Manish Chugtu
Author Archives: Manish Chugtu
- Home → Author's archive:
Manish Chugtu
TLS Handshake Acceleration with Tanzu Service Mesh
Performance and Security Optimizations on Intel Xeon Scalable Processors – Part 2
Contributors
Manish Chugtu — VMware
Ramesh Masavarapu, Saidulu Aldas, Sakari Poussa, Tarun Viswanathan — Intel
Introduction
Intel and VMware have been working together to optimize and accelerate the microservices middleware and infrastructure with software and hardware to ensure developers have the best-in-class performance and low latency experience when building distributed workloads with a focus on improving the performance, crypto accelerations, and making it more secure.
In Part 1 of this blog series, we looked at how Tanzu Service Mesh uses eBPF (in a non-disruptive manner) to achieve network acceleration by bypassing the TCP/IP networking stack in the Linux kernel and we loved the interest shown and feedback we got for that. In this Part 2, we will deep dive and showcase how Intel and VMware have been working together to accelerate Tanzu Service Mesh (/Istio) crypto use-cases (mutual TLS use-case) and improve the performance of asymmetric crypto operations by using Intel AVX-512 Crypto instruction set that is available on 3rd Generation Intel Xeon Scalable processors.
Security is one of the key areas that service mesh addresses. In Tanzu Service Mesh, there are multiple security features that are Continue reading
Tanzu Service Mesh Acceleration using eBPF
Performance and Security Optimizations on Intel Xeon Scalable Processors – Part 1
Contributors
Manish Chugtu — VMware
Ramesh Masavarapu, Saidulu Aldas, Sakari Poussa, Tarun Viswanathan — Intel
Introduction
VMware Tanzu Service Mesh built on open source Istio, provides advanced, end-to-end connectivity, security, and insights for modern applications—across application end-users, microservices, APIs, and data—enabling compliance with Service Level Objectives (SLOs) and data protection and privacy regulations.
Service Mesh architecture pattern solves many problems, which are well known and extensively documented – so we won’t be talking about those in this blog. But it also comes with its own challenges and some of the top focus areas that we will discuss in this series of blogs are around:
- Performance
- Security
Intel and VMware have been working together to optimize and accelerate the microservices middleware and infrastructure with software and hardware to ensure developers have the best-in-class performance and low latency experience when building distributed workloads with a focus on improving the performance, crypto accelerations, and making it more secure.
In Part 1 of this blog series, we will talk about one such performance challenge (with respect to service mesh data path performance) and discuss our solution around that.
The current implementation Continue reading
Exploring VMware’s Kubernetes App Connectivity and Security Solution: A Deep Dive, with Demos
Modern apps need to run in multi-cluster, multi-cloud environments across a mix of traditional and microservices architectures. In this context, enterprise platform, infrastructure, and operations teams are presented with unique challenges in securely connecting and managing modern workloads, in delivering scalable services, or bridging between traditional VM workloads and containers, and supporting production operations for modern apps.
VMware recently introduced the “VMware Modern Apps Connectivity solution”, which brings together the advanced capabilities of Tanzu Service Mesh (TSM) and VMware NSX Advanced Load Balancer ALB (formerly Avi Networks) address today’s unique enterprise challenges.
In this blog, we’ll take a deeper look at this solution and demonstrate how its cloud-native principles enable a set of important use cases that automate the process of connecting, observing, scaling, and better securing applications across multi-site environments and clouds. We’ll also show how state-of-the-art capabilities in this solution — like Global Server Load Balancing (GSLB) and Intelligent Autoscaling — enable enterprises to deliver advanced use cases such as cloud-bursting.
Step 0: Set up (typical HA architecture for a modern distributed app)
Let’s start by looking at our set-up, which is a typical architecture for a highly-available modern app deployment Continue reading
Achieve Multi-Cloud Application Scalability for Modern Apps
The modern application is dynamic and highly adaptive to changes in demand. It lives across multiple clusters and clouds. And it is highly distributed with hundreds of microservices servicing the requirements of rapid feature releases, high resiliency, and on demand scalability. In such a world, we simply cannot afford to continue to rely solely on the network architectures of the last decade.
Modern applications need a Modern Network—one that simplifies operations, reduces IT overhead and prioritizes user needs—such that organizations can empower users with fast, reliable and secure application access wherever and whenever they do business, regardless of the underlying infrastructure or connectivity. This requires adopting the public cloud—or even multiple public clouds—as an extension of on-premises infrastructure. What enterprises need is a common, multi-dimensional framework that provides availability, resiliency, and security for modern applications, with the ability to abstract connectivity, identity, and policy via declarative intents. These dimensions of control are paramount for modern applications – improving the visibility and control of assets that are ephemeral in nature and not directly under the Continue reading
Forging A Path to Continuous, Risk-based Security with VMware NSX Service Mesh
The shift to multi-cloud, microservices-based architectures is well underway across enterprises. VMware NSX has long provided secure connectivity between private and public clouds while offering consistent policy management within hybrid cloud environment with our Service-defined Firewall. More than a year ago, VMware NSX-T expanded beyond just supporting ESX-based VMs to cover workloads running on bare metal servers, multiple hypervisors, and containers.
However, as the adage goes, the only constant is change. So, it goes with application architectures. As enterprises embrace cloud-native architectures, applications are becoming even more distributed and heterogenous. We see this particularly in some of our forward leaning customers – payment providers, financial institutions, retailers, technology vendors, etc. – are they’re driving us to further evolve our security thinking.
Customers are containerizing their new applications with Kubernetes, and exploring solutions such as VMware Tanzu, Project Pacific, Pivotal Cloud Foundry, and other platforms and managed services. They leverage a mix of open source and multiple SaaS services for various functions such as observability, analytics, and cost optimization. Yet, they also need to communicate with their existing VM-based applications. These customers want a common framework for identity, policy, and compliance, one that can deal with assets that are Continue reading