public cloud may contain millions of simultaneously running microservices across containers or virtual machines supporting different applications and databases in parallel through isolated runtimes. Multi-tenant environments based on virtualization require a better method to discover and register microservices so that the unique functionality of each can be integrated by applications or shared to other devices using APIs. Many microservice formats are not designed specifically for elastic web server platforms and need a service mesh to manage the operation in containers. A service mesh provides the fine-grained routing and encryption functionality over SDN that allows different APIs to communicate between running code processes on web servers, endpoints, and other devices.
VMware NSX Data Center delivers a complete L2-L7 networking and security virtualization platform — providing the ability to manage the entire network as a single entry from a single pane of glass.
As we evaluated evolving customer needs, we recognized four themes that we had to address in the evolution of our NSX security model.
Radically simplify the process of connecting, protecting, and monitoring your microservices across any runtime and any cloud with VMware Tanzu Service Mesh.