VMware Cloud Services Providers (CSP) drive technology leadership in the private, public, and multi-cloud, and we continue to expand our comprehensive portfolio of products and capabilities to align with the needs of our partner and customer communities.
These solution offerings allow our partners to build, customize, and differentiate their cloud services for their customers, who need to deliver solutions that leverage the various benefits of multi-cloud or for public sector businesses and highly regulated industries that require sovereign clouds.
By using VMware solutions, our partners reduce the ‘cloud chaos’ that many customers are experiencing by providing a more sophisticated and mature approach to building their applications in the right cloud with the proper security and innovation.
By leveraging a consistent, unified enterprise infrastructure architecture that delivers modern application support as well as traditional application services, customers benefit from accelerated application development with fewer friction points and security concerns, simplified and global operations across infrastructure, applications, and endpoints, and a scalable, flexible subscription model to achieve faster ROI and lower TCO.
This year at VMware Explore 2023 Las Vegas, the VMware Cloud Services Provider team is excited to announce more innovation in several areas, empowering the customer cloud smart journey as they continue to create, shift, or repatriate their applications between dedicated private, public, and hybrid multi-clouds. VMware continues to be focused on further strengthening and expanding our partner ecosystem while simplifying the accessibility of our partner solutions to customers, so they can bring solutions to the market faster
Let’s look at some of the innovations and what they mean for you as a Cloud Services Provider and for your tenant customers.
Core Infrastructure Services
Drive cloud consumption with 3 tier RBAC partnerships & white-label services
White labeling is a crucial requirement for VMware Cloud Services Providers dealing with other managed service providers running services within their infrastructure. This 3-tier role-based access control feature (expected later in CY2023) will allow partners to deliver cloud resources to other partners and allow them complete control and customization of their services to their customers. This will allow the ‘parent’ partner to grow their cloud consumption significantly as their ‘child’ partners will scale out their services to customers.
In addition, ‘child’ partners will inherit the Cloud Verified badge as their solutions are running on a ‘parent’ partner Cloud Verified infrastructure. The badging will help drive additional demand and signify the quality of the service infrastructure.
Private cloud simplified with VMware Cloud Foundation Workload Domains
VMware Cloud Services Providers now have critical additional capabilities for their tenant workloads with the capabilities delivered in VMware Cloud Foundation 5.0. As discussed in the launch blog, cloud services providers can now create isolated single sign-on (SSO) workload domains, which improve workload isolation for dedicated private-cloud / sovereign tenants or tenants with different SSO domain requirements.
Cloud services providers have more flexibility with their deployments under this new deployment model, and more scalability with support for up to 24 workload domains per VCF instance using Cloud Director on top to deliver a sustainable, optimized model for private cloud. Learn more about the workload domain improvements in this architecture blog.
Innovative cloud services with NVIDIA GPU as a Service
VMware Cloud Foundation also delivers expanded capabilities in AI/ML workload support. With the support of the NVIDIA AI Enterprise Suite, NVIDIA Ampere A100 and A30 GPUs can now be configured with VMware Cloud Foundation to support AI/ML workloads, which can then be offered by VMware Cloud Director, if used, in a multi-tenant (line of business) situation within customers.
Cloud services providers can now extend their software-defined private or sovereign cloud platforms to support a flexible and easily scalable AI-ready infrastructure, delivering as-a-service offerings in these rapidly growing markets. Learn more about the available AI solutions and how you can leverage VMware AI/ML solutions for your tenants with this video blog.
Optimized storage with vSAN ESA and HCI Mesh Disaggregated Storage
VMware vSAN has delivered critical updates over the last year, especially around the all-new vSAN Express Storage Architecture (ESA) designed to take advantage of ongoing and future optimizations for high-performance all-flash storage. Also, HCI Mesh enhancements allow cloud services providers to optimize storage utilization in HCI clusters by sharing storage across vSAN clusters. Partners leverage HCI Mesh to link disaggregated HCI clusters that provide highly performant and scalable storage for any vSphere-based workloads, including database workloads, while eliminating islands of inaccessible storage stranded in compute-heavy HCI clusters.
With the upcoming release of vSAN 8 Update 2, available later in H2 CY2023 for VMware Cloud Services Providers, partners will now be able to leverage vSAN ESA datastores for native NFS and SMB file services, offering full parity with native file services that were available under the vSAN Original Storage Architecture (OSA). Additional scale, performance, and management enhancements in this release will allow providers to leverage their storage investments further from vSAN ReadyNode vendor partners, such as the ability to run up to ~500 VMs per host, an 150% increase over prior releases.
Modern Application Services
For many partners and their customers, modern applications are at the forefront of their cloud journey. But developing, deploying, and securing cloud-native applications is not easy. For example, “95% of organizations have difficulty selecting, deploying, and managing Kubernetes, and 94% are concerned about the state of open-source software (OSS) in production due to security concerns.”1
Deliver multi-tenant Kubernetes Clusters as a Service
VMware has delivered several modern application services over the past year to address the needs of modern workloads, and we have seen many announcements since then. These include the software transitions to end of availability for the Tanzu Basic and Tanzu Standard offerings, in favor of the more feature-rich Tanzu Kubernetes for Operations built on Tanzu Mission Control Advanced and Tanzu Service Mesh Advanced (for providers, accessed separately today but will be offered together in the future).
Tanzu Kubernetes Grid (TKG) has also evolved with the release of TKG 2.0 and its additional OSS package offerings:
- Ingress controller with Contour
- Container registry with Harbor
- Pod Network interface with Multus and Whereabouts
- Observability with Prometheus and Grafana
- Log Forwarding with Fluent Bit
- Snapshots with Velero
- Continuous delivery with Flux
These additional offerings provide developer guardrails in terms of supported apps to use and suit better modern application workload requirements of a provider’s tenant workloads, including high availability with multi-AZ support, and Kubernetes autoscaling improvements, all supported with the Cloud Director Container Service Extension 4.1.
Innovate with Application-focused SaaS solutions
Separately, Cloud Services Providers – SaaS partners now have new managed services offerings, including Aria Operations for Applications to offer centralized visibility, monitoring, and troubleshooting for modern applications. VMware reports that 97% of respondents surveyed reported challenges monitoring cloud application environments, and 93% reported that cloud environments had become more complex than it was 5 years ago.2 Developed and delivered as a cloud-native observability platform, Aria Operations for Applications is purpose-built to support the needs of modern cloud applications as well as traditional applications, at scale, and addresses the key issue that over 80% of IT professionals agree on: legacy monitoring tools are inadequate for observing modern cloud applications. Aria Operations for Applications delivers full-stack enterprise visibility by ingesting, analyzing, and visualizing metrics, traces, and logs from distributed applications, containers, microservices, any cloud infrastructure even business data. Powerful and flexible analytics allow tenants to observe exactly what they need from the environment, using the Wavefront Query Language, which has over 110 queries, and the over 250 application integrations.
With Tanzu Service Mesh, partners can offer advanced, end-to-end connectivity, security, and insights for their tenant’s modern applications – across application end-users, microservices, APIs, and data. Tanzu Service Mesh abstracts the service mesh from the modern applications, clouds, and infrastructure that they are tied to, so DevSecOps teams can have a globally available, reliable service mesh for discovery, visibility, control, and security across clusters, clouds, and workload types wherever those workloads reside. Tanzu Service Mesh helps deliver critical modern application connectivity for partners who are building out or have an established modern application services cloud for their customers. With Tanzu Service Mesh, partners can offer these important capabilities for modern applications as self-managed or fully-managed services offerings for their tenants:
- A global namespace for all microservices and APIs needing routing and security
- More secure end-to-end encryption of APIs endpoint communications, both for north-south API communications across clouds and at the edge, and east-west communications between microservices
- Centralized visibility, drift detection alerts, and remediation of API abnormalities
- Large-scale multi-tenancy for enterprise partner environments
- Faster application delivery through consistent, centralized, and policy-driven connectivity
Together, these solutions allow our Cloud Services Providers to provide complete visibility and control across the entire Kubernetes estate of a tenant’s environment.
Deliver dedicated air-gapped Sovereign Cloud innovation
We are supporting our Sovereign Cloud providers and the needs of sensitive workloads and those which require regulatory compliance and data sovereignty with air-gapped, dedicated cloud support for on-premises Tanzu Mission Control with or without Cloud Director to manage tenant Kubernetes clusters at scale. This is expected to be available later in FY2024. VMware has a local version of the SaaS service for providers to deploy on-premises in a disconnected mode for their regulated tenants. Selected tenants can consume Tanzu Mission Control functionality using Cloud Director with Container Service Extension 4.1 and above in a multi-tenant safe way. To learn more about the offering and participate in the technical preview of the Tanzu Mission Control self-managed with VMware Cloud Director, providers can enroll through the tech preview community site.
On-premises autoscaling on demand for K8s clusters
With Horizontal Pod Autoscaler – a community driven Kubernetes project – now natively supported using Container Service Extension, providers can now offer enhanced services that meet the modern application demands of their tenants. Providers can offer better SLAs that ease the decisional fatigue for their tenants to project their demands and costs. Running applications optimally means the environment can handle the spikes and dips of application demand efficiently, which not only enables continued resource availability but also enables optimal resource utilization and thus cost optimization. Read more about the design, requirements, and implementation of cluster autoscaling in this whitepaper.
Networking and Security Services
VMware Cloud Director, now at version 10.5, continues to expand the capabilities around networking and security for our Cloud Services Providers and their tenants.
Offer improved application availability
This latest release enhances capabilities that are offered by VMware NSX Advanced Load Balancer (ALB), including tenant self-service support for configurable HTTP policies, improved provider reporting of NSX usage, and simplified NSX ALB licensing for VCD with the latest release of Usage Meter. These changes deliver improved management and load-balancing service capabilities for their tenants while simplifying the deployment and usage reporting of NSX controllers for tenant workloads.
Improved IP management and data center networking
IP spaces migration is also available with this release, giving providers a tool to effortlessly migrate a tenant’s outdated IP blocks to cutting-edge IP spaces. Additional details regarding other released VCD capabilities for networking and security discussed in this blog can be further read up on in the individual blogs for each of the topics, including IP Spaces migration, NSX Federation, and Tanzu Service Mesh.
Reduce operational routing task time
BGP enhancements include the addition of a “Community List” and “Route Maps” tabs allowing customers to define extra configurations for route redistribution through the newly introduced BGP route maps tab. These route maps are exclusively accessible to provider gateways employing IP spaces, users can establish route maps containing IP prefixes and community lists, which are defined on the provider gateway.
Solving critical key management requirements
In today’s world, more and more customers insist on managing and bringing their own encryption keys and having operational independence from their providers. This is especially important and critical when it comes to data sovereignty, where regulated and government tenants are looking for providers to build zero-trust environments to maintain full ownership and control of their sensitive and confidential data at all times. In collaboration with our 3rd party best in class ISV ecosystem partners, we are performing a tech preview of Bring Your Own Encryption as a Service offering as part of the Cloud Director platform. This security offering is fully compliant with security requirements for highly regulated industries deploying solutions using a zero-trust security model. Tenants can bring their own encryption keys (BYOK) and/or their own key management system (BYOKMS) when creating and encrypting VMs. Our Cloud Services Providers, including our Sovereign Cloud partners, can more securely host the tenants’ key and key management services within their cloud infrastructure, enabling tenants to enjoy more secure access to their VMs without concerns that the partner can access those same VMs or data. To learn more about the offering and participate in the technical preview of the Bring Your Own Encryption as a Service, providers can enroll through the tech preview community site.
Developer Ready Data Services
Much of the efforts for modern application data services in the past year have been directed towards our Sovereign Cloud Services Providers, who are addressing rapidly growing market needs for data privacy, compliance, and security of sensitive, private, and public sector workloads. According to an IDC Global Survey of regulated industries, “Nearly 70% of respondents feel confidential and restricted data is very/extremely vulnerable when stored in a commercial public cloud, and 63% say it is very/extremely important to have a cloud solution that provides complete jurisdictional control and authority over data.”3
Address Big Data storage and analytics services
Since our announcements for Sovereign Cloud services at VMware Explore 2022, our Sovereign Cloud Services Providers have seen many new services released that focus on additional data services to address this demand, including the release of the VMware Data Services Extension (DSE) 1.2 which delivers Sovereign Cloud production-ready solutions for MySQL, Postgres, RabbitMQ, and MongoDB database and data messaging services.
Businesses today – ranging from governments to start-ups – are driven by data. They effectively capture, process, and serve data quickly to gain insights that drive business value. This is done by driving analytic value out of massive sets of disparate data and integrating these data assets to support a wide portfolio of mainly cloud-native applications.
This has caused a surge in the development of data-driven applications, mainly using AI and ML models to drive analytics and inferences. The adoption of AI & ML models to build applications is expected to grow at a rapid rate (a surge of 500% from 2019 to 2023) due to its flexibility and scalability. The growth rate for global AI market size is estimated to grow at a 38% CAGR in the coming years.4 This massive growth brings with it a huge opportunity for infrastructure and technology providers to address the demand.
VMware Cloud Director Content Hub simplifies the app catalog experience
We have also simplified the application catalog experience with the launch of the new Content Hub, which unifies the existing VMware Cloud Director Catalog and App Launchpad features in an integrated experience within VMware Cloud Director 10.5. Providers can now offer their tenants cloud-connected or cloud-disconnected catalogs for use during their modern application development, with a streamlined application-focused interface that allows users to visualize and access catalog content and delivery easily.
Operations Services
Utilize robust metering and chargeback
Additions to the Aria Operations (formerly vRealize) portfolio help our Cloud Services Providers manage the cloud resources consumed by their tenants. VMware Chargeback for our providers is a zero-charge solution extension that enables robust metering and chargeback capabilities for provider and tenant Cloud Director data infrastructure usage through performance and capacity dashboards.
This service enables providers to deliver flexible pricing policies for services offered on their cloud platform and monetize features such as reports, alerts, and metrics as services offered to their tenants.
Assist with Sovereign customers’ compliance
The Sovereign Compliance Pack for Aria Operations is an essential tool for our Sovereign Cloud Services Providers, as it helps them to maintain the sovereign compliant posture required by industry and country regulations. Hence, they can expand their services in highly regulated industries such as the public sector, finance, healthcare, etc. The solution leverages compliance benchmarks based on VMware security best practices (Sovereign Cloud Control checklist & VMware Security configuration guides) and supports regulatory compliance frameworks like ISO, PCI, CIS, FISMA, HIPAA, and DISA. It will detect and automatically report cloud misconfigurations and visualize compliance scores, non-compliant object breakdowns, and associated compliance alerts. Providers can use the solution to generate, schedule, and share audit-friendly Sovereign Cloud Compliance posture reports with tenants.
Along with our ecosystem of partners, Sovereign Cloud providers have a full stack of solutions to better secure, monitor, and report on the health of their cloud services solutions delivered to tenants.
Additional Resources for Cloud Providers
For more information about VMware Cloud Services Provider programs and announcements at VMware Explore, attend one of our sessions and talk to our team to learn more. In addition, stop by the Cloud Services Provider booth at the VMware Expo to learn more about the solutions and talk to experts about how VMware can help you plan and build cloud smart services that meet your tenant requirements, whether in public, private, or sovereign clouds.
Relevant VMware Explore Las Vegas sessions:
CEIB2568LV – VMware Cloud Services Provider Partners Strategy and Roadmap Overview (Wednesday, August 23, 2:00PM)
CEIB2276LV – How to Deliver a Complete Multi-Cloud Service with VMware Cloud Director (Tuesday, August 22, 12:15PM)
CEIB2286LV – Delivering Secure Cloud-Managed Data Services and Compliance (Tuesday, August 22, 12:15PM)
CEIB2294LV – Deliver DRaaS with VMware Cloud Director Availability (Tuesday, August 22, 2:15PM)
CEIB2614LV – Elevate Your Application Modernization Journey with a Developer-Ready Cloud (Wednesday, August 23, 2:30PM)
CEIB2613LV – How VMware Innovation Is Shaping Global Market Agendas (Wednesday, August 23, 3:15PM)
CEIB2296LV – Delivering Application Monitoring Services in Cloud (Thursday, August 24, 12:30PM)
References
1. VMware, The State of Kubernetes 2022, September 2022
2. VMware, State of Observability Report 2022, March 2023
3. IDC Global survey of regulated industries (n=508)
4. Valuates Reports, AI Market Statistics, November 2019