9 min

Tags in this article

, , ,

VMware is already one of the market leaders in managing virtual machines. However, containers are the next big thing. This has not escaped VMware’s attention either, as it invests heavily in Kubernetes (K8s). Last year, Heptio was acquired, and this year VMware presents its own Kubernetes solution. Tanzu should become for containers what vSphere is for virtual machines.

Almost all IT professionals working on the operations side are familiar with VMware. They work with it or have worked with it at a previous employer. IT environments that run on-premise, or in their own data center, are almost always virtualised. VMware is the market leader in this field, and therefore, the designated party.

However, there is an ongoing trend that VMware cannot ignore. With the rise and development of the cloud, the way in which we develop applications has changed enormously. Applications are no longer a single chunk of code compiled in a virtual machine; they are split into hundreds or thousands of microservices with different technologies that are all integrated with each other, which together form the application. As a result, applications can work faster, resources can be deployed where they are really needed, and they can be scaled quickly, by which costs can be saved. Containers are the crucial component in all of this because every microservice does no longer need its own virtual machine. This can be done much more compactly in a container with only the attachments that the application or microservice requires. Kubernetes has become the standard for containers and is supported by every cloud and hardware supplier.

VMware and Kubernetes

In an article about technical debt, we mentioned that it is now possible to export Kubernetes containers in vSphere. This particularly appeals to the current generation of VMware professionals. They work in vSphere on a daily basis. For this group, managing Kubernetes containers in vSphere is not very different from managing a virtual machine. Still, we can say that if you start running Kubernetes containers in vSphere by hand, you’ve really only taken the basic step. In a world where DevOps and Operations are getting more and more similar, you need something more powerful. Something that is scalable and can handle multiple environments.

Tanzu is here for the DevOps approach

Companies that are more advanced with their innovation projects and have embraced the DevOps principle can turn to VMware Tanzu. VMware Tanzu was presented at VMworld and should become the Kubernetes management platform par excellence. With Tanzu, VMware thinks it can accelerate the adoption of Kubernetes in the enterprise market. Mainly because it is a total solution and the company brings different technologies together in this platform.

Because VMware Tanzu is not only a management platform, it naturally has more components. In total, there are four components:

  • Build & Run
  • Connect & Protect
  • Manage
  • Experience

Build & Run

The fact that you are able to run Kubernetes containers with VMware Tanzu should not come as a surprise, as VMware is active in a broad range of environments. That goes without saying. Among other things, Tanzu is integrated with vSphere, so that IT management teams can run their containers in environments familiar to them. That’s really nice, especially if you still have a lot of on-premise infrastructure.

In addition, Tanzu has Tanzu Mission Control, a portal in which you can control containers in any desired environment: not only vSphere, but also public cloud and private cloud environments. All major hyper-scalers are supported; AWS, Azure, Google Cloud Platform, IBM and Oracle. Private cloud environments set up at a hyper-scaler can also be controlled via Tanzu Mission Control. Incidentally, this not only involves deploying and killing a container, but also applying policy. From Tanzu Mission Control, you can create one set of policies. This set is automatically executed and translated to all environments. Suppose your organisation is active in three clouds, then you do not need to deploy them one by one. Tanzu Mission Control allows you to configure the policies once and roll them out everywhere.

The attentive reader will also have noticed the word Build, as it is also possible to assemble your own containers. Through the Spring Initializer, it is possible to assemble containers. This application has several repositories in which you can select what is needed in a container to run an application. With the acquisition of Bitnami, VMware also has a large repository of its own. For example, a web server, PHP and all associated dependencies.

Once selected, code and configuration are automatically generated, in which all applications and dependencies are defined. This allows the container to be generated and automatically deployed on all known Kubernetes platforms.

Connect & Protect

Of course, a container does not work without an internet connection. As soon as there is a connection to the internet, it is also important that the container is only used for the purpose for which it was designed. That is why VMware has developed a security solution to protect the Kubernetes containers. For example, the well-known NSX platform that protects virtual machines is also extended to containers; this solution is called NSX-T. This enables NSX to protect bare metal, virtual machines and containers. All incoming and outgoing connections are monitored, and as soon as, for example, SSH traffic passes through a Redis port, an automatic intervention can be initiated, and the administrator can be notified.

When a container is running, based on the measured behaviour, a firewall setting can automatically be recommended, and then everything else can be shut down. It is also possible to simulate the firewall policy to see and test if an application continues to work properly.

VMware recently acquired Carbon Black, a security company that has several solutions at its disposal. Carbon Black’s endpoint solution can also be installed on the container, in order to have even more insight into what is actually happening at the endpoint. Carbon Black can also detect if there are applications in a container that have known security problems. Like that, the administrator has insight into which containers need urgent maintenance. Even if there is a real problem, where a hacker gets access, Carbon Black is able to record the steps of the attacker. As a result, the cause of the problem is known. Nothing is more annoying than having to deal with a hack or ransomware and not knowing how the attacker got in. Then you are not sure that the problem has actually been solved.


VMware mentions the third component or pillar, Manage, where we think Monitoring would have been more appropriate. VMware has also applied Wavefront within Tanzu Mission Control. This makes it possible to monitor the performance of a container. If you have an application that uses tens or hundreds of microservices that all have their own containers, it becomes quite challenging to locate a problem. For example, users report that a system is very slow or that certain functionalities are not working properly, but finding the cause can still be quite a challenge.

Wavefront makes it easier to understand where the problem lies. It can, of course, be a software problem with a web server that has to process far too many clients or a database server that has to deal with very heavy queries. On the other hand, it can also be a hard disk failure or another hardware component that malfunctions, which suddenly reduces the performance of the application a lot. By using Wavefront, it is possible to analyse very clearly where in the process the problem lies. Think of a very slow connection to a database or an application that depends on Salesforce or Oracle data, where loading the data of those services takes much more time. Then, the problem lies with a third party.

If it is an internal problem, a ticket can also be created quickly and deposited with a developer so that it can be resolved.

CloudHealth costs and performance

Another tool that has been integrated is CloudHealth, which was acquired last year. This tool is especially useful if you, as a company, run Kubernetes containers in the public cloud or private cloud with a hyper-scaler. With CloudHealth, you can exactly see what you have running at the three largest hyper-scalers, how the containers are performing, whether they have too little or too much hardware at their disposal and, perhaps more importantly, what the costs are. By making the costs transparent, projects have a clear price tag again, but it is also possible to see what the costs are when the workloads are moved, for example from AWS to Azure or from the Google Cloud Platform to an on-premise data centre. According to VMware, CloudHealth really saves customers money. At VMware, almost all customers are betting that they can save at least 15 to 20 percent, by using Cloudhealth. Of course, this depends on whether such tools have been used before, but saving costs always works out well.


The last pillar is Experience. The experience customers have with containers is, of course, also very important. This is a pillar that, in turn, consists of various sub-components. For example, VMware defines customer experience using performance, but also a bit of security. Workspace One offers virtualised desktops and applications, but this can also be container-based. In addition, another piece of Carbon Black technology is used to optimise the experience. In the event of strange login activities or a huge peak in activities that deviate from normal behaviour, a policy can automatically be activated that, for example, temporarily restricts the user’s rights. Automatic actions can also be defined to solve a common problem automatically.

For many of these safeguards, Carbon Black is used in combination with machine learning. This makes it possible to detect when user behaviour deviates from normal behaviour.

Bitfusion improves performance by virtualising GPU

Bitfusion officially falls under the heading Experience, but this technology is more widely applicable. VMware is known for virtualising complete machines, where the amount of CPU cores, working memory, GPUs and storage capacity are basically fixed. This works fine in itself, but is not the ideal solution in all situations, certainly not from a cost perspective or the entire experience. With the takeover of Bitfusion by VMware, the company can now virtualise GPUs and deploy them on different virtual machines or containers.

Companies that use machine learning on a regular basis or need to do a lot of graphical operations can benefit from this. Currently, these companies had to attach a GPU to each virtual machine or container so that it could have more computing power. This can be very annoying for some applications, e.g. when the GPU power is only needed once or only ten times a day. If those applications also need to be available 24/7, this is particularly annoying. In that case, the presence of these GPUs is paid for 24/7.

By using Bitfusion, this is no longer necessary. For example, a company can choose to rent two GPUs that are available 24/7 for all the virtual machines and containers present. Once they have a task that requires graphical computing power, they can call the GPUs over the network and speed up the task. This way, there is no longer a need to have a GPU in all virtual machines or containers, just a shared pool.

Bitfusion will be integrated into many more VMware products in the coming period and will become widely available. VMware did not want to mention any exact data or products at this moment.

VMware is a true multi- and hybrid cloud player with solid Kubernetes portfolio

If we put everything in a row, we can only conclude that VMware is on the right track to maintain its dominant position. However, the workload will change in the coming years. Where they are now very dominant with virtual machines, containers will take over. But with VMware Tanzu and Tanzu Mission Control, VMware has built a strong portfolio. At the moment the product is still in private beta, if you are interested as an organisation, you need to contact your local VMware partner or account manager. It is expected that Tanzu will be available somewhere in the beginning of 2020.

All the takeovers in the past year have also clearly contributed to the creation of this portfolio. However, in our opinion VMware has to stop quickly using all of the product names and simply focus on the main product lines so that the portfolio is framed better and will be clear to everyone.

Finally, we expect VMware to take a few more steps next year when Pivotal is also incorporated. This form of application development, combined with compiling and rolling out containers, could be a good combination. Especially when you see that VMware mainly tries to lower thresholds so that companies can embrace this new technology faster and easier. For example, will VMware soon start using Pivotal for a form of low-code or no-code? To be continued.

Tip: Read about the four superpowers of VMware