VMware

VMware vSphere 8 Update 3 Released New Features and Download

VMware vSphere 8.0 Update 3 released with new features, including embedded vsphere cluster service and lifecycle improvements & download

Today, VMware is announcing the release of VMware vSphere 8.0 Update 3, which will be available today as well. This is a massive release that contains many new features and capabilities in the platform, including embedded vsphere cluster service, reduced downtime updates, non workload maintenance evacuation, and more. It also is in conjunction with the release of VMware vSAN 8.0 Update 3 and VMware Cloud Foundation 5.2. Let’s take a look at the new features that are coming with this release.

vSphere IaaS Control Plane

vSphere IaaS control plane. This is the new way to refer to vSphere with Tanzu. Just know these are talking about the same thing. Customers have long asked TKG service to be decoupled from vCenter. It is important as it can deliver asynchronous delivery of vCenter and the Kubernetes versions.

Vsphere iaas control plane
Vsphere iaas control plane

Embedded vSphere Cluster Service

New with vSphere 8.0 Update 3 is a vSphere Cluster Service that is embedded in ESXi itself. There will now be fewer VMs to run. You will only see 2 VMs per cluster, if the cluster is a two-node cluster or a 64-node cluster, there will only be 2.

Since it is embedded now into ESXi there will be no OVA push from vCenter and no storage footprint moving forward since it runs only in memory.

Embedded vsphere cluster service in vsphere 8.0 update 3
Embedded vsphere cluster service in vsphere 8.0 update 3

Independent TKG Service

vSphere 8 Update 3 separates the Tanzu Kubernetes Grid (TKG) Service from vCenter releases. This allows for asynchronous releases, which means you can have the latest Kubernetes versions. You can upgrade the TKG Service without needing to update the Supervisor or vCenter. It helps with a quicker rollout of new Kubernetes versions and the features that go along with the new releases.

TKG can be upgraded directly without having to upgrade management clusters or vCenter. Autoscaling is also being introduced. Worker nodes will be added automatically if there aren’t enough resources for the workload demand. There is a minimum version required, version 1.25.

Independent tkg service
Independent tkg service

Autoscaling for Kubernetes Clusters

The update improves Kubernetes cluster management by introducing autoscaling capabilities for worker nodes. This allows the system to scale down underutilized nodes and scale up when workloads increase. This helps to make sure you have optimal resource use and efficiency.

Autoscaling for kubernetes clusters
Autoscaling for kubernetes clusters

vSAN Stretched Cluster Support for TKG

vSAN 8.0 update 3 now includes stretched cluster support for active/active deployments. It helps utilize affinity and anti-affinity rules to make sure that VMs are placed in the best way possible. This improves data availability and resilience across geographically dispersed sites.

Vsan stretched cluster support
Vsan stretched cluster support

Automated Supervisor Certificate Rotation

vSphere now automates the rotation of expiring Supervisor certificates, which can be a pain to have to rotate manually. It helps reduce the manual steps needed before rotation and enhances security. This feature also has an alarm that alerts administrators only if the auto-renewal process fails.

Automated supervisor certificate rotation
Automated supervisor certificate rotation

VM Service โ€“ VM Backup and Restore

The VM service now includes the ability to backup and restore VMs that have been deployed using the VM service. It requires no changes to the backup tool. Backups can be down to the VM-level or the namespace. You would just reference the resource pool in vCenter.

Metadata has to be restored as part of the restore process. In the extra config fields it now includes the information needed for restore. There is an API available to register and resolve issues as well.

Vm service backup and restore
Vm service backup and restore

VM Service โ€“ VM Class Expanded Configuration

The interface has been updated to support the entire VM configuration. In the past it was limited in different static configurations and you had some customizations there. Now, you can configure VMs to use any class. Admins now have full granular control.

This change increases administrative control over VM hardware settings and helps with aligning with public cloud service models.

Vm service vm class expanded configuration
Vm service vm class expanded configuration

Local Consumption Interface (LCI)

The new Local Consumption Interface (LCI) for managing VMs and TKG clusters is now available locally. It provides a streamlined user experience, and supports complex deployments and automatic YAML generation, enhancing the operational efficiency of virtual environments.

Local consumption interface
Local consumption interface

Enhanced vSphere Lifecycle Management

vSphere 8 Update 3 has many new improvements to lifecycle management and makes sure that the environments are easier to maintain and more secure, with minimal downtime.

Keeping vsphere updated
Keeping vsphere updated

vSphere Configuration Profiles

The new vSphere Configuration Profiles enable administrators to manage and remediate configuration drifts across clusters effectively. It supports declarative cluster image lifecycle management and includes the ability to define and enforce configuration baselines. This helps ensure consistent settings across the infrastructure.

Patch vsphere faster and less disruptive in vsphere 8.0 update 3
Patch vsphere faster and less disruptive in vsphere 8.0 update 3

vSphere Lifecycle Manager with Dual DPU Support

The vSphere Lifecycle Manager now supports dual DPUs. This helps administrators to manage and remediate configurations in environments using dual Distributed Processing Units (DPUs). This feature allows for the configuration of active and standby DPUs. It also enhances network resilience and minimizes downtime during hardware failures or maintenance.

Multiple dpu instances support with single image in vsphere 8.0 update 3
Multiple dpu instances support with single image in vsphere 8.0 update 3

Reduced Downtime Updates

The update process for vCenter has been optimized to minimize downtime. The new migration-based update process allows VIadmins to quickly remediate security vulnerabilities with easy rollback capabilities if complications happen. This helps make sure that the systems are always running on the latest, most secure software without major disruptions.

vSphere Live Patch

vSphere Live Patch is a new feature that reduces the impact of patching by allowing hosts to enter a partial maintenance mode where VMs can remain running. This can happen in vSphere 8.0 Update 3 by loading and patching a new mount revision of the ESXi hypervisor without fully rebooting the system. This new process enables VMs to fast-suspend-resume and consume the patched mount revision almost instantly.

Vsphere 8.0 update 3 live patch update
Vsphere 8.0 update 3 live patch update

Enhanced Image Customization

The update introduces enhanced options for image customization. Administrators can now override vendor add-ons to maintain existing drivers. They can also remove third-party vendor add-on components, and manage VMware Tools and ESXi Host Client components much easier and more effectively. This customization improves supporting full-stack firmware updates with staging and parallel remediation capabilities in the new release.

2024 06 24 22 57 53
2024 06 24 22 57 53

Streamlined Cluster Image Definitions

The new enhancements allow for more streamlined definitions and management of cluster images. This includes support for declarative management of the full stack update process. It helps to make sure that all components that include firmware and drivers, are updated in synchronization across the entire cluster.

Streamline cluster image definitions in vsphere 8.0 update 3
Streamline cluster image definitions in vsphere 8.0 update 3

Maintenance without Workload Evacuation

The partial maintenance mode is a major new feature that allows VMs to continue running while disallowing migrations to and from the host and new VM creations on it. This capability can help during updates and patches to make sure of continuous availability and that services remain online.

Maintenance without workload evacuation in vsphere 8.0 update 3
Maintenance without workload evacuation in vsphere 8.0 update 3

Hardware support

There are many new hardware support features found in the new release of vSphere 8.0 update 3. Let’s take a look at those.

Dual DPU support

Now, there is high availability support with DPU configuration with vSphere distributed services engine. It provides high availability with active and standby states, brief interruption during failover and it does not fail back. The other DPU just becomes standby. This helps to protect environments in vSphere 8.0 Update 3 from DPU failure or loss of uplink.

Dual dpu configuration support in vsphere 8.0 update 3
Dual dpu configuration support in vsphere 8.0 update 3

The 2nd DPU can also be used for an additional distributed switch with a no failover configuration and full isolation between switches and DPUs. It provides 2X the offload capacity per host.

Increased network offload capacity in vsphere 8.0 update 3
Increased network offload capacity in vsphere 8.0 update 3

Intelยฎ Xeonยฎ CPU Max Series Support

Support for Intel Xeon CPU Max Series improves the performance of AI/ML workloads and addresses demands for high-performance computing (HPC) through built-in accelerators and high-bandwidth memory (HBM). This will result in a significant boosting of performance for computing intensive workloads and tasks.

Intel xeon cpu max series support in vsphere 8.0 update 3
Intel xeon cpu max series support in vsphere 8.0 update 3

GPU Enhancements

vSphere 8 Update 3 introduces multiple GPU profiles that allow different types of workloads to be placed on a single GPU. This helps to improve resources and enhance performance across applications.

Host different workloads on a single gpu in vsphere 8.0 update3
Host different workloads on a single gpu in vsphere 8.0 update

You can also monitor the GPU resources at a glance in the cluster level GPU monitoring dashboard in vsphere 8.0 Update 3.

You can monitor gpu consumption in a single interface in vsphere 8.0 update 3
You can monitor gpu consumption in a single interface in vsphere 8.0 update 3

There is also simplified vGPU workload mobility with vSphere DRS settings for vGPU VMs.

Simplified vgpu workload mobility in vsphere 8.0 update 3
Simplified vgpu workload mobility in vsphere 8.0 update 3

Security Enhancements

vSphere 8 Update 3 brings about many new security enhancements designed to strengthen the protection of virtualized environments, streamline security management, and ensure compliance with industry standards. Hereโ€™s a detailed look at each of the security upgrades:

PingFederate Support in vSphere Identity Federation

vSphere 8 Update 3 introduces support for PingFederate. This helps to expand the choices with the Identity Federation capabilities. The Identity Federation allows vSphere to connect with multiple on-premises and cloud-based identity providers (IdPs). It helps integrate a more flexible and secure Single Sign-On (SSO) experience. It supports modern authentication protocols, including Multi-Factor Authentication (MFA). This helps to make sure your vSphere environment aligns with the security posture against unauthorized access.

Pingfederate added to vsphere identity federation in vsphere 8.0 update 3
Pingfederate added to vsphere identity federation in vsphere 8.0 update 3

TLS & Cipher Suite Profile Support

This update includes the ability to quickly configure and implement modern “best practices” for TLS ciphers directly through the vSphere API, PowerCLI, or configuration profiles. These enhancements help secure data in transit and make sure that communication between components uses the latest security standards. A system reboot is required to apply these changes, ensuring all components cleanly transition to the new security configurations.

Ability to configure best practices modern tls ciphers in vsphere 8.0 update 3
Ability to configure best practices modern tls ciphers in vsphere 8.0 update 3

Security Configuration Guides & Baselines

vSphere 8 Update 3 comes with updated security configuration guides and baselines that are easier to understand and implement. These guides now include coverage for vSAN services and map out differences between the Security Technical Implementation Guides (STIG) and Payment Card Industry (PCI) compliance requirements. Also, you have new scripts that are provided to help audit and remediate configurations.

Better security baselines and guides in vsphere 8.0 u3
Better security baselines and guides in vsphere 8.0 u3

Enhanced Security for Kubernetes

The release improves the security management of Kubernetes environments running on vSphere. It automates key tasks like the rotation of Kubernetes supervisor certificates. This automatic rotation helps make sure that certificates are always current and reduces the risk of outages due to expired certificates. If the auto-renewal process fails, an alarm notifies administrators to take action. This helps to protect against vulnerabilities.

Storage Innovations

vSphere 8 Update 3 introduces several new storage advancements that are set to improve flexibility, efficiency, and management of storage solutions in vSphere 8.0 Update 3. Hereโ€™s an in-depth exploration of each enhancement:

Support for vVols Stretched Storage Cluster

vSphere 8.0 Update 3 introduces initial support for vVols stretched storage clusters. This feature is critical for environments that need high availability across geographically dispersed data centers. It uses Active/Active storage configurations and includes VASA 6 specification support and VASA High Availability. The stretched storage capability makes sure that operations continue seamlessly even in the event of a site failure. This helps provide a strong disaster recovery solution.

Support for vvols stretched cluster in vsphere 8.0 update 3
Support for vvols stretched cluster in vsphere 8.0 update 3

UNMAP Support for vVols on NVMe Volumes

UNMAP command support has been added for vVols on NVMe volume. This process allows for space reclamation in the background without administrative intervention. It helps maintain storage efficiency and automatically optimizes space usage, which is particularly beneficial in dynamic environments where demands are changing often.

Unmap support for vvols on nvme volumes
Unmap support for vvols on nvme volumes

Microsoft WSFC Clustering Support on NVMeoF

vSphere 8 Update 3 adds support for vVols shared disks over NVMe over Fabrics (NVMeoF). This is required for Microsoft Windows Server Failover Clustering (WSFC) environments using NVMe. This support means you no longer need Raw Device Mappings (RDMs). It helps simplify the configuration and management of highly available clustered services.

Vvols microsoft wsfc clustering support on nvmeof in vsphere 8.0 update 3
Vvols microsoft wsfc clustering support on nvmeof in vsphere 8.0 update 3

Limiting UNMAP Operations

To prevent performance degradation during extensive UNMAP operations, vSphere 8 Update 3 allows administrators to define the maximum number of hosts that can send UNMAP commands at the same time. This is configurable per datastore and helps to make sure you always have optimal performance even during large-scale space reclamation tasks.

Unmap limiting
Unmap limiting

Enhanced Multi-Pathing with PSA Support

Path Selection Plugin (PSA) enhancements include support for Fabric Performance Impact Notification (FPIN). It informs vSphere about congestion issues on Fibre Channel networks. This capability helps to troubleshoot path issues and make sure that the healthiest available paths are used for data storage operations.

Fabric performance impact notification for san switches and targets in vsphere 8.0 u3
Fabric performance impact notification for san switches and targets in vsphere 8.0 u3

Faster time for Thin to EZT Disk Conversions

The process of inflating thin-provisioned disks to eager zeroed thick (EZT) has been majorly optimized. This enhancement reduces the time required for these operations. It also boosts performance on VMFS datastores in environments where disk format conversions are common due to changing performance or security requirements.

Reduced time to inflate thin to ezt disks on vmfs
Reduced time to inflate thin to ezt disks on vmfs

CNS CSI Storage Enhancements

Container Storage Interface (CSI) enhancements in vSphere 8 Update 3 include improved support for vSAN ESA File Service. It enables up to 250 file shares per vSAN environment. Also, it allows persistent volume (PV) migration across non-shared data stores within the same vCenter. This helps with flexibility and management of storage resources in containerized environments.

Cns csi storage enhancements in vsphere 8.0 update 3
Cns csi storage enhancements in vsphere 8.0 update 3

Wrapping up

PHeww!! That is a lot of new features that are included in VMware vSphere 8.0 Update 3. It seems like this update touches just about every aspect of vSphere and helps to bring improvements across the board. I really like the lifecycle improvements as well as the new integrated cluster services in ESXi 8.0 Update 3. The great thing about the new bits is we don’t have to wait, they are available today.

Subscribe to VirtualizationHowto via Email ๐Ÿ””

Enter your email address to subscribe to this blog and receive notifications of new posts by email.



Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at Virtualizationhowto.com, and a 7-time VMware vExpert, with over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, He has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family. Also, he goes through the effort of testing and troubleshooting issues, so you don't have to.

Related Articles

2 Comments

  1. No other hypervisor is as enterprise-ready as ESXi and vSphere. All others are continuously playing catch-up and will continue to do so.

    The best of breed remains best of breed.

    1. Jeff,

      I totally agree. I work with a lot of hypervisors just in testing and playing around. Each new release of vSphere shows why they are out front. The continually innovate. I am optimistic with this release that they haven’t been stifled from doing that with the Broadcom purchase. I think Update 3 will help convince some in the enterprise to stay where they are, even with the price increases. Now, time to update the lab to Update 3 ๐Ÿ™‚ As always Jeff, I really appreciate your comments and insights.

      Brandon

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.