In this blog, I will walk through the following
- Architecture Diagram of the new Tile Base Installation of VMware Tanzu Hub
- Installation requirements
- Download VMware Tanzu Hub Tile
- Configure VMware Tanzu Hub Tile Settings
- Deploy VMware Tanzu Hub
What is VMware Tanzu Hub
VMware Tanzu Hub is the Unified Interface that allows you to monitor and securely manage your fleet of apps, development environments, and the infrastructure that supports them. Tanzu Hub also automates the process for discovering existing applications and gives you the tools to refine them and monitor their status.
VMware Tanzu Hub Tile Architecture
With this release, Tanzu Hub installation is a tile-based installation on Tanzu Operations Manager.
This provides a much simpler zero-touch experience and has very few prerequisites
It deploys the following component VMs
|
|
Component |
Type | Description |
| 1 |
Control |
Stateless |
Hosts all stateless services and orchestrators |
| 2 | System | Stateless | Runs core platform services that are stateless by design |
| 3 | Registry | Stateless | Hosts an OCI-compliant registry that stores and serves packaged service components |
| 4 |
Tanzu Intelligent Assist |
Stateless |
Use TIA to manage Tanzu products with AI-powered guidance and automation |
| 5 | Database | Stateful |
Maintains structured data required for the platform to function |
| 6 | Messaging | Stateful |
Often includes message queues or brokers that buffer or route messages between services |
| 7 | Log Store | Stateful |
Retains logs over time for search, analysis, and troubleshooting |
| 8 | Metric Store | Stateful | Collects and persists time-series data for performance monitoring |
| 9 | Monitoring |
Stateful |
Runs agents and backend components for observability dashboards and alerting |
| 10 | Blob Store | Stateful |
Stores binary artifacts that must persist independently of the container or app lifecycle |
Planning your VMware Tanzu Hub deployment
The first step is to plan your deployment size based on your requirements. You will need to select from the following installation sizes
Installation Sizes
VMware Tanzu Hub provides four initial “T-Shirt Sizes” as a starting point for your deployment. This enables you to have the flexibility to start with a small evaluation-size deployment and scale up to a large enterprise as you grow the environment you manage.
The size determines the performance tuning and scaling parameters applied to the system to best match the environment you intend to manage with VMware Tanzu Hub
|
Installation Size |
Description | Sizing Guidelines |
| Evaluation (Default) |
The evaluation size is the default config that comes with the Tile. It is recommended for evaluation and demo purposes. |
Attached Foundations: 2
Application Instances: 10 Log messages per second: 100 vSphere Objects: 10k Concurrent assessments: 2 |
| Small |
The small size is recommended as a starting config for all Production foundations and gradually increase to Medium/Enterprise |
Attached Foundations: 5
Application Instances: 5000 Log messages per second: 5000 vSphere Objects: 20k Concurrent assessments: 50 |
| Medium |
The medium size provides a good balance between supported resources and resources required. This provides flexibility to have some buffer in case the environment grows. |
Attached Foundations: 15
Application Instances: 15000 Log messages per second: 10000 vSphere Objects: 40k Concurrent assessments: 100 |
| Enterprise |
The Enterprise size is the largest supported config, which is recommended for a really large environment |
Attached Foundations: 120
Application Instances: 30000 Log messages per second: 10000 vSphere Objects: 100k Concurrent assessments: 200 |
Resource Requirements
The resource requirements may vary depending on what Installation size you select, as mentioned in table below
|
Profile |
Resource Requirements |
| Evaluation (Default) | Cores – 38
RAM – 116 GB System/Ephemeral Storage – 600 GB Persistent Storage – 1050 GB |
| Small | Cores – 56
RAM – 212 GB System/Ephemeral Storage – 600 GB Persistent Storage – 2100 GB |
| Medium | Cores – 118
RAM – 316 GB System/Ephemeral Storage – 600 GB Persistent Storage – 2800 GB |
|
Enterprise |
Cores – 174
RAM – 468 GB System/Ephemeral Storage – 600 GB Persistent Storage – 5550 GB |
VMware Tanzu Hub Pre-Requisites
The following table describes the prerequisites for VMware Tanzu Hub
|
Component |
Requirement | My Lab Environment |
|
Tanzu Operations Manager |
3.034 or greater with 60 GB of free space |
3.1
I would recommend at least 100 GB free space |
| BOSH Director with IaaS |
Any Supported |
vCenter 8.0.3 with Build (24322831) |
| Load Balancer |
Any External LB with TLS Pass-through |
I have tested with
External LB with dvPort Groups NSXT LB with NSXT segments |
|
BOSH Network Static IPs |
14 IPs |
Ingress FQDN
FQDN for VMware Tanzu Hub Ingress, which is resolvable within the network, especially from the Tanzu Operations Manager, where tile-based installation will be performed. This is required to access the web console. You have 2 options
- DNS pointing to any External Load Balancer listener.
- In my lab, I have tested with NSX-T Load Balancer; however, you can use any other, such as AVI / F5
- DNS pointing to control VMs directly
Port Requirements
This table assumes a couple of things
1 – All Tanzu Hub component VMs are deployed within the same network, and they can communicate between themselves on all ports
2 – All the communication between Tanzu Operations Manager VM and Bosh Director is already taken care of as mentioned in the documentation
|
Source |
Destination | Port / Service | Purpose |
| Bootstrap Machine | Broadcom Support Portal | 443 (HTTPs) | To download the Tanzu Hub Tile |
| Bootstrap Machine | Tanzu Hub FQDN | 80/443 (HTTPs) |
To access the console UI to access Tanzu Hub |
| Tanzu Operations Manager | Tanzu Hub FQDN |
80/443 (HTTPs) |
To access the console UI to access Tanzu Hub and ensure Health checks performed by the Tile installer are successful |
| Tanzu Hub Component VMs |
LDAP Server |
636 (TCP) |
LDAP authentication to LDAP Server (If Applicable) |
| Tanzu Hub Component VMs | OIDC | 443 (HTTPs) | OIDC/Okta authentication to Okta endpoint (If Applicable) |
| Tanzu Hub Component VMs | GHCR
https://ghcr.io/aquasecurity/trivy-db |
443 (HTTPs) |
To Trivy’s databases for vulnerability scanning If you are in an air-gapped environment, you can point it to your private registry as well |
Deployment Procedure
Step 1 – Download Tanzu Hub Tile
UI
Step 1 – Log in to https://support.broadcom.com/
Step 2 – Navigate to Tanzu Hub 10.2.0
If you are unable to check the box for I agree, then probably you haven’t clicked on the Terms and Conditions link (This is a new check which has been added recently)
CLI
Step 1 – Generate Token
https://support.broadcom.com/group/ecx/tanzu-token
Step 2 – Install om cli
https://github.com/pivotal-cf/om
Step 3 – Download the Tanzu Hub tile using
om download-product -p tanzu-hub -o /tmp –file-glob tanzu-hub-10.2.0.pivotal –product-version 10.2.0 –pivnet-api-token <token>
Upload Tanzu Hub Tile to Tanzu Operations Manager
UI
Step 1 – Log in to Tanzu Operations Manager UI
Step 2 – Click on Import a Product
Step 3 – Verify
Once imported, you will be able to view the product on the left navigation
Step 4 – Stage
Click on the + sign to stage the product
CLI
Step 1 – Configure om cli
export OM_ENV=ops_manager_env.yml
alias omv=’om –env=$OM_ENV’
Step 2 – Upload Tile to Ops Manager
omv upload-product –product tanzu-hub-10.2.0.pivotal
Step 3 – Verify
Once imported, you will be able to view the product(s)
omv products
Step 4 – Stage
omv stage-product –product-name hub –product-version 10.2.0
Configure Tanzu Hub details
VMware Tanzu Hub tile deploys the VMs required to run Tanzu Hub. The following sections describe the configuration that can be done
Mandatory Configuration
There are only 3 mandatory configurations. Yeah, that’s it and you will have a running VMware Tanzu Hub deployment
| Configure availability zones and networks |
This is the vSphere Cluster and the Port groups for the Tanzu Hub component VMs. This can be DVPort Groups or NSX-T backed segments. It is not mandatory to have NSXT.
This simplifies the requirement drastically. I am not saying it is not beneficial to have NSXT, but the Admin gets flexibility based on their environment
|
|
Configure the hostname and certificate |
This would be the FQDN for Tanzu Hub Ingress, as mentioned above If you want to use a self-signed certificate, then you can leave it empty, and the installer will generate the certificate for the required ingress
|
| Configure Tanzu Intelligent Assist(TIA) |
TIA provides an AI-based natural language interface to help you perform your tasks on Tanzu Hub. I have left it disabled for my environment
|
Optional Configuration
There are optional configurations that you can decide based on your requirements
| Configure an Identity Provider |
You can configure the authentication mechanism details to log in into the VMware Tanzu Hub. Doc Tanzu Hub provides an internal user store with a single user (tanzu_platform_admin) that can be used to bring up the environment quickly; however recommendation is to configure using OIDC(Okta) or LDAP for providing access to Tanzu Hub |
| Advanced Settings |
You can configure the following 2 advanced settings Pivotal Telemetry Endpoint Secret Key – Required to collect/send telemetry data to Broadcom
Trivy Database Registry Location – By default, it connects to GHCR to download the Database. If you are in an air-gapped environment, then you can specify a private registry hosting the database
|
| Errands |
Errands are scripts that can run at the beginning and at the end of an installed product’s availability time. When deploying Tanzu Hub, Tanzu Ops Manager can run 4 post-deploy errands.
|
| Resources |
You can configure the resources for Tanzu Hub component VMs based on the sizing as mentioned above
|
Apply changes for VMware Tanzu Hub Configuration
Your installation is not complete until you apply your configuration changes.
To apply the changes, navigate to Tanzu Operations Manager Installation Dashboard and click on Review Pending Changes in the upper right corner
Select the check box next to the Tanzu Hub product and click Apply Changes to trigger the deployment of VMware Tanzu Hub
Installation can take up to 60-90 minutes, depending on the environment. The current timeout is configured for 120 minutes. In case it get’s timed out, then you can always re-run and it will validate and start from where it stopped.
Once the deployment is successful, it will deploy 13 VMs (It would be 14 if you have enabled TIA)
Access the VMware Tanzu Hub UI
Open the Web browser and navigate to the ingress FQDN
The username will be tanzu_platform_admin, and the password can be retrieved from the Credentials tab of the Tanzu Hub Tile.
Locate the Admin Password row and click Link to Credential
After you enter the credentials, you will be forced to change your password
After you create a new password, the old password from the Credentials tab will not work.
In the next blog, I will showcase the procedure to deploy Tanzu Hub Connector tile, that will allow connecting your Tanzu Platform for Cloud Foundry foundation to VMware Tanzu Hub