Application initiatives are driving better business outcomes, an elevated customer experience, innovative digital services, and the anywhere workforce. Organizations surveyed by VMware report that 90% of app initiatives are focused on modernization(1). Using a container-based microservices architecture and Kubernetes, app modernization enables rapid feature releases, higher resiliency, and on-demand scalability. This approach can break apps into thousands of microservices deployed across a heterogeneous and often distributed environment. VMware research also shows 80% of surveyed customers today deploy applications in a distributed model across data center, cloud, and edge(2).
Enterprises are deploying their applications across multiple clusters in the data center and across multiple public or private clouds (as an extension of on-premises infrastructure) to support disaster avoidance, cost reduction, regulatory compliance, and more.
Fig 1: Drivers for Multi-Cloud Transformation
The Challenges in Transitioning to Modern Apps
While app teams can quickly develop and validate Kubernetes applications in dev environments, a very different set of security, connectivity, and operational considerations awaits networking and operations teams deploying applications to production environments. These teams face new challenges as they transition to production with existing applications — even more so when applications are distributed across multiple infrastructures, clusters, and clouds. Some of these challenges include:
Application connectivity across multi-cluster, multi-cloud, and VM environments
Application teams developing new applications using a microservices architecture need to be concerned about how to enable connectivity between microservices deployed as containers and distributed across multiple clouds and hybrid environments (data centers and public clouds).
Additionally, some of these application components reside in VM environments. For example, a new eCommerce app designed with a microservices architecture may need to contact a database running in a VMware vSphere environment or in the cloud. The lack of seamless connectivity between these heterogeneous environments (container-based vs. VM-based) is one of the reasons that prevent enterprises from meeting time-to-market requirements and slows down their app modernization initiatives, as they are unable to re-use their existing application components.
Consistent end-to-end security policies and access controls
With heterogeneous application architectures and infrastructure environments, the trusted perimeter has dissolved, and enterprises are seeing breaches that continue to grow via exploits, vulnerabilities, phishing attacks, and more. Modern applications raise several security challenges, such as how to secure connectivity not only from end-users into Kubernetes clusters, but across clusters, availability zones, and sites and between containerized and virtual machine environments.
Fig 2: Increased Attack Surface
Teams need to more effectively ensure that users are given the right access permissions to applications; that application components are properly ring-fenced; and that communications across hybrid infrastructures and workloads are secured. Identity based on IP addresses, and intent based on ports, are insufficient for modern applications. What is needed is end-to-end deep visibility from end-users to apps to data, and an extension of the principles of zero trust network access (ZTNA) to these modern applications.
Operational complexity — multiple disjointed products, no end-to-end observability
The responsibility for secure, highly available production rollouts of Kubernetes falls on application platform teams. However, they are confronted with a vast array of open-source components that must be stitched together to achieve connectivity, availability, security, and observability — including global and local load balancers, ingress controllers, WAF, IPAM, DNS, sidecar proxies, policy frameworks, identity frameworks, and more.
Fig: 3 Multiple components need to be managed separately
Platform teams need a way to centrally control traffic management and security policies across the full application operating environment. They also need a way to gain end-to-end visibility across multiple K8s environments and entire application topologies, including application dependencies, metrics, traces, and logs. The end-result of this complexity is usually a compromise consisting of partial visibility, automation, and scalability, which ends up making a lot of projects fail.
All these challenges and more are driving us to further evolve our networking and security thinking for modern apps. We simply cannot afford to continue to rely solely on the network architectures of the last decade. More versatile and flexible models are needed to address connectivity, security, and operational requirements in this rapidly evolving world.
VMware Modern Apps Connectivity Solution
VMware is introducing a new solution that brings together the advanced capabilities of Tanzu Service Mesh and VMware NSX Advanced Load Balancer (formerly Avi Networks) to address today’s unique enterprise challenges.
The VMware Modern Apps Connectivity solution offers a rich set of integrated application delivery services through unified policies, monitoring, visualizations, and observability. These services include enterprise-grade L4 load balancing, ingress controller, global load balancing (GSLB), web application security, integrated IPAM and DNS, end-to-end service visibility and encryption, and an extensible policy framework for intelligent traffic management and security. Through the integrated solution, operators can centrally manage end-to-end application traffic routing, resiliency, and security policies via Tanzu Service Mesh.
This solution speeds the path to app modernization with connectivity and better security across hybrid environments and hybrid app architectures. It is built on cloud-native principles and enables a set of important use-cases that automates the process of connecting, observing, scaling, and better-securing applications across multi-site environments and clouds.
The VMware Modern App Connectivity solution works with VMware Tanzu, Amazon EKS, and upstream Kubernetes today, and is in preview with Red Hat OpenShift, Microsoft Azure AKS, and Google GKE(3). As a leader in delivering the Virtual Cloud Network, VMware understands the challenges of creating operationally simple models for modern app connectivity and security. The solution closes the dev-to-production gap caused by the do-it-yourself approach forced on many networking teams who are under pressure to launch reliable, business-critical services that work consistently across heterogeneous architectures and environments.
Stay tuned for our next blog post about the VMware Modern App Connectivity solution — in which we’ll dive deep into the technical architecture and some of the use cases enabled by this solution.
1-VMware FY22 Q1 Executive Pulse, January 2021.
2-VMware FY22 H1 Benchmark: Cloud and Applications, March 2021.
3-There is no commitment or obligation that beta features or products will become generally available. This information is provided without warranty of any kind, express or implied, and is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions regarding VMware offerings.