Global namespace, a unique concept in Tanzu Service Mesh, is a logical abstraction of an application from infrastructure that physically spans across multiple clouds and environments. VMware Tanzu Enterprise leverages the abstraction of Tanzu Service Mesh’s Global Namespace (GNS) construct, to offer API discovery, detection, and behavioral security and observability capabilities across multi-cloud environments. An advantage of GNS is the ability to define a policy once and apply it everywhere.

Advantages

  • Abstracts application components and view from infrastructure.

  • Allows seamless integration of multiple heterogeneous clouds.

  • Ensures inherent security by providing an isolation boundary for an application.

  • Provides a single location for the application of global policies.

  • Helps address non-functional requirements of applications.

Note:

Same application can have different Tanzu Service Mesh Enterprise capabilities depending on the GNS it runs on.

There are additional capabilities for Tanzu Service Mesh Enterprise that Global Namespace extends beyond the ones mentioned in Global Namespaces for Tanzu Service Mesh Advanced:

API Security

Global namespace enforces API vulnerability detection & mitigation, API baselining and drift detection (including API parameters / schema validation).

Application Secure Connectivity

GNS provides strong isolation, global service identities, certificate management, and mTLS encryption for ensuring secured connectivity between applications.

API/PII Segmentation

Global Namespace provides attribute-based access control (ABAC), Personally Identifiable Information (PII) data detection and tracking, and end-user detection policies for applications.

API Visibility

Tanzu Service Mesh aggregates API analytics, events, and logs such as API's overall security and performance metrics within the global namespace. Tanzu Service Mesh provides a GraphQL endpoint through which you can query API data.

Auto Discovery (API Discovery, PII Data Discovery, User Discovery)

By configuring the global namespace, you can observe traffic patterns and behaviors between services, as well as configure security policies and features. For more information on activating any or all of these auto discovery options (API Discovery, PII Data Discovery, User Discovery) when creating a global namespace, see Auto Discovery Configuration in Global Namespace.