Monday, December 21, 2020

VMware HCX Capabilities in VMware Cloud on AWS

VMware HCX for expanding into VMware Cloud on AWS to seamlessly migrating your workloads and re-balancing them between your on-premises datacenters and the cloud, or between different public clouds.

The list of features included in this single VMware HCX generally available offering for VMware Cloud on AWS are: Replication Assisted vMotion, Mobility Optimized Networking, Mobility Groups with VMware vRealize Network Insight integration and Traffic Engineering features -TCP Flow Conditioning and Application Path Resiliency.


Replication Assisted vMotion (RAV)

RAV uses a combination of VMware replication and vMotion technologies for large-scale, parallel migrations with no service interruption with the ability to specify a switchover window. It means you can now create a migration schedule during which a large set of VMs (200 at this time) can move live (without any downtime) to VMware Cloud on AWS at the scheduled migration window.

Mobility Optimized Networking (MON)

For VMs migrated using VMware HCX from a source location to VMware Cloud on AWS, this capability enables the cloud-side VMs on the HCX extended network to route traffic optimally through the cloud-side first-hop gateway instead of being routed through the source environment router. This helps you avoid a hairpin or trombone effect. Policy routes will allow control over which traffic is routed locally using the cloud gateway versus traffic that goes out through the source gateway.

Mobility groups and integration with VMware vRealize Network Insight (vRNI)

Mobility groups enable you to structure migration waves based on business requirements. You can assemble one or more VMs into logical sets for execution and monitoring of migrations as a group. When combined with the vRealize Network Insight integration (available as a separate license), mobility groups give you the flexibility to manage migrations for sets of VMs by application, network, pod or other aspects of your environment.

Traffic engineering features


VMware HCX provides settings for optimizing network traffic for HCX Interconnect and Network Extension services:

  • TCP Flow Conditioning – This service dynamically adjusts the segment size during the TCP connection handshake between end points across the Network Extension, which optimizes the average packet size to reduce fragmentation and lower the overall packet rate.
  • Application Path Resiliency – This service creates multiple tunnel flows for both Interconnect and Network Extension traffic, so they can follow multiple paths across the network infrastructure from the source to the destination data centers. The service then intelligently forwards traffic over the optimal path and dynamically switches between tunnels depending on traffic conditions.

VMware HCX  in VMware Cloud on AWS helps accelerate your organization’s cloud adoption by facilitating workload mobility across a variety of destinations running a Software-Defined Data Center stack. Now you can eliminate all downtime associated with those large scale migrations, plan migration waves and fine tune mobility traffic in an optimally planned way.

I hope this has been informative and thank you for reading!

Friday, November 20, 2020

VMware Cloud on AWS reference architectures

VMware Cloud on AWS is an integrated cloud offering jointly developed by Amazon Web Services (AWS) and VMware. You can deliver a highly scalable and secure service by migrating and extending your on-premises VMware vSphere-based environments to the AWS Cloud running on Amazon Elastic Compute Cloud (Amazon EC2).

 
vSphere in a software-defined data center like your VMware Cloud on AWS SDDC works in the same way that your on-premises vSphere does. In the SDDC, some vSphere components are owned and managed by VMware, so some of the on-premises administrative workflows that you're familiar with aren't needed in VMC. 

VMware Cloud on AWS reference architectures
 
The designed to show non-VMware architects how to use VMware Cloud technologies to create a single, high-functioning environment that spans an on-premises data center and AWS.  


 The reference architectures address a broad range of topics including:
  •    How to create a secure network to support integration of an on-premises and AWS environment
  •   How to easily take advantage of AWS cloud services as part of a hybrid cloud that includes AWS
  •   How to deploy VMware Horizon across a hybrid cloud with desktops running both on-premises and in AWS
  •   Leveraging VMware technologies that make it easy to move workloads to AWS and back to the on-premises data center

VMware Cloud on AWS reference architectures link

I hope this has been informative and thank you for reading!

Thursday, November 5, 2020

VMware CloudHealth Multicloud Platform

VMware CloudHealth platform helps customers gain control of their public cloud environments while enabling them to achieve faster business outcomes.

Most customers have advanced from early adoption of cloud using IaaS, PaaS and SaaS applications, basic infrastructure services and single cloud provider, to a stage of relative cloud maturity where you are now considering multiple cloud providers and using more advanced application services to build cloud native applications

The first encounter with cloud complexity is often due to lack of visibility, overshooting of cloud spend or through a cloud migration project, the challenges quickly evolve, resulting in a need for a more robust solution that extends beyond the basics to provide richer insights across performance, security and resource management

 

  • CloudHealth is the leading cloud management platform designed to drive increasing business value at every stage of your cloud journey.
  • Through a single pane of glass, CloudHealth enhances the transparency of cloud usage and its overall impact on cost, performance, and security.
  • Our platform consolidates data across multiple cloud providers, on-premises environments, and integration partners, to provide visibility across your infrastructure.
The results customers have achieved leveraging this platform is what gets me excited about what this means with CloudHealth as part of VMware. CloudHealth will continue its mission of helping customers run applications and infrastructure in the cloud in the most cost effective and efficient manner.
 
I hope this has been informative and thank you for reading!

Tuesday, October 13, 2020

VMware Connect Learning (previously VLZ) - now FREE for 12 months

There have been a couple of branding changes at VMware:


    VMware Education Services is now known as VMware Learning
    VMware Learning Zone is now known as VMware Connect Learning

VMware Connect Learning is a huge library of self-paced training and videos which you can use to learn about new technology, new products, new features, or pecific use cases. It has Basic and Premium options which work as annual subscriptions - learn more about it here

There was a promotion started earlier this year which gave a FREE Premium subscription for 6 months - the exciting news (and the reason for this post) is that the promotion has been extended to give a full 12 months access!

There's no reason to wait - the promotion is available til the end of October - head to the subscription page now and sign-up!

I hope this has been informative and thank you for reading!

Friday, October 9, 2020

vSphere Clustering Service (vCLS) - vSphere 7 Update 1

vSphere Clustering Service (vCLS) is a new capability that is introduced in the vSphere 7 Update 1 release. It’s first release provides the foundation to work towards creating a decoupled and distributed control plane for clustering services in vSphere.

The basic architecture for the vCLS control plane consists of maximum 3 virtual machines (VM), also referred to as system or agent VMs which are placed on separate hosts in a cluster. These are lightweight agent VMs that form a cluster quorum. On smaller clusters with less than 3 hosts, the number of agent VMs is equal to the numbers of ESXi hosts. The agent VMs are managed by vSphere Cluster Services. Users are not expected to maintain the life-cycle or state for the agent VMs, they should not be treated like the typical workload VMs.

 VMware vSphere Cluster Service architecture 

Cluster Service Health

The agent VMs that form the cluster quorum state, are self correcting. This means that when the agent VMs are not available, vCLS will try to instantiate or power-on the VMs automatically.

There are 3 health states for the cluster services:

  • Healthy – The vCLS health is green when at least 1 agent VM is running in the cluster. To maintain agent VM availability, there’s a cluster quorum of 3 agent VMs deployed.
  • Degraded – This is a transient state when at least 1 of the agent VMs  is not available but DRS has not skipped it’s logic due to the unavailability of agent VMs. The cluster could be in this state when either vCLS VMs are being re-deployed or getting powered-on after some impact to the running VMs.
  • Unhealthy – A vCLS unhealthy state happens when a next run of the DRS logic (workload placement or balancing operation) skips due to the vCLS control-plane not being available (at least 1 agent VM).

 vSphere client and click the view where you can see all the VMs, you'll find there is a new folder created called vCLS that contains the vCLS VMs. You should not rename the vCLS folder or rename the vCLS VM(s).


 Automation and vCLS

For customer using scripts to automate tasks, it’s important to build in awareness to ignore the agent VMs in, for example clean-up scripts to delete stale VMs. Identifying the vCLS agent VMs is quickly done in the vSphere Client where the agent VMs are listed in the vCLS folder. Also, examining the VMs tab under Administration > vCenter Server Extensions > vSphere ESX Agent Manager lists the agent VMs from all clusters managed by that vCenter Server instance.

Every agent VM has additional properties so they can be ignored with specific automated tasks. These properties can also be found using the Managed Object Browser (MOB). The specific properties include:

    ManagedByInfo
        extensionKey == “com.vmware.vim.eam”
        type == “cluster-agent”

    ExtraConfig keys
        “eam.agent.ovfPackageUrl”
        “eam.agent.agencyMoId”
        “eam.agent.agentMoId”



vCLS Agent VMs have an additional data property key “HDCS.agent” set to “true”. This property is automatically pushed down to the ESXi host along with the other VM ExtraConfig properties explicitly.

VMware vSphere Cluster Service, which is responsible for maintaining DRS operations in the event of vCenter Server unavailability. There will be more services added to future releases. I imagine that vSphere would be capable of managing not only vSphere services, but probably also some networking services, storage, or application services.

 

Friday, September 25, 2020

vSphere 7 Update 1


vSphere continues to deliver the ability to scale your infrastructure to meet the demands of modern application workloads such as Kubernetes clusters/pods, or high-performance application workloads. 

 

Let’s glance at the increased scalability numbers and see how it can benefit you in your journey towards application modernisation.

vSphere 7 update 1, the total number of ESXi hosts in a vSphere Cluster is now increased to 96 hosts compared to 64 hosts in a previous release. Starting from vSphere 7 Update 1, you can run up to 10000 VMs in a vSphere cluster compared to 6400 VMs in vSphere 7.


Starting from vSphere 7 Update 1, we now support a maximum of 768 vCPU and 24 TB vRAM per VM, leaving competitors far behind in this category. These scales are well suited to support memory-intensive database workloads such as SAP HANA and EPIC Cache Operational Database.

 I hope this has been informative and thank you for reading!

Wednesday, September 16, 2020

VMware vSphere with Tanzu

vSphere 7 Update 1, VMware has extended the capability of vSphere with Tanzu (formerly vSphere 7 with Kubernetes) to more fully support your existing vSphere environment.  The fastest way to provide developer ready Kubernetes infrastructure to DevOps teams is through vSphere with Tanzu.

We are embedding a Kubernetes control plane into vSphere and deploying Kubernetes agents onto ESXi hosts – turning them into Kubernetes worker nodes.  The Kubernetes Agents are called Spherelets.  The embedded kubernetes cluster is managed through a service that is part of vCenter.  We call this the Supervisor Cluster.

 Enabling Kubernetes exposes a set of capabilities in the form of services that can be consumed by Developers.  Primarily, DevOps teams can use the Tanzu Kubernetes Grid Service to do self service deployments of their own Tanzu Kubernetes clusters.   TKG clusters are fully compliant, upstream aligned Kubernetes clusters that can be controlled by developers.  Self-service deployment is done by submitting a straightforward cluster specification to the Supervisor Cluster Kubernetes API.

 

vSphere with Tanzu is a developer-ready infrastructure, that delivers:

    The fastest way to get started with Kubernetes – get Kubernetes infrastructure in an hour:

    • Configure an enterprise-grade Kubernetes infrastructure leveraging your existing networking and storage in as little as an hour *
    • Simple, fast, self-service provisioning of Tanzu Kubernetes Grid clusters in just a few minutes.
  • A seamless developer experience: IT admins can provide developers with self-service access to Kubernetes namespaces and clusters, allowing developers to integrate vSphere with Tanzu with their development process and CI/CD pipelines.
  • Kubernetes to the fingertips of millions of IT admins: Kubernetes can be managed through the familiar environment and interface of vSphere. This allows vSphere admins to leverage their existing tooling and skillsets to manage Kubernetes-based applications.  Moreover, it provides vSphere admins with the ability to easily grow their skillset in and around the Kubernetes ecosystem.

 I hope this has been informative and thank you for reading!

Thursday, August 20, 2020

vSphere Lifecycle Manager - vshere 7 vLCM

vSphere Auto Deploy is a great feature that uses PXE boot infrastructure together with vSphere Host Profiles to provision and customize ESXi hosts. Depending on the ESXi host configuration, enforced by its attached Host Profile, state information is stored on the ESXi host itself or by the Auto Deploy server. When the Auto Deploy server manages the state information for ESXi hosts, it is referred to as a stateless installation.

Sphere 7, the new vSphere Lifecycle Manager (vLCM) is introduced. vLCM is a powerful new approach to simplify consistency for ESXi host lifecycle management. Not only for the hypervisor itself, but also for the full stack of drivers and firmware for the server hardware powering your virtual infrastructure. This blog post details vLCM support for vSphere Auto Deploy.

Stateless vs Stateful

using Auto Deploy, which is part of the vSphere Enterprise+ license, there’s some infrastructural components used. Think about a TFTP host for the boat-loader used by Auto Deploy, DNS and DHCP (configured with option 66 and 67), and a syslog target for logs and dumps next to your vSphere infrastructure that contains the Auto Deploy feature.

Customers have multiple options in Auto Deploy. There’s several configuration options how ESXi is run on the physical host. Options are:

   Stateful Install: When a host is booted for the first time, the host profile configuration states Auto Deploy is to install ESXi on local host storage. All consecutive host boots, only the local storage is used until the image profile configuration is changed.

    Stateless: Auto Deploy is used to install ESXi in memory on the target host. The state information of the ESXi host is managed by Auto Deploy. No local storage is required.
    Stateless Caching: Similar to Stateless installations. However, the ESXi image and configuration is cached on local storage. If communication with the Auto Deploy server is disrupted, the host is able to boot using the cached data.

vLCM (Manage with a single image) the following screen provides information about the prerequisites.



When configuring the Auto-Deploy “Deploy Rule”, select a vLCM managed cluster to be the “Host Location” to use Auto Deploy with vCLM. By doing so, there is no need to provide an Image Profile because vLCM will automatically create it from the selected cluster


Migrate from stateless to stateful

Auto Deploy environment from stateless to stateful? This is as easy as re-configuring the Host Profile used in the deploy rules. Moving to a stateful installation does require host local storage, to verify if your host is equipped with local storage. Be sure to check the url vSphere 7 – ESXi System Storage Changes to get a better understanding of what is required and recommended for ESXi host local storage in vSphere 7.


Select the Host Profile as used in the Auto Deploy Deploy Rule. This is where you need to change the System Image Cache Configuration to ‘Enable stateful installs on the host’. The process of changing the Host Profile configuration


once ESXi hosts reboot, the ESXi bits are installed on the host local storage. The installation is persistent, fully supported by vLCM

I hope this has been informative and thank you for reading!

Friday, July 17, 2020

vSphere 7 Hands-on Labs

VMware Hands-on Labs are hosted lab environments where anyone can try VMware products with no installation or experience required. Each lab is accompanied by a lab manual which guides the user through a set of exercises used to demonstrate product capabilities and use cases. VMware Hands-on Labs are available for free to anyone and are great tools to learn a new product or feature or even study for an exam. And, since these are fully functional lab environments, users have the ability to go off-script and explore, test, and learn as they see fit.

New vSphere 7 Hands-on Labs (HOLs for short). These HOLs focus on our latest vSphere offering and allow users to check out its new capabilities without having to download and install in their environments.

   VMware vSphere – What’s New                    HOL-2111-01-SDC
   VMware vSphere – Advanced Topics              HOL-2111-02-SDC
   VMware vSphere – Security Getting Started   -  HOL-2111-03-SDC
   VMware vSphere 7 with Kubernetes               HOL-2113-01-SDC

These vSphere 7 Hands-on Labs have about 4.5 hours of brand new exercises and content to help users learn all about our new vSphere 7 release.

I hope this has been informative and thank you for reading!

Friday, May 29, 2020

Virtual Watchdog - vSphere 7

The new virtual watchdog timer (vWDT) is a new virtual device introduced in vSphere 7. It enables developers and administrators to have a standard way to know whether the guest operating system (OS) and applications, running inside a virtual machine, have crashed. It is an important function for clustered applications to gain high availability.

A watchdog timer helps the operating system or application to recover from crashes by powering off or resetting the server if the watchdog timer has not been reset by the OS within the programmed time. When workloads run on vSphere, the virtual equivalent of the watchdog timer helps the guest OS to achieve the same goal. It does so by resetting the virtual machine if the guest OS stops responding and cannot recover on its own due insuperable operating system or application faults.

This means that if the guest operating system stops responding and cannot recover on its own due insuperable operating system or application faults, the virtual watchdog timer is not reset within the allocated time. When this happens, a virtual machine reset is issued. When the system in the virtual machine is booted again, the watchdog timer helps the guest OS to understand if the restart was caused by a crash.

The virtual watchdog device is provided by vSphere, but is configured by the guest OS. It is exposed to the guest OS through BIOS/EFI ACPI tables. 

Guest OS Support
Modern server operating systems include support for watchdog timers. No additional VMware drivers are necessary on both Windows and Linux operating systems. Additional configuration may be required depending on the used guest OS. Other operating systems like FreeBSD of Mac OS X do not support a watchdog timer.
  •     Windows 2003 supports a Watchdog Resource Table (WDRT)
  •     Windows 2008 and later supports Watchdog Action Table (WDAT).
    • The guest OST does not require additional configurations.
  •     Linux distributions, like Ubuntu 18.04 and Red Hat Enterprise Linux 7.6, based on 4.9 or later kernel support Watchdog Action Table (WDAT).
    • Verify if the wdat_wdt.ko driver is available.
Virtual Watchdog Configuration

The goal is to provide a watchdog timer that allows the guest OS to use it without the need for additional drivers. To configure a virtual machine to use a virtual watchdog timer, VM hardware version 17 (introduced with vSphere 7) and a guest operating system that supports watchdog timer devices are required. 
 
 
 
Start with BIOS/EFI boot

You can enable the virtual watchdog timer to start either by the guest OS, or by the BIOS or EFI firmware. If you chose the virtual watchdog device to start by the BIOS or EFI firmware, it starts before the guest operating system boots. Be sure you meet the requirements. If the guest OS does not support watchdog devices, then virtual machine will be constantly rebooted by the watchdog device. 
 
Verification

The vSphere Client provides information if the virtual watchdog timer is running on the virtual machine. 
 
The virtual Watchdog device capability in vSphere 7 is a great addition for VI admins and developers to understand the status of their clustered applications running on vSphere.

I hope this has been informative and thank you for reading!

 

Friday, April 24, 2020

vSphere 7 Core Storage

vSphere 7, there are some exciting new storage features and interoperability. Under  core storage, we’ve added external connectivity to NVMe device with NVMeoF, shared VMDKs for Microsoft WSFC, and in VMFS, optimized first writes for thin-provisioned disks. On the vVols front, many products our customers use were not supported. Many of our engineering groups have been hard at work, adding support for vVols. SRM, CNS, and vRops now support vVols! 

Support for NVMeoF

vSphere now supports NVMe over Fabrics allowing connectivity to external NVMe arrays using either FC or RDMA (RoCE v2). As NVMe continues to grow and become the preferred storage, being able to connect to external NVMe arrays is critical. With this first iteration partner and customers will be able to evaluate NVMeoF.

Shared VMDKs

No one really likes RDMs, but in many cases, they are required for clustered applications. In this release, we have added another avenue to migrate off RDMs. VMFS6 with vSphere 7 now supports SCSI-3 Persistent Reservations. Now you can migrate your Microsoft WSFC to VMFS using FC connectivity.

Affinity 2.0

Thick or Thin provisioned disks has, and continues to be, a topic of discussion with each having its pros and cons. The most common con of thin provisioning is the overhead of the first write to unused space. With the new Affinity Manager, that impact has been reduced by creating a Region Map of available resources, thus avoiding the back and forth between the file system and Resource Manager to find available space.

vVols Interoperability

vVols’ increasing growth and adoption has customers asking for support in many of VMware's other solutions. In vSphere 7, there has been a significant advancement in getting vVols supported by other products.

SRM support for vVols

As one of the biggest asks, vVols support in Site Recovery Manager which has been in development for about a year. We showed tech previews at VMworld last year, and there was quite a bit of interest. Numerous customers have been waiting for SRM support before moving to vVols. The wait is over, and it is finally official; SRM 8.3 now supports vVols! For more information, here's the link to SRM.

vROps support for vVols

Another popular request was the support of vVols in vRealize Operations (vROps). The question often arose, “Why can’t we see vVols datastores in vROps, it’s just another datastore?” Well, with the release of vROps 8.1, vVols datastores are now supported.

CNS support for vVols

Kubernetes is quickly becoming the standard for deploying new applications. With its modular and scalable functionality, it allows organizations to quickly ramp and adapt their applications. In vSphere 7, we have added support for vVols as persistent storage in CNS, allowing the use of an SPBM policy to map to a Storage Class. This allows for simplified management of your CNS infrastructure while utilizing the benefits of vVols. With this release, vVols snapshots and replication are not be supported.

VCF

VMware Cloud Foundation allows organizations to deploy and manage their private and public clouds. VCF currently supports vSAN, VMFS, and NFS for principle storage. Customers are asking for support of vVols as principle storage; while the VCF team continues to evaluate and develop that option, it is not available. In the meantime, vVols may be used as supplemental storage after the Workload Domain build has completed. Support for vVols as supplemental storage is a partner supported option.
 

I hope this has been informative and thank you for reading!

Thursday, April 16, 2020

VMware Cloud Foundation 4 (VCF)

VMware announced VMware Cloud Foundation 4 during the App Modernization in a Multi-Cloud World online launch event.  VMware Cloud Foundation 4 brings together the latest innovations in VMware vSphere 7, VMware vSAN 7, VMware NSX-T, and VMware vRealize Suite 2019, along with new capabilities from VMware Tanzu to support Kubernetes, cloud native architectures and app transformation in your business.

VMware Cloud Foundation has already been shown to reduce TCO for organizations who build their hybrid cloud on the VMware Cloud Foundation platform.  By delivering enterprise agility, reliability, and efficiency from initial deployment through Day 2 operations, Cloud Foundation helps you to deploy the full HCI stack as the foundation of your private cloud.

Complexity of Modern AppsWe know that modern applications are rapidly evolving.  They are being deployed more often and are needed faster to meet line of business objectives.  Modern apps can be built using a combination of VMs, containers, microservices and serverless functions.  As such, a hybrid cloud platform that only supports virtual machines is insufficient to meet the needs of today’s applications.


VMware Cloud Foundation 4 brings full-stack integration of the HCI infrastructure layer together with native Kubernetes capabilities built into the stack to provide an automated, turnkey hybrid cloud solution that will help you manage complex Kubernetes environments, deliver a developer experience that greatly reduces risk and increases IT operational efficiency.

By consolidating Kubernetes clusters & VM workloads on the Cloud Foundation platform – managed with existing vSphere tools, processes and skillsets – customers will recognize improved economics.  That same platform can extend across the Hybrid Cloud to deliver the portability of vSphere-based workloads to modern apps.

VMware Cloud Foundation 4 adds a new component to the full HCI stack – VMware Tanzu Kubernetes Grid.  With Tanzu Kubernetes Grid, developers can manage consistent, compliant and conformant Kubernetes clusters running on vSphere through Kubernetes tools and restful APIs.  At the same time, vSphere 7 with Kubernetes (previously known as ‘Project Pacific’) will deliver hybrid infrastructure services, all accessible through Kubernetes and RESTful APIs, including:
  • vSphere Pod Service extends Kubernetes with the ability to run pods directly on the hypervisor. When developers deploy containers using the vSphere Pod service, they get the same level of security isolation, performance guarantees and management capabilities that VMs enjoy.
  • Registry Service allows developers to store, manage and better secure Docker and OCI images using Harbor.
  • Network Service allows developers to manage Virtual Routers, Load Balancers and Firewall Rules.
  • Storage Service allows developers to manage persistent disks for use with container, Kubernetes and virtual machines.
Together with vSAN 7, NSX-T and vRealize Suite 2019, Tanzu Kubernetes Grid and vSphere 7 with Kubernetes deliver a new level of consistency in infrastructure and operations across hybrid clouds.

I hope this has been informative and thank you for reading!

Thursday, March 19, 2020

vSphere 7 Essential Services for the Modern Hybrid Cloud

VMware introduced the most comprehensive software stack for modern applications – the VMware Tanzu portfolio, VMware Cloud Foundation 4 and vSphere 7. These offerings provide a new way for organizations to think about their application modernization initiatives.

This is incredibly important to customers as they are continually grappling with the challenge to better meet the needs of their customers. To do that they are increasingly called to deliver applications more quickly and reduce the time to market.

VMware vSphere IconOur customers who are most successful in meeting the changing needs of their customers simultaneously work on two initiatives: modernize their approach to applications, and modernize the infrastructure that those applications run on, to meet the needs of their developers and IT teams.

As part of these initiatives, customers want to gain the benefits of a cloud operating model, which means having rapid, self-service access to infrastructure, simple lifecycle management, security, performance, and scalability.

vSphere 7 is the biggest release of vSphere in over a decade and delivers these innovations and the rearchitecting of vSphere with native Kubernetes that we introduced at VMworld 2019 as Project Pacific.

The headline news is that vSphere now has native support for Kubernetes, so you can run containers and virtual machines on the same platform, with a simple upgrade of the system that you’ve currently standardized on and adopting VMware Cloud Foundation. In addition, this release is chock-full of new capabilities focused on significantly improving developer and operator productivity, regardless of whether you are running containers.

vSphere 7 powers VMware Cloud Foundation, which enables customers to deliver apps to any cloud while ensuring security, performance, and resiliency. Using vSphere 7 and VMware Cloud Foundation, you can improve the security, performance, and resiliency of your infrastructure as you accelerate your digital transformation journey without incurring big disruptions to your people, process and technology investments.

Simplified Lifecycle Management

As our customers start providing infrastructure services with a cloud consumption model, it is critical to have a solution that allows you to fully automate and simplify the lifecycle management of the infrastructure software and hardware firmware. With vSphere 7, we are introducing the next generation of the vSphere Lifecycle Manager and Update Planner. It allows you to seamlessly manage the lifecycle of the infrastructure using a desired state paradigm.  In addition, we have added vCenter Server profiles to provided desired state configuration management for vCenter Server instances.

Intrinsic Security and Control

Security is always important, regardless of whether you are running in your datacenter or in a cloud. With vSphere 7, you now can better secure infrastructure, data, and access with a simple, comprehensive, and policy-driven model. vSphere 7 introduces remote attestation for sensitive workloads using the new vSphere Trust Authority. Moreover, it can provide secure vCenter Server authentication using external Identity Federation. vSphere 7 also supports Intel Software Guard Extensions to allow SGX extensions to user applications.

Performance and Resiliency for Application Acceleration

vSphere has always been terrific at running large, business critical workloads – perhaps better than some cloud deployments, and with vSphere 7, we continue to innovate in this area. You can now host large workloads with an improved Distributed Resource Scheduler (DRS) that takes a workload-centric approach by using the VM DRS score for hosts as the metric to decide placements and keep VMs happy, instead of only focusing on cluster-level balancing. vSphere 7 also delivers enhanced application performance on supported hardware with vSphere Persistent Memory, providing applications access to ultra-fast storage at a lower cost. Moreover, we have also updated vMotion to improve performance, and as a result now support live vMotion for your databases and mission critical workloads. With vSphere 7, you can also benefit from cost efficient AI/ML hardware pools of resources, using supported hardware such as NVIDIA GPUs. It also delivers predictable quality of service for time-critical applications with the Precision Time Protocol (PTP).

The following breakthrough capabilities are available for customers using containers and Kubernetes. Note that the Kubernetes capabilities of vSphere 7 are available only as part of VMware Cloud Foundation 4 with Tanzu.
 
Kubernetes/Containerized Workloads and VMs


You no longer need to have multiple separate systems for your virtual machines and containers. We believe this release will have a transformative impact because we are removing a key barrier to the adoption of Kubernetes in enterprises: multiple, silo technology stacks. In the past, we have seen customers set up separate environments for Kubernetes with specialized teams and processes. By building Kubernetes into vSphere natively, customers can now consolidate their modern and traditional application environments into a single stack and immediately leverage existing technology and processes. This also addresses another key constraint of Kubernetes success: the skills gap. With minimal additional training, your vSphere administrators are now able to support Kubernetes and the modern applications run in containers.

Streamlined Development of Kubernetes Applications

vSphere 7 enables the DevOps model with infrastructure access for developers through Kubernetes APIs. It includes the Tanzu Kubernetes Grid Service, which is VMware’s compliant and conformant Kubernetes implementation for building modern containerized applications. In addition, customers who are not looking for full Kubernetes compliance for their container instances are able to use the new vSphere Pod Service, which provides improved performance and security and is built into the hypervisor with VM-like isolation.

Agile Operations for Kubernetes Applications

Finally, we are introducing a lot of value in vSphere with Kubernetes for the VI admin. We deliver a new way to manage infrastructure, called ‘application-focused management’ for containerized applications. This enables admins to apply policies to an entire group of objects and organize multiple objects into a logical group and then apply policies to the entire group. For example, an administrator can apply security policies and storage limits to a group of containers and Kubernetes clusters that represent an application, rather than to each of the objects individually. This helps improve productivity and reduce errors that can be costly to identify and correct.

 vSphere with Kubernetes is available through VMware Cloud Foundation 4 with Tanzu. One key innovation available only in VMware Cloud Foundation is a set of developer-facing services and a Kubernetes API surface that IT can provision, called VMware Cloud Foundation Services.
 
VMware Cloud Foundation Services


Powered by innovations in vSphere 7 with Kubernetes, VMware Cloud Foundation Services is a new, integrated Kubernetes and REST API surface that enables you to control the infrastructure through API access to all core services.

Tanzu Runtime Services and Hybrid Infrastructure Services.
 
  • Tanzu Runtime Services – deliver core Kubernetes development services, including an up-to-date distribution of:
  • Tanzu Kubernetes Grid Service– which allows developers to manage consistent, compliant, and conformant Kubernetes clusters to build their modern applications.
  • Hybrid Infrastructure Services – include full Kubernetes and REST API access that spans creating and manipulating virtual machines, containers, storage, networking, and other core capabilities. It includes the following services today:
       vSphere Pod Service – extends Kubernetes with the ability to run pods directly on the hypervisor. When developers deploy containers using the vSphere Pod Service, they get the same level of security isolation, performance guarantees and management capabilities that VMs enjoy, although it is not fully Kubernetes conformant.
        Storage service – allows developers to manage persistent disks for use with containers, Kubernetes, and virtual machines.
        Network service – allows developers to manage Virtual Routers, Load Balancers and Firewall Rules.
        Registry service – allows developers to store, manage and better secure Docker and OCI images using Harbor.

I hope this has been informative and thank you for reading!

Thursday, March 12, 2020

New features in vSphere 7

vSphere Lifecycle Manager

Next-Gen Infrastructure Image Management Manage infrastructure images to patch, update or upgrade ESXi clusters using the desired state model.

the new tool called vLCM (vCenter vSphere LifeCycle Manager) to support upgrading vsphere environment.using this tool you can patch, update or upgrade ESXi servers at scale with RESTful APIs to automate lifecycle management and use a desired state image.
 

Hardware management
  •     Management of host firmware from within vSphere
  •     Works in conjunction with vendor management tools like
  •     Dell OpenManage and HPE OneView
  •     VCG/HCL checks and Recommendation Engine. Remove the risk of unsupported drivers/firmware!
  •     Full GUI and REST API available

vCenter Server Profiles 

Desired state configuration management capabilities for vCenter Server. It helps the user to define/validate/apply configuration for multiple vCenter Servers

vSphere 7 VMware releases a new feature called “vCenter Server Profiles. With this new feature, you can create a consistent configuration file that can be used across multiple vCenters. This configuration profile can be

This capability is based on just the REST API. There is no UI for this.  You capture the state of an existing vCenter Server by exporting the config in JSON format.

vCenter Server Update Planner 

Manage the compatibility & interoperability for vCenter Server for upgrade scenarios. We will allow users to generate the interoperability & pre-checks report, which will help them plan for upgrades.


Content Library

Added administrative control and versioning support. Provides simple and effective centralized management for virtual machine templates, virtual appliances, ISO images, and scripts.

The vCenter Server Content Library coming with a new process called check-in and check-out option to use revert templates to previous versions. Also include a new option to change the transfer settings for frequencies of Auto-Sync option.


VMotion 

vMotion The recent enhancements in vMotion logic provides non-disruptive operations, irrespective of the size of VMs, specifically for large and mission-critical workloads

With the increase in workload resource consumption and the growing of resource allocations for workloads, changes was necessary in vMotion. The challenge today is the performance impact we see during vMotion for stun times on very large VMs.

VMware refactored vMotion to solve these challenges and brining back vMotion capabilities for large workloads like SAP HANA or Oracle.

  •  When vMotion is initiated, Page Tracers are installed.  This is done on all the vCPU entitled to that specific virtual machine that is to be alive migrated.
  • During a vMotion, all changed memory pages are tracked by using a page tracer. 
  • Changed (or dirtied) memory pages are copied to the destination ESXi again.
 
 VM Hardware v17
 
Virtual Watchdog Timer 
  • Without a watchdog timer, guest OSes & applications don’t have a standard way to know that they crashed.    
  • A watchdog timer helps by resetting the VM if the guest OS is no longer responding.
  • This is especially important for clustered applications, like databases and filesystems.
 I hope this has been informative and thank you for reading!

Wednesday, March 11, 2020

vSphere 7 - Features with Hybrid Cloud Module

VMware announced vSphere 7 biggest evolution of vsphere in decade.VMware vSphere 7 focused on rearchitecting vSphere into an open platform using Kubernetes APIs to provide a cloud-like experience for developers and operators. finally to provides the company's customers with a new first a common platform for running both Kubernetes/containerized workloads and virtual machines (VMs) at the same time with new raft of products featured in te vmware Tanzu for modern application and Vmware Cloud Foundation.

 

vSphere with Kubernetes

The first of the vSphere 7 features is vSphere with Kubernetes (formerly Project Pacific). This is a big topic and we have plenty of content planned to dive deeper into how vSphere has been transformed in order to support both VMs and containers. As Krish mentioned, Tanzu Kubernetes Grid Service is how customers can run fully compliant and conformant Kubernetes with vSphere. However, when complete conformance with the open source project isn’t required, the vSphere Pod Service can provide optimized performance and improved security through VM-like isolation. Both of these options are available through VMware Cloud Foundation 4.

The important takeaway is that Kubernetes is now built into vSphere which allows developers to continue using the same industry-standard tools and interfaces they’ve been using to create modern applications. vSphere Admins also benefit because they can help manage the Kubernetes infrastructure using the same tools and skills they have developed around vSphere. To help bridge these two worlds we’ve introduced a new vSphere construct called Namespaces, allowing vSphere Admins to create a logical set of resources, permissions, and policies that enable an application-centric approach.

If Kubernetes isn’t on your radar, we still have plenty of new and improved features in this release. In fact, we’ve made large steps forward for two of our most mature technologies: DRS and vMotion. In addition to Namespaces, we have quite a few brand new features to discuss.

Improved Distributed Resource Scheduler (DRS)

vSphere DRS has been reimagined to better serve both containers and VMs. DRS used to focus on the cluster state and the algorithm would recommend a vMotion when it would benefit the balance of the cluster as a whole. This meant that DRS used to achieve cluster balance by using a cluster-wide standard deviation model.


But, what about individual VMs? How would that vMotion impact the VM that was moved or it’s old or new neighbors? The new DRS logic takes a very different approach that addresses these questions. It computes a VM DRS score on the hosts and moves the VM to a host that provides the highest VM DRS score. The biggest difference from the old DRS version is that it no longer balances host load. This means DRS cares less about the ESXi host utilization and prioritizes the VM “happiness”. The VM DRS score is also calculated every minute and this results in a much more granular optimization of resources.

Assignable Hardware
In vSphere 7, there is a new framework called Assignable Hardware that was developed to extend support for vSphere features when customers utilize hardware accelerators. It introduces vSphere DRS (for initial placement of a VM in a cluster) and vSphere High Availability (HA) support for VM’s equipped with a passthrough PCIe device or a NVIDIA vGPU. Related to Assignable Hardware is the new Dynamic DirectPath I/O which is a new way of configuring passthrough to expose PCIe devices directly to a VM. The hardware address of a PCIe device is no longer directly mapped to the configuration (vmx) file of a virtual machine. Instead, it is now exposed as a PCIe device capability to the VM.


Together, Dynamic DirectPath I/O, NVIDIA vGPU, and Assignable Hardware are a powerful new combination unlocking some great new functionality. For example, let’s look at a VM that requires an NVIDIA V100 GPU. Assignable Hardware will now interact with DRS when that VM is powered on (initial placement) to find an ESXi host that has such a device available, claim that device, and register the VM to that host. If there is a host failure and vSphere HA kicks in, Assignable Hardware also allows for that VM to be restarted on a suitable host with the required hardware available.

vSphere Lifecycle Manager
vSphere Lifecycle Manager accounts for a number of the new vSphere 7 features, bringing a suite of capabilities to make lifecycle operations better. With vSphere Lifecycle Manager we have a paradigm shift in both vCenter Server and ESXi host configuration management. Using a desired state configuration model, vSphere Administrators can create configurations once, apply them, and continue to monitor that desired state through new tools called vCenter Server Profiles and Image Cluster Management. vCenter Server Profiles enable administrators to standardize on a configuration for all of their vCenter Servers and monitor to protect against configuration drift.

Cluster Image Management allows administrators to create images at the cluster level that dictate how hosts within the cluster will be configured. A cluster image can comprise the vSphere (ESXi) release, a vendor add-on (which would be the delta between the gold ESXi image and the OEM ISO in VUM terminology), and a firmware add-on which would allow vSphere Lifecycle Manager to communicate with a vendor provided firmware management tool (or Hardware Support Manager) such as Dell OMIVV. Our partners at this launch are Dell EMC and HPE with more to come.

vSphere Lifecycle Manager we have vCenter Server Update Planner. vCenter Server Update Planner provides native tooling to help plan, discover, and upgrade customer environments successfully. Receive notifications when an upgrade is available directly in the vSphere Client. Then use Update Planner to easily monitor the VMware product interoperability matrix to ensure that the available upgrade is compatible with other VMware software in the environment. Run a suite of available prechecks to assist with version compatibility prior to beginning an upgrade. Everything is good? You’ll have a successful upgrade, with no surprises.

It is important to note that vCenter Server Update Planner only works with vSphere 7 and onwards. So, Update Planner cannot help plan your upgrade from vSphere 6.x to vSphere 7 but it will drastically simplify your upgrades once you are running vSphere 7.

Refactored vMotion

As with DRS, we needed to review the vMotion process and look closely at how we could improve vMotion to support today’s workloads. VMs with a large memory & CPU footprint, like SAP HANA and Oracle database backends, had challenges being live-migrated using vMotion. The performance impact during the vMotion process and the potentially long stun-time during the switchover phase meant that customers were not comfortable using vMotion for these large workloads. With vSphere 7, we are bringing back that capability as we have greatly improved the vMotion logic.

At a high level, vMotion is comprised of several processes. For most VMs these processes can execute very quickly, often fast enough to not be noticed. For VMs that have large CPU and memory allocations these processes can become noticeable, and even last long enough for the application running within the VM to think there is a problem. So, several of those processes have been improved to mitigate vMotion issues for those larger VMs. One such process uses page tracers where vMotion keeps track of memory paging activity during a migration. Prior to vSphere 7, page tracing occurred on all vCPUs within a VM, which could cause the VM and its workload to be resource constrained by the migration itself. With vSphere 7, a dedicated vCPU is used for page tracing which means that the VM and its applications can keep working while the vMotion processes are occurring.

Intrinsic Security

One of the biggest ways that our customers can improve their security is through good password policies, and one of the easiest ways to do that is to implement multifactor authentication (MFA). The problem, then, is that there are so many ways to implement MFA, and it’s nearly impossible to extend vCenter Server with all of them. Furthermore, even if VMware implements some of them, we’re duplicating what many customers already have in their corporate identity management systems, and that doesn’t mesh with our desire to make life better for our users, the vSphere Admins.

The solution is federation using open authentication & authorization standards like OAUTH2 and OIDC. With vSphere 7 and Identity Federation, vCenter Server can talk to an enterprise identity provider and get the vSphere Admins and vCenter Server out of the process. This simplifies the vSphere Admin’s job and reduces helps reduce compliance audit scope. It also opens the door to lots of different MFA methods because they already know how to plug into things like Active Directory Federation Services (ADFS). With vSphere 7 we are supporting ADFS out of the box and will build support for more providers over time.

We’re also introducing vSphere Trust Authority (vTA), helping to make it easier to establish trust throughout the entire stack – from bare metal all the way through the workloads. vSphere Trust Authority creates a hardware root of trust using a small, separately-managed cluster of ESXi hosts which takes over the task of attestation. Host attestation is where the UEFI Secure Boot process, a server’s Trusted Platform Module (TPM), and an external service work together using cryptographic to verify that the host is running authentic software, in a good configuration.
In vSphere 7, vTA gives attestation the ability to enforce the rules by having the trusted hosts take over the communications with the key management systems (KMSes). This simplifies the connections to the KMSes, which simplifies risk auditing, as well as ensuring that a host that fails attestation doesn’t get access to secrets. Without those secrets the host can’t run an encrypted VM, which is good. We don’t want a secured VM on an untrusted server.

Certificate management also continues to be improved by reducing the amount of certificates that are required to be managed as well as the introduction of a new certificate import wizard. Solution User certificates no longer need to be managed and ESXi has also been simplified so that its services use a common certificate. Last, there is a REST API for operations such as renewing a certificate from the VMware Certificate Authority (VMCA), making the process easier to automate.

I hope this has been informative and thank you for reading!

Tuesday, January 21, 2020

Azure VMware Solution by CloudSimple - AVS

CloudSimple provides native VMware Private Clouds as-a-Service from the Azure Public Cloud.



Overview


Microsoft Azure VMware Solution by CloudSimple is an Azure service that allows you to run VMware workloads natively on Azure. Microsoft provides and supports the management systems, networking services, operating platform, and backend infrastructure required to run VMware environments at scale in Azure.

With this solution, you can deploy VMware workloads on a dedicated, high-performance, and single-tenant environment on Azure. This means you can provision, expand, and shrink your VMware infrastructure on demand in minutes while continuing to operate your VMware environment on Azure the same way you do on-premises. Leverage Azure economies of scale without the complexity of rearchitecting your applications—and, you can modernize and enhance your applications at your own pace.The solution is supported, verified, and certified by VMware.

CloudSimple enables enterprise customers to stop managing their own data centers and move their traditional workloads into public clouds, such as Azure. While new applications are designed to be cloud-native and are suitable for public clouds – with application-layer redundancy, use of software-defined infrastructure and usage of PaaS – most existing on-premise applications are not suitable for migration to the public clouds. A vast majority of such on-premise applications run on VMware-based private clouds. By offering native VMware stack as-a-service, CloudSimple is able to move and host such traditional workloads in the public cloud data centers non-disruptively.

Azure Vmware solution by cloudsimple feature

Seamlessly transition from your datacenter to Azure with these  Azure VMware Solution by CloudSimple capabilities.

Native VMware vSphere support - Redeploy, extend, and run VMware workloads in Azure without rearchitecting your environment or converting your vSphere VMs.

Full compatibility with VMware tools
- Leverage VMware tools and products you know, including vCenter, vSphere Client, vMotion, vRealize Operations, Power CLI, among others.

Bundled VMware products - Use built-in VMware vSphere, vSAN, and NSX-T.
Fully featured networking stack Support existing VMware environment networking capabilities.

Dedicated, isolated, single tenant - Use a self-service, automated service running on a dedicated, isolated, and single-tenant environment in Azure. 

Self-service provisioning - Add or remove Software Defined Datacenter (SDDC) hosts with one click using integrated management with Azure Resource Manager (ARM).

Optimized elastic infrastructure - Access a high-performance, VMware-optimized infrastructure that can be rightsized to match your application requirements.

Support for high levels of security and encryption - Encrypt your data at rest and in transit using your keys

Azure Active Directory (AD) - integration Rely on Azure AD as your VMware vCenter Single Sign-On identity source.

Highly secure, high-speed, low-latency connectivity to Azure - Choose from a variety of connectivity options, including Azure ExpressRoute and VPN services, for a reliable, high-speed, low-latency connectivity to Azure.

DevOps tool chain support - Receive support for the most popular DevOps tool chains (e.g., Terraform, Jenkins, Puppet, Chef, and others) to help automate your IT environment.

Unified management - Discover unified management across Azure and VMware that enables you to use familiar Azure capabilities (Portal, CLI, and ARM templates) along with your VMware toolset. Manage both Azure and VMware resources using ARM for the first time.

Azure vmware solution reduce the datacenter footprint via “one-time redeploy-ment” of VMware-based virtual machines while decreasing the overall on-premises infrastructure. Customers can “lift and shift” vSphere-based workloads to Azure in a non- disruptive, automated, scalable, highly available fashion without changing the underlying vSphere hypervisor or the network, security, or data protection police.

I hope this has been informative and thank you for reading! 

vSphere 8 Security Configuration & Hardening

    The VMware vSphere Security Configuration & Hardening Guide (SCG) has evolved significantly over the past fifteen years, remaining...