devops news products security Tanzu Advanced

Ship Great Software with a Platform Built for DevSecOps: Tanzu Advanced Q1 Review

Ask most any developer what their primary goal is, and you probably won’t hear things such as “increase commits” or “close more tickets.” More likely, you’ll hear that they want to see their code come to life in the hands of their customers. It’s about shipping great software—and making sure that software is operating as intended. But that requires simplifying the experience for developers building modern apps for Kubernetes. Tanzu Advanced, our modular, full-stack container platform, had some gems added to it this quarter to do just that. Plus, you’ll find continued emphasis on securing and simplifying the container lifecycle.

Let’s track through some of the Tanzu Advanced updates from this past quarter that will help drive the DevSecOps outcomes your organization needs.

API discovery and management

Modern applications thrive on APIs, which drives a healthy environment of API creation and consumption within enterprise companies. There’s the rub. When you have so many internal APIs across teams, how do developers find the APIs they need to be productive and get code to production quickly? And how does an organization make the most of this important IP? Fortunately, Tanzu Advanced is growing its API muscle by adding the new API portal to its capabilities via the Spring Runtime. 

API portal is a collaboration zone for API managers and consumers in the enterprise. From this single place, API managers can register any OpenAPI-compliant API for easy access by developers. They can even connect multiple API portals across teams or environments to share the wealth. And API consumers can search for relevant APIs, see details (like verbs, headers, and response codes), and try out endpoints without writing a single line of code. 

API portal can also seamlessly integrate with Spring Cloud Gateway (which, by the way, is now generally available for Kubernetes) for even more added value. Learn about this exciting API advancement in the announcement post.

Get your APIs here!

Enterprise-ready SQL for Kubernetes

As developers consider moving applications to Kubernetes, an obvious question is, “How should we handle data?” Distinctive in the Tanzu Advanced line-up is Tanzu SQL, which offers custom Kubernetes operators for the relational database engines Postgres and (recently released) MySQL. 

With Tanzu SQL, developers can manage their database systems in the same way as the rest of the application stack and achieve the same benefits: rapid, consistent deployment and management across environments. Developers and operations teams gain built-in automation that simplifies running and patching clusters. Meanwhile, data teams can be sure that customer data is always running in approved instances.

Tanzu SQL offers opinionated configurations from VMware experts that include enterprise-ready features like built-in backups, high availability, and security. For example, using fleet management capabilities inherent in Kubernetes, operators can audit an entire fleet to validate that every instance is running the most recent security patches. 

To learn more about the benefits of our approach to data on Kubernetes, read our announcements for the Postgres and MySQL operators. You can also see them in action by visiting the VMware Tanzu YouTube playlist.

Automated, secure container builder supports .NET

Tanzu Build Service, which is a core component of Tanzu Advanced, provides developers a way to automate the packaging of their applications into secure, compliant container images. Patching, updating, and signing of these images can be fully automated across multiple teams and applications.

And with the added support for .NET Core Buildpack in Tanzu Build Service 1.1, developers have automated code-to-container workflows for even more application types. This buildpack includes runtimes for all supported versions of .NET—2.x, 3.x, and 5.0—plus it supports several types of applications, including those authored with Visual Basic.

Kubernetes networking for developers (with guardrails)

The problem with programmable networks is that they’re programmable. To keep the Kubernetes network in check, operations teams may be inclined to apply restrictions that make it cumbersome for developers to operate their particular clusters. Fortunately, VMware Container Networking with Antrea, a key part of the Tanzu Advanced stack, is the container networking interface made for operators and developers. It provides network connectivity and security for pod workloads across clouds.

With the recent Project Antrea 1.0 release, sophisticated tiered security policies are now in place that support the various ways different roles can interact with the cluster. Operators can set global security policy guardrails at the cluster and namespace level, for example, while developers can define application-level security with standard Kubernetes network policies for the clusters they care about.

Antrea has also added routed pods, improved integration with load balancers (particularly the NSX Advanced Load Balancer that’s part of Tanzu Advanced), enhanced support for control and data planes, improved Windows support, and met FIPS 140-2 security requirements. 

Simplified, secure Kubernetes operation at scale

Tanzu Mission Control continues to evolve to become a focal point of integration within Tanzu Advanced, enabling consistent operation and security across your Kubernetes estate and modern apps. It integrates with Tanzu Observability for deeper Kubernetes insights, for example, and with Tanzu Service Mesh for microservices connectivity and protection. 

Global control plane for Tanzu Advanced

The first quarter brought data protection, access control, and policy enhancements to Tanzu Mission Control, including the ability to

  • restore backups to an alternative namespace

  • create custom roles for access management

  • take more granular control of the network policy through two new recipes: custom-ingress and custom-egress

You can also now manage the complete lifecycle of Tanzu Kubernetes Grid clusters deployed to VMware Cloud on AWS. This helps to streamline the operation and management of Kubernetes across hybrid cloud environments—all while taking advantage of AWS services.

 Tanzu Mission Control added SOC 2 Type 2 compliance certification to an already strong roster, including ISO/IEC 27001, SOC 2 Type 1, and CSA Star, as well. We adhere to these important security and operational standards so that you can manage your most mission-critical workloads with confidence. For example, SOC 2 involves a rigorous auditing process that takes place for a minimum of six months to attest that Tanzu Mission Control has the right controls in place to manage and protect your data.

Another key to managing your Kubernetes estate is being able to get insights into every layer of the production stack—and take the right actions. That’s where Tanzu Observability enters the picture as an essential part of Tanzu Advanced. In a recent GigaOm Radar for Cloud Observability report, VMware was highlighted as one of the few observability vendors that “treat VMs, enterprise software, and cloud native solutions as first-class citizens.” It is easier, the report noted, “to build a true multi-cloud observability system using VMware.” Tanzu Observability in particular received accolades for its strong enterprise features of governance, security, policy, and compliance.

Need help standing up your platform?

In a recent Gartner report on Why DevOps Success Requires Platform Teams, they cited that “In the 2020 Gartner Achieve Business Agility With DevOps Survey, 82% of respondents said they are using platform ops to scale their DevOps efforts.”1 This underscores the importance of standing up a platform that can bring consistency and scale while enabling developers to focus on creating business value. But installing platform software is one thing. Having the know-how and time to customize it for your organization and ensure the right experience for your developers is another. 

VMware Tanzu Labs offers expert services for designing a platform that’s based on Tanzu Advanced and customized for your organization. These experts will collaborate with your team to install, configure, and integrate the components your organization needs for a developer-centric, production-ready platform. They’ll also set you up for Day 2 operations: patching, upgrading, and scaling. At the end of the engagement, you’ll be ready to treat your platform like a product that continually evolves to meet the changing needs of your developers and applications.

Build a developer experience atop Kubernetes with VMware Tanzu Labs

If you’re already a Tanzu Advanced customer, be sure to take advantage of the updates highlighted in this post. If you’re new to Tanzu Advanced, start at the very beginning to learn about all of its modular capabilities, which together will enable you to embrace DevSecOps and ship great software faster than ever before.

1Gartner, Why DevOps Success Requires Platform Teams, Daniel Betts, at al., 23 March 2021.