TMC is provided as a Software as a Service (SaaS) and acts as a global management plane for Kubernetes clusters. TMC gives organizations global visibility, scalable operation, and consistent policy.

TMC enables platform operators to deploy Tanzu Kubernetes Grid clusters using the TMC API, command-line interface, or user interface. The clusters can then be scaled, upgraded, or configured using the same interfaces.

TMC can apply and enforce policy on clusters that are managed. This makes it easy for operators to configure them. Operators can apply security policies and access to a cluster, or group of clusters, for uniform configuration throughout the fleet. This capability is available to more than just Tanzu Kubernetes clusters. TMC can be connected to any Kubernetes cluster that conforms to policy management. This includes managed services, such as Amazon EKS or Azure AKS clusters.

TMC enables a multi-cloud Kubernetes control plane for management, global visibility, a consistent policy for Kubernetes clusters, and enhanced security and governance. The following figure illustrates conceptually the different functions and Kubernetes environments that TMC can apply policy to and manage:

Figure 3.21 – TMC

TMC helps deliver a multi-cloud control plane for Kubernetes clusters to platform operators or SREs using TMC Essentials. TMC provides the provisioning and management of the life cycle of Tanzu Kubernetes clusters centrally and attaches any conformant Kubernetes clusters running anywhere on any cloud for centralized management at scale, increasing security and governance, including deployments of Kubernetes through cloud-native providers.

TMC provides global visibility across clusters and clouds and increases security and governance by automating operational tasks, such as access and security management, at scale.

Developers get access to virtualized infrastructure through Kubernetes APIs without the need to invest time in operations, security, and governance. Meanwhile, IT teams can provision capacity and manage resource quotas to multiple developer teams without managing the underlying infrastructure. The following figure shows conceptually how the different personas of IT admins, developers, and Kubernetes platform operators can all interact with Tanzu services:

Figure 3.22 – Different users of Tanzu services – platform operators, IT admins, and developers

TMC gives you global visibility across clusters and clouds.

Packaging

The Tanzu service is a subset of the capabilities of the Tanzu Standard packaging.

The following table describes the differences between the included Tanzu services package with VMware Cloud on AWS and the Tanzu Standard separately purchasable add-on. The following figure shows a comparison between the Tanzu services for VMware Cloud on AWS and Tanzu Standard packages:

Figure 3.23 – Comparing Tanzu services and Tanzu Standard

The Tanzu service has three major capabilities out of the box – managed TKG Kubernetes services, the TMC Essential version, and a lighter version of TMC.

Compared to Tanzu services, Tanzu Standard offers a few more capabilities. It allows TKG deployment on public clouds and TKG on-premises on vSphere and VCF.

TMC Essentials, compared to TMC Standard and TMC Advanced, offers more policy features, as shown can be seen in the following table. The following figure shows the difference between TMC Essentials, included with the VMware Cloud on AWS edition, and the Tanzu Standard and Advanced add-on editions:

Figure 3.24 – Comparing TMC versions

The Essentials version includes the multi-cloud life cycle management and visibility portion. The Standard edition is required for data protection and conformance inspections, and the Advanced version is required for the advanced security, networking, and quote policies.

Summary

In this chapter, we reviewed the major integrated services in VMware Cloud on AWS, including the HCX architecture and the different migration options available with HCX (migration using vMotion, bulk migration, replication-assisted vMotion, and OS-assisted migration). We also discussed the capabilities and architecture of Aria Operations for Logs and the Tanzu-managed Kubernetes service.

The next chapter will focus on more hands-on instructions demonstrating the deployment, configuration, and setup of VMware Cloud on AWS SDDCs.