As we continue into fall and turn our focus to Europe and our VMware Explore 2023 Barcelona conference, VMware continues to deliver innovation and technology leadership for our Sovereign Cloud Services Providers (CSPs) that we have built out over the year. If you missed attending VMware Explore 2023 Las Vegas and hearing about the news, you can read our announcements for that event in our VMware Explore 2023 Las Vegas announcements blog post and post-event blog post summaries.
Today, we are excited to share more about the latest services we deliver for our CSPs. These new services continue to expand our Sovereign Cloud and Developer-Ready cloud portfolios with essential capabilities that address the needs of partners who must deliver solutions within highly regulated and sovereign-compliant business sectors, such as finance, public sector, and healthcare. In an era where data breaches loom large and regulatory mandates continue to evolve, VMware Sovereign Cloud stands guard, ensuring the inviolability of information while also helping customers unlock the true potential of VMware Cloud to accelerate operations, simplify application development, and serve as a launchpad for next-generation innovation.
These new services continue to expand the use cases for partner clouds and, in turn, help deliver new service revenue and income streams while also optimizing existing capabilities and infrastructure services. Wherever a customer is on their cloud journey, VMware solutions delivered by our Sovereign Cloud partners can help them address their workload requirements while maintaining data sovereignty and jurisdictional control mandates
Innovation to Core Provider Services for Sovereign Cloud Services Providers
Our Sovereign Cloud and Cloud Services Providers continue to deliver critically important services and solutions for our highly regulated customers, and we have been listening to the needs of our partners as we build out new capabilities in our VMware Cloud Director platform.
VMware Cloud Director Innovation That Never Stops
VMware Cloud Director, our robust multi-tenant provider platform, continues to pump out exciting capabilities for our Sovereign Cloud Services Providers. In April, we launched VCD 10.4.2, which delivered the vTPM (virtual trusted platform module) support for our sovereign partners. This important security capability helps secure virtual machines from unauthorized access. Read more about the capabilities in this deep dive. The release also allows VMware Cloud Director to function as an identity provider proxy server, empowering our providers to streamline user authentication for cloud-based services to offer a more secure and hassle-free experience for their tenants. By acting as a middleman between users and the identity provider, VMware Cloud Director simplifies the authentication process, reducing the burden on the identity provider. Lastly, it incorporates the latest in vSAN HCI mesh capabilities so partners can have efficient utilization and consumption of datacenter resources. This approach streamlines storage management at scale, allowing Cloud Services Providers to take advantage of VMware storage policy for intelligent virtual machine placement that helps them ensure the integrity of data in the remote vSAN datastore or in other datastores permitted by the storage policy.
VCD 10.5, released in July, further expands networking capabilities around NSX, IP spaces migration, NSX ALB (application load balancer), and more. This release also introduced the all-new Content Hub, the evolution of application repository management to simplify the multi-tenant delivery of application repository content such as images and OSS components.
Now, we are thrilled to introduce groundbreaking features that empower our partners like never before. Our upcoming VCD 10.5.1 will deliver new security capabilities, with Bring Your Own Key (BYOK) and BYOKMS options to give you complete control over data security. The release also delivers the new concept of Sub-Provider Tenants, which enables self-service tenant management for partners who work with sub-partner organizations who, in turn, ultimately deliver capabilities to their tenants. Finally, safeguard your web applications with the integrated NSX ALB Web Application Firewall (WAF), and access tenant logs effortlessly based on Virtual Services. With enhancing networking, certificates, and sovereign improvements, VMware Cloud Director 10.5.1 is the gateway to a more flexible, secure, and high-performance cloud experience!
Sovereign Cloud Innovation for Modern Applications and Data
As previously announced at VMware Explore 2022 Europe, VMware delivered a foundational step for modern application workloads within sovereign clouds with the launch of sovereign-compliant developer-ready solutions around Tanzu Kubernetes Grid, VMware Data Solutions, Tanzu Application Platform, and Aria Compliance for Sovereign Clouds. With these solutions, Sovereign Cloud Services Providers can now quickly and efficiently onboard Kubernetes workloads onto their clouds using an enterprise-ready, compliant Kubernetes runtime hosted and managed by the sovereign partner.
- Tanzu Kubernetes Grid, deployed as a local cloud-disconnected package, lets partners offer a fully managed or self-managed Kubernetes as a Service for highly regulated workloads while ensuring enterprise-level compliance and security.
- VMware Data Solutions offers a portfolio of data messaging, database, and caching solutions that allow partners to build scalable, compliant, and conformant data management services around RabbitMQ and SQL database solutions.
- Tanzu Application Platform, our enterprise end-to-end integrated platform for modern application development, allows faster, more secure pathways to production by delivering a rich set of developer tooling and pre-paved paths to production. Delivered as an air-gapped solution for sovereign data compliance, partners can improve productivity, security, and scale for application development teams during their cloud-native application development lifecycles.
This year, we have expanded our services with additional service capabilities for each area above. These new services fill essential gaps in the portfolio that Sovereign Cloud Services Providers need when offering their services for application workloads in regulated environments.
Improved capabilities for sovereign-compliant Kubernetes clusters in Container Service Extension
Kubernetes container services capabilities delivered this year through our latest VMware Cloud Director Container Service Extension release also include support for several new capabilities that Sovereign Cloud Services Providers and their tenants can benefit from deploying for their cloud-native application workloads. These include:
- Tanzu Kubernetes Grid 2.0 (TKG 2.0) and enhanced open-source software (OSS) components – As requirements for container workloads have shifted for our customers, VMware has evolved our Tanzu Kubernetes Grid offering to address these demands. TKG 2.0 and its additional OSS package offerings help bridge the gap in several key areas, such as observability, load balancing, and data protection. These additional OSS components provide improved developer guardrails that a partner’s customers can use to address modern application workload requirements.
- Air-gapped Kubernetes cluster deployments – With CSE 4.1 now supporting local repositories for requisite software images, partners can offer tenants in highly regulated industries the ability to deploy more secure container-based workloads without requiring SaaS or Internet dependencies. Along with the all-new Content Hub, a central portal of image repositories that can be leveraged to help visualize access and deployment of software needed for modern applications, partners can deliver a completely sovereign-compliant Container-as-a-Service offering that can benefit workloads spanning several regulated industries, such as healthcare, public sector, and financial services. Read more about how to set up air-gapped Kubernetes deployments here, and about the new Content Hub capabilities here.
- Horizontal Auto Scaling of Kubernetes (K8s) clusters using Horizontal Pod Autoscaler – Started as a community-driven Kubernetes project, it is now natively supported with VMware Cloud Director Container Service Extension. This enhancement helps partners meet the modern application demands of their tenants at scale. Providers can offer better SLAs that ease the decisional fatigue for their tenants to project their demands and costs. Running applications optimally means the environment can efficiently handle the spikes and dips of application demand, enabling continued resource availability and optimal resource utilization and, thus, cost optimization. Read more about the design, requirements, and implementation of cluster autoscaling in this whitepaper, and more regarding this feature release via this blog.
- Cluster high availability using Multi-Availability Zone (Multi-AZ) support – Enable robust availability of critical container-based applications in the event of site outages. By leveraging VMware Cloud Director placement policies to deliver applications across multiple failure domains, critical workloads can ensure they survive a severe outage at a site. Using this service capability is an easy way to expand partner services revenue and improve partner infrastructure consumption while simultaneously addressing enterprise-grade capabilities for a tenant’s critical workloads. Read more about this capability in this whitepaper.
Centralized management of tenant Kubernetes cluster deployments
We are proud to announce that Tanzu Mission Control Self-Managed has now reached general availability and is fully available for our Sovereign Cloud Services Providers to address the needs of Kubernetes management at multi-tenant scale. With this offering now available on-premises without the need for Internet or SaaS connectivity, partners can not only offer sovereign-compliant Kubernetes containers as a service, but they can also directly deliver centralized container management for our regulated customer workloads at scale – purpose-built and designed to integrate with multi-tenant VMware Cloud Director and Container Service Extension for simple and more secure Kubernetes cluster management. Offered as a self-managed or fully managed service to tenants, partners can leverage Tanzu Mission Control Self-Managed for their tenant DevOps and Application teams to break down knowledge silos by abstracting away the need to know multiple Kubernetes cluster management consoles, improve efficiency using templates and GitOps for consistent and faster cluster deployments, and increase security by driving centralized policies to ensure global security for one or all clusters. To learn more about the capabilities of Tanzu Mission Control Self-Managed, watch this Feature Friday episode.
Additional Database and Big Data Capabilities for Modern Database Applications
Since the initial release of our VMware Data Solutions for RabbitMQ and SQL server for Sovereign Cloud Services Providers, VMware has brought online new self-service database offerings for our sovereign partners to offer to capture sovereign enterprise workloads to their clouds. With the release of VMware Cloud Director extension for VMware Data Solutions 1.2, additional database support is available for workloads requiring MySQL, PostgreSQL, and MongoDB databases. As these solutions are based on our VMware Tanzu Kubernetes Cluster capabilities, partners can offer a variety of additional add-on services as outlined previously, including high availability, data protection, and data accessibility at scale. Check out our technical blog and video demo for more details.
Additionally, VMware is thrilled to announce NetApp as our latest data ecosystem partner, offering Object Storage as a Service with NetApp StorageGRID technology. NetApp StorageGRID offers a fully S3-compliant storage solution that supports a wide range of Sovereign Cloud use cases, including data lakes, real-time messaging, and more, with data durability and high availability, more secure multitenancy, horizontal scalability, and data protection. The solution delivers full compatibility in its native support for industry-standard APIs like Amazon S3 API, enabling smooth interoperability across diverse Sovereign Cloud environments, and unique innovations such as automated lifecycle management help ensure more cost-effective safeguarding, storage, and long-term preservation of customers’ unstructured data. Learn More
To continue the momentum, we are pleased to share that VMware and Scality embarked on a joint engineering project to develop Scality RING. Scality RING offers cyber-resilient enterprise-grade S3-compatible object Storage integrated into VMware Cloud Director. Cloud Services Providers can create modern cloud data centers by choosing RING for a wide range of use cases such as backup-as-a-service, ransomware protection-as-a-service, and big data analytics. The solution offers sovereign cloud-centric features such as immutable object-locking, intelligent data durability, and erasure coding to support a wide range of compliance and regulatory requirements. Learn more
VMware Cloud Director Availability has matured in its capabilities significantly in the past few years. It has introduced ground-breaking disaster recovery and migration features such as 1Min RPO, One Click Migration, and vSphere DR and migration capability to empower Cloud Services Providers to scale their cloud services offering. In the upcoming release, Cloud Service Providers will be able to reassign storage policy during recovery, set a different storage policy for each virtual machine, and perform pre-execution validation of the recovery plan. Overall, VMware Cloud Director Availability is continually enriching features to reduce downtime, improve failover and failback processes, enhance end-to-end encryption, and solidify multi-tenancy capabilities for site pairing, storage, and more. Learn More
IDC interviewed VMware partners about using VMware Cloud Director Availability to serve their customers and run their businesses. These VMware partners, with unique business models and customer bases, reported that VCDA has helped them establish and maintain critical differentiation in service quality and availability. The result for these partners has been improved business results, as VCDA enables them to deliver new services, increase the value of existing customer engagements, and provide a better customer experience. IDC calculates that the VMware partners interviewed for this study see 22% overall higher revenue driven by VMware technologies and 57% faster onboarding of new customers, 92% RPO reduction and 84% RTO reduction with VMware Cloud Director Availability. Learn More
Bring Your Own Encryption Service Tech Preview
Amid the rapid digital transformation across industries, businesses have become increasingly conscious of their data security, especially when utilizing cloud services. VMware’s new solution add-on for Cloud Director highlights this shift, enabling providers to offer tenants a “Bring Your Own Key (BYOK)” service for VM encryption. In tech preview, this enhancement allows for heightened data protection, as tenants can now bring and use their own encryption keys, enabling data privacy and compliance. This BYOK feature resonates with market demands, particularly in finance, healthcare, and government sectors where data security regulations are stringent and Sovereign guidelines apply.
The “Bring Your Own Key (BYOK)” service for Cloud Director is built on a foundational principle: allowing tenants greater control over their encryption keys while leveraging the cloud infrastructure. Before this feature addition, the traditional encryption process in cloud environments involved the cloud provider generating and managing the encryption keys, which was a concern for enterprises that were cautious about third-party access to their data.
Key Management Service (KMS) Integration: At its core, the BYOK functionality relies on integration with an external KMS and, in reality, is a BYO KMS solution. A KMS creates, manages, and stores encryption keys. VMware’s Cloud Director has built-in support to interface with popular KMS solutions using KMIP protocol. The integration involves establishing a trust relationship using mutual SSL/TLS, enabling more secure communication.
Encryption Process: Once a tenant’s KMS is integrated, the tenant provides the encryption key’s unique identifier (often referred to as a Key ID) to Cloud Director. When a VM is to be encrypted, Cloud Director requests the actual encryption key from the KMS using the Key ID. The key is never stored persistently within Cloud Director, enhancing security. Instead, it’s used transiently to encrypt the VM’s data and discarded.
VM Lifecycle Management: During VM operations like power-on, migration, or cloning, Cloud Director fetches the key from the KMS again as required. The process is transparent to the end users while the data remains encrypted at rest and during certain VM operations.
A significant advantage of this BYOK solution is its inherent support for multi-tenancy. Each provider’s tenant can utilize different KMS solutions or separate key configurations within the same Cloud Director environment. This flexibility is vital for Cloud Services Providers catering to a diverse clientele with varied security requirements.
In addition to the BYOK tech preview, we are also excited to announce our latest security ecosystem partner solution, Thales Group CipherTrust Manager. Built upon cutting-edge cloud technologies, CipherTrust Manager represents a cloud-attuned key management solution, where it’s REST interface paired with a microservice-based architecture delivers simplified deployment and inherent scalability. CipherTrust Manager, along with BYOK, paves the way for Sovereign tenants to use their own encryption keys, or even their entire key management system, during the virtual machine creation and encryption process. Providers can anchor this Sovereign service within their Sovereign Cloud infrastructure and remain blind to encryption key access – a privilege solely reserved for their customers. The service enables providers to maintain zero visibility into the encryption keys, so they, and the data, remain strictly within a customer’s control. Check out our solution brief here for more details
Additional VMware Explore Resources for Cloud Services Providers
To get more information about VMware Cloud Services Provider programs and announcements at VMware Explore 2023 Barcelona, attend one of our sessions and talk to our team to learn more. In addition, stop by the Cloud Services Provider booth at the VMware Expo to learn more about the solutions and talk to experts about how VMware can help you plan and build cloud smart services that meet your tenant requirements, whether in public, private, or sovereign clouds.
Relevant VMware Explore Barcelona breakout, meet the experts, and theater sessions:
CEIB1221BCN – VMware Cloud Services Provider Partners Strategy and Roadmap (Tuesday, 7 November, 12:30 PM CET)
CEIB1648BCN – Building for the future with VMware Cloud Foundation and VMware Cloud Director (Tuesday, 7 November, 13:00 CET)
CEIB1214BCN – How VMware Innovation Is Shaping Global Market Agendas with Sovereign Cloud (Tuesday, 7 November, 13:00 CET)
CEIB1217BCN – Elevate Your App Modernization Journey with Developer-Ready Cloud (Tuesday, 7 November, 14:15 CET)
CEIB1345BCN – 3 Ways to Craft a Secure, Resilient and Cost-Effective IaaS Across Multi-Cloud with VMware Cloud (Tuesday, 7 November, 14:15 CET)
CEIB1216BCN – Sovereign-Compliant, Tenant-Managed Encryption and KMS Leveraging VMware Cloud Director (Wednesday, 8 November, 15:15 CET)
PAR2585BCN – Sovereignty Opportunities for EMEA Cloud Providers (Wednesday, 8 November, 11:00 CET)
CEIM1225BCN – NSX V-T Migration with VMware Cloud Director Is Far from Being a Complex Process (Refer to the Content Catalog for details regarding date and time)
CEIM1077BCN – AMA – Architect and Manage Thousands of Edge Sites with VMware Cloud Director/VMware Cloud Foundation (Refer to the Content Catalog for details regarding date and time)
CXS1206BCN – VMware Cloud Services Provider Platform End-to-End Architecture (Wednesday, 8 November, 12:00 CET)
VBT2599BCN – Accelerating Cloud Transformation: Running your VMware Cloud Editions in the Cloud (Thursday, 9 November 11:00 AM CET)
VMware makes no guarantee that services announced in preview or beta will become available at a future date. The information in this article is for informational purposes only and may not be incorporated into any contract. This article may contain hyperlinks to non-VMware websites that are created and maintained by third parties who are solely responsible for the content on such websites.
