Introduction
At the last VMware Explore, held at the end of the summer of 2022 in US and in November in Europe, the company introduced a lot of new products and technologies. Some of them are worthy to be titled “VMware Projects”. These are still in the early stages of development and are yet to be introduced in the future either as components of already existing platforms or as distinct solutions. Today, let’s talk a little bit about them.
So What’s New?
For starters, let’s check what VMware Projects exactly were introduced at the conference:
- Project Newcastle
- Project Narrows
- Project Northstar
- Project Watch
- Project Trinidad
- Project Keswick
It won’t hurt to know what they do, so take a look at the details.
1. Project Newcastle
The image above presents cryptographic policies between the clouds that support Post Quantum Cryptography providers during multi-cloud communication.
Project Newcastle is essentially a solution that uses Post Quantum Cryptography (PQC) to create a framework based on policies designed to organize migration to modern security technologies for a new generation of apps.
This product is envisioned to be a solution integrated with the Tanzu Service Mesh architecture. The goal is to reconfigure cryptography for apps so that it would meet the requirements of the organization’s policies and industry standards.
In partnership with Entrust, VMware is planning on providing enterprise-grade solutions with full PQC support, which allows orchestrating certificate life cycle management according to policies. Practically, the “Entrust + Project Newcastle” combination supports all such processes.
2. Project Narrows
This new solution performs dynamic security scanning for containers. Today, a lot of Kubernetes users are already using the Harbor solution to store, scan, and sign content in order to distribute Cloud Native apps within the software supply chain. Project Narrows is basically an addition to Harbor, which allows accessing the security state of Kubernetes clusters in runtime.
Images previously unchecked, will be scanned not only at the time of introduction to a cluster, but during runtime as well. Now, you can catch vulnerabilities, flag images, and quarantine workloads.
This will provide the following advantages:
- Immediate awareness of a vulnerability while a workload is running
- Stopping an attack while an application is running
- Mitigating exploits in a live application without having to eliminate the container
- Discovering exploits in more complex applications and services
- Identifying complex multi-step attacks
The Project Narrows architecture allows integration with Harbor as a plugin (highlighted area on the image above) for Kubernetes clusters in need of dynamic scanning.
3. Project Northstar
Project Northstar is a preview of a SaaS-based technology that will be available to NSX customers. It will provide a set of on-demand multi-cloud networking and security services, end-to-end visibility, and network communication controls.
The idea is that Project Northstar will be able to relieve large enterprises from the burden of using a different set of networking features (management, security, automation of operations) available in every private or public cloud. As of now, admins use different consoles of different cloud providers. At a larger scale, the human factor inevitably leads to errors.
When Project Northstar is here, you will only need one multi-cloud network communication tool to manage all network services:
The architecture is built on the stack of technologies and products such as Network Detection and Response (NDR), NSX Intelligence, Advanced Load Balancing (ALB), Web Application Firewall (WAF), and HCX. It supports both public and private clouds, including VMware Cloud infrastructure.
Essentially, Project Northstar is an evolved version of the NSX platform that will realize 5 different services:
Previously, all of the aforementioned were only available to the users of the NSX solution and VMware Cloud on AWS. Within the framework of Project Northstar, they will be available to different clouds and hybrid environments as SaaS.
4. Project Watch
Project Watch is an extension of an already existing application security and availability infrastructure from VMware. This technology is expected to allow performing operations and supporting multi-cloud connections on top of existing hardware architecture and security infrastructure.
It includes the following aspects:
- Automated support of encrypted multi-cloud connections across Clouds (AWS, Azure, and GCP), Cloud Zones (VPCs and VNETs), and security operations decreasing the chance of human errors.
- Continuous risk and compliance assessment with the possibility to obtain a diverse set of tools to mitigate risks and follow corporate policies.
- Integration of workflows of SecOps, CloudOps, and line of businesses, for more efficient communication between teams.
Project Watch aims to introduce a new standard in the risk assessment field that conveys various security metrics. For example, according to corporate policies the user to app, or app to app transactions can only be performed with a risk score of less than 80.
Meanwhile, it will also be about non-binary decisions, where the admin chooses more than just Permit/Deny rules. With the help of Project Watch, you will be able to support a high level of available communications with gradual risk mitigation and flexible police regulations.
5. Project Trinidad
This VMware platform is meant to realize API and analytical tools to detect suspicious activities in the traffic between modern applications. Thanks to Project Trinidad, you will be able to use API tools for East-West traffic between the apps based on microservice architecture to establish patterns of standard connection and monitor for anomalous communications the human eye cannot detect.
The federated machine learning (FML) tools will allow using machine learning algorithms that will analyze a large amount of data about vulnerabilities. This will give you the possibility to start using this solution right away. No additional learning with your own infrastructure is required.
The product will function as a SaaS, requiring no outside involvement from the side of an admin to keep it up and running. On-premises installation will be available too. That way, the customers can experience maximum flexibility. This solution eats up less than 5% of all resources, but it will give the admins of any company enough means to guarantee security of the highest level.
6. Project Keswick
Keswick is a product built on top of ESXi hypervisor that will work only on VMware-certified hardware to support the highly-optimized deployment of workloads in Kubernetes clusters.
This approach will enable customers to simplify the deployment, management, and support of containerized apps. Keswick deployment is entirely automated and uses Git as a single source of truth for a declarative way to manage your infrastructure and applications through desired state configuration enabled by GitOps. Project Keswick will ensure that everything is going the most optimized and fastest way at the Edge infrastructure level.
Also, Keswick has tools to support users in real-time and allows to maintain maximum performance. Keswick can be downloaded from USB devices or through the PXE interface at the Edge location. It will be ready for usage right away.
In Conclusion
These six projects represent the main initiatives of VMware introduced at the Explore 2022 conference in the USA, which will be released in the future for improving on-premises and cloud solutions. Each is a useful set of functionalities and tools, and it will be interesting to see them at work when they are finally here. As a rule, VMware either presents such novelties as distinct products or integrates them within already existing solutions, adding new functionalities.