At VMworld 2019 VMware announced “Project Pacific”, officially entering the Enterprise Kubernetes market and putting an end to the speculations that had been running wild about vSphere becoming a platform for native Kubernetes workloads.
The Tanzu branding was introduced at the same time, revealing a whole portfolio of solutions covering the complex life-cycle of Modern Applications, from development and build, to operations and management. A number of products all branded as Tanzu were presented, either coming from recent acquisitions, the re-branding of existing solutions or the development of new ones. This caused some initial confusion among customers about what Tanzu really was about: put simply, Tanzu is an “umbrella” beneath which VMware positioned the many solutions aimed at building and running modern applications, not just on-prem but on any public cloud, with the same level of experience regardless of their location.
Tanzu has been around for about one year now and the state of the art is evolving so rapidly that is not always so easy to stay abreast with the constant flow of news. One trend that is evident is that VMware is trying to put some order and simplify the adoption of the Tanzu platform by packaging increasingly more complete sets of solutions in so called Tanzu Editions targeted at organizations at different levels of maturity in their adoption of Modern Apps. As of today, Tanzu Basic and Tanzu Standard are already available, while Tanzu Advanced and Tanzu Enterprise should follow soon.
Focusing on how to natively consume Kubernetes workloads, initially the only way of doing so was vSphere with Kubernetes, which had a strong pre-requisite not necessarily affordable to every customer: VMware Cloud Foundation 4. Basically, to run Kubernetes on vSphere an organization had to acquire and implement a VCF4 infrastructure first, therefore being forced to add VSAN and NSX-T to the picture. A great primer for understanding Kubernetes on vSphere (VCF) is available as part of the Tech Field Day 21 sessions recorded last March: I would recommend investing some time to get the deep-dive on how vSphere, VSAN and NSX-T play together to become the foundational infrastructure to run Kubernetes on-prem.
While VCF is still the recommended way of running k8s on vSphere, the recent release of vSphere 7.0 U1 made things definitely more accessible to organizations not ready to invest all in on both Native Apps and VCF. Let’s introduce “vSphere with Tanzu”.
vSphere with Tanzu comes with some simplifications that make its adoption way more affordable than VCF with Tanzu : first and foremost, since NSX-T is not needed anymore, the only pre-requisite is to have vSphere 7.0 U1. The networking capabilities required by k8s workloads will be provided by an HA-Proxy cluster (deployed automatically when vSphere with Tanzu is implemented) and all is needed to make it work will be two VLANs defined in DvSwitches. Still, NSX-T is an option if available, but not mandatory.
Another interesting feature is that vSphere with Tanzu is CNS (Cloud Native Storage) compliant and can leverage SPBM to provision storage to k8s applications: VSAN, VVOLs and traditional VMFS with tags are all supported as k8s storage providers in a way totally transparent to devs.
Namespaces in vSphere with Tanzu (not to be confused with k8s namespaces) allow for RBAC policies and resources allocation and confinement, therefore enabling VMware admins to set up “k8s sandboxes” readily consumable by developers using the usual k8s API calls, while ops can refer to objects in vCenter as usual. Devs can spin up “TKG guest clusters” (full k8s clusters in vSphere VMs) within their sandboxes using Cluster API calls in the usual k8s yaml format.
One caveat here: the absence of NSX-T prevents the creation of Pod VMs as they mandatorily require the NSX-T overlay for connectivity. That is not necessarily a bad thing, as Pod VMs are not a native k8s construct, but organizations willing to adopt vSphere with Tanzu should be aware of this.
Another limitation is that off-the-shelf integration with Harbor is not available with vSphere with Tanzu. This does not mean that Harbor is not usable, it simply has to be installed (and maintained) separately.
Finally, VLCM – vSphere LifeCycle Manager supports the life-cycle of the supervisor clusters in vSphere with Tanzu: these clusters can now be directly upgraded via VLCM, simplifying considerably the maintenance of the infrastructure’s building blocks.
It is also worth to mention that soon VADP support for Velero (the CNCF official backup tool for k8s apps) will be available: this opens unexplored scenarios in relation to the backup of Kubernetes workloads with any common enterprise solution on the market. This is definitely an added value for vSphere customers as they do not have to invest in a separate infrastructure to run Modern Apps, not even for their Data Protection needs.
To wrap it up, for small, more traditional organizations it is becoming more and more affordable to run Modern Apps because with vSphere with Tanzu it is now possible for them to capitalize on existing skills and infrastructure investments and just focus on building the Cloud Native practice at the pace that works best.
I hope you found this article informative and useful to begin understanding what Tanzu is and which product in the portfolio best fits your challenges. I plan to dig deeper and expand my analysis to other pieces of the current and upcoming Tanzu Editions.
Some links to dig deeper:
Cormac Hogan – Understanding the Tanzu portfolio (and the new names for VMware modern app products):
Scott Buchanan – Simplify Your Approach to Application Modernization with 4 Simple Editions for the Tanzu Portfolio:
Tech Field Day 21 – VMware presents Kuberbernetes on VCF:
Virtually Speaking Podcast – vSphere with Tanzu: