Define and apply governance policies in VMware Tanzu Hub
The governance guidance is based on based on a few governance goals. After you are familiar with the Tanzu Hub definition processes, you can begin to address your specific goals.
Governance goals and how to define them
To begin, determine the first goal that you want to address and use the procedure provided to familiarize yourself with the process. When you become familiar with defining and resolving the findings, you can leverage your new knowledge to define governance that is specific to your organizational needs.
What to read next
- Apply a predefined Tanzu Hub governance benchmark
As an application owner or SRE, you must ensure that your resource configurations meet a predefined industry standard or government benchmark such as CIS, PCI DSS, ISO, or others. The following steps show you how to create, edit, or clone a compliance framework and publish it. Then, you can apply a filter of the findings for the compliance framework.
- Onboard or provision accounts and enforce VMware Tanzu Hub governance
As a Cloud Operations administrator, you can continuously discover your existing cloud accounts and onboard them to Tanzu Hub. You can also provision new accounts, apply governance to them, and investigate the findings for the CIS benchmarks that get applied to the accounts when you provision them.
- Use desired state templates in VMware Tanzu Guardrails to manage configuration drift
As a Cloud Ops administrator, you must define the desired state for your cloud accounts and manage any configuration drift that occurs. To define the desired states for your accounts, you apply desired state templates to those accounts. Enforcing desired states differs from an InfoSec analyst remediating violations against posture policies that are meant to ensure the security and performance of your accounts.
- Set up desired states and remediation in VMware Tanzu Guardrails by using custom templates in your Git repository
You can use the desired state worker in Tanzu Guardrails to set up and enforce a desired state on your cloud account by using custom desired state templates from your GitHub or GitLab repository. The repository can be on-premises or in the cloud.
- Enforce desired states in VMware Tanzu Guardrails with event triggering
Tanzu Guardrails in Tanzu Hub supports event-driven enforcement of the desired states in your environments.
- Apply baseline guardrails to your AWS landing zone
As a Cloud Security Operations administrator, you must know continuously that the organizational units in your AWS landing zone comply with the policies you applied to it. The desired state templates help you detect the drift from your policies, and enforce compliance on your accounts and resources.
- Creating and using custom posture policies in VMware Tanzu Hub
As an InfoSec analyst or administrator, you want to ensure that your resources have the correct configuration and remain configured over time to meet your organization’s security requirements. You can use the posture policies in Tanzu Hub to define, monitor, and report if a configuration does not match the defined policy.
- Enforce compliance and vulnerability policies in VMware Tanzu Guardrails for virtual machines on cloud accounts
As a Cloud Operations administrator, you must create and apply a VMware recommended compliance policy and a vulnerability policy and enforce them on your cloud accounts in Tanzu Hub.
- Learn more about desired state templates in VMware Tanzu Guardrails and VMware Tanzu Hub
Desired state templates ensure that your applications and accounts are provisioned as designed and that they comply with your policies.
Parent topic: Governing resources by using VMware Tanzu Hub and VMware Tanzu Guardrails