Following Broadcom's acquisition of VMware last year, we have been waiting to see the innovation and features that the R&D investments would bring. These things will always take time, as no one wants poor-quality code, so there will be a balance between speed and stability. Â
VMware by Broadcom has been clear that Cloud Foundation is the strategic future of the software platform, and this 5.2 release is the first major update since the acquisition. It is a very significant update with far more features and enhancements than we can cover in one article. We will pick out some highlights and summarise the rest. Â
VCF Strategy UpdateÂ
For those who have not seen, VMware Cloud Foundation's (VCF) three core deliverables are Modern Infrastructure, Cloud Experience for Developers, both of which are wrapped in Security and Resilience. The concept is to provide a set of products and capabilities that are engineered, validated and delivered as a bundle with automated deployment and lifecycle management. The goal is to remove the complexity and effort of managing your private cloud deployments. Â
VCF comprises of the core components, vSphere, vSAN, Tanzu and Aria Suite, the realigned VCF division has a single strategy to integrate these components into a cloud platform that meets the four key pillars shown below.Â
The new VCF division is bringing Broadcom's focus, execution, and investment to life with a shift in culture around people, process, and go-to-market. This new operating model is designed to allow customers leveraging VCF to access value faster and more easily.Â
VCF 5.2 brings a lot of updates and improvements to the core components (vSphere, vSAN, Tanzu and Aria Suite), which are summarised into the four core areas of Operational Effectiveness, Innovation, Security and Performance.Â
Â
The number of updates under these eight core topics required a three-hour briefing from VMware. This is a serious enhancement to VCF, and we won’t be able to cover every single nuance in this article. We are going to cover five core areas:Â
- vSphereÂ
- vSANÂ
- Aria AutomationÂ
- HCXÂ
- SDDC ManagerÂ
In each section, we will list out the major announcements and then dig into the details of one or two. If you would like a full briefing on all the VCF 5.2 announcements, please reach out and we can arrange one of our experts to deliver a briefing. Â
vSphere 8 Update 3Â
VCF 5.2 brings update 3 of the core vSphere hypervisor to market with a list of updates and enhancements in the following areas:Â
- vSphere IaaS Control Plane Â
- Lifecycle Management Â
- Hardware Support Â
- vSphere with GPUs Â
- Security and Compliance Â
- vSphere Storage Â
vSphere IaaS Control Plane Â
vSphere IaaS Control Plane is the new name for vSphere with Tanzu, so you may see references to both names as you review the documentation and the product. The main advantage here is the decoupling of the TKG service from the underlying vSphere versions (something of a theme in VCF 5.2, decoupling of services to allow easier updating). This will allow for faster updates without having to drag the entire stack along on the journey; giving developers access to new upstream Kubernetes releases more quickly and more easily. Â
The IaaS control plane has undergone a significant number of updates, most aimed at improving the quality of life for administrators, through things like autoscaling and other automated processes. Here is the list of announcements for the IaaS control plane:Â
- Autoscaling for Kubernetes clustersÂ
- vSAN Stretched cluster support Â
- VM Service – VM Backup and RestoreÂ
- Automated Supervisor certificate rotationÂ
- VM Service – VM Class Expanded ConfigurationÂ
- Local Consumption Interface (LCI)Â
Security & Compliance Â
Security is at the forefront of every organisation’s mind at the moment, so the more we can remove the burden and complexities it presents, the better. Bringing more choice in how we authenticate to the platform is always welcome; allowing customers to integrate and enable strong authentication to critical infrastructure. Â
Leveraging either CLI (think automation) or configuration profiles to define best practices in areas such as TLS is a great way to ensure we don’t let weak cryptography exist in our environments. Ensuring that new deployments conform to the latest best practice and don’t drift from defined standards will be much easier. Â
The new security configuration and baseline guides are also welcomed, allowing organisations to adopt secure best practices based on practice advice. Alignment to standards like PCI, it should make life much easier for admins. Â
Summary of the remaining updatesÂ
The list of updates in the vSphere 8 world is extensive, so I have summarised each category below:Â
- Lifecycle Management Â
- vSphere Live PatchÂ
- Enhanced Image Customization Â
- Dual DPU Support Â
- Complete Topology Support Â
- Automatic Switchover Â
- Cluster Baselines Support Â
- Embedded vSphere Cluster Service Â
- Hardware Support Â
- High Availability DPU ConfigurationÂ
- Intel Xeon CPU Max Series SupportÂ
- vSphere with GPUs Â
- Host Different Types of Workloads on a Single GPUÂ
- Cluster Level GPU MonitoringÂ
- vSphere DRS Settings for vGPU VMsÂ
- vSphere Storage Â
- Support for vVols Stretched Storage ClusterÂ
- UNMAP support for vVols on NVMe volumesÂ
- vVols Microsoft WSFC Clustering Support on NVMeoFÂ
- Limit Number of Hosts Sending UNMAP at OnceÂ
- PSA Support for Multi Pathing: Fabric NotificationsÂ
- Reduce Time to Inflate Thin -> EZT Disks on VMFSÂ
- CNS CSI Storage EnhancementsÂ
vSANÂ
vSAN 8 Update 3 brings enhancements to three core categories, each of which we will dig into here.Â
- Flexible Topologies Â
- Agile Data Protection Â
- Enhanced Management Â
Flexible Topologies Â
‘Unbound scalability and flexibility’ is the strapline used by VMware by Broadcom for the flexible topologies updates, bringing features to VCF that will enhance use case as well as resilience:Â
- Support of stretched clusters using ESAÂ Â
- Support of vSAN Max as principal storage Â
- Support of up to 250 file shares per cluster in vSAN File Services Â
Bringing ESA-stretched cluster support (more info on ESA here) in VCF allows customers to take advantage of the ESA performance boosts, without losing the resilience that an ‘active/active’ deployment can bring. Â
Adding vSAN Max capability to VCF gives customers the choice of traditional HCI deployment or modern disaggregated capabilities, all with the simple management that software definition brings, and now with the validation and lifecycle management of VCF. This will allow the choice to provision storage that meets the needs of the applications.Â
I have always been a fan of unified storage, which allows for simpler management, resource utilisation, and cost reduction (power, cooling, hardware, etc.). With the maturing of the file services on vSAN, we will unlock more use cases and opportunities to consolidate technical debt. Â
Agile Data Protection Â
Easily protect and recover VMs locally using vSAN Data Protection, bringing capabilities to revert, clone and restore VM’s running on vSAN ESA storage. With these features, we are seeing the gap closing between enterprise storage arrays and vSAN capabilities. These new capabilities are summarised into the following four features.Â
- Protect and Recover VMs against Accidental and Malicious ActivitiesÂ
- Local snapshots that are simple to configure and manageÂ
- Centralised visibility and management in vCenter ServerÂ
- Policy-based Outcome Oriented ProtectionÂ
Bringing the ability for enterprise-grade snapshots that can be used for restoration, instant cloning, immutable protection, and integration to VMware live recovery is game-changing. Being able to support rapid recovery either locally or in the cloud means better protection against malicious and accidental outages.Â
Accessing all this new technology is good but making it operationally effective is key. The new administration, automation and monitoring capabilities added to vCenter will mean this won’t be a problem. They will allow for the creation of automated protection groups, defined retention policies and deep monitoring, as well as manual controls when needed. Â
The use cases for this new feature are far reach, but two I wanted to highlight are the ability to revert a single VM in a protection group to a specific point in time and the ability to create linked clones to support the operational processes. Â
All these features bring four key benefits for customer adoption VCF:Â
- Comprehensive Ransomware ProtectionÂ
- Roll Back VMs to Predetermined StateÂ
- Restore VMs no longer registered in vCenter Server using local protectionÂ
- Clone VMs to support operational workflowsÂ
Understanding how these new features compare to existing functions like vSphere replication will be critical. The image below is a great starting point.Â
Enhanced Management Â
Making vSAN Easier to deploy, operate, and optimise is the theme for Enhanced Management. My takeaway here is how VMware is helping the admins pinpoint performance or configuration issues that may impact service quality or resilience. Â
- Proactive hardware management for storage devices in vSAN ESAÂ
- Customisable alarm thresholds for NVMe storage devices in vSAN ESAÂ
- vSAN VM I/O Trip Analyser Cluster Level ViewÂ
- Improved Troubleshooting when using RDMA with vSANÂ
- Enhanced Visibility for vSAN Max-powered ClustersÂ
The I/O Trip analyser is a nice example of this. It allows performance issues to be tracked down to specific components or elements of the solution, meaning faster time to resolution. Â
Aria AutomationÂ
VCF Automation is the core of the self-service Private Cloud Experience that VMware has built with VCF. The updates for this architect will focus on the following three areas.Â
- Unified Cloud Operations Â
- Improved Cloud Security & Compliance Â
- Simplified Diagnostics Â
As with the other components, the full list of updates is extensive.Â
Unified Cloud Operations Â
Bringing rich visual insights that cover a global multi-site VCF deployment was a key theme for these updates; new dashboard, improved workflows, and deeper insights. These are contextual and focused. This is a hard section to put into words but is worth a demo if you get chance.Â
Improved Cloud Security & Compliance Â
Visibility is sometimes the key baseline that can help an organisation improve security and compliance. VCF 5.2 brings clear licence usage reporting and trends to ensure optimal compliance with usage and costs. Â
Certificates are another critical component of secure deployments. I am sure we have all experienced an outage caused by an unexpected certification expiry. Hopefully, that will now be a thing of the past.Â
Simplified Diagnostics Â
VCF Diagnostics provides a product experience for discovering, troubleshooting, and remediating issues, allowing admins to find and remediate issues easily. The new capabilities will provide curated Skyline Advisor findings and offer admins guided remediation. This extends to both the core components like ESXi or vSAN as well as the functional capabilities like vMotion or snapshots. Â
HCXÂ
HCX is the engine for moving workloads from one location to another, providing network optimisation, orchestration, and security. It is mainly used for large-scale, site-to-site migrations or cloud relocations. As a mature product, the focus in this release has been on performance and simplicity. Â
- HCX Migration Orchestration + ESXi vSphere vMotion Â
- HCX Traffic Engineering - Configurable Transport Encryption Â
- OS Assisted Migration - Simplified Architecture Â
HCX can now enhance traditional vMotion capabilities to aid in cross-centre migrations with line rate performance up to 100GB.Â
Improved throughput on private networks means fast migrations, less impact and easier scheduling of projects and work packages. Â
Operating System-Assisted Migrations (OSAM) used to be a complex web of appliances and configurations. The new SRG appliance does not significantly simplify this.Â
SDDC ManagerÂ
SDDC Manager is the heart of the VCF system, orchestrating the lifecycle and operational functions of the entire ecosystem. Given its central roles, it's no surprise the list of enhancements is extensive:Â
- Import vSphere Infrastructure into Cloud Foundation Â
- Flexible Edges to Satisfy Multiple Use Cases Â
- Lifecycle Management Â
- Independently Upgrade SDDC Manager Â
- Upgrade or Patch Domains from SDDC Manager Â
- VCF Upgrade Flexibility Â
- Patch Individual Components using SDDC Manager Â
- Deploy New Async Patched Domains Â
- Offline Depot Local Patch Repository Â
- vSphere Live Patching Â
- Identity Federation Support with Microsoft Entra IDÂ Â
- Configure a Proxy Server with Authentication Â
Three areas I wanted to touch on here are Edge Deployment, Offline repositories and Async Patched Domains.Â
VCF 5.2 introduces additional deployment modes for edge architectures. You now have a choice of VCF components you deploy at the edge and a new licence model that will reduce overall costs. If you only need compute power at the edge, you can start with a single 16-core node and scale as required. You are no longer required to deploy vSAN and the minimum node counts that it needs. These new options should make deployments to large numbers of smaller sites easier to manage and commercially more compelling.Â
For our secure customers that are running in offline configuration or those that want to streamline the downloads of large updates, the new offline depot will be of great interest. Â
The ability to update the SDDC manager separately allows you to take advantage of new management capabilities and fixes without needing to upgrade the full management domain. Another benefit this brings is the ability for granular control of async patching. Â
One final note is to define the specific product versions that makeup VCF 5.2. If you want to arrange a more in-depth briefing on any of the topics in this article, please contact us or speak to your CDW account manager.Â
Contributors
-
Rob Sims
Chief Technologist - Hybrid Platforms