The rise of modern apps brings new challenges. When enterprises build, deploy, and manage modern apps, many of them default to the use of containers, Kubernetes, and microservices architectures. However, those modernized components must often work with existing non containerized applications and stateful workloads like databases. In addition, when IT operators struggle to deliver the benefits of the cloud model, app teams seek more agile infrastructure in the public cloud, leading to the use of multiple clouds across on- and off premises with drastically different infrastructure and operations. Managing such heterogeneity while adhering to enterprise policies is a complex task for both IT operators and developers.
VMware Cloud Foundation with Tanzu1 is the hybrid cloud platform for both enterprise applications and container-based modern apps. Based on a proven and comprehensive software-defined stack including VMware vSphere, VMware vSAN, VMware NSX-T Data Center, and VMware vRealize Suite, VMware Cloud Foundation provides a complete set of secure software-defined services for compute, storage, network security, Kubernetes management, and cloud management.
The result is agile, reliable, efficient cloud infrastructure that offers consistent infrastructure and operations across private and public clouds. In addition, Cloud Foundation contains built-in automated lifecycle management to simplify the administration of the hyperconverged infrastructure (HCI) stack, from initial deployment, to patching and upgrading.
Key benefits
Application-focused management bringing VMs and containers onto the same platform With VMware Cloud Foundation with Tanzu, customers get unified visibility of virtual machines (VMs), containers, and Kubernetes clusters in vCenter. This advanced functionality is enabled through VMware Tanzu editions such as Tanzu Standard edition which includes an open source-aligned Kubernetes runtime that can be deployed multi-cloud – on premises as part of vSphere, on public clouds, and at the edge, as well as a global control plane for centrally and consistently managing the entire fleet of your Kubernetes clusters – lifecycle, access, security, compliance, backup and restore. The Kubernetes concept of a namespace is integrated into vSphere and becomes the unit of management. By grouping resource objects such as VMs and containers into logical applications via namespaces, Virtual Infrastructure (VI) admins who previously managed thousands of VMs can now manage just dozens of application namespaces, resulting in a massive increase in scale and reduction in cognitive load.
Enterprise-class resiliency, QoS, security, and access control for both VMs and containers All policies to optimize for performance, resilience and availability that have been available to VMs are also available to containers and Kubernetes clusters. Admins can define QoS, security policies, firewall rules, encryption settings, availability and backup rules, and access control rules at namespace level, reducing the time it takes to manage and troubleshoot applications. NSX-T has been designed as the pod networking for VMware Cloud Foundation with Tanzu. NSX-T provides the full stack networking and security to vSphere with Kubernetes including distributed switching and routing, distributed firewalling, load balancing, ingress control and more. Integrations with Kubernetes enables context-aware security policies with namespace isolation.
Developer self-service APIs to boost productivity Many IT organizations rely on slow ticketing systems to provide infrastructure services to developers because it is the only way to provide governance over developer applications and processes. Cloud Foundation provides the ability to manage at the namespace level so that admins can set policies, quota, and role-based access to a namespace once. Developers can then self-service into the namespace within the predefined boundary. With Kubernetes embedded into the control plane of vSphere, developers can create and consume cloud resources such as Kubernetes clusters, volumes (including persistent volumes for stateful applications), and networks with VMware Cloud Foundation Services (Figure 2) using Kubernetes and RESTful APIs that they are familiar with. This reduces the time and effort it takes for infrastructure provisioning and scaling so that developers can focus on building apps. Meanwhile, IT operators maintain visibility into those cloud resources created by developers through the VMware interfaces that they are familiar with.
Rapid application deployment with full stack agility
In Cloud Foundation, a workload domain is a policy-based resource construct with specific availability and performance attributes. It combines compute (vSphere), storage (vSAN), networking (NSX-T), and cloud management (vRealize Suite) into a single consumable entity.
Workload domains greatly speed up the instantiation of Kubernetes, deploying both the underlying infrastructure and Kubernetes components in an automated fashion. Workload domains also allow IT operators and developers to securely sandbox and allocate the right infrastructure for containers alongside VMs. For example, a customer can have a workload domain with Kubernetes clusters for a modern app, and another workload domain for databases or VDI apps, which have different infrastructure requirements.
Enhanced infrastructure lifecycle management
Cloud Foundation offers automated lifecycle management on a per-cluster or workload domain basis. Available updates for all components are tested for interoperability and bundled with the necessary logic for proper installation order. The update bundles are then scheduled for automatic installation on a per-workload domain basis. This allows the admin to target specific workloads or environments (development vs. production, for example) for updates independent from the rest of the environment.
Full stack networking and intrinsic security at every layer of the stack
At the container image layer, Tanzu Kubernetes Grid includes a best-in-class container registry with built-in platform monitoring, vulnerability scanning, image signing, and auditing. At the compute layer, vSphere provides comprehensive built-in security for protecting data, infrastructure, and access that is operationally simple. Policy-driven security provides VM- or pod-level encryption to protect unauthorized data access both at rest and in motion. At the network layer, NSX-T delivers micro-segmentation and granular security to the individual VM or pod workload, enabling a fundamentally more secure data center.
Security Modern Apps on VMware Cloud Foundation policies travel with the workloads, independent of where workloads are in the network topology.
At the storage layer, vSAN offers data at rest and data in transit encryption at the cluster level. Storage Encryption is built for compliance requirements and offers simple key management with support for all Key Management Interoperability Protocol (KMIP) compliant key managers.
At the management layer, vRealize solutions automate manual tasks to eliminate human error, provide monitoring and auditing the full stack, and provide self-driving operations to quickly remediate issues as they are identified.
Cloud operating model extending across private and hybrid cloud The same core software-defined infrastructure stack leveraged in private cloud deployments of Cloud Foundation is also the underpinning technology of VMware based public clouds like VMware CloudT on AWS and Azure aswell as the BPSOLUTIONS hybrid cloud platform.
With Cloud Foundation powered clouds offering consistent infrastructure and operations, customers can begin to shift to a different way of operating IT,
where service delivery is better aligned to the service consumption needs of the business.
Adopting a cloud operating model represents a move toward application modernization and new application architectures that enable digital initiatives.
VMware Cloud Foundation Takeaways
✓ Easy to deploy and run integrated cloud infrastructure, including compute, storage, networking, security, and cloud management services for modern applications on the same platform as for traditional applications.
✓ Boosts developer productivity, allowing app teams to access cloud resources they are already familiar with through industry standard APIs.
✓ Simple to operate and future proof hybrid cloud strategy that provides consistent operations across on-premises, edge and public cloud environments with the ability to deploy VMs, containers, and any next-generation applications with centralized control across multiple clusters and teams.
If you would like to help you challenge your cloud strategy, please contact us.
Want to make your world a little smarter?
Get in contact with Mark Jenster and we will reach out to you.