VMware Cloud Foundation V4
VMware announced on 10th March 2020 new release of VMWare Cloud Foundation. They released VMware vSphere 7.0 on 2nd April 2020. Software stack that combines vSphere, the vSAN virtual SAN and NSX networking, which runs on premises and in the public cloud. The latest V4 release includes vSphere 7.0 and so can run VMs and containers at scale, according to VMware.
It would be fully hybrid cloud due to their powerful important features
- vSphere with Kubernetes
- Improved Distributed Resource Scheduler (DRS)
- Assignable Hardware
- vSphere Lifecycle Manager
- Refactored vMotion
- Intrinsic Security
VMware vSphere 7 brings new security features which we will discuss about it here briefly. vCenter server continues its improvements by reducing memory utilization and improving operations speed, especially in Linked mode.
VMware vsphere 7 no more supporting Windows based vCenter Server. There would be deployed vCenter server appliance (VCSA) based on PhotonOS Linux v 3. Supporting only HTML 5 web-based UI without any supportive plug-ins.
vCenter server 7.0 couldn’t deploy on ESXi 6.0. vCenter Server supports upgrades from vCenter Server 6.5 and 6.7 however clean deployment of the vCenter Server appliance is supported on an ESXi host version 6.5 or later only.
As of upgrades from the previous release of vCenter server (6.5 or 6.7) VMware affirms that vCenter Server architectures with an external Platform Services Controller (PSC) are no longer supported and will automatically be converged to an embedded PSC deployment. This can be done during the upgrade process workflow.
vSphere with Kubernetes
VMware has added Kubernetes support to run containers and virtual machines simultaneously in the new vSphere release. The virtualization giant can now also offer a single management domain that covers containers and VMs in the hybrid cloud.
vSphere 7, launched today, represents the first fruits of the company’s Project Pacific. Project Pacific is in turn a component of VMware parent Dell’s wider Tanzu initiative to enable its overall product set to build, run, manage, connect and protect containerised workloads alongside virtual machine workloads.
Tanzu Runtime Services – Tanzu Kubernetes Grid (TKG) intends to provide a consistent experience with Kubernetes irrespective of any underlying infrastructure. TKG offers a great experience to admins as well as developers where developers can self-provision these clusters and administrators at the same time have full visibility to the infrastructure and can manage them accordingly.
Hybrid Infrastructure Services – Kubernetes workload can make use of the storage(vSAN) and network (NSX) services to rapidly provision POD’s and VM’s accordingly.
The Virtual Machine Service enables VMs to be managed by Kubernetes. In this model, all components of an application – VMs, containers, and more – can be managed with and through Kubernetes.
Application-Focused Management – So with the integration of Kubernetes under vSphere, A vSphere admin will certainly have lot of objects to manage under one roof. An application going forward may not be consisting of One VM. A logical application can contain multiple POD’s. To ensure developers and admins both can utilize this in a effective manner these group of VM’s POD’s which comprise of one logical application would be grouped under one Kubernetes Namespaces. The admin can manage the namespace directly rather than getting worried about objects that’s underneath. So, any policies applied at the namespaces is implicitly applied to all the objects under that Namespace. So, developers can easily create or destroy PODs and the policies are applied automatically irrespective new objects being created. This way it can be managed at a better scale for both developers and vSphere admin.
VMware virtualization and containerisation
VMware traditionally virtualizes servers such that a hypervisor runs the physical server and controls the execution of virtual machines using its hardware. These virtual machines (VMs) contain an operating system and applications.
With containerisation, a controlling software entity provides the operating system and its facilities while applications are built as a set of microservices running in containers. These containers use the single set of operating system facilities and so virtualize the server more efficiently, by not duplicating the operating system instances.
The containers are scheduled to run via an orchestration service and Google’s Kubernetes (K8s) is becoming the dominant orchestrator.
Containerisation is becoming popular as a way of writing applications to run in the public cloud, so much so that they are called cloud native. As enterprises with on-premises data centres want to have a common environment for their applications across their own data centres and the public cloud they are beginning to embrace cloud-native application development.
VMware has shown it can bring K8s into its hypervisor. Nutanix AHV (Acropolis HyperVisor) has its Acropolis Container Services and Karbon front end wrapper for Kubernetes. Other hypervisors, such as Red Hat’s KVM and Microsoft’s Hyper-V will surely follow suit. This will help their owners defend their virtual server base against containerisation encroachment and can be presented as helping customers embrace containerisation.
Improved Distributed Resource Scheduler (DRS)
Major difference from the old DRS version is that it no longer balances host load. This means DRS cares less about the ESXi host utilization and prioritizes the VM “happiness”.
New Distributed Resource Scheduling (DRS) algorithm, improved in the latest VMware vSphere, version 7
vSphere 6.7 (new Initial Placement, NVM Support and enhanced resource Pool reservations). The version of DRS till vsphere 6.7 was a Cluster centric Model. In simple words, the resource utilization was always balanced across the Cluster.
DRS Scalable shares: Relative resource entitlement to other resource pools depending on a number of VMs in the resource pool. Setting a share level to ‘high’ ensures prioritization over lower share VM entitlements. The share allocation dynamically changes when spinning up more VMs. This is not enabled by default in vSphere 7.
Assignable Hardware. It’s a framework that allows Dynamic DirectPath I/O (supports NVIDIA GRID vGPU devices) to use vSphere HA and DRS for initial placement. In earlier releases of vSphere, the VM was stuck on the host. A VM with a pass-thru device. Assignable hardware requires hardware version 17 of the VM. When powering on a VM with a NVIDIA vGPU profile DRS will look if it can place that VM with the vGPU profile on a other host. DRS load balancing of Dynamic DirectPath I/O devices is not available yet. So only for the initial placement of the VM.
vSphere Lifecycle Manager
VMware vSphere 7 replaced the vSphere Update Manager (VUM) to VMware vSphere Lifecycle manager (VLM). It is a built-in vCenter server function/feature allowing you to use a desired state model that allows you to plan, upgrade and configure the virtual infrastructure by using RESTful APIs for automating lifecycle management. It uses imaging to maintain the environment to secure state with the latest security patches and updates.
Lifecycle Manager instead of vSphere Update Manager management of patches and updates for your vSphere infrastructure using baselines. The new functionality is adding a possibility to use images that can be applied to the entire infrastructure and in this image, you’ll be able to specify which software, drivers and firmware can run on the host(s).
Lifecycle manager as such will perform all previous tasks that you were able to do via vSphere Update Manager (VUM), such as Install and update third-party software on your hosts or Upgrade and patch hosts to the latest release.
vMotion. vMotion is improved so that it reduces the performance impact on large (monster) VMs during a vMotion. This brings back vMotion capabilities for large workloads like SAP HANA or Oracle.
Enhanced vMotion Compatability (EVC). In vSphere 7 there is support for the Intel Cascade Lake and AMD Zen2 generation.
Virtual Machine Hardware version 17. VM hardware version 17 is needed when using Assignable Hardware. Other new features in HW v17 are:
Watchdog Timer: Without a watchdog timer guest OSes and applications don’t know they are crashed. A watchdog timer helps by resetting the VM if the guest OS is no longer responding. This is important for clustered applications like databases and filesystems.
Precision Time Protocol (PTP): This is for applications that require sub-millisecond accuracy such as financial and scientific applications. PTP requires both the in-guest device and ESXi service to be enabled. Choose between NTP or PTP for the entire ESXi host.
Improvements in live migrations of monster workloads. Monster VMs with a large memory & CPU footprint, like SAP HANA and Oracle database backends, had challenges being live-migrated using vMotion. The performance impact during the vMotion process and the potentially long stun-time during the switchover phase meant that customers were not comfortable using vMotion for these large workloads. With vSphere 7, we are bringing back that capability as we have greatly improved the vMotion logic.
How the improvement was achieved?
- A dedicated vCPU is used for page tracing which means that the VM and its applications can keep working while the vMotion processes are occurring. Previous to vSphere 7, page tracing occurred on all vCPUs within a VM, which could cause the VM and its workload to be resource constrained by the migration itself. With vSphere 7, a dedicated vCPU is used for page tracing which means that the VM and its applications can keep working while the vMotion processes are occurring. which could cause the VM and its workload to be resource-constrained by the migration itself.
Another process that was improved was the memory copy. Prior to vSphere 7, memory was transferred between the hosts in 4k pages. vSphere 7 now uses 1 GB pages, along with a few other optimizations, to make this data transfer much more efficient.
Enterprises can further intrinsically secure infrastructure, data, and access with a comprehensive, built-in architecture and a simple, policy-driven model delivered in VMware vSphere 7. This new release introduces remote attestation for sensitive workloads using vSphere Trust Authority. Additionally, it helps secure access and account management using identity federation with Active Directory Federation Services (ADFS).
VLM will allow you to to do the following operations:
- Install the desired ESXi version on all hosts in a cluster.
- Install and update third-party software and firmware on all ESXi hosts.
- Update and upgrade all ESXi hosts in a cluster collectively.
- vSphere Software Guard Extensions (vSGX). This is called hardware protection for secrets. It allows applications to work with hardware to create a secure enclave that cannot be viewed by the guest OS or hypervisor. Applications can move sensitive logic & storage into this enclave. This is only support by Intel.
- Improved Certificate Management. In vSphere 6.x you have a lot of certificates. In vSphere 7 the certificate management is much simpler. And you can manage the vCenter Server certificates programmatically by using APIs.
- vSphere Trust Authority (vTA). This is all about secure the vSphere infrastructure, how do we trust that our hosts are configured correctly. vTA takes care of this.
- Identify Federation. Standard-based federation authentication with an enterprise provider (idPs) such as ADFS. This reduces the audit scope and vSphere admin workload. SSO still exists.
vCenter Server Profiles – Profiles can import and export vCenter Server configuration via REST APIs (management, network, authentication and user configurations). This is not the same as Host Profiles. These are the settings you can make in the vCenter Server Appliance Management Interface (VAMI). With this, you can maintain version control between vCenter Servers (max 100 vCenter Servers are supported).
vCenter Server Multi-Homing – vCenter Server Multi-Homing is now officially supported. It has a maximum of 4 NICs that are supported per vCenter Server. vCenter Server NIC1 is reserved for vCenter HA (vCHA).
vCenter Server Scalability Enhancements – The scalability is improved as in each new release (for more information you can refer to the configmax.vmware.com website).
vCenter Server CLI tools – The vSphere SSO domain consolidation tool (cmsso-util) has been simplified. The repointing option is gone, now you have the ‘unregister’ and ‘domain-repoint’ arguments for that.
Content Library VM templates – Check-in/Check-out and versioning. When editing a VM template you can check-out the template and make changes and check-in the template. After that, you see the versioning (history) information.
About Platform service controller –Automatic migration of a vCenter Server external Platform Services Controller (PSC). When migrating a vCenter Server with an external Platform Services Controller (PSC), it will be automatically converged to a vCenter Server with an embedded Platform Services Controller. The vCenter Server converged tool is no longer available from the ISO.
Well, it has been consolidated into the vCenter server. There are no more external PSCs available for new deployments in vSphere 7.
vSphere 6.7 had a migration tool that was allowing to consolidate external PSCs to embedded.
Whereas, in vCenter 7.0 deployments this migration tool is no more and has been incorporated directly into the upgrade workflow (so we won’t find the utility in a subfolder when browsing the VCSA ISO).
vCenter server has merged with PSC which maintains All its functions. The new vCenter Server 7.0 has all Platform Services Controller (PSC) services, keeping the functionality and workflows, including authentication, certificate management, tags, and licensing.
During upgrades and migrations from Windows vCenter servers, the workflow will automatically migrate and consolidate external platform service controllers (PSCs) into the vCenter server 7.0. The vSphere converge utility is now part of the migration process.
vCenter Server Update Planner – vCenter Server Update Planner is a new tool that helps with discovering, planning and upgrading a vCenter Server. In the vSphere client you receive notifications when an upgrade or update is available. The cool thing is that it detects installed VMware products and if they are compatible or not.
For further Information follow official link
Introducing vSphere 7: Modern Applications & Kubernetes
vSphere 7 with Kubernetes – Lightning Hands-on Lab
How to Get vSphere with Kubernetes
vSphere with Kubernetes 101 Whitepaper – An Introduction for vSphere Administrators
Introducing vSphere 7: Features & Technology for the Hybrid Cloud
VMware vSphere 7 Blog
VMware vSphere 7 Product Documentation
vSphere with Kubernetes Architecture
VMware vSphere 7 Download