With VMworld just around the corner, it is the perfect time to have a look to what’s new with vSphere 7u1. This major update planned for Q3 2021 will focus on several requested features, here’s a sneak peak.
Announcing vSphere with Tanzu
In response to many customers and as part of the roadmap, VMware announced the release of VMware with Tanzu. Until now, VMware Cloud Foundation was required to build a Tanzu Developer ready infrastructure.
Today with Tanzu on VCF, the ability to provide these developper ready infrastructure is built on Harbor registry services, network services and storage services which rely on vRealize, vSphere, vSAN and NSX.
Tomorrow, vSphere with Tanzu would provide this ability, without NSX, and without Harbor registry service. VMware promises to make possible the building of an enterprise grade solution using your choice of networking, storage and load-balancing solutions.
VMware with Tanzu architecture will depend on a new concept called “Services”. This “Services” layer runs on top of the infrastructure, at the Supervisor Cluster level.
The integration into an existing infrastructure starts with the usage of a virtual distributed switch, and requires 3 ports groups for Management, Workload and Front-end (optional). The HA Proxy acts as a load balancer and is provided as an OVA.
The Kubernetes control plan runs on the ESXi hosts that have connectivity to the management, workload and HA Proxy networks.
To clarify, the HA Proxy is responsible for tunnelling all of the network traffic to and from the workload portgroup. For that reason, it needs a connections to the management network, this way the management port group can create ingress and egress traffic.
We should get a lot of additional information on the coming weeks on this great new feature.
In order to align with perpetual growing “monster VM” requirements, vSphere 7u1 will have an extended support:
- 96 hosts per cluster (still 64 for vSAN enabled cluster)
- 10K VMs per cluster
- Increased max computed resources:
Introducing EVC for Graphics
- Using vSGA (Virtual Shared Graphic Acceleration)
- Wizard to set at cluster level (or VM level), as EVC for CPU
- One baseline right now, including Direct3D and OpenGL
- Future releases might include other baselines
Introduced with vSphere 7, administrators are now familiar with this completely new way to have a desired state model and ensure consistency across all the host of a cluster.
Now these capabilities also applies to NSX-T:
- NSX Manager will update the TNP (transport node profile)
- vLCM automatically starts the remediation and installs NSX-T bits to newly added host
- Installation/Upgrade/Removal of NSX-T Components
- Add/remove host(s) from a cluster
- Move hosts to a vLCM enabled cluster
- NSX Manager now gets feedback from vLCM if there’s any drift with respect of NSX component
- NSX Manager is also able to resolve, this will trigger a remediation task and will ensure the NSX-T bits are in desired state
Intrinsic Security with AMD SEV-ES
Nowadays we often hear about “intrinsic security”. While today modern infrastructure already have some level of isolation like Application, Guest OS, VM Runtime and Sandbox, there’s still some pieces of hardware which are not as secure as it should and this where AMD wanted to do something.
By adding a CPU level of protection called “Secure Processor” (those marketing guys worked hard 😅) AMD is able encrypt the CPU data, reinforcing the security.
Practically, a VM gets an encryption key from the “secure processor” and controls who gets access from their data. With security comes downside, there are, today, some things to consider:
This is a new feedback feature integrated directly into vCenter. It will be possible to share ideas, including a voting mechanism. Only registered accounts will be able to publish features requests.
With solutions and product growing over the years, information can be spread accross different platforms. VMware has decided to consolidate everything about vSphere, vSAN, VCF, Techzone, etc. to core.vmware.com
To sum up
A lot of announcement and I personally think this is only the beginning. There’s a lot more to come, in particular with vSAN 7u1, which is a though one! Stay tuned and take care.