VMware consistently showcases its commitment to innovation when it comes to staying at the forefront of technology. In a recent technical overview, Féidhlim O’Leary, Senior Technical Marketing Architect at VMware, described the latest advancements and enhancements in vSphere Plus for cloud-connected services and vSphere 8 update 2. Here’s a glimpse into VMware vSphere 8.0 Update 2 new features and updates that have been introduced.
Table of contents
- vSphere’s Evolving Vision: Making Operations Seamless
- Unveiling the Cloud-Connected vSphere Plus
- vSphere 8 Update 2: A Deep Dive into Enhanced Features
- The Importance of Backups in vSphere
- Non-Disruptive Certificate Management and Network Configuration Recovery
- Elevating Security with vSphere Identity Federation
- Strengthened Authentication with Broader Integration
- Improved Out-of-the-Box Security
- Enhanced vSphere Lifecycle Manager (vLCM)
- Streamlined Configuration Profiles
- Simplified Windows VM Deployment
- Transparent Error Messages
- Supercharged Workload Performance
- Enhanced GPU Workload Support
- Enhanced DRS with vGPU Defragmentation
- Quality of Service for GPU Workloads
- Virtual Machine Hardware Version 21
- DevOps – The Tanzu Ecosystem
- Expanding NSX Advanced Load Balancer Support
- Flexibility for DevOps Deployments
- Self-service VM image registry
- Download and availability coming soon
- Wrapping up
- Other posts you may like
vSphere’s Evolving Vision: Making Operations Seamless
One of the primary objectives of vSphere 8 and vSphere Plus is to streamline operations. VMware aims to minimize the mundane tasks for administrators, especially those surrounding life cycle management.
Not only that, but VMware has doubled down on its promise to supercharge workload performance. The focus is on making the most out of the physical hardware and paving the way for new technological integrations and hardware accelerators.
In tandem with operational efficiency, there’s a clear push towards accelerating innovation, particularly in DevOps. The integration of Kubernetes offerings is a testament to this, making it more seamless than ever for DevOps services to deploy vSphere Tanzu as a robust platform.
Unveiling the Cloud-Connected vSphere Plus
vSphere Plus helps enterprises looking to embrace the cloud without letting go of their on-premises deployments. How does it achieve this? The key lies in its ability to deploy a cloud gateway appliance, thereby allowing direct connectivity to the VMware cloud. And while this is impressive, the real charm comes from its many enhancements. This includes integrating VMware offerings such as vSAN, NSX, and Aria.
Since its inception in June of 2022, vSphere Plus has evolved significantly. VMware has enhanced it with a series of service enhancements designed to amplify its capabilities.
For those wanting to dip their toes in these waters, VMware has introduced a free trial of vSphere Plus. A highlight of this trial is the ability for users to test the reduced downtime upgrades—a feature bound to resonate with many.
And that’s not all. VMware has now enhanced the visibility within the vSphere Plus ecosystem. Users can now manage and view their VMware Cloud Gateway instances from a unified cloud console. This centralized approach undoubtedly adds a layer of convenience, especially when managing large deployments.
vSphere 8 Update 2: A Deep Dive into Enhanced Features
Administrators will have much better tools as part of vSphere 8 Update 2. The focus is clear: give back time to administrators. By reducing the time they spend on maintenance activities or, in some cases, eliminating the need for specific maintenance tasks, VMware is helping transform the administrative experience.
One of the standout features in this update is the reduced downtime upgrades. Initially introduced within the vSphere Plus, this feature now extends to on-premises instances that aren’t cloud-connected. This is seen as it empowers administrators to update or patch their vCenter with a mere few minutes of downtime.
Another aspect worth highlighting is the emphasis on the integrity of vCenter patching. VMware strongly advocates for taking backups before any patching or updating procedure. It is not just a recommendation but required to ensure uninterrupted operations.
The Importance of Backups in vSphere
Backups have always been an important part of any IT infrastructure, but with vSphere 8 Update 2, VMware has fine-tuned the process to ensure an even smoother experience. The platform now guides users on the ideal times to take a vCenter backup, highlighting the last instance when such a backup was executed.
While many might set their backup schedules thinking all is well, if you discover that the last backup taken was three months ago due to an accidental scheduler disablement, you would be in trouble. To counter such situations, vSphere now provides detailed visibility into backup occurrences, ensuring you’re always in the loop.
If you’ve neglected to setup a file-based or image-level backup, vSphere takes a proactive measure by executing an automatic LVM (logical volume manager) snapshot before patching. It’s crucial to understand that this is an OS-level snapshot, not an automatic file-based backup, as suggested by the interface.
This LVM snapshot, a space-efficient copy of LVM volumes, is a safety mechanism during patching failures. With it, you can retry patching or revert to the LVM snapshot, providing a contingency plan. However, it’s a reminder that this is a safety net and not a substitute for regular full vCenter backups.
Non-Disruptive Certificate Management and Network Configuration Recovery
To streamline upgrades and updates, VMware has minimized the downtime needed for vCenter during such events. With the rising focus on certificate management and given how browsers are shortening the validity of certificates they honor, vSphere has incorporated a helpful feature. Now, you can renew or replace vCenter certificates without necessitating a service restart.
Reliable network recovery
On the recovery front, for environments operating with one or more vSphere distributed switches, restoring vCenter from a backup has been simplified. When vCenter is restored from an outdated backup, it will automatically reconcile with the current version of the distributed switch on ESXi hosts.
In the aftermath of disaster recovery, there won’t be a need to worry about distributed switches being out of sync or having inconsistencies. This integration supports distributed switches in conjunction with VMware NSX, which includes functionalities like VM connections to port groups or NSX, managing NSX segments, and more.
Elevating Security with vSphere Identity Federation
Security remains a top priority, and vSphere continues to evolve its identity federation features to enhance it. Since the launch of vSphere 7, there has been a consistent addition of identity providers. vSphere 8 saw the support for OKTA identity services, and now, with Update 2, Azure AD or Entra ID joins the list. Including more identity providers offer enhanced multi-factor authentication options, enhancing security layers.
Its ability to ensure vSphere never directly interacts with user credentials sets federated identity apart. It mirrors most web authentication services, redirecting users to the identity service for authentication and then back to the application, in this case, vCenter.
While vSphere continues to support AD over LDAP-S, it’s noteworthy to mention the deprecation of integrated Windows authentication, which is slated to be unavailable in the subsequent major vSphere version.
Strengthened Authentication with Broader Integration
VMware is building on previous improvements in vSphere 7, and ADFS support was introduced. This has been further expanded in vSphere 8, where OKTA and Microsoft Azure AD support have been added. These integrations provide expanded flexibility for enterprise-level authentications and ensure a more seamless user experience.
Improved Out-of-the-Box Security
Every vSphere update continues to emphasize VMware’s commitment to making vSphere more secure. In line with this commitment, they have enhanced the product defaults to align more closely with the vSphere security configuration and hardening guides. Alongside the release of vSphere 8 Update 2, expect updated hardening guides to make the process smoother for the user base.
Enhanced vSphere Lifecycle Manager (vLCM)
vLCM has been a game-changer for many, and its capabilities are being further enhanced. While it currently supports vSAN witness nodes and vSAN clusters, vSphere 8 Update 2 brings a notable change. The update allows vLCM to manage witness nodes participating in multiple vSAN clusters.
Specifically for shared vSAN witness nodes, users can now manage the image definition independently of the vSAN clusters they are a part of. This offers greater flexibility, especially for shared vSAN witness nodes, allowing for tailored builds according to specific use cases.
Streamlined Configuration Profiles
Introduced in vSphere 8 and refined in vSphere 8 Update 1, the vSphere Configuration Profiles feature sees further enhancement in Update 2. An all-encompassing UI workflow facilitates the creation, editing, and application of vSphere Configuration Profiles.
There’s no longer a need to export the JSON document for edits – though the option remains. A new ‘Draft’ tab has been added to the UI, enabling users to create, edit, and apply drafts or copies of the existing configuration.
An example of this is the ability to add NTP settings to a cluster configuration document. The enhanced interface can save edits in a draft and apply like host profiles today.
Simplified Windows VM Deployment
In what may seem like a minor tweak, a significant improvement has been made in deploying Windows VMs. Users can now define the OU path while creating customization specs, resulting in Windows VMs being deployed and customized according to the specified OU path, streamlining their integration into Active Directory.
Transparent Error Messages
Error messages have been revamped to address a long-standing user pain point for greater clarity and utility. An instance of this is the clearer error messages displayed when VM files are locked. For scenarios where a VM can’t be powered on, the updated messages will detail the locked file and specify the host with the lock.
This eliminates the need to delve into command line tools or logs to discern lock details. A straightforward message indicates the file in question, the host attempting access, the host with the lock, and its MAC address.
Supercharged Workload Performance
vSphere has consistently been at the forefront of optimizing workload performance. The latest update provides further advancement to this commitment. The ecosystem of DPU vendors is steadily increasing.
Expanded DPU Ecosystem
vSphere 8 introduced Data Processing Units (DPUs) support within its distributed services engine. This was realized in collaboration with giants like Dell, HP, Nvidia, AMD, and Intel. VMware has announced the expansion of this support to servers from Lenovo and Fujitsu, signaling our intent to widen our partner ecosystem continuously.
Enhanced GPU Workload Support
There’s a growing emphasis on treating GPUs as first-class citizens within vSphere. Subsequent releases have seen major improvements in GPU support. For instance, vSphere now supports the vMotion of GPU-enabled virtual machines.
The latest addition in vSphere 8 Update 2 sees the smarter placement of GPU-enabled VMs, courtesy of an enhanced DRS. This new DRS ensures better initial placement decisions and can be configured for automatic load balancing of vGPU-enabled virtual machines.
Enhanced DRS with vGPU Defragmentation
In past vSphere versions, VMs with certain GPU requirements often faced placement issues if the required GPUs were scattered across different hosts. Enter vSphere 8 update 2! It now boasts DRS (Distributed Resource Scheduler), which automatically defragments vGPU-enabled VMs.
So, if an incoming VM requires four GPUs and isn’t available on the same host, DRS will intelligently migrate another VM to create space. This dynamic load balancing ensures that VMs are not left hanging and are placed and powered as needed.
Quality of Service for GPU Workloads
With vGPUs, the ‘stun time’ (time when a VM is momentarily paused) during migrations can be considerable. vSphere 8 update 2 offers administrators a fantastic view into the estimated max stun time of a vGPU-enabled VM. This is determined based on the network speed and the size of the vGPU memory.
Further elevating control, administrators can now define a ‘Quality of Service’ (QoS) for VMs. How? They can set a maximum acceptable stun time. VMs that fit within this QoS can be automatically balanced or manually migrated. But if a VM exceeds this set time, say more than 10 seconds, its migration would be restricted, ensuring that the VM operations remain unhindered.
Virtual Machine Hardware Version 21
Hardware updates are always welcomed, and the Virtual Machine Hardware Version 21 doesn’t disappoint. It bolsters VM device capacities:
- Boosts the maximum number of vGPUs per VM to 16.
- Enables attachment of up to 256 NVMe disks to a VM.
- It supports the NVMe 1.3 specification for Windows users and Windows Server failover clustering with NVMe disks.
- Compatibility checks: Red Hat 10, Oracle 10, Debian 13, and FreeBSD 15. But remember, to fully harness these, you need both vSphere 8 update 2 and hardware version 21.
A quick note: Hardware version 21 is specific to ESXi 8 update 2 and later. So, you might not need an immediate hardware update unless you’re looking to take advantage of these new features.
DevOps – The Tanzu Ecosystem
vSphere’s support for DevOps is evident in its commitment to containerized workloads and services. With vSphere 8 update 2, deploying Supervisor Clusters, which have been around since vSphere 7, becomes easier. The import/export option lets admins export configurations to a readable JSON document, which can be reused for deploying more clusters.
And for those aiming to duplicate configurations, a quick clone feature comes in handy. It replicates the configuration from one vSphere cluster to another, expanding resources and TKG instances.
Expanding NSX Advanced Load Balancer Support
NSX-T Load Balancer has been deprecated since the 3.2 NSX-T version, be prepared for a change soon. Start using the NSX Advanced Load Balancer or the Avi load balancer. This is only for Greenfield installations.
Flexibility for DevOps Deployments
VM service is now compatible with Windows-based templates and can be used to deploy traditional virtual machines and containerized workloads.
Self-service VM image registry
This functionality has been expanded to introduce self-service image VM registry. This allows DevOps users to write back to content libraries. Previously, DevOps users can deploy VMs in those libraries, but no mechanism to save those back. Now, admins can define whether or not a Content Library is read-only or make it writeable.
Download and availability coming soon
The download and availability of vSphere 8.0 Update 2 will be soon.
The new VMware vSphere 8.0 Update 2 release is massive with many excellent new features and capabilities. The vSphere stack continues to evolve with many new “cloudy” features allowing organizations to be more agile and have the tools needed to support a cloud-first environment and workflows.
Check out the official post here: Announcing vSphere Q3 2023 Release – VMware vSphere Blog.