Today at VMworld 2019, VMware announced the Tanzu portfolio. Essentially, Tanzu covers a suite of up and coming products and features which will allow our customers to Build, Run and Manage modern applications on Kubernetes, on vSphere. I’m pretty sure that this will not come as a major surprise, considering some of the acquisitions and intentions that VMware has announced recently. For example, we have already had the Heptio acquisition at the end of last year, then the Bitnami acquisition in May of this year, and more recently, we’ve seen the intent to acquire both Carbon Black and Pivotal.
Heptio, Bitnami and Pivotal all fall into the “Build” category of the portfolio, with Bitnami currently the primary supplier of ready-to-run virtual machines and cloud images. They help users deploy over 1 million applications per month. They also provides a catalog of pre-built application content for Kubernetes clusters. Spring Initializr from Pivotal was used to create more than 1.5 million Java-based development projects in the past 30 days alone. The resulting applications are among the 700,000 that are now supported by Pivotal Application Service.
Carbon Black fit into another category which is all about protecting applications. I will admit that I am not too familiar with them. From what I understand, their platform uses big data and behavioral analytics to provide protection against advanced cyber attacks. My understanding is that we plan to integrate Carbon Black with our current security offerings. This will provide our customers advanced threat detection and in-depth application behavior insight.
This is a slide that I found useful when trying to picture how some of these acquisitions fit into our expanding portfolio.
With all of that said, let’s now have a look at some of the announcements made today as part of Tanzu. As you will see, today’s announcement includes some very interesting tech previews of some very ground-breaking technology. I have to admit, this is one of the most exciting VMworld announcements I have seen in some time. Lets begin with Project Pacific.
This tech preview relates to an on-going effort to embed Kubernetes natively into vSphere. What do we mean by that? We mean that vSphere administrators will be able to manage both containers and virtual machines on a single platform, using the same set of tools that they have today. The vision for Project Pacific is to enable the convergence of containers and VMs onto a single platform. This is the “Run” part of the strategy shown in the picture above.
To achieve this, some considerable work has been undertaken and a number of new concepts have been introduced to vSphere as part of Project Pacific.
The first major addition is the Supervisor Cluster. The supervisor cluster is a Kubernetes cluster, but it uses ESXi hosts as the Kubernetes worker nodes. For those of you familiar with Kubernetes, kubelet is now run on the ESXi hosts, which we are calling vSpherelet. This is the main component on the nodes and provides a number of functions. Some of its primary functions are to check with the Kubernetes API server to find which Pods should be running on this node, as well report the state of its running Pods back to the API server.
The second concept is the ESXi Native Pod. When a workload is deployed on the supervisor cluster, it is instantiated as a virtual machine on an ESXi host. However, this is a special VM, with a very minimal operating system and uses our own container run-time, which we are calling CRX. Yep – we now have a container run-time on the ESXi hypervisor. The new ESXi native pods will combine the best properties of Kubernetes pods (lightweight, fast) and the best properties of VMs (secure, isolated) to deliver a secure and high-performance run-time for workloads. And it would appear that the workloads run 30% faster than a Linux VM and 8% faster than bare-metal, according to Joe Beda who was on-stage with Pat G at today’s VMworld keynote. That is pretty amazing.
The final major component of Project Pacific that I want to highlight is the Guest Cluster. This allows developers to consume upstream Kubernetes distributions on vSphere. The guest cluster runs as a set of virtual machines on the Supervisor cluster. Developers can use the guest clusters to run their “general purpose” Kubernetes applications – from their perspective, this is native Kubernetes running on top of vSphere. This picture may help to tie the major Project Pacific components together.
Note that there are other initiatives ongoing to integrate Kubernetes into vSphere as part of Project Pacific – this is only a small part of the bigger picture. It’s definitely an area that I am personally very excited about. This tweet from my colleague Bjoern sums it up nicely:
Just imagine the possibilities: modern apps are built on the open source “platform for platforms”, #Kubernetes. And Kubernetes becomes as a native construct in potentially every vSphere environment – from Private Cloud to Hybrid Cloud to Edge/IoT! #VMworld #GameChanger
— Bjoern Brundert (@bbrundert) August 26, 2019
Check out this excellent blog from Jared Rosoff for further details on Project Pacific. There is also a great post here from Frank Denneman about the 5 things you need to know about Project Pacific.
Tanzu Mission Control
This is the second tech preview in the Tanzu portfolio that was announced at VMworld today. Tanzu Mission Control is focused on enabling our customers manage all of their Kubernetes clusters, regardless of where they run, from a single point of control. This is not just for Kubernetes running on vSphere, but is also Kubernetes running on public clouds, at the edge, etc. Craig McLuckie, who came to VMware as part of the Heptio acquisition, gives us a very detailed breakdown as to why Tanzu Mission Control is a necessity when supporting thousands of Kubernetes clusters 7×24, something we have been doing since Cloud PKS was introduced. One of the interesting observations made by Craig is that we are no longer in a world of just single Kubernetes clusters, but rather we are now having to deal with many clusters. The reasons for this include privacy legislation (e.g. GDPR) and the need for security isolation between certain applications.
Tanzu Mission Control is a SaaS based control plane that will securely integrate with your Kubernetes clusters. It will support a wide array of operations such as life-cycle management including initial deployment, upgrade, scale and delete. This will be achieved via the open source Cluster API project.
One significant feature also planned for Tanzu Mission Control is to provide the health status of your clusters. Should further troubleshooting be required, customers will be able to connect directly into Wavefront for additional diagnostic and troubleshooting information.
Other components of Tanzu Mission Control include the ability to use a policy driven approach for access control, backup/restore, security, and others. When managing many Kubernetes clusters, this use of policies simplifies management significantly and can show you which clusters are compliant and which are not, at a glance.
To quote our own press release, “The introductions of VMware Tanzu and Project Pacific underscore the company’s broad, on-going commitment to Kubernetes — of which VMware is now a top three contributor to the open source project.”
Please note that these are tech previews and as such, there is no guidance given about which future version of vSphere will include these products/features. Also, there is no commitment or obligation that technical preview features will become generally available.