VMware Tanzu August 2024 Updates

Introduction

VMware Tanzu continues to be a pivotal player in the cloud-native ecosystem, focusing on modernizing applications, automating infrastructure, and enhancing security. As organizations strive to achieve digital transformation, VMware Tanzu provides tools and services that streamline the process of adopting Kubernetes and microservices architectures. The latest updates in August 2024 demonstrate VMware Tanzu's ongoing commitment to innovation and improving user experience. This article will provide a comprehensive overview of the latest developments in VMware Tanzu, including key platform transitions, security updates, and product releases.

Transition to VMware Tanzu Platform Console

One of the most significant changes announced is the transition of VMware Tanzu cloud services from VMware Cloud Service to the VMware Tanzu Platform Console, effective September 11, 2024. This move aims to centralize and streamline access to Tanzu services, enhancing user experience by providing a single, unified console. Moving forward, customers will access VMware Tanzu cloud services through the new URL: https://console.tanzu.broadcom.com.

Impacted Services

The transition will affect several key services within the VMware Tanzu portfolio, including:

1. VMware Tanzu Platform (previously VMware Tanzu Hub): This platform offers a comprehensive suite of tools for managing Kubernetes clusters and applications, providing capabilities for lifecycle management, security, and scalability.
2. VMware Tanzu Mission Control: A robust tool for managing Kubernetes clusters across multiple environments, including on-premises and public cloud. It offers centralized policy management, observability, and backup and restore capabilities.
3. VMware Tanzu Application Catalog: This catalog provides a collection of pre-packaged, validated, and continuously updated open-source applications that developers can use to accelerate application development.
4. VMware Tanzu Service Mesh: A solution designed to simplify the management of microservices across cloud environments. It offers secure and resilient communication between services, traffic management, and observability.
5. VMware Tanzu Guardrails: This service provides governance policies and guardrails to ensure compliance with organizational and industry standards across Kubernetes environments.

The transition to the VMware Tanzu Platform Console will not only unify access to these services but also enhance their integration and interoperability between them. This streamlined access is expected to reduce operational overhead and improve overall productivity.

VMware Tanzu Product Security Notice

Security remains a top priority for VMware Tanzu, and the latest updates reinforce this commitment. One notable update is the ongoing collaboration with CrowdStrike, a leader in cybersecurity. Last week, VMware Tanzu announced the release of the CrowdStrike Falcon tile for Tanzu Platform for Cloud Foundry. This integration aims to enhance security by enabling advanced threat detection and response capabilities within Tanzu environments.

CrowdStrike Falcon for VMware Tanzu

The CrowdStrike Falcon tile is regularly updated to ensure compatibility with the latest versions of VMware Tanzu and to incorporate new features and security enhancements. Customers using both CrowdStrike and Tanzu Platform for Cloud Foundry are encouraged to reach out to their account teams for assistance in deploying and configuring the Falcon agent. David Zendzian, Tanzu's Global Field CISO, has been actively involved in this collaboration, ensuring that the integration meets the highest security standards.

Importance of Security Integration

The integration of CrowdStrike Falcon with VMware Tanzu is a testament to the importance of embedding security into the DevOps process. By integrating security tools directly into the platform, organizations can ensure that their applications are protected from the outset, reducing the risk of vulnerabilities and improving response times to potential threats. This approach aligns with the broader DevSecOps movement, which emphasizes the need to incorporate security practices into every phase of the development lifecycle.

VMware Tanzu Product Releases

The August 2024 edition brings updates to several VMware Tanzu products, including Tanzu Platform for Cloud Foundry, Tanzu Platform for Kubernetes, Tanzu Data Services, and Tanzu Spring Essentials. These updates introduce new features, enhancements, and security improvements designed to meet the evolving needs of customers.

Tanzu Platform for Cloud Foundry

1. Tanzu Application Service for VMs (TAS): The latest updates include new versions of critical components such as backup-and-restore-sdk, cflinux3, credhub, diego, and loggregator. These updates are essential for maintaining the stability, security, and performance of applications running on Tanzu Application Service.
2. Tanzu Application Service for VMs [Windows] (TASW): Enhancements in this release focus on improving compatibility and performance with updated versions of Diego, garden-runc, metrics-discovery, and other dependent components.
3. Isolation Segment (ISO): A key focus of the updates is to ensure seamless upgrades and enhanced security. Users are advised to upgrade TAS for VMs before upgrading Isolation Segment to avoid potential TCP route outages. This sequence ensures that critical updates and patches are applied in a controlled manner, minimizing the risk of disruption.

Tanzu Platform for Kubernetes

1. VMware Tanzu Kubernetes Grid Integrated Edition (TKGI): The new release, v1.20.0, introduces significant improvements, including support for private registry access, root CA updates, and enhanced logging capabilities. Notably, TKGI v1.20.0 does not introduce any breaking changes, making it easier for customers to adopt without major disruptions.
2. Security Enhancements: The latest version includes updates to make system pod root file systems read-only, providing an additional layer of security. It also addresses several vulnerabilities identified in previous versions, ensuring that Kubernetes clusters managed through TKGI are more secure and resilient.

VMware Tanzu Data Solutions

1. VMware Tanzu Greenplum®: The minor release of Greenplum 7.3.1 resolves several critical issues, including bugs related to VACUUM of append-optimized tables, sort execution, and recache leaks caused by interrupted ANALYZE operations. These fixes enhance the reliability and performance of Greenplum, making it a more robust choice for data analytics.
2. Tanzu Data Protection: The focus on data protection is evident with updates supporting privileged TKGI containers, providing a secure environment for running sensitive workloads.

Security and Governance Updates

Security and governance are integral to the VMware Tanzu ecosystem. The Tanzu Security team diligently reviews each product release to identify security vulnerabilities and governance issues. Highlights from the August 2024 security updates include the resolution of several Common Vulnerabilities and Exposures (CVEs) across different components:

1. Stemcells (Ubuntu Jammy): Multiple CVEs have been addressed, including those affecting the Linux kernel, snapd, Tomcat, QEMU, and .NET. These updates are crucial for maintaining the security and integrity of the underlying infrastructure.
2. Linux Kernel Vulnerabilities: Several CVEs ranging from low to high severity have been resolved, reducing the risk of exploits and improving the overall security posture of VMware Tanzu environments.
3. Application Security: Updates to BusyBox and other application components ensure that applications running on VMware Tanzu are protected from known vulnerabilities, reducing the attack surface and enhancing security resilience.

Example. Enhancing Security in a Multi-Cloud Environment

To illustrate the impact of these updates, consider a large enterprise that operates across multiple cloud environments, including on-premises, AWS, and Azure. The enterprise can achieve centralized visibility and control over its Kubernetes clusters by utilizing VMware Tanzu Mission Control and the latest security integrations with CrowdStrike Falcon. The seamless integration enables security teams to detect and respond to threats more effectively, reducing the time to remediate vulnerabilities and ensuring compliance with industry standards.

For instance, with the new enhancements in TKGI v1.20.0, the enterprise can deploy private registry access for its Kubernetes clusters, ensuring that only approved container images are used. This reduces the risk of running unverified or malicious containers, enhancing the security of the deployment pipeline. Moreover, by utilizing Tanzu Guardrails, the organization can enforce security policies consistently across all clusters, irrespective of their location, ensuring that security is embedded into the development process from the outset.

Conclusion

The August 2024 edition of VMware Tanzu What's New highlights VMware's ongoing commitment to innovation, security, and customer satisfaction. The transition to the VMware Tanzu Platform Console represents a significant step towards a more integrated and user-friendly experience, while the latest product releases and security updates demonstrate VMware's dedication to maintaining a secure and resilient platform for modern applications. As organizations continue to embrace cloud-native technologies, VMware Tanzu remains a trusted partner, providing the tools and services needed to navigate the complexities of the digital transformation journey.

Reference

VMware Documentation.

• Official Documentation: Apps & Cloud Management Tech Zone