Connecting, securing, and scaling modern applications automatically is becoming a key need for enterprises to be successful in a Kubernetes environment.
To address this need, VMware Tanzu Service Mesh provides connectivity and security for modern applications across cloud native Kubernetes environments via advanced, end-to-end connectivity and security, enabling compliance with Service Level Objectives (SLOs) and data protection and privacy regulations. The solution helps control both north-south traffic from end users at the application edge through mesh egress and ingress, as well as east-west traffic between application workloads, APIs and data.
Machine Identity Security Architecture
The full-stack application modernization enabled by VMware Tanzu empowers organizations to ship great software faster. The solution helps organizations build and run modern apps on any cloud and simplify Kubernetes operations with VMware Tanzu complete application development and deployment capabilities.
But there is an important security aspect of this process that has traditionally taken a back seat in the continuous development lifecycle. Securing the complex mTLS environments that support a service mesh environment. For example, Tanzu Service Mesh uses mTLS as a sophisticated trust implementation that allows developers to generate certificates to services deployed in multiple clusters and clouds that are part of the same global namespace (GNS).
To improve protection for these complex environments, VMware has integrated Venafi’s machine identity control plane into its Tanzu Service Mesh. The Venafi integration enables Tanzu users to integrate their Service Mesh with a trusted certificate authority (CA) of their choice to support mutual Transport Layer Security (mTLS) between Kubernetes clusters. This allows the certificates generated for services to be part of the organizational CA trust chain.
“We are thrilled about the integration with Venafi, enabling our customers to use Tanzu Service Mesh in their own enterprise CA trust chain and use their own registry system,” says Pere Monclus, vice president and chief technology officer at VMware.
The Venafi integration with Tanzu Service Mesh enables organizations to automate the management of their machine identity lifecycles as part of their established CA trust chains. This increases observability and control, while ensuring compliance in regulated industries.
As a result, organizations can:
- Automate the issuance and renewal of machine identities via Venafi’s control plane, enabling developers to move at speed whilst remaining secure.
- Generate identities from over 40 trusted certificate authorities (Cas) that fit within their organization’s trust chain instead of relying on self-signed mTLS identities.
- Gain unparalleled observability, consistency, reliability and flexibility over machine identity management, ensuring compliance with regulations.
“It’s exciting to see VMware simplify customers’ cloud native journey, while still ensuring enterprise-grade security,” addsKevin Bocek, VP Security Strategy and Threat Intelligence at Venafi. “Other service mesh – such as Istio –only support self-signed machine identities out-of-the-box, which fall outside of companies’ existing machine identity management infrastructure and trust chains. It’s great to see VMWare is addressing this security gap by tapping into the control plane for machine identity management in a way that’s frictionless and security-team approved.”
Cover every cluster with ease and efficiency.
Related posts