Container Service Extension Developer Ready Clouds VMware Cloud Provider VMware Sovereign Cloud

Tanzu Mission Control Self-Managed for VMware Cloud Providers – Technical Overview

Introduction

We are thrilled to introduce Tanzu Mission Control Self-Managed(TMC Self-Managed), a new offering specially designed for VMware Cloud Providers and Sovereign Cloud Providers. This initiative aims to offer unprecedented control and flexibility, allowing you to self-host the Tanzu Mission Control infrastructure within your own environment. It extends the existing capabilities of Tanzu Mission Control by providing an enhanced, in-house operational experience for Kubernetes orchestration and management. In the following sections we will look at Cloud Providers features and experience.

For Cloud Service Provider admins:

Self-Hosting Flexibility:

TMC Self-Managed empowers cloud providers to host Tanzu Mission Control on VMware Cloud Director, enhancing data sovereignty and compliance. TMC Self-Managed installation happens on Container Service Extension’s Provider managed Tanzu Kubernetes Cluster. VMware Cloud director’s Solution Add-On framework is used to manage TMC Self-Managed as an extension as shown in the screenshots below.

Cloud Provider's view of Solution Add-on management and Installed Tanzu Mission Control - Self Managed
Figure – 1 Cloud Provider’s view of Solution Add-on management and Installed Tanzu Mission Control – Self Managed

Multi-Tenancy Support:

This TMC Self-Managed Solution honors VMware Cloud Director’s Multi-tenancy model. Customer Organization can use their choice of identity provider and create user roles and RBAC. With TMC Self-Managed, customers can utilize their established IAM, fine grained permission control or RBAC to Tanzu Kubernetes Clusters within their organization. Please refer to IAM features and know-hows in official documentation here.

Backup and Restore with TMC Self-Managed with Object Storage Extension (OSE):

TMC Self-Managed offers Backup and Restore services through the customer portal. Providers can leverage Object Storage Extension to offer Kubernetes Clusters backup and restore services. The TMC administrator can configure TMC Self-Managed to backup and restore attached clusters on OSE using TMC Self-managed portal. The backup and restore features of OSE are documented at official documentation link here. For more information on OSE backup and restore services, please refer to the blog post here.

For Customers:

Advanced Policy Management:

Customers can implement granular policies with ease to ensure governance and security protocols are consistently maintained for all Tanzu Kubernetes clusters deployed in their organization. Customers can review all TMC Self-Managed features on official documentation at this link here.

Customer's view of TMC-SM portal to attach, manage cluster, cluster groups, policy, backup/restore and all other functions
Figure 2 – Customer’s view of TMC Self Managed portal to attach, manage cluster, cluster groups, policy, backup/restore and all other functions

Cloud Provider Experience for TMC Self-Managed Phase one release:

Cert management

Cloud Providers must use cert-manager to acquire certificates. The CSP admins have two options, first and recommended method is to use externally signed certificates. Alternatively, If Providers choose to use self-signed certificate, they must share CA root certificate with their customers. Please refer to this kb article for detailed information on using self-signed certificates.  Customers must use this certificate provided by their provider, to create Tanzu Kubernetes Clusters.

The KB shows how to store the root CA so all new clusters are configured correctly. Customers must trust the certificate in order to access the TMC Self Managed UI/API protected by a self-signed certificate. 

Customer Onboarding and branding of TMC Self-Managed:

Once Cloud Provider completes enabling the TMC Self-managed solution add on, the cloud providers can provide the TMC Self-Managed URL to the customers. The cloud providers can configure this URL to follow theme using branding page for solution add on as shown in below screenshot:

Provider managing TMC SM URL to share with customers, with custom theme
Figure 3 – Provider managing TMC Self-Managed URL to share with customers, with custom theme

Summary:

To summarize, we reviewed how cloud providers get autonomy to host Kubernetes Management infrastructure within their DataCenters using VMware Cloud director and TMC Self-Managed. We reviewed that customers can use TMC Self-Managed to manage their Kubernetes Clusters, secure the apps within cluster using policy management and use Object Storage Extension to backup and restore the Kubernetes clusters and workloads. Please checkout related content as below.

Further Reading:

  1. Tanzu Mission Control – Self Managed for Cloud Providers Blog
  2. Tanzu Mission Control- Self Managed Product Documentation and Downloads
  3. Tech zone for App Modernization for Sovereign Cloud Providers
  4. Object Storage Extension Feature Friday