TL Consulting Group

Uncategorised

VMWare - Tanzu Application Platform

Unlocking The Potential of Tanzu Application Platform

Unlocking The Potential of Tanzu Application Platform (TAP – a Multicloud, Portable Kubernetes PaaS) Cloud-native application architecture targets building and running software applications that triumph the flexibility, scalability, and resilience of cloud computing by following the 12 factors, microservices architecture with self-service agile infrastructure offering an API based collaborative and self-healing system. Cloud-native encompasses the various tools and techniques used by software developers today to build applications for the public cloud. Kubernetes is the de-facto standard for container orchestration to build the Cloud Native applications. Undoubtedly Kubernetes is changing the way enterprises manages their infrastructure and application deployments. However, at the core, there is still a clean separation of concerns between the developers and operators. Now comes the new VMWare’s Tanzu Application Platform under the Tanzu Portfolio to address some of the fundamental issues with the developer and operations collaboration issues and provides an effortless path to application deployments in a secure, module, scalable in a portable Kubernetes environment. What is Tanzu Application Platform (TAP)? “A superior multi-cloud developer experience on Kubernetes VMware Tanzu Application Platform is a modular, application-aware platform that provides a rich set of developer tooling and a prepared path to production to build and deploy software quickly and securely on any compliant public cloud or on-premises Kubernetes cluster.” By VMWare Tanzu Application Platform simplifies workflows Tanzu Application Platform simplifies workflows in both the inner loop and outer loop of cloud-native application development and deployments on Kubernetes. A typical inner loop consists of developers writing the code in their local IDE (Integrated development environment), testing, and debugging the application, push and pull the code from a soured code repository, deploying to a development or staging environment, and then making additional code changes based on the continuous feedback. An outer loop consists of the steps to deploy the application to a non-production /production environment and support them over time. In the instance of a cloud-native platform, the outer loop includes activities such as building container images, adding container security, i.e., vulnerability scanning, trust and adding signature and configuring continuous integration (CI) and continuous delivery (CD) pipelines. TAP creates an abstraction layer above the underlying Kubernetes, focusing on portability and reproducibility, avoiding lock-in where possible. Underneath, TAP provides strong support with all the tools required for the build and deployment of the applications in the form of Accelerators and Supply chains Choreographers. TAP can be installed and managed on most of the managed Kubernetes instances like AKS(Azure), EKS(AWS) and GKE (Google Cloud) available in the market as well as any other unmanaged conformant Kubernetes cluster. Developers can even install it on their local Minikube instance as well. TAP also supports an out of the box workflow for DevSecOps based on the best open-source tools. However, there is strong support to customise these workflows with the enterprise-grade/commercial tools of choice. TL Consulting TLConsulting brings its consulting and engineering personnel to application modernisation adoption and implementation by providing range of services – as If you need assistance with your Containers/Kubernetes adoption, please contact us at our kubernetes consulting services  page.

Unlocking The Potential of Tanzu Application Platform Read More »

Uncategorised
Application Security in Kubernetes

“Shift Left” Application Security in Kubernetes with Open Policy Agent (OPA) and Tanzu Mission Control (TMC)

“Shift Left” Application Security in Kubernetes with Open Policy Agent (OPA) and Tanzu Mission Control (TMC) To secure a Kubernetes environment, we must adopt the “shift left” security approach right from the initial phases of the development, rather than wait for the deployment to complete and focus on the security at later stages of the build. Kubernetes security is constantly evolving with new features to strengthen both the application and cluster security. Kubernetes offers several mechanisms to administer security within the cluster. Some of these include enforcing resource limits, API security, standardizing containers, auditing and so on. Here we will discuss one of such mechanism, which helps to implement the shift left security in a Kubernetes cluster. What is OPA? Open Policy Agent (OPA) is an open-source policy engine that provides a way of manifesting the policies declaratively as code, which helps to ease out some of the decision-making processes with the Kubernetes cluster end users, such as developers, operations teams without impacting the agility of the development. OPA uses a policy language called Rego, which allows you to write policies as code for various services like Kubernetes, CI/CD, Chef, and Terraform using the same language. OPA enforces the separation of concern by decoupling the decision-making from the core business logic of the applications. OPA Workflow: OPA provides centralized policy management and generates policy decisions by evaluating the input data against policies (written in Rego) and data (in JSON) through RESTful APIs. Here we have some of the example policies we can enforce using OPA: Which users can access which resources? Which subnets egress traffic is allowed to? Include node and pod (anti-), affinity selectors, on Deployments Which clusters a workload must be deployed to? Ensure all the images come from a trusted registry Which OS capabilities a container can execute with. Implementing Kubernetes Admission Controllers to validate API requests. Allowing or denying Terraform changes based on compliance or safety rules. Enforcing certain deployment policies (such as resource limits, meta data types of resources) Creating Custom Policies using OPA in Tanzu Mission Control (TMC) VMware Tanzu Mission Control is a centralized hub for simplified, multi-cloud, multi-cluster Kubernetes management. Tanzu Mission Control aims to help with the following list of Kubernetes operations: Managing clusters on both public, private cloud and edge Cluster lifecycle management on supported providers Manage security across multiple clusters Centralized policy management Access management Cluster conformance VMware Tanzu Mission Control provides centralized policy management for specific policies that you can use to govern your fleet of Kubernetes clusters, The polices include access controls, image registry policies, and resource limit policies. While these cover the baseline polices, it also offers an ability to create custom policies using Open Policy Agent (OPA). Custom policies are somewhat open-ended and provide the opportunity to address aspects of cluster management that specifically suit the needs of your organization. As described above OPA implement specialized policies that enforce and govern your Kubernetes clusters. Closing thoughts: Enterprises use the OPA to enforce, govern, audit, and remediate policies across all IT environments. You can use OPA to centralize operational, security, and compliance aspects of Kubernetes, in the context of cloud-native deployments, (CI/CD) pipelines, auditing and data protection. Thus, OPA enables DevOps teams to shift control over application authorization further left to advance the adoption of best DevSecOps practices. TL Consulting TLConsulting brings its consulting and engineering personnel to application modernisation adoption and implementation by providing range of services – as If you need assistance with your Containers/Kubernetes adoption, please contact us at our kubernetes consulting services  page.

“Shift Left” Application Security in Kubernetes with Open Policy Agent (OPA) and Tanzu Mission Control (TMC) Read More »

Uncategorised,

Secrets management in Kubernetes using Sealed Secrets

Secrets management in Kubernetes using Sealed Secrets: Kubernetes has gained its popularity due to its core nature of running an immutable infrastructure, where the pods, containers can be destroyed, and replaced automatically. This helps to ease out the deployment friction as you declaratively describe the resources in a manifest file.  Kubernetes manifest files can be stored in a source code repository like GitHub and the Kubernetes operations can be managed easily using the GitOps methodology. However, one of the biggest challenges in Kubernetes is the secure storage and rotation of credentials / secrets such us passwords, keys, and certificates. While Kubernetes offers basic secrets management capabilities, it doesn’t help secure secrets needed both inside and outside of Kubernetes. Here we discuss one of the ways to address this issue using “sealed secret”: Sealed Secrets: When looking at optimising the infrastructure costs, enterprises consider various cost-management best practices, but Kubernetes require a specialised a Sealed Secrets is a Kubernetes object, which helps to store the encrypted Kubernetes secrets in a version control.It consists 2 main components. Sealed Secret Controller (At Server Side) Kubeseal Utility (At Client Side) First step is to use sealed secrets is, install the sealed secret controller in the target cluster using the sealed-secret-controller helm chart. helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets helm repo update helm install sealed-secrets-controller –namespace kube-system –version 2.13 sealed-secrets/sealed-secrets Install the kubeseal client in our machine wget https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.17.3/kubeseal-linux-amd64 -O /usr/local/bin/kubeseal brew install kubeseal or yum install kubeseal Create and encrypt the secrets using the kubeseal kubectl create secret generic db-password -n test –from-file=dbpassword.txt –dry-run=client -o yaml | kubeseal -o yaml > db-password.yaml The output of the above command is apiVersion: bitnami.com/v1alpha1 kind: SealedSecret metadata:   creationTimestamp: null   name: secret-sql-password   namespace: test spec:   encryptedData:     DB_PASSWORD: GBbjeKXfPSjqlTpXSxJWwFWd1Ag/6T6RS1b6lylLPDfFy4Xvk0YS+Ou6rED1FxE1ShhziLE8a7am0fbiA2YuJMSCMLAqc2VYcU3p3LS0QKXdWKelao7h5kLwue7rEnCnuKLSZXHuU6DV/yCBYIcCCz88dBmzE8ga1TARLsFRrZmq2EWgU/ON57tIexCEAyztWreJi1Qnf0uJZE56Zg3x1Fj7MJ4Z06pcSSAwY2v0yZ8UNo1qzdmTfkOg0sMXdaFwF9Nga83MPeXfyKdfiH6kAW+LjUbpWi4JHEK7elZswRCBtU6caKt2sxfmue38UbQw8AXL5TmECqwttuKADWictIfWWhCYnyaO7DQm7+a2kfKUaUHZlw8X3vJtoiXAO/cEFJv2+X29gmwvX24gixgD6yrnxpA+GBbjeKXfPSjqlTpXSxJWwFWd1+H1Fb4FWVs6m1PxehsrHDbVTk8kGVXDzV1KK9EjF+CIxQPhGEQTUVq4qMmLAnPKw8HQYmh73v1K/a2kfKUaUHZlw8X3vJtoiXAO/cEFJv2+X29gm   template:     data: null     metadata:       creationTimestamp: null       name: db-password       namespace: test In the above manifest file, we can see that our database password is encrypted. Only the sealed-secret-controller within the cluster can decrypt the value. Hence these can be safely stored in a version control. TL Consulting TLConsulting brings its consulting and engineering personnel to application modernisation adoption and implementation by providing range of services – as If you need assistance with your Containers/Kubernetes adoption, please contact us at our kubernetes consulting services  page.

Secrets management in Kubernetes using Sealed Secrets Read More »

Uncategorised

How to Optimise Kubernetes Costs?

How to Optimise Kubernetes Costs? The increasing popularity of cloud-native applications has brought technologies like microservices and containers to the frontline. Kubernetes is the most preferred container orchestration platform by most enterprises for automating the deployment, scaling, and management of containers. Most of the Kubernetes implementations thrive to focus on technical aspects and are least bothered by the costs involved with their benefits. In a recent survey from the Cloud Native Computing Foundation (CNCF), 68% of participants reported that their Kubernetes costs increased in the past year, with bills surging more than 20% year-on-year for most organisations. So, how to optimise Kubernetes costs? How much has your Kubernetes-related spend grown in the last 12 months?   Source:  FinOps Foundation survey When looking at optimising the infrastructure costs, enterprises consider various cost-management best practices, but Kubernetes require a specialised approach. Here we will discuss some of the key aspects to reduce overall Kubernetes costs. Size of the infrastructure as per the need: First and foremost, reducing the consumption costs is to have the correct infrastructure size in terms of pods and nodes. While it is always advisable to overprovision to cater to the unusual spikes, leaving the applications to use unlimited resources can lead to unexpected repercussions. For instance, a stateful database container consumes all the available memory in the node due to an application fault; this leads other pods to wait indefinitely for the resources. This can be prevented by setting up Quotas at Pod and namespace levels. Additionally, it is good to enforce the resource request limits at a container level. Other enforcement is to limit the number of pods running on a node, as running many pods can lead to inefficient resource utilisation. Due to this issue, most cloud providers have set hard limits on their managed instances if Kubernetes. Choosing the right tools: A fundamental way of managing any cloud or infrastructure costs is by monitoring utilisation and costs involved for the resources over a period. It allows users to get better insights into storage, memory, computing, network traffic utilisation, etc, and how the costs associated are distributed between them. Irrespective of managed instances or bare-metal clusters, today, almost all the clusters support one or other tools for monitoring to get the basic information. Suppose we are looking at an enterprise with many clusters. In that case, it is always advisable to have a propriety APIM tooling like Dynatrace, New Relic, App D, Splunk, and Prometheus and so have a proper drill-down of the resources and utilisation. It enables SREs and Kubernetes admins to gain a more comprehensive view of the environment and optimise the costs. Use the monitoring insights to analyse and create actions. And start implementing more concrete actions for better utilisation and cost optimisation.  Adopting the Best Practices Across the Delivery Pipeline: DevOps is a proven practice which helps to reduce the barriers between the Development teams and Operations. It allowed users to create robust and flexible deployments through pipelines. One of the possibility of reducing the time and effort to deploy containers to the Kubernetes cluster is to automate the build and deployment pipelines using CI/CD tooling. Also, practices like GitOps are tailor-made to facilitate continuous delivery when manifests are used and version-controlled in a source code repository, greatly reducing the deployment workloads of the team. An Initial investment will be needed to set up a continuous integration to build, test, and publish containers and continuous delivery to deploy these containers on the cluster. Tools like Harness Argo CD will significantly reduce the manual errors that can cause disruptions in the application, leading to less troubleshooting. This reduced workload will allow teams to focus on more valuable tasks such as functionality development, bug fixes, and improving the security posture of the environment. Conclusion: Kubernetes deployments and operations can be very costly if implemented and managed inefficiently. Most enterprises incorporate Kubernetes without any proper practices, tooling, and personal experience in the organisation. However, without proper guidance, it is often will become unoptimised and businesses don’t think about expenses forefront and will be a heavy operational burden in the long run. Considering the above-mentioned practices could save a lot of unnecessary Kubernetes costs and encourage the implementation of best practices from the beginning. TL Consulting TLConsulting brings its consulting and engineering personnel to application modernisation adoption and implementation by providing range of services – as If you need assistance with your Containers/Kubernetes adoption, please contact us at our kubernetes consulting services  page.

How to Optimise Kubernetes Costs? Read More »

Uncategorised,

C-Level Executives Should Learn the Kubernetes Way

Why C-Level Executives Should Learn the Kubernetes Way of Thinking C-Level Executives lead their enterprises to deliver applications and services to customers with the same capabilities that Kubernetes and cloud-native architecture are best known for. So why should you learn the Kubernetes way of thinking? Well, when executives recognize they need to scale, the scaling needs to occur in a way that won’t muddle their existing business process and lock you into one cloud provider. While they can’t turn everything into an API with a click of a button, it is possible to be on the lookout for processes that can only scale by creating additional organizational complexity and bottlenecks.  To achieve the great power and flexibility that Kubernetes APIs and containers deliver in cloud-native architecture, executives can use intelligent business processes and proven architectural models that are built to auto scale up and down in a flexible multi-cloud environment. To use a retail analogy, retailers must have proper staff in place to handle the Christmas rush, but they don’t need that level of staffing the remainder of the year. In the same way, with containers and cloud-native architectures, companies need to be able to adapt and respond to scale up or down depending on the level of demand on an application or system at any given time. Creating the ability to expand capacity more easily or repurpose staff and resources allows for amazing results, and if setup correctly Kubernetes manages this for you automatically on the Cloud and gives you the greater control. Summary The key takeaway from delivering Cloud native solutions, is that Kubernetes can enable your business on the Cloud, offering major benefits including faster time to market, improved scalability and enhanced cost optimization. Ideally you want the technology to underpin your business and deliver greater enablement and ROI. Kubernetes was developed to create more business agility, allowing organizations to focus on achieving their business objectives and not waste valuable time or effort on mainstream tasks and operations. If you need assistance with top down management of Kubernetes and or creating an approach to cloud-native, contact us or read more about our Kubernetes consulting.

C-Level Executives Should Learn the Kubernetes Way Read More »

Uncategorised

Application Modernisation with VMWare Tanzu

APPLICATION MODERNISATION WITH VMWARE TANZU The Need for Accelerating Application Modernisation:  Building innovative, modern apps and modernising existing software are key imperatives for organisations today. Modern apps are essential for deepening user engagement, boosting employee productivity, offering new services, and gaining new data-driven insights. But to maximise the impact of modern apps, organisations need to deliver them rapidly—fast enough to keep up with swiftly changing user expectations and emerging marketplace opportunities. As per the Google’s CIO Guide to App modernisation, in today’s IT landscape, 70-80% of C-Executives report that their IT budgets are spent on managing the legacy applications and infrastructure – In addition to that, legacy systems consume almost 76% of the IT spend. Despite a large amount of investment in legacy applications, most businesses fail to see their digital transformation plans to a satisfactory. On the other hand, constantly changing digital behaviours of consumers and the evolution of viable, reduced Opex, self-sustaining infrastructure models that are better suited to today’s pace of technological change are the primary drivers pushing application modernisation up the CIO/CTO’s list of priorities. According to a study conducted by Google, public cloud adoption alone can reduce the IT overheads by 36-40% when migrating from traditional IT frameworks. However, application modernisation can help in further reduction – it frees up the IT budget to make space for innovation and explore new business value opportunities. Lastly, this digital transformation brings greater agility, flexibility, and transparency while opening operations up to the benefits of modern technologies like AI, DevSecOps, intelligent automation, IoT, etc. Challenges to the Adoption: As per the State of Kubernetes survey 2021, here are the 5 different challenges enterprises face today with the cloud native /Kubernetes adoption, while lack of experience and expertise with the implementation and operations being the top of the list. Containers are very lightweightAs more and more businesses are moving rapidly towards implementing cloud native practices to enable agility and increased time to market, the operational impacts to the business can be vary time to time. While these challenges bring complexity, if would be less complicated and cheaper to address them from the very beginning as part of its cloud strategy. VMware Tanzu portfolio: Due to its lightweight nature, we can create a container image and deploy a container in a matter of seconds. VMWare’s decades of vast experience in virtualisation and the quest of bringing innovation had driven towards introducing the VMWare Tanzu Portfolio. The VMware Tanzu portfolio empowers developers to rapidly build modern apps across a multi-cloud landscape while simplifying operations by using Kubernetes as an underlying platform. VMware Tanzu is an essential component of the growing VMware App Modernisation portfolio, which provides enterprises the required tools and technology, which would help in building new applications and modernising their existing application suits. Using Tanzu portfolio, organisations can rapidly—and continuously—deliver the modern apps that are vital for achieving their strategic goals. Fast-tracking modern apps delivery: Tanzu helps developers deliver modern apps with a quick turnaround and greater reliability. Organisations can use that speed to better address quickly evolving business requirements and changing priorities.  Flexibility With Kubernetes: With Tanzu, Organisations can run Kubernetes in their private clouds, on-premises datacentres in public clouds and at the edge. This flexibility helps organisations align application and cloud decisions better with technical and operational requirements.  Simplified Operations: Deploying and managing the applications across multiple clouds and environments brings new challenges to the operations. Tanzu provides tools to manage, govern and secure all Kubernetes clusters centrally irrespective of where they reside. As a result, operations teams can meet application security and reliability expectations while controlling costs.  Stronger DevOps Collaboration: Tanzu helps alleviate the tension between rapid development goals and stable operations. It transforms the DevOps relationship by giving operations teams what they need to support fast release cycles VMWare Tanzu Value Preposition: The core principles underlying the vision for VMware Tanzu are entirely consistent with VMware’s promise to help customers run any app on any cloud and to drive Kubernetes adoption, to ensure that businesses don’t need to invest in any additional code or training. How Can TLConsulting help organisations with the Modernisation Journey with VM Ware Tanzu? Cloud-native adoption requires a mindset shift, which drives Culture and processes change across the organisation in its IT landscape and technology choices throughout the stack. With the IT being the focus point of the enterprises business strategy. This transformation shift requires the new application to be developed and delivered at a quick turnaround time with greater reliability and quality. Transforming your existing application into a modern app is a complex process with no or minimal guaranteed path for success. A successful transformation requires not only the transformation of your organisation’s technology but also people-centred assets. Culture, process, and leadership need to change to keep up with your new ecosystem. Since Cloud Native is so new, most organisations lack the experience to handle the transformation road on their own. It’s all too easy to get lost. TL Consulting is well-positioned with certified and experienced professionals to help your organisation define and drive your vision with a “Customer First approach” and cloud-native philosophy. We will understand the business objective, long term strategies, and risks involved with a pragmatic assessment matrix and formulate the tailor-made transformation roadmap.We will also assist in the design, architecture, and implementation of the transformation to deliver highly reliable, secure modern apps with a faster time to market. Service Offerings: TLConsulting brings its consulting and engineering personnel to application modernisation adoption and implementation by providing range of services – as below Summary: Adopting and Implementing a Cloud-Native transformation is not an easy feat. Careful thought and planning are required for adopting a Cloud Native strategy and roadmap. For enterprise architects, CTOs and CIOs thinking about transforming their organisation to support the Cloud Native world, some key points should be considered: standardizing their platform and services to support a Cloud Native platform like VMware Tanzu to gain the maximum benefit out of the transformation.While adopting Cloud Native applications can be exciting

Application Modernisation with VMWare Tanzu Read More »

Uncategorised

How do Kubernetes and Containers Help Your Enterprise?

How do Kubernetes and Containers Help Your Enterprise? In today’s world success of any organisation heavily depends on its ability to drive innovation and deliver those at speed. And IT being an enabler for this rapid delivery model, businesses are looking at Kubernetes and containers adoption as an essential piece of technology for building, deploying, and managing their modern applications at scale. Containers provide an abstraction to the underlying applications and drive towards portability, making it possible to run anywhere, across multiple clouds and on-premises data centres. Furthermore, by providing uniform deployment, management, scaling, and availability services for all the applications, irrespective of its technology—Kubernetes offers significant advantages for your IT and development efforts. Kubernetes offers a range of benefits to the various levels of executives and developers; here we will discuss some of those key advantages. Ultimate Need of Containers and Kubernetes: Keeping up with the latest technology trends and organisational goals towards digitalisation is very tough for the IT teams for the last few years. Conventional software models, traditional VM based IT infrastructure will not be able to help in delivering these modern applications at scale. To deliver these new-age applications, one should adopt the new software practices such as agile and DevOps practices alone with cloud-native architecture. Containers and Kubernetes are the 2 key building blocks in the cloud-native architecture, which the organisations widely use to deliver faster, reliable, and efficient software with a significant cost reduction in the application life cycle. Key Advantages: Light Weight: Containers are very lightweight when compared with traditional virtual machines. A Container includes everything it needs to run, including its operation system, dependencies, libraries, and code. Multiple containers can run inside a single node of a cluster; the VM hosts the OS and container runtime, and the team can still take advantage of all the capabilities of traditional infrastructure virtualisation. Speed: Due to its lightweight nature, we can create a container image and deploy a container in a matter of seconds. Once the image is ready, it can quickly replicate containers and easily and quickly deploy as needed. Destroying a container is also a matter of seconds. This also helps with quicker development cycles and operational tasks. Portability: Containers can run anywhere if the container engine supports the underlying operating system—it is possible to run containers on Linux, Windows, MacOS, and many other operating systems. Containers can run in virtual machines, on bare metal servers, locally on a developer’s laptop and all major public clouds. They can easily be moved between on-premises machines and public cloud, and across all these environments, continue to work consistently. As per RedHat’s market dynamics report, please see how organisations benefit from containers and Kubernetes adoption. Kubernetes for ‘everyone’ Kubernetes is well known for supporting the automation of configuring, deploying, and scaling microservice-based applications that are implemented using containers. Also, microservices-based applications orchestrated by Kubernetes are highly automated in their deployment and management, as well as their maintenance, so that it’s possible to create applications that are highly responsive and adaptive to spikes in network traffic and needs for other resources.  It offers significant advantages to all IT executives and developers as below. Biggest Barriers for Kubernetes Adoption: Cost Of Adoption: One of the biggest obstacles to wider Kubernetes (K8s) adoption is deriving the cost of adoption and running the workloads in the Kubernetes clusters. Cost is the key factor for executives to make decisions to leverage the Kubernetes in their enterprise. In a recent FinOps Foundation survey , — 75% of whom reported having Kubernetes in production — highlights Kubernetes cost management difficulties. It revealed that spending on Kubernetes is spiking beyond what deployments should likely require. The survey’s subtitle isn’t exactly subtle: “Insufficient — or non-existent — Kubernetes cost monitoring is causing overspend.” Lack of Skills and Training: Another barrier for adoption is the lack of skilled and experienced personnel on containerisation and orchestration. As a result, although Kubernetes and container adoption is growing rapidly, many organisations still face a steep learning curve to effectively build, deploy, and manage Kubernetes. This is due to both the technology’s immaturity and a lack of operational excellence with it. Organisations are trying various approaches like paired programming, partners, education, and training to overcome this barrier. Visibility and monitoring: Enterprises are deploying Kubernetes clusters spanning across multiple public clouds and /or in their traditional virtualisation data centres or managed services introduce an increasing amount of complexity. To realise the greatest benefits from, organisations need to be able to visualise their entire Kubernetes footprint, including all its workloads (applications, containers, pods, nodes, namespaces, etc.), their dependencies, how they interact with each other in terms of network bandwidths, response times, and memory utilisations for cluster management and optimisation. Security and Compliance: While enterprises give priority to speed in software delivery, security and compliance sometimes are just an afterthought. Security is a major challenge in the container world, just as it has almost everywhere else in IT. Although many changes and innovations so far, security is still not on par with the traditional structure models. Due to the unique nature of Kubernetes and containerized environments, one misconfiguration can be easily multi-folded to many containers. A security breach of a container is almost identical to an operating system-level breach of a virtual machine in terms of potential application and system vulnerability. How to overcome these challenges: Many organizations want to adopt and leverage the benefits of containers but struggle to justify the total time, resources, and cost needed to develop and manage it internally. One approach is to use VMware Tanzu to organize their Kubernetes clusters across all their environments, set policies governing access and usage permissions, and enable their teams to deploy Kubernetes clusters in a self-service manner. This enables infrastructure and operations teams to gain visibility and command of their Kubernetes footprint while still empowering developers to use those resources with a focus on delivering solutions rather than worrying about infrastructure. Bottom Line: Evidently, Kubernetes adoption helps drive innovation and rapid software development with reliability

How do Kubernetes and Containers Help Your Enterprise? Read More »

Uncategorised

Reasons to Move, and Reasons Not to Move, to the Public Cloud

Reasons to Move, and Reasons Not to Move, to the Public Cloud Public cloud adoption is more popular now than ever. Companies across all industries are modernizing their environments to support remote work, lower costs, and improve reliability. In fact, Gartner predicts global public cloud end-user spending to increase by 23% in 2021. Despite this momentum, it’s important to realize the public cloud isn’t an ideal fit for every organization. Many companies rushed into the cloud during the pandemic without fully understanding the implications. Now, issues are surfacing — and some businesses are reconsidering their migration altogether. This post explores the pros and cons of moving to the public cloud. Keep reading to learn more about whether the cloud makes sense for your business, and the reasons to move, and reasons not to move, to the public cloud. What Is the Public Cloud? The public cloud is a framework that lets you access on-demand computing services and infrastructure through a third-party provider. In a public cloud environment, you’ll share the same hardware, software, and network services as other companies or tenants. It’s different from a private cloud environment where your company receives access to private, hosted infrastructure and services. To illustrate, it’s like staying in a hotel versus renting a private cottage on Airbnb. A few of the top public cloud providers on the market include Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure, Alibaba Cloud, and IBM Cloud. Public cloud services can refer to infrastructure as a service (IaaS), software as a service (SaaS), and platform as a service (PaaS) models. Top Reasons for Public Cloud Adoption Companies have a variety of reasons for migrating to the public cloud. Here’s a few of them. Replacing the Data Center and Lowering Computing Costs Enterprises are increasingly moving away from data centers. In fact, by 2025, 80% of enterprises will shut down their traditional data centers. Companies with aging data centers can avoid retrofitting facilities or building new ones by migrating to the public cloud and leveraging hosted infrastructure instead. This greatly reduces costly builds and minimizes operational expenses. Achieving Rapid Scalability The public cloud enables rapid scalability. You can significantly increase storage and compute power through the public cloud at a fraction of the cost of expanding your existing infrastructure. The public cloud is particularly useful for growing startups that need to be able to accommodate massive usage increases. It’s also ideal for organizations that experience seasonal spikes in sales. For example, an e-commerce provider might use the public cloud when ramping up production and sales around the holidays. By the same token, the public cloud provides flexibility to easily scale back down during lulls. Accessing Managed Services The service provider manages the underlying hardware and software in a public cloud deployment. They also typically provide security, monitoring, maintenance, and upgrades. This approach enables you to take a hands-off approach to managing infrastructure. Your IT team can focus on other business needs, with the expectation that the public cloud provider will keep your services up and running within the scope of the service-level agreement (SLA). Reducing IT Burden Right now, there’s a widespread IT staffing shortage. The issue is particularly bad in the data center industry, where 50% of data center owners and operators are having difficulty finding qualified candidates for open jobs. If your company’s having a hard time finding qualified IT workers, you may want to consider outsourcing operations to the public cloud. This can free your IT workers from grunt work and enable them to take on more valuable projects. At the same time, your IT team can still manage its public cloud environment. For example, they can still perform data governance and identity and access management (IAM). They just won’t have to worry about maintaining or upgrading any hardware or software.  Strengthening Business Continuity and Disaster Recovery (BC/DR) Another reason why companies migrate to the cloud is to improve their BC/DR posture. Business continuity involves establishing a plan to deal with unexpected challenges like service outages. Disaster recovery is all about restoring network access following an issue like a cyberattack or natural disaster. Companies often rely on the public cloud to establish BC and DR across two or more geographically separate locations. Running a BC/DR strategy through the cloud is much more efficient, as it prevents you from having to maintain a fully functioning recovery site 24/7. This approach drastically reduces costs. At the same time, using the public cloud can guarantee full operational BC/DR availability. This can provide the peace of mind that comes with knowing you can keep your business running when emergency strikes. Why Companies Avoid the Public Cloud Without a doubt, the public cloud offers several exciting advantages for businesses. But there are also a few major drawbacks to consider. Here are some of the top reasons why companies might avoid the public cloud. Higher Costs Companies often expect instant cost savings when migrating to the cloud. In reality, cloud services can sometimes be more expensive than on-premises data centers — at least at first. Oftentimes, companies fail to achieve true cost savings until they learn how to take full advantage of the public cloud. This can take months or years. It’s important to carefully break down cloud migration costs and ROI before moving to the public cloud to get an accurate understanding of the move’s short-, medium-, and long-term financial impact. In some cases, companies find they fare better with their existing setups. Data Ownership Concerns Right now, there’s an ongoing debate about who owns data in the public cloud. Some cloud providers attempt to retain ownership of some or all of the data they store. As such, many business leaders fear storing data in the public cloud, and some simply can’t risk it. Instead, they choose to avoid the issue by using their own dedicated infrastructure. It’s a good idea to talk with your team before migrating to the public cloud and conduct a security and privacy

Reasons to Move, and Reasons Not to Move, to the Public Cloud Read More »

Uncategorised

Rise of “Service Mesh” in Application Modernisation – White Paper

Rise of “Service Mesh” in Application Modernisation  The What, the Why and the How  Author:  Ravi Cheetirala Technical Architect ( Cloud & DevSecOps) at TL Consulting Learn how Service Mesh brings the safety and reliability in all the aspects of service communication. Read on to find out more about the following: What is a Service Mesh? Key Features of a Service Mesh Why do we need Service Mesh? How does it work? Case Study What is Service Mesh? A Service Mesh is programmable piece of software layer sits on tops of the services in a Kubernetes cluster. Which helps to effective management of service-to-service communication, also called as “East-West” traffic.  The objective of Service mesh is to allow services to securely communicate to each other, share data and redirect traffic in the event of application/service failures. Quite often service mesh will be an overlay of network load balancer, API gateway and network security groups.  Key Features of Service Mesh  Traffic Routing  Rate Limiting, Ingress Gateway, traffic splitting, service discovery, circuit breaking, and service retry  Service mesh helps in enabling the traffic routing between the services in one or more clusters. It also helps in resolving some of the cross-cutting concerns like service discovery, circuit breaking, traffic splitting.  Securing the Services  Authentication, Authorization, encryption and decryption, Zero Trust Security  The service mesh can also encrypt and decrypt the data in transit, by removing the complexity from each of the services. The usual implementation for encrypting traffic is mutual TLS, where a public key infrastructure (PKI) generates and distributes certificates and keys for use by the sidecar proxies. It can also authenticate and authorize requests made within and outside the app, sending only authorized requests to instances.  Observability   Monitoring, Event Management, Logging, Tracing (M.E.L.T)   Service Mesh comes with lot of monitoring and tracing plugins out of the box to understand and trace the issues like communication latency errors, service failures, routing issues. It captures the telemetry data of the service calls, including the access logs, error rates, no of requests served per second, which will be the base for the operators/developers to troubleshoot and fix the errors. Some of the out of box plugins include Kiali, Jaeger and Grafana.    Why do we need Service Mesh?  Evidently most of the new age applications or existing monolith applications are being transformed or written using the microservice architecture style and deployed in a Kubernetes cluster as a cloud native application because they offer agility, speed, and flexibility. However, the exponential growth of services in this architecture brings challenges in peer-to-peer communication, data encryption, securing the traffic and so on.  Adopting the service mesh pattern helps in addressing these issues of microservice application particular the traffic management between the services, which involves a considerable amount of manual workaround. Service mesh brings the safety and reliability in all the aspects of service communication.  How does it work?   Most of the service meshes are implemented based on a Side Car pattern, where a side car proxy named “Envoy Proxy” will be injected into the Pods. Sidecars can handle tasks abstracted from the service itself, such as monitoring and security.  Services, and their respective envoy proxies and their interactions, is called the data plane in a service mesh. Another layer called the control plane manages tasks such as creating instances, monitoring and implanting policies, such as network management or network security policies. Control plane is the brain behind the service mesh operations.  A Case Study Client Profile  The client in question is one of the large online retailers with global presence. The application is legacy e-commerce platform built as a giant monolith application.  Client’s architecture consists of a multi-channel (mobile and web) front end application developed using React JS and tied together using a backend service developed using legacy Java/J2EE technology and hosted on their own data center.  There is an ongoing project to split this giant app into a microservice based architecture using the latest technical stack and hosted onto a public cloud.  Client’s Organization needed to setup a deployment platform, which ensures high availability and scalable and resilient. Also, it should have cost effective, secure and high deployment frequency when it comes to release and maintenance.  Project Goals  Zero Downtime/No Outage deployments and support of various deployment strategies to test the new release/features.  Improved deployment frequency  Secure communication between the services   Tracing the service-to-service communication response times and troubleshooting the performance bottlenecks  Everything as a code  Role of Service Mesh in the project:  The client was able to achieve the goals by adopting the service mesh pattern in their micro service architecture.  Achieved Zero downtime deployments with 99.99% availability.  Enabled the secure communication using service mesh’s TLS/mTLs feature in a language-agnostic way.  Using traffic splitting they were able to test the new features and sentiment in their customer base.  Chaos testing was conducted using the service mesh fault injection features.  Operational efficiency and infrastructure cost optimization.  Helped to understand the latency issues, by distributed tracing.  No additional burden on Development teams to write code to manage these.  Conclusion  Service mesh provides robust set of features in resolving the key challenges and issues faced by the DevOps and, SREs in a microservice applications on cloud native stack by abstracting most of its functionality. And now it is widely adopted pattern and critically used component in a Kubernetes implementation.  TL Consulting can help by solving these complex technology problems by simplifying IT engineering and delivery. We are an industry leader delivering specialised solutions and advisory in DevOps, Data Migration & Quality Engineering with Cloud at the core. If you want to find out more, please review our application modernisation services page or contact us.

Rise of “Service Mesh” in Application Modernisation – White Paper Read More »

Uncategorised

VMware Tanzu and TL Consulting Partnership

VMware Tanzu Partnership Modernize your applications and infrastructure to deliver better software to production, continuously. TL Consulting is proud to be a VMware partner and is focussed on Modern Applications, using VMware Tanzu as the technology of choice to manage them in multi-cloud and native cloud environments. Free your apps Microservices, containers and Kubernetes help to free apps from infrastructure, enabling them to work independently and run anywhere. With VMware Tanzu, you can make the most of these cloud native patterns, automate the delivery of containerised workloads, and proactively manage apps in production. It’s all about freeing developers to do their thing: build great apps. Your challenge is to speed up the pace of innovation while reducing cost and lowering risk. There’s a proven way to do this: Adopt modern software development methodologies and more efficient cloud computing models. VMware Tanzu customers are achieving results like this: 400% faster release velocity 83% fewer incidents 80% faster security patching 60% reduction in infrastructure costs to transition into a Cloud Native environment. Why TL Consulting? A VMware Tanzu implementation by TL Consulting will enable your organisation to deliver lasting change and grow through highly differentiated digital experiences. Our team of competitively priced onshore engineers specialises in native cloud and app modernisation, and works closely with their VMware counterparts to devise and implement Tanzu solutions that address specific problem statements and challenges that our customers are encountering. The image below provides a high level overview of our services offered for each edition. VMWare Tanzu offers three editions Basic, Standard and Advanced to get you started. Learn More about VMware Tanzu and TL Consulting Find out more about how TL Consulting can help you on your Tanzu journey. Our work always begins with a complimentary discussion on how we might help you. Click here to view our Tanzu services.

VMware Tanzu and TL Consulting Partnership Read More »

Uncategorised