DEV Community

ACE Co-innovation Ecosystem
ACE Co-innovation Ecosystem

Posted on

Use Faster, More Secure Paths to Production Today with VMware Tanzu Application Platform 1.6

Author: Denise Martinez, product marketing manager for Tanzu Application Platform at VMware, and is based in San Francisco.

Tanzu Application Platform is an end-to-end integrated platform that enables companies to build and deploy more software, more quickly and securely, through pre-paved, customizable “golden paths” to production—all on any public cloud or on-premises Kubernetes clusters.

Tanzu Application Platform 1.6, available today, delivers on its mission to enhance developer and platform engineering team experiences, increase enterprise security, streamline software supply chains, and much more.

Enhancing the developer and platform engineering team experience

Here are new features you can look forward to in this new version of Tanzu Application Platform.

VMware Tanzu Developer Portal

Tanzu Developer Portal is an internal developer portal, built on Backstage, that can simplify how enterprise software organizations coordinate, collaborate, and execute across multiple teams and business units. Tanzu Developer Portal has been the developer interface for Tanzu Application Platform since its first release, and now includes a portal configurator tool (currently in beta) and support for plug-in integration (also in beta).

Spring Framework 6 native compilation

Spring native images can provide a number of advantages over traditional Java Virtual Machine–based apps:

Improved startup time, especially for scale-to-zero applications
Lower resource consumption, which can allow organizations to run more applications with the same compute resource, reducing overall spending on infrastructure
Using Tanzu Application Platform tooling, developers can build their Spring applications with native compilation when deployed in production, while continuing to live update and remotely debug their apps in nonnative mode, within their integrated development environments (IDEs).

Developers can view the live information of natively compiled Spring applications via Application Live View for VMware Tanzu and can do lightweight troubleshooting by inspecting the health of running processes, changing log levels, updating environment properties, and monitoring HTTP request/response traffic.

Image description

View live information for natively compiled Spring applications via Application Live View for VMware Tanzu.

Application Live View for VMware Tanzu details.

Automated AppSSO configuration for application workloads

Tanzu Application Platform 1.6 makes it even easier for developers to secure their workloads with AppSSO across environments, in a portable manner. Developers no longer need to consider redirecting URIs for each environment when securing their applications. They can now create one ClassClaim and a workload can be deployed across multiple deployment environments—without requiring separate configurations for enabling SSO in each environment. This simplification of consuming AppSSO enables developers and platform engineers to focus on other parameters for securing workloads.

Project creation using App Accelerators in IntelliJ

Developers can start a new project in minutes from their preferred integrated development environment (IDE). They can now provision a Git repository when creating a project using accelerators in IntelliJ IDE, and the generated code is pushed to the provisioned repository, eliminating the manual steps of Git repo creation. As projects are created using an accelerator from IntelliJ IDE, an application bootstrapping provenance manifest is generated to provide organizations with early visibility so that they can assess whether applications are conforming to their best practices.

Image description

A view of the IntelliJ Application Accelerator plug-in.

Enhanced Visual Studio extension

The Workload panel in Visual Studio now shows deployed workload status, enabling .NET developers to manage and troubleshoot errors.

Image description

Workload panel in Visual Studio.

Improved container image registry interaction with Local Source Proxy

The Local Source Proxy provides an intrinsically more secure and user-friendly mechanism for developers to interact with external registries without the knowledge of registry specifics such as endpoints, credentials, and certificates. Developers can focus on their application logic instead of managing container registry details during the development phase, reducing complexity and friction. Some of the benefits of Local Source Proxy include:

Developers’ ability to deploy a workload from local source code through any mechanism, including IDE extensions, without specifying their source image location or managing their registry credentials.

Developers are no longer required to have Docker installed on their local machines to do iterative development.
Local Source Proxy is compatible with AWS ECR, including providing an AWS IAM role for ECR authentication.
Reduced burden on platform and operations teams to maintain, rotate, and distribute registry credentials to individual developer workstations.

The default behavior of Tanzu Application Platform IDE plug-ins, App Accelerators, and the apps CLI has been modified to align with the functionality of the Local Source Proxy.
https://jira.eng.vmware.com/browse/TANZUSC-3007
Developers typically install IDE extensions from the IDE Marketplace. Starting with this release, VMware Tanzu Developer Tools for VS Code and VMware Tanzu Application Accelerator for VS Code will be made available in VS Code Marketplace. Similarly, VMware Tanzu Developer Tools for IntelliJ will be available in IntelliJ Marketplace. Developers can install the extension within their IDEs, potentially a more familiar setting.

Enterprise security at scale

Secure-by-default server workloads

Developers can now create server workloads that are externally exposed to the public internet via a Contour Ingress, and all external HTTP traffic is secured by default with TLS. HTTPS via TLS is autoconfigured for server workloads without developers needing to configure it manually.

Bring your preferred scanner (beta)

Simplifying the process of integrating container image vulnerability scanners in software supply chains has been a core focus of the Tanzu Application Platform 1.6 release. First introduced as alpha in the Tanzu Application Platform 1.5 release, the Supply Chain Security Tools - Scan 2.0 component has been promoted to beta.

The enhancements in this release focus on enabling the use of the custom scan integrations across the Tanzu Application Platform, including:

The ability to enable the next-generation image scan component in the out-of-box test and scan supply chain
Scan results now observed and pushed to the metadata store for long-term archival and retrieval
Scan results are now represented in Tanzu Developer Portal, including the Supply Chain Choreographer for VMware Tanzu and Security Analysis GUI plug-ins
The VMware Tanzu team encourages feedback on this next-generation scan interface. If you are interested in sharing your experience, get in touch with your representative or contact us.

Triage CVEs via the Tanzu Insight CLI (alpha)

Reduce spreadsheet and tool toil by centralizing CVE scanning, identification, and triaging in one place. Using the Tanzu Insight CLI, customers can now perform basic triaging functions against any detected vulnerabilities: view, update, and clone triage statuses for a specific CVE for Tanzu Application Platform-scanned workloads.

Track SBOMs after every build

It is now possible to extract a software bill of materials (SBOM) for a particular workload build. Previously, customers were only able to generate an SBOM for the latest workload build. Via new Metadata Store API endpoints, customers can download an SBOM from any workload build, enabling them to keep better track of how a workload evolves for faster auditing and security vulnerability remediation.

Image description

Track software bills of materials (SBOMs) after every build.

*Download SBOMs directly from Tanzu Developer Portal
*

Users can now download SBOMs in CycloneDX and SPDX formats directly from Tanzu Developer Portal (in Tanzu Developer Portal Supply Chain, the Image Scan stage). The SBOM is generated by the metadata store and represents the latest SBOM. This capability enables faster vulnerability remediation and compliance.

*App Live View access control for sensitive actions
*

Organizations can configure more granular access control for performing sensitive actions such as changing log levels, modifying environment properties, and taking a heap dump from running workloads per user, group, or at workload level, providing finer control for access to sensitive actions especially on production environments.

Streamlining the software supply chain

Save time with automated builds

The ability of Tanzu Application Platform to produce automated builds based on upstream changes in dependencies used by workloads can improve security posture and can save developers time. This functionality is provided by VMware Tanzu Build Service. Using Tanzu Build Service in a supply chain can further streamline the process by enabling builds provided by Tanzu Build Service to be seamlessly deployed.

Build Service plug-in for VMware Tanzu CLI

This supply chain automation is helpful, but developers and platform engineers might want to delve deeper into Tanzu Build Service. A developer might need to access more information to diagnose a failed build, or a platform engineer might want to inspect more details about the buildpacks configured in the supply chain or the configurations used when building a workload. The new Build Service plug-in for the VMware Tanzu CLI helps users inspect Tanzu Build Service when they want to peel back the layers of the supply chain abstraction and better understand how this critical piece operates.

Image description

Additional self-signed CA support

Tanzu Application Platform now offers Custom CA support for on-premises Git repositories in supply chains. This is an especially important capability for customers in air-gapped environments, as they run on-premises Git repositories and use their custom signed certificates.

Carvel Package Supply Chain enhancements

Carvel Package Supply Chains now support web, server, and worker workloads (beta). This feature allows Tanzu Application Platform users to create an application artifact (Carvel Package) with any Tanzu Application Platform workload type that is portable from one environment to another.

Customers can also define custom Carvel Package parameters when using Carvel Package Supply Chain (beta), allowing them to define custom, per-environment configuration for workloads. This gives users the flexibility to deploy a single workload artifact with different, environment-specific runtime configurations, which typically vary between development, test, stage, or prod environments.

Improved error logging provided by buildpacks

Tanzu Application Platform customers can now see improved error logging during the build:

All builds now show the commands and flags that were inputted into the build, and an output stream in real time.
During the detection phase of the build, customers can now see clear details on why a build failed during this phase.

Faster, more seamless installation experience

Install across clouds with an improved, simplified installation experience

Tanzu Application Platform can now be powered by a GitOps-based installation that eliminates the need for running multiple commands manually, reduces complexity, and saves time. The GitOps methodology involves declaring a desired state of a system (typically in Git), and a reconciliation process, which directs the actual system (e.g., Kubernetes cluster contents) to converge to the desired state (in Kubernetes, typically done via a controller). The GitOps installation effort has been further enhanced with the integration of HashiCorp Vault external secret operators, as well as support for Azure DevOps (repositories). Customers installing Tanzu Application Platform are now able to drive change to their system by changing the desired state stored in a Git repository. This can greatly simplify the installation process by leveraging the customer’s existing tools. It also helps customers conduct audits and tracing of changes in their environment.

Image description

GitOps-managed install of Tanzu Application Platform.

Top comments (0)