In Tanzu, VMware is announcing a new attribute-based policy model for its service mesh technology.
Tanzu is VMware's portfolio for building and managing modern applications, and its service mesh technology lives within that product line. Service mesh technology is meant to function as a control point between containers, ensuring that individual containers are allowed to communicate with each other. It also allows developers to understand data such as performance and response time.
"As we go forward, this idea of a service mesh is a very, very strong capability because it addresses the fundamental needs of security, but gives developers the ability to create these very modular, very rapidly changing applications," said Tom Gillis, the SVP and GM of networking and security for VMware, during a press briefing.
"And what we're announcing today is an exciting new policy model that comes along with this," Gillis continued. "An attribute based policy model is going to greatly simplify the job of building and administrating policy and drive towards what we've talked about, which is that higher level automation capability."
In addition to the new service mesh policy model, VMware is also announcing that it has integrated the NSX advanced load balancer into Tanzu. According to Gillis, this provides developers with a Kubernetes operator, or series of APIs, that allow them to spin up whatever services they need without ever touching or configuring the load balancer. The integration is expected to be available in the first quarter of VMware's fiscal 2022.
"It's about automation," Gillis said. "It's about simplicity. It's about breaking the grip and the reliance on those dedicated hardware appliances."
Meanwhile, VMware is also announcing Project Antrea, described as an open-source, cluster level networking solution that allows developers to deploy their own network solution to enable container connections.
"We built it in a way that it connects to NSX for a two tiered approach," Gillis said. "So Antrea provides all of the security services, all the connectivity that a developer is going to care about. But when they need to make a connection across clusters or from a cluster to VM, NSX provides that bridge."
In the data center, VMware's monitoring and management software has gained new network modeling capabilities that act as a "pre-flight check" to verify that an application is reachable across both physical and virtual infrastructure. Together with Antrea, these new capabilities represent a significant step towards self-healing networks, VMware said.
"When there's a problem [with network performance], we can identify those problems and we're increasingly able, with virtualized infrastructure, to fix those problems," Gillis said. "So we're moving into a world where the infrastructure has a certain amount of self healing capability and fixes itself."
Shifting to Project Monterey, which VMware introduced in September, VMware announced that NSX firewall code running on a Monterey SmartNIC will be able to run a stateful layer 7 firewall with advanced threat protection capabilities in the NIC. Specifically, VMware said it's adding to the NIC a layer 2 and layer 3 switching and routing capability that will run at wire speed, a layer 4 firewall capability that will run at wire speed, and a layer 7 firewall along with IDs, IPS, and the hypervisor.
"Being able to put a layer 7 firewall in the NIC and have it operate with effectively an air gap, we think this is a transformative capability for advanced security," Gillis said. "So, we're putting the security where it matters, which is right next to your sensitive applications and your data."
Finally, VMware also announced SD-WAN Work from Home Subscriptions, which VMware said will offer individual business users optimized network connectivity and better security at an affordable low price. Bandwidth ranges from 350Mbps to 1Gbps depending upon the level of subscription.