Corey Dinkens and Joe Mann contributed to this blog post.
At VMware, we continue to hear from our customers that centralized Kubernetes management capabilities are very valuable to their mixed, distributed environments. And since the launch of our self-managed solution for VMware Tanzu Mission Control, we have seen increasing interest from regulated industries and customers with highly distributed infrastructure that need to meet their specific security and compliance needs, or better manage their large environments.
Per the latest VMware State of Kubernetes report, it is reported that more than half of the software development and IT professionals surveyed (53 percent) said that data security, protection, and encryption is the most useful category of tools for Kubernetes in production. In that thread, 48 percent of respondents reported that they are willing to invest in paid support or services for security tools.
The VMware State of Kubernetes 2023 report shows that data security, protection, and encryption are very useful tools for Kubernetes in production.
Using an air-gapped solution can help customers achieve their data security and protection needs and, when it comes to Tanzu Mission Control, we offer many other benefits in support of better Kubernetes management. Our solution is a centralized hub for management of distributed environments, including policy, access, and lifecycle management, but also, data protection and automation capabilities, which our customers highly value.
For data protection, VMware Tanzu leverages Velero, an open source backup and restore tool, to allow users to create and schedule backup and restore operations across clusters for increased crisis preparedness and application mobility, all while protecting data sovereignty. Velero includes support for a container storage interface (CSI) snapshot for backing up Kubernetes volumes, which offers point-in-time backups that are more current (i.e., recent data) and crash consistent.
For automation, VMware Tanzu users can ensure consistency, reduce human error, and facilitate a streamlined management of their Kubernetes fleet at scale by using infrastructure as code (e.g., Terraform) for cluster deployment, and continuous delivery (e.g., GitOps with FluxCD) for cluster configuration, such as adding software packages. Additionally, these features can be used for single clusters or groups of clusters.
All of those capabilities were included in the 1.0 release of Tanzu Mission Control Self-Managed and now, the 1.1 version maintains those benefits and further enhances the installation and onboarding experience with a few updates aiming to enable customers in several ways:
Bring more (up to 500) clusters under management
Deploy Helm releases from private Helm repositories
More easily use Active Directory and OpenLDAP for identity services
Leverage the Tanzu CLI and the most recent releases of Tanzu Kubernetes Grid
The deployment experience is further enhanced with the support of our VMware Tanzu Labs services team, which can help you activate, accelerate, and scale your deployments. Activate services create quick wins and thin slices of path to prod that demonstrate immediate value. Accelerate services expand adoption and deliver significant wins across new teams. And finally, scale services focus on execution to deliver holistic outcomes across the enterprise.
We built the following solution to better serve several groups:
Customers with data sovereignty and compliance concerns (e.g., finance, healthcare, and federal government) who must abide by local compliance regulations
Customers with distributed Kubernetes environments (e.g., manufacturing and retail) with local stores/plants/clinics that need to operate with limited connectivity
Partners focusing on building a sovereign cloud solution, as part of the VMware Cloud Provider Program
We have seen good traction with some use case examples. To learn more about these, keep reading.
Removing management toil and ensuring compliance for a safety app
One of our customers in the public sector was already a vSphere user but wanted to leverage VMware Tanzu solutions for their Kubernetes environments as they rehosted their materials management app to an air-gapped VMware Tanzu cluster.
This app is used to keep hundreds of people safe around critical materials and Tanzu Mission Control Self-Managed was the ideal solution for them since they couldn't leverage SaaS solutions that are not compliant with the Federal Risk and Authorization Management Program.
They were facing stability issues with their prior solution and the ability to easily monitor their cluster resources and the status of their application is very valuable to them.
They cut cluster management time while removing toil from their small Kubernetes team, ensuring compliance with access and role binding in addition to custom policies, and leveraging monitoring capabilities to respond to incidents faster.
Managing thousands of small clusters in distributed grocery stores
Another customer in the retail space had some interesting scalability challenges that demonstrate the unique hurdles that edge computing brings to the table. Instead of a few large clusters, this customer has to manage thousands of small clusters at remote sites and needs to figure out how to do consistent lifecycle management and monitor their environments centrally when there are network limitations.
They are evaluating Tanzu Mission Control Self-Managed to tackle their edge challenges since they already use the SaaS version to support their on-premises environments—which are targets for the repatriation of some workloads from the public cloud. Those workloads are mainly customer-facing apps such as customer rewards systems, delivery, and pricing apps, and will leverage environments based on vSphere with VMware Tanzu deployed on VMware Cloud Foundation infrastructure in the data center in stores.
They value our open source approach and intend to build multiple abstraction layers to better support their application development teams. As many of our customers have recently discovered, every app team was doing their own thing, and so they are working to create a consistent platform to increase developer productivity by leveraging the VMware Tanzu portfolio. Another area of improvement they have on their roadmap is application lifecycle management and they intend to use the continuous delivery features in Tanzu Mission Control, powered by FluxCD, to support them in that effort when deploying applications to production.
Building and managing modern apps in sovereign clouds
Francois Loiseau, an innovation director at OVHcloud, has been a VMware design partner for the past few months, providing valuable feedback for our Tanzu Mission Control product team.
OVH has customers in many industries, including the military, healthcare, and financial services, that need their data to be confidential and located where no foreign actors would be able to access it physically or virtually. This is also true for their metadata, describing virtual machines and cloud environments.
Still, those customers would like to leverage the power of centralized Kubernetes management capabilities in their trusted sovereign cloud infrastructure, which OVH offers today as a VMware Cloud Service Provider.
They have 37 datacenters in 17 locations across 9 different countries and provide services across 4 continents to ensure that data/metadata access inside their customers' environments are compliant with local laws and regulations.
According to Francois, as customers are in the middle of the platform-as-a-service (Paas) revolution, their applications must leverage new technologies and scale seamlessly, therefore Kubernetes adoption is on the rise. But the learning curve is not so smooth for some, and that is where OVH brings value. They provide Kubernetes clusters (or part of clusters) to their customers so that they can deploy their applications via Terraform or VMware Aria Automation (formerly vRealize Automation). They use Tanzu Mission Control to accomplish this, such as using vCenter for virtual machines. The solution allows them to apply policies and access controls to Tanzu Kubernetes Grid clusters according to the customers needs. Learn more about OVH solutions.
What's next?
To learn more about the Tanzu Mission Control self-managed solution, please watch our webinar recording and listen to the Tanzu Talk podcast.
During VMware Explore in Barcelona, we presented the solution again, and you can watch the recording.
You can also visit the Tanzu Mission Control product page, review the documentation, and download Tanzu Mission Control Self-Managed today.
About the Author
More Content by Carol Pereira
