VMware is all set to acquire cloud-based application security startup Mesh7. With this acquisition, VMware hopes to boost its Kubernetes, microservices, and cloud-native services. “Once the deal closes, the Mesh7 technology will enable VMware to bring visibility, discovery, and better security to APIs,” said Tom Gillis, senior vice president and general manager of VMware’s Networking and Security business.
What Is In It For VMware?
VMware is keen on app modernisation as it would free IT and developers from single, rigid environments and make the whole service more agile. Building modern applications requires reliable connectivity, a dynamic service discovery, and the ability to automate changes across multi-cloud environments. On the security side, teams and security operators would need better insights into application behaviour and overall security postures.
To deal with such requirements, VMware has been actively tapping open-source technologies. One such technology is Envoy, an open-source Layer 7 proxy designed for large modern service-oriented architectures. Envoy is based on proxy server solutions such as NGINX, HAProxy, cloud load balancers, and hardware load balancers. It runs along with the application, and abstracts the network by providing features, irrespective of the platform being used.
AIM Daily XO
Join our editors every weekday evening as they steer you through the most significant news of the day, introduce you to fresh perspectives, and provide unexpected moments of joy
VMware’s Tanzu Service Mesh is based on Envoy. Tanzu is a portfolio of products and solutions for customers to build, run, and manage Kubernetes controlled applications. Envoy provides consistent connectivity and security for microservices across Kubernetes clusters and clouds.
Application connectivity models are moving towards APIs and Layer 7 construct. API gateways are being integrated with developer workflows. While VMware chose to build its service mesh with Tanzo instead of integrating open source projects, it still lacked a secure API gateway to be integrated into Kubernetes ingress resource for applications to communicate with each other.
Download our Mobile App
Here is where the acquisition of Mesh7 proves beneficial.
“VMware is seeing increased demand for a fully integrated API + service mesh product with Envoy as the foundation. The exact same Envoy architecture used in the initial service mesh use case can also control how one application can talk to another application via APIs,” said Gillis.
With Mesh7 on board, VMware can leverage its contextual API behaviour security solution with Tanzu Service Mesh. This integration will enable VMware to deliver a high fidelity understanding of the communication between applications. So while Tanzu Service Mesh will handle intra-service communication, Mesh7 will be responsible for inter-service communication from external sources. Additionally, developers and the security team can administer better DevSecOps as they would better understand how applications and microservices are communicating via the APIs.
What makes Mesh7’s contextual API behaviour solution perfect for Tanzu Service Mesh is that both the technologies are based on Envoy, allowing for better integration. Mesh7 technology improves application resiliency and reliability. It also addresses issues related to security and compliance for cloud-native, API-based, and other distributed applications.
Notably, VMware’s competitor Red Hat backs the Istio service mesh. In 2016, Red Hat acquired API management company 3scale to add API gateway capabilities to its Kubernetes based-open source container application platform OpenShift. The Istio-3scale combination is similar to Tanzu-Mesh7.
What Is Mesh7?
Headquartered in the Bay Area, Mesh7 was founded by Amit Jain and Pratik Roychowdhury. Initially named Kavach, the company builds niche API gateway to secure microservices running in virtual machines and Kubernetes. Mesh7 stands out among its rivals as it focuses on the security of the network at layer 7 (application layer), which is concerned with the traffic management associated with underlying microservices.
As per the company website, “The solution empowers information security leaders, cloud application security practitioners, and application owners with the security and observability capabilities they need to protect their modern, cloud-native applications and microservices against distributed & deep application-layer threats and breaches.”
Earlier, Mesh7 had raised funding from The Fabric, Splunk, Juniper Networks, and March Capital.