In december I had a blogpost about the battle for Hybrid PaaS services https://msandbu.org/the-battle-for-hybrid-paas-is-here/ where I described some of the capabilities that the different cloud providers are aiming for when it comes to Hybrid PaaS services such as Google Anthos, Azure Arc and Amazon Outposts. So I wanted to do a update on that part and also look at the battel for hybrid Kubernetes based solutions, and also touch upon the VMware offering called Tanzu Mission Control which is similiar to what Google Anthos is providing and also Azure Arc.
Could also have used the title for this post “Where do you want your management plane”? Since that is core of the post from the different vendors.
The premise of these three products from the vendors are the same, provide a hybrid Kubernetes solution managed from the cloud. This allows your workloads and data to run anywhere you want, but having a consistent management plane across all different platform running on different locations.
VMware Tanzu Mission Control and Ecosystem
As part of the Tanzu platform or ecosystem if you will, is the Misson Control service which will allow for mult-cloud management of Kubernetes. Since it has direct integration – either with a VM or on bare metal, in public clouds, through Kubernetes service providers such as Amazon Elastic Kubernetes Service (EKS), Azure Kubernetes Service (AKS), or Google Kubernetes Engine (GKE). Underneath Tanzu is using an open source components called Cluster API –> https://github.com/kubernetes-sigs/cluster-api
Now besides the ability to provide Cluster and Namespace management and also being able to apply Kubernetes policies such as access policy, quota policies, application security policies, back-up and recovery policies.
As part of Tanzu you will only get the management plane. Tanzu as I mentioned is a ecosystem of products and VMware has a range of different other offerings in this ecosystem to provide additional features to enhace the management capabilities such as
- NSX Service Mesh which essentially is Service Mesh as a service, where the controller and management components are running within VMware Cloud. Setting up traditional Service Mech with Istio installation is not the most intuitive, but the onboarding process of NSX Service Mesh simplifies the process significantly. NSX Service Mesh acts as an abstraction layer on many data plane service meshes. This works across Kubernetes clusters, clouds, and third-party service meshes. The architecture is constructed of a local Istio data plane with its own local control plane and a central control plane, which is the NSX Service Mesh service.
- VMware Enterprise PKS which is VMware’s Enterprise Kubernetes Container platform (Which was previosly known as Pivotal Container Service. It provides a production-grade Kubernetes distribution with NSX-T integration, a built-in private registry with enterprise security features and full life cycle management support of the clusters.
So it seems that VMware is focusing heavily on the multi-cloud approach and support the native Kubernetes offerings in addition the Cloud based offerings such as AKS, GKE and EKS. To be able to provide multi-cloud offerings with Service Mesh capabilities and VMware’s own Kubernetes offering to provide native services on top of VMware SDDC. As part of Pivotal, VMware also has a range of different PaaS services that they also will be able to provide to customers moving forward, which I’m guessing will also be part of the cloud service that they will provide. But a big win is the ability to provide seamless-multicloud, network connectivity with service mesh and enterprise grade support. But again supporting multiple cloud vendors and all their differences might be a bit to much to take over.
Google Anthos and Cloud Run
Google Anthos, is Google’s first attempt at hybrid delivery of services. Which essentially delivers GKE on-premises (On VMware) and Configuration Management and Service Mesh on top of it. Where Google provides management and support of the complete Kubernetes enviroment.
Anthos also provides PaaS services using Cloud Run which is powered by Knative which provides functions. Also the latest addition is Migrate for Anthos which is a tool to containerize existing applications to run on Google Kubernetes Engine (GKE). Migrate for Anthos is a service where we can migrate existing applications running on VMware, AWS, Azure, or Compute Engine VMs and you want them to run in containers on GKE. Google’s approach is more that their offering in GKE is the main basis of the solution and the management plane, which VMware providers management support across different providers. Google is known for GKE as being one of the best offerings in the market (https://platform9.com/blog/kubernetes-cloud-services-comparing-gke-eks-and-aks/) so using that at the core, provides a strong foundation, however it is as of now only limited to running in VMware and Google Cloud.
Also that Google can also use GKE On-premises as a foundation to provide their own PaaS services running on-prem enviroments or at the edge. Think that the biggest obstacle is their experience and background with providing support and functionality at the edge running on different hypervisors and platforms.
Azure Arc and Data Services
Microsoft has had a multiple hybrid offerings for a long time, but this is the first time they leverage Azure as the Management plane for true hybrid PaaS services. Azure Arc as of now consists of 3 different services.
- Hybrid Management for Servers (Meaning that you have an agent installed on your servers) in the preview Azure ARC supports. Windows Server 2012 R2 and newerUbuntu 16.04 and 18.04. Where the agent will communicate back to the Azure control plane. As of know the supported features are Policies and reporting, if you want to have more monitoring or security features such as Microsoft Defender ATP and Log Analytics you need to have more agents installed.
- Hybrid Management for Kubernetes which is essentially where the Azure ARC Fabric Controller is running. ARC is running as a Pod within your Kubernetes enviroment where is has access to that you can deploy new servics against the kubernetes enviroment and this also acts as the main cluster management component.
- Hybrid Data Services (Which you can read more about here –> https://azure.microsoft.com/en-us/services/azure-arc/hybrid-data-services/) but it is essentially a way to deliver Azure Services anywhere. Azure SQL Database and Azure Database for PostgreSQL Hyperscale are now available on Azure Arc for private preview. Azure data services on Azure Arc requires you to have a Kubernetes cluster as the orchestrating fabric in your environment to run Azure data services on the hardware of your choice.
The battle for the management planes
So looking at the three vendors, all of them have different approaches when it comes to management planes of Kubernetes workloads. Google’s approach is extending GKE, a known and solid offering to on-premises VMware to provide a managed Kubernetes workload. VMware is focusing on abstracting it away from the underlying platform to provide support for all types of cloud platforms which can also be extended upon using Pivotal Kubernetes as an underlying Container platform. In essence VMware Tanzu is a management plane and with their PaaS services using Cloud Foundry, but can also be extended with Service Mesh. Lastly Microsoft with Azure Arc which also is extending Azure management plane to different platforms, but still a bit behind since it is still in the early beta days. Azure Arc unlike VMware does not provide any integration with the underlying platform but just as a in-guest solution. However Microsoft’s game is also to extend their other management capabilities and security offerings to traditional virtual infrastructure as well.
So it will be interesting moving forward to see who wins the battle of the management plane.