Venafi Brings Cloud Native Machine Identity Management to VMware Tanzu

Venafi announced that VMware has integrated Venafi’s machine identity control plane into its Tanzu Service Mesh. The Venafi integration enables Tanzu users to integrate their Service Mesh with a trusted certificate authority (CA) of their choice to support mutual Transport Layer Security (mTLS) between Kubernetes clusters.

VMware Tanzu Service Mesh provides connectivity and security for modern applications across cloud native Kubernetes environments via advanced, end-to-end connectivity and security, enabling compliance with Service Level Objectives (SLOs) and data protection and privacy regulations. It does so by helping to control both north-south traffic from end users at the application edge through mesh egress and ingress, as well as east-west traffic between application workloads, APIs and data.

The Venafi integration enhances the Tanzu Service Mesh by enabling organizations to automate the management of their machine identity lifecycles as part of their established CA trust chains. This increases observability and control, while ensuring compliance in regulated industries.

As a result, customers can:

• Automate the issuance and renewal of machine identities via Venafi’s control plane, enabling developers to move at speed whilst remaining secure.
• Generate identities from over 40 trusted certificate authorities (CAs) that fit within their organization’s trust chain instead of relying on self-signed mTLS identities.
• Gain unparalleled observability, consistency, reliability and freedom of choice over machine identity management, ensuring compliance with regulations.

“We are thrilled about the integration with Venafi, enabling our customers to use Tanzu Service Mesh in their own enterprise CA trust chain and use their own registry system,” says Pere Monclus, vice president and chief technology officer at VMware.

“It’s exciting to see VMware simplify customers’ cloud native journey, while still ensuring enterprise-grade security,” adds Kevin Bocek, VP Security Strategy and Threat Intelligence at Venafi. “Other service mesh – such as Istio – only support self-signed machine identities out-of-the-box, which fall outside of companies’ existing machine identity management infrastructure and trust chains. It’s great to see VMWare is addressing this security gap by tapping into the control plane for machine identity management in a way that’s frictionless and security-team approved.”