Developers: | VMware |
Last Release Date: | 2022/08/31 |
Technology: | Virtualization, Data Centers - Data Center Technologies |
Content |
Main article: Virtualization. Classification and applications
VMware vSphere, a platform for, virtualizations DPC provides maximum levels of availability and responsiveness for all applications and services. Optimizing IT service delivery and maximizing application service levels with minimal total application workload costs by separating critical applications from the underlying hardware helps achieve flexibility and reliability.
VMware vSphere is a software package consisting of several VMware ESX servers running virtual machines and one VMware vCenter server, which is a single management console for all ESX hosts and virtual machines.
VMware vSphere is available in four editions (VMware vSphere Standard, Advanced, Enterprise, and Enterprise Plus). Depending on the publication, users receive various functionality (High Availability, Data Recovery, VMotion, Fault Tolerance, vShield Zones, DRS/DPM, etc.).
2022
VMware vSphere 8
On August 31, 2022, it became known that VMware announced the VMware vSphere 8 virtualization platform.
According to the company, among the innovations:
vSphere Distributed Services Engine
vSphere 8 introduced vSphere Distributed Services Engine functionality, formerly called Project Monterey.
For quite some time, hardware vendors have been trying to release some CPU functions by transferring them to the appropriate server components (vGPU module, network card with support for offload functions, etc.), isolating them as much as possible as necessary. But all this hardware architecture will not work well without changes to the software platform.
Project Monterey is a redesign of the vSphere Cloud Foundation architecture in such a way that native integration of hardware capabilities and software components appears. For example, SmartNIC hardware technology provides adequate performance, zero-trust security, and easy operation in a VCF environment. Due to SmartNIC technology, the VCF infrastructure will support operating systems and applications executed on bare hardware (that is, without and separately from a hypervisor).
With Data Processing Units (DPUs) existing in PCIe devices such as NICs or GPUs, this technology can be implemented to manage hosts and storage at the ESXi hypervisor level.
In vShphere 8, the ESXi hypervisor is installed directly in the Data Processing Unit, which allows you to operate the functions of devices, using their resources directly and ensuring proper performance.
With the release of vSphere 8, clean DPU installations will be supported, which provide an offload of NSX functionality to network devices. The vSphere Distributed Services Engine lifecycle is managed by the vSphere Lifecycle Manager. On hosts where there is an ESXi hypervisor installed in the DPU, its current version will always be supported.
Using vSphere Distributed Switch 8.0 and NSX, network services will be executed directly on DPUs without using resources - x86processor optimizing the direct visibility of network traffic, system security and isolation.
Changes to vSphere with Tanzu
There are the following basic concepts that will help you understand the updated functionality of the vSphere 8 platform for working with Kubernetes clusters:
- Tanzu Kubernetes Grid on vSphere 8 is a tool for consolidating Tanzu Kubernetes solutions into one executable environment from VMware.
- Workload Availability Zones are tools for isolating workloads within vSphere clusters. Supervisor clusters and Tanzu Kubernetes clusters can be located in different zones to optimize the availability of clusters where nodes are not used in the same vSphere clusters.
- ClusterClass is a way to define a cluster configuration through the ClusterAPI specification.
- PhotoOS and Ubuntu are basic images that can be customized and stored in the content library for use in the Tanzu Kubernetes environment.
- Pinniped Integration is an authentication solution for Tanzu Kubernetes clusters that supports LDAP and OIDC protocols. You can define the identity providers that will be used for supervisor clusters and Tanzu Kubernetes clusters.
Stability and availability within Workload Availability Zones for Supervisor clusters and Tanzu Kubernetes clusters is ensured by stretching workloads between vSphere clusters, while fully supporting vSphere Namespaces mechanics.
Three Workload Availability Zones are needed for availability. When you activate Workload Management, you can choose to deploy between Workload Availability Zones or within a single cluster. In the first version of this mechanism, the vSphere cluster<> Availability Zone relationships<> are built as 1:1.
ClusterClass allows you to declaratively define the configuration of the Tanzu Kubernetes cluster and the default packages. These decisions are made by the DevOps team. They can include packages for network communication, storage, cloud providers, authentication and metric collection mechanisms. That is, ClusterClass is a ClusterAPI-based Tanzu Kubernetes cluster specification that is managed by the supervisor cluster.
After deploying the cluster, DevOps developers and specialists can add optional packages through the Tanzania Standard Package Repository. These packages can include Contour tools, certificate management, logging, traffic monitoring (such as Prometheus), Grafana visualization, and external DNS services. All this is managed through the Tanzu CLI interface.
In vSphere 7, authentication worked through an integration mechanism with the vCenter Single Sign-On. Now you can continue to use it, but another method has appeared - Pinniped integration. Now, Tanzu Kubernetes clusters and supervisor cluster have direct access via OIDC or LDAP to Identity Provider (IDP) without using vCenter Single Sign-On. Pinniped containers are automatically deployed to clusters for complete integration readiness.
- DevOps use Tanzu CLI login for authentication in Supervisor and TKC clusters
- Pinniped Integration Federates Access via IDP
- IDP returns login link or shows authentication window
- DevOps User Enters IDP Account Settings
- Once authenticated, IDP redirects to Pinniped
- TanzuCLI builds kubeconfig file required to access Supervisor and TKC clusters
Lifecycle Management Tools
vSphere 8 has DPU support in vSphere Lifecycle Manager to automatically update ESXi hypervisors in these devices. This supports the staging of updates and upgrades, parallel rolling of updates and working with standalone hosts to ensure the full identity of the vLCM functions and the outdated Update Manager. Standalone hosts can be managed through the API.
The vSphere Configuration Profiles Technical Preview is the next generation of cluster configuration management tools and will replace the existing Host Profiles functionality in the future.
The Baseline lifecycle management mechanism, formerly known as the vSphere Update Manager, is already being decommissioned in vSphere 8. It is still supported, but this is the latest vSphere release where it is present.
vSphere Lifecycle Manager can send updates to the staging in advance for subsequent rolling in the production environment. Updates can be staged without putting hosts in maintenance mode. Firmware updates can also be submitted to staging through integration with Hardware Support Manager.
vSphere Lifecycle Manager can update ESXi hosts in parallel mode, reducing the total time it takes to update the cluster. The administrator can determine whether to update all hosts that are currently in maintenance mode, or determine the maximum number of concurrent updates.
Also available in vSphere 8 is a preview of vSphere Configuration Profiles technology, which will replace Host Profiles.
The desired configuration is defined at the cluster object level and applied to all of its hosts. All hosts must have a single consistent configuration. Deviations from the configuration level are monitored and reported to the administrator, who by click can eliminate these differences.
While this functionality is in Tech Preview status, users can use the standard Host Profiles mechanism.
Also, vCenter now saves the cluster state after restoring itself from the backup. This is because ESXi hosts store a distributed key-value storage that determines the state of the cluster.
Changes for AI and ML loads
Unified management tools are now available AIML for/Hardware Accelerators. Device Groups allow you to organize virtual machines a simpler and more convenient consumption of hardware resources such as NIC and GPUs that interact with each other. NVIDIA will be the first VMware partner to support Device Groups with all required compatible drivers.
A group consists of two or more devices, on one PCIe switch, or connected directly to each other. For the vSphere 8 platform, these devices are presented as a single group module.
Device Groups are added to virtual machines through the Add New PCI Device workflow. The vSphere DRS and vSphere HA mechanisms support these device groups and will ensure that VMs are located in such a way that they have access to their group.
Device Virtualization Extensions, based on Dynamic DirectPath I/O technology, provide a framework and API for third-party vendors to build virtual devices that communicate with hardware. This allows you to support the vSphere vMotion, Suspend/Resume mechanisms, as well as the mechanics of memory and disk snapshots.
Guest OS and Virtual Machines
The version of "virtual hardware" has been updated - now Virtual Hardware Version 20 is available for virtual machines.
The TPM Provision Policy has now emerged. As many people know, Windows 11 requires vTPM devices to be in virtual machines. Cloning a machine with vTPM can be a threat because TPM settings are also cloned.
To fix this problem, you can replace the vTPM device with the VM you are creating.
There is also a vpxd.klone.tpmProvisionPolicy policy that defines the default behavior when cloning machines with vTPM.
Some applications cannot survive even microloads with vSphere vMotion. In this case, VMware provides a mechanism for writing migration aware applications that can integrate with vMotion. That is, the application can prepare for a migration event by stopping some services or switching to a backup copy of the clustered application. In this case, the application can delay vMotion migration until its migration preparation processes are completed (but cannot reject it) by a configured timeout.
Workloads telecom require optimized support for latency-intensive applications. The High Latency Sensitivity with Hyper-threading features are designed to support these tasks and deliver optimized performance. In this case, the vCPU of the machine is executed on the same physical CPU core in hyper-threading mode, including after migration.
High Latency Sensitivity with Hyper-threading settings require hardware version 20 and are available in Advanced settings for VM.
Well, in vSphere 8 + hardware version 20, a simple configuration of the vNUMA topology for virtual machines is now available.
Also, an information panel CPU Topology with a vNUMA configuration is now available for the virtual machine.
The vSphere DataSets functions allow you to exchange small amounts of data that rarely change between the vSphere management tools and the guest operating system where VMware Tools are installed. For example, the status of the guest OS and its agent, inventory information, and so on can be stored there. The vSphere DataSets object moves with the VM even when it changes the vCenter Server instance.
Managing Virtual Environment Resources
VMware vSphere 7.0 Update 3 introduced vSphere Memory Monitoring and Remediation (vMMR) features. With vMMR, you can monitor the operation of memory in Intel PMem Memory Mode and receive alerts when ESXi exhausts DRAM memory, which can lead to a drop in server performance.
In vSphere 8, DRS performance was optimized when there is PMEM memory on the host by using memory statistics, which allows you to make decisions on VM placement and avoid situations in which memory-related performance loss will occur.
Also in vSphere 8, Green Metrics appeared, which reflect the energy consumption of virtual machines in terms of energy efficiency of the virtual data center.
They include:
- power.capacity.usageSystem - how much energy the host spends on system activities that are not related to virtual machines.
- power.capacity.usageSystem - power consumption for idle mode (the host does nothing, just turned on).
- power.capacity.usageVm - how much power the host spends directly on the execution of virtual machines.
Safety and Compliance
The following innovations have appeared here:
- Prevent untrusted default binaries files that are not set as VIB (execInstalledOnly configuration) from running.
- vSphere 8 does not support TLS 1.0 and TLS 1.1 protocols. Previously, in vSphere 7, they were simply disabled, but now they are simply not - everything has been transferred to TLS 1.2.
- SSH Automatic Timeout - by default, the SSH session falls off by timeout.
- Sandboxed Daemons - daemons and processes now work in a sandbox, where they have the minimum privileges they need to perform their tasks.
- When trying to install Trusted Platform Module (TPM) 1.2, ESXi 8.0 displays a warning during installation or upgrade, but does not prevent it[1].
VMware vSphere+
On June 28, 2022, VMware announced the release of the VMware vSphere + solution for organizing premium clouds based on subscriptions.
As reported, VMware offers users of advanced infrastructures a slightly different set of tools than are available in a cloud infrastructure based on VMware Cloud. In the case of a hybrid infrastructure (that is, a combination of its own platform and cloud), the range of these tools is significantly expanded, as for example, for a VMware Cloud Availability solution, but users still cannot use all available solutions. Meanwhile, many VMware customers would like to organize a full-fledged cloud infrastructure, keeping all workloads in their own data center - these are often compliance requirements.
It is for such customers that VMware recently launched vSphere +, which combines the capabilities of the virtualization platform based on VMware vSphere Enterprise Plus, as well as cloud tools such as VMware Cloud Console to create a single point of control and management of the internal cloud. This includes funds to maintain an infrastructure based on containerized Kubernetes applications so that the company can organize a full-fledged SaaS cloud (this is provided by Tanzania Standard Runtime and Tanzania Mission Control Essentials).
Within vSphere +, the client still has ESXi hosts and vCenter management servers, but they connect to the Cloud Console cloud service through VMware Cloud Gateway. Administrators can perform global operations to manage and orchestrate their virtual machine and container environments, optionally with the tools to create a hybrid environment.
Using vSphere + in conjunction with vSAN +, users can create scalable services that are protected from computational and storage failures, and flexible subscription plans allow them to pay based on consumed resources and cloud functionality.
With Cloud Console, users can centralize a large amount of tasks performed by components of different VMware product lines within their own data center, which are usually managed from different instances. vCenter
An administrator in this console can perform the following tasks:
- Manage the lifecycle of vCenter services, including updates for a group of servers (Update Now button), providing an update window of just a few minutes and the ability to roll back to a previous version.
- A global inventory of services with the ability to visualize resources across all clusters, hosts and virtual machines, with access to CPU, memory and storage resources.
- Viewing all events and alerts taking place in the cloud - this optimizes the search for the causes of problems at times.
- Check for security and compliance of the entire vSphere infrastructure, with the ability to detect problems, such as open SSH sessions, outdated SSL protocols, etc., as well as take action to fix them.
- Deploy virtual machines throughout your infrastructure without having to switch between vCenter instances.
- Support for a single vCenter server configuration that complies with internal company standards.
In addition to administrative utilities, the vSphere + subscription provides many options for developers working with Kubernetes clusters:
- The Tanzu Kubernetes Grid service, which allows you to execute containerized applications in a certified Kubernetes environment tightly integrated with the vSphere infrastructure, using a familiar set of management tools for developers in an online environment.
- VM service is the ability to deploy VMs using commands and APIs, which allows you to create combinations from VMs and containers in a single environment.
- Network service - tools for creating virtual switches, load balancers and firewall rules for VMs and Kubernetes clusters.
- Storage service - the ability to manage persistent disks for containers and VMs. You can also use existing block and file stores to support containers.
- Tanzu integrated services is a set of utilities for deploying and managing local Kubernetes clusters with logging, application registry, monitoring, and other tula capabilities to quickly create production Kubernetes environments.
- Tanzu Mission Control Essentials - This solution gives DevOps developers and teams the ability to centralize operations and manage the entire Kubernetes environment globally, eliminating monitoring and problem solving issues. This service is not yet ready and will be available in the third quarter of 2022.
For June 2022, the vSphere + subscription is available to both new VMware users and existing infrastructures as an upgrade. The vCenter and ESXi hosts of the current versions can be connected to the VMware Cloud, and no production loads will be transferred there.
With the help of VMware employees, you can transfer your "eternal" licenses to the vSphere + subscription model and pay under annual contracts. All valid subscriptions can be tracked in a single console.
There are also opportunities to add add-ons to the cloud infrastructure as part of the subscription expansion - the first such solution will be VMware Cloud Disaster Recovery[2].
Gagar Server Hardware Compatibility Test > n
On June 15, 2022 system integrator AMT GROUP Russian server , both the equipment manufacturer GAGAR>N announced the testing equipment of GAGAR > N for compatibility with the main platforms. virtualizations
As part of the testing, an assessment was made of the possibility of replacing foreign server equipment in projects implemented by AMT GROUP, Russian-made equipment, as well as checking compatibility with virtualization platforms used in current projects, including VMware vSphere. Read more here.
Softline Coster Solution Support
Softline's multi-cloud Coster solution now supports vSphere solutions. Softline announced this on March 25, 2022. Read more here.
2021
VMware vSphere 7 Update 3 with NVMe over Fabrics
September 30, 2021 it became known about the changes in VMware vSphere 7 Update 3 in terms of virtual machine storage. Changes have been made in the following areas:
The vSphere 7.0 release announced support for NVMe over Fabrics technology, which initially supported only FC and RDMA protocols. Now, as SSD storage facilities continue to gain popularity, and Non-Volatile Memory Express (NVMe) transport has become the standard for many types of systems, vSphere 7 Update 3 also has support for NVMe over TCP, which allows you to use the standard infrastructure/ TCP, IP optimized for Flash and SSD, for storage traffic. This will help in some cases significantly save on equipment.
VMware has a number of clients that have reached the previous limit of 64 ESXi hosts per VMFS or NFS virtual storage. In Update 3, this limit was extended to 128 hosts. This number is not related to cluster limits - this is only the number of hosts that can use the datastor at the same time.
In vSphere 7, VMware updated Affinity Manager to version 2.0, which reduces the cost of first writes for thin and lazy thick disks. Affinity 3.0, which was included in this release, introduced support for persistent Cloud Native Storage (CNS) volumes, which are also called FCD (First Class Disks). Support for more ESXi hosts per cluster has also been added.
This vSphere update significantly improved the procedure for handling a large number of vVol volume snapshots simultaneously, which can occur as part of storage maintenance and backup processes. Snapshot operations are grouped and processed as part of a batch process, the total number of operations is reduced, so as a result, the load on storage is reduced[3]
VMware vSphere 7 Update 2 with AI-Ready Enterprise support
On March 19, 2021, VMware introduced an updated version of VMware vSphere 7 Update 2 with AI-Ready Enterprise support.
According to the company, updates for the AI-Ready Enterprise platform include:
- NVIDIA-certified version of VMware vSphere 7 Update 2 for ANIInterprise AI, a set of optimized cloud applications and frameworks for creating a comprehensive AI-based solution;
- support from vSphere 7 Update 2 GPUs NVIDIA A100 and NVIDIA A40 with tensor cores;
- The ability for customers to build processors latest generation NVIDIA graphics into their virtual environment and take advantage of features such as the Multi-Instance GPU (MIG), which allows multiple users to share GPU cycles, migrate these between hosts virtual machines using the vSphere vMotion tool, and balance the load with vSphere Distributed Resource Scheduler (DRS).
In September 2020, VMware introduced vSphere with Tanzania to make Kubernetes integration more accessible to millions of IT professionals around the world. The update will make application interaction faster, optimize scalability and security by incorporating VMware NSX Advanced Load Balancer Essentials into vSphere with Tanzania. To help users provide an effective update to Kubernetes, VMware introduced an updated supervisor with the latest version of Kubernetes 1.19, which optimizes the update process and also makes it more stable and transparent.
To optimize the overall security of applications running in containers, vSphere 7 Update 2 presents sensitive containers for vSphere Pods based on AMD Secure Encrypted Virtualization-Encrypted State (SEV-ES) hardware and technology. For traditional environments, the updated vSphere 7 Update 2 now includes vSphere Native Key Provider, which provides basic KMS server capabilities and optimizes functionality. enciphering In addition, the updated version of vSphere 7 includes FIPS verification for VMware vCenter Server services, which optimizes audits.
VMware vSAN provides self-service capabilities for development teams to provide container storage for application development and deployment, while providing transparency and oversight for efficient infrastructure operations.
The updated vSphere Lifecycle Manager platform lifecycle management solution now supports the uninterrupted upgrade of vSphere with Tanzania (including NSX-T network and Kubernetes components). The lifecycle management system also has support for Hitachi Vantara UCP servers.
The latest release of vSphere also includes optimization of ESXi Quick Boot technology with support for permanent memory to reduce server restart time and reduce hardware maintenance time. Also, vSphere High Availability now works with permanent memory (PMEM) - this is a further optimization of support for loads using PMEM technology, such as SAP HANA.
Discovery of a vulnerability that allows arbitrary code with maximum privileges to be executed on the server
Expert Positive Technologies Yegor Dimitrenko discovered a high-level vulnerability data VMware in vSphere Replication. The company announced this on February 20, 2021. This solution allows you to create backups virtual machines and run them in the event of a failure of the main virtual machine. The error allowed attackers with access to the VMware vSphere Replication administrator's web interface to execute on server arbitrary code with maximum privileges and start promoting within the network to seize control of the corporate infrastructure.
The security flaw received a CVE-2021-21976 ID and a CVSS v3 score of 7.2.
Vulnerabilities that allow you to perform this kind of attack (Command Injection) can quite often be found in administration products, "explains Yegor Dimitrenko. - Usually, such errors are caused by insufficient verification of user input data, which subsequently fall into the context of calling system commands. Mechanisms for preventing such attacks are usually built into developers' tools, protecting against the possibility of making a mistake when writing code. Nevertheless, there are still anomalies in the code that occurred, for example, when hastily introducing new functionality or as a result of fixing an existing problem as part of hotfix fixes. To exploit the vulnerability found in the VMware product, an attacker requires credentials that can be obtained due to the use of weak passwords or through socio-technical attacks. |
To fix the vulnerability, you need to follow the recommendations from the official notification of VMware. If it is not possible to install an update, then you can detect signs of penetration using SIEM systems that help identify suspicious behavior on the server, register an incident and promptly stop the advance of attackers within the corporate network.
2020
VMware vSphere 7 Update 1c Integration of Cross vCenter vMotion Functionality
On December 20, 2020, VMware announced the release of VMware vSphere 7 Update 1c, which featured quite a few minor updates.
- Statistics on physical network adapters - 5 parameters have been added (dropRx, dropTx, errorsRx, RxCRCErors and errorsTx), which allow you to detect network errors and take action to correct the situation.
- Update hosts in clusters running vSphere Lifecycle Manager in parallel. Now ESXi hosts running vLCM can be put into maintenance mode at the same time and start updating them.
- Advanced Cross vCenter vMotion is a functionality of the Cross vCenter Workload Migration Utility, which was designed to transfer virtual machines using Cross vCenter vMotion between virtual data centers managed by different servers vCenter (both SSO and domain different are supported). Now this thing is integrated into the vSphere Client, where it is convenient to work with migrations VM between data-centers (batch migration of several VMs is also supported):
- You can connect third-party plugins to manage services on the vSAN Data Persistence platform from the vSphere Client in the same way as managing the vCenter server.
- Improvements to vSAN DOM scrubber (checking blocks that have not been accessed for a long time).
- Supervisor Cluster enhancements:
- Supervisor Namespace Isolation through a dedicated T1 Router (clusters in the NSX-T network use topology for this).
- NSX-T 3.1 Support for Supervisor Clusters
- Removed support for Supervisor Cluster version 1.16.x.
- Tanzu Kubernetes Grid for vSphere Service Enhancements:
- HTTP Support/HTTPS Proxy - The newly created Tanzu Kubernetes clusters can use HTTP/HTTPS global proxies for outbound traffic, as well as download images containers from Internet repositories.
- The newly created Tanzu Kubernetes clusters out of the box are integrated with the vSphere Registry Service. Clusters updated to the next version will also be integrated with this service.
- Tanzu Kubernetes clusters can now mount additional volumes to virtual machines to increase the disk capacity of nodes. This enables users to deploy large container images that are larger than the default size of 16 GB.
Compatibility with VDI-solution "Skala-R VRM"
On May 12, 2020, Scala-R the company "" announced the release of the next version VDI of the solution Rock-R BPM (Virtual Workplace) with support for the deployment of virtual desktops on the virtualizations VMware vSphere platform. More. here
VMware vSphere 7 Announcement
On March 10, 2020, VMware announced a major update to its flagship virtualization platform VMware vSphere 7. This is an announcement, not an announcement about the availability of the next version of the product for download.
VMware vCenter Service Enhancements:
- Simplifying the vCenter Server SSO topology:
- Ability to upgrade vCenter Server for users with an external PSC to a consolidated topology based on one. servers vCSA
- Embedded PSC is the only possible deployment option. External PSC is no longer supported.
- vCenter Server Profiles:
- This vCenter server feature works exactly as Host Profiles does for hosts. You can compare and export vCenter server settings in JSON format for backup purposes or apply these settings to another vCenter server through the REST API.
- vCenter Multi-Homing features:
- Up to 4 vNIC adapters can be used for vCSA control traffic, among which one vNIC is reserved for the vCHA mechanism.
- Content Library enhancements:
- There is a template management view that provides Check-In and Check-Out functions for versioning templates and the ability to roll back to a previous version.
- First, Check-Out is made to open the possibility of making changes, then Check-In can be made to save changes in the library.
- vCenter Server Update Planner:
- This feature is available as part of the vSphere Lifecycle Manager (vLCM) for vCenter servers.
- With the Update Scheduler, you can receive notifications about vCenter updates, schedule upgrades, roll them in, and analyze "what if" before performing the update.
- The ability to perform pre-upgrade checks on the selected vCenter server.
VMware DRS enhancements:
- DRS runs every minute, not every 5 minutes as before.
- To generate recommendations, the VM DRS score mechanism (aka VM Happiness) is used.
- This is a Workload centric mechanism - this means that first of all, the needs of the virtual machine itself and the application in it are taken into account, and only then the use of host resources.
- Memory calculations are based on granted memory instead of standard cluster deviation.
- The Scaleable Shares mechanism has appeared, which allows you to better allocate Shares in the resource pool in terms of balancing them.
vMotion improvements:
- Migration enhancements for Monster VM (with high resources and very high workload) to increase the chance of a successful migration.
- Using only one vCPU when tracking changed pages (page tracer) instead of all vCPUs, which has less impact on performance during migration.
- Reduce the time it takes to switch context to another server (less than one second). It is achieved by switching at the moment when compacted memory bitmap has already been transmitted to the target server, instead of waiting for full bitmap to be transmitted.
vSphere Lifecycle Manager (vLCM) features:
- Cluster Image Management feature, which includes firmware updates, drivers and ESXi images of different versions.
- Initial support for Dell OpenManage and HP OneView.
Application Acceleration Capabilities (Tech Preview)
These features came from the acquired company. Bitfusion They allow you to optimize the use of GPUs in a pool over the network, when the vGPU can be partially shared between several VMs. This can be used for application task workloads/. AIML All this allows you to organize calculations in such a way that ESXi hosts with GPU hardware modules execute virtual machines, and their VM companions on ordinary servers ESXi execute applications directly. In this case, the CUDA instructions from the client VMs are transmitted to the server via the network.
Assignable Hardware Features
This feature allows you to use the so-called Dynamic DirectPath I/O for machines that need to work with PCIe passthrough and Nvidia GRID devices. With it, you can choose hosts with certain hardware requirements, such as vGPU and PCIe. This allows, in turn, to use HA and DRS Initial Placement technologies for such VMs in a cluster where there are hardware-compatible ESXi hosts.
Certificate Management:
- Updated Certificate Import Wizard.
- Certificate API for managing certificates using scripts.
Identity Federation Capabilities
ADFS functions are supported out of the box, and more IDPs using OAUTH2 and OIDC mechanisms will also be supported.
vSphere Trust Authority (vTA) functions:
- vTA uses a separate cluster of ESXi hosts to create a separate hardware trust node.
- This cluster will be able to encrypt the computing cluster and its VM along with vCenter and other control components.
- You can use the qualification mechanism when encryption keys are required.
- It is easier to achieve the principle of least privilege, as well as expand the audit space.
vSGX/Secure Enclaves (Intel) capability:
- Intel Software Guard Extensions (SGX) allow sensitive application logic and storage to be moved to a secure area that is not accessible by the guest OS and ESXi hypervisor.
- SGX capabilities eliminate the use of vMotion, snapshots, Fault Tolerance and other technologies. Therefore, SGX is best used only when it is impossible to do otherwise.
Updated edition of vSphere with Kubernetes (Project Pacific)
Project Pacific is a suite of tools to transform the VMware vSphere environment into a native platform for Kubernetes clusters. vCenter Server provides k8s cluster management capabilities (any clusters older than n-2 will be updated). Harbor is also integrated into the solution, which can be included for each namespace.
As of March 2020, this is only available for VMware Cloud Foundation (4.0) users, as the solution is tied to the VMware NSX-T component.
VMware Tools Enhancements
Guest Store features are available on the guest OS (such as updating VMware Tools from the guest OS).
Updated Hardware (VM Hardware v17):
- Virtual Watchdog Timer - there is no dependence on the physical hardware for restarting the VM if the guest OS does not respond.
- Precision Time Protocol (PTP) - For highly time-sensitive applications (for example, trading platforms for traders), you can use PTP instead of NTP and assign its use to virtual machines.
vSphere Client enhancements:
- The search history has begun to be saved.
- All available APIs are better visible in the Explorer API.
- Code Capture has the ability to choose a scripting language - PowerCLI, Javascript, Python or Go.[4]
2019
Project Pacific: Redesigning the vSphere Architecture
In November 2019, VMware announced the release of a beta version of its new project, Project Pacific, which the company had been working on for about three years. It offers a suite of tools to transform vSphere - VMware's flagship product - into a native platform for Kubernetes clusters. While Project Pacific is open to a limited number of customers. Later, it should become available to a wider range of customers, and then - appear in new releases of vSphere. Read more here.
Integration with Dell EMC PowerProtect Software
On October 17, 2019, Dell Technologies announced a PowerProtect software update that now provides additional integration with VMware vSphere, offering VMware customers simplified data protection management and self-recovery. Read more here.
VMware vSphere 6.7 support in vGate 4.2
On October 16, 2019, the Security Code announced the passage of certification tests and the start of sales of the vGate 4.2 product. The key difference between the updated product is support for VMware vSphere 6.7. Collaboration with the latest version of the VMware virtualization platform allows you to use the product in modern virtual infrastructures. Read more here.
VMware vSphere 6.5 Update 3
On July 3, 2019, it became known that VMware released the third service pack for the previous generation of its virtualization platform - VMware vSphere 6.5 Update 3.
Updated vCenter 6.5 Update 3 features flagged by the developer:
- Events about adding, deleting, and modifying user roles contain information about the user who makes the changes.
- Improvements in audit capabilities in VMware vCenter Single Sign-On - events appeared for the following operations: user management, login, creation of groups, change of identification source, policy management. This feature is only available for a virtual vCSA module with integrated Platform Services Controller. Supported identification sources are vsphere.local, Integrated Windows Authentication (IWA), and Active Directory over LDAP.
- Support for external databases - added support for Microsoft SQL Server 2014 SP3.
- Updates OS Photon for vCSA.[5]
VMware vSphere Platinum 6.7 Update 2
On May 6, 2019, it became known that VMware released VMware vSphere Platinum 6.7 Update 2.
Changes and additions to vSphere Platinum 6.7 Update 2 noted by the developer:
- Process Burndown Charts AppDefense. is constantly in Discovery virtual data center mode. This diagram shows all new detected interactions, and if they do not become more, then it is time to switch to application Protected mode.
- Process Reputation Status. This chart shows how many services AppDefense has identified as trusted, as well as how many more unknown services and services that have not entered the trusted status (Untrusted).
- Integrity Check Status. This diagram shows the integrity checks of the guest components, OS Windows which allows you to be calm about changes made to the environment from the third-party side. ON
- Improve the monitoring event mechanism and adaptive mechanics of acceptable service behavior. AppDefense is constantly learning, working in a data center - and this engine has been significantly improved, especially in terms of the permissible behavior of services. Also, in the presented version, more information is given in the display of events.
- Topology diagrams (Beta status). This functionality of AppDefense allows you to visually track and visualize which services interact with which and on which ports. This allows you to abstract from the level of hosts and hypervisors, focusing on understanding the interaction of services in the data center.
- IntegrateVMware Tools and AppDefense. AppDefense modules are available for guest OS with VMware Tools (similar to NSX introspection modules). This also allows you to create virtual machine templates with already integrated AppDefense modules.
- vSphere Plugin improvements. AppDefense Plugin for vSphere Platinum 6.7 Update 2 has received many improvements in terms of the installation workflow in the cluster, as well as the upgrade of the AppDefense virtual module.
- Other improvements. Here, the developer noted the following:
- * Support for modern OS mechanisms simplifies the use of VBS (Virtualization-Based Security), virtual TPMs, VM layer encryption, secure boot and other security capabilities. After upgrading from older systems, such as Windows Server 2008 R2, these features will automatically turn on.
- * Update Manager and Host Profiles enhancements to the ESXi host update process.
- * Updated audit and camplaence capabilities - password history, password reuse limit, improved SSO, logging all vCenter events, and more. Events can be sent to third-party systems such as vRealize Log Insight or another SIEM system.
- * An improved API for replacing ESXi certificates, you can also generate a request to create a certificate using vCenter.
- * Updated CPU scheduler capabilities help combat L1TF type vulnerabilities[6]?
VMware vSphere 6.7 Update 2
On April 3, 2019, it became known that VMware announced the availability of an updated version of its flagship virtualization platform VMware vSphere 6.7 Update 2.
Changes and additions to VMware vSphere 6.7 Update 2, marked by the developer:
- Updated edition of VMware vSphere ROBO Enterprise. The following Enterprise-level features have appeared in the ROBO (Remote or Branch Offices) edition:
- * DRS in Maintenance Mode:
- * * Available for vSphere ROBO Enterprise only.
- * * Can be used to automatically move VMs between hosts (and back at the end of the process). To do this, VM-Host affinity rules are automatically created (it tracks where the cars left before migration, then the stored rules are applied - and the cars come back, where they were originally).
- * * The usual vMotion requirements apply.
- * * There is no visual mechanism for setting up DRS.
- * Machine Encryption (VM Encryption):
- * * Encrypt the home directory and VMDK files.
- * * KMS infrastructure required.
- * * Completely indifferent to the guest OS.
- * * Managed via GUI or PowerCLI.
- Upgrade the vCenter Server architecture. The PSC Converge tool is available in the GUI. Allows you to play an external Platform Services Controller (PSC) server on an easy-to-manage embedded PSC. It provides the following opportunities:
- * Convert external PSC topology to Embedded via GUI.
- * You can perform steps to decommission an external PSC.
- * All this is available in the System Configuration section of the vSphere Client (based on HTML5).
- * You can view the current PSC and vCenter topology graphically or tabularly.
- * It will not be possible to deploy an external PSC in future releases.
- Improve vCenter Server backup and recovery. There are 2 improvements here:
- * Protocols through which you can make a vCSA backup - NFS v3 and SMB.
- * Notifications and alerts for successful and unsuccessful completion of RC tasks. These alerts can be configured like regular vSphere alerts (send email, SNMP trap, or execute a script if successful or unsuccessful).
- Alarms and categories for vSphere Health.
- * Acknowledge option for vSphere health alerts (as for normal alerts).
- * Categories in the submitted version include:
- Online Availability
- Compute
- Network
- Storage
- * These categories allow you to more seamlessly cover and simplify the management of your vCenter server.
- Content Library enhancements.
- * VM Template Synchronization Functions (VMTX).
- * Virtual machine templates can be synchronized automatically, both between private clouds with vCenter servers and with the public cloud VMware Cloud on AWS.
- vSphere Client enhancements.
- * The vSphere Client has the ability to "code capture." It allows you to record user actions that were taken during the current session through the vCenter API, and generate the corresponding script. It can then be used to automate tasks in the vSphere infrastructure.
- * API Explorer functions (available in the "Developer Center" section) are a simple API search utility that allows you to find the main API calls, including examples and the ability to test them.
- Enhancements to vSphere Update Manager.
- * Enhancements to the user interface, including attach, compliance check, and remediation (all can be done on the same screen).
- * You can bind and remediate multiple bayslanes in a single operation.
- * During remediation, you can disconnect removable devices from virtual machines, enable Quickboot, and skip vSAN HealthCheck checks.
- VMware Tools enhancements.
- * For Windows Server 2016, tools are updated via Windows update, which means that their updates are included in the general system update cycle.
- * The version of VMware tools for Linux (in.TAR format) is no longer developing, starting with VMware Tools 10.3.10, since OpenVM Tools are available through any package update manager.
- Fix Host Profiles. Applying a host profile to an ESXi does not delete the VMK0 interface as it did before.
- Security improvements.
- * Windows Server 2019 and RHEL 8 are fully supported in vSphere 6.7 Update 2.
- * You can apply limits to Password History and Reuse.
- * Additional SSO events are logged.
- * ESXi certification API improvements.
- * Generating a vCenter Server CSR request is available through the client GUI.
- * vSphere 6.7 Update 2 better handles CPU vulnerabilities through an updated scheduler.
- * NIAP certification is available.
- Performance improvements.
- * Support for 40 & 100Gb Ethernet and RDMA
- * Updated version of Virtual Hardware 15 (VM Compatibility):
- * * Up to 256 vCPUs per virtual machine
- * * Up to 6 TB RAM on VM
- * * Support for SAP HANA[7].
2018
VMware vSphere Platinum
On August 31, 2018, it became known that VMware had announced the vSphere Platinum edition.
As noted in VMware, vSphere Platinum is a combination of two products: VMware vSphere Enterprise Plus platforms and solutions. VMware AppDefense This is also a special plugin vCenter for the vSphere Client, which implements their pairing (it is called vCenter Server plugin for vSphere Platinum). This gives administrators access to AppDefense functionality through the standard vSphere platform management tools.
The essence of AppDefense technology is that it studies the normal behavior of the operating system and applications under normal conditions, the user defines this state as "normal," and in case of deviations from this state, notifies the administrator about it and automatically takes some steps to protect the environment.
The main AppDefense interface is for security administrators, but the vCenter plugin for AppDefense is more aimed at vSphere administrators. It allows you to map AppDefense data, such as processes and threats, to virtual machines and networks where they are relevant. A vSphere administrator can interact with a security administrator who works with the AppDefense console to identify and resolve security threats in the virtual infrastructure.
As a result, as the developer noted, vSphere Platinum contains the following components and support technologies: safety
- VMware AppDefense solution.
- FIPS 140-2 data protection through VM encryption and Encrypted vMotion encryption.
- Secure Boot for ESXi technology - prevents foreign components from operating at the hypervisor level.
- Secure Boot for Virtual Machines - prevents unauthorized changes to virtual machines.
- Support for TPM 2.0 for ESXi - Checks the integrity of the hypervisor at boot time and provides remote host qualification functionality.
- Virtual TPM 2.0 devices - Provides security features for guest operating systems, and all operating capabilities (such as vMotion or disaster recovery) remain available.
- Support for Microsoft Virtualization Based Security for Windows 10 and Windows 2016, including Credential Guard capabilities on the vSphere platform.
- Audit Quality Logging - provides administrators with a high degree of detail when analyzing operations in vSphere.
vSphere Platinum download availability will be announced at a later date.[8]
VMware vSphere 6.7 Update 1
On August 28, 2018, it became known that the company VMware presented the announcement of server virtualizations the VMware vSphere 6.7 Update 1 platform.
1. Full-featured HTML5-based VMware vSphere Client.
VMware has released a full version of vSphere Client based on HTML5 technology, which replaces the outdated vSphere Web Client. Now all operations can be done through one convenient and fast client.
The HTML5 client now includes not only all old workflows, but also updated features such as simplified vCenter HA fault tolerance (VCHA) and vSphere Update Manager (VUM) features. There were several workflows that did the same, as well as improved functions for working with the Content Library, advanced search appeared, easier setting up planned tasks and top-N graphics appeared.
2. vCenter Server Converge Tool.
This utility allows you to play an external Platform Services Controller (PSC) server on an easy-to-manage embedded PSC. The problem was that users previously used an external PSC as it supported Enhanced Linked Mode (ELM). And despite the fact that the implemented PSC began to support ELM back in vSphere 6.7 and vSphere 6.5 Update 2, many users from previous versions still support a comprehensive infrastructure of external PSCs with replication between sites.
The vCenter Server Converge Tool installs the embedded PSC on the vCenter Server Appliance (vCSA), and then establishes a replication channel with the remaining external PSCs. After this procedure takes place at all sites, you can disable external PSCs, and the built-in vCenter HA mechanism will itself be configured to work with implemented PSCs.
The vCenter Server Converge Tool runs from the command line and comes with the vCSA installer. It can be run in OCWindows, macOS and Linux, and it is configured through a JSON file.
vCenter Server with embedded PSC can be redirected to another vSphere SSO domain. Previously, this was done only for external SSOs, and now available for vCSA.
3. vSAN version and HCI enhancements.
The vSAN version introduces the Cluster Quickstart function, which allows you to initialize a cluster, add hosts to it and roll an identical configuration on them. It includes configuration of HA and DRS mechanisms, Enhanced vMotion Compatibility (EVC), vSAN datastors and networking, including Virtual Distributed Switch (VDS).
Workflow can also be used to add additional ESXi host servers to the cluster, as well as to validate it.
There is integration an I/O controller microcode with vSphere Update Manager (VUM), which uses the update utility drivers from the server vendor.
4. Content Library enhancements.
OVA templates can be imported from an HTTPS source or from local storage. The contents of OVA packets can be synchronized between multiple vCSA servers. Content Library processes certificates and manifest files included in OVA packages in accordance with best security practices.
Content Library natively supports the format of VMTX templates and associates operations with them, such as deploying VMs directly from the Content Library.
5. vMotion for NVIDIA Quadro vDWS cards and Intel FPGA support.
NVIDIA Quadro vDWS technology (formerly called GRID) for vGPU is supported by vSphere 6.7 Update 1.
VMware has announced support for the Intel Programmable Acceleration Card with Intel Arria 10 GX FPGA technology. This technology allows direct hardware access with VMware DirectPath I/O via Intel Acceleration Stack for Intel Xeon CPUs with FPGA.
VMware vSphere 6.7
On June 14, 2018, Vmware released a document revealing the highlights of the performance improvement of VMware vSphere 6.7 compared to the previous version - What's New in Performance - VMware vSphere 6.7.
As noted in VMware, the document discusses several main improvements that have been made to the platform:
- 2 times more vCenter operations per second than vCenter 6.5.
- vCenter uses 3 times less memory for the main vpxd process.
- Reduce the time for DRS-related operations by up to 3 times (for example, starting a virtual machine).
- Improve Virtualization Based Security performance.
- Support for 1 GB Large Memory Pages.
- vmxnet3 v4 driver improvements in terms of RSS mechanisms (28-146% improvement in the number of packets received per second) and VXLAN/Geneve Offload (up to 415% improvement in channel bandwidth under some conditions).
- Support for Persistent Memory services. With vSphere Persistent Memory technology, users can use special hardware modules from Dell-EMC and HPE (DRAM NVDIMM) that can use high-performance storage systems with a large number of IOPSs or provide their capabilities to guest systems as non-volatile memory, VMware noted.
- The rate at which virtual machines create Instant Clones compared to the rate at which linked clones are created.[9]
2017: VMware vSphere Update 1 for version 6.5
On July 30, 2017, VMware announced VMware vSphere 6.5 Update 1.
VMware vSphere 6.5 Update 1 has:
- vSphere Client supports 90% of workflows. The latest release of vSphere Client based on HTML5 technology supports almost all workflows, excluding some infrequently used operations. Virtual Distributed Switch (VDS) operations are fully supported.
- The vCenter Server Foundation supports four ESXi hosts instead of three.
- Advanced support for third-party components. VMware has worked with major partners whose solutions complement the vSphere infrastructure and has developed an approach that will avoid compatibility problems between different versions of the platform in the future with components such as Security Key Management, Proactive HA, etc.
- Enhanced support for vSphere 6.5 General Support. VMware decided to expand support for the vSphere 6.5 platform to 5 years - it will end on November 15, 2021.
- Upgrade to vSphere 6.5 U1 with vSphere 6.0 U3. VMware supports the workflow to upgrade the latest version of the previous generation vSphere 6.0 U3 to the current version of vSphere 6.5 Update 1. There is no need for an interim upgrade to vSphere 6.5.
- Driver updates. Device drivers as part of the ESXi 6.5 Update 1 hypervisor:
- Cavium qlnativefc driver
- VMware nvme driver
- * Intel i40en driver with Lewisburg 10G NIC Support
- * Intel ne1000 driver with Lewisburg 1G NIC Support
- * Intel igbn driver
- Intel ixgben driver
- * Broadcom ntg3 driver
- Improvements in vCenter highs. Now vCenter has the following maximum supported parameters (vSphere Domains are SSO domains):
- Maximum vCenter Servers per vSphere Domain: 15 (было 10)
- Maximum ESXi Hosts per vSphere Domain: 5000 (было 4000)
- Maximum Powered On VMs per vSphere Domain: 50,000 (было 30,000)
- Maximum Registered VMs per vSphere Domain: 70,000 (было 50,000)
- Other changes to vCenter.
- vCenter Server Appliance Installer Interface (vCSA) is available for Microsoft Windows 2012 x64, Microsoft Windows 2012 R2 x64, Microsoft Windows 2016 x64 macOS , and Sierra.
- TcServer replaced with Tomcat 8.5.8.
- Support for guest customization OS Ubuntu 17.04.
- Ability to use vSphere Update Manager to upgrade vSAN clusters 6.6.1.
- Support for external DBMSicrosoft SQL Server 2016, Microsoft SQL Server 2016 SP1, and Microsoft SQL Server 2014 SP2.
This is the latest release to support third-party virtual distributed switches such as IBM DVS 5000v, HPE 5900v, or Cisco Nexus 1000v. In the next release, they cannot be used.
2016
VMware vSphere 6.5
On October 18, 2016, VMware announced a version of the VMware vSphere 6.5 virtualization server platform.
Features of this version:
- VM Encryption.
- This VM encryption is based on the AES-NI algorithm, keys are managed according to the KMIP 1.1 standard. Not only virtual disks are encrypted, but also VMX configuration files, snapshot files and all other file objects related to the virtual machine[10] has been[10].
- Encryption of VM hot migration traffic (vMotion Encryption).
- The feature is implemented in VMware vSphere 6.5. Encryption is enabled at the level of a separate VM, and 256-bit encryption keys are used to transfer data at the time of synchronization. It is disabled by default and can be enabled for unencrypted VMs, but for encrypted VMs it is used without fail.
- Support for Secure Boot.
- Now, when loading, UEFI firmware validates the digital signature of the VMkernel kernel in accordance with the certificate stored in the firmware. This does not allow foreign software to modify the hypervisor kernel, the same applies to packages in VIB format, which now also use this mechanism for validating a digital signature after installation. The Secure Boot mechanism now works for virtual machines (Windows and Linux).
- Enhanced Logging.
- ESXi logs were designed to solve problems, but did not focus on security and fixing IT operations. Now this mechanism has been redesigned - it has become event-oriented. That is, if an event occurs, for example, the configuration of the virtual machine changes, this will be reflected in the log. In addition, if you move a VM from a virtual PCI-vSwitch (protected) to a Non-PCI-vSwitch (unprotected), it will be in the log, which will help in ensuring security. VMware Log Insight will now provide more detailed and structured information from the logs.
- Automate VM lifecycle management.
- In vSphere 6.5, VMware Update Manager (VUM) is fully integrated with VMware vCenter Server Appliance and fully supports all patch and update operations. Also, VMware Host Profiles functions appeared in the vSphere Web Client, the interface has been redesigned for them. Host Profiles has the ability to easily copy profiles to other configurations via a CSV file in which you can specify host group profiles. Also, denser integration with DRS allows you to automate the alignment of hosts with the desired configuration using Maintenance Mode. The Auto Deploy mechanism has been improved - it now has a full-fledged graphical interface and is integrated with the Web Client. Now you do not need to use PowerCLI to define rules for deploying new ESXi hosts. Auto Deploy is also integrated with VMware HA and now supports UEFI hardware.
- Proactive HA Features
- In collaboration with hardware vendors, VMware has developed a mechanism to proactively detect an imminent host failure from hardware sensors. If an early failure is detected, the host is placed in Quarantine Mode. In this mode, machines do not migrate to it through the DRS mechanism, which is trying, at the same time, to remove working VMs from the problem host.
- vSphere HA Orchestrated Restart function.
- VMware HA now allows you to consider service relationships in virtual machines when they restart in the event of a failure based on defined VM-to-VM dependency rules by recovery priority.
- Simplified HA Admission Control
- Previously, not everyone could understand how HA Admission Control works. Now the administrator must define only the host failures to tolerance (FTT) parameter - that is, how many host failures the virtual infrastructure must survive with a margin of computing capacity. You can also specify the percentage of resource drops allowed when ESXi hosts fail.
- Fault Tolerance (FT) Improvements
- Now DRS is more tightly integrated with FT - when deciding on the placement of FT machines, host bandwidth over the network is taken into account, which is critical for such VMs. The Fault Tolerance mechanism itself has been improved in terms of optimizing channel use. Now Fault Tolerance can use several physical interfaces for FT Logging at once (as before vMotion). You can now freely apply multiple adapters to the FT if all this traffic does not fit into one NIC.
- DRS Advanced Options
- There are three options for advanced settings of the DRS mechanism:
- VM Distribution - this setting establishes a uniform distribution of VMs by the number in the cluster (for high availability purposes, so that many machines of the same host do not go offline at once).
- Memory Metric for Load Balancing - by default, DRS adds 25% to the active VM memory when calculating the required resources. Here you can set the parameter consumed memory instead of active memory.
- CPU over-commitment - this option allows you to overlap the vCPU: pCPU ratio in the cluster.
- Network-Aware DRS Features
- Now DRS does not migrate or place VMs on hosts where the utilization of network resources exceeds 80%. Previously, DRS did not control what was happening on ESXi hosts using physical applinks.
- SIOC and SPBM integration.
- Storage IO Control now works using Storage Policies and vSphere APIs for IO Filtering (VAIO) based IO limits. Through the Storage Based Policy Management (SPBM) framework, administrators can define thresholds for IOPS and storage policy and assign them to a virtual machine:
- Content Library Enhancements
- Now you can mount the ISO image and roll the customization profile directly from the Content Library.
- Developer and Administrator Interface Enhancements
- The Explorer API has appeared, through which it is convenient to learn about the vSphere REST APIs functions for solving any administrative tasks or development.
- The PowerCLI engine is now fully modular. ESXCLI, which is part of the vCLI interfaces, has received many commands, supports iSCSI VSAN functions, and has many other improvements.
The Datacenter CLI (DCLI) interface has appeared, which can call the vSphere REST APIs:
- vSphere with Operations Management (vSOM) enhancements.
- vRealize Operations Manager (vROps) updated to version 6.4, with multiple dashboards (Operations Overview, Capacity Overview, and Troubleshoot a VM) and analysis tools. Log Insight 4.0 announced.
- vCenter Server Appliance enhancements.
- Now vCSA has the capability to:
- * Migration function
- * Enhanced Virtual Module Management
- * Integrated VMware Update Manager
- * Native High Availability Features for vCenter Availability
- * Built-in vCSA backup and recovery mechanisms
- Modified vSphere Web Client.
- vSphere Client.
- Thin customer will soon replace thick C# customer. It is fully supported for vSphere 6.5, but does not have the full functionality required to manage the vSphere platform and all of its components.
Changing the Licensing Model
On February 10, 2016, VMware announced licensing changes that will take effect in the VMware vSphere product line from June 30, 2016[11].
vSphere Enterprise is being discontinued and two editions of the product will remain - vSphere Standard and vSphere Enterprise Plus. Developers define this as simplifying licensing. VMware vSphere with Operations Management licenses will only be available for the Enterprise Plus edition. Three products remain:
- VMware vSphere Standard
- VMware vSphere Enterprise Plus
- VMware vSphere with Operations Management Enterprise Plus
All VMware vCenter Server Standard users (active and new) will receive free licenses for 25 copies of vRealize Log Insight for vCenter Server. Operating systems At the same time, log monitoring will be limited to VMware vCenter Server, VMware vSphere and VMware vRealize Log Insight content packs.
VMware vSphere 6.0 Update 1b
On January 11, 2016, the company VMware announced the release of virtualizations the VMware vSphere 6.0 Update 1b server platform update, including the and updates. vCenter ESXi
There are few upgraded features, however, the company recommends updating vSphere components due to critical security updates.
Changes to VMware vCenter Server 6.0 Update 1b
- Supports the URL-based patching update method using a zip package.
- User settings for Client Integration Plugin or the VMware-csd guard dialog box in vSphere Web Client can be overridden.
- vSphere 6.0 Update 1b includes support for TLS versions 1.1 and 1.2 for most vSphere components without compromising compatibility with previous versions. Components that still only support TLS version 1.0:
- vSphere Client
- Virtual SAN Observer on vCenter Server Appliance (vCSA)
- Syslog on vCSA server
- Auto Deploy на vCSA
- Auto Deploy на iPXE
You can read more about supporting TLS protocols in KB 2136185.
- The certificate manager utility now automatically calls the updateExtensionCertInVC.py script to update certificate stores that are not based on the VMware Endpoint Certificate Store (VECS).
- Many bug fixes.
Add-ons in VMware ESXi 6.0 Update 1b
- Support for TLS versions 1.1 and 1.2 for most components without disrupting compatibility with previous versions.
- Support for Advanced Encryption Standard (AES) with a key length of 128/256 bits for authentication via NFS 4.1 Client.
- Bug fixes.
2015
VMware vSphere 6.0
On February 2, 2015, VMware announced the new vSphere 6 virtualization platform. The update presented turned out to be the largest in the history of the product.[12]
VMware vSphere 6 is a platform for creating a cloud computing infrastructure that is highly available, secure, and scalable.
The product has received over 650 new features, many of which are focused on improving scalability and support for various application workloads, including Hadoop-based analytics tools, as well as applications running in Oracle Database, Microsoft SQL Server and SAP HANA.
To accelerate workloads, the manufacturer added the Long-Distance vMotion function, which implements Zero Downtime during long-distance workloads migration due to the continuous availability of larger virtual machines equipped with up to four virtual processors.
Commenting on the release of vSphere 6, VMware CEO Pat Gelsinger said the company is committed to ensuring that any application can function on any device.
VMware also introduced new software-defined storage, Virtual SAN 6.0, which has become more efficient and scalable than version 5.5. In particular, the number of hosts in the cluster doubled to 64, and the number of I/O operations per second (IOPS) when working on the cluster also doubled.
VMware Virtual SAN 6 and vSphere 6 will hit the commercial market in the first quarter of 2015. Virtual SAN will cost $2,495 per processor, and Virtual SAN for Desktop will cost $50 per user. The price of vSphere 6 will start at $995 per processor.
New opportunities
New in this version[13]:
1. Fault Tolerance technology supports up to four virtual machine processors (4 vCPUs).
Now VMware Fault Tolerance continuous availability technology will support virtual machines with 4 vCPUs and up to 64 GB of memory.
Previously, the FT used the Record-Replay mechanism using vLockstep technology, which reproduced the instructions of the main machine on the standby. Now the Fast Checking technique is used, which allows you to organize the execution of a stream of instructions at the same time on both machines. If, for any reason, the network connection between the machines slows down, the main machine also starts to work slower.
At the same time, VMware Fault Tolerance can now be configured for the enabled virtual machine. However, the following limitations remain:
- On an ESXi host, you can have up to 4 machines protected by FT technology, while in total up to 8 vCPUs can be protected. Note that these maximums apply in total to the Primary and Secondary virtual machines located on this host.
- A 10 Gb adapter is required. It will be possible to divide it between different types of traffic using NetIOC.
- You cannot use hot add CPU or memory for such machines (Hot Add).
- If several vCPUs are affected by FT technology, Storage vMotion is not supported for such machines.
- In addition, the SMP-FT technique does not support things like vCloud Director, vSphere Replication, VSAN/vVols, and vFlash.
At the same time, VMware vMotion is fully supported for such machines, and they (as before) are protected by a VMware HA cluster - if something happens to one of the machines, then a replica is restarted on another host, which is already becoming Secondary VM.
In addition, you need to understand that SMP-FT will cause a drop in the performance of the guest OS, according to VMware estimates - this is about 10-30% depending on the load.
Good news - multiprocessor FT will support virtual machine snapshots, which means you can back them up with Veeam Backup and Replication or any other tool that supports vStorage APIs for Data Protection.
2. Improvements in long distance vMotion hot migration of virtual machines.
Now the running virtual machine can be moved over distances where RTT (Round Trip Time) in the channel reaches 100 ms (unofficially supported 150 ms). This is 10 times more than it was before.
And this is a distance of up to 3000 kilometers (!). Now data center managers are opening up very interesting strategies for use options such as Follow the sun (machines work where people work) and Follow the moon (machines work at night when electricity is cheaper).
In addition, the following improvements in vMotion technology have appeared.
- vMotion between different vCenter servers (need a network at 250 Mbps). This is done through VMware Network File Copy (NFC).
- Routed vMotion traffic (finally).
- vMotion between vSwitch virtual switches, as well as Virtual Distributed Switch (VDS), VSS to VSS, VSS to VDS, VDS to VDS modes are supported (but VDS to VSS is not allowed).
- with VMware NSX, the network settings of machines can be moved hot even if long distance vMotion is used.
4. Improved performance and new vSphere Web Client capabilities.
There are not many details here yet: content libraries (versions of machines, templates) and publish and subscribe functions for them will appear. Performance will also be significantly improved and response will be reduced for various operations.
5. Virtual Volumes technology.
All this comes within the framework of the concept of creating a converged infrastructure and developing the Software-Defined-Datacenter paradigm.
Three main elements are used here:
- Vendor Provider (VP) is a storage manufacturer plugin that supports VVols via VASA API version 2.0.
- Storage Containers (SCs) are containers on a disk array that pack the VMDKs of each machine. This is an operable unit from both the storage system and the VMware vSphere platform.
- Protocol Endpoints (PE) are policy-based volume management tools provided to administrators. They will no longer have LUN concepts and mount points. It will just be VVol, which can be tied and unlinked from ESXi/vCenter servers.
6. Virtual Datacenters technology.
The concept of virtual data centers combines a pool of computing clusters, storage clusters, and policies that cover them. That is, it is such a large resource container that has the beginnings of intelligence: it decides in which cluster to place a virtual machine and on which storage to place virtual disks so that it corresponds to certain policies.
In fact, this is another level of abstraction for large infrastructures in which you can operate with such large objects from several clusters of servers and storage.
7. New highs for ESXi hosts.
We are promised the following parameters:
- 320+ pCPU
- 4+ TB Mem
- 4096+ vCPUs
- 32+ Nodes/Cluster
- 62TB+ VMDKs
2014
VMware vSphere 5.5 Update 1
On March 11, 2014, VMware announced the release of VMware vSphere 5.5 Update 1, which supports VSAN.
In addition to VMware VSAN support, VMware vSphere 5.5 Update 1 platform:
- The vCloud Hybrid Service client plugin is now available in the vSphere Web Client.
- vCenter Server is now fully supported on Windows Server 2012 R2.
- Fixed multiple errors.
As part of vSphere, the following components have been updated to new versions:
- vSphere Replication 5.5.1
- vSphere Data Protection 5.5.6
- VMware vCenter Orchestrator appliance 5.5.1
For ESXi and vCenter, the update from the previous version is cumulative, previous patches were included in 5.5.
Excluding Transparent Page Sharing (TPS)
On October 16, 2014, VMware announced in the article "Security considerations and disallowing inter-Virtual Machine Transparent Page Sharing," which stated that in future releases of the VMware vSphere virtualization platform, TPS functions will be disabled by default (although available).
TPS is a mechanism for finding and deleting duplicate memory pages to save physical RAM space (instead of a duplicate page, a link to it is stored in memory).
The technology lost its relevance along with the start of using large memory pages.
This is largely due to the fact that TPS (in addition to the negative impact on host performance) is a potential source of problems related to unauthorized access to RAM data.
TPS will be disabled in VMware vSphere:
- ESXi 5.5 Update release – Q1 2015
- ESXi 5.1 Update release – Q4 2014
- ESXi 5.0 Update release – Q1 2015
- VMware ESX 6.x and later.
2013
VMware vSphere 5.0 Update 3
On October 17, 2013, VMware released a service release of VMware vSphere 5.0 Update 3.
It includes the following possibilities:
- New Guest OS Support
- Added support for Microsoft SQL Server 2012 Service Pack 1 database
- Lots of fixes.
VMware vSphere 5.1
- Support for Fault Tolerance continuous availability cluster technology for virtual machines with multiple virtual processors (vCPUs).
- Loading hosts via Fibre Channel over Ethernet (FCoE) adapters.
- Supports virtualized Active Directory domain controllers. Windows Server 8, which runs in a virtual machine, is actually aware that it works in VM. This means that creating and deleting a snapshot of such a machine will not lead to AD problems with the Update Sequence Number (USN) of the controller. Earlier, when restoring from a snapshot, replication of directory data could stop due to USN problems. Microsoft has now added Generation ID technology, which allows the virtual domain controller to know if the latest version of the directory is being used by it. This solves replication problems when rolling back to snapshots, and also makes it possible to clone virtual machines with domain controllers. Accordingly, this feature will support vSphere 5.1.
Larger Virtual Machines - Support for up to 64 virtual processors (vCPUs) in a virtual machine (2 times more than in vSphere 5.0). In addition, (since version 5.0), the virtual machine can have up to 1 TB of RAM (vRAM).
New virtual machine format - vSphere 5.1 has the ninth generation of virtual hardware (Virtual Hardware version 9), which supports new computing characteristics. There is also support for CPU performance counters and virtual shared graphics acceleration.
- Extended Guest OS and CPU Support - full support for Windows Server 2012 and Windows 8 operating systems, as well as the latest AMD Piledriver and Intel Ivy Bridge and Sandy Bridge series processors.
- Hardware-Accelerated 3D Graphics Support - support for virtual graphics modules (vGPUs) in a virtual machine. First of all, this is necessary for virtual View PCs VMware that can use the graphics capabilities of the NVIDIA VGX platform. We have already written about this here.
- Improved CPU Virtualization - VMware vSphere 5.1 has the ability to "inject" more physical CPU functions into the virtual machine.
- Flexible, space-efficient storage for virtual desktop infrastructure (VDI) - a new format of virtual disks Flexible Space Efficiency (Flex-SE aka SE sparse disk), which allows you to find the optimal ratio between disk space consumption and storage load due to the size of the unit allocated to the disk, as well as the way to manage these units. In addition, it became possible to return remote and unused blocks of the virtual disk (in the guest OS) to the storage system. This is especially true for VDI installations, which often use thin (that is, growing as data is filled) disks for virtual PCs built on the basis of the basic VM image.
VMware vSphere 5.1 certified by FSTEC of Russia
Certified Information Systems announced on July 18, 2013 the certification of the VMware vSphere 5.1 FSTEC software solution in Russia.
The Certificate of Conformity of the FSTEC of Russia No. 2900 dated June 13, 2013 certifies that the VMware vSphere 5.1 software package, as amended by Standard, Enterprise, Enterprise Plus, developed by VMware and manufactured by Certified Information Systems LLC, is a general-purpose software with built-in means of protection against unauthorized access to information that does not contain information constituting state secrets.
VMware vSphere 5.1 combines the most robust and widely used virtualization platform and best-in-class management tools. The software package includes an enterprise-level VMware ESXi software hypervisor designed for server virtualization. They divide physical servers into several virtual machines. In addition, the complex includes VMware vCenter, which is a single management console for all ESXi hosts and virtual machines.
Comparing VMware vSphere 5 Functionality and Microsoft Hyper-V 3.0 Infrastructure (Windows Server 2012 + SC VMM 2012)
In comparison, various aspects of the functionality of both platforms are File:Vmguru-vsphere-5-hyper-v-3-comparison.pdf accounted for, but it does not in any way claim to be complete.
VMware vSphere 5.5.
At VMworld 2013, VMware announced the release of the updated VMware vSphere 5.5 platform, which has become an even more powerful tool for building virtual infrastructures, it became known on August 28, 2013.
Updates affected VMware ESXi, VMware vCenter Server, vSphere Storage, networking.
2011
VMware vSphere 5.0
In July 2011, as part of a live broadcast from USA Paul Maritz, President and CEO of the company, VMware introduced the new VMware vSphere 5 platform and a full suite of cloud infrastructure solutions. VMware also announced the release of 5, VMware vShield 5 VMware vCenter Site Recovery Manager , and 1.5 VMware vCloud Director solutions that offer customers even greater virtualizations asset benefits by moving production processes to the cloud.
VMware's cloud infrastructure suite will help organizations build intelligent virtualized infrastructures that combine highly virtualized environments with automation, self-service, and security capabilities to enable customers to:
- Deploy business-critical applications with confidence-significantly increasing the performance and scalability of VMware vSphere 5 enables customers to run even the most demanding and mission-critical business applications in virtual and cloud environments.
- Respond faster to business needs with cloud flexibility-VMware's cloud infrastructure suite will dramatically simplify the key stages of infrastructure management - from delivering new resources online to managing current operations intelligently.
- A confident transition to cloud computing - VMware moves computer security (protection) from the traditional physical layer to the virtual application layer. This will allow users to be confident in the protection of their applications and data, regardless of their location or frequency of movement between various private, public or hybrid cloud environments.
A core element of VMware's cloud infrastructure suite is VMware vSphere, the world's most trusted and widely deployed virtualization platform. Designed to meet the broadest range of virtual and cloud infrastructure requirements, VMware vSphere is actively used by large enterprises, small and medium businesses, and cloud service providers. It also serves as the foundation for the growing workplace virtualization market, with a growing number of customers making VMware vSphere the corporate standard for strategic IT development.
Compared to the previous version, VMware vSphere 5 is capable of supporting four times more powerful virtual machines with up to 1 terabyte of memory and up to 32 virtual processors. These virtual machines will be capable of producing more than 1 million I/O operations every second, exceeding the requirements of even the most demanding applications. Combined with the upgraded and simplified High Availability module, these machines will be able to support the most significant business applications for high performance and availability.
The VMware vSphere 5 platform also contains three new elements that expand the ability to manage data center resources. They provide intelligent policy management, supporting an automated, install-and-forget approach to data center resource management and operations such as server commissioning and memory management. Users define policies and set operational parameters, and VMware vSphere 5 does everything else. The new VMware vSphere Auto-Deploy, Profile-Driven Storage and Storage DRS modules will help a client using 1000 virtual machines save up to one year of administrator time.
New Licensing Model Extends Benefits of Technology Consolidation
Introducing VMware vSphere 5, VMware is developing a licensing system for its products. This lays the foundation for a "cloud" cost model based on characteristics such as consumption and value, and not on physical components and power. VMware vSphere 5, as before, will be licensed per processor, but now VMware abandons physical restrictions on the number of processor cores and the amount of physical RAM on the server, replacing all these characteristics with the concept of combined virtual memory or vRAM.
Combined vRAM means the total amount of memory used on all virtual machines in the client environment. Each vSphere 5 license is issued per processor and allows the customer to use a certain amount of vRAM memory that can be distributed between nodes in a vSphere 5 cluster. Thus, a full-fledged cloud model of IT consumption appears. The volume of vRAM can be divided between virtual machines without any restrictions: the client will be able to create both many small (non-resource-intensive) machines and one large (high-performance) one. VMware vSphere enables customers to maximize hardware utilization and achieve unparalleled efficiency through flexible management (allocation) of computing resources, disk subsystems, and network resources. The new licensing model will allow VMware to extrapolate the concept of flexible reallocation of resources - one of the fundamental ideas of cloud computing - from technology to business. Thus, VMware will ensure more efficient use of licenses and achieve the highest results for users.
An unofficial VMware vSphere 5 license configurator is available, allowing you to choose the correct version of vSphere 5 based on the number of processors and the amount of RAM.
2010
VMware vSphere 4.1
In July 2010, the company announced the release of a new version of the VMware vSphere 4.1 platform and the expansion of the suite of solutions for managing virtual infrastructures. The new memory management approach and advanced resource pooling capabilities of operating system VMware vSphere 4.1 accelerate the transformation DPCs of companies and service providers into cloud environments by driving mainstream cloud computing trends.
- The resource pool is doubled, the control power is doubled by three. The new version of VMware vSphere, which is already the most powerful virtualization platform on the market, has significantly improved scalability; due to this, users will be able to accumulate twice as many resources in one pool as before. In addition, VMware vCenter Server now manages up to 10,000 virtual machines - three times as many as the previous release.
- Productivity rose 25%. The price for the application has been reduced. The new VMware vSphere 4.1 memory technology allows you to maintain high system performance even when it is fully loaded. Thus, virtual infrastructures based on vSphere 4.1 will be up to 25% more efficient than systems based on earlier software products. In addition, memory compression technology helps to increase the degree of consolidation, reducing user costs per application - an important criterion for the usefulness of virtualization implementation.
- Virtual machine migration is now five times faster. It is also possible to perform up to eight simultaneous vMotion moves for one server. The increased speed and flexibility of VMware vMotion provides exceptional platform responsiveness and availability.
- New I/O controls for networks and DSS ensure high quality services. VMware vSphere 4.1 offers new management tools that dynamically place storage and network resources on virtual machines according to business priorities. In VMware vSphere, network and DSS I/O technology provides detailed control over how storage and network capabilities are distributed across applications. Administrators can prioritize virtual machines, and the VMware vSphere 4.1 infrastructure will automatically allocate resources according to these settings.
- Improved performance with open integration with DSS environments. The VMware vSphere 4.1 infrastructure supports more operating systems, devices, applications, and their vendors than any other virtualization platform. To increase platform performance and productivity in cloud environments, VMware vSphere 4.1 enables closer integration with VMware DSS partner solutions.
Cost and availability
Different VMware vSphere 4.1 packages have been developed for customers of various sizes: solutions for small and medium businesses from $83 per processor, as well as offers for large companies - for environments with maximum requirements - the cost of the processor in which is $3.495. For more information on VMware vSphere 4.1 versions and prices , see here.
VMware vSphere 4 FSTEC Certification
In November 2010, VMware vSphere 4 received a certificate of compliance with the state standards for information protection of the Russian Federation. This certificate confirms the security of VMware vSphere 4 when designing information systems in government agencies and organizations engaged in the processing of personal data in accordance with the requirements of the Federal Law of the Russian Federation No. 152 "On Personal Data."
Based on the results of certification tests carried out on the basis of the decision of the Federal Service for Technical and Export Control (FSTEKRossia) No. 3046 dated April 29, 2010, the VMware vSphere 4 software package consisting of ESX 4.0 Update 1 and VMware vCenter Server 4.0 Update 1 editions of Essentials, Essentials Plus, Standart, Advanced, Enterprise, Enterprise Plus is a general-purpose software tool with built-in means of protection against unauthorized access to information that does not contain information constituting state secrets. The evaluation object meets the requirements of the guidance document "Computer Tools. Protection against unauthorized access to information. Indicators of protection against unauthorized access to information "according to the 5th class of protection and can be used when creating automated systems up to the 1G security class inclusive, as well as for protecting information in personal data information systems up to the 2nd class inclusive when following the operating instructions given in technical specifications TS 501190-0173-82487552-2010.
"Virtualization has brought many new insights and opportunities to the IT world. However, users continue to be cautious about this platform, explaining that the environment cannot yet provide mechanisms to fully talk about the protection of all its components from unauthorized access. I think that after the completion of the certification process of the VMware vSphere 4 software complex, during which a certificate of its compliance with the requirements of the guidelines of the FSTEC of Russia was obtained, the number of specialists adhering to this point of view will sharply decrease. This document confirms the safety of the product, since all tests were performed by an independent laboratory accredited by the FSTEC of Russia, "says Laptev Andrey, technical director of Certified Information Systems, a supplier of certified software. "The availability of a product certificate allows government agencies and organizations involved in the processing of personal data to use VMware Sphere 4 solutions in the design of information systems and thus apply innovative approaches to the virtualization market that were previously inaccessible to them."
"VMware vSphere has an international EAL4 + Common Criteria certificate, respected by leading security experts, and we were very enthusiastic about the fact that the platform has now been tested and certified by the Federal Service for Technical and Export Control of the Russian Federation. This means that many Russian customers, including those who specialize in personal data processing, will be able to create new generation IT infrastructures based on VMware vSphere and enjoy all the advantages that virtualization provides, - comments Tikhovich Dmitry, CTO of VMware in Russia and the CIS. - VMware has always focused on security. It is enough to recall such developments as the "thin" ESXi hypervisor and the family of products for protecting virtualized VMware vShield infrastructures, information security guides for the vSphere virtualization platform and vCloud Director cloud infrastructures. They have become industry standards and have enabled many companies across industries to build robust and efficient audit systems that fully meet today's information protection requirements. "
vSphere 4 certification was carried out according to the test scheme for samples of products for serial production. The company "Certification Information Systems" has undertaken to prolong the certified status of the software complex. During the validity period of the certificate of compliance, customers will be provided with a certification package including a verified distribution kit, a set of software, operational documentation for the product, documents confirming the certified status of the manufactured product, as well as a subscription to receive certified updates from the closed part of the manufacturer's website.
The certificate of conformity is valid until August 9, 2013.
Notes
- ↑ from being Announced VMware vSphere 8 virtualization platform
- ↑ VMware vSphere + has been released for organizing subscription-based premium clouds
- ↑ What's new in VMware vSphere 7 Update 3 in terms of storage?.
- ↑ A new version of VMware vSphere 7 has been announced - what's new?
- ↑ VMware vSphere 6.5 Update 3 and other product updates released
- ↑ And what's new with VMware vSphere Platinum 6.7 Update 2
- ↑ VMware vSphere 6.7 Update 2 announced - many new features
- ↑ VMware vSphere Platinum virtualization platform announced - what is it?
- ↑ New document - What's New in Performance - VMware vSphere 6.7.
- ↑ 10,0 10,1 [http://www.vmgu.ru/news/vmware-vsphere-65 A new version of the VMware vSphere 6.5 virtualization platform
- ↑ VMware vSphere licensing changes from June 30, 2016
- ↑ VMware's hybrid cloud roadmap takes direction with vSphere 6, Nvidia collaboration
- ↑ New features of VMware vSphere 6 - news with VMworld 2014