Access a Streamlined DevX for Amazon EKS and Extend the Power of AWS to More Apps with VMware

December 1, 2021 Patricia Johnson

We’ve all heard the proverb “necessity is the mother of invention.” But have you stopped to consider how very true that is for enterprise applications? Docker invented the lightweight container runtime to answer the needs of agile development teams building cloud native apps. The growing ubiquity of containers necessitated the invention of a way to manage them in large numbers across fleets of machines—what we now know as Kubernetes. And the massively flexible Kubernetes runtime has created a need for ways to harness its power so developers can onboard easily to deliver value fast. How do you get more apps to the cloud continuously and manage them at scale?

When you consider the vast ecosystem of cloud native technology options at your disposal today, whether from public cloud providers like Amazon Web Services (AWS) or from the open source Cloud Native Landscape, it’s a complexity of choice. Developers and operators alike can be overwhelmed and overburdened as they grapple with every step from iterative coding to applications running in production. 

VMware can simplify the cloud native journey, enabling you to accelerate your cloud adoption and consumption. Our modern application and cloud management solutions enable you to efficiently evolve your apps and infrastructure from on-premises to AWS. You’ll be able to deliver value faster with a streamlined developer experience for Amazon EKS, as well as manage AWS and hybrid environments efficiently and more securely.

Let’s review some key product announcements at AWS re:Invent that help you make the most of the public cloud, including:

  • VMware Tanzu Application Platform beta for Amazon EKS

  • Application Transformer for VMware Tanzu tech preview

  • VMware Application Catalog expanded image support

  • VMware Tanzu Service Mesh Enterprise edition with API security general availability

  • CloudHealth by VMware FinOps beta features

  • VMware Tanzu Kubernetes Grid hardening for federal and public sector

Tanzu Application Platform for Amazon EKS: Fast developer productivity with guardrails

In September, we introduced the beta of Tanzu Application Platform, a composable Kubernetes abstraction layer that enables faster, more secure application design, development, and delivery. Developers can go from code to URL in minutes using preapproved DevSecOps pipelines. As stated by one of the beta users:

“Tanzu Application Platform allows you to identify the bottlenecks and easily tune [them] while giving appropriate guardrails to mask what’s underneath with the Kubernetes platform.” 

Tanzu Application Platform works across any Kubernetes, including Amazon EKS, to simplify the developer experience. Here are some key benefits:

  • Application jump start – Developers get a sensible starting place for their cloud native apps with application accelerators. These templates include skeleton code, configurations, and cloud native patterns combined with an organization’s best practices and security policies.

  • Development velocity – Developers can work right in their integrated development environment (IDE) with Tanzu Application Platform developer tools. They can debug a running container on any Kubernetes cluster (running locally or on a managed Kubernetes cluster like Amazon EKS) and quickly update code in a running container, enabling them to quickly test and iterate.

  • Accelerated path to production – No more “wall of YAML” for deploying apps to Kubernetes. Operators can use the supply chain choreographer to enable automated app delivery with security and compliance built in. They can customize the path to production to meet business needs, integrating EKS or other Kubernetes resources as required. In addition, the build service uses Cloud Native Buildpacks to automatically create containers from validated building blocks and update them with no manual intervention. All of this reduces friction for developers and enables a stronger security posture. 

We recently released new beta capabilities as well, including platform profiles for installing Tanzu Application Platform. You can choose to install the profile for the full package or one for a “developer light” version of capabilities. This makes it easier and faster to install onto your existing EKS environment or any other Kubernetes environment.

Check out this video to see how Tanzu Application Platform works with Amazon EKS.

This beta release also includes a graphical user interface (GUI) for consistent visibility into workloads and applications across application teams. Using technology from the Backstage Project, which is an open source initiative started by Spotify, the centralized GUI provides needed context on applications from a Kubernetes point of view and enables teams to collaborate and build on each other’s work. It’s a view into the Tanzu Application Platform that can shorten the learning curve and get you to work faster on any Kubernetes. Download the beta today.

Modernize legacy apps to run on AWS with Application Transformer

Sometimes, it’s best to step back and survey the elephant in the room: your existing apps! Are you mainly focused on building new cloud native applications, or are you, like so many others, facing an existing application portfolio of monoliths that needs to be assessed and modernized? You might want to containerize some existing workloads to run in the cloud for quick gains in security and manageability, or you might decide to rearchitect and rewrite existing, business-critical software to be continuously delivered and resilient. But where do you start?

We’re excited to share a tech preview of Application Transformer for VMware Tanzu, available for VMware Cloud on AWS (VMC) and the VMware vSphere environment. Application Transformer for Tanzu is a tool designed to target replatforming—helping you simplify and speed your app modernization journey. 

With Application Transformer, you’ll be able to:

  • Discover virtual machines (VMs), applications, and components running on vCenter (more than 200 application types are supported!)

  • Automatically generate application topologies, giving you complete visibility into your application environment 

  • Make informed decisions on which applications to modernize and prioritize based on technical scores and business values

  • Create OCI-compliant container images for Linux-based applications through a simple wizard-driven process

You’ll gain the data you need to make informed decisions about which applications to modernize and then automate the process of replatforming those apps. Learn more about how you can get started with Application Transformer.

Curated Application Catalog of VM images available for VMware Cloud on AWS

At VMworld, we announced that VMware Tanzu Application Catalog was evolving to VMware Application Catalog. This change was made in recognition that the scope of this powerful image curator was expanding to include VM images. 

At its core, however, VMware Application Catalog continues to help you achieve enterprise security and compliance requirements without compromising the agility and speed needed to execute your modern DevOps practices. The catalog offers:

  • The ability to provide custom golden base operating system images

  • Continuously updated application components with comprehensive metadata as proof of provenance

  • Build-time vulnerability and antivirus scanning with auditable results

Support for VM images means that VMware can meet you wherever you are on your modernization journey. Note that the VM images are tested on VMware Cloud on AWS as one of the deployment platforms. Check out all the applications available for VMware Application Catalog.

API security for AWS with Tanzu Service Mesh Enterprise

APIs bring ubiquitous connectivity to modern applications, enabling microservices, users, and devices to integrate and interoperate with one another. At the same time, APIs create exposure for your applications—every connecting point can be a point of vulnerability—so securing them becomes paramount. 

Tanzu Service Mesh Enterprise, which became generally available in October, enables API security, observability, and compliance for modern applications. It also integrates with and extends Amazon EKS by enabling secure connectivity services that work cross-cluster and cross-cloud. 

The Enterprise edition creates an application map so you can see how your modern, multi-cloud applications behave and, more importantly, how their behavior changes over time. This includes mapping how sensitive data flows within and out of an application. It will detect anomalies in behavior and notify you of deviations from a “normal baseline.” You can also establish granular API and data security and segmentation policies to detect and respond to threats, such as those identified in the OWASP API Top 10. Tanzu Service Mesh Enterprise will enable you to alert the right teams when problems occur (development, DevOps, AppOps, SecOps, etc.) and to troubleshoot with in-depth forensics and root cause analysis. 

Check out Tanzu Service Mesh Enterprise edition in action.

Simplified cloud FinOps for native AWS and VMC on AWS

As you run more apps on your AWS cloud infrastructure, you’ll need to be able to optimize costs and govern securely. The CloudHealth by VMware Suite offers both financial management and a cloud native security approach that can give you confidence in your cloud adoption. 

The CloudHealth platform enables you to:

  • Increase your cloud infrastructure efficiency by giving you visibility and governance across services, accounts, and regions

  • Understand your cloud usage and spend by cost center, application, or team to drive meaningful business decisions

  • Improve your cloud security posture with real-time visibility into security and compliance misconfigurations with CloudHealth Secure State

At AWS re:Invent, we are announcing two beta features for the CloudHealth platform that will aid AWS customers in their quest to scale cloud usage. For example, with every new service, account, or region added to your cloud inventory, managing cloud spend becomes increasingly difficult. Now, in an initially exclusive beta for AWS, CloudHealth has introduced a new feature that detects real-time spend anomalies—like sudden increases or decreases—to build a cost profile over time. This historic visibility enables FinOps practitioners to respond proactively to business needs. Existing customers who are interested in the private beta can reach out to their CloudHealth Technical Account Manager to determine eligibility. 

The second beta capability announced is cost and usage visibility into VMware Cloud on AWS so that you can view all public and hybrid cloud costs from a single place. This is supported for customers who have purchased VMware Cloud on AWS directly from VMware. In CloudHealth, VMC on AWS is in public beta and available for configuration in the platform.

CloudHealth as well as CloudHealth Secure State are both available through the AWS Marketplace.

Hardened Kubernetes distribution for AWS and hybrid cloud

As Kubernetes is becoming a more common destination for workloads in the enterprise, compliance-heavy industries, particularly the public sector and federal agencies, require that the software they use meets security regulations. For example, the United States Federal Information Processing Standard (FIPS) is a set of security requirements for data encryption that software and systems must meet in order to be used by the federal government.

We’re excited to announce that Tanzu Kubernetes Grid core components—specifically the Kubelet, Kube-apiserver, Kube-controller manager, Kube-proxy, Kube-scheduler, Kubectl, Etcd, Coredns, Containerd, and Cri-tool—have been compiled with the BoringCrypto FIPS modules that are based on FIPS 140-2-approved algorithms. This means that you can run a consistent, compliant Kubernetes distribution across the data center, public cloud, and edge.

What’s more, applications built with VMware Tanzu Build Service or consumed from VMware Application Catalog and then deployed to Tanzu Kubernetes Grid can automatically be compiled, served, and patched with a FIPS-compliant base image selected by operations teams—all with little effort from development teams.

We have also published how Tanzu Kubernetes Grid can enable you to adhere to the Federal Information Security Management Act (FISMA) high-impact level using the National Institute of Standards and Technology (NIST) 800-53 controls. These controls enable standardized frameworks for how to protect information and data systems from threats, including malicious third parties, structural failures, and human error. 

In addition, Tanzu Kubernetes Grid now includes hardening verification content as well as assessment and remediation automation for adhering to the Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) and Security Requirements Guidelines (SRG). These guides outline how an organization should handle and manage security software and systems for the Department of Defense (DoD).

From applications to infrastructure, VMware offers modular, full-stack capabilities that complement AWS to help you get more apps to the cloud and enable you to manage them more securely at scale.

Grid of VMware modern apps and cloud solutions for AWS

VMware modern apps and cloud management solutions for AWS

For more information:

Previous
A Day in the Life of a VMware Tanzu Labs Product Manager
A Day in the Life of a VMware Tanzu Labs Product Manager

From morning standup to stakeholder alignment discussions, here’s how we at Tanzu Labs maintain a sustainab...

Next
How Rapid Iteration with GraphQL Helped Reenvision a Government Payments Platform
How Rapid Iteration with GraphQL Helped Reenvision a Government Payments Platform

How VMware Tanzu Labs worked with an Australian state government agency to transform its payments system.