SlideShare a Scribd company logo

VMware Application Catalog - Overview for vExperts[35].pdf

Martin Hosken
Martin Hosken

The document provides an overview of the VMware Application Catalog, which is an enterprise version of the open-source Bitnami Application Catalog. The VMware catalog allows customers to build their own private catalog of customizable, trusted open-source application components that are continuously maintained and tested for production use. It offers advantages over the public Bitnami catalog such as commercial support, governance/security metadata, customizable configurations, and continuous upgrades managed by VMware.

Internet
1 of 22
Download to read offline
Confidential │ ©2021 VMware, Inc. VMware Application CatalogTM An Overview for vExperts Community Bob Webster - Director of Product Management, Content Services, VMware Bala Bharathy U - Product Marketing Manager, VMware August 16, 2023
Confidential │ ©2021 VMware, Inc. 2 Webserver Application Architectures App Database Environment are Changing From simple and centralized
Confidential │ ©2021 VMware, Inc. 3 are Changing To complex and decentralized App Cache Database Logs Environment Application Architectures
Confidential │ ©2021 VMware, Inc. 4 New regulations and best practices are driving the industry to help organizations manage the risk • SLSA • Executive Order 14028 Section 4 • NIST SSDF Secure Software Dev Framework • NIST Security Measures for Critical Software • CNCF Cloud Native Security • CNCF Secure Software Factory White Paper • and many more
Confidential │ ©2021 VMware, Inc. 5 Selected Supply Chain Best Practices • Obtain software with verifiable authenticity from trusted partners, not from ”wild” internet sources • Minimize the number of deployed versions • Standardize Application configurations • Standardize Security Hardening • Test on multiple versions of all target platforms • Use SBOMs to determine CVE impacts • Keep applications up to date Where to start?
Confidential │ ©2021 VMware, Inc. 6 Bitnami Application Catalog An open-source catalog of more than 140+ packaged Open-Source Applications available in containers, Helm Chart and Virtual Machine formats. Freely available to developers on: • Docker Hub • AWS Marketplace • VMware Marketplace • Google Marketplace • Azure Marketplace • Tanzu Mission Control • VMware vCloud Director
Confidential │ ©2021 VMware, Inc. 7 Bringing over a decade of multi-cloud application packaging experience. Bitnami’s unique perspective data center / hybrid / public / edge 2M+ Registered developers 1.5B+ Compute hours per year 1K+ Releases per month 140+ Apps & Components Local Cloud Data Center Virtual Machines Containers Deployment Templates Any environment Any format Any platform Applications, components, frameworks, templates, and more… dev / prototyping 1M+ Installs per month
Confidential │ ©2021 VMware, Inc. 8 Free Applications, awesome… but what about production? Bitnami Applications empower developers and administrators to rapidly deploy trusted OSS applications to development and test environments, • But what about production? – Commercial Support – Defined SLOs for upgrades – Enterprise specific Operating Systems or Application customizations – Governance and Security Metadata : • Software Bill of Material (SBOM) • CVE Reports • Provenance Attestations • Digitally signed artifacts.
Confidential │ ©2021 VMware, Inc. 9 VMware Application Catalog The Enterprise version of the Bitnami Catalog for production use-cases VMware Application Catalog is a cloud service that enables customers to build their own private catalog of custom packaged open-source application components that are continuously maintained and verifiably tested for use in production environments. Catalog Listing https://app-catalog.vmware.com/catalog
Confidential │ ©2021 VMware, Inc. 10 Library of 140+ customizable trusted open source building blocks Continuous Monitoring of upstream source code changes triggers rebuild, test and update Language Runtimes App Components Supporting Apps Containers, Helm Charts, Virtual Machines R Redis©
Confidential │ ©2021 VMware, Inc. 11 How does VMware Application Catalog work? Customized to enterprise requirements, continuously maintained, privately delivered Verified on Multiple Platforms Upstream Open Source Private Repositories Service Catalogs Formats Configurations OSes Agents/tools 1 3 2 4 Build Pipeline Enabling superior self-service experiences for developers while seamlessly enforcing compliance, security, and operational best practices Metadata Image Select OSS components Customer-Specific Requirements Customer’s IT Org Verify Publish Google GKE TKG Amazon EKS Azure AKS vSphere OpenShift Choice of Platforms CI/CD Pipelines
Confidential │ ©2021 VMware, Inc. 12 An automated assembly line of continuously maintained and pre-configured components How does VMware Application Catalog work? Build Build the Application from source Scan Generate SBOM CVE Scan Anti-Virus Scan Test On Docker and multiple Kubernetes versions and distributions Sign Applications and Metadata are signed using coSign Publish Signed Containers, Helm Charts and Metadata are delivered to customer’s private OCI-compliant Registry Package Custom Dockerfile Custom Helm chart Customize Configurations You choose the applications needed for your private catalog. We build, test and deliver them, and we keep them up to date.
Confidential │ ©2021 VMware, Inc. 13 Custom Recipes VMware creates custom recipes for each application: – Docker files configured for maximum security – Helm charts • install and upgrade actions • Multi-node deployment configurations – Virtual Machine configs – Recipe sources are provided to support audit requirements Recipes across the catalog are designed to: – Provide consistent security hardening – Simplify deployment using preset defaults for most config values – Standardize configuration settings to establish a configuration baseline
Confidential │ ©2021 VMware, Inc. 14 Key Feature Highlights – Security Best Practices Non-root containers No unnecessary host paths mounted No dev tools*** No ssh UID to specific UID* No mapping of ports below 1024 No secrets in images Custom CA certs to be baked in No netcat Don’t disable secomp profile No SUID/SGUID Image CVE scans S P S P S C S S P C Supported on all Apps Supported on majority of Apps Supported w/ custom base OS C S S S S S Documentation - https://docs.vmware.com/en/VMware-Application-Catalog/services/tutorials/GUID-bitnami-best-practices-hardening-containers-index.html
Confidential │ ©2021 VMware, Inc. 15 Key Feature Highlight – Continuous Application Upgrades VMware constantly monitors OSS projects and upgrades the catalog. – All application branches are monitored for changes / fixes and updated versions are automatically built, tested and delivered to the customer’s catalog. – Using VMware’s Photon OS as the base provides the lowest possible risk from upstream vulnerabilities: • All OS Level CVEs are patched by VMware • All application CVEs are reviewed for relevance and VEX metadata is created to explain true risk and reduce CVE noise • Verified for air-gapped deployments • FIPs 140-2 Compliant (for apps whose upstream vendor supports)
Confidential │ ©2021 VMware, Inc. 16 Key Feature Highlights – Application Customization Choice of runtime binary format Choice of Base OS Image Choice of Artifact Format • Photon OS 3 / 4 (FIPS & STIG Available) • Debian 10 / 11 • Ubuntu 18.04 / 20.04 / 22.04 • Red Hat UBI 8 / 9 • Custom Base Image • Containers • Helm Charts • Virtual Machines • AMD64 • ARM64 (With Photon OS)
Confidential │ ©2021 VMware, Inc. 18 Bill of Material and metadata available and sent for each continuously updated package Continuous Monitoring Rich Library Standardize OSS usage across the enterprise Capabilities and Outcomes Balancing developer flexibility with IT security and compliance Developers of pre-packaged, trusted building blocks delivered as containers, helm charts, VMs of upstream source code changes to trigger rebuild, test and push to registry Ensure usage of latest and secure versions of OSS components Gain deep visibility into your software supply chain Air-gapped support using charts syncer to replicate images in environments without full connectivity Use OSS components of your choice in air-gapped environments with ease Base Image Choice Choose among Debian, Ubuntu, CentOS, Photon, RH UBI or a customized golden image Add your own agents and tools
Confidential │ ©2021 VMware, Inc. 19 Enterprise Support for Kubeapps Best Practices for Security from over a decade of experience packaging applications Enterprise Support for Sealed Secrets Automated Validation Ensure strong reliability in multi- cloud environments Capabilities and Outcomes (continued) Balancing developer flexibility with IT security and compliance for all applications across all supported platforms - AKS, GKE, TKG etc. Sealed Secrets, an open source project of VMware secures Kubernetes secrets stored in shared repositories Gain better control over Kubernetes deployments Enjoy best-in-class security and packaging practices Kubeapps, an open source project of VMware helps build an intuitive Kubernetes app dashboard Easily deploy, manage, upgrade applications through an intuitive GUI
Confidential │ ©2021 VMware, Inc. 20 An enterprise version of Bitnami Application Catalog VMware Application Catalog • Free public library based on Debian 11 • Private library with choice of OS • Rapid deployment from public sites to development environments • Rapid deployment of customized apps from private catalog to production environments • Discovery and distribution through Docker Hub and AWS Marketplace • Catalog Web UI • Distribution to a private OCI registry VMware Application Catalog Offering Use Cases Consumption • Best effort • Continuously updated Catalog Updates • Extensive metadata for governance and security compliance • Customer curated catalog • Artifact notices to support planning Management • FIPS Compliant artifacts • Lowest possible CVEs • Support for Air Gap Environments • Sealed Secrets Enterprise • VMware support for Kubeapps Extras Bitnami Application Catalog • Community Support • VMware Support Support • Basic information for each artifact
Confidential │ ©2021 VMware, Inc. 21 Talk about VMware Application Catalog to win exciting gifts 1. Spread awareness on VMware Application Catalog through blogs, videos, social media posts, web events, speaking opportunities or any other such means you see fit to engage with your audience 2. Send the link of your content to ubala@vmware.com, on or before September 18, 2023 (Monday) 3. Your content will be evaluated by VMware based on the effort, quality and the amount of engagement it has garnered 4. If your content meets our evaluation criteria, you will receive an exciting gift from VMware – wherever you reside. Important Note: • It is entirely within VMware’s discretion whether a particular piece of content/post/work will be rewarded with a gift or not • Limited gifts available; they will be rolled out on ‘first come first’ serve basis
Confidential │ ©2021 VMware, Inc. 22 Live Demo
Thank You Confidential │ ©2021 VMware, Inc.

Recommended

Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021VMware Tanzu
 
Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021VMware Tanzu
 
VMworld 2015: Container Orchestration with the SDDC
VMworld 2015: Container Orchestration with the SDDCVMworld 2015: Container Orchestration with the SDDC
VMworld 2015: Container Orchestration with the SDDCVMworld
 
Achieving DevSecOps Outcomes with Tanzu Advanced - Spanish
Achieving DevSecOps Outcomes with Tanzu Advanced - SpanishAchieving DevSecOps Outcomes with Tanzu Advanced - Spanish
Achieving DevSecOps Outcomes with Tanzu Advanced - SpanishVMware Tanzu
 
VMworld 2015: Build and Run Cloud Native Apps in your Software Defined Data C...
VMworld 2015: Build and Run Cloud Native Apps in your Software Defined Data C...VMworld 2015: Build and Run Cloud Native Apps in your Software Defined Data C...
VMworld 2015: Build and Run Cloud Native Apps in your Software Defined Data C...VMworld
 
Pivotal Platform - December Release A First Look
Pivotal Platform - December Release A First LookPivotal Platform - December Release A First Look
Pivotal Platform - December Release A First LookVMware Tanzu
 
WMworld Europe 2014: Hybrid Sandboxing – Create the Ultimate On and Off Premi...
WMworld Europe 2014: Hybrid Sandboxing – Create the Ultimate On and Off Premi...WMworld Europe 2014: Hybrid Sandboxing – Create the Ultimate On and Off Premi...
WMworld Europe 2014: Hybrid Sandboxing – Create the Ultimate On and Off Premi...VMworld
 
Enterprise pks overview
Enterprise pks overview Enterprise pks overview
Enterprise pks overview Boskey Savla
 

Recommended

Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021VMware Tanzu
 
Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021VMware Tanzu
 
VMworld 2015: Container Orchestration with the SDDC
VMworld 2015: Container Orchestration with the SDDCVMworld 2015: Container Orchestration with the SDDC
VMworld 2015: Container Orchestration with the SDDCVMworld
 
Achieving DevSecOps Outcomes with Tanzu Advanced - Spanish
Achieving DevSecOps Outcomes with Tanzu Advanced - SpanishAchieving DevSecOps Outcomes with Tanzu Advanced - Spanish
Achieving DevSecOps Outcomes with Tanzu Advanced - SpanishVMware Tanzu
 
VMworld 2015: Build and Run Cloud Native Apps in your Software Defined Data C...
VMworld 2015: Build and Run Cloud Native Apps in your Software Defined Data C...VMworld 2015: Build and Run Cloud Native Apps in your Software Defined Data C...
VMworld 2015: Build and Run Cloud Native Apps in your Software Defined Data C...VMworld
 
Pivotal Platform - December Release A First Look
Pivotal Platform - December Release A First LookPivotal Platform - December Release A First Look
Pivotal Platform - December Release A First LookVMware Tanzu
 
WMworld Europe 2014: Hybrid Sandboxing – Create the Ultimate On and Off Premi...
WMworld Europe 2014: Hybrid Sandboxing – Create the Ultimate On and Off Premi...WMworld Europe 2014: Hybrid Sandboxing – Create the Ultimate On and Off Premi...
WMworld Europe 2014: Hybrid Sandboxing – Create the Ultimate On and Off Premi...VMworld
 
Enterprise pks overview
Enterprise pks overview Enterprise pks overview
Enterprise pks overview Boskey Savla
 
Docker EE 2.0 Choice, Security & Agility
Docker EE 2.0 Choice, Security & AgilityDocker EE 2.0 Choice, Security & Agility
Docker EE 2.0 Choice, Security & AgilityAshnikbiz
 
VMworld Europe 2014: A DevOps Story - Unlocking the Power of Docker with the ...
VMworld Europe 2014: A DevOps Story - Unlocking the Power of Docker with the ...VMworld Europe 2014: A DevOps Story - Unlocking the Power of Docker with the ...
VMworld Europe 2014: A DevOps Story - Unlocking the Power of Docker with the ...VMworld
 
Veracode Integration Adapter - Datasheet
Veracode Integration Adapter - DatasheetVeracode Integration Adapter - Datasheet
Veracode Integration Adapter - DatasheetKovair
 
Top 10 IaaS Highlights for Developers
Top 10 IaaS Highlights for DevelopersTop 10 IaaS Highlights for Developers
Top 10 IaaS Highlights for DevelopersMicrosoft Tech Community
 
Edge 2016 Session 1886 Building your own docker container cloud on ibm power...
Edge 2016 Session 1886 Building your own docker container cloud on ibm power...Edge 2016 Session 1886 Building your own docker container cloud on ibm power...
Edge 2016 Session 1886 Building your own docker container cloud on ibm power...Yong Feng
 
VMworld 2014: The Software-Defined Datacenter, VMs, and Containers
VMworld 2014: The Software-Defined Datacenter, VMs, and ContainersVMworld 2014: The Software-Defined Datacenter, VMs, and Containers
VMworld 2014: The Software-Defined Datacenter, VMs, and ContainersVMworld
 
Microsoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewMicrosoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewDavid J Rosenthal
 
Authoritative Container Builder Mark Argent IBM
Authoritative Container Builder Mark Argent IBMAuthoritative Container Builder Mark Argent IBM
Authoritative Container Builder Mark Argent IBMMark Argent
 
Kubernetes for the VI Admin
Kubernetes for the VI AdminKubernetes for the VI Admin
Kubernetes for the VI AdminKendrick Coleman
 
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018Patrick Chanezon
 
VMware Tanzu Kubernetes Connect
VMware Tanzu Kubernetes ConnectVMware Tanzu Kubernetes Connect
VMware Tanzu Kubernetes ConnectVMware Tanzu
 
Highly available nodejs
Highly available nodejsHighly available nodejs
Highly available nodejspfremm
 
PCF: Platform for a New Era - Kubernetes for the Enterprise - London
PCF: Platform for a New Era - Kubernetes for the Enterprise - LondonPCF: Platform for a New Era - Kubernetes for the Enterprise - London
PCF: Platform for a New Era - Kubernetes for the Enterprise - LondonVMware Tanzu
 
Cloud Native Application
Cloud Native ApplicationCloud Native Application
Cloud Native ApplicationVMUG IT
 
Application Modernization with PKS / Kubernetes
Application Modernization with PKS / KubernetesApplication Modernization with PKS / Kubernetes
Application Modernization with PKS / KubernetesPaul Czarkowski
 
A Bit of Everything Chef
A Bit of Everything ChefA Bit of Everything Chef
A Bit of Everything ChefMandi Walls
 
20151019 v mworld2015-recap-02
20151019 v mworld2015-recap-0220151019 v mworld2015-recap-02
20151019 v mworld2015-recap-02Kevin Groat
 
Docker Enterprise Edition Overview by Steven Thwaites, Technical Solutions En...
Docker Enterprise Edition Overview by Steven Thwaites, Technical Solutions En...Docker Enterprise Edition Overview by Steven Thwaites, Technical Solutions En...
Docker Enterprise Edition Overview by Steven Thwaites, Technical Solutions En...Ashnikbiz
 
VMworld 2015: What's New in vSphere?
VMworld 2015: What's New in vSphere?VMworld 2015: What's New in vSphere?
VMworld 2015: What's New in vSphere?VMworld
 
New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024ThousandEyes
 
Pvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan
 
Bug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's GuideBug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's GuideVarun Mithran
 

More Related Content

Similar to VMware Application Catalog - Overview for vExperts[35].pdf

Docker EE 2.0 Choice, Security & Agility
Docker EE 2.0 Choice, Security & AgilityDocker EE 2.0 Choice, Security & Agility
Docker EE 2.0 Choice, Security & AgilityAshnikbiz
 
VMworld Europe 2014: A DevOps Story - Unlocking the Power of Docker with the ...
VMworld Europe 2014: A DevOps Story - Unlocking the Power of Docker with the ...VMworld Europe 2014: A DevOps Story - Unlocking the Power of Docker with the ...
VMworld Europe 2014: A DevOps Story - Unlocking the Power of Docker with the ...VMworld
 
Veracode Integration Adapter - Datasheet
Veracode Integration Adapter - DatasheetVeracode Integration Adapter - Datasheet
Veracode Integration Adapter - DatasheetKovair
 
Edge 2016 Session 1886 Building your own docker container cloud on ibm power...
Edge 2016 Session 1886 Building your own docker container cloud on ibm power...Edge 2016 Session 1886 Building your own docker container cloud on ibm power...
Edge 2016 Session 1886 Building your own docker container cloud on ibm power...Yong Feng
 
VMworld 2014: The Software-Defined Datacenter, VMs, and Containers
VMworld 2014: The Software-Defined Datacenter, VMs, and ContainersVMworld 2014: The Software-Defined Datacenter, VMs, and Containers
VMworld 2014: The Software-Defined Datacenter, VMs, and ContainersVMworld
 
Microsoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewMicrosoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewDavid J Rosenthal
 
Authoritative Container Builder Mark Argent IBM
Authoritative Container Builder Mark Argent IBMAuthoritative Container Builder Mark Argent IBM
Authoritative Container Builder Mark Argent IBMMark Argent
 
Kubernetes for the VI Admin
Kubernetes for the VI AdminKubernetes for the VI Admin
Kubernetes for the VI AdminKendrick Coleman
 
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018Patrick Chanezon
 
VMware Tanzu Kubernetes Connect
VMware Tanzu Kubernetes ConnectVMware Tanzu Kubernetes Connect
VMware Tanzu Kubernetes ConnectVMware Tanzu
 
Highly available nodejs
Highly available nodejsHighly available nodejs
Highly available nodejspfremm
 
PCF: Platform for a New Era - Kubernetes for the Enterprise - London
PCF: Platform for a New Era - Kubernetes for the Enterprise - LondonPCF: Platform for a New Era - Kubernetes for the Enterprise - London
PCF: Platform for a New Era - Kubernetes for the Enterprise - LondonVMware Tanzu
 
Cloud Native Application
Cloud Native ApplicationCloud Native Application
Cloud Native ApplicationVMUG IT
 
Application Modernization with PKS / Kubernetes
Application Modernization with PKS / KubernetesApplication Modernization with PKS / Kubernetes
Application Modernization with PKS / KubernetesPaul Czarkowski
 
A Bit of Everything Chef
A Bit of Everything ChefA Bit of Everything Chef
A Bit of Everything ChefMandi Walls
 
20151019 v mworld2015-recap-02
20151019 v mworld2015-recap-0220151019 v mworld2015-recap-02
20151019 v mworld2015-recap-02Kevin Groat
 
Docker Enterprise Edition Overview by Steven Thwaites, Technical Solutions En...
Docker Enterprise Edition Overview by Steven Thwaites, Technical Solutions En...Docker Enterprise Edition Overview by Steven Thwaites, Technical Solutions En...
Docker Enterprise Edition Overview by Steven Thwaites, Technical Solutions En...Ashnikbiz
 
VMworld 2015: What's New in vSphere?
VMworld 2015: What's New in vSphere?VMworld 2015: What's New in vSphere?
VMworld 2015: What's New in vSphere?VMworld
 
New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024ThousandEyes
 

Similar to VMware Application Catalog - Overview for vExperts[35].pdf (20)

Docker EE 2.0 Choice, Security & Agility
Docker EE 2.0 Choice, Security & AgilityDocker EE 2.0 Choice, Security & Agility
Docker EE 2.0 Choice, Security & Agility
 
VMworld Europe 2014: A DevOps Story - Unlocking the Power of Docker with the ...
VMworld Europe 2014: A DevOps Story - Unlocking the Power of Docker with the ...VMworld Europe 2014: A DevOps Story - Unlocking the Power of Docker with the ...
VMworld Europe 2014: A DevOps Story - Unlocking the Power of Docker with the ...
 
Veracode Integration Adapter - Datasheet
Veracode Integration Adapter - DatasheetVeracode Integration Adapter - Datasheet
Veracode Integration Adapter - Datasheet
 
Top 10 IaaS Highlights for Developers
Top 10 IaaS Highlights for DevelopersTop 10 IaaS Highlights for Developers
Top 10 IaaS Highlights for Developers
 
Edge 2016 Session 1886 Building your own docker container cloud on ibm power...
Edge 2016 Session 1886 Building your own docker container cloud on ibm power...Edge 2016 Session 1886 Building your own docker container cloud on ibm power...
Edge 2016 Session 1886 Building your own docker container cloud on ibm power...
 
VMworld 2014: The Software-Defined Datacenter, VMs, and Containers
VMworld 2014: The Software-Defined Datacenter, VMs, and ContainersVMworld 2014: The Software-Defined Datacenter, VMs, and Containers
VMworld 2014: The Software-Defined Datacenter, VMs, and Containers
 
Microsoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewMicrosoft Windows Server 2022 Overview
Microsoft Windows Server 2022 Overview
 
Authoritative Container Builder Mark Argent IBM
Authoritative Container Builder Mark Argent IBMAuthoritative Container Builder Mark Argent IBM
Authoritative Container Builder Mark Argent IBM
 
Kubernetes for the VI Admin
Kubernetes for the VI AdminKubernetes for the VI Admin
Kubernetes for the VI Admin
 
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
 
VMware Tanzu Kubernetes Connect
VMware Tanzu Kubernetes ConnectVMware Tanzu Kubernetes Connect
VMware Tanzu Kubernetes Connect
 
Highly available nodejs
Highly available nodejsHighly available nodejs
Highly available nodejs
 
PCF: Platform for a New Era - Kubernetes for the Enterprise - London
PCF: Platform for a New Era - Kubernetes for the Enterprise - LondonPCF: Platform for a New Era - Kubernetes for the Enterprise - London
PCF: Platform for a New Era - Kubernetes for the Enterprise - London
 
Cloud Native Application
Cloud Native ApplicationCloud Native Application
Cloud Native Application
 
Application Modernization with PKS / Kubernetes
Application Modernization with PKS / KubernetesApplication Modernization with PKS / Kubernetes
Application Modernization with PKS / Kubernetes
 
A Bit of Everything Chef
A Bit of Everything ChefA Bit of Everything Chef
A Bit of Everything Chef
 
20151019 v mworld2015-recap-02
20151019 v mworld2015-recap-0220151019 v mworld2015-recap-02
20151019 v mworld2015-recap-02
 
Docker Enterprise Edition Overview by Steven Thwaites, Technical Solutions En...
Docker Enterprise Edition Overview by Steven Thwaites, Technical Solutions En...Docker Enterprise Edition Overview by Steven Thwaites, Technical Solutions En...
Docker Enterprise Edition Overview by Steven Thwaites, Technical Solutions En...
 
VMworld 2015: What's New in vSphere?
VMworld 2015: What's New in vSphere?VMworld 2015: What's New in vSphere?
VMworld 2015: What's New in vSphere?
 
New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024
 

Recently uploaded

Pvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan
 
Bug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's GuideBug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's GuideVarun Mithran
 
How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?Linksys Velop Login
 
ER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEHimani415946
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxlaozhuseo02
 
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkkaudience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkklolsDocherty
 
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理aagad
 
The Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyThe Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyDamar Juniarto
 
The AI Powered Organization-Intro to AI-LAN.pdf
The AI Powered Organization-Intro to AI-LAN.pdfThe AI Powered Organization-Intro to AI-LAN.pdf
The AI Powered Organization-Intro to AI-LAN.pdfSiskaFitrianingrum
 
Case study on merger of Vodafone and Idea (VI).pptx
Case study on merger of Vodafone and Idea (VI).pptxCase study on merger of Vodafone and Idea (VI).pptx
Case study on merger of Vodafone and Idea (VI).pptxAnkitscribd
 
Article writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptxArticle writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptxabhinandnam9997
 

Recently uploaded (13)

Pvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdf
 
Bug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's GuideBug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's Guide
 
How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?
 
ER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAE
 
The Best AI Powered Software - Intellivid AI Studio
The Best AI Powered Software - Intellivid AI StudioThe Best AI Powered Software - Intellivid AI Studio
The Best AI Powered Software - Intellivid AI Studio
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
 
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkkaudience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
 
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
 
The Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyThe Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case Study
 
The AI Powered Organization-Intro to AI-LAN.pdf
The AI Powered Organization-Intro to AI-LAN.pdfThe AI Powered Organization-Intro to AI-LAN.pdf
The AI Powered Organization-Intro to AI-LAN.pdf
 
Case study on merger of Vodafone and Idea (VI).pptx
Case study on merger of Vodafone and Idea (VI).pptxCase study on merger of Vodafone and Idea (VI).pptx
Case study on merger of Vodafone and Idea (VI).pptx
 
Article writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptxArticle writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptx
 

VMware Application Catalog - Overview for vExperts[35].pdf

  • 1. Confidential │ ©2021 VMware, Inc. VMware Application CatalogTM An Overview for vExperts Community Bob Webster - Director of Product Management, Content Services, VMware Bala Bharathy U - Product Marketing Manager, VMware August 16, 2023
  • 2. Confidential │ ©2021 VMware, Inc. 2 Webserver Application Architectures App Database Environment are Changing From simple and centralized
  • 3. Confidential │ ©2021 VMware, Inc. 3 are Changing To complex and decentralized App Cache Database Logs Environment Application Architectures
  • 4. Confidential │ ©2021 VMware, Inc. 4 New regulations and best practices are driving the industry to help organizations manage the risk • SLSA • Executive Order 14028 Section 4 • NIST SSDF Secure Software Dev Framework • NIST Security Measures for Critical Software • CNCF Cloud Native Security • CNCF Secure Software Factory White Paper • and many more
  • 5. Confidential │ ©2021 VMware, Inc. 5 Selected Supply Chain Best Practices • Obtain software with verifiable authenticity from trusted partners, not from ”wild” internet sources • Minimize the number of deployed versions • Standardize Application configurations • Standardize Security Hardening • Test on multiple versions of all target platforms • Use SBOMs to determine CVE impacts • Keep applications up to date Where to start?
  • 6. Confidential │ ©2021 VMware, Inc. 6 Bitnami Application Catalog An open-source catalog of more than 140+ packaged Open-Source Applications available in containers, Helm Chart and Virtual Machine formats. Freely available to developers on: • Docker Hub • AWS Marketplace • VMware Marketplace • Google Marketplace • Azure Marketplace • Tanzu Mission Control • VMware vCloud Director
  • 7. Confidential │ ©2021 VMware, Inc. 7 Bringing over a decade of multi-cloud application packaging experience. Bitnami’s unique perspective data center / hybrid / public / edge 2M+ Registered developers 1.5B+ Compute hours per year 1K+ Releases per month 140+ Apps & Components Local Cloud Data Center Virtual Machines Containers Deployment Templates Any environment Any format Any platform Applications, components, frameworks, templates, and more… dev / prototyping 1M+ Installs per month
  • 8. Confidential │ ©2021 VMware, Inc. 8 Free Applications, awesome… but what about production? Bitnami Applications empower developers and administrators to rapidly deploy trusted OSS applications to development and test environments, • But what about production? – Commercial Support – Defined SLOs for upgrades – Enterprise specific Operating Systems or Application customizations – Governance and Security Metadata : • Software Bill of Material (SBOM) • CVE Reports • Provenance Attestations • Digitally signed artifacts.
  • 9. Confidential │ ©2021 VMware, Inc. 9 VMware Application Catalog The Enterprise version of the Bitnami Catalog for production use-cases VMware Application Catalog is a cloud service that enables customers to build their own private catalog of custom packaged open-source application components that are continuously maintained and verifiably tested for use in production environments. Catalog Listing https://app-catalog.vmware.com/catalog
  • 10. Confidential │ ©2021 VMware, Inc. 10 Library of 140+ customizable trusted open source building blocks Continuous Monitoring of upstream source code changes triggers rebuild, test and update Language Runtimes App Components Supporting Apps Containers, Helm Charts, Virtual Machines R Redis©
  • 11. Confidential │ ©2021 VMware, Inc. 11 How does VMware Application Catalog work? Customized to enterprise requirements, continuously maintained, privately delivered Verified on Multiple Platforms Upstream Open Source Private Repositories Service Catalogs Formats Configurations OSes Agents/tools 1 3 2 4 Build Pipeline Enabling superior self-service experiences for developers while seamlessly enforcing compliance, security, and operational best practices Metadata Image Select OSS components Customer-Specific Requirements Customer’s IT Org Verify Publish Google GKE TKG Amazon EKS Azure AKS vSphere OpenShift Choice of Platforms CI/CD Pipelines
  • 12. Confidential │ ©2021 VMware, Inc. 12 An automated assembly line of continuously maintained and pre-configured components How does VMware Application Catalog work? Build Build the Application from source Scan Generate SBOM CVE Scan Anti-Virus Scan Test On Docker and multiple Kubernetes versions and distributions Sign Applications and Metadata are signed using coSign Publish Signed Containers, Helm Charts and Metadata are delivered to customer’s private OCI-compliant Registry Package Custom Dockerfile Custom Helm chart Customize Configurations You choose the applications needed for your private catalog. We build, test and deliver them, and we keep them up to date.
  • 13. Confidential │ ©2021 VMware, Inc. 13 Custom Recipes VMware creates custom recipes for each application: – Docker files configured for maximum security – Helm charts • install and upgrade actions • Multi-node deployment configurations – Virtual Machine configs – Recipe sources are provided to support audit requirements Recipes across the catalog are designed to: – Provide consistent security hardening – Simplify deployment using preset defaults for most config values – Standardize configuration settings to establish a configuration baseline
  • 14. Confidential │ ©2021 VMware, Inc. 14 Key Feature Highlights – Security Best Practices Non-root containers No unnecessary host paths mounted No dev tools*** No ssh UID to specific UID* No mapping of ports below 1024 No secrets in images Custom CA certs to be baked in No netcat Don’t disable secomp profile No SUID/SGUID Image CVE scans S P S P S C S S P C Supported on all Apps Supported on majority of Apps Supported w/ custom base OS C S S S S S Documentation - https://docs.vmware.com/en/VMware-Application-Catalog/services/tutorials/GUID-bitnami-best-practices-hardening-containers-index.html
  • 15. Confidential │ ©2021 VMware, Inc. 15 Key Feature Highlight – Continuous Application Upgrades VMware constantly monitors OSS projects and upgrades the catalog. – All application branches are monitored for changes / fixes and updated versions are automatically built, tested and delivered to the customer’s catalog. – Using VMware’s Photon OS as the base provides the lowest possible risk from upstream vulnerabilities: • All OS Level CVEs are patched by VMware • All application CVEs are reviewed for relevance and VEX metadata is created to explain true risk and reduce CVE noise • Verified for air-gapped deployments • FIPs 140-2 Compliant (for apps whose upstream vendor supports)
  • 16. Confidential │ ©2021 VMware, Inc. 16 Key Feature Highlights – Application Customization Choice of runtime binary format Choice of Base OS Image Choice of Artifact Format • Photon OS 3 / 4 (FIPS & STIG Available) • Debian 10 / 11 • Ubuntu 18.04 / 20.04 / 22.04 • Red Hat UBI 8 / 9 • Custom Base Image • Containers • Helm Charts • Virtual Machines • AMD64 • ARM64 (With Photon OS)
  • 17. Confidential │ ©2021 VMware, Inc. 18 Bill of Material and metadata available and sent for each continuously updated package Continuous Monitoring Rich Library Standardize OSS usage across the enterprise Capabilities and Outcomes Balancing developer flexibility with IT security and compliance Developers of pre-packaged, trusted building blocks delivered as containers, helm charts, VMs of upstream source code changes to trigger rebuild, test and push to registry Ensure usage of latest and secure versions of OSS components Gain deep visibility into your software supply chain Air-gapped support using charts syncer to replicate images in environments without full connectivity Use OSS components of your choice in air-gapped environments with ease Base Image Choice Choose among Debian, Ubuntu, CentOS, Photon, RH UBI or a customized golden image Add your own agents and tools
  • 18. Confidential │ ©2021 VMware, Inc. 19 Enterprise Support for Kubeapps Best Practices for Security from over a decade of experience packaging applications Enterprise Support for Sealed Secrets Automated Validation Ensure strong reliability in multi- cloud environments Capabilities and Outcomes (continued) Balancing developer flexibility with IT security and compliance for all applications across all supported platforms - AKS, GKE, TKG etc. Sealed Secrets, an open source project of VMware secures Kubernetes secrets stored in shared repositories Gain better control over Kubernetes deployments Enjoy best-in-class security and packaging practices Kubeapps, an open source project of VMware helps build an intuitive Kubernetes app dashboard Easily deploy, manage, upgrade applications through an intuitive GUI
  • 19. Confidential │ ©2021 VMware, Inc. 20 An enterprise version of Bitnami Application Catalog VMware Application Catalog • Free public library based on Debian 11 • Private library with choice of OS • Rapid deployment from public sites to development environments • Rapid deployment of customized apps from private catalog to production environments • Discovery and distribution through Docker Hub and AWS Marketplace • Catalog Web UI • Distribution to a private OCI registry VMware Application Catalog Offering Use Cases Consumption • Best effort • Continuously updated Catalog Updates • Extensive metadata for governance and security compliance • Customer curated catalog • Artifact notices to support planning Management • FIPS Compliant artifacts • Lowest possible CVEs • Support for Air Gap Environments • Sealed Secrets Enterprise • VMware support for Kubeapps Extras Bitnami Application Catalog • Community Support • VMware Support Support • Basic information for each artifact
  • 20. Confidential │ ©2021 VMware, Inc. 21 Talk about VMware Application Catalog to win exciting gifts 1. Spread awareness on VMware Application Catalog through blogs, videos, social media posts, web events, speaking opportunities or any other such means you see fit to engage with your audience 2. Send the link of your content to ubala@vmware.com, on or before September 18, 2023 (Monday) 3. Your content will be evaluated by VMware based on the effort, quality and the amount of engagement it has garnered 4. If your content meets our evaluation criteria, you will receive an exciting gift from VMware – wherever you reside. Important Note: • It is entirely within VMware’s discretion whether a particular piece of content/post/work will be rewarded with a gift or not • Limited gifts available; they will be rolled out on ‘first come first’ serve basis
  • 21. Confidential │ ©2021 VMware, Inc. 22 Live Demo
  • 22. Thank You Confidential │ ©2021 VMware, Inc.