Kathy Gibson was at VMworld – The multi-cloud world opens up a world of new possibilities for organisations – but it comes with extra complexity and cost.
Raghu Raghuram, CEO of VMware, explains that the cloud journey has seen companies move from the single-cloud model where companies started building cloud-native apps.
“The pandemic has accelerated the next move – the shift from mono-cloud to multi-cloud,” he tells delegates to VMworld. “In this model organisations can select the cloud based on the app, and they can include their own data centre in the mix as well as placing compute on the edge.”
Multi-cloud offers organisations tremendous value, Raghuram adds. “It is helping to increase app velocity; taking business resilience and agility to a whole new level.”
There are two main drivers for the move to multi-cloud: organisations want the freedom to innovate using the best services from each cloud; and the don’t want to be locked into one cloud provider.
“It is clear that multi-cloud is the model we will use for the next 20 years,” Raghuram says.
The average company uses almost 500 apps today, and more than 70% of them employ services on two or more public clouds – with 40% already using more than two.
“Clearly the multi-cloud is a vibrant and dynamic marketplace with relentless innovation.”
However, there are challenges which cannot be ignore, Raghuram points out. “With the multi-cloud, the enterprise architecture is more distributed, and the workloads are more diverse.
“When you are running on different cloud, each has its own siloed tools and systems, so there are different management, connection and security issues.
“Developers each have their own preferred cloud, but getting their code into production, already painful and slow on one cloud, is more so in a multi-cloud environment.
“At the same time, customers and employees expect instantaneous access to all applications.”
In fact, Raghuram says, every company today faces the same operational challenges as a massive company like Netflix – but with a fraction of the resources.
“The multi-cloud environment is more diverse that anything companies have managed in the past.
“And it is getting more complex all the time, forcing organisations to make some tough choices: do you prioritise developer automation or DevSecOps efficiency; do you focus on running enterprise applications in the cloud or on full control with cost savings; do you prioritise anywhere access for employees or rock-solid security?
“We believe companies should have freedom and control – and be able to do it all. This is the power of ‘and’, which we are uniquely positioned to deliver,” Raghuram says.
“This is the next chapter for VMware. We are setting ourselves up as a multi-cloud and apps leader – multi-cloud is the centre of gravity for everything we do.”
VMware Cross-Cloud Services
Raghuram announced the launch of VMware Cross-Cloud services, a family of applications to run and secure applications across any cloud.
“These services allow customers to go faster, spend less and be free,” he says.
The suite is based on five core building blocks: an app platform; cloud infrastructure; cloud management; security and networking; and anywhere workspace and edge.
For the app platform VMware has announced the Tanzu application platform; Project Arctic addresses cloud infrastructure; Project Ensemble talks to cloud management; security and networking is catered to with Service Mesh and Kubernetes Security; while workspace and edge is addressed with the new VMware Edge Computing Stack.”
“Each of these innovations will work across the major clouds,” Raghuram says. “Together with our partners we are shaping the future of multi-clouds.”
The company has also announced new features for VMware Cloud, including:
* A new portfolio of managed Kubernetes services to modernize apps on VMware Cloud;
* Capabilities that will make it simpler and safer to run enterprise apps in VMware Cloud;
* A new initiative supporting the need for customers to run their business in sovereign clouds; and,
* Tech previews that showcase the future of VMware Cloud.
VMware Cloud with Tanzu services is a new portfolio of managed Kubernetes services that will be available at no additional charge as part of VMware Cloud on AWS.
Tanzu services will make app modernisation with Kubernetes faster, easier, and less expensive on VMware Cloud than alternative managed Kubernetes solutions. IT admins will be able to use the VMware vCenter interface to unify VM and container management on a common platform and provision Kubernetes clusters within minutes.
Platform operators or SREs will be able to manage Kubernetes clusters consistently across clouds using Tanzu services as a multi-cloud Kubernetes management plane.
VMware Cloud makes running enterprise vSphere apps in any cloud environment simpler and safer. Research shows VMware Cloud customers can achieve 300% faster Kubernetes deployment, 46% faster cloud migration, and 57% reduction in TCO.
It’s simpler because VMware Cloud gives customers the flexibility to move to the cloud on their timelines and run vSphere workloads on the cloud of their choice. Only VMware Cloud runs as a native service in 100+ regions spanning all public cloud as well as more than 4 000 partner clouds, in private data centres, and at the edge.
It’s safer because VMware uses the power of software, a scale-out distributed architecture, and a cloud delivery model for better security and data protection that’s easier to use. VMware Cloud customers benefit from consistent security policy and features across all environments.
* VMware NSX tapless NDR, Secure Workload Access, and Elastic Application Security Edge are new innovations that are advancing security inside and across VMware Cloud environments.
* VMware Cloud Disaster Recovery enhancements accelerate ransomware recovery and help restore services and data faster.
* VMware Carbon Black Cloud Workload, VMware NSX Advanced Firewall, and VMware NSX Advanced Load Balancer help VMware Cloud on AWS customers reduce attack surface, improve application availability and uptime, and make security operations more effective.
* Stretched Cluster support for environments as small as two hosts improve resiliency for VMware Cloud on AWS customers of all sizes.
App modernisation on any cloud
VMware has announced advances to its VMware Tanzu portfolio to enable management and operation of applications at scale and provide developers with the autonomy to build and deploy apps on any cloud.
Tanzu Application Platform already delivers a superior developer experience for enterprises building and deploying apps and APIs on any Kubernetes. It gets software teams to production faster and sustains them over time by automating source to production pipelines and coordinating the efforts of development and operations teams.
At VMworld, VMware is announcing new capabilities to the Tanzu Application Platform Beta that will deliver the full end-to-end developer and operator experience including:
* Supply chain choreography: based on the open source cartographer project, allowing app operators to create pre-approved paths to production for developers that integrate Kubernetes resources and existing toolchains.
* Developer tooling including IDE plugins: giving developers the opportunity to interact with the platform or its open source components easily and efficiently to execute important and frequent pre-commit development tasks.
* Intrinsic security: adding features for signing, scanning, and storing images along the path to production.
* Service bindings: Operators can specify how endpoints and credentials from data services are exposed to workloads in a portable and Kubernetes-native way.
* Source controller: Enables app developers to create or update workloads from local source code.
* Convention Service: a framework for platform operators to configure policies of deployed workloads to enable that all workloads to follow the best practices.
VMware Tanzu Community Edition is a freely available, easy to manage Kubernetes platform for learners and users. Community-supported, the open source software distribution can be installed and configured in minutes on a local workstation or cloud of choice, and automates end-to-end application delivery with a complete platform for application developers, IT operators, and DevOps engineers.
VMware is also announcing a free-tier of VMware Tanzu Mission Control.
Tanzu Mission Control Starter is a multi-cloud, multi-cluster Kubernetes management solution available as a SaaS service. Users can leverage Tanzu Mission Control Starter to get global visibility and policy control over Kubernetes clusters – whether on-premises or in any public clouds.
They can combine Tanzu Mission Control Starter with Tanzu Community Edition to get started on running and managing Kubernetes-based containerised apps at no cost. And for those not currently using Tanzu but running Kubernetes with other providers (such as AKS, GKE, EKS), those existing clusters can be attached to Tanzu Mission Control Starter to centrally manage them.
Seizing the opportunity at the edge
VMware defines the edge as distributed digital infrastructure for running workloads across a multitude of locations, placed close to users and devices producing and consuming data. Where a workload is placed at the edge is key to meeting the requirements of edge-native apps.
Edge-native apps require a multi-cloud edge, one that stitches together underlay services running on a service provider network with overlay services delivered on top and a compute services abstraction for the edge applications – all orchestrated by a management plane that provides consistent observability, installation, configuration, operations and management across all edge locations.
VMware Edge brings together products from across VMware that will enable organizations to run, manage and better secure edge-native apps across multiple clouds at both near edge and far edge locations. VMware Edge solutions are purposefully designed for edge-native apps and their performance and latency requirements.
VMware Edge solutions include:
* VMware Edge Compute Stack, unveiled today at VMworld 2021, is a purpose-built, integrated VM and container-based stack that will enable organisations to modernise and secure edge-native apps at the far edge. VMware Edge Compute Stack will be available in Standard, Advanced, and Enterprise editions. VMware also has plans to develop a lightweight version of VMware Edge Compute Stack to provide an extremely thin edge for lightweight apps.
* VMware SASE combines SD-WAN capabilities with cloud-delivered security functions, including cloud web security, Zero Trust network access, and firewalling. These capabilities are delivered as-a-service across both the near and far edge locations from a global network of points of presence (PoPs).
* VMware Telco Cloud Platform has been delivering near edge solutions to the largest communication service providers in the world from their 4G/5G core all the way to the radio access network (RAN). By helping service providers modernize their network underlay, VMware enables them to deliver overlay edge services to their consumer and enterprise customers.
VMware has key partnerships across the broad edge ecosystem to deliver seamlessly integrated solutions to customers. Its broad partner ecosystem spans public cloud providers, service providers, edge-native app developers, network services providers, system integrators, network equipment providers, near-edge hardware manufacturers, and far edge hardware manufacturers.
The journey to zero trust security
VMware today announces new innovations that help deliver consistent security for endpoints, virtual machines and containers with an end-to-end Zero Trust architecture, including:
* Secure workload access for Zero Trust inside clouds and data centres;
* Elastic application security edge for stronger and more flexible cloud-to-cloud security;
* VMware Cloud Disaster Recovery and VMware Carbon Black Cloud for ransomware protection and recovery;
* CloudHealth Secure State for better visibility and security across multiple public clouds;
* API security and Kubernetes Security Posture Management for better protecting modern apps; and
* VMware SASE and VMware Workspace ONE for a safer distributed workforce.
VMware is now pioneering Zero Trust security inside clouds and data centres with secure workload access. Customers can better secure communication between workloads and apps, including data communication. VMware delivers on the critical capabilities for secure workload access including:
* Workload identity with authoritative context;
* Micro-segmentation with advanced east-west controls;
* Workload and API security;
* Cloud-to-cloud edge controls such as highly secure connectivity, fully distributed NDR and web security; and
* Workload-attached policies that can be automated and elastically scaled.
VMware is announcing an elastic application security edge which enables the networking and security infrastructure at the data centre or cloud edge to flex and adjust as app traffic changes. VMware provides an elastic set of data plane services for networking, security, and observability, and a unique scale-out distributed architecture that enables an EASE environment to grow and shrink as app needs change.
For most organisations, rarely can they focus on securing only a single environment. VMware research shows customers are using multiple public clouds to run their business in addition to their on-premises data centre.
CloudHealth Secure State introduces the next-generation of its unified search and investigation engine to improve visibility, security and compliance simultaneously across multiple public cloud environments. Customers now benefit from real-time search to find cloud resources, visualise relationships, inspect meta data and change activity, and overlay risk assessment across multiple cloud accounts, regions, and providers into a single actionable view.
Finally, ransomware is proving effective, pervasive and profitable. VMware offers both advanced protection and rapid recovery from ransomware attacks. VMware Carbon Black Cloud can now be enabled with a simple switch in VMware vCenter, making protection from ransomware attacks simpler and faster to deploy. VMware is now announcing rapid recovery capabilities in the event ransomware gets through defenses.
VMware Cloud Disaster Recovery is an easy-to-use, cost-effective DR-as-a-Service (DRaaS) solution that enables more rapid recovery at scale so organizations are better positioned to avoid paying the ransom. Customers can utilise a deep history of immutable snapshots stored in an isolated cloud file system, instant VM power-on for iterative security evaluations, and powerful orchestration for highly automated testing, failover, and failback to recover end-to-end IT apps and data sets after a ransomware attack.
Modern apps create a new set of challenges for both security operators and developers. These apps can be made of thousands of components that communicate via APIs. This makes APIs the new endpoint that legacy cut-and-paste security approaches were not designed to secure.
VMware Tanzu Service Mesh Advanced edition is now bringing a new level of distributed visibility, discovery, and security to APIs. It helps customers improve app resiliency and reliability and reduce blind spots with contextual API behavior security.
New Tanzu Service Mesh advancements enable developers and security teams to each gain a better understanding of when, where, and how APIs are communicating, even across multi-cloud environments, enabling better DevSecOps. Additionally, CloudHealth Secure State now delivers Kubernetes Security Posture Management (KSPM) that delivers the ability to provide deep visibility into misconfiguration vulnerabilities across both Kubernetes clusters and connected public cloud resources.
The Secure State KSPM solution today supports 176 rules including CIS Benchmarks for managed services such as Amazon EKS, Azure Kubernetes Service, and Google Kubernetes Engine.
With the shift to distributed workforces, employees must be provided with the appropriate levels of controlled access to apps and data from wherever they choose to work. VMware Anywhere Workspace is an integrated workforce solution built on industry-leading and award-winning technologies that empower employees, reduce IT silos and operational overhead, and provide broader and more effective security.
VMware SASE is adding a new inline cloud access service broker (CASB) service to help IT gain more visibility and control over app access. IT teams can more effectively apply role-based access policies to cloud-delivered apps and identify use or abuse of unsanctioned apps. Forthcoming Data Loss Prevention (DLP) capabilities will help organisations better comply with HIPAA, GDPR, PCI and other data privacy laws by preventing sensitive data from leaving pre-defined environments.
The new Workspace ONE next-generation compliance engine examines thousands of posture checks on device, OS, and apps. This will enable desired state and perform remediation with minimal impact on end-user experience. VMware Carbon Black integrates with Workspace ONE and is now optimised for Horizon VDI environments, helping secure the distributed edge while providing remote workers with an optimal experience.
VMware and Intel are working to deliver a solution that will help secure edge environments starting from the silicon and extending to devices and apps. The solution will create a direct link between the Intel vPro platform and VMware Workspace ONE to enable automated out-of-band maintenance that keeps PCs up-to-date on the latest security patches and infosec policies no matter where they are located or the state of the operating system. Intelligent analytics with access to rich hardware-level telemetry will enable customers to proactively minimize security risk and maximise employee experience.
Managed security services remove the burden of deployment and daily management of security technologies from customers. By working with a managed security service provider, customers also have faster access to the latest innovations capable of better protecting their organizations from new and emerging threats.
VMware has delivered a new set of capabilities that enable VMware Cloud Provider partners to build a comprehensive managed security service portfolio. These new capabilities include VMware Carbon Black Cloud, VMware Cloud Disaster Recovery, VMware SASE and VMware NSX Distributed IDS/IPS. All can be built as a custom service offering delivered to customers globally.