Nov 15

VMware Announces General Availability of vSphere 6.5

Posted on November 15, 2016 by Martin Yip

vSphere 6.5 is here!

Today, we are excited to announce the general availability of VMware vSphere 6.5 along with new releases of other SDDC components: VMware vSAN 6.5, VMware vRealize Log Insight 4 and VMware vRealize Operations 6.4. Together, these products help IT more efficiently run, manage, and secure their applications both on- or off-premises.

vSphere 6.5 is the latest release of the industry-leading virtualization platform. As previously mentioned, this release of vSphere features several new capabilities and enhancements that addresses the challenges of digital transformation by delivering:

  • Dramatically simplified experience (Simplified and Streamlined architecture, Rest-based APIs, HTML5-based GUI)
  • Comprehensive built-in security (Secure Data, Infrastructure and Access)
  • Universal app platform for running any apps (vSphere Integrated Containers)

One more thing…

If the vSphere 6.5 release was not already compelling enough, vSphere 6.5 will also include the highly anticipated feature, vSphere Predictive DRS, that was featured as a Tech Preview at VMworld 2016. Predictive DRS is a game-changing new technology that leverages self-learning and predictive analytics provided by vRealize Operations. It learns your environment and based on usage patterns, preemptively rebalances your workloads in advance of upcoming demands and spikes. This ensures your applications remain performant and your workloads get all the resources they need. This is extremely useful in a wide variety of scenarios including applications that are latency sensitive or experience regular spikes in demand. Predictive DRS is just another example of how VMware continues to innovate and deliver value to you.

Things to Note

vSphere Integrated Containers, a feature that extends vSphere capabilities to run container workloads in vSphere environments, will be made generally available later this year.

For more details on the release please refer to the vSphere 6.5 announcement.

If you are interested in learning more about vSphere 6.5, there are several options:

Rating: 5/5


Oct 28

What’s New in VMware vSphere 6.5

Introduction

VMware vSphere® 6.5 is the next-generation infrastructure for next-generation applications. It provides a powerful, flexible, and secure foundation for business agility that accelerates the digital transformation to cloud computing and promotes success in the digital economy. vSphere 6.5 supports both existing and next-generation apps through its
1) simplifed customer experience for automation and management at scale;
2) comprehensive built-in security for protecting data, infrastructure, and access; and
3) universal application platform for running any app anywhere. With vSphere 6.5, customers can now run, manage, connect, and secure their applications in a common operating environment, across clouds and devices.

This paper will discuss the new and enhanced features in vSphere 6.5 across various areas of technology.
For additional information, see VMware vSphere Documentation.

VMware vCenter Server

VMware vCenter Server® 6.5 has many new and innovative features. The installer has been overhauled, resulting in a new, modern look and feel. It is now supported on Microsoft Windows, macOS, and Linux operating systems (OSs) without the need for any plug-ins. With vSphere 6.5, the VMware vCenter Server Appliance™ has surpassed the Windows installable version. It offers the following exclusive features:

  • Migration Tool
  • Improved appliance management
  • Native high availability
  • Native backup and restore

There are also general improvements to vCenter Server 6.5, including the vSphere Web Client and the fully supported HTML5-based vSphere Client.

Migration

vCenter6-5-appliance-installer.png

The installer has a built-in Migration Tool, providing easy access to the vCenter Server Appliance 6.5. This new version of Migration Tool provides several improvements over the recent vSphere 6.0 Update 2m release, including support for Windows vCenter Server 5.5 and 6.0. And VMware vSphere Update Manager™ is now part of the vCenter Server Appliance 6.5, which is especially valuable to customers that have been waiting to migrate to vCenter Server Appliance without managing a separate Windows server for vSphere Update Manager . For customers that have already migrated to the vCenter Server Appliance 6.0, the upgrade process will migrate vSphere Update Manager baselines and updates to the vCenter Server Appliance 6.5. During the migration process, the vCenter Server confguration, inventory, and alarm data are migrated by default. vSphere 6.5 provides improvements in data selections in three areas:

  • Confguration
  • Confguration, events, and tasks
  • Confguration, events, tasks, and performance metrics

Data is migrated from any database supported in vSphere 5.5 or 6.0 to an embedded vPostgres database. This applies to databases running embedded or remote Microsoft SQL, Oracle, or PostgreSQL databases.

Download

Download a full What’s New in VMware vSphere 6.5 Technical White Paper.

Rating: 5/5


Oct 19

Introducing vSphere 6.5

Posted on October 18, 2016 by Charu Chaubal

Today, VMware announces vSphere 6.5, the latest version of its industry-leading virtualization platform. This new release of vSphere features a dramatically simplified experience, comprehensive built-in security, and a universal app platform for running any app.

vSphere 6.5 accelerates the customer transition to digital transformation and cloud computing by addressing key challenges:

    1. Environments growing increasingly complex,
    2. Growing IT security threats, and
    3. The need to support both existing and new apps and services.

Let’s take a look at some of the key capabilities.

Dramatically Simplified Experience

vSphere 6.5 elevates the customer experience to an entirely new level. It provides exceptional management simplicity, operational efficiency, and faster time to market.

vSphere 6.5 makes the vCenter Server Appliance the fundamental building block of a vSphere environment. The core vSphere architecture is built around this easy to deploy and manage approach that reduces operational complexity by embedding key functionality into a single location. Capabilities such as vSphere host management (with a fully integrated vSphere Update Manager), file-based backup and recovery, native VCSA high availability, and much more are now embedded in this new one-stop appliance model. Users can now be more efficient as there is no longer a need to interface with multiple components. Additionally, because everything is centralized, vCenter Server Appliance generates a tremendous amount of optimization and innovation, including an over 2x increase in scale and 3x in performance. Upgrading to this building block will be easier than ever before as users can now convert from their traditional Windows deployment into the new appliance model using the new vCenter Server Appliance Migration tool.

SDDC Tool

vCenter Server Appliance: The fundamental building block of a vSphere environment

In this release, vSphere 6.5 also takes an API-first approach to foster a more business-centric and highly agile environment. In a world where infrastructure as code is becoming a requirement rather than just nice to have, a programmable infrastructure layer is now essential. vSphere 6.5 introduces new REST-based APIs for VM Management that vastly improve both the user and partner experience by enabling finer control of virtual infrastructure for apps. You can now do much more with less lines of code with these new simple APIs.

The final component that allows vSphere 6.5 to deliver a simplified experience is the graphical user interface itself. The highly anticipated new HTML5-based vSphere Client provides a modern user interface experience that is both responsive and easy to use. Many customers have already experienced this vSphere Client as part of a Fling on VMware Labs, and thus far the response has been overwhelming positive.

H5

HTML5-based vSphere Client: GUI that enables fast performance and cross-platform compatibility

Comprehensive Built-in Security

With increased threats, comprehensive built-in security becomes more critical than ever before. vSphere 6.5 natively provides secure data, infrastructure, and access at scale via its operationally simple, policy-driven model. Protecting all three areas is essential for digital transformation and the evolution of any given business.

To secure data, vSphere 6.5 offers a new VM-level disk encryption capability designed to protect against unauthorized data access. VMware’s approach is both universal and scalable, with the ability to encrypt any VM disk regardless of guest OS, and the ability to manage encryption at scale using the familiar vSphere storage policy framework. Combined with the new encrypted vMotion capability, vSphere can safeguard both data at-rest and data in-motion.

To assure the security of the underlying infrastructure, vSphere 6.5 also adds a secure boot model to protect both the hypervisor and the guest operating system. It helps prevent images from being tampered with and prevents the loading of unauthorized components.

vSphere 6.5 also delivers enhanced audit-quality logging capabilities that provide more forensic information about user actions. IT can now better understand who did what, when, and where if an investigation into anomalies or security threats requires it.

vSphere 6.5 is the core of a secure SDDC and works seamlessly with other SDDC products to provide a complete security model for infrastructure.

Security

Comprehensive Built-in Security: Secure Data, Secure Infrastructure, and Secure Access

Universal App Platform

vSphere is a universal app platform that supports both traditional and next-generation apps. While these two worlds are vastly different, both require infrastructure with the scale, performance, and availability to meet key business objectives.

vSphere has always been pushing the limits on what apps it can support. Initially it was all about test/dev but then quickly expanded coverage business critical apps as well. Later, it included Desktop Virtualization and 3D graphics. Now we are seeing more modern apps being virtualized including Hadoop, Spark, Machine Learning, HPC and cloud native apps.

To run any app, vSphere 6.5 expands its workload coverage model by focusing on both scale-up and scale-out next-gen apps that are increasingly built using evolving technology building blocks, such as containers. In this release, VMware delivers vSphere Integrated Containers, the easiest way for vSphere users to bring containers into an existing vSphere environment. vSphere Integrated Containers delivers an enterprise container infrastructure that provides the best of both worlds for the developers and vSphere operations teams. Containers are now just as easy to enable and manage as virtual machines. No process or tool changes are required.

VMware vSphere Integrated Containers helps customers to transform their businesses with containers without re-architecting their existing infrastructure. It is comprised of three components – the Engine which provides the core container run-time, Harbor which is an enterprise registry for container images, and Admiral which is a portal for container management by dev teams. vSphere Integrated Containers enables IT operations teams to provide a Docker compatible interface to their app teams, running on their existing vSphere infrastructure and features tight integration with VMware NSX and VMware Virtual SAN to support best-in-class network automation and scale out, high performance persistent storage, respectively.

vSphere Integrated Containers

vSphere Integrated Containers: Delivering the best of both worlds for IT and Developers

vSphere 6.5 also lets you run apps from any cloud, including your data center or in public cloud environments. vSphere 6.5 is not only the heart of the Software-Defined Data Center, it’s also the foundation of VMware’s cloud strategy. vSphere 6.5 is available in both the private cloud and as a service through a public cloud. The newly announced VMware Cloud Foundation and VMware Cloud on AWS are both built on vSphere 6.5.

As the ideal platform for apps, cloud, and business, vSphere 6.5 reinforces the customer’s investment in VMware. vSphere 6.5 is one of the core components of VMware’s SDDC and a fundamental building block for VMware’s cloud strategy. With vSphere 6.5, customers can now run, manage, connect, and secure their applications in a common operating environment, across clouds and devices.

Learn More

This article only touched upon the key highlights of this release, but there are many, many more new features. To learn more about vSphere 6.5, please see the following resources.

Rating: 5/5


Oct 18

What’s New in vSphere 6.5: vCenter Server

Posted on October 18, 2016 by Charu Chaubal
Today VMware announced vSphere 6.5, which is one of the most feature rich releases of vSphere in quite some time. The vCenter Server Appliance is taking charge in this release with several new features which we’ll cover in this blog article. For starters, the installer has gotten an overhaul with a new modern look and feel. Users of both Linux and Mac will also be ecstatic since the installer is now supported on those platforms along with Microsoft Windows. If that wasn’t enough, the vCenter Server Appliance now has features that are exclusive such as:

  • Migration
  • Improved Appliance Management
  • VMware Update Manager
  • Native High Availability
  • Built-in Backup / Restore

We’ll also cover general improvements to vCenter Server 6.5 including the vSphere Web Client and the .

Migration

vCenter Server Appliance Migration

vCenter Server Appliance Migration


Getting to the vCenter Server Appliance is no longer an issue as the installer has a built in Migration Tool. This Migration Tool has several improvements over the recently released vSphere 6.0 Update 2m release. Now, Windows vCenter Server 5.5 and 6.0 are supported. If you’re currently running a Windows vCenter Server 6.0, this is your chance to get to the vCenter Server Appliance using this Migration Tool. In vSphere 6.5 there is an improvement in the migration tool which allows for more granular selection of migrated data as follows:

  • Configuration
  • Configuration, events, and tasks
  • Configuration, events, tasks, and performance metrics

VMware Update Manager (VUM) is now part of the vCenter Server Appliance. This will be huge for customers who have been waiting to migrate to the vCenter Server Appliance without managing a separate Windows server for VUM. If you’ve already migrated to the vCenter Server Appliance 6.0 the upgrade process will migrate your VUM baselines and updates to the vCenter Server Appliance 6.5. During the migration process the vCenter configuration, inventory, and alarm data is migrated by default.

Improved Appliance Management

Another exclusive feature of the vCenter Server Appliance 6.5 is the improved appliance management capabilities. The vCenter Server Appliance Management Interface continues its evolution and exposes additional health and configurations. This simple user interface now shows Network and Database statistics, disk space, and health in addition to CPU and memory statistics which reduces the reliance on using a command line interface for simple monitoring and operational tasks.

vCenter Server Appliance Management

vCenter Server Appliance Management

vCenter Server High Availability

vCenter Server 6.5 has a new native high availability solution that is available exclusively for the vCenter Server Appliance. This solution consists of Active, Passive, and Witness nodes which are cloned from the existing vCenter Server. Failover within the vCenter HA cluster can occur when an entire node is lost (host failure for example) or when certain key services fail. For the initial release of vCenter HA an RTO of about 5 minutes is expected but may vary slightly depending on load, size, and capabilities of the underlying hardware.

vCenter Server High Availability

vCenter Server High Availability

Backup and Restore

New in vCenter Server 6.5 is built-in backup and restore for the vCenter Server Appliance. This new out-of-the-box functionality enables customers to backup vCenter Server and Platform Services Controller appliances directly from the VAMI or API, and also backs up both VUM and Auto Deploy running embedded with the appliance. The backup consists of a set of files that will be streamed to a storage device of the customer’s choosing using SCP, HTTP(s), or FTP(s) protocols. This backup fully supports vCenter Server Appliances with embedded and external Platform Services Controllers. The Restore workflow is launched from the same ISO from which the vCenter Server Appliance (or PSC) was originally deployed or upgraded.

vSphere Web Client

From a User Interface perspective, probably the most used UI is the vSphere Web Client. This interface continues to be based on the Adobe Flex platform and requires Adobe Flash to use. However, VMware has continued to identify areas for improvement that will help improve the user experience until it is retired. Through several outreach efforts over the past year we’ve identified some high-value areas where we think customers are looking most for improvements. This small list of high-impact improvements will help with the overall user experience with the vSphere Web Client while development continues with the HTML5-based vSphere Client:

  • Inventory tree is the default view
  • Home screen reorganized
  • Renamed “Manage” tab to “Configure”
  • Removed “Related Objects” tab
  • Performance improvements (VM Rollup at 5000 instead of 50 VMs)
  • Live refresh for power states, tasks, and more!
vCenter Server Web Client

vCenter Server Web Client

vSphere Client

With vSphere 6.5 I’m excited to say that we have a fully supported version of the HTML5-based vSphere Client that will run alongside the vSphere Web Client. The vSphere Client is built right into vCenter Server 6.5 (both Windows and Appliance) and is enabled by default. While the vSphere Client doesn’t yet have full feature parity the team have prioritized many of the day to day tasks of administrators and continue to seek feedback on what’s missing that will enable customers to use it full time. The vSphere Web Client will continue to be accessible via “http:///vsphere-client” while the vSphere Client will be reachable via “http:///ui”. VMware will also be periodically updating the vSphere Client outside of the normal vCenter Server release cycle. To make sure it is easy and simple for customers to stay up to date the vSphere Client will be able to be updated without any effects to the rest of vCenter Server.

Now let’s take a look at some of the benefits to the new vSphere Client:

  • Clean, consistent UI built on VMware’s new Clarity UI standards (to be adopted across our portfolio)
  • Built on HTML5 so it is truly a cross-browser and cross-platform application
  • No browser plugins to install/manage
  • Integrated into vCenter Server for 6.5 and fully supported
  • Fully supports Enhanced Linked Mode
  • Users of the Fling have been extremely positive about its performance
vSphere Client

vSphere Client

Conclusion

While we’ve covered quite a few features there are many more which will be covered in accompanying blog articles. We will also be following up with detailed blogs on several of these new features which will be available by the time vSphere 6.5 reaches General Availability.

We hope you are as excited about this release as we are! Please post questions in the comments or reach out to Emad (@Emad_Younis) or Adam (@eck79) via Twitter.

To learn more about vSphere 6.5, please see the following resources.

Rating: 5/5


Oct 18

What’s New in vSphere 6.5: Host & Resource Management and Operations

Posted on October 18, 2016 by Charu Chaubal

vSphere 6.5 brings a number of enhancements to ESXi host lifecycle management as well as some new capabilities to our venerable resource management features, DRS and HA. There are also greatly enhanced developer and automation interfaces, which are a major focus in this release. Last but not least, there are some notable improvements to vRealize Operations, since this product is bundled with certain editions of vSphere. Let’s dig into each of these areas.

Enhanced vSphere Host Lifecycle Management Capabilities

With vSphere 6.5, administrators will find significantly easier and more powerful capabilities for patching, upgrading, and managing the configuration of VMware ESXi hosts.

VMware Update Manager (VUM) continues to be the preferred approach for keeping ESXi hosts up to date, and with vSphere 6.5 it has been fully integrated with the VCSA. This eliminates the additional VM, operating system license, and database dependencies of the previous architecture, and now benefits from the resiliency of vCenter HA for redundancy. VUM is enabled by default and ready to handle patching and upgrading tasks of all magnitudes in your datacenter.

Host Profiles has come a long way since the initial introduction way back in vSphere 4! This release offers much in the way of both management of the profiles, as well as day-to-day operations. For starters, an updated graphical editor that is part of the vSphere Web Client now has an easy-to-use search function in addition to a new ability to mark individual configuration elements as favorites for quick access.

vSphere Host Profile Editor

vSphere Host Profile Editor

Administrators now have the means to create a hierarchy of host profiles by taking advantage of the new ability to copy settings from one profile to one or many others.

Although Host Profiles provides a means of abstracting management away from individual hosts in favor of clusters, each host may still have distinct characteristics, such as a static IP address, that must be accommodated. The process of setting these per-host values is known as host customization, and with this release it is now possible to manage these settings for groups of hosts via CSV file – undoubtedly appealing to customers with larger environments.

Compliance checks are more informative as well, with a detailed side-by-side comparison of values from a profile versus the actual values on a host. And finally, the process of effecting configuration change is greatly enhanced in vSphere 6.5 thanks to DRS integration for scenarios that require maintenance mode, and speedy parallel remediation for changes that do not.

Auto Deploy – the boot-from-network deployment option for vSphere – is now easier to manage in vSphere 6.5 with the introduction of a full-featured graphical interface. Administrators no longer need to use PowerCLI to create and manage deploy rules or custom ESXi images.

Auto Deploy

Auto Deploy


New and unassigned hosts that boot from Auto Deploy will now be collected under the Discovered Hosts tab as they wait patiently for instructions, and a new interactive workflow enables provisioning without ever creating a deploy rule.

Custom integrations and other special configuration tasks are now possible with the Script Bundle feature, enabling arbitrary scripts to be run on the ESXi hosts after they boot via Auto Deploy.

Scalability has been greatly improved over previous releases and it’s easy to design an architecture with optional reverse proxy caches for very large environments needing to optimize and reduce resource utilization on the VCSA. And like VUM, Auto Deploy also benefits from native vCenter HA for quick failover in the event of an outage.

In addition to all of that, we are pleased to announce that Auto Deploy now supports UEFI hardware for those customers running the newest servers from VMware OEM partners.

It’s easy to see how vSphere 6.5 makes management of hosts easier for datacenters of all sizes!

Resource Management – HA, FT and DRS

vSphere continues to provide the best availability and resource management features for today’s most demanding applications. vSphere 6.5 continues to move the needle by adding major new features and improving existing features to make vSphere the most trusted virtual computing platform available. Here is a glimpse of the what you can expect to see when vSphere 6.5 later this year.

Proactive HA

Proactive HA will detect hardware conditions of a host and allow you to evacuate the VMs before the issue causes an outage. Working in conjunction with participating hardware vendors, vCenter will plug into the hardware monitoring solution to receive the health status of the monitored components such as fans, memory, and power supplies. vSphere can then be configured to respond according to the failure.

Once a component is labeled unhealthy by the hardware monitoring system, vSphere will classify the host as either moderately or severely degraded depending on which component failed. vSphere will place that affected host into a new state called Quarantine Mode. In this mode, DRS will not use the host for placement decisions for new VMs unless a DRS rule could not otherwise be satisfied. Additionally, DRS will attempt to evacuate the host as long as it would not cause a performance issue. Proactive HA can also be configured to place degraded hosts into Maintenance Mode which will perform a standard virtual machine evacuation.

vSphere HA Orchestrated Restart

vSphere 6.5 now allows creating dependency chains using VM-to-VM rules. These dependency rules are enforced if when vSphere HA is used to restart VMs from failed hosts. This is great for multi-tier applications that do not recover successfully unless they are restarted in a particular order. A common example to this is a database, app, and web server.

In the example below, VM4 and VM5 restart at the same time because their dependency rules are satisfied. VM7 will wait for VM5 because there is a rule between VM5 and VM7. Explicit rules must be created that define the dependency chain. If that last rule were omitted, VM7 would restart with VM5 because the rule with VM6 is already satisfied.

Orchestrator HA

Orchestrator HA


In addition to the VM dependency rules, vSphere 6.5 adds two additional restart priority levels named Highest and Lowest providing five total. This provides even greater control when planning the recovery of virtual machines managed by vSphere HA.

Simplified vSphere HA Admission Control

Several improvements have been made to vSphere HA Admission Control. Admission control is used to set aside a calculated amount of resources that are used in the event of a host failure. One of three different policies are used to enforce the amount of capacity is set aside. Starting with vSphere 6.5, this configuration just got simpler. The first major change is that the administrator simply needs to define the number of host failures to tolerate (FTT). Once the numbers of hosts are configured, vSphere HA will automatically calculate a percentage of resources to set aside by applying the “Percentage of Cluster Resources” admission control policy. As hosts are added or removed from the cluster, the percentage will be automatically recalculated. This is the new default configuration, but it is possible to override the automatic calculation or use another admission control policy.

Additionally, the vSphere Web Client will issue a warning if vSphere HA detects a host failure would cause a reduction in VM performance based on the actual resource consumption, not only based on the configured reservations. The administrator is able to configure how much of a performance loss is tolerated before a warning is issued.

Admission Control

Admission Control

Fault Tolerance (FT)

vSphere 6.5 FT has more integration with DRS which will help make better placement decisions by ranking the hosts based on the available network bandwidth as well as recommending which datastore to place the secondary vmdk files.

There has been a tremendous amount of effort to lower the network latency introduced with the new technology that powers vSphere FT. This will improve the performance to impact to certain types of applications that were sensitive to the additional latency first introduced with vSphere 6.0. This now opens the door for even a wider array of mission critical applications.

FT networks can now be configured to use multiple NICs to increase the overall bandwidth available for FT logging traffic. This is a similar configuration to Multi-NIC vMotion to provide additional channels of communication for environments that required more bandwidth than a single NIC can provide.

DRS Advanced Options

Three of the most common advanced options used in DRS clusters are now getting their own checkbox in the UI for simpler configuration.

  • VM Distribution: Enforce an even distribution of VMs. This will cause DRS to spread the count of the VMs evenly across the hosts. This is to prevent too many eggs in one basket and minimizes the impact to the environment after encountering a host failure. If DRS detects a severe imbalance to the performance, it will correct the performance issue at the expense of the count being evenly distributed.
  • Memory Metric for Load Balancing: DRS uses Active memory + 25% as its primary metric when calculating memory load on a host. The Consumed memory vs active memory will cause DRS to use the consumed memory metric rather than Active. This is beneficial when memory is not over-allocated. As a side effect, the UI show the hosts be more balanced.
  • CPU over-commitment: This is an option to enforce a maximum vCPU:pCPU ratios in the cluster. Once the cluster reaches this defined value, no additional VMs will be allowed to power on.
DRS settings

DRS settings

Network-Aware DRS

DRS now considers network utilization, in addition to the 25+ metrics already used when making migration recommendations. DRS observes the Tx and Rx rates of the connected physical uplinks and avoids placing VMs on hosts that are greater than 80% utilized. DRS will not reactively balance the hosts solely based on network utilization, rather, it will use network utilization as an additional check to determine whether the currently selected host is suitable for the VM. This additional input will improve DRS placement decisions, which results in better VM performance.

SIOC + SPBM

Storage IO Control configuration is now performed using Storage Policies and IO limits enforced using vSphere APIs for IO Filtering (VAIO). Using the Storage Based Policy Management (SPBM) framework, administrators can define different policies with different IO limits, and then assign VMs to those policies. This simplifies the ability to offer varying tiers of storage services and provides the ability to validate policy compliance.

VM Storage Policy

VM Storage Policy

Content Library

Content Library with vSphere 6.5 includes some very welcome usability improvements. Administrators can now mount an ISO directly from the Content Library, apply a Guest OS Customization during VM deployment, and update existing templates.

Performance and recoverability has also been improved. Scalability has been increased, and there is new option to control how a published library will store and sync content. When enabled, it will reduce the sync time between vCenter Servers are not using Enhanced Linked Mode.

The Content Library is now part of the vSphere 6.5 backup/restore service, and it is part of the VC HA feature set.

Developer and Automation Interfaces

The vSphere developer and automation interfaces are receiving some fantastic updates as well. Starting with the vSphere’s REST APIs, these have been extended to include VCSA and VM based management and configuration tasks. There’s also a new way to explore the available vSphere REST APIs with the API Explorer. The API Explorer is available locally on the vCenter server itself and will include information like what URL the API tas is available to be called by, what method to use, what the request body should look like, and even a “Try It Out” button to perform the call live.

API explorer

API explorer


Moving over to the CLIs, PowerCLI is now 100% module based! There’s also some key improvements to some of those modules as well. The Core module now supports cross vCenter vMotion by way of the Move-VM cmdlet. The VSAN module has been bolstered to feature 13 different cmdlets which focus on trying to automate the entire lifecycle of VSAN. The Horizon View module has been completely re-written and allows users to perform View related tasks from any system as well as the ability to interact with the View API.

The vSphere CLI (vCLI) also received some big updates. ESXCLI, which is installed as part of vCLI, now features several new storage based commands for handling VSAN core dump procedures, utilizing VSAN’s iSCSI functionality, managing NVMe devices, and other core storage commands. There’s also some additions on the network side to handle NIC based commands such as queuing, coalescing, and basic FCOE tasks. Lastly, the Datacenter CLI (DCLI), which is also installed as part of vCLI, can make use of all the new vSphere REST APIs!

Check out this example of the power of DCLI’s interactive mode with features like tab complete:

DCLI interactive

DCLI interactive

Operations Management

There’s been some exciting improvements on the vSphere with Operations Management (vSOM) side of the house as well. vRealize Operations Manager (vR Ops) has been updated to version 6.4 which include many new dashboards, dashboard improvements, and other key features to help administrators get to the root cause that much faster and more efficient. Log Insight for vCenter has been also updated, and will be on version 4.0. It contains a new user interface (UI) based on our new Clarity UI, increased API functionality around the installation process, the ability to perform automatic updates to agents, and some other general UI improvements. Also, both of these products will be compatible with vSphere 6.5 on day one.

Digging a little further into the vR Ops improvements, let’s first take a look at the three new dashboards titled: Operations Overview, Capacity Overview, and Troubleshoot a VM. The Operations dashboard will display pertinent environment based information such as an inventory summary, cluster update, overall alert volume, and some widgets containing Top-15 VMs experiencing CPU contention, memory contention, and disk latency. The Capacity dashboard contains information such as capacity totals as well as capacity in use across CPU count, RAM, and storage, reclaimable capacity, and a distributed utilization visualization. The Troubleshoot a VM dashboard is a nice central location to view individual VM based information like its alerts, relationships, and metrics based on demand, contention, parent cluster contention, and parent datastore latency.

vROPS Dashboard

vROPS Dashboard

One other improvement that isn’t a dashboard but is a new view for each object, is the new resource details page. It closely resembles the Home dashboard that was added in a prior version, but only focuses on the object selected. Some of the information displayed is any active alerts, key properties, KPI metrics, and relational based information.

vROPS details

vROPS details

Covering some of the other notable improvements, there is now the ability to display the vSphere VM folders within vR Ops. There’s also the ability to group alerts so that it’s easy to see what the most prevalent alert might be. Alert groups also enable the functionality to clear alerts in a bulk fashion. Lastly, there are now KPI metric groups available out of the box to help easily chart out and correlate properties with a single click.

To learn more about vSphere 6.5, please see the following resources.

Rating: 5/5


Oct 18

What’s new in vSphere 6.5: Security

Posted on October 17, 2016 by Mike Foley

vSphere 6.5 is a turning point in VMware infrastructure security. What was mostly an afterthought by many IT folks only a few short years ago is now one of the top drivers of innovation for vSphere. Security has become a front and center focus of this release and I think you’ll like what we’ve come up with.

Our focus on security is manageability. If security is not easy to implement and manage then the benefit it may bring is offset. Security in a virtual infrastructure must be able to be done “at scale”. Managing 100’s or 1000’s of security “snowflakes” is something no IT manager wants to do. She/He doesn’t have the resources to do that. The key to security at scale is automation and in these new features you’ll see plenty of that.

VM Encryption

Encryption of virtual machines is something that’s been on-going for years. But, in case you hadn’t noticed, it just hasn’t “taken off” because every solution has a negative operational impact. With vSphere 6.5 we are addressing that head on.

Encryption will be done in the hypervisor, “beneath” the virtual machine. As I/O comes out of the virtual disk controller in the VM it is immediately encrypted by a module in the kernel before being send to the kernel storage layer. Both VM Home files (VMX, snapshot, etc) and VMDK files are encrypted.

The advantages here are numerous.

    1. Because encryption happens at the hypervisor level and not in the VM, the Guest OS and datastore type are not a factor. Encryption of the VM is agnostic.
    2. Encryption is managed via policy. Application of the policy can be done to many VM’s, regardless of their Guest OS.
    3. Encryption is not managed “within” the VM. This is a key differentiation to every other solution in the market today! There are no encryption “snowflakes”. You don’t have to monitor whether encryption is running in the VM and the keys are not contained in the VM’s memory.
    4. Key Management is based on the industry standard, KMIP 1.1.
    In vSphere vCenter is a KMIP client and works with a large number of KMIP 1.1 key managers. This brings choice and flexibility to customers. VM Keys do not persist in vCenter.
    5. VM Encryption makes use of the latest hardware advances inherent in the CPU’s today. It leverages AES-NI for encryption.
VM Encryption

VM Encryption

vMotion Encryption

This has been an ask for a long time and with 6.5 we deliver. What’s unique about vMotion encryption is that we are not encrypting the network. There are not certificates to manage or network settings to make.

The encryption happens on a per-VM level. Enabling vMotion encryption on a VM sets things in motion. When the VM is migrated, a randomly generated, one time use 256-bit key is generated by vCenter (it does not use the key manager for this key).

In addition, a 64-bit “Nonce” (an arbitrary number used only once in a crypto operation) is also generated. The encryption key and Nonce are packaged into the migration specification sent to both hosts. At that point all the VM vMotion data is encrypted with both the key and the Nonce, ensuring that communications can’t be used to replay the data.

vMotion encryption can be set on unencrypted VM’s and is always enforced on encrypted VM’s.

Encrypted vMotion

Encrypted vMotion

Secure Boot support

For vSphere 6.5 we are introducing Secure Boot support for virtual machines and for the ESXi hypervisor.

ESXi Secure Boot

ESXi Secure Boot

ESXi SECURE BOOT – With Secure Boot enabled, the UEFI firmware validates the digital signature of the ESXi kernel against a digital certificate in the UEFI firmware. That ensures that only a properly signed kernel boots. For ESXi, we are taking Secure Boot further adding cryptographic assurance of all components of ESXi. Today, ESXi is already made up of digitally signed packages, called VIB’s. (vSphere Installation Bundle) The ESXi file system maps to the content of those packages (the packages are never broken open). By leveraging that digital certificate in the host UEFI firmware, at boot time the already validated ESXi Kernel will, in turn, validate each VIB against the firmware-based certificate. This assures a cryptographically “clean” boot.

Note: If Secure Boot is enabled then you will not be able to forcibly install un-signed code on ESXi. This ensures that when Secure Boot is enabled that ESXi will only be running VMware digitally signed code.

Dramatically Simplified Experience

VIRTUAL MACHINE SECURE BOOT

For VM’s, SecureBoot is simple to enable. Your VM must be configured to use EFI firmware and then you enable Secure Boot with a checkbox. Note that if you turn on secure boot for a virtual machine, you can load only signed drivers into that virtual machine.

Secure Boot for Virtual Machines works with Windows or Linux.

Secure Boot for Virtual Machines

Secure Boot for Virtual Machines

Enhanced Logging

vSphere logs have traditionally been focused on troubleshooting and not “security” or even “IT operations”. This changes in vSphere 6.5 with the introduction of enhanced logging. Gone are the days where you’ll make a significant change to a virtual machine and only get a log that says “VM has been reconfigured”.

We’ve enhanced the logs and made them “actionable” by now sending the complete vCenter event such as “VM Reconfigure” out via the syslog data stream. The events now contain what I like to call “actionable data”. What I mean by that rather than just getting a notice that “something” has changed you now get what changed, what it changed from and what it changed to. This is data that I can “take action” against.

In 6.5, you will get a descriptive log of the action. For example, if I add 4GB of memory to a VM that has 6GB today, I’ll see a log that tells me what the setting was and what the new setting is. In a security context, if you move a VM from the vSwitch labeled “PCI” to the vSwitch labeled “Non-PCI” you will get a clear log describing that change. See the image below for an example.

Actionable Loging

Actionable Loging

Enhanced/Actionable Logging

Solutions like VMware Log Insight will now have a lot more data to display and present but more importantly, more detailed messages mean you can create more prescriptive alerts and remediation’s. More informed solutions help make more informed critical datacenter decisions.

Automation

All of these features will have some level of automation available out of the gate. In future blog articles you’ll see PowerCLI examples for encrypting and decrypting VM’s, enabling Secure Boot for VM’s, setting Encrypted vMotion policies on a VM and a script I used to build an Enhanced Logging demo that you can tweak to show the benefits of Enhanced Logging in your own environment. All of the script example will be released on GitHub.

Wrap Up

That’s it for vSphere 6.5 security! I hope you are as excited as I am about it! More details on each will be forthcoming in blogs and whitepapers. One thing to add is the vSphere 6.5 Security Hardening Guide. This will, as always, come out within 1 quarter after the GA of 6.5. I don’t anticipate major changes to the guide. Features like VM Encryption are not something you should expect in the hardening guide. For more information on the types of information that is now in the guide please reference this blog post.

As always, I appreciate your feedback and questions. You can reach out to me via email (mfoley at vmware dot com) or on Twitter @vspheresecurity or @mikefoley.

mike

To learn more about vSphere 6.5, please see the following resources.

Rating: 5/5


Sep 15

vSphere HTML5 Web Client – v2.5

Summary

HTML 5 The vSphere HTML5 Web Client is here! It is written using HTML5 and Javascript, and we are looking forward to you trying it in your environment and hearing your feedback! For partners who want to extend the HTML Client, this Fling also includes a new HTML SDK. Please see the HTML Client SDK Fling Overview.pdf and download the html-client-sdk.zip.

First things first– this Fling is not fully complete. We wanted to get it in front of our customers as soon as possible, and so we are only offering the following features for the time being (we feel that these are the most commonly used actions/views):

  • VM Power Operations (common cases)
  • VM Edit Settings (simple CPU, Memory, Disk changes)
  • VM Console
  • VM and Host Summary pages
  • VM Migration (only to a Host)
  • Clone to Template/VM
  • Create VM on a Host (limited)
  • Additional monitoring views (Performance charts, Tasks, Events)
  • Global Views (Recent tasks, Alarms–view only)

This Fling has been designed to work with your existing vSphere 6.0 environments. The new client is deployed as a new VM from the downloadable OVA. Currently the installation instructions are command line-based, but we are working on a GUI installation and plan to release it as an update to this Fling once it is ready.

We intend to regularly update this Fling to both provide new features and address reported issues, based on feedback. When providing feedback, please provide as much detail as possible to help us understand and fix any issues.

Known Issues

  • Firefox and Chrome are most compatible with this Fling. IE11 should also work with no issues. We have tested with Safari and Edge as well.
  • On occasion you may see the following error popup: “An error occurred……See more details in the browser’s javascript console”. This is to help us debug the UI. If this occurs repeatedly, please use the Feedback tool to send us any information you have, including your environment, object, and a description of what you did to reproduce the error.
  • Linux will show a warning on the login page about being unsupported, but the Fling should still work after login
  • Bug: Unpatched versions of IE can fail to login and end up at URL “vmware-csd://csd”: This is a known vCenter 6.0 bug that we cannot patch with this appliance. The KB and fix are located here

System requirements – 2 vCPU, 4 GB RAM, 14 GB

  • 2 vCPU, 4 GB RAM, 14 GB
  • An existing VC6.0 installation (VCSA or Windows). The H5 client appliance will need 4 GB RAM, 2 vCPUs and the hard disk will grow up to 14 GB.
  • Recommended browsers: Chrome, Firefox, IE11. Others may work, with some functional or layout issues.
  • Windows vCenter: Was tested with a vCenter on Windows Server 2012 R2, but should work with other versions as well. Please report any issues.

Download

Rating: 5/5


Jul 19

Understanding Virtual Machine Snapshots in VMware ESX and ESXi

http://kb.vmware.com/kb/1015180 – This video explores the concept of Virtual Machine Snapshots so that you can understand and troubleshoot problems relating to Snapshots.

Be sure to read the full content of the KB article for additional information: “Understanding Virtual Machine Snapshots in VMware ESX and ESXi(1015180)” at http://kb.vmware.com/kb/1015180

Note:For best viewings results, ensure that the 720p quality setting is selected an view using full screen mode.

Rating: 5/5


Jun 29

VMware vSphere and OpenStack

In this video we describe how OpenStack Compute (Nova) interacts the VMware vSphere product family and enables access to advanced features such as vMotion, High Availability, and Dynamic Resource Scheduling (DRS). Because individual ESX hosts are not exposed to the Nova scheduler, Nova schedules to the granularity of clusters. When a virtual machine makes its way into a vCenter cluster, it can use all vSphere features. This brings tremendous operational efficiency to an OpenStack-based Cloud without compromising the technical investment already committed to managing and troubleshooting a VMware environment.

Rating: 5/5


Jun 14

VMware vCenter Server 6.0 Performance and Best Practices

Introduction

VMware vCenter Server™ 6.0 substantially improves performance over previous vCenter Server versions. This paper demonstrates the improved performance in vCenter Server 6.0 compared to vCenter Server 5.5, and shows that vCenter Server with the embedded vPostgres database now performs as well as vCenter Server with an external database, even at vCenter Server’s scale limits. This paper also discusses factors that affect vCenter Server performance and provides best practices for vCenter Server performance.

What’s New in vCenter Server 6.0

vCenter Server 6.0 brings extensive improvements in performance and scalability over vCenter Server 5.5:

  • Operational throughput is over 100% higher, and certain operations are over 80% faster.
  • VMware vCenter Server™ Appliance™ now has the same scale limits as vCenter Server on Windows with an external database: 1,000 ESXi hosts, 10,000 powered-on virtual machines, and 15,000 registered virtual machines.
  • VMware vSphere® Web Client performance has improved, with certain pages over 90% faster.

In addition, vCenter Server 6.0 provides new deployment options:

  • Both vCenter Server on Windows and VMware vCenter Server Appliance provide an embedded vPostgres database as an alternative to an external database. (vPostgres replaces the SQL Server Express option that was available in previous vCenter versions.)
  • The embedded vPostgres database supports vCenter’s full scale limits when used with the vCenter Server Appliance.

Performance Comparison with vCenter Server 5.5

In order to demonstrate and quantify performance improvements in vCenter Server 6.0, this section compares 6.0 and 5.5 performance at several inventory and workload sizes. In addition, this section compares vCenter Server 6.0 on Windows to the vCenter Server Appliance at different inventory sizes, to highlight the larger scale limits in the Appliance in vCenter 6.0. Finally, this section illustrates the performance gained by provisioning vCenter with additional resources.

The workload for this comparison uses vSphere Web Services API clients to simulate a self-service cloud environment with a large amount of virtual machine “churn” (that is, frequently creating, deleting, and reconfiguring virtual machines). Each client repeatedly issues a series of inventory management and provisioning operations to vCenter Server. Table 1 lists the operations performed in this workload. The operations listed here were chosen from a sampling of representative customer data. Also, the inventories in this experiment used vCenter features including DRS, High Availability, and vSphere Distributed Switch. (See Appendix A for precise details on inventory configuration.)

Operations performed in performance comparison workload

Results

Figure 3 shows vCenter Server operation throughput (in operations per minute) for the heaviest workload for each inventory size. Performance has improved considerably at all sizes. For example, for the large inventory setup (Figure 3, right), operational throughput has increased from just over 600 operations per minute in vCenter Server 5.5 to over 1,200 operations per minute in vCenter Server 6.0 for Windows: an improvement of over 100%.
The other inventory sizes show similar gains in operational throughput.

vCenter Server 6.0 operation throughput

Figure 3. vCenter throughput at several inventory sizes, with heavy workload (higher is better). Throughput has increased at all inventory sizes in vCenter Server 6.0.

Figure 4 shows median latency across all operations in the heaviest workload for each inventory size. Just as with operational throughput in Figure 3, latency has improved at all inventory sizes. For example, for the large inventory setup (Figure 4, right), median operational latency has decreased from 19.4 seconds in vCenter Server 5.5 to 4.0 seconds in vCenter Server Appliance 6.0: a decrease of about 80%. The other inventory sizes also show large decreases in operational latency.

vCenter Server median latency at several inventory sizes

Figure 4. vCenter Server median latency at several inventory sizes, with heavy workload (lower is better). Latency has decreased at all inventory sizes in vCenter 6.0.

Download

Download a full VMware vCenter Server 6.0 Performance and Best Practices Technical White Paper

Rating: 5/5