One of the questions I get asked very often is on what the differences are between the different Tanzu editions.
While the information does exist out there, it is very hard to connect the dots, and the sources of information and spread across multiple websites and PDF files and are full of marketing terms that don’t actually give us much real information.
In this blog post we will discuss what each Edition offers and also at the end will discuss where Tanzu Community Edition fits in to this story.
The Tanzu ecosystem is packaged as 5 different Editions / Bundles:
- Tanzu Basic
- Tanzu Standard
- Tanzu For Kubernetes Operations
- Tanzu Advanced
- Tanzu Community Edition
Each of these editions contains different capabilities and each one is built to solve the needs of an organization at different stages in their App Modernization journey.
This is the the most basic offering in the Tanzu ecosystem and is meant to help organizations get started running Kubernetes on their vSphere environment.
This edition includes the ability to run 2 different flavours of Kubernetes namely TKGm (Tanzu Kubernetes Grid Multi Cloud) and TKGs (Tanzu Kubernetes Grid Service) otherwise known as vSphere with Tanzu.
While TKGm is supported with the basic edition, it is only supported on vSphere and you cannot use it on AWS or Azure.
Beyond the Kubernetes distribution itself, you also get support for:
- Harbor – a container registry
- Fluent Bit – a tool which enable shipping logs from your kubernetes clusters to external Logging systems like vRLI, Elasticsearch etc.
- Pinniped + Dex – a set of tools that enable AD or OIDC authentication to our kubernetes clusters
- NSX ALB (AVI) – an Advanced load balancing solution which enables us to expose our applications from within kubernetes to the external network.
Tanzu basic is meant to include the bare minimum needed to get started playing with Kubernetes in your existing environment.
Once customers start to really productionize there environments and scale their Kubernetes deployments, additional capabilities are needed which is where the Tanzu Standard Edition comes in.
This is the most common edition we see today being used and it takes a step up from the basic edition by enabling some more Enterprise level solutions which are needed when productionizing a Kubernetes environment.
Tanzu Standard unlike Basic, is a multi-cloud offering. This means that we can manage clusters not only on vSphere, but also on AWS and Azure. This is a great addition as it allows you to have a consistent kubernetes ecosystem across clouds. This can greatly help in lessening the difficulties of running Kubernetes in a Multi Cloud environment, as we can standardize everything to make our clusters as similar as possible and to be able to use the same exact tooling and mechanisms to manage our clusters no matter where they are running.
Additional key capabilities which are added in the Standard edition include:
- Prometheus + Grafana – Industry standard tools for monitoring kubernetes clusters and applications.
- Contour – An ingress controller which allows us to do Layer 7 Load Balancing for our application we want to expose externally from our cluster
- Velero – A Kubernetes Native backup solution which can backup our kubernetes objects as well as persistent volumes to any Object Storage.
- Tanzu Mission Control Standard – a SaaS offering from VMware which enables:
- A UI for Deploying and managing Tanzu Kubernetes Clusters
- Central RBAC configuration for all of our Kubernetes Clusters
- Policy enforcement for Baseline or strict Security policies
- Running Conformance tests on our clusters and visibility into the results of the tests
- A UI for managing Backup and Restore operations using Velero
- A UI for Deploying and managing TKG Packages of software (Prometheus, Grafana, Harbor, Fluent Bit etc.) on to our clusters
- Single click Integration for a cluster with Tanzu Observability (Wavefront)
- Single click Integration for a cluster with Tanzu Service Mesh
- A Terraform provider that enables deploying TKG clusters via Infrastructure As Code.
As you can see, the standard edition adds some really great capabilities and is a great option for organizations with a small to medium scale of kubernetes clusters, that want to have supported solutions for all of the basic enterprise needs when it comes to standing up a Production Ready Kubernetes environment which can run seamlessly in a Multi Cloud Architecture.
One of the challenges that arises when our Kubernetes Footprint grows, is that we need better governance, observability and networking solutions that can stretch beyond the cluster scope. This is where the TKO (Tanzu For Kubernetes Operations) Offering comes in.
Tanzu For Kubernetes Operations
TKO provides us with some amazing capabilities that truly can be life savers when dealing with large Kubernetes environments.
TKO adds additional tooling and features to help us manage critical aspects of a kubernetes ecosystem through intuitive and simple mechanisms.
The key capabilities added in TKO include:
- NSX ALB Advanced – this builds upon the basic NSX ALB in the previous editions and adds capabilities such as Layer 7 Load Balancing (Ingress), WAF and GSLB
- Tanzu Service Mesh – A SaaS offering which offers a Multi Cluster managed Service Mesh based on Istio with strong added capabilities above the Open Source Istio including API protection, Cross Cluster MTLS, Global Namespaces, and much much more.
- Tanzu Observability (Wavefront) – A SaaS offering which provides a high-performance streaming analytics platform that supports observability for metrics, counters, histograms, and traces/spans. Tanzu Observability can give us true visibility into our entire Kubernetes ecosystem and beyond from a single plane of glass.
- Tanzu Mission Control Advanced – This builds upon the standard TMC in Tanzu Standard and adds the following capabilities:
- Custom Security Policies management and enforcement
- Image Registry Policies management and enforcement
- Network Policy management and enforcement
- Quota Policies management and enforcement
- Custom Policy enforcement using OPA Gatekeeper
- Policy Insights – visibility into all violations of policies across our entire Kubernetes landscape
- A UI to run and visualize the results of CIS benchmarks on our clusters
- A UI to centrally manage Custom RBAC roles and bindings
- Enhanced integration with Tanzu Observability
As you can see, TKO adds some pretty amazing capabilities which become more and more critical to have as our Kubernetes environments grow in size and complexity. The ability to manage and govern our clusters in a central and auditable way, the ability to get a true deep insight into what is going on within my clusters from a networking perspective as well as from a performance perspective an last but not leased enhanced Security across all of your Kubernetes clusters is a truly amazing thing and is a really unique offering that VMware provide through the TKO Bundling of products.
While everything we have talked about till now is really awesome, and is crucial for a successful Kubernetes strategy to be implemented and maintained over time, we also need to address the difficulties that come along with Kubernetes for our developers. The Editions till now have been about governance and making the operation of a Kubernetes platform easy and secure but when it comes to trying to give our developers a great Developer experience on the platform, in a secure, flexible and really powerful way, That is where Tanzu Advanced really shines!
Tanzu Advanced is the most comprehensive edition of Tanzu, and it adds a huge number of additional capabilities to help with building out a full fledged DevSecOps platform with Developer Experience as a key focus.
Tanzu Advanced builds upon TKO and adds the following additional capabilities:
- Support for Developer Frameworks including Spring and Steeltoe
- Tanzu Data Services – Kubernetes operators for common Data Services like PostgreSQL, MySQL, Greenplum and Gemfire
- Tanzu Build Service – A Kubernetes operator which allows us to build container images directly from source code without the need to write a Dockerfile, that can consistently patch our images with updated based images, Patches of Runtimes and libraries which is based on the Buildpack technology used in both Heroku and Cloud Foundry that people around the world have come to love and rely on.
- Tanzu Cloud Native Runtimes – A commercial offering of Knative Serving and Knative Eventing.
- VMware Application Catalog – A SaaS offering which allows you to build a curated, and secure catalog of container images and Helm Charts based on the Bitnami Open Source offerings. VAC offers full SBOMs and attestation for the build process of our images and charts and you get support on the images and helm charts for the nearly 100 Open Source solutions bundled in the offering, which are consistently patched and updated to address CVEs as well as updates to the provided software.
Tanzu Advanced is really an amazing suite of products, that offers a full solution to the entire Kubernetes ecosystem for all of the relevant personas, while still giving you amazing flexibility of choosing how to integrate and utilize the tools based on your companies needs.
As we all know, the Kubernetes ecosystem is heavily reliant on the Open Source community and Tanzu is no different. All of the editions of Tanzu mentioned above utilize very heavily Open Source Technologies and add on some additional Enterprise features as well as support.
VMware are very much involved in the Open Source Community and have been really a great example of how to balance between what should be done upstream in the open and what should be Closed source and proprietary.
Not only is VMware active in many CNCF projects, that are a part of the Kubernetes Ecosystem, they have also released an entirely Open Source Edition of Tanzu called Tanzu Community Edition.
Tanzu Community Edition
TCE or in full Tanzu Community Edition is the fully Open Source edition of Tanzu.
TCE includes a lot of the open source components that back the commercial offerings of the Tanzu Portfolio from all of the different editions.
TCE also includes additional features that are currently not available in the commercial offerings of Tanzu such as TCE Unmanaged Clusters which is a way to run a local “Tanzu’ified” cluster on your PC using either KinD or Minikube as the Kubernetes engine.
TCE as a kubernetes distribution is based on the exact same open source framework as the commercial offering of TKGm which is called Tanzu Framework.
In the current state of TCE, it is also pinned to the same SBOM and version of Tanzu Framework as the latest TKGm release. This means that you will get nearly the exact same feature set and UX whether you go with the commercial offering or with TCE as an open source solution.
TCE however is much more then just a distribution of Kubernetes. TCE includes a lot of open source tools that can help you such as:
- OPA Gatekeeper – This is a very common policy management tool for kubernetes which is the backing technology used in the Policy enforcement capabilities of TMC.
- Kpack – This is the backing technology of Tanzu Build Service (TBS) which allows you to build container images without Dockerfiles using buildpacks in a kubernetes native way.
- Knative Serving – This is the Open Source Knative which is used as part of Tanzu Cloud Native Runtimes.
- Velero – This is the same backup tool that is used for the Data Protection functionality in TMC.
- FluxCD Source, Kustomize and Helm controllers – these are all Open Source tools that are utilized in other Tanzu products such as Tanzu Application Platform to enable a true GitOps workstream.
- Cartographer – This is the base operator that backs Tanzu Application Platform and allows you to build Supply Chains in a kubernetes native way.
- Harbor, External DNS, Grafana, Prometheus, Contour, Fluent Bit, Multus, Whereabouts, and Cert Manager – these are the same technologies that we receive in Tanzu Standard which are packaged as TKGm extensions. In TCE you even can get newer versions sometimes then what we get in TKGm as they still haven’t gone through the entire rigorous testing needed for a commercial offering but can let you get ahead of the curve with cutting edge versions.
- App Toolkit – This is the Open Source version of Tanzu Application Platform and integrates many of the above mentioned tools, in an easy to install and easy to use manner that makes getting started a matter of minutes.
- Tanzu Diagnostics – This is a Tanzu CLI plugin that wraps the Open Source CrashD tool to help you in debugging a Kubernetes cluster. This is based on the same tooling as is included with TKGm.
- Tanzu Conformance – This is yet another Tanzu CLI plugin which utilizes the Sonobuoy tool for running conformance tests against your Kubernetes clusters. This is the same underlying tool that backs the conformance testing capability of TMC.
Beyond all of the tools mentioned above, There is a PR already merged for adding KubeApps as a part of TCE which will bring the entire Open Source Bitnami Catalog to TCE. this is a large part of the technology that builds up the VMware Application Catalog commercial offering.
As can be seen, TCE is not simply a free Kubernetes distribution. TCE is a full fledged Open Source Kubernetes Platform that includes solutions and technologies from across the Tanzu stack, to give you a truly amazing experience and to give you the tools needed to build out a fully featured Kubernetes platform based on your needs completely for free!
What About Standalone Product Licensing
While Buying an edition that is suitable for your needs is a great option, sometimes we may not need everything that exists in a specific edition and we may just want to purchase a single tool or a handful of tools that may stretch across multiple different editions.
Bellow you can find a table I have built which explain which products exist in every commercial edition as well as which products can be sold as a separate SKU.
As you can see, The Tanzu Portfolio is quite extensive and the editions really map to the customers needs at a given point in time along their app modernization journey.
Whether you are looking for an open source platform, or a commercial offering, and no matter how far along your journey you are in the world of app modernization, Tanzu has a lot of amazing tooling that can help you along the way!