Tanzu Service Mesh Security Enhancements using Confidential Computing

Performance and Security Optimizations on Intel Xeon Scalable Processors with Intel SGX – Part 3

Contributors

Andrew Babakian — VMware

Saidulu Aldas, Ramesh Masavarapu, Sakari Poussa, Tarun Viswanathan —  Intel

Introduction

Intel and VMware have been working together to optimize and accelerate the microservices middleware and infrastructure with software and hardware to ensure developers have the best-in-class performance and low latency experience for building distributed workloads. The focus is on improving the performance of crypto accelerations and making workloads more secure.

The Service Mesh architecture pattern solves many problems, which are well-known and extensively documented, and will not be central to this discussion. However, the focal point of this blog series will include the architectural challenges of Service Mesh in the following top focus areas:

1. Performance
2. Security

In Part 1 of this series, we looked at how Tanzu Service Mesh uses eBPF to achieve network acceleration. In Part 2, we showcased how Intel and VMware collaborated to accelerate Tanzu Service Mesh crypto use cases and improve the performance of asymmetric crypto operations.

In this Part 3 blog series, we will discuss one security challenge (concerning the service mesh private key protection mechanism) and our solution.

In the current Continue reading