chris - Fotolia

VMware adds access control features to Tanzu

VMware has added attribute-based access control to the Tanzu Service Mesh. VMware is also adding a load balancer for Tanzu-managed containers.

VMware has improved access controls in its Tanzu Service Mesh while also integrating its latest load balancer with the software for managing connections among Kubernetes containers.

VMware introduced this week attribute-based access control (ABAC) for Tanzu-managed containers. The company offers Tanzu for customers who want to run Kubernetes containers on the vendor's vSphere server virtualization platform.

ABAC lets IT staff set access policies for containers based on the accessing device's identity and its user. Besides access control, Tanzu can restrict communication between containers and monitor whole container clusters that constitute a full application.

VMware also integrated its NSX Advanced Load Balancer into Tanzu. In general, VMware has added a series of APIs that will let container developers spin up whatever services they need without touching the load balancer.

"Developers should focus on developing, not on configuring load balancers," said Tom Gillis, senior vice president and general manager of networking and security at VMware, during a press briefing.

How Tanzu, OpenShift and Ezmeral compare.

Project Antrea

Gillis also discussed VMware's support for Antrea, an open source project that provides the network stack for connecting containers within clusters. In August, VMware announced that it would offer Antrea-based container networking with NSX-T.

In essence, Antrea and NSX-T provide a two-tier approach to container networking: Antrea offers the security and network services used by developers, and NSX-T provides connectivity across clusters or to a virtual machine at the same time.

"This two-tier architecture is highly scalable," Gillis said.

For companies with many employees working from home, VMware introduced SD-WAN Work from Home subscriptions. The service lets companies manage connections to employees' home networks through the VMware VeloCloud software-defined WAN.

Project Monterey

Finally, VMware plans to add Layer 4 firewall capabilities to Project Monterey SmartNICs unveiled in September during VMworld. Project Monterey is VMware's plan to run software-based networking and security on processors within a SmartNIC to reduce the demand on a server's CPU to improve its performance.

VMware said earlier that it would offer on SmartNICs Layer 2 and Layer 3 switching and routing, and a Layer 7 firewall with intrusion detection and intrusion prevention systems. The offloaded services would run on a VMware ESXi hypervisor.

VMware has not provided a release date for Project Monterey. However, the new capabilities in Tanzu will roll out by the end of the year.

Dig Deeper on Cloud and data center networking

Unified Communications
Mobile Computing
Data Center