At VMworld 2017 US in Las Vegas, VMware welcomed more than 20,000 makers, business people, entrepreneurs, and technologists to Las Vegas for five days of discussion around the latest VMware innovations and news.
Join Pat Gelsinger and Sanjay Poonen as they explore the essential pillars responsible for reshaping industries – cloud, mobility, networking and security — and hear from customers who are succeeding in their own transformation journeys.
NOTE: This video is roughly 100 minutes in length so it would be worth blocking out some time to watch it!
VMware CEO Pat Gelsinger and COO, Customer Operations, Sanjay Poonen partnered together to shine a spotlight on the key pillars responsible for reshaping industries – cloud, mobility, networking and security.
NOTE: This video is roughly 78 minutes in length so it would be worth blocking out some time to watch it!
How VMware AppDefense Enhances Security Across Clouds
Building on VMware’s foundational approach to cloud infrastructure and security, VMware AppDefense is a new solution that leverages the unique properties of virtualization to protect applications running on top of it. This new solution creates a least-privilege compute environment by capturing intended state of applications, and monitoring running machines against their intended state. AppDefense can detect and automate response to attacks that attempt to manipulate those applications, addressing a key challenges security organizations face from a constantly evolving and complex threat landscape.
Leveraging the Network Infrastructure
VMware AppDefense takes advantage of the application visibility the virtualization layer provides to enable what Tom Corn, VMware’s senior vice president for security products calls “an intent-based security model.” That model focuses on what the applications should do—the known good—rather than what the attackers do—the known bad. “We believe it will do for compute, what VMware NSX and micro-segmentation did for the network; shrink the attack surface and create a more actionable security model.”
The automation made possible by the virtualized, software-defined infrastructure allows AppDefense to automate every phase of this process, including threat detection and response.
Detect and Respond
The capabilities of VMware AppDefense open up new ways to shrink the attack surface and create a new security model that Corn says is “much more aligned to applications.” Now security organizations have the tools they need to leverage the power of the software-defined infrastructure to detect threats, and create “a much more actionable, orchestrated, and automated response” to attacks.
“With AppDefense,” Corn says, organizations have a simple but powerful mechanism to ‘ensure good’ rather than just ‘chase bad.’ This changes the current approach to security that Corns describes as “constantly chasing the evolving threat landscape.”
Watch Tom Corn’s light board presentation to see how VMware AppDefense improves security for applications running on virtualized and cloud environments.
VMware AppDefense is a new security solution that allows organizations to create least privilege environments around their applications running in virtualized or cloud systems, a key feature according to VMware’s senior vice president for security products, Tom Corn. Watch VMware’s Tom Corn illustrate how VMware AppDefense significantly enhances application security when working across clouds in this light board presentation.
NOTE: This video is roughly 13 minutes in length so it would be worth blocking out some time to watch it!
This video covers Whats new vSphere 6.5 High Availability.
Pat Gelsinger, VMware CEO, delivers a keynote at Dell EMC World 2017 on VMware Cross-Cloud Architecture with a demo of VMware on AWS.
NOTE: This video is roughly 5 minutes in length so it would be worth blocking out some time to watch it!
These releases continue to accelerate digital transformation for organizations through the most critical IT use cases – Security, Automation, and Application Continuity – while expanding support for new application frameworks and architectures.
As more and more customers adopt NSX for vSphere, we continue to add features to make it easier for you to deploy, operate and scale-out your environment. NSX empowers customers on their cloud journey. It is driving value inside the data center today and expanding across datacenters and to the cloud via our Cloud Air Network partnerships, and soon to VMware Cloud on AWS and native public cloud workloads via VMware Cross-Cloud Services.
Let’s take a look at some of the new features in NSX for vSphere 6.3:
Some of the new capabilities delivered in NSX for vSphere 6.3 are the Application Rule Manager (available in NSX Advanced and Enterprise editions) and Endpoint Monitoring (available in NSX Enterprise Edition).
Application Rule Manager simplifies the way you create security groups and firewall rules for applications based on their real-time network traffic flows. Endpoint Monitoring enables you to profile applications inside the guest including visibility into specific application processes and their associated network connections. Used together, you have end-to-end visibility of your applications and simplified firewall rule creation to help operationalize micro-segmentation even faster and more effectively than ever before.
Keep an eye out on the Security section of the NSX blog over the next few weeks for technical deep-dives into exactly how these Application Rule Manager and Endpoint Monitoring features work.
Our product certifications team was busy in 2016 and intends to deliver additional certifications throughout 2017. They have been working hard on guiding our development efforts and ensuring a number of key security and compliance enhancements made their way into the NSX for vSphere 6.3 release. In 2016, Coalfire, an independent cyber risk management advisor and assessor, certified that VMware NSX for vSphere meets regulatory compliance requirements such as PCI DSS. NSX was also the first software-defined networking solution to have the Defense Information Systems Agency (DISA) Risk Management Executive publish a Security Technical Implementation Guide (STIG), signifying that the solution meets the security hardening guidance required for installment on Department of Defense (DoD) networks. Watch the blog Security section in the coming months for updates on certifications related to ICSA Labs, FIPS 140-2 and Common Criteria EAL-2 certification.
When I meet with customers, they continue to tell me that NSX has the most transformative impact on their organizations, once they begin automating their manual networking and security processes. It’s not easy and requires organizational, people, and processes changes. But the value NSX brings to the organization is huge. To help support this, we continue to make enhancements to the automation capabilities in NSX for vSphere 6.3. We have enhanced the integration of NSX Load Balancers within vRealize Automation and added support for third-party IP Address Management (IPAM) systems for on-demand routed networks. We have also enhanced the integration with NSX for vSphere and vCloud Director, enabling new multi-tenant capabilities for our vCloud Air Network partners, and adding support for emerging NFV use case.
Figure. Screenshot of Load Balancing integration into vRealize Automation blueprints.
Multi-tenancy is often thought about as something only service providers care about, but we’re seeing increased demand from non-service providers looking to operate in more of a service provider model in the way they deliver services to their organization. The University of New Mexico is a great example of this, where they are collapsing their disaggregated IT from dozens of departments back to a centralized IT model, reducing provisioning time for new workloads and services from 3 weeks down to 20 minutes!
As NSX continues to mature and adoption becomes mainstream, we are seeing customers deploy NSX for a range of different use cases. AeroData Inc., for example, is leveraging the network overlay capabilities in NSX to create a highly-available, Active-Active data center architecture. In NSX for vSphere 6.3, we have further enhanced the security tagging capabilities in multi-vCenter deployments, simplifying security policy management at scale across multiple data centers. (Read more about multi-site with cross-vCenter NSX.)
Emerging use-cases: Containers and Remote Office Branch Office (ROBO)
With NSX for vSphere 6.3, we are helping to further improve the developer experience with containers via integration with the recently announced vSphere Integrated Container (VIC). As VIC is built on vSphere 6.5, you can leverage NSX for vSphere 6.3 to connect and secure VIC infrastructure, enabling you to deliver a secure container environment on demand for developers.
Another addition as part of NSX for vSphere 6.3 release is a new NSX for ROBO edition SKU. Using this capability, NSX provides a comprehensive solution to network and security policy for environments across remote and branch offices, which reduces the operational costs of branch connectivity and maintenance. In upcoming blog postings, we will share more details about the NSX for ROBO features, use case, and customer success stories as we have been seeing keen interest from our customers in this space.
Expanded support for new platforms with NSX-T: KVM, OpenStack
Let’s now look at VMware’s other NSX platform – NSX-T 1.1 – and some of the new capabilities being delivered in this latest release.
VMware NSX-T is focused on emerging application frameworks and architectures that have heterogeneous endpoints and technology stacks. In addition to vSphere hypervisors, these environments may also include other hypervisors, containers, bare metal, and public clouds. NSX-T allows IT and development teams to choose the technologies best suited for their particular applications. NSX-T is also designed for management, operations, and consumption by development organizations – in addition to IT.
NSX-T 1.1 offers expanded support for multiple KVM distributions, including Canonical Ubuntu and Red Hat Enterprise Linux. NSX-T starts at the source of the application, within the hypervisor kernel, delivering optimal security granularity and line-rate performance. NSX-T delivers distributed firewalling, logical switching, and distributed routing.
NSX-T 1.1 also delivers support for private IaaS clouds based on OpenStack. With this release, NSX-T supports the latest versions of OpenStack, i.e., Newton and Mitaka. In addition to using the OpenStack APIs, development teams can also use Puppet, Chef, and Terraform to describe and automate the networking and security for their application workloads within an OpenStack environment.
Support for new app frameworks: Photon and Container Networking Interface (CNI)
NSX-T is integrated with the VMware Photon Platform. This capability allows IT to offer virtual networking and security as services to developers building and running containerized, cloud-native applications. NSX will auto-create and scale networks and routers when a new namespace/project/organization is created, and define and enforce micro-segmentation security policies for containers and pods. (Read more about Photon Platform and NSX-T.)
Currently in beta, the NSX-T Container Networking Interface (CNI) plugin will allow developers to configure network connectivity for their application containers helping deliver developer ready infrastructure.
Pricing and Packaging
Though not a new NSX feature, we are also excited to announce changes to our VMware NSX pricing and packaging.
Starting today, customers who purchase VMware NSX have the option of downloading and installing either platform and can switch between the two if needed without having to re-purchase NSX. And should your needs change, you can switch between the two.
As mentioned earlier, with NSX for vSphere 6.3, we have introduced a new NSX for ROBO (Remote Office Branch Office) packaging option. For those of you familiar with the vSphere for ROBO and vSAN for ROBO offerings, NSX for ROBO is packaged in the same way.
In last week’s Q4 VMware earnings call, Pat Gelsinger mentioned that NSX is an essential element to VMware Cloud Foundation, Cross-Cloud Services and VMware Cloud on AWS. With both NSX for vSphere and NSX-T, NSX intends to be everywhere in the containerized, multi-cloud future. NSX becomes the bridge that enables customers to unify networking and security across their private and public clouds.
What You Can Do Now
- Get started with a Beginner or Advance NSX Hands-On-Lab (HOL)
- VMware product page, customer stories, and technical resources
- VMware NSX YouTube Channel, including 40+ Light Board videos!
- Contact your VMware sales representative for an overview and demonstration of NSX for vSphere or NSX-T
Matt De Vincentis
VMware vSphere® 6.5 is the next-generation infrastructure for next-generation applications. It provides a powerful, ﬂexible, and secure foundation for business agility that accelerates the digital transformation to cloud computing and promotes success in the digital economy. vSphere 6.5 supports both existing and next-generation apps through its
1) simplifed customer experience for automation and management at scale;
2) comprehensive built-in security for protecting data, infrastructure, and access; and
3) universal application platform for running any app anywhere. With vSphere 6.5, customers can now run, manage, connect, and secure their applications in a common operating environment, across clouds and devices.
This paper will discuss the new and enhanced features in vSphere 6.5 across various areas of technology.
For additional information, see VMware vSphere Documentation.
VMware vCenter Server
VMware vCenter Server® 6.5 has many new and innovative features. The installer has been overhauled, resulting in a new, modern look and feel. It is now supported on Microsoft Windows, macOS, and Linux operating systems (OSs) without the need for any plug-ins. With vSphere 6.5, the VMware vCenter Server Appliance™ has surpassed the Windows installable version. It oﬀers the following exclusive features:
- Migration Tool
- Improved appliance management
- Native high availability
- Native backup and restore
There are also general improvements to vCenter Server 6.5, including the vSphere Web Client and the fully supported HTML5-based vSphere Client.
The installer has a built-in Migration Tool, providing easy access to the vCenter Server Appliance 6.5. This new version of Migration Tool provides several improvements over the recent vSphere 6.0 Update 2m release, including support for Windows vCenter Server 5.5 and 6.0. And VMware vSphere Update Manager™ is now part of the vCenter Server Appliance 6.5, which is especially valuable to customers that have been waiting to migrate to vCenter Server Appliance without managing a separate Windows server for vSphere Update Manager . For customers that have already migrated to the vCenter Server Appliance 6.0, the upgrade process will migrate vSphere Update Manager baselines and updates to the vCenter Server Appliance 6.5. During the migration process, the vCenter Server confguration, inventory, and alarm data are migrated by default. vSphere 6.5 provides improvements in data selections in three areas:
- Confguration, events, and tasks
- Confguration, events, tasks, and performance metrics
Data is migrated from any database supported in vSphere 5.5 or 6.0 to an embedded vPostgres database. This applies to databases running embedded or remote Microsoft SQL, Oracle, or PostgreSQL databases.
Download a full What’s New in VMware vSphere 6.5 Technical White Paper.
vSphere 6.5 brings a number of enhancements to ESXi host lifecycle management as well as some new capabilities to our venerable resource management features, DRS and HA. There are also greatly enhanced developer and automation interfaces, which are a major focus in this release. Last but not least, there are some notable improvements to vRealize Operations, since this product is bundled with certain editions of vSphere. Let’s dig into each of these areas.
Enhanced vSphere Host Lifecycle Management Capabilities
With vSphere 6.5, administrators will find significantly easier and more powerful capabilities for patching, upgrading, and managing the configuration of VMware ESXi hosts.
VMware Update Manager (VUM) continues to be the preferred approach for keeping ESXi hosts up to date, and with vSphere 6.5 it has been fully integrated with the VCSA. This eliminates the additional VM, operating system license, and database dependencies of the previous architecture, and now benefits from the resiliency of vCenter HA for redundancy. VUM is enabled by default and ready to handle patching and upgrading tasks of all magnitudes in your datacenter.
Host Profiles has come a long way since the initial introduction way back in vSphere 4! This release offers much in the way of both management of the profiles, as well as day-to-day operations. For starters, an updated graphical editor that is part of the vSphere Web Client now has an easy-to-use search function in addition to a new ability to mark individual configuration elements as favorites for quick access.
Administrators now have the means to create a hierarchy of host profiles by taking advantage of the new ability to copy settings from one profile to one or many others.
Although Host Profiles provides a means of abstracting management away from individual hosts in favor of clusters, each host may still have distinct characteristics, such as a static IP address, that must be accommodated. The process of setting these per-host values is known as host customization, and with this release it is now possible to manage these settings for groups of hosts via CSV file – undoubtedly appealing to customers with larger environments.
Compliance checks are more informative as well, with a detailed side-by-side comparison of values from a profile versus the actual values on a host. And finally, the process of effecting configuration change is greatly enhanced in vSphere 6.5 thanks to DRS integration for scenarios that require maintenance mode, and speedy parallel remediation for changes that do not.
Auto Deploy – the boot-from-network deployment option for vSphere – is now easier to manage in vSphere 6.5 with the introduction of a full-featured graphical interface. Administrators no longer need to use PowerCLI to create and manage deploy rules or custom ESXi images.
New and unassigned hosts that boot from Auto Deploy will now be collected under the Discovered Hosts tab as they wait patiently for instructions, and a new interactive workflow enables provisioning without ever creating a deploy rule.
Custom integrations and other special configuration tasks are now possible with the Script Bundle feature, enabling arbitrary scripts to be run on the ESXi hosts after they boot via Auto Deploy.
Scalability has been greatly improved over previous releases and it’s easy to design an architecture with optional reverse proxy caches for very large environments needing to optimize and reduce resource utilization on the VCSA. And like VUM, Auto Deploy also benefits from native vCenter HA for quick failover in the event of an outage.
In addition to all of that, we are pleased to announce that Auto Deploy now supports UEFI hardware for those customers running the newest servers from VMware OEM partners.
It’s easy to see how vSphere 6.5 makes management of hosts easier for datacenters of all sizes!
Resource Management – HA, FT and DRS
vSphere continues to provide the best availability and resource management features for today’s most demanding applications. vSphere 6.5 continues to move the needle by adding major new features and improving existing features to make vSphere the most trusted virtual computing platform available. Here is a glimpse of the what you can expect to see when vSphere 6.5 later this year.
Proactive HA will detect hardware conditions of a host and allow you to evacuate the VMs before the issue causes an outage. Working in conjunction with participating hardware vendors, vCenter will plug into the hardware monitoring solution to receive the health status of the monitored components such as fans, memory, and power supplies. vSphere can then be configured to respond according to the failure.
Once a component is labeled unhealthy by the hardware monitoring system, vSphere will classify the host as either moderately or severely degraded depending on which component failed. vSphere will place that affected host into a new state called Quarantine Mode. In this mode, DRS will not use the host for placement decisions for new VMs unless a DRS rule could not otherwise be satisfied. Additionally, DRS will attempt to evacuate the host as long as it would not cause a performance issue. Proactive HA can also be configured to place degraded hosts into Maintenance Mode which will perform a standard virtual machine evacuation.
vSphere HA Orchestrated Restart
vSphere 6.5 now allows creating dependency chains using VM-to-VM rules. These dependency rules are enforced if when vSphere HA is used to restart VMs from failed hosts. This is great for multi-tier applications that do not recover successfully unless they are restarted in a particular order. A common example to this is a database, app, and web server.
In the example below, VM4 and VM5 restart at the same time because their dependency rules are satisfied. VM7 will wait for VM5 because there is a rule between VM5 and VM7. Explicit rules must be created that define the dependency chain. If that last rule were omitted, VM7 would restart with VM5 because the rule with VM6 is already satisfied.
In addition to the VM dependency rules, vSphere 6.5 adds two additional restart priority levels named Highest and Lowest providing five total. This provides even greater control when planning the recovery of virtual machines managed by vSphere HA.
Simplified vSphere HA Admission Control
Several improvements have been made to vSphere HA Admission Control. Admission control is used to set aside a calculated amount of resources that are used in the event of a host failure. One of three different policies are used to enforce the amount of capacity is set aside. Starting with vSphere 6.5, this configuration just got simpler. The first major change is that the administrator simply needs to define the number of host failures to tolerate (FTT). Once the numbers of hosts are configured, vSphere HA will automatically calculate a percentage of resources to set aside by applying the “Percentage of Cluster Resources” admission control policy. As hosts are added or removed from the cluster, the percentage will be automatically recalculated. This is the new default configuration, but it is possible to override the automatic calculation or use another admission control policy.
Additionally, the vSphere Web Client will issue a warning if vSphere HA detects a host failure would cause a reduction in VM performance based on the actual resource consumption, not only based on the configured reservations. The administrator is able to configure how much of a performance loss is tolerated before a warning is issued.
Fault Tolerance (FT)
vSphere 6.5 FT has more integration with DRS which will help make better placement decisions by ranking the hosts based on the available network bandwidth as well as recommending which datastore to place the secondary vmdk files.
There has been a tremendous amount of effort to lower the network latency introduced with the new technology that powers vSphere FT. This will improve the performance to impact to certain types of applications that were sensitive to the additional latency first introduced with vSphere 6.0. This now opens the door for even a wider array of mission critical applications.
FT networks can now be configured to use multiple NICs to increase the overall bandwidth available for FT logging traffic. This is a similar configuration to Multi-NIC vMotion to provide additional channels of communication for environments that required more bandwidth than a single NIC can provide.
DRS Advanced Options
Three of the most common advanced options used in DRS clusters are now getting their own checkbox in the UI for simpler configuration.
- VM Distribution: Enforce an even distribution of VMs. This will cause DRS to spread the count of the VMs evenly across the hosts. This is to prevent too many eggs in one basket and minimizes the impact to the environment after encountering a host failure. If DRS detects a severe imbalance to the performance, it will correct the performance issue at the expense of the count being evenly distributed.
- Memory Metric for Load Balancing: DRS uses Active memory + 25% as its primary metric when calculating memory load on a host. The Consumed memory vs active memory will cause DRS to use the consumed memory metric rather than Active. This is beneficial when memory is not over-allocated. As a side effect, the UI show the hosts be more balanced.
- CPU over-commitment: This is an option to enforce a maximum vCPU:pCPU ratios in the cluster. Once the cluster reaches this defined value, no additional VMs will be allowed to power on.
DRS now considers network utilization, in addition to the 25+ metrics already used when making migration recommendations. DRS observes the Tx and Rx rates of the connected physical uplinks and avoids placing VMs on hosts that are greater than 80% utilized. DRS will not reactively balance the hosts solely based on network utilization, rather, it will use network utilization as an additional check to determine whether the currently selected host is suitable for the VM. This additional input will improve DRS placement decisions, which results in better VM performance.
SIOC + SPBM
Storage IO Control configuration is now performed using Storage Policies and IO limits enforced using vSphere APIs for IO Filtering (VAIO). Using the Storage Based Policy Management (SPBM) framework, administrators can define different policies with different IO limits, and then assign VMs to those policies. This simplifies the ability to offer varying tiers of storage services and provides the ability to validate policy compliance.
Content Library with vSphere 6.5 includes some very welcome usability improvements. Administrators can now mount an ISO directly from the Content Library, apply a Guest OS Customization during VM deployment, and update existing templates.
Performance and recoverability has also been improved. Scalability has been increased, and there is new option to control how a published library will store and sync content. When enabled, it will reduce the sync time between vCenter Servers are not using Enhanced Linked Mode.
The Content Library is now part of the vSphere 6.5 backup/restore service, and it is part of the VC HA feature set.
Developer and Automation Interfaces
The vSphere developer and automation interfaces are receiving some fantastic updates as well. Starting with the vSphere’s REST APIs, these have been extended to include VCSA and VM based management and configuration tasks. There’s also a new way to explore the available vSphere REST APIs with the API Explorer. The API Explorer is available locally on the vCenter server itself and will include information like what URL the API tas is available to be called by, what method to use, what the request body should look like, and even a “Try It Out” button to perform the call live.
Moving over to the CLIs, PowerCLI is now 100% module based! There’s also some key improvements to some of those modules as well. The Core module now supports cross vCenter vMotion by way of the Move-VM cmdlet. The VSAN module has been bolstered to feature 13 different cmdlets which focus on trying to automate the entire lifecycle of VSAN. The Horizon View module has been completely re-written and allows users to perform View related tasks from any system as well as the ability to interact with the View API.
The vSphere CLI (vCLI) also received some big updates. ESXCLI, which is installed as part of vCLI, now features several new storage based commands for handling VSAN core dump procedures, utilizing VSAN’s iSCSI functionality, managing NVMe devices, and other core storage commands. There’s also some additions on the network side to handle NIC based commands such as queuing, coalescing, and basic FCOE tasks. Lastly, the Datacenter CLI (DCLI), which is also installed as part of vCLI, can make use of all the new vSphere REST APIs!
Check out this example of the power of DCLI’s interactive mode with features like tab complete:
There’s been some exciting improvements on the vSphere with Operations Management (vSOM) side of the house as well. vRealize Operations Manager (vR Ops) has been updated to version 6.4 which include many new dashboards, dashboard improvements, and other key features to help administrators get to the root cause that much faster and more efficient. Log Insight for vCenter has been also updated, and will be on version 4.0. It contains a new user interface (UI) based on our new Clarity UI, increased API functionality around the installation process, the ability to perform automatic updates to agents, and some other general UI improvements. Also, both of these products will be compatible with vSphere 6.5 on day one.
Digging a little further into the vR Ops improvements, let’s first take a look at the three new dashboards titled: Operations Overview, Capacity Overview, and Troubleshoot a VM. The Operations dashboard will display pertinent environment based information such as an inventory summary, cluster update, overall alert volume, and some widgets containing Top-15 VMs experiencing CPU contention, memory contention, and disk latency. The Capacity dashboard contains information such as capacity totals as well as capacity in use across CPU count, RAM, and storage, reclaimable capacity, and a distributed utilization visualization. The Troubleshoot a VM dashboard is a nice central location to view individual VM based information like its alerts, relationships, and metrics based on demand, contention, parent cluster contention, and parent datastore latency.
One other improvement that isn’t a dashboard but is a new view for each object, is the new resource details page. It closely resembles the Home dashboard that was added in a prior version, but only focuses on the object selected. Some of the information displayed is any active alerts, key properties, KPI metrics, and relational based information.
Covering some of the other notable improvements, there is now the ability to display the vSphere VM folders within vR Ops. There’s also the ability to group alerts so that it’s easy to see what the most prevalent alert might be. Alert groups also enable the functionality to clear alerts in a bulk fashion. Lastly, there are now KPI metric groups available out of the box to help easily chart out and correlate properties with a single click.
To learn more about vSphere 6.5, please see the following resources.
- Press Release
- What’s New in vSphere 6.5: vCenter Server
- What’s New in vSphere 6.5: Security
- What’s New in vSphere 6.5: Host & Resource Management and Operations
- What’s New in Virtual SAN 6.5
- vSphere 6.5 Product Page
VMware CEO Pat Gelsinger opened VMworld 2016 in Las Vegas, Nevada, this morning by telling his audience that “a new era of cloud freedom and control is here.” Gelsinger used his keynote to introduce the VMware® Cross-Cloud Architecture™. This is a game-changing new architecture that, as he says, “will enable customers to run, manage, connect, and secure applications across clouds and devices in a common operating environment.”
NOTE: This video is roughly 8 minutes in length so it would be worth blocking out some time to watch it!