VMware's conversion into a cloud-agnostic management and development platform

Kurt Marko Profile picture for user kmarko September 30, 2020
Can VMWare make the case that it is a better alternative to AWS, Azure and GCP? Let's find out what's on offer.


VMware's strategy has been remarkably consistent since 2017 when it shook off the cloud FUD. I've summarized VMware's strategy and the steps it's taken each year towards a vision that transformed its data center virtualization system into the world of multi-cloud infrastructure. In looking back at my VMworld coverage from 2017, 2018 and 2019, you'll see an evolution from a hybrid- to multi- to container-cloud platform with increasingly sophisticated cross-platform management, security and application development features. Although VMware isn't holding its usual fiesta for customers, partners and the press, this year's online VMworld features similar themes and usual abundance of product announcements, with the usual dose of new wrinkles. 

The digital foundation for cloud-era enterprises

Two years ago, I described VMware's vision as a "multi-cloud substrate for enterprise applications," a concept that the company now describes as "the digital foundation to build, run, manage, connect and protect any app on any cloud on any device." While it doesn't roll off the tongue as easily as "the computer for the rest of us" or "information at your fingertips," VMware's verb-overloaded vision nicely captures its goal of providing an infrastructure-agnostic software layer for both infrastructure administrators and application developers. The three itemized targets in VMware's vision indicate how the company structures its product line, namely:

●         Multi-cloud infrastructure that spans private data centers (vSphere), public cloud services (AWS, Azure, Google, IBM and Oracle Cloud) and encompasses compute, network and storage services.

●         Application development and modernization platforms including a Kubernetes-centric container ecosystem and development PaaS (Pivotal and Spring)

●         Application delivery and client security via VDI o rapp streaming and client device management.

The VMworld product announcements fall into one of these categories, however, several of the most significant spread across the first two, infrastructure and application modernization. Most of the following headline announcements cover additions to existing products, with one notable exception.

Multi-cloud management and security

Since its cloud epiphany, VMware has positioned itself as an enterprise-grade abstraction layer for infrastructure and applications that can expand from its traditional base in virtualized data centers to public cloud infrastructure. What started with the company's ill-fated attempt at operating a VMware-specific cloud (since sold to OVH), reincarnated as VMware Cloud on AWS and has since expanded, with various levels of supported features, to Azure, Google Cloud (GCP), IBM Cloud and Oracle Cloud (OCI). While AWS remains the premier VMware cloud partner, Azure and GCP aren't far behind.

When Google acquired CloudSimple and released VMware Cloud Engine earlier this year it turned GCP into a viable target for hybrid VMware Cloud Foundation implementations. This week's GA of the Azure VMware Solution does the same for Azure. The company also announced new features for its AWS public and Dell private cloud environments, along with support for OCI within VMware's CloudHeath monitoring and cost-optimization product.

VMware continues to fill out its technology portfolio via acquisitions, with the latest being SaltStack, a software and infrastructure configuration management and automation company. SaltStack will be incorporated into the vRealize product line and while it is unclear how VMware will merge the products, it did highlight SaltStack's configuration compliance and vulnerability management features.

VMWare cloud available

VMware also enhanced its line of SaaS products first introduced in 2017 with three significant additions:

●         A DRaaS product that is a rebranded version of the Datrium product that VMware acquired earlier this year. The service creates DR environments on AWS that are controlled via backup policies and automation runbooks. VMware also includes a staging feature similar to AWS's CloudEndure DRaaS that minimizes the cost of standby environments by creating low-cost, limited capacity hosts that can be rapidly activated before the DR backup data is fully copied and that can be replicated to larger production hosts over time.

●         An AIOps product called vRealize AI Cloudthat uses ML to analyze system telemetry to optimize configurations compute (vSphers), storage (vSAN) and network (NSX-T) configurations. 

●         A multi-cloud management software bundle called vRealize Cloud Universal that combines VMware's vRealize Automation, Operations, Log Insight and AIOps features.

Container ecosystem (Tanzu) extension to new cloud environments

VMware has positioned Tanzu, its Kubernetes-based container ecosystem, as a platform for modern enterprise applications and like the rest of its virtual infrastructure, the company is extending Tanzu across all major cloud platforms. It used VMworld to announce updates that bring Tanzu to AWS, Azure and OCI to go with previous support for Google Cloud via GKE.  It also announced a partnership with GitLab designed to streamline Tanzu-based CI/CD automation workflows.

VMWare Tanzu

One of Tanzu's most compelling features is a service mesh to connect and secure microservices used within an application. Unlike some service fabric alternatives, Tanzu supports communication across multiple container clusters and cloud environments, while maintaining a consistent set of security and traffic management policies.VMware featured NVIDIA as a technology partner on several fronts, including bringing NVIDIA's GPU Cloud (NGC) library of containerized AI applications to Tanzu.

Extending VM network services to the edge

Cloud disaggregation, aka distributed cloud or edge computing, in which some cloud services are provisioned outside large data centers closer to data sources and users, is one of the most significant architectural trends of this young decade. AWS Outposts and Wavelength along with Azure Stack Edge are early examples of what will be a dynamic market in the coming years. It's a market for edge services that VMware intends to serve by enabling network services to run on smartNICs via a feature it introduced this week. 

Project Monterey ports the ESXi hypervisor to Arm and allows virtual services to run on cores embedded in smartNICs such as the NVIDIA-Mellanox ConnectX products. Part of the underlying technology in Monterey extends VMware Cloud Foundation to bare metal systems and decouples network, storage, and security functions from the host server. Disaggregating the infrastructure allows offloading storage and network functions from the host processor to smartNIC SoC and enables patching and upgrading these services independently.

NVIDIA is also working with VMware on the first Monterey implementation using its next-generation BlueField-2 DPU (data processing unit), which adds Arm cores to the existing SoC design and will power future ConnectX SmartNICs. Running virtual network functions on the SoC allows offloading network functions including:

●         Network virtualization

●         Packet switching

●         Packet inspection and intrusion detection and prevention

●         Malware filtering

●         Encryption

●         Data compression

●         Load balancing

Offloading network functions to a purpose-built SoC not only reduces CPU overhead, but greatly accelerates performance. For example, NVIDIA claims that running IPSec on the DPU speeds up packet processing by 8-times. VMware is adding embedded APIs for smartNIC developers like NVIDIA and other partners. However, the external interfaces are standard ESXi APIs, making embedded instances look like a bare metal server, allowing application developers to use them without modifying any code.

Source: VMware

Source: NVIDIA

My take

As VMware continues to build a multi-cloud portfolio, its traditional virtualization business seems like a distant memory. However, that legacy lives on in VMware's evolution into a comprehensive software layer bridging multi-cloud infrastructure and applications. While VMware's platform delivers a plethora of features to enterprises trying to piece together heterogeneous hardware, software and cloud components into a cohesive system, maximizing the benefit requires a wholesale commitment to VMware's portfolio, including Cloud Foundation, Tanzu and vRealize. 

Unfortunately, VMware's cloud-agnostic system suffers from problems that besets most abstraction layers: trading one form of lock-in (to the raw platform) for another and eschewing new features intrinsic to each infrastructure platform for the abstracted, homogenized versions provided by VMware. Such trade-offs were fine when one was only using basic IaaS like compute instances, object storage and VPCs, but it's a tougher sell as AWS, Azure and GCP develop new AI, data analytics, DevOps automation, IoT and security services. The further one strays off the VMware platform to exploit these cloud-native innovations, the more integration and debugging work you are biting off. 

As usual, VMworld features an impressive array of enterprise testimonials, however, still unresolved is how many will eventually be cannibalized by a growing array of cloud-native services. Standard isn't always better than better and it's increasingly hard for enterprises to make the case that AWS or Azure aren't good enough. 

A grey colored placeholder image