Tanzu Editions – A Clear explanation

Overview

One of the questions I get asked very often is the differences between the different Tanzu editions.

While the information does exist out there, it is very hard to connect the dots and the sources of information and spread across multiple websites, and PDF files are full of marketing terms that don’t actually give us much real information.

In this blog post, we will discuss what each Edition offers and also, at the end, will discuss where Tanzu Community Edition fits into this story.

Tanzu Editions
The Tanzu ecosystem is packaged as 5 different Editions / Bundles:

1. Tanzu Basic
2. Tanzu Standard
3. Tanzu For Kubernetes Operations
4. Tanzu Advanced
5. Tanzu Community Edition

Each of these editions contains different capabilities, and each one is built to solve the needs of an organization at different stages in its App Modernization journey.

Tanzu Basic

This is the most basic offering in the Tanzu ecosystem and is meant to help organizations start running Kubernetes on their vSphere environment.

This edition includes the ability to run 2 different flavors of Kubernetes, namely TKGm (Tanzu Kubernetes Grid Multi-Cloud) and TKGs (Tanzu Kubernetes Grid Service), otherwise known as vSphere with Tanzu.

While TKGm is supported with the basic edition, it is only supported on vSphere, and you cannot use it on AWS or Azure.

Beyond the Kubernetes distribution itself, you also get support for:

1. Harbor – a container registry
2. Fluent Bit – a tool that enables shipping logs from your Kubernetes clusters to external Logging systems like vRLI, Elasticsearch, etc.
3. Pinniped + Dex – a set of tools that enable AD or OIDC authentication to our Kubernetes clusters
4. NSX ALB (AVI) – an Advanced load balancing solution that enables us to expose our applications from within Kubernetes to the external network.

Tanzu basic is meant to include the bare minimum needed to start playing with Kubernetes in your existing environment.

Once customers start to really productionize their environments and scale their Kubernetes deployments, additional capabilities are needed, which is where the Tanzu Standard Edition comes in.

Tanzu Standard

This is the most common edition we see today being used, and it takes a step up from the basic edition by enabling some more Enterprise level solutions which are needed when productionizing a Kubernetes environment.

Tanzu Standard, unlike Basic, is a multi-cloud offering. This means that we can manage clusters not only on vSphere but also on AWS and Azure. This is a great addition as it allows you to have a consistent Kubernetes ecosystem across clouds. This can greatly help in lessening the difficulties of running Kubernetes in a Multi-Cloud environment, as we can standardize everything to make our clusters as similar as possible and be able to use the same exact tooling and mechanisms to manage our clusters no matter where they are running.

Additional key capabilities which are added in the Standard edition include:

1. Prometheus + Grafana – Industry-standard tools for monitoring Kubernetes clusters and applications.
2. Contour – An ingress controller which allows us to do Layer 7 Load Balancing for our application we want to expose externally from our cluster
3. Velero – A Kubernetes Native backup solution that can backup our Kubernetes objects as well as persistent volumes to any Object Storage.
4. Tanzu Mission Control Standard – a SaaS offering from VMware which enables:

• • A UI for Deploying and managing Tanzu Kubernetes Clusters
  • Central RBAC configuration for all of our Kubernetes Clusters
  • Policy enforcement for Baseline or strict Security policies
  • Running Conformance tests on our clusters and visibility into the results of the tests
  • A UI for managing Backup and Restore operations using Velero
  • A UI for Deploying and managing TKG Packages of software (Prometheus, Grafana, Harbor, Fluent Bit, etc.) onto our clusters
  • Single click Integration for a cluster with Tanzu Observability (Wavefront)
  • Single click Integration for a cluster with Tanzu Service MeshA Terraform provider that enables deploying TKG clusters via Infrastructure As Code.

As you can see, the standard edition adds some really great capabilities and is a great option for organizations with a small to medium scale of Kubernetes clusters that want to have supported solutions for all of the basic enterprise needs when it comes to standing up a Production Ready Kubernetes environment which can run seamlessly in a Multi-Cloud Architecture.

One of the challenges that arise when our Kubernetes Footprint grows is that we need better governance, observability, and networking solutions that can stretch beyond the cluster scope. This is where the TKO (Tanzu For Kubernetes Operations) Offering comes in.

Tanzu For Kubernetes Operations

TKO provides us with some amazing capabilities that truly can be life savers when dealing with large Kubernetes environments.

TKO adds additional tooling and features to help us manage critical aspects of a Kubernetes ecosystem through intuitive and simple mechanisms.

The key capabilities added in TKO include:

1. NSX ALB Advanced – this builds upon the basic NSX ALB in the previous editions and adds capabilities such as Layer 7 Load Balancing (Ingress), WAF and GSLB
2. Tanzu Service Mesh – A SaaS offering that offers a Multi-Cluster managed Service Mesh based on Istio with strong added capabilities above the Open Source Istio, including API protection, Cross Cluster MTLS, Global Namespaces, and much much more.
3. Tanzu Observability (Wavefront) – A SaaS offering that provides a high-performance streaming analytics platform that supports observability for metrics, counters, histograms, and traces/spans. Tanzu Observability can give us true visibility into our entire Kubernetes ecosystem and beyond from a single plane of glass.
4. Tanzu Mission Control Advanced – This builds upon the standard TMC in Tanzu Standard and adds the following capabilities:

• • Custom Security Policies management and enforcement
  • Image Registry Policies management and enforcement
  • Network Policy management and enforcement
  • Quota Policies management and enforcement
  • Custom Policy enforcement using OPA Gatekeeper
  • Policy Insights – visibility into all violations of policies across our entire Kubernetes landscape
  • A UI to run and visualize the results of CIS benchmarks on our clusters
  • A UI to centrally manage Custom RBAC roles and bindings
  • Enhanced integration with Tanzu Observability

As you can see, TKO adds some pretty amazing capabilities which become more and more critical to have as our Kubernetes environments grow in size and complexity. The ability to manage and govern our clusters in a central and auditable way, the ability to get a true deep insight into what is going on within my clusters from a networking perspective as well as from a performance perspective, and last but not least, enhanced Security across all of your Kubernetes clusters is a truly amazing thing and is a really unique offering that VMware provides through the TKO Bundling of products.

While everything we have talked about till now is really awesome and is crucial for a successful Kubernetes strategy to be implemented and maintained over time, we also need to address the difficulties that come along with Kubernetes for our developers. The Editions till now have been about governance and making the operation of a Kubernetes platform easy and secure, but when it comes to trying to give our developers a great Developer experience on the platform in a secure, flexible, and really powerful way, That is where Tanzu Advanced really shines!

Tanzu Advanced

Tanzu Advanced is the most comprehensive edition of Tanzu, and it adds a huge number of additional capabilities to help with building out a full-fledged DevSecOps platform with Developer Experience as a key focus.

Tanzu Advanced builds upon TKO and adds the following additional capabilities:

1. Support for Developer Frameworks, including Spring and Steeltoe
2. Tanzu Data Services – Kubernetes operators for common Data Services like PostgreSQL, MySQL, Greenplum and Gemfire
3. Tanzu Build Service – A Kubernetes operator which allows us to build container images directly from source code without the need to write a Dockerfile, that can consistently patch our images with updated based images, Patches of Runtimes and libraries which is based on the Buildpack technology used in both Heroku and Cloud Foundry that people around the world have come to love and rely on.
4. Tanzu Cloud Native Runtimes – A commercial offering of Knative Serving and Knative Eventing.
5. VMware Application Catalog – A SaaS offering which allows you to build a curated, and secure catalog of container images and Helm Charts based on the Bitnami Open Source offerings. VAC offers full SBOMs and attestation for the build process of our images and charts and you get support on the images and helm charts for the nearly 100 Open Source solutions bundled in the offering, which are consistently patched and updated to address CVEs as well as updates to the provided software.

Tanzu Advanced is really an amazing suite of products that offers a full solution to the entire Kubernetes ecosystem for all of the relevant personas while still giving you amazing flexibility in choosing how to integrate and utilize the tools based on your companies needs.

As we all know, the Kubernetes ecosystem relies heavily on the Open Source community, and Tanzu is no different. All of the editions of Tanzu mentioned above utilize very heavily Open Source Technologies and add on some additional Enterprise features and support.

VMware is very much involved in the Open Source Community and has been really a great example of how to balance between what should be done upstream in the open and what should be Closed source and proprietary.

Not only is VMware active in many CNCF projects that are a part of the Kubernetes Ecosystem, but they have also released an entirely Open Source Edition of Tanzu called Tanzu Community Edition.

Tanzu Community Edition

TCE or in full Tanzu Community Edition is the fully Open Source edition of Tanzu.

TCE includes a lot of the open source components that back the commercial offerings of the Tanzu Portfolio from all of the different editions.

TCE also includes additional features that are currently not available in the commercial offerings of Tanzu such as TCE Unmanaged Clusters which is a way to run a local “Tanzu’ified” cluster on your PC using either KinD or Minikube as the Kubernetes engine.

TCE as a kubernetes distribution is based on the exact same open source framework as the commercial offering of TKGm which is called Tanzu Framework.

In the current state of TCE, it is also pinned to the same SBOM and version of Tanzu Framework as the latest TKGm release. This means that you will get nearly the exact same feature set and UX whether you go with the commercial offering or with TCE as an open source solution.

TCE however is much more then just a distribution of Kubernetes. TCE includes a lot of open source tools that can help you such as:

1. OPA Gatekeeper – This is a very common policy management tool for kubernetes which is the backing technology used in the Policy enforcement capabilities of TMC.
2. Kpack – This is the backing technology of Tanzu Build Service (TBS) which allows you to build container images without Dockerfiles using buildpacks in a kubernetes native way.
3. Knative Serving – This is the Open Source Knative which is used as part of Tanzu Cloud Native Runtimes.
4. Velero – This is the same backup tool that is used for the Data Protection functionality in TMC.
5. FluxCD Source, Kustomize and Helm controllers – these are all Open Source tools that are utilized in other Tanzu products such as Tanzu Application Platform to enable a true GitOps workstream.
6. Cartographer – This is the base operator that backs Tanzu Application Platform and allows you to build Supply Chains in a kubernetes native way.
7. Harbor, External DNS, Grafana, Prometheus, Contour, Fluent Bit, Multus, Whereabouts, and Cert Manager – these are the same technologies that we receive in Tanzu Standard which are packaged as TKGm extensions. In TCE you even can get newer versions sometimes then what we get in TKGm as they still haven’t gone through the entire rigorous testing needed for a commercial offering but can let you get ahead of the curve with cutting edge versions.
8. App Toolkit – This is the Open Source version of Tanzu Application Platform and integrates many of the above mentioned tools, in an easy to install and easy to use manner that makes getting started a matter of minutes.
9. Tanzu Diagnostics – This is a Tanzu CLI plugin that wraps the Open Source CrashD tool to help you in debugging a Kubernetes cluster. This is based on the same tooling as is included with TKGm.
10. Tanzu Conformance – This is yet another Tanzu CLI plugin which utilizes the Sonobuoy tool for running conformance tests against your Kubernetes clusters. This is the same underlying tool that backs the conformance testing capability of TMC.

Beyond all of the tools mentioned above, there is a PR already merged for adding KubeApps as a part of TCE, which will bring the entire Open Source Bitnami Catalog to TCE. this is a large part of the technology that builds up the VMware Application Catalog commercial offering.

As can be seen, TCE is not simply a free Kubernetes distribution. TCE is a full-fledged Open Source Kubernetes Platform that includes solutions and technologies from across the Tanzu stack to give you a truly amazing experience and to give you the tools needed to build out a fully-featured Kubernetes platform based on your needs completely for free!

What About Standalone Product Licensing

While Buying an edition that is suitable for your needs is a great option, sometimes we may not need everything that exists in a specific edition, and we may just want to purchase a single tool or a handful of tools that may stretch across multiple different editions.

Below you can find a table I have built that explains which products exist in every commercial edition as well as which products can be sold as a separate SKU.

Conclusion

As you can see, The Tanzu Portfolio is quite extensive, and the editions really map to the customer’s needs at a given point in time along their app modernization journey.

Whether you are looking for an open-source platform or a commercial offering, and no matter how far along your journey you are in the world of app modernization, Tanzu has a lot of amazing tooling that can help you along the way!

Contributed by Scott Rosenberg, Practice Leader, Cloud Technologies and Automation