Many of you already heard of VMware Application Catalog, right? No? Let's get into some details then. But first, let's talk about why would it be interesting to use VMware application catalog in your organization.
As you know, the applications and their architecture is getting more and more complicated over time. In fact, the time when we had some simple architectures for apps, are gone. Today's application and their environment looks pretty much like this. It's not easy to build, secure and maintain.
You have container based apps, the components that are deployed in different clouds.
Copyrights for these images are owned by VMware.
There are new regulations and best security practices within the industry, were introduced. There is SLSA, Executive order 13028 Section 4 or NIST SSDF (dev framework) or NIST Security measures for critical software, Cloud Native Security (CNCF) or Secure Software Factory White Paper (CNCF), plus many more. Those regulations are here to help to manage the risk.
The journey start when you need to get your software from trusted partner (not from some uncontrolled internet resource). You'd want to minimize the number of deployed versions and standardize app configuration as well as security hardening.
Then you'll need to test several versions of all target platforms and determine CVE impacts. Also, you'll need to think of keeping of applications up-to-date.
Free Bitnami Application Catalog (By VMware)
Perhaps you don't know, but there is a free, open-source catalog of more than 140 packaged Open Source applications at Bitnami (by VMware) that are available in different formats (containers, Help Charts or as a VMs). Those applications are available to developers on different platforms, such as:
- Docker Hub
- AWS Marketplace
- VMware Marketplace
- Azure Marketplace
- Tanzu Mission Control
- VMware Cloud Director
Bitnami is free software provided and maintained by VMware, for developers.
Bitnami apps are great, but when you think about production, a support, customization, defined SLOs for upgrades etc, then you'll need a more professional and more developped offering which includes this. That's where comes VAC.
What's the difference between Bitnami and VMware Application Catalog (VAC)?
VMware application catalog is the enterprise version of the Bitnami Catalog for production use. In fact, the VMware Application Catalog is delivered via VMware’s Cloud Services Portal (CSP). You can have your own private catalog of custom packaged open-source application components that are maintained and tested (by VMware) to be used in production environment.
You can find VAC at https://app-catalog.vmware.com/catalog
It is a customizable version of Bitnami catalog, but with functions such as monitoring of upstream source code changes that triggers rebuild, test and update. The components, language routines and supporting apps are pretty high level. (Postgres, NGiNX, Kafka….)
How does VMware Application Catalog (VAC) Work?
When you subscribe to the VAC, you control the catalog itself, you become an administrator of your catalog. You chose the applications, the components and the destinations platforms. You chose the upstream components that you want to customize. You can install special tools and customize the application to fit your organization's need.
The high-end view looks like this.
Here is a detailed image from the process where you can see how you build then package, scan, test, sign and publish your application.
Possibility to build Custom Recipes
The custom recipes are created by VMware for each application. In many cases it includes multi-node configurations, for VMs, they provide VM's configuration. The recipe sources are provided to support audit requirements.
The recipes provide consistent security hardening and simplify deployment using preset defaults for most config values. They standardize configuration settings for establishing a configuration base.
Continuous Application Upgrades
The applications are monitored and (if necessary) rebuilt on a daily basis. They're also tested and delivered to the customer's catalog.
By using VMware Photon OS for the base it has the lowest possible risk as the OS is maintained and patched by VMware, all application Common Vulnerabilities and Exposures (CVEs) are reviewed for relevance.
They're also verified for air-gapped deployments. They're also FIPs 140-2 Compliant (for those supported).
A very large choice of OSes. You can also provide your own custom image.
VAC in the summary
Check out VAC here:
You can find VAC at https://app-catalog.vmware.com/catalog
We've seen a demo during our briefing with VMware. It's difficult for me to describe all of what we've seen. There are some Youtube videos I can link here if you like to see how does this looks like:
- VMware Application Catalog Demo
- PostgreSQL OVA Image Packaged by Bitnami in Production Using VMware Application Catalog
- VMware Application Catalog Integration into VMware Marketplace
For enterprise customers, admins willing to deliver streamlined, secured and up-to-date applications and have their own managed app catalogue, the VAC is the way to go. It frees some of the admin's tasks such as re-building the latest version and maintaining the security for the environment.
The VMware Application Catalog provides users with a free 90-day trial period. When this period is about to end, users will see a message when accessing their VMware Application Catalog accounts: “Your trial is going to expire”.
This was only a high level overview of VMware application catalog and if you intend to test it, you have a good overview what you can expect to do.
More posts from ESX Virtualization:
- VMware vCenter Server 8.0 U1b resolves further upgrade issues and adds bunch of security patches
- VMware vCenter Server Appliance 8.0U1a Released
- Homelab v 8.0 (NEW)
- vSphere 8.0 Page (NEW)
- Veeam Bare Metal Recovery Without using USB Stick (TIP)
- ESXi 7.x to 8.x upgrade scenarios
- A really FREE VPN that doesn’t suck
- Patch your ESXi 7.x again
- VMware vCenter Server 7.03 U3g – Download and patch
- Upgrade VMware ESXi to 7.0 U3 via command line
- VMware vCenter Server 7.0 U3e released – another maintenance release fixing vSphere with Tanzu
- What is The Difference between VMware vSphere, ESXi and vCenter
- How to Configure VMware High Availability (HA) Cluster