Oct 18

What’s New in vSphere 6.5: Host & Resource Management and Operations

Posted on October 18, 2016 by Charu Chaubal

vSphere 6.5 brings a number of enhancements to ESXi host lifecycle management as well as some new capabilities to our venerable resource management features, DRS and HA. There are also greatly enhanced developer and automation interfaces, which are a major focus in this release. Last but not least, there are some notable improvements to vRealize Operations, since this product is bundled with certain editions of vSphere. Let’s dig into each of these areas.

Enhanced vSphere Host Lifecycle Management Capabilities

With vSphere 6.5, administrators will find significantly easier and more powerful capabilities for patching, upgrading, and managing the configuration of VMware ESXi hosts.

VMware Update Manager (VUM) continues to be the preferred approach for keeping ESXi hosts up to date, and with vSphere 6.5 it has been fully integrated with the VCSA. This eliminates the additional VM, operating system license, and database dependencies of the previous architecture, and now benefits from the resiliency of vCenter HA for redundancy. VUM is enabled by default and ready to handle patching and upgrading tasks of all magnitudes in your datacenter.

Host Profiles has come a long way since the initial introduction way back in vSphere 4! This release offers much in the way of both management of the profiles, as well as day-to-day operations. For starters, an updated graphical editor that is part of the vSphere Web Client now has an easy-to-use search function in addition to a new ability to mark individual configuration elements as favorites for quick access.

vSphere Host Profile Editor

vSphere Host Profile Editor

Administrators now have the means to create a hierarchy of host profiles by taking advantage of the new ability to copy settings from one profile to one or many others.

Although Host Profiles provides a means of abstracting management away from individual hosts in favor of clusters, each host may still have distinct characteristics, such as a static IP address, that must be accommodated. The process of setting these per-host values is known as host customization, and with this release it is now possible to manage these settings for groups of hosts via CSV file – undoubtedly appealing to customers with larger environments.

Compliance checks are more informative as well, with a detailed side-by-side comparison of values from a profile versus the actual values on a host. And finally, the process of effecting configuration change is greatly enhanced in vSphere 6.5 thanks to DRS integration for scenarios that require maintenance mode, and speedy parallel remediation for changes that do not.

Auto Deploy – the boot-from-network deployment option for vSphere – is now easier to manage in vSphere 6.5 with the introduction of a full-featured graphical interface. Administrators no longer need to use PowerCLI to create and manage deploy rules or custom ESXi images.

Auto Deploy

Auto Deploy

New and unassigned hosts that boot from Auto Deploy will now be collected under the Discovered Hosts tab as they wait patiently for instructions, and a new interactive workflow enables provisioning without ever creating a deploy rule.

Custom integrations and other special configuration tasks are now possible with the Script Bundle feature, enabling arbitrary scripts to be run on the ESXi hosts after they boot via Auto Deploy.

Scalability has been greatly improved over previous releases and it’s easy to design an architecture with optional reverse proxy caches for very large environments needing to optimize and reduce resource utilization on the VCSA. And like VUM, Auto Deploy also benefits from native vCenter HA for quick failover in the event of an outage.

In addition to all of that, we are pleased to announce that Auto Deploy now supports UEFI hardware for those customers running the newest servers from VMware OEM partners.

It’s easy to see how vSphere 6.5 makes management of hosts easier for datacenters of all sizes!

Resource Management – HA, FT and DRS

vSphere continues to provide the best availability and resource management features for today’s most demanding applications. vSphere 6.5 continues to move the needle by adding major new features and improving existing features to make vSphere the most trusted virtual computing platform available. Here is a glimpse of the what you can expect to see when vSphere 6.5 later this year.

Proactive HA

Proactive HA will detect hardware conditions of a host and allow you to evacuate the VMs before the issue causes an outage. Working in conjunction with participating hardware vendors, vCenter will plug into the hardware monitoring solution to receive the health status of the monitored components such as fans, memory, and power supplies. vSphere can then be configured to respond according to the failure.

Once a component is labeled unhealthy by the hardware monitoring system, vSphere will classify the host as either moderately or severely degraded depending on which component failed. vSphere will place that affected host into a new state called Quarantine Mode. In this mode, DRS will not use the host for placement decisions for new VMs unless a DRS rule could not otherwise be satisfied. Additionally, DRS will attempt to evacuate the host as long as it would not cause a performance issue. Proactive HA can also be configured to place degraded hosts into Maintenance Mode which will perform a standard virtual machine evacuation.

vSphere HA Orchestrated Restart

vSphere 6.5 now allows creating dependency chains using VM-to-VM rules. These dependency rules are enforced if when vSphere HA is used to restart VMs from failed hosts. This is great for multi-tier applications that do not recover successfully unless they are restarted in a particular order. A common example to this is a database, app, and web server.

In the example below, VM4 and VM5 restart at the same time because their dependency rules are satisfied. VM7 will wait for VM5 because there is a rule between VM5 and VM7. Explicit rules must be created that define the dependency chain. If that last rule were omitted, VM7 would restart with VM5 because the rule with VM6 is already satisfied.

Orchestrator HA

Orchestrator HA

In addition to the VM dependency rules, vSphere 6.5 adds two additional restart priority levels named Highest and Lowest providing five total. This provides even greater control when planning the recovery of virtual machines managed by vSphere HA.

Simplified vSphere HA Admission Control

Several improvements have been made to vSphere HA Admission Control. Admission control is used to set aside a calculated amount of resources that are used in the event of a host failure. One of three different policies are used to enforce the amount of capacity is set aside. Starting with vSphere 6.5, this configuration just got simpler. The first major change is that the administrator simply needs to define the number of host failures to tolerate (FTT). Once the numbers of hosts are configured, vSphere HA will automatically calculate a percentage of resources to set aside by applying the “Percentage of Cluster Resources” admission control policy. As hosts are added or removed from the cluster, the percentage will be automatically recalculated. This is the new default configuration, but it is possible to override the automatic calculation or use another admission control policy.

Additionally, the vSphere Web Client will issue a warning if vSphere HA detects a host failure would cause a reduction in VM performance based on the actual resource consumption, not only based on the configured reservations. The administrator is able to configure how much of a performance loss is tolerated before a warning is issued.

Admission Control

Admission Control

Fault Tolerance (FT)

vSphere 6.5 FT has more integration with DRS which will help make better placement decisions by ranking the hosts based on the available network bandwidth as well as recommending which datastore to place the secondary vmdk files.

There has been a tremendous amount of effort to lower the network latency introduced with the new technology that powers vSphere FT. This will improve the performance to impact to certain types of applications that were sensitive to the additional latency first introduced with vSphere 6.0. This now opens the door for even a wider array of mission critical applications.

FT networks can now be configured to use multiple NICs to increase the overall bandwidth available for FT logging traffic. This is a similar configuration to Multi-NIC vMotion to provide additional channels of communication for environments that required more bandwidth than a single NIC can provide.

DRS Advanced Options

Three of the most common advanced options used in DRS clusters are now getting their own checkbox in the UI for simpler configuration.

  • VM Distribution: Enforce an even distribution of VMs. This will cause DRS to spread the count of the VMs evenly across the hosts. This is to prevent too many eggs in one basket and minimizes the impact to the environment after encountering a host failure. If DRS detects a severe imbalance to the performance, it will correct the performance issue at the expense of the count being evenly distributed.
  • Memory Metric for Load Balancing: DRS uses Active memory + 25% as its primary metric when calculating memory load on a host. The Consumed memory vs active memory will cause DRS to use the consumed memory metric rather than Active. This is beneficial when memory is not over-allocated. As a side effect, the UI show the hosts be more balanced.
  • CPU over-commitment: This is an option to enforce a maximum vCPU:pCPU ratios in the cluster. Once the cluster reaches this defined value, no additional VMs will be allowed to power on.
DRS settings

DRS settings

Network-Aware DRS

DRS now considers network utilization, in addition to the 25+ metrics already used when making migration recommendations. DRS observes the Tx and Rx rates of the connected physical uplinks and avoids placing VMs on hosts that are greater than 80% utilized. DRS will not reactively balance the hosts solely based on network utilization, rather, it will use network utilization as an additional check to determine whether the currently selected host is suitable for the VM. This additional input will improve DRS placement decisions, which results in better VM performance.


Storage IO Control configuration is now performed using Storage Policies and IO limits enforced using vSphere APIs for IO Filtering (VAIO). Using the Storage Based Policy Management (SPBM) framework, administrators can define different policies with different IO limits, and then assign VMs to those policies. This simplifies the ability to offer varying tiers of storage services and provides the ability to validate policy compliance.

VM Storage Policy

VM Storage Policy

Content Library

Content Library with vSphere 6.5 includes some very welcome usability improvements. Administrators can now mount an ISO directly from the Content Library, apply a Guest OS Customization during VM deployment, and update existing templates.

Performance and recoverability has also been improved. Scalability has been increased, and there is new option to control how a published library will store and sync content. When enabled, it will reduce the sync time between vCenter Servers are not using Enhanced Linked Mode.

The Content Library is now part of the vSphere 6.5 backup/restore service, and it is part of the VC HA feature set.

Developer and Automation Interfaces

The vSphere developer and automation interfaces are receiving some fantastic updates as well. Starting with the vSphere’s REST APIs, these have been extended to include VCSA and VM based management and configuration tasks. There’s also a new way to explore the available vSphere REST APIs with the API Explorer. The API Explorer is available locally on the vCenter server itself and will include information like what URL the API tas is available to be called by, what method to use, what the request body should look like, and even a “Try It Out” button to perform the call live.

API explorer

API explorer

Moving over to the CLIs, PowerCLI is now 100% module based! There’s also some key improvements to some of those modules as well. The Core module now supports cross vCenter vMotion by way of the Move-VM cmdlet. The VSAN module has been bolstered to feature 13 different cmdlets which focus on trying to automate the entire lifecycle of VSAN. The Horizon View module has been completely re-written and allows users to perform View related tasks from any system as well as the ability to interact with the View API.

The vSphere CLI (vCLI) also received some big updates. ESXCLI, which is installed as part of vCLI, now features several new storage based commands for handling VSAN core dump procedures, utilizing VSAN’s iSCSI functionality, managing NVMe devices, and other core storage commands. There’s also some additions on the network side to handle NIC based commands such as queuing, coalescing, and basic FCOE tasks. Lastly, the Datacenter CLI (DCLI), which is also installed as part of vCLI, can make use of all the new vSphere REST APIs!

Check out this example of the power of DCLI’s interactive mode with features like tab complete:

DCLI interactive

DCLI interactive

Operations Management

There’s been some exciting improvements on the vSphere with Operations Management (vSOM) side of the house as well. vRealize Operations Manager (vR Ops) has been updated to version 6.4 which include many new dashboards, dashboard improvements, and other key features to help administrators get to the root cause that much faster and more efficient. Log Insight for vCenter has been also updated, and will be on version 4.0. It contains a new user interface (UI) based on our new Clarity UI, increased API functionality around the installation process, the ability to perform automatic updates to agents, and some other general UI improvements. Also, both of these products will be compatible with vSphere 6.5 on day one.

Digging a little further into the vR Ops improvements, let’s first take a look at the three new dashboards titled: Operations Overview, Capacity Overview, and Troubleshoot a VM. The Operations dashboard will display pertinent environment based information such as an inventory summary, cluster update, overall alert volume, and some widgets containing Top-15 VMs experiencing CPU contention, memory contention, and disk latency. The Capacity dashboard contains information such as capacity totals as well as capacity in use across CPU count, RAM, and storage, reclaimable capacity, and a distributed utilization visualization. The Troubleshoot a VM dashboard is a nice central location to view individual VM based information like its alerts, relationships, and metrics based on demand, contention, parent cluster contention, and parent datastore latency.

vROPS Dashboard

vROPS Dashboard

One other improvement that isn’t a dashboard but is a new view for each object, is the new resource details page. It closely resembles the Home dashboard that was added in a prior version, but only focuses on the object selected. Some of the information displayed is any active alerts, key properties, KPI metrics, and relational based information.

vROPS details

vROPS details

Covering some of the other notable improvements, there is now the ability to display the vSphere VM folders within vR Ops. There’s also the ability to group alerts so that it’s easy to see what the most prevalent alert might be. Alert groups also enable the functionality to clear alerts in a bulk fashion. Lastly, there are now KPI metric groups available out of the box to help easily chart out and correlate properties with a single click.

To learn more about vSphere 6.5, please see the following resources.

Rating: 5/5

Oct 18

What’s new in vSphere 6.5: Security

Posted on October 17, 2016 by Mike Foley

vSphere 6.5 is a turning point in VMware infrastructure security. What was mostly an afterthought by many IT folks only a few short years ago is now one of the top drivers of innovation for vSphere. Security has become a front and center focus of this release and I think you’ll like what we’ve come up with.

Our focus on security is manageability. If security is not easy to implement and manage then the benefit it may bring is offset. Security in a virtual infrastructure must be able to be done “at scale”. Managing 100’s or 1000’s of security “snowflakes” is something no IT manager wants to do. She/He doesn’t have the resources to do that. The key to security at scale is automation and in these new features you’ll see plenty of that.

VM Encryption

Encryption of virtual machines is something that’s been on-going for years. But, in case you hadn’t noticed, it just hasn’t “taken off” because every solution has a negative operational impact. With vSphere 6.5 we are addressing that head on.

Encryption will be done in the hypervisor, “beneath” the virtual machine. As I/O comes out of the virtual disk controller in the VM it is immediately encrypted by a module in the kernel before being send to the kernel storage layer. Both VM Home files (VMX, snapshot, etc) and VMDK files are encrypted.

The advantages here are numerous.

    1. Because encryption happens at the hypervisor level and not in the VM, the Guest OS and datastore type are not a factor. Encryption of the VM is agnostic.
    2. Encryption is managed via policy. Application of the policy can be done to many VM’s, regardless of their Guest OS.
    3. Encryption is not managed “within” the VM. This is a key differentiation to every other solution in the market today! There are no encryption “snowflakes”. You don’t have to monitor whether encryption is running in the VM and the keys are not contained in the VM’s memory.
    4. Key Management is based on the industry standard, KMIP 1.1.
    In vSphere vCenter is a KMIP client and works with a large number of KMIP 1.1 key managers. This brings choice and flexibility to customers. VM Keys do not persist in vCenter.
    5. VM Encryption makes use of the latest hardware advances inherent in the CPU’s today. It leverages AES-NI for encryption.
VM Encryption

VM Encryption

vMotion Encryption

This has been an ask for a long time and with 6.5 we deliver. What’s unique about vMotion encryption is that we are not encrypting the network. There are not certificates to manage or network settings to make.

The encryption happens on a per-VM level. Enabling vMotion encryption on a VM sets things in motion. When the VM is migrated, a randomly generated, one time use 256-bit key is generated by vCenter (it does not use the key manager for this key).

In addition, a 64-bit “Nonce” (an arbitrary number used only once in a crypto operation) is also generated. The encryption key and Nonce are packaged into the migration specification sent to both hosts. At that point all the VM vMotion data is encrypted with both the key and the Nonce, ensuring that communications can’t be used to replay the data.

vMotion encryption can be set on unencrypted VM’s and is always enforced on encrypted VM’s.

Encrypted vMotion

Encrypted vMotion

Secure Boot support

For vSphere 6.5 we are introducing Secure Boot support for virtual machines and for the ESXi hypervisor.

ESXi Secure Boot

ESXi Secure Boot

ESXi SECURE BOOT – With Secure Boot enabled, the UEFI firmware validates the digital signature of the ESXi kernel against a digital certificate in the UEFI firmware. That ensures that only a properly signed kernel boots. For ESXi, we are taking Secure Boot further adding cryptographic assurance of all components of ESXi. Today, ESXi is already made up of digitally signed packages, called VIB’s. (vSphere Installation Bundle) The ESXi file system maps to the content of those packages (the packages are never broken open). By leveraging that digital certificate in the host UEFI firmware, at boot time the already validated ESXi Kernel will, in turn, validate each VIB against the firmware-based certificate. This assures a cryptographically “clean” boot.

Note: If Secure Boot is enabled then you will not be able to forcibly install un-signed code on ESXi. This ensures that when Secure Boot is enabled that ESXi will only be running VMware digitally signed code.

Dramatically Simplified Experience


For VM’s, SecureBoot is simple to enable. Your VM must be configured to use EFI firmware and then you enable Secure Boot with a checkbox. Note that if you turn on secure boot for a virtual machine, you can load only signed drivers into that virtual machine.

Secure Boot for Virtual Machines works with Windows or Linux.

Secure Boot for Virtual Machines

Secure Boot for Virtual Machines

Enhanced Logging

vSphere logs have traditionally been focused on troubleshooting and not “security” or even “IT operations”. This changes in vSphere 6.5 with the introduction of enhanced logging. Gone are the days where you’ll make a significant change to a virtual machine and only get a log that says “VM has been reconfigured”.

We’ve enhanced the logs and made them “actionable” by now sending the complete vCenter event such as “VM Reconfigure” out via the syslog data stream. The events now contain what I like to call “actionable data”. What I mean by that rather than just getting a notice that “something” has changed you now get what changed, what it changed from and what it changed to. This is data that I can “take action” against.

In 6.5, you will get a descriptive log of the action. For example, if I add 4GB of memory to a VM that has 6GB today, I’ll see a log that tells me what the setting was and what the new setting is. In a security context, if you move a VM from the vSwitch labeled “PCI” to the vSwitch labeled “Non-PCI” you will get a clear log describing that change. See the image below for an example.

Actionable Loging

Actionable Loging

Enhanced/Actionable Logging

Solutions like VMware Log Insight will now have a lot more data to display and present but more importantly, more detailed messages mean you can create more prescriptive alerts and remediation’s. More informed solutions help make more informed critical datacenter decisions.


All of these features will have some level of automation available out of the gate. In future blog articles you’ll see PowerCLI examples for encrypting and decrypting VM’s, enabling Secure Boot for VM’s, setting Encrypted vMotion policies on a VM and a script I used to build an Enhanced Logging demo that you can tweak to show the benefits of Enhanced Logging in your own environment. All of the script example will be released on GitHub.

Wrap Up

That’s it for vSphere 6.5 security! I hope you are as excited as I am about it! More details on each will be forthcoming in blogs and whitepapers. One thing to add is the vSphere 6.5 Security Hardening Guide. This will, as always, come out within 1 quarter after the GA of 6.5. I don’t anticipate major changes to the guide. Features like VM Encryption are not something you should expect in the hardening guide. For more information on the types of information that is now in the guide please reference this blog post.

As always, I appreciate your feedback and questions. You can reach out to me via email (mfoley at vmware dot com) or on Twitter @vspheresecurity or @mikefoley.


To learn more about vSphere 6.5, please see the following resources.

Rating: 5/5

Sep 04

What’s New: VMware Integrated OpenStack 3.0

Stack diagram for VMware Integrated OpenStack

Stack diagram for VMware Integrated OpenStack

VMware’s latest OpenStack distribution gives you the new features and enhancements included in the latest Mitaka release, an optimized management control plane architecture, and the ability to leverage existing workloads in your OpenStack cloud.

  • OpenStack Mitaka Support
    VMware Integrated OpenStack customers can now leverage the features and enhancements in the latest Mitaka release that address manageability, scalability and an improved user experience. Mitaka improvements include:

    • Improved day-to-day experience for cloud admins and IT administrators
    • Simplified configuration for Nova compute service
    • Streamlined Keystone identity service is now a one-step process for setting up the identity management features of a cloud network
    • Keystone now supports multi-backend allowing local authentication and AD accounts simultaneously
    • Heat’s convergence engine optimized to handle larger loads and more complex actions for horizontal scaling for improved performance for stateless mode
    • Enhanced OpenStack Client provides a consistent set of calls for creating resources, no longer requiring the need to learn the intricacies of each service API
    • Support for software development kits (SDKs) in various languages
    • New “give me a network,” feature capable of creating a network, attaching a server to it, assigning an IP to that server, and making the network accessible in a single action
  • Easily Import Existing Workloads
  • Customers can now quickly leverage their existing vSphere workloads and start managing them via standard OpenStack APIs. The ability to directly import vSphere VMs into OpenStack and run critical Day 2 operations against them via OpenStack enables you to quickly move your environment to an OpenStack Framework.

  • Compact Management Control Plane
  • Building on enhancements from previous releases, this feature is focused on organizations looking to evaluate OpenStack or to build a small OpenStack cloud for branch locations quickly and cost effectively. The VMware Integrated OpenStack architecture has been optimized to support a compact architecture mode that dramatically reduces the infrastructure footprint saving resource costs and overall operational complexity.

Try VMware Integrated OpenStack Today

Rating: 5/5

Aug 30

VMware Integrated OpenStack 3.0 Announced Today. See What’s Coming

Posted on August 30, 2016 by Pete Cruz

See What’s Coming

Today VMware announced VMware Integrated OpenStack 3.0 at VMWorld in Las Vegas. We are truly excited about our latest OpenStack distribution that gives our customers the new features and enhancements included in the latest Mitaka release, an optimized management control plane architecture, and the ability leverage existing workloads in your OpenStack cloud.

We expect VMware Integrated OpenStack 3.0 later this year. Sign up to be notified when its available. New features include:

  • OpenStack Mitaka Support
    VMware Integrated OpenStack 3.0 customers can leverage the great features and enhancements in the latest OpenStack release. Mitaka addresses manageability, scalability, and a greater user experience. To learn more about the Mitaka release, visit the OpenStack.org site at https://www.openstack.org/software/mitaka/.

  • Easily Import Existing Workloads
  • The ability to now directly import vSphere VMs into OpenStack and run critical Day 2 operations against them via OpenStack APIs enables you to quickly move existing development project or production workloads to the OpenStack Framework.

  • Compact Management Control Plane
    Building on enhancements from previous releases, organizations looking to evaluate OpenStack or to build OpenStack clouds for branch locations quickly and cost effectively can easily deploy in as little as 15 minutes. The VMware Integrated OpenStack 3.0 architecture has been optimized to support a compact architecture mode that dramatically reduces the infrastructure footprint saving resource costs and overall operational complexity.

    If you are at VMWorld2016 in Las Vegas, we invite you to attend the following sessions to hear how our customers are using VMware Integrated OpenStack and learn more details about this great upcoming release.
    VIO 3.0

    Rating: 5/5

Aug 29

VMworld 2016 – Pat Gelsinger Introduces VMware’s Cross-Cloud Architecture

VMware CEO Pat Gelsinger opened VMworld 2016 in Las Vegas, Nevada, this morning by telling his audience that “a new era of cloud freedom and control is here.” Gelsinger used his keynote to introduce the VMware® Cross-Cloud Architecture™. This is a game-changing new architecture that, as he says, “will enable customers to run, manage, connect, and secure applications across clouds and devices in a common operating environment.”

NOTE: This video is roughly 8 minutes in length so it would be worth blocking out some time to watch it!

Rating: 5/5

Aug 29

Introducing VMware Validated Design 3.0

Eddie Dinel posted August 29th, 2016
With the first day of VMworld 2016 almost in the books, several exciting product announcements have already been made. In the area of SDDC and hybrid cloud, earlier today we announced VMware Cloud Foundation, our new unified SDDC platform for the hybrid cloud. Cloud Foundation offers an accelerated path to SDDC by bringing together vSphere, VSAN and NSX into a natively integrated stack that is dead simple to manage and maintain. This is achieved thanks to the new VMware SDDC Manager that is included in Cloud Foundation, and brings new unique capabilities around the automation of the bring up, configuration and patching/upgrade of the entire stack. Very exciting! To learn more I recommend reading this blog by Raj Yavaktar, our VMware Fellow.

Cloud Foundation offers an integrated platform approach to the creation of a SDDC-based cloud. VMware provides you with the key piece parts and the built-in automation to manage the software stack so that you don’t have to invest time and money in doing it yourself. This approach has clear benefits and works for a lot of people, but there are also many customers who need or want to use a more typical “do-it-yourself” approach, selecting individual cloud infrastructure components and integrating them themselves. I can think of many valid reasons for choosing the “do-it-yourself” path: maybe you are not planning to move to HCI, or maybe you are not ready organizationally, or perhaps you simply want to use a more hands-on approach, etc. We recognize that when it comes to building the cloud there isn’t a one-size-fits-all option, and we want to ensure that all our customers will successfully complete this crucial transformation.

Designing and implementing an SDDC outside of an integrated and automated framework comes with its own challenges. Customers who choose to go down the “do-it-yourself” path are asking us for guidance on how to bring individual software components together using best practices that ensure a reliable, repeatable and scalable deployment. Customers want the peace of mind that software components interoperate well together, and that the decisions they make today won’t prevent them from growing their environment tomorrow. This is where VMware Validated Designs come in. Today we are delighted to announce that the new release VMware Validated Designs 3.0 will become available by the end of September!

Before going over the details of what’s new, let’s recap what VVDs are

VMware Validated Design VMware Validated Designs provide a comprehensive and extensively-tested set of blueprints for building and operating an SDDC. They are holistic and standardized data center-level designs that span across compute, storage, networking, and management, providing a proven framework for how to deploy, configure, and operate an SDDC-based private cloud in support of a wide range of use-cases.

The core documentation provided with each VMware Validate Design release includes:

  • Solution Overview that details design objectives software components and related tested versions
  • Reference Architecture
  • Design Guide

In addition, we provide a set of operational guides and tools that synthetizes best practices on how to plan, deploy and operate the SDDC. These include:

  • Planning and Preparation Guide
  • Deployment Guide
  • Operational Guides for:
    • Monitoring and Alerting
    • Patching, Updating, and Maintenance
    • Security and Compliance
    • Business Continuity and Disaster Recovery
    • Startup and Shutdown
    • Backup and Restore

Benefits of VMware Validated Design
Using VMware Validated Designs as the blueprint results in an SDDC deployment that is consistent, thoroughly documented, extensively tested from end-to-end, and continuously validated to incorporate new releases of software components. This allows for both a standardized deployment model that aligns with best practices as well as investment protection for the future. We see growing customer interest in building SDDCs that follow the VMware Validated Designs, and some are already reaping the benefits. For example, one global service provider has successfully used VMware Validated Designs to accelerate their design and implementations of the SDDC from months to mere weeks, while ensuring product integration and interoperability. They then utilized operational guides to improve their internal processes and on-going SDDC management.

Now let’s talk about what’s new with VMware Validated Designs 3.0

As the version number indicates, this is already our third VVD release this year. Our engineering team has been doing a tremendous job incorporating feedback from early adopters to extend the applicability of the VVDs and add more elements to them. Here are the key improvements we are delivering with the 3.0:

1. Flexible Deployment with Distributed Management and Workload Architecture

This architecture simplifies the initial startup, reduces startup hardware cost, and provides flexibility for future growth. In the Management pod, all solutions for the management, automation and operations of an SDDC are instantiated. An initial shared Edge and Compute pod is implemented to deploy business workloads and provides north-south routing access to them. As the SDDC grows, additional Compute pods can be added to run more business workloads, or the Edge can be separated and powered by a dedicated Edge pod.

2. Dual-Region Deployment and Operational Guidance
This release includes the expansion from single-region deployment and operations guidance to dual-region support. A dual-region deployment allows an organization to implement the SDDC across two geographical locations, providing portability of applications, and enabling disaster recovery capability of SDDC management, automation and operations solutions between regions.

3. VMware Validated Design for Use-cases
Organizations are shifting their focus toward use-cases, and VMware Validated Designs plays a critical part of that shift. This release provides three designs for customers who are looking for different outcomes:

– VMware Validated Design for Software-Defined Data Center: encompassing all software components of the SDDC, this Validated Design provides an agile platform for multiple applications and outcomes.

– VMware Validated Design for Micro-segmentation: this Validated Design allows higher security for all applications in the data-center with dynamic security at VM-level based on attributes.

– VMware Validated Design for IT automating IT: automate the delivery and ongoing management of production-ready infrastructure and application components to reduce the time it takes to respond to requests for IT resources and to improve the ongoing management of provisioned resources.

Once you build the environment for one use-case, you can add more software components for additional use-cases, or grow to the full Software-Defined Data Center.

Want to learn more?

If you are at VMworld and want to learn more about VMware Validated Designs, stop by our VMware booth, try the Hands-On-Lab (HOL 1706-SDC-5) or join us in these sessions:

SDDC9035-S How I Learned to Stop Worrying and Love Consistency: Standardizing Datacenter Designs
SDDC7587 Software-Defined Networking in VMware Validated Designs
SDDC9025 VVD 101: Build Your Cloud the Right Way, First Time
SDDC8423 VMware Validated Design for SDDC

– Operations Architecture Technical Deep Dive
HBC8491 Deep Dive: VMware on IBM Cloud Validated Design
SDDC8946 Deep Dive into Deploying the vRealize Cloud Management Platform the VMware Validated Designs Way!
SDDC8445 VMware Validated Design for Micro-segmentation
MGT7759 Early VVD Adopter Experience: Building a Secure and Automated Cloud
SDDC8414 VMware Validated Design for SDDC: A Technical Deep Dive

For a sneak peek of the design, and to stay updated on what we are cooking up, please join the VMware Validated Designs community at http://vmware.com/go/vvd

vmware.com/go/vvd-community where you can also get answers to your questions and provide feedback on the designs.

Useful Resources

  • Learn more at http://vmware.com/go/vvd
  • Join the community at vmware.com/go/vvd-community
  • Test drive VVD with Hands-On-Lab vmware.com/go/vvd-hol (Available publicly after VMworld US)
  • Read the comprehensive documentation for each design
  • Follow our playlist on YouTube
  • Follow @VMwareSDDC on Twitter.

    Rating: 5/5

Jun 02

RUSH POST: Microsoft Convenience Update and VMware VMXNet3 Incompatibilities


Posted on June 1, 2016 by Deji

Microsoft recently released a “Convenience Update” patch for Windows 7 and Windows Server 2008 R2 SP1. This update has incompatibility issues with virtual machines running on the VMware vSphere virtualization platform. This incompatibility is confined to one specific configuration scenario – It impacts VMs that use the VMware VMXNet3 virtual network adapter type.

Here is the incompatibility issue as described in Microsoft’s announcement of the Update:

Known issue 1 in this convenience rollup


A new Ethernet vNIC may be created with default settings in place of the previously existing vNIC, causing network issues. Any custom settings on the previous vNIC are still persisted in the registry but unused.


To resolve this issue, uninstall the convenience rollup.


Microsoft is investigating this issue to determine proper course of action with VMWare. To resolve this issue uninstall the convenience rollup. Further information will be posted here as the investigation continues.

Known issue 2


After you install this rollup, virtualized applications in Microsoft Application Virtualization (App-V) versions 4.5, 4.6, and 5.0 may have problems loading. When these problems occur, you may receive an error message that resembles the following:
Launching MyApp 100%

Note In this error message, MyApp represents the name of the App-V application.

Depending on the scenario, the virtualized app may freeze after it starts, or the app may not start at all.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows.


To fix this known issue, configure the TermSrvReadyEvent registry entry on the computer on which the Microsoft Application Virtualization Client is installed.

For Microsoft Application Virtualization 5.0

Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Subsystem\ObjExclusions
Value name: 93 (or any unique value)
Type: REG_SZ
Data: TermSrvReadyEvent

For example, type the following command at an elevated command prompt to add the entry to a system that is running Application Virtualization 5.0:
reg add HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Subsystem\ObjExclusions /v 93 /t REG_SZ /d TermSrvReadyEvent

For Microsoft Application Virtualization 4.6

For all supported x86-based systems

Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SoftGrid\4.5\SystemGuard\ObjExclusions
Value name: 95 (or any unique value)
Type: REG_SZ
Data: TermSrvReadyEvent

For example, type the following command at an elevated command prompt to add the entry to an x86-based system that is running Application Virtualization 4.6:
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SoftGrid\4.5\SystemGuard\ObjExclusions /v 95 /t REG_SZ /d TermSrvReadyEvent
For all supported x64-based systems

Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\SoftGrid\4.5\SystemGuard\ObjExclusions
Value name: 95 (or any unique value)
Type: REG_SZ
Data: TermSrvReadyEvent

For example, type the following command at an elevated command prompt to add the entry to an x64-based system that is running Application Virtualization 4.6:
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\SoftGrid\4.5\SystemGuard\ObjExclusions /v 95 /t REG_SZ /d TermSrvReadyEvent

Rating: 5/5

May 18

Goodbye vSphere Client for Windows (C#) – Hello HTML5

Goodbye vSphere Client for Windows

Today we have two important announcements. First, the C# client (AKA Desktop Client/thick client/vSphere Client for Windows) will not be available for the next version of vSphere. Current versions of vSphere (6.0, 5.5) will not be affected, as those will follow the standard support period. You’ve heard this from us in the past, but we’ve been waiting for a sufficient replacement before finally moving forward. Second, we want to talk about the recent vSphere HTML5 Web Client Fling, user adoption, and VMware’s focus on bringing a great user experience. Like the Embedded Host Client Fling (which made it into vSphere in 6.0U2), we plan on bringing this product into a supported release soon.

Looking to the Future

VMware has been working towards the transition to HTML5 with the Platform Services Controller UI, vCenter Server Appliance Management UI, and the Host Client. All three of these were very well received and have become the official interfaces for their respective components. The last (and biggest) one to tackle was the management interface for vCenter Server.

vSphere Web Client has always been intended to be the replacement for the Desktop client, and many of our users have tried to embrace this during the vSphere 5.5 and vSphere 6.0 periods, spending their time working within the Web Client even with the Desktop client available.

While there were certainly issues with the 5.5 and 6.0 Web Client, many users that committed to the experience came to enjoy many of the new features and usability improvements. We also continued to listen to our customers, making further efforts to improve the Web Client experience have been made across 5.5U3, 6.0U1 and 6.0U2, including VUM (vSphere Update Manager) in 6.0U1 Web Client. We have made the Desktop client available during this period, which was much longer than originally planned. But now that time is ending.

Additionally, due to the shift in backend services going from vSphere 6.0 to the next version, updating the Desktop client would have required a huge investment. This may have been okay in a vacuum, but the required resources would have severely impacted the progress of the new vSphere Client, only to end up with four clients for users to juggle. We decided to focus on bringing the new vSphere Client (HTML5 based) up to speed as fast as possible, simultaneously offering a great user experience and getting off of Flash.

We’ll be referring to the new client as the vSphere Client, as it better describes the product, and isn’t a ten syllable mouthful (vSphere HTML5 Web Client).

The new vSphere Client (HTML5)

Try it here: The new vSphere Client (HTML5)

This decision is about VMware trying to provide the best user experience: a fast, reliable, scalable modern interface that allows you to get your work done is our primary goal. The new vSphere Client is the best way to achieve that goal. Many have already tried out the Fling ( https://labs.vmware.com/flings/vsphere-html5-web-client), with approximately 40% of survey respondents deploying it into Production and using it daily to manage their critical environments. With this Fling, we’ll keep the user experience mostly the same as the Web Client, which we’ve improved, based on your feedback. We also plan on making additional improvements to make it easier for C# users to transition.

One benefit of the Fling delivery model is very fast turnaround. We’ve been able to release a new version of the Fling every week, with new features, bug fixes, and performance improvements. More importantly, we’ve been able to quickly incorporate user feedback into the product. Sometimes this means simple bug fixes, sometimes this means changing our priorities to better address user needs. While this pace and model of delivery may not be used for the fully supported releases, due to testing time required, we likely will continue to use the Fling releases to stay on track with users. A fundamental part of this high touch engagement model is users staying as up-to-date as possible, and most of our Fling users are doing just that, so thank you!


We also recognize how important plugins are, and the transition from Web Client to vSphere Client will take second and third-party plugins into account. We’ve already started engaging with plugin developers of all sorts to get them moving to the HTML bridge, which will allow the creation of a single plugin that is forward and backward compatible with both the vSphere Client and the Web Client, creating a smooth transition path. If you require more information on plugin migration, please contact us. One great source of information is this site which contains a lot of future looking information about vCenter. This site will be updated as more information becomes available, so keep an eye on it: http://www.vmware.com/products/vcenter-server/future-overview/overview.html

We do expect the plugin transition to take some time, and this means that we expect to ship the Flex based Web Client and the HTML5 based vSphere Client side by side for some uncertain period. Everyone is very eager to have the new vSphere Client as the only client, but we want to respect the porting development time our partners require.

Seeking your Feedback

Hopefully these announcements come as a shock to no one – they are simply a reiteration of the message VMware has given for years. We are continually working to make vSphere Client a fast, reliable, and scalable product that provides a great overall experience. If you have any comments, please post them below. We’d like to hear feedback from all points of view, as we look to the future instead of the past.

Dennis Lu
Product Manager, vSphere Clients

Rating: 5/5

Apr 21

vSphere 6.0 Update 2 – What’s New

Emad Younis posted April 11, 2016

VMware just recently released Update 2 for vSphere 6.0. Update 2 is full of new features and bug fixes for both ESXi and vCenter Server. For a complete list of features and bug fixes make sure to review the relhttp://vmware360.com/wp-admin/plugin-editor.phpease notes for ESXi and vCenter Server. There are few features that stood out to me in this update. The Embedded Host Client is now integrated into ESXi and fully supported as of Update 2. VSAN 6.2 is feature rich with everything but the kitchen sink in this release. Two factor authentication support for the vSphere Web Client is now available in the PSC UI. Here’s a breakdown of what’s new in vSphere 6.0 Update 2.​


VMware Embedded Host Client (EHC)

The Embedded Host Client (EHC) started out as a fling and now is a supported product in vSphere 6.0 Update 2. The EHC is now installed as part of ESXi 6.0U2 and provides the ability to manage any ESXi host using a web browser. After a host is installed with or upgraded to 6.0 U2, open a web browser and enter https://”FQDN or IP of host”/ui. More information on the Embedded Host Client can be found by reviewing the release notes.

Virtual SAN 6.2 (VSAN)

Note: VSAN is a separate product and is licensed separately

If you thought this update couldn’t get any bigger, think again. Virtual SAN 6.2 is here and Jam-packed with new features. This release of VSAN now supports compression and deduplication. When enabled on a disk group redundant copies of data are reduced to single copy. There’re also new services related to performance, space savings and health of the cluster. The Health service monitors the VSAN cluster for issues and provides diagnostics. Performance service collects and analyzes performance statistics. Performance service starts at the cluster down the to the disk level. You want space savings reports, that’s included. Space reporting displays information of used and free space with a detailed breakdown. These are just a few of the new features in Virtual SAN 6.2. For more information check out the Virtual Blocks blog.

vSphere APIs for I/O filtering (VAIO) Enhancement

vSphere 6.0 Update 2 also includes updates to vSphere APIs for I/O filtering (VAIO). If you are not familiar with VAIO I highly recommend you read the following blog post by Ken Werneburg.

  • VASA provider in a pure IPv6 environment
  • VMIOF 1.0 and 1.1

High Ethernet Link Speed

ESXi hosts can now support 25G and 50G ethernet speeds.

vCenter Server – Two-factor authentication for vSphere Web client

vCenter Single Sign On allows authentication to the vSphere Web Client via username and password. vSphere 6.0 Update 2 introduces two-factor authentication supporting RSA SecurID and Smart card. RSA SecurID is configured using the SSO-Config utility. It also requires RSA Authentication Manager in your environment. Once setup, login to the vSphere Web Client with your username and RSA passcode. Mike Foley has an excellent two part blog post walking through RSA SecurID setup.

Smart card authentication as mentioned above is also supported. Many large enterprises and government agencies use smart cards to meet security regulations. Smart Cards such as Common Access Card (CAC) are used at a machines with a smart card reader. Smart Card Authentication can be configured from the Platform Services Controller UI or using SSO-Config utility. Stay tuned as Mike Foley will be discussing Smart card authentication in a future post.

In addition to two factor authentication, the vSphere Web Client now supports the ability to add a login banner. The Login Banner can be configured from the Platform Services Controller UI by adding a title and message.
An added layer of consent ensures the user can not login without acknowledging the Login Banner.

vCenter Server Appliance update status might be stuck at 70 percent

vSphere 6.0 Update 1b had a bug when using the virtual appliance management interface (VAMI) to update. The UI would hang at 70 percent, although the update had completed. The only way to verify the status of the upgrade was by checking the update log – /var/log/vmware/applmgmt/software-packages.log. This bug has been fixed in vSphere 6.0 Update 2 displaying 100 percent in the VAMI when the update is complete.

Support to change vSphere ESX Agent Manger Logging Level

vSphere Web Client support for Windows 10 operating system

vCenter Server now supports the following external databases

  • Microsoft SQL Server 2012 Service Pack 3
  • Microsoft SQL Server 2014 Service Pack 1

vCenter Server now supports multiple embedded to multiple PSC migrations in a single SSO domain

vSphere 6.0 Update 1 introduced the ability to reconfigure and repoint using CMSSO-UTIL. This is handy when going from a vCenter with an embedded PSC to an external PSC deployment in the same SSO domain. vSphere 6.0 Update 1 would not allow having two external PSCs and trying to repoint. The result was the following error:
vSphere 6.0 U2 now allows having multiple external PSCs with the use of the repoint command. The diagram below represent two embedded deployments replicating to each other. This deployment model is considered deprecated. The term deprecated means the topology will be supported in vSphere 6.0 but not in future releases. To get out of this deprecated topology two external Platform Services Controllers have been deployed. Now we can using the reconfigure command in CMSSO-Util to remove the embedded PSC and repoint vCenter Server to the external PSC.

Rating: 5/5

Feb 18

VMware’s Cloud Management Platform Strategy

Today, VMware announced a new release of its cloud management platform (CMP) vRealize Suite 7 (read the press release). We caught up with Ajay Singh, senior vice president and general manager, Management Suites Business Unit, to discuss the launch as well as what he is hearing from customers on their journey to the cloud.

Q: We’re seeing digitization disrupt every industry. How does VMware’s hybrid cloud management platform address the resulting change in an organization’s IT needs?

A: What’s clear from my conversations with CIOs is that digital business transformation is a top priority. Competitive advantage today rests on a company’s ability to continually deliver new customer experiences via new apps or services. And it’s ITs responsibility to deliver them.

So CIOs are turning to strategic vendors like VMware, wanting to know how we’re going to help them respond more rapidly to the needs of the business. Applications are the lifeblood of any business, and our hybrid CMP is helping IT to change or develop their applications faster and move them into production across the hybrid cloud. Our platform also helps businesses improve IT efficiency and optimize IT operations and capital spending through greater automation, capacity optimization, and our cloud business management capabilities.

Q: What are the most common use cases VMware has identified in customers’ journey to the cloud?

A: We’ve been developing our CMP over the course of five years and have had the privilege of working with thousands of customers. Based on these engagements, and a deeper drilldown with a number of them over the last six months or so, we’ve seen three common initiatives—or use cases— emerge that define the path to the hybrid cloud for most customers. These are:

Intelligent Operations Management – This is about using advanced operations and log management capabilities to get the best performance and availability out of their IT resources and applications in a software-defined data center or a hybrid cloud.
Automated IT to Infrastructure as a Service – With this use case, customers are bringing in automation to streamline and accelerate the delivery and ongoing management of IT infrastructure. And they’re providing these infrastructure services to end users, such as developers, either through IT teams or directly via a self-service portal and catalog or APIs.
DevOps-Ready IT – This use case is the most advanced and is all about moving up the stack from infrastructure services to automated delivery of the full application stack. Customers can do this with our new unified service blueprints that incorporate application component-level security via NSX’s logical networks. It’s also about helping IT go upstream into the application development lifecycle with our DevOps solution to support developer efforts by automating the continuous delivery process.

Q: How does today’s news address those use cases?

A: Today’s launch of vRealize Suite 7 is a one-two punch combination of new product features as well as pricing and packaging updates to help customers tackle the use cases.

The launch of vRealize Operations 6.2 helps customers implement intelligent operations management with new workload placement features that build on the workload management capabilities we introduced with vRealize Operations 6.1 last year. vRealize Log Insight 3.3 will introduce Simple Query API for easy integration into existing processes along with Web Hooks support for third-party application integration. For customers aiming to automate IT or deliver a cloud to developers, vRealize Automation 7 , available since December 2015, helps IT teams to speed the delivery of applications and infrastructure services across hybrid clouds.

As important as the product capabilities being launched today, or perhaps more so, are the pricing and packaging changes we’re announcing. Customer ease of use and choice are two imperatives that drive what we do at VMware. So we’ve made it much easier for our customers to adopt these use cases by aligning the editions of our vRealize Suite to them. We introduced the vRealize Suite Standard edition—a new edition designed specifically for intelligent operations management. And we’ve repackaged the capabilities within vRealize Suite Advanced and Enterprise to address the two automation-centric use cases of Automated IT to IaaS and DevOps-ready IT .

When it comes to choice, our customers are increasingly saying they want a hybrid cloud strategy with the ability to consume private and public cloud services as they see fit. So we are making all editions of the vRealize Suite “hybrid.” We are offering a new Portable Licensing Unit to provide customers with the flexibility to manage workloads whether they run on vSphere, third-party hypervisors, physical servers, or on supported public clouds, all without licensing switching or conversion.

Q: What is the response to VMware’s CMP to date? How are customers benefiting from our approach to CMP?​

A: Because of our close engagement with our customers on these use cases and their deployments of our solutions, we are aware of their evolving IT challenges and opportunities. This is why we continue to enhance our solutions regularly. When the products announced today GA later this quarter, we will have updated every component of our Cloud Management Platform over just a three-month period. Customer interest in our CMP has propelled our business to the lead in both cloud management and data center automation categories. We are also leaders in hybrid cloud management and private cloud. We take this support by our customers very seriously, and we’ll continue to work hard this year to earn it by building on our CMP in the areas of multi-cloud management, deeper integrations, and improved usability.

Learn more about this news with VMware CEO Pat Gelsinger and EVP, Software-Defined Data Center Division, Raghu Raghuram. The live event, “Build and Manage Your Hybrid Cloud,” will begin at 8:30 AM PT.

Rating: 5/5