What is Tanzu Salt
Learn how Tanzu Salt helps IT system administrators and DevOps team members create an automated, event-driven configuration management system that can rapidly deploy and configure your virtual machines, servers, containers, and network devices on any cloud or on-prem network at any scale: from 100 nodes to 100,000.
Tanzu Salt is pluggable and plays well with many existing technologies. You don’t have to refactor all of your existing configuration management systems to use Tanzu Salt. It can react to the output codes and information from third-party tools to manage the entire machine life cycle.
| If you need to… | Use Tanzu Salt along with… |
|---|---|
| Provision | Terraform |
| Configure | Ansible or Puppet |
| Deploy | Drone or Bamboo |
| Manage | Splunk or CloudHealth |
| Secure | Tenable or Rapid7 |
How does Tanzu Salt help with security and governance?
Tanzu Salt harnesses the event-driven automation technology from Salt to provide two additional security and governance services:
- Security compliance - Create security policies and scan your system to determine whether it is compliant with supported, industry-recognized security benchmarks from accredited institutions, such as CentOS Linux Level 1 and 2 Server and Workstation. Tanzu Salt can immediately deploy the updates or patches to bring your system into compliance.
To view a list of supported security and compliance benchmarks and instructions to subscribe to future updates, see Supported Security and Compliance Benchmarks.
- Vulnerability remediation - Create security policies and scan your system for common vulnerabilities and exposures (CVEs), then immediately apply the updates or patches to remediate the advisories. You can also import security scans from other third-party scanning services such as Tenable or Rapid7, then immediately remediate these advisories as well.
What is the connection with Tanzu Salt and open source Salt?
Tanzu Salt is powered by Salt, an open-source automation and configuration management engine sponsored, approved, and sanctioned by Broadcom, Inc. Salt is built by the Salt Project community, which includes more than 3,000 contributors working in roles just like yours. This well-known and trusted community works together to improve the underlying technology and extend Salt by creating a variety of execution and state modules to accomplish the most common tasks or solve the most important problems that people in your role are likely to face.
The Salt modules can quickly and consistently automate common infrastructure administration tasks such as:
- Managing operating system deployment and configuration
- Installing and configuring software applications and services
- Managing servers, virtual machines, containers, databases, web servers, network devices, and more
In other words, Tanzu Salt ships with hundreds of pre-packaged Salt modules that you can begin to use immediately after installing Tanzu Salt in your environment.
Broadcom, Inc. ensures the code integrity and quality of the Salt modules by acting as the official sponsor and manager of the Salt Project. Many of the core Salt Project contributors are also Broadcom employees. This team carefully reviews and enhances the Salt modules to ensure speed, quality, and security.
Tanzu Salt extends Salt’s technology to help you:
- Deploy and manage applications that use any tech stack running on any operating system in any cloud or on-premises environment, including different types of network devices such as switches and routers from a variety of vendors.
- Scale your team’s ability to rapidly and consistently build servers and configure services on those servers.
- Create self-aware, self-healing systems that can automatically respond to outages, common administration problems, or other important events.
- Provide the appropriate level of access to the specific resources and types of jobs that can be run on the network, keeping your infrastructure secure while also empowering employees to run jobs in your environment that are necessary to their essential job duties.
Why should you use Tanzu Salt for configuration management?
As IT system administrators and DevOps team members, a large part of your role might involve setting up servers and running services. Most of the nodes and applications in your system likely require custom configurations based on their intended role or purpose. Updating your configurations can also become very complex as your configurations change over time and when you need to update the configuration of hundreds or thousands of nodes at a time.
Instead of manually configuring each node or application one-by-one, you can use the Tanzu Salt state management system to create state files that you can apply to many nodes simultaneously. These state files can include a set of instructions that tell Tanzu Salt which operations should be run on the node and in which order and which configuration files or settings should be applied.
After you’ve written or modified a state file, you can automatically run these state files and apply them to many nodes at once. You can target nodes based on each node’s inherent properties (such as its operating system) or you could also target nodes based on custom labels that you define (such as the node’s role in your infrastructure or its physical location in your data center). Using this system (called “grains” in the Salt system), Tanzu Salt can rapidly deploy state files to configure nodes at any scale: from one node to 100,000 nodes. You can also deploy these state files horizontally and vertically across cloud and on-premises environments at the same time.
The state management system also ensures each node is configured properly and as efficiently as possible. If a configuration has drifted, Tanzu Salt can put nodes and applications back into its compliant configuration state. If a configuration needs to change, Tanzu Salt can quickly deploy those changes to the affected nodes.
The Tanzu Salt state management system also works well in infrastructure-as-code systems. Storing your state files in code form makes them easier for your team to read, write, and understand your system. Stateful systems simplify the complexity of your system’s configuration, making it easier to onboard new team members and preventing systems that are too complex to understand. It also give your team the ability to control and monitor the history of changes to your infrastructure over time and roll back to older configuration states as needed. State files can be stored locally in the Tanzu Salt file server or they can be stored the same way you store any code: connected to a secure, private version-controlled repository (such as GitHub or GitLab).
Why should you use Tanzu Salt for event-driven automation?
As IT system administrators and DevOps team members, you also have additional critical responsibilities that extend beyond building servers and deploying apps. You know that many events occur in your environment and that some of these events often require a specific response from your team. Often the specific actions needed to respond to an event are routine and repetitive, which means they could be automated.
Using Tanzu Salt’s event-driven automation features, you can design systems that can react to specific events by initiating a series of actions in response to those events.
Event-driven automation has many possible practical applications. For example, you could use Tanzu Salt to:
- Create a self-healing system that can notify stakeholders and begin the process of repairing itself when the system fails, such as restarting servers or applications.
- Run a schedule that regularly backs up and stores server data.
- Check for system updates and automatically notify or upgrade operating systems and applications to the latest version quickly and painlessly.
Why should you use Tanzu Salt for security compliance and vulnerability remediation?
If your infrastructure is out of compliance with trusted security benchmarks or if your infrastructure is susceptible to a known CVE (common vulnerability and exposure), you need to deploy the patch or upgrade that will fix the problem as fast as possible. With Automation for Secure Hosts you can automatically or instantly deploy the patches or upgrades that fix these problems.
What sets Tanzu Salt apart from other security compliance and vulnerability scanning tools is that it can immediately remediate the issues it finds by using Tanzu Salt’s configuration management capabilities.
Using Tanzu Salt’s role-based access control (RBAC) system, system administrators can give security teams the ability to create policies, run scans, and remediate compliance or security issues within the scope of their responsibilities. Administrators can monitor and control access to system resources or operations while also empowering security teams to ensure the system is secure and compliant.
What to read next
-
Getting started with Tanzu Salt
Learn how to set up Tanzu Salt for SaaS or self-managed deployments.
-
Tanzu Salt includes four or more architectural components including the RaaS server, the Master Plugin, and two central databases.
-
Understanding the Tanzu Salt User Interface
Tanzu Salt uses a web application user interface that provides the front end to RaaS, the backend API server for Tanzu Salt. The interface is the central workspace to manage minions, users, roles, jobs, and more. Management tasks are available through different workspaces.
