People in cities around the world who use subways to move around will often see or hear the warning to “mind the gap” – or something similar – a caution to riders to be aware of the space between the doors of the train and the station platform. Forgetting the warning and stepping into the gap can lead to injury.
In this time of containers and Kubernetes and of highly distributed and increasingly complex environments, VMware is warning about another gap – though one much less physically threatening – that is hobbling IT staffs in their efforts to modernize their applications and operations. In this case, the gap is between the development teams that are pulling together these applications and the networking and security teams that are responsible for bringing these applications into environments that span multiple clouds, multiple clusters in the datacenter, and multiple abstraction layers such as virtual machines and containers. The security issues for such a varied attack surface are thorny indeed.
“While app teams can quickly develop and validate Kubernetes applications in dev environments, a very different set of security, connectivity, and operational considerations awaits networking and operations teams deploying applications to production environments,” Pere Monclus, networking CTO at VMware, wrote in a blog post. “These teams face new challenges as they transition to production with existing applications — even more so when applications are distributed across multiple infrastructures, clusters, and clouds.”
The “lab to production” gap is caused when “fundamentally very, very scrappy” applications teams pull together myriad parts – from open-source load balancers and ingress services to analytics, firewalls and service meshes – in a do-it-yourself fashion to create applications, Chandra Sekar, senior director of product marketing at VMware, tells The Next Platform.
“What we’re finding … is that the networking team – and the production networking team in particular – is concerned about these throw-over-the-wall applications, where they are going to have to deal with how to operationalize this,” Sekar says. “The gap consists of very specific cloud-native services that are missing and this is boiling down to connecting these applications across multicloud environments, across virtual machines and their microservices, providing end-to-end security all the way from the end user to the back-end microservice and its associated data and knowing exactly what the latencies are at different hops in the network with pervasive observability and then being able to support these multicloud deployments. Most importantly, how do you scale elastically if you’re dealing with a hodgepodge of appliances in the datacenter and the cloud data portal in the cloud? How do you simplify these operations with all these heterogeneous products that are not integrated?”
These modern applications are critical to enterprises as they move into an IT world that spans from the datacenter into the cloud and now the edge and that need to leverage emerging technologies like artificial intelligence (AI), machine learning and data analytics. New features are introduced much more quickly than in the past and the applications are highly scalable. Data continues to be generated in massive amounts – IDC is predicting that 175 zettabytes of data will be created in 2025 – and the movement of data throughout these distributed environments opens up pathways for cyber-criminals.
However, these new containerized and microservices-based applications are not coming into a greenfield situation, with enterprises dropping everything they’ve done in the past and only embrace all things Kubernetes. They must be able to work with existing applications, VMs and security technologies, and do so in every-changing infrastructure environments.
VMware this week is unveiling what the company calls its Modern Apps Connectivity solution, bringing to bear its Tanzu Service Mesh – designed to deliver a consistent operations model, including security and resiliency, for microservices and data across datacenters and clouds – and its NSX Advanced Load Balancer, which VMware inherited when it bought startup Avi Networks in 2019. The new solution includes a range of services for application delivery such as enterprise-grade load balancing, integrated IP address management (IPAM) and domain name system (DNS), encryption, and a framework for traffic management and security.
“How do we ensure that connectivity is provided all the way from the end user on the internet to the Kubernetes clusters and between those Kubernetes clusters with global server load balancing services and also between the parts in the cluster, as well as between VMs and the containers through the service mesh component?” Sekar says. “We are bringing two of VMware’s own technologies … together in a way that is seamless for enterprises and to take advantage of the connectivity, the availability, the resiliency that the platform offers together with all of the unified policies that we can deploy to support both traditional and modern applications.”
The new offering comes amid a lot of change for VMware. Dell Technologies, which owns about 81 percent of VMware, said last month it was spinning off the company as it looks to streamline its business and pay down debt, much of which it acquired when its bought EMC in 2016 for about $60 billion – a move that brought with it VMware. At the same time, the same day it rolled out the Modern Apps Connectivity solution, VMware announced that Raghu Raghuram, who has almost 18 years with VMware, will become its new CEO June 1. He is current executive vice president and COO of products and cloud services at the company.
Pat Gelsinger, VMware’s CEO since 2012, left the company in February to take the top spot with Intel.
VMware over the past several years has aggressively expanded its capabilities beyond virtualizing datacenter architectures, extending its reach into multicloud and hybrid cloud environments through such offerings as VMware Cloud Foundation. The company also has built out it networking portfolio, buying software-defined networking (SDN) startup Nicira in 2012 for $1.26 billion and the technology that would be the foundation of the NSX networking platform. It eventually would grow NSX, including offering support for VMs, containers and bare-metal infrastructures. Later came the vRealize management suite. In 2017, VMware bought VeloCloud for software-defined WAN (SD-WAN) and a year later rolled out its Virtual Cloud Network for connecting and securing applications and data as they moved outside of the datacenter. Then came the Avi Networks acquisition.
Monclus tells The Next Platform that such investments have given VMware a broad networking portfolio that can address the needs for any infrastructure, from the datacenter into the cloud and expanding out to the edge. NSX has grown into a $1.5 billon business for VMware. The company’s approach to networking is that every network needs a physical layer from a vendor like Cisco. On top of that, there needs to be a network virtualization layer.
Now there is the need for what the company calls the Modern Network Framework, which was introduced last year as a way to help enterprises manage the infrastructure and applications demands.
“If you think in terms of all the movement to modern apps and modern transformation, there was a new definition of networking that was being developed, especially around the space of service mesh, service controllers, API security and all that stuff,” he says.
The Modern Network includes the physical and virtual layers, with the Modern Apps Connectivity solution part of the next layer in the Modern Network Framework, leveraging the Tanzu container platform for addressing the demands of these newer applications.
The new modern application solution enables enterprises “to connect these Kubernetes applications no matter where they are deployed,” Sekar says. “In a public cloud context, we support our own Kubernetes distribution, which is the Tanzu Kubernetes Grid, as well as Red Hat OpenShift and any flavor of Kubernetes in the public cloud environment. The platform itself is agnostic to the underlying environment and Tanzu Service Mesh brings east-west connectivity, the data security, as well as the observability. With the NSX advanced load balancer, you get the ingress services for load balancing and the ultralow balancer for managing the connectivity into the cluster of full enterprise-grade web application, firewall, GSLB [global server load balancing], which is a global terminal, balancing for connecting between clusters as well as between clouds and hybrid cloud environments, and managing all of that with DNS services for service discovery and IP address management and so on.”
The solution works with Tanzu, Amazon’s EKS, and upstream Kubernetes. It is currently in preview with other Kubernetes offerings, such as OpenShift, Microsoft Azure AKS and Google GKE.