Rising use of Kubernetes in production brings new IT demands Kubernetes basics: A step-by-step implementation tutorial

Tanzu vs. OpenShift vs. Ezmeral: 3 rivals' Kubernetes offerings

Learn how container management products from VMware, Red Hat and Hewlett Packard Enterprise compare when it comes to their overall Kubernetes strategies.

Kubernetes has become the open source industry standard for container orchestration. There are numerous Kubernetes products for managing containers, including VMware Tanzu, which the vendor announced at the August 2019 VMworld, and the Red Hat OpenShift Container Platform. In July, Hewlett Packard Enterprise introduced the Ezmeral Container Platform, its portfolio of cloud-native services for managing and deploying container-based workloads -- effectively, an enterprise platform built on top of Kubernetes.

Examine which product might work best for your data center by comparing Tanzu vs. OpenShift vs. Ezmeral.

VMware Tanzu

VMware Tanzu is built for enterprises that must deploy and manage applications at scale. Tanzu isn't a single product, but rather a suite of products designed to modernize both applications and the infrastructure on which they run. VMware's Kubernetes offering is called VMware Tanzu Kubernetes Grid.

Organizations can deploy Tanzu Kubernetes Grid in a variety of ways, including in their own data center as a part of a VMware-based private cloud, in the public cloud or at the edge.

To deploy Tanzu Kubernetes Grid on premises, an organization must download and install the Tanzu Kubernetes Grid command-line interface (CLI) to a bootstrap environment. VMware provides the CLI binaries for Linux, macOS and Windows systems.

VMware's Tanzu Kubernetes Grid enables Kubernetes deployments to span data centers and clouds, thanks in part to the product's support for vSphere 7 with Kubernetes. The software fully supports multi-cluster operations and uses automated lifecycle management policies to help reduce the administrative workload. Organizations that require high availability for clustered workloads can use availability zones to achieve the necessary resilience.

Comparing container platforms for applications
How three Kubernetes container management products compare.

As previously noted, VMware Tanzu is a portfolio of individual Tanzu-branded products, rather than a single product. As such, VMware has chosen to decentralize some of Tanzu's capabilities by breaking them out into separate products. Organizations that want to use machine learning capabilities, for instance, must use VMware Tanzu Greenplum.

VMware provides monitoring and operations management for Tanzu through an add-on tool called Tanzu Mission Control. This tool acts as a centralized management platform that provides capabilities such as cluster lifecycle management, policy management, data management and data protection.

Tanzu Mission Control also provides an extra layer of security in the form of identity and access management. In addition to basic authentication and authorization, Tanzu Mission Control can federate identities based on sources such as Microsoft Active Directory, Lightweight Directory Access Protocol and Security Assertion Markup Language.

VMware licenses Tanzu as an annual subscription when running on premises. Subscriptions are available for either one or three years and are billed on a per-core basis.

Red Hat OpenShift Container Platform

Red Hat markets its OpenShift Container Platform as an enterprise-grade foundation for building containerized applications.

Red Hat designed its OpenShift Container Platform primarily for use in hybrid cloud environments, with cluster resources supported on premises and in the Amazon and Google clouds. Red Hat also operates a managed service called Microsoft Azure Red Hat OpenShift in the Microsoft Azure cloud. Although the Red Hat OpenShift Container Platform is built to operate at scale, Red Hat also supports edge deployments consisting of clusters with as few as three nodes.

Red Shift Open Container Platform supports both stateless and stateful applications. Its management interface enables a consistent management experience for both on-premises and cloud-based workloads. This interface enables administrators to implement and enforce policies across all OpenShift clusters. Prometheus and the Grafana dashboard provide monitoring capabilities. Additionally, Red Hat delivers automated scaling and health management through an integrated orchestration engine.

Red Hat takes a defense in depth approach to container security, with an emphasis on managing security for the entire software supply chain. To accomplish this, Red Hat seeks first to control content sources and then to defend against attacks in all layers of the platform. Red Hat has created APIs that allow security providers to augment the existing security services.

Red Hat built its OpenShift Container Platform to enable machine learning workloads. Additionally, Red Hat's Decision Manager can capitalize on this ability by intertwining machine learning models with conventional decision models.

Organizations planning to deploy the Red Hat OpenShift Container Platform on premises require an active OpenShift Container Platform subscription. Additionally, nodes require Red Hat Enterprise Linux 7.4 or later and at least four virtual CPUs and 16 GB of RAM.

Hewlett Packard Enterprise Ezmeral Container Platform

The HPE Ezmeral Container Platform is an enterprise-grade portfolio for deploying containers at scale. With this platform, HPE places a heavy emphasis on data and supports persistent storage on premises, in the cloud or at the edge.

HPE Ezmeral Container Platform can deploy and manage multiple Kubernetes clusters in hybrid cloud or multi-cloud environments. The software's unified control plane supports Amazon Elastic Kubernetes Service clusters, Google Kubernetes Engine and Azure Kubernetes Service clusters. It also supports the Cloud Native Computing Foundation. HPE has designed Ezmeral Container Platform for extreme scalability, with real-world clusters created containing more than a thousand nodes.

To help keep its customers secure, HPE has integrated the Harbor Registry -- a private application registry -- into the Ezmeral Container Platform. This enables the platform to scan for security vulnerabilities and to use image signing to positively identify trusted images. HPE also supports role-based access control, with each tenant getting its own dedicated workspace within the Harbor Registry.

HPE uses AIOps artificial intelligence for IT infrastructure to proactively monitor the underlying infrastructure and address problems when necessary. Predictive analytics can also assist admins with capacity planning and resource allocation.

Similarly, HPE has heavily integrated automation into its platform. Automation helps streamline tasks ranging from the provisioning of physical infrastructure to lifecycle operations.

The Ezmeral Container Platform runs on HPE's Synergy integrated system. In addition to this hardware platform, the Ezmeral Container Platform depends on the HPE Data Fabric for persistent container storage, open source Kubernetes and VMware.

Licensing for the Ezmeral Container Platform is subscription-based, with plans ranging from one to five years. However, HPE is transitioning to a business model in which all its products are delivered as a service with consumption-based pricing. As such, even on-premises deployments are usage-metered based on the compute and storage resources the cluster nodes consume.

Next Steps

Assess managed Kubernetes services for your workloads

Kubernetes networking explained: Start with these building blocks

Managed container services face-off: Enterprise PKS vs. OpenShift

Dig Deeper on VMware ESXi, vSphere and vCenter