Uncategorized

Discover the Value of VMware Tanzu Mission Control

Written by Joe Mann

 

It is no easy task to determine if a product or service can truly deliver value to your IT organization. If value is defined as how and when the product/service can solve complex IT problems, then it is critically important to find the easiest path to uncover value in something you’ve never seen before. The faster you can determine the value in a new product/service, the faster you can achieve better business outcomes. So, how can you get started on this value exploration journey? Begin with VMware Hands-on Labs!

I work at VMware as a Staff Multi-Cloud Architect. This year, I volunteered to join the VMware Hands-on Labs program to develop the VMware Tanzu Mission Control lab. Tanzu Mission Control was a product I was very familiar with and have spent a lot of time building internal and external enablement material for. Owning the development of the Tanzu Mission Control lab gave me an opportunity to make it easier for anyone to learn and actually experience the value of the solution via exercises in a live environment.

VMware Hands-on Labs provides everyone free access to VMware products and services to explore and learn. No installation required. You only need your Chrome or Firefox browser, a reliable internet connection, and, hopefully, not too many distractions.

With help from the VMware product team, below is the lab we created and released on 11/01/2020. You can access the lab NOW, free of charge by visiting  https://labs.hol.vmware.com/HOL/catalogs/lab/8087

HOL-2132-01-MAP : VMware Tanzu Mission Control

VMware Tanzu Mission Control is a centralized management platform for consistently operating and securing your Kubernetes infrastructure and modern applications across multiple teams and clouds. In this lab, you will explore the Tanzu Mission Control product from the platform admin and developer personas. This lab also offers a sneak preview of VMware Tanzu Service Mesh, which provides consistent connectivity and security for microservices in the most demanding multi-cluster and multi-cloud environments.

Captains: Joe Mann, Tiago Baeta

Inside the Lab

In all VMware Hands-on Labs, a lab manual is provided that walks the user through various use cases that highlight the values of a given VMware product offering. Below are some screenshots found in VMware Tanzu Mission Control. For more information about the specific topics covered in the lab manual, feel free to review the text of the manual HERE.

In the Tanzu Mission Control lab, users will gain access to a live Tanzu Mission Control instance that will support the creation and management of VMware Tanzu Kubernetes Grid clusters provisioned live in an Amazon Web Services (AWS) account. The lab environment also includes infrastructure to support the creation of a local Kubernetes cluster that can be managed by Tanzu Mission Control as well.

After users provision and attach (in the case of the local Kubernetes cluster) the clusters to Tanzu Mission Control, they have the ability to test and enforce access, network, security, and image registry policies across the live Kubernetes landscape. This is, in short, one of the main values of Tanzu Mission Control: policy enforcement across an entire Kubernetes landscape no matter where/how the Kubernetes clusters were provisioned.

We were also able to include 2 “bonus” modules that introduce the VMware Tanzu Service Mesh offering as well. Not only to users get live access to Tanzu Mission Control, but they will also gain access to Tanzu Service Mesh to run through some live scenarios to experience the value of both offerings together.

 

Value Propositions

After the lab was created, we documented how IT value can be found in the lab. Below, you can find our value propositions, which are a combination of problems solved, capabilities and outcomes that we believe will add value to the following categories and focus areas. Here is what we discovered.

Lab Insights for VMware Tanzu Mission Control

Problems / Capabilities / Outcomes

– Module 1. Unable to federate corporate identity management solution to fleet of Kubernetes clusters. The capability in the lab to address this problem: Centralize authentication and authorization integration for managed Kubernetes clusters via the VMware Cloud Services portal. The outcomes after resolving this issue: Utilize existing identity management solutions to grant users and groups access to Kubernetes clusters.

– Module 1. Inability to manage fleet of Kubernetes clusters deployed on disparate platforms. The capability in the lab to address this problem: Manage any Cloud Native Compute Foundation compliant Kubernetes clusters. The outcomes after resolving this issue: Global visibility and diagnostics across all of your Kubernetes clusters, no matter where they are deployed.

– Module 2. Limited visibility over an entire fleet of Kubernetes clusters. The capability in the lab to address this problem: Ability to attach any CNCF conformant Kubernetes clusters to VMware Tanzu Mission Control. The outcomes after resolving this issue: Enhanced visibility across an entire fleet of Kubernetes clusters provision on any infrastructure.

– Module 2. No uniform method for provisioning Kubernetes clusters. The capability in the lab to address this problem: Lifecycle management of Kubernetes clusters. The outcomes after resolving this issue: A uniform workflow for provisioning and managing Kubernetes clusters on multiple platforms.

– Module 3. Inability to assign granular access to Kubernetes resources. The capability in the lab to address this problem: Access policy implementation. The outcomes after resolving this issue: Ability to assign users and groups granular access to organizations, cluster groups, clusters, workspaces, and/or namespaces.

– Module 3. Inability to ensure security posture across fleet of Kubernetes clusters running on multiple platforms. The capability in the lab to address this problem: Security, access, network, and image registry policy management. The outcomes after resolving this issue: A uniform security protocol that can applied to an entire organization, group of cluster, or individual clusters.

– Module 4. Inability to ensure Kubernetes clusters meet CIS benchmark conformance. The capability in the lab to address this problem: Integrating Sonobuoy scans that test for CIS benchmark compliance. The outcomes after resolving this issue: Ensure entire fleet of Kubernetes clusters meet CIS benchmark compliance standards.

– Module 4. Inability to ensure Kubernetes clusters are able to support workloads quickly. The capability in the lab to address this problem: Lite conformance testing implementation. The outcomes after resolving this issue: Quickly confirm Kubernetes clusters are able to support Kubernetes workloads.

– Module 5. Challenging to deploy service mesh solution on multiple Kubernetes clusters reliably. The capability in the lab to address this problem: Simple, GUI based onboarding procedure for install service mesh on Kubernetes clusters. The outcomes after resolving this issue: Ease of use and consistency for service mesh deployment on any Kubernetes cluster.

– Module 5. Inability to manage service mesh deployments across multiple cluster and clouds. The capability in the lab to address this problem: A central management control plane for a distributed service mesh. The outcomes after resolving this issue: Unified view of service mesh deployment across entire Kubernetes infrastructure.

– Module 6. Inability to secure network traffic between distributed application components. The capability in the lab to address this problem: End-to-end mutual transport layer security (mTLS) encryption using a CA function. The outcomes after resolving this issue: End-to-end encryption for in-flight application network traffic.

– Module 6. Inability to deploy applications distributed across multiple clusters. The capability in the lab to address this problem: Global namespaces allow users to connect services running on different clusters. The outcomes after resolving this issue: The ability to create truly distributed application deployments.

 

Conclusion

When you are ready to start your value exploration journey with VMware Tanzu Mission Control, launch the lab via https://labs.hol.vmware.com/HOL/catalogs/lab/8087.  Here’s to your value crusade!

More labs and information about VMware Tanzu Mission Control can be found here:

  1. https://tanzu.vmware.com/mission-control
  2. https://tanzu.vmware.com
  3. https://labs.hol.vmware.com (VMware Hands-on Labs catalog)
  4. https//docs.hol.vmware.com (VMware Hands-on Labs manuals)