Strategic Advisor

DevSecOps & Cloud Infrastructure Transformation – How to get it done with VMware

Last week we announced VMware Cloud, a multi-cloud modern application platform.  If you missed it, check it out here

I’d like to delve into the two demonstrations. – one on DevSecOps Infrastructure and one on Cloud Infrastructure Transformation.  Before I get into the specifics of those demos though, it’s important to understand the framework we use to think about cloud transformation.  People tend to use the term “cloud transformation” very broadly.  How do we translate this very nebulous concept into concrete actions?   

We break it down into three parts: 

  • Application transformation: apps rearchitected to microservices/cloud-native 
  • DevSecOps transformation: faster delivery through automation, pipelines, and a secure software supply chain  
  • Cloud infrastructure transformation: shifting from a traditional virtualized datacenter to a cloud model – whether that’s public cloud, in the datacenter, or at the edge (or all!) 

With that context under our belts, let’s jump into the demos! 

DevSecOps Infrastructure Transformation 

DevSecOps is all about standardizing and automating your apps and the infrastructure they rely on to get built.  Today, for most customers, this is a largely ad hoc process.  Developers pull in random open-source components they find on the internet.  Developers do local builds on their laptop that can’t reliably be reproduced on the official build machines.  Admins stand up infrastructure for the apps but often do special things that only they know in their heads but aren’t written down anywhere, making those environments hard to reproduce.  Random bugs enter the system, but it’s difficult to track them down because there’s so much variability to everyone’s environment.  These are the common challenges we see that DevSecOps is meant to address. 

Most people think of DevSecOps from the app perspective, but it’s important to know that it’s just as important to automate the infrastructure as part of your pipeline as well.  You must also enforce all your security and compliance requirements there.  Not doing this properly leaves the app open to security, resiliency, and availability issues! 

We did this by diving into vRealize Automation including SaltStack Config.  SaltStack has a vibrant community contributing back integration into all sorts of components, including services in Tanzu and the SDDC. For instance, below you can see SaltStack integrations to Tanzu Mission Control: 

TableDescription automatically generated

You can then pull these integrations into Cloud Assembly and leverage them in your cloud templates:

Graphical user interface, text, application, emailDescription automatically generated

The cloud template model allows you great flexibility in what components to use.  In the demo, we showed that in addition to Kubernetes cluster creation with Tanzu Mission Control, you can also wire in traditional VMs, networks, storage, and anything else needed by this system.  The goal is to be able to fully express a unit of infrastructure for the app. 

These templates provide the building blocks you can then add to your infrastructure pipelines in Code Stream: 

Graphical user interfaceDescription automatically generated

The template we just created is now the first step in the “Infrastructure Deployment Stage”.  You can see that we can weave together many other templates, checks, security, and much more into an integrated and automated pipeline.  These pipelines can be triggered manually by a developer or admin or automatically based on a defined trigger.  It’s completely customizable and up to you how to set it up for your business. 

As you can see in the screenshot above, the second stage of the pipeline is a thorough security and vulnerability check.  This leverages SaltStack SecOps using a database of best practices and vulnerabilities maintained by VMware adhering to the most stringent industry best practices.  If a set of infrastructure components doesn’t isn’t adhering to these standards, you can get a full report: 

Graphical user interface, applicationDescription automatically generated

You can also automatically remediate it, either through the UI shown above or via an API call.  Obviously, the API call is preferred by many customers as it allows them to automate enforcement of security standards. 

Finally, after the pipeline completes and all security checks are done, the development team is emailed with login information so they can start using the environment.  You know that this environment is up to spec and fully secure.  This enables the dev team to start the app portion of their DevSecOps pipeline with the assurance of a reliable and secure infrastructure. 

The coolest part about this is that that infrastructure supports any type of application, old and new.  That means that you can start applying this practice to your existing apps to harden and simplify their infrastructure management.  It moves your existing apps closer to an infrastructure as code or immutable infrastructure model. 

Cloud Infrastructure Transformation 

As I mentioned above, cloud infrastructure transformation is all about shifting from a traditional virtualized datacenter to a true cloud model.  As part of that transition, it’s also about up-leveling.  With cloud you have many different locations – public cloud regions, datacenters, edge locations – spread out potentially all over the world.  Given that scale, admins can’t get lost in the details.  Instead they need more of a bird’s-eye view of all their infrastructure.  This is exactly what we enable them to do with the new VMware Cloud Console:

Rather than diving into each cluster or host or even VM, here they get a quick, at-a-glance view of where the problems are and which is most urgent.  Moreover, they also get insights into capacity forecasting to understand upcoming shortages as well as opportunities for optimization.  The point is to put all this information at their fingertips. 

Of course, once they do identify an issue that needs to be remedied, they can dive into the specific vCenter instance and get the full power of the vSphere Client. 

In addition to all the power of visibility here, VMware Cloud also provides additional functionality.  This includes integrations such as migration, Kubernetes, DR, desktops, and much more: 

This functionality is all seamlessly integrated and is a natural extension of the core VMware Cloud experience.  Take Migration.  This is an integration with HCX to provide the automation and orchestration for bulk migration of workloads between VMware Cloud locations.  In the demo, we showed how this customer had migrated different sets of workloads to three different clouds – AWS, Azure, and Google Cloud: 

Graphical user interface, applicationDescription automatically generated

VMware Cloud with HCX is truly the easiest and fastest way to migrate workloads to the cloud.  It has support for site pairs, L2 extension, a choice of several migration types, and more.  We’ve seen customers move hundreds of applications in just a few weeks from on-prem to the cloud.  Check out the VMware Cloud migration tools whitepaper to learn more. 

Finally, we showed the Kubernetes integration with Tanzu.  The real innovation here is the deep integration of Tanzu Kubernetes Grid with vSphere.  It extends vSphere with native Kubernetes support, allowing customers to run existing apps side-by-side with modern apps in Kubernetes.  And the whole thing is seamlessly integrated into vSphere and the vSphere Client: 

Graphical user interface, applicationDescription automatically generated


Cloud transformation is hard.  There are many different parts to it, from the app to DevSecOps to the underlying infrastructure.  VMware has been hard at work over many years building out functionality across the board to help customers with that transition.  And last week it all came together with the announcement of VMware Cloud. 

Check it out today! 

Press Release/News 

Leading Change: Accelerate Your App and Cloud Transformation Event