By any measure, VMware Cloud Foundation 4 is a massive release that delivers a lot of net new functionality up and down the stack, more than we could ever possibly cover in a single blog. To ensure everything is covered, we’ll break this into consumable segments with a business focus on what makes these innovations so compelling. In this post, we’ll take an in-depth look at the obstacles most organizations need to overcome in order to achieve modernization of both the applications and infrastructure that are core to enterprise digital transformation initiatives. Through this series, we’ll explore the solutions presented by VMware Cloud Foundation 4 with Tanzu from architectural lens, with focus on how to achieve the business mandates by delivering an open, Hybrid Cloud platform for modern and traditional apps.
To launch this series, we’ll put a spotlight on the Tanzu Kubernetes Grid integration with vSphere 7, newly re-architected with Kubernetes to run both modern container-based and traditional virtual machine-based workloads and delivered exclusively on VCF 4. As an integrated full-stack solution, VCF 4 with Tanzu is a critical component to successful deployment of these complex, container-based distributed applications and microservices. By automating deployment of the infrastructure components, VCF 4 empowers developers to deliver new apps faster without having to worry about the underlying infrastructure, which could be private cloud, public cloud or at the telco edge. VCF 4 enables the virtual infrastructure (VI) admins to abstract and allocate infrastructure as services delivered through APIs and integrated with a complete Kubernetes runtime service to support the development teams while maintaining compliance with all of the IT governance and security controls.
At the core of the March 10th modern applications announcement was the native integration of Kubernetes into the vSphere 7 control plane, delivered through VMware Cloud Foundation 4 which also integrates the cloud native storage features delivered with vSAN 7 and container management with vRealize 8.1. Together, what makes this portfolio so compelling is that it provides a comprehensive framework for solutions that directly target the pain points that organizations face when standardizing on Kubernetes as a container orchestration framework to accelerate their internal DevOps ecosystems.
Growth of Modern Applications must overcome some headwinds
What’s driving growth of modern applications is the shift of businesses moving towards agile processes to drive more innovation using containers and microservices. While the shift has been happening for several years, according to IDC, 2019 was the first year that Line of Business IT investments exceeded IT infrastructure and operations spend. From a strategic standpoint, VMware has made a number of key acquisitions (Pivotal, Heptio, Bitnami, Carbon Black to name just a few) to complete the product and solution portfolio to directly address this opportunity. The modern apps launch is a direct result of integrating these solutions (introduced last year as “Project Pacific”) into a full suite of products that enable organizations to Build, Run Manage, Connect and Protect the thriving ecosystems that are driving these modern applications.
When the mission is to build and run modern applications at scale, it’s important to understand the key challenges (headwinds) that both developers and operators must overcome in order to increase productivity in these fast-paced DevOps environments. Application (developers) and Infrastructure (operators) teams often have very different perspectives and as a result, they tend to operate in silos. This creates a chasm that introduces friction, which is the kryptonite that throttles productivity, causing the teams to seek alternatives.
Developers view the world from an “applications down” perspective, focusing on the sole task of building and running container-based applications using a unique set of services, tools, registries and APIs. For these developers to be effective, infrastructure and their Kubernetes runtime should be abstracted into a set of services and delivered on-demand completely self-service via APIs.
Figure 1: Developers – Application Down; VI Admins – Infrastructure Up
The infrastructure team on the other hand, views their environment from the “infrastructure up” into the applications. The operators are tasked with integrating Kubernetes into their existing infrastructure components, operational procedures while maintaining all of the controls for governance, security and compliance. Without the proper infrastructure, tools and services, the admins are forced to break operational process to address the developer requirements.
Before VCF 4 with Tanzu, these complex Kubernetes systems operated as separate environments with all of the networking and security mechanisms handled in a “one-off” fashion. These container orchestration systems are integrated into existing IT processes for service delivery. Because these systems lack the proper levels of compliance, automation and orchestration, developers are forced to use existing IT ticketing systems, creating additional friction causing the app teams to seek alternatives.
VMware Cloud Foundation 4 – Powered by vSphere 7 with Kubernetes
At the core of VMware Cloud Foundation 4 with Tanzu are the latest innovations in vSphere 7 with Kubernetes that directly address the challenges stated previously. By establishing vSphere 7 as a platform that consolidates containers and VMs into a single stack with the development tools and Kubernetes runtime, developers and operators can now collaborate. This collaboration is further enhanced through VCF 4 with Tanzu by integrating and automating the storage, networking and management components with the Kubernetes runtime into a suite of services called VMware Cloud Foundation Services.
Figure 2: VMware Cloud Foundation 4 with Tanzu
These services consist of Tanzu Runtime Services and Hybrid Infrastructure Services which are delivered through a set of Kubernetes and REST APIs. This services layer enables developer self-service, allowing the applications to be managed through a namespace construct which has also been integrated into the vCenter Server management control plane. Rather than managing thousands of disparate VMs, admins can now manage a few dozen namespaces with much less cognitive load. VCF 4 with Tanzu allows applications and infrastructure to be delivered at massive scale on premises, at the edge or in the cloud.
Within VCF 4, workload domains are used to consolidate the complex Kubernetes clusters into policy-based resources that contain specific availability and performance attributes. By integrating vSphere, vSAN, NSX-T and vRealize cloud management into a single automated infrastructure layer, Kubernetes clusters can be deployed rapidly. VCF workload domains (WLD’s) accelerate deployment of Kubernetes clusters, deploying both the underlying infrastructure and Kubernetes components in an automated fashion. This WLD construct allows operators and developers to further collaborate and more securely sandbox and allocate the right infrastructure for containers alongside VMs.
Cloud Operating Model – Consistent Infrastructure and Operations
VCF is built from a cloud operating model that deploys the same core software-defined infrastructure in private cloud and public cloud deployments (VMware Cloud on AWS, Azure VMware Solutions, etc.). This cloud operating model delivers consistent infrastructure and operations, which is particularly important for customers deploying modern apps, where service delivery is better aligned to the service consumption needs of the business. Adopting a cloud operating model is only effective if you can manage the entire lifecycle of the infrastructure and applications and enable security to be handled across the entire solution stack.
VMware Cloud Foundation delivers automated lifecycle management on a per workload domain basis to better align the infrastructure with the most recent updates and patches. Available updates for all components are tested for interoperability and bundled with the necessary logic for proper installation order and scheduled for automatic installation on a per workload domain basis. This gives the admin better control to target specific workloads or environments (development vs. production, for example) for updates independent from the rest of the environment.
Security is something that must be intrinsic to the solution rather than being bolted-on. At the container image layer, Tanzu Kubernetes Grid (TKG) includes a container registry with built-in vulnerability scanning, image signing, and auditing. At the storage layer, Cloud Foundation offers data at rest encryption at the cluster level. vSAN Storage Encryption is built for compliance requirements and offers simple key management with support for all Key Management Interoperability Protocol (KMIP) compliant key managers. At the compute layer, vSphere provides comprehensive built-in security for protecting data, infrastructure, and access that is operationally simple. Policy-driven security provides VM- or pod-level encryption to protect unauthorized data access both at rest and in motion. At the network layer, NSX-T delivers micro-segmentation and granular security to the individual VM or pod workload, enabling a fundamentally more secure data center. Security policies travel with the workloads, independent of where workloads are in the network topology.
Deploying Kubernetes at scale is enabled through VMware Cloud Foundation 4 by delivering VM and container management within a full-stack HCI solution, delivering all of the infrastructure services and Kubernetes runtime services together to allow developers and operators to collaborate on building and running modern applications. You can view part 2 of this series and stay tuned for additional updates. To learn more about VMware Cloud Foundation 4, visit https://www.vmware.com/products/cloud-foundation.html. You can also follow VMware Cloud Foundation on Twitter and Linkedin.
 1: IDC WW Semiannual IT Spending Guide: Line of Business, 09 April 2018 (HW, SW and services; excludes Telecom)