Mastering VMware vSphere 6.7 - Second Edition

4.7 (3 reviews total)
By Martin Gavanda , Andrea Mauro , Paolo Valsecchi and 1 more
  • Instant online access to over 7,500+ books and videos
  • Constantly updated with 100+ new titles each month
  • Breadth and depth in over 1,000+ technologies
  1. Evolution to vSphere 6.7

About this book

vSphere 6.7 is the latest release of VMware’s industry-leading, virtual cloud platform. It allows organisations to move to hybrid cloud computing by enabling them to run, manage, connect and secure applications in a common operating environment.

This up-to-date, 2nd edition provides complete coverage of vSphere 6.7. Complete with step-by-step explanations of essential concepts, practical examples and self-assessment questions, you will begin with an overview of the products, solutions and features of the vSphere 6.7 suite.

You’ll learn how to design and plan a virtual infrastructure and look at the workflow and installation of components. You'll gain insight into best practice configuration, management and security.

By the end the book you'll be able to build your own VMware vSphere lab that can run even the most demanding of workloads.

Publication date:
March 2019
Publisher
Packt
Pages
756
ISBN
9781789613377

 

Chapter 1. Evolution to vSphere 6.7

VMware vSphere 6.7 is the latest version of the most used enterprise virtualization platform. A good understanding of this product and its features is crucial for a successful implementation of the vSphere infrastructure.

In this chapter, we will provide you with a better understanding of the VMware product portfolio, the VMware vision, and the evolution of the product. We will also learn what is new in vSphere 6.7 and introduce the different solutions, features, and editions of vSphere. Furthermore, we will provide tips for choosing the right editions and version of vSphere and choosing when (and when not) to upgrade to vSphere 6.7.

This chapter will cover the following topics:

  • Introduction to VMware vSphere
  • VMware vSphere ecosystem
  • Introduction to VMware Cloud on AWS
  • What's new in VMware vSphere 6.7
  • Reasons for and against upgrading
 

Introduction to VMware vSphere


With more than 500,000 customers globally, VMware remains a proven leader not only in virtualization but also in all technologies related to digital transformation. This year marks 20 years since the creation of VMware by Diane Greene, Mendel Rosenblum, Scott Devine, Ellen Wang, and Edouard Bugnion in 1998.

VMware has always focused on virtualization and its flagship product—VMware vSphere—proves that this was the right choice. The first version of ESXi hypervisor was released in 2001 and the first version of vCenter was then released two years later in 2003.

 

The VMware vSphere suite includes ESXi (the evolution of ESX Server) for the virtualization layer and the vCenter Server for the management layer.

Compute virtualization is only the first step here; to move to a real cloud computing infrastructure, you will not only need to compute resource abstraction (provided by virtualization) but also operation automation and agility (both of these are only partially obtainable through virtualization). Finally, this approach should not only be applied to the compute virtualization but also to the other resources, such as storage, networking, and security.

Today, VMware products can be used to fulfill this vision. There are three infrastructure pillars that VMware virtualizes:

  • Compute resources—VMware vSphere
  • Storage resources—VMware vSAN
  • Network resources—VMware NSX

Together, these products build a unified platform for delivering any service with unmatched performance.

In this book, we are focusing primarily on VMware vSphere, but we will also touch on vSAN and NSX. However, this won't be covered in too much detail, as we will mainly look at compute virtualization using VMware vSphere.

"VMware is helping our customers and partners to achieve unlimited possibilities, while a shift to the digital is accelerating a technology supply to invent new products, deliver new services and find new ways to work and grow a business. Our solutions enable a business to build precisely what is needed in the way it is needed for today and tomorrow."

– Pat Gelsinger, VMware CEO

The digital transformation journey has four IT priorities that VMware focuses on:

  • Modernizing data centers: Software-defined data center architecture to modernize existing data centers painlessly and automation to run enterprise and cloud-native workloads.
  • Integrating public clouds: Provides extra agility and cross-cloud architecture. Cloud freedom brings a choice, and you can easily extend your on-premises infrastructure to include any vSphere-based-public cloud.

 

 

  • Empowering the digital workspace: Introduces an exceptional mobile experience by providing users with a secure and digital workspace. VMware delivers virtualized applications and offers the ability to manage apps, access, and endpoints securely.
  • Transforming security: This transformative approach to security delivers secure infrastructure, networks and applications, data, and access from end to end, securing on-premises data centers through a cloud connected to the endpoint and device.

vSphere strategy – the foundation of your unified hybrid cloud

“The Software-Defined datacenter is VMware technology architecture for building a data center where all infrastructure is virtualized, and control of the data center is fully automated with software.”

– June Yang, VMware Sr. Director for vSphere

Based on this strategy, there are three key pillars that VMware follows:

  • Continuous innovation and integration of vSphere core components: A software-defined data center is more scalable, provides better performance, and is secure as well as easier to manage and operate.
  • Unified hybrid cloud capabilities: Customers want the choice to run applications on both the private and public cloud. The idea here is to provide the agility and flexibility that is required by a business while enabling the right level of performance, continuity, and security that IT is responsible for delivering.
  • Any application: vSphere is the best platform to run any application from traditional enterprise applications to cloud-native workloads. VMware is very successful when running traditional applications, and now the goal is to extend this to cloud-native workloads as well.

Software-defined data center (SDDC)

In 2012, former VMware CTO Steve Herrod explained this vision with the new concept of the SDDC, where all infrastructure elements (computing, networking, storage, and security) are virtualized and delivered as a service using a cloud computing model:

Virtualization is no longer the final destination of the digital transformation journey; it has become the starting point, an essential requirement, and a foundation for digital businesses. VMware has addressed these needs by extending both its product portfolio and its vision.

Together, VMware vSphere, NSX, and vSAN are unified building blocks which form an SDDC. As we will explain later, this approach incorporates nicely with hyper-converged infrastructure, a physical server that contains not only computer resources but also local storage devices for building software-defined storage. Hyper-converged servers are physical infrastructure blocks for SDDCs.

As an extension to this approach, the Cloud Foundation product can be leveraged. VMware Cloud Foundation is an integrated software platform that automates the deployment and life cycle management of a complete SDDC on a standardized hyper-converged architecture. This can be deployed on-premises on a broad range of supported hardware, or consumed as a service in the public cloud (VMware Cloud on AWS or VMware Cloud Providers). 

The following represents a high-level  overview of the VMware Cloud Foundation product:

For more information about VMware Cloud Foundation, feel free to visit the official product brief at https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/datasheet/products/vmware-cloud-foundation-datasheet.pdf.

Virtualization versus containers

Containers and VMs have similar resource isolation and resource allocation benefits, but function differently, because containers do not include the operating system part (or at least not the kernel part of it). Containers are also more lightweight, so they are potentially more portable and efficient.

 

With containers you do not need an underlying operating system for each container but individual Containers are run on the shared Host Operating System through Docker Engine:

Both virtual machine and container approaches have their pros and cons, so there is no winner. Different workloads may require different infrastructure platforms to meet the IT and business requirements or objectives.

In the vSphere 6.5 release, VMware introduced vSphere Integrated Containers (VIC), a platform to bring containers into an existing vSphere environment simply and easily. With VIC, it is possible to deliver an enterprise container infrastructure that provides not only agility for developers (by using the containers) but also full control for vSphere operations teams, where containers can now be managed with the same concepts and skills as standard VMs, without requiring any changes in processes or tools.

VIC are structured into the following components:

  • VIC engine: Docker remote is an API-compatible engine which is deeply integrated into vSphere (6.0, 6.5, 6.7) for instantiating container images that run as VMs, with support for distributing images to remote offices/branch offices.
  • Container management portal: This portal is designed to allow apps teams to manage the container repositories, images, hosts, and running container instances. It provides Role-Based Access Control (RBAC) with support for Lightweight Directory Access Protocol/Active Directory (LDAP/AD).
  • Container Registry: This securely stores container images with built-in RBAC and image replication. The container registry provides vulnerability scanning, content trust with security policies, and also supports third-party registries:

Using VIC, vSphere administrators can provide a full Docker-compatible interface to their developers, using the existing vSphere infrastructure with native capabilities and features, including VMware NSX for security and VMware vSAN for storage. The new version 1.2 (released in September 2017) adds a native Docker container host from a unified management portal.

A second product that focuses on containers is the Pivotal Container Service (PKS). In contrast to VIC, PKS focuses on multi-cloud deployments where you can natively run your containerized applications using a Kubernetes engine. Kubernetes is an orchestration platform for running Docker containers, but compared to Docker Swarm, it provides more functionality.

With PKS, you can efficiently manage one homogeneous environment, providing the same compute, network, or storage capabilities for your containerized workloads in multi-cloud environments.

 

 

PKS is structured into the following different components:

  • PKS Control Plane: This is a critical component of the PKS infrastructure that is responsible for self-service access, life cycle and on-demand deployment of the Kubernetes clusters. Using APIs, the requests are sent to BOSH, which is responsible for the automation itself.
  • Kubernetes: Kubernetes is an open source, portable, extensible orchestration framework for managing containerized workloads and services. Applications are run within Kubernetes clusters, providing optimized resource access and maintaining a consistent application state within clusters.
  • BOSH: This is an open source tool for maintaining large-scale distributed deployments. Using BOSH, you can deploy applications to many Infrastructure as a Service solutions from supported partners to on-premises infrastructure. BOSH allows interconnection with OpenStack, VMware vSphere, AWS, Microsoft Azure, or Google Cloud Platform (GCP).
  • VMware NSX-T: This is a network virtualization tool from VMware that can be deployed not only within VMware vSphere but also within other hypervisors. NSX provides sophisticated network functions from layer 2 up to layer 7. This includes micro-segmentation, load balancing, or transparent L2 bridging, for example.
  • Project Harbor: This is an open source tool that acts as a centralized cloud registry for your application images as well as  providing RBAC to your users using LDAP or AD integration.

Here is an overview of the components of PKS:

 

 

VMware vSphere ecosystem


As well as the well-known vSphere product line, VMware has plenty of products available today. Let's have a look at the different segments that VMware currently covers.

Data centers and cloud computing

VMware vSphere is a flagship in VMware's portfolio. However, there has been a rise in popularity of other products, as enterprise companies already broadly adopted VMware vSphere as a virtualization platform.

VMware vSphere has been around for more than 15 years now (the first version of a vCenter server with vMotion was released in 2003), yet with every new release, there are significant improvements.

Gartner named VMware as a leader in x86 virtualization Gartner's Magic Quadrant (MQ) many times, proving that this technology was broadly adopted by enterprise companies as well as honoring VMware's clear vision of the product itself.

There is not much more to say here except that VMware vSphere was, is, and will always be one of the most commonly deployed and trusted platforms for data center and cloud computing.

Storage and availability

Storage and availability products focus on the improved reliability of your storage subsystem and the overall uptime of your data center, utilizing business recovery and disaster recovery avoidance technologies.

In storage and availability, you can find two major products:

  • VMware vSAN: This is an implementation of hyper-converged, software-defined storage. With this approach, you can utilize your local storage in your ESXi servers and form a uniform storage resource that is used as your shared storage. Together with VMware, vSphere, and VMware NSX-V, vSAN forms an SDDC:
  • VMware Site Recovery Manager (SRM): This is an orchestrator to simplify the site disaster recovery plan in a single-click procedure, with the capability to test it in safe mode and to handle not only the failover procedures (planned or unplanned), but also failbacks.

Network and security

NSX—a product developed based on technology acquired from Nicira, enables the creation of entire networks in software. NSX is integrated with the distributed vSwitch and thus runs directly on the ESXi hypervisor. Using this approach you can easily abstracted the network functions from the underlying physical hardware.

Any network component that is supported by NSX can be provisioned in minutes, without touching the application or the physical environment:

There are two versions of NSX today:

  • NSX for vSphere (NSX-V): This is tightly integrated with vSphere components requiring both ESXi (used both as a data plane and also for hosting some NFV and VMs used as a control plane) and vCenter. (The NSX manager is paired with this, and the management interface is just an extension of the vSphere Web Client.)
  • NSX Transformers (NSX-T): This is a multi-hypervisor aware SDN stack brought to the likes of vSphere, KVM, OpenStack, Kubernetes, and Docker. NSX-T is designed to address emerging application architectures that have heterogeneous endpoints and technology stacks. One of the primary use cases for NSX-T is providing a network infrastructure for containers. In today's virtualization, we can see that more and more applications are running in environments outside of virtual machines.
  • NSX Cloud: This is an NSX implementation that focuses on public clouds. Using NSX Cloud you can manage both your private datacenter and public cloud as a single network and security entity.
  • AppDefense: Datacenter endpoint security product. AppDefense is focusing on understanding the application logic and behavior rather then hard limits or rules.

End user computing

This product line closely follows VMware's vision ofany application on any device. You can find several products here, but the most important are Workspace ONE and Horizon 7:

  • Workspace ONE: Centralized solution that allows users to access any application on any device no matter where the application is running. With Workspace One you can also unify the access to all company-wide applications utilizing Single-Sign On functions.
  • Horizon 7: Solution that is focusing on delivery of virtualized remote desktops and applications to the users through a centralized platform. 

Cloud management

Today, the biggest struggle in maintaining a unified cloud is centralized management and automation. Although the majority of VMware vSphere day-to-day tasks can be accomplished by vCenter Server itself, for those who are seeking a more advanced management platform, the vRealize product line can be leveraged:

  • vRealize Operations: Delivers continuous performance optimization at a minimal cost, driven by business and operational intent, efficient capacity management and planning, and intelligent remediation. It automates and simplifies IT operations management and provides unified visibility from applications to infrastructure across physical, virtual, and cloud environments.
  • vRealize Automation: Cloud automation platform that accelerates the delivery of IT services through automation and pre-defined policies, providing a high level of agility and flexibility for developers, while maintaining frictionless governance and control for IT teams. 
  • vRealize Network Insight (vRNI): Helps you to build an optimized, highly available and secure network infrastructure across multi-cloud environments. It accelerates micro-segmentation deployment, minimizes business risk during application migration, and enables customers to manage and scale NSX deployments confidently.

 

 

Cloud-native workloads

Container technologies have been used for many years. However, with modern tooling that provides orchestration, scheduling, and massive scalability, containers have gained new interest from enterprises. Combined with DevOps practices, containers are leveraged as part of Continuous Integration/Continuous Deployment (CI/CD) to deliver applications faster, much like web-scale companies. Although application developers are starting to adopt containers and DevOps, taking applications to production often entails a broader set of conditions that involve IT administrators.

Containers do not require virtualization at all because they can run on bare metal. Moreover, you can use different solutions for managing and deploying them.

There are different methods for providing a Containers-as-a-Service (CaaS) solution with different approaches:

  • Using VIC: This is useful if you have containers that you need to put into production and still use your existing production VM monitoring systems to monitor individual containers
  • UsingPKS: This is used for multi-cloud workloads
  • UsingvRealize Automation: This is used to deploy VMs (with Photon OS or CoreOS) that can host multiple containers

VIC is a comprehensive container solution built on VMware's industry-leading virtualization platform, vSphere, which enables customers to run both modern and traditional workloads in production on their existing SDDC infrastructure today with enterprise-grade networking, storage, security, performance, and visibility.

VMware PKS is a Kubernetes-based container solution that integrates advanced networking functions allowing rapid deployment and operations of Kubernetes clusters on both private and public clouds.

 

Introduction to VMware Cloud on AWS


VMware Cloud on AWS is the only hybrid cloud solution that allows VMware vSphere customers to modernize, protect, and scale mission-critical applications leveraging AWS, the world's leading public cloud. With the inclusion of VMware Hybrid Cloud Extension (HCX) in the base offering, VMware has made it extremely easy to migrate applications at scale to VMware Cloud on AWS.

VMware Cloud on AWS provides the performance, availability, and scale required to support the most resource-intensive applications, including Oracle databases, middleware, applications, and Microsoft SQL Server. Running VMware vSphere, vSAN, and NSX on Amazon's EC2 dedicated, elastic, bare-metal infrastructure delivers the predictable, high-performance infrastructure required for these workloads:

Hardware specifications and sizing

The VMware Cloud on AWS's minimum standard configuration contains three hosts. Each host is an Amazon EC2 i3.metal instance. These hosts have dual 2.3 GHz CPUs (custom-built Intel Xeon processor E5-2686 v4 CPU) with 18 cores per socket (36 cores total), 512 GiB RAM, and 14.3 TB raw NVMe storage (3.6 TB cache plus 10.7 TB raw capacity tier).

The minimum size of the cluster is three ESXi hosts, and you can scale up with increments of one unit up to a total supported cluster size, which is 32 ESXi hosts.

Note

For service sizing based on your assumed workloads, you can look at VMware Cloud on AWS Sizer and TCO calculator at https://vmcsizer.vmware.com/home.

 

Physical location

With VMware Cloud on AWS, you can choose where your SDDC will be deployed. Most of the AWS regions are available for VMware Cloud, such as the following:

  • AWS US West
  • AWS US East 
  • AWS GovCloud (US)
  • AWS Europe 
  • AWS Asia Pacific 

Pricing

The overall price of the service is based on a number of ESXi hosts per hour.

VMware Cloud on AWS costs $8.3681/hour per host. The minimum size of the infrastructure is three ESXi hosts.

With a minimum cluster size of three, ESXi hosts give you 108 physical CPU cores at 2.3 GHz, 1,536 GB of memory and 42.9 TB of NVMe Storage for roughly $600 per day. This may sound a bit expensive, but you receive everything as a service without any additional management or licensing costs at all. In addition, with a 1-year subscription, you get a 30% discount and with a 3-year subscription, you get a generous 50% discount.

VMware Cloud on AWS is not only physical hardware—you get a complex service consisting of the following features:

  • vSphere, vSAN, and NSX
  • Multi-cluster, multi-AZ
  • High availability, SLA
  • Term commitment discounts
  • Hybrid loyalty discounts up to 25%
  • $8.3681/hour for each additional host after the first four hosts

Note

You can check current prices as well as an advanced calculator at the following page at https://cloud.vmware.com/vmc-aws/pricing.

Interconnection with on-premises SDDC

You can run all your workloads on VMware Cloud on AWS without having a single server on-premises, but you will likely have existing infrastructure in place. One of the most exciting capabilities of VMware Cloud on AWS is native interconnection with your existing VMware vSphere infrastructure. Using Hybrid Linked Mode (HLM), you can access both your on-premises and cloud-based infrastructure from a single, unified vCenter management portal. Here, you can freely migrate your workloads between those two environments without any disturbance to your services, all thanks to vMotion technology.

Connectivity to native AWS services

VMware Cloud on AWS is directly interconnected with your customers AWS Virtual Private Cloud (VPC) using the Elastic Network Interface (ENI). Thanks to this interconnection, customers can use all essential AWS services directly from virtual machines running within VMware Cloud on AWS. There is no limit regarding AWS services so you can access anything from a broad set of available AWS services such as EC2 instances, Amazon S3 object storage, or Elastic Load Balancing (ELB), using either a public API endpoint or even a private connection.

Certifications

VMware Cloud on AWS has been independently verified to comply with ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC 3, and HIPAA. VMware Cloud on AWS also complies with the General Data Protection Regulation (GDPR).

Note

For more information about VMware Cloud on AWS, feel free to go to https://cloud.vmware.com/vmc-aws/resources.

 

What's new in VMware vSphere 6.7?


In every VMware vSphere edition, there are a lot of new features available, and version 6.7 is no different. VMware vSphere 6.7 was released on April 17 2018, and by the end of 2018 there should be an upcoming U1 release.

At a high level, the new version focuses on the following four main areas of innovation:

  • Simplified and efficient management at scale: There are several improvements in scaling and managing large deployments.
  • Comprehensive built-in security: You should be able to run your workloads anywhere while still offering unmatched security features to your virtual machines.
  • Universal app platform: Following the VMware vision, vSphere 6.7 could be a single platform to support any application on any cloud, as discussed previously.
  • Seamless hybrid cloud experience: This is all about integration with cloud environments, especially, with VMware Cloud on AWS.

 

 

Key features

Let's dive a little bit deeper. At a technical level, the different improvements are as follows:

vSphere Client (HTML-5)

There is not much to say about the new HTML-5 client. Everyone has been waiting for this, and at this stage, more than 95% of the features are fully integrated into the new HTML-5 client.

Note

In the upcoming release of VMware vSphere 6.7U1, everything will be available in the HTML-5 client as stated at https://blogs.vmware.com/vsphere/2018/08/under-the-hood-vsphere-6-7-update-1.html.

 

The HTML-5 interface is much faster than the old Flex client, and from my perspective, it is more intuitive than the old client:

Improved vCenter Server Appliance (vCSA) monitoring

The management of the vCSA has been redesigned (you can access it through a web browser through https://IP or FQDN of VCSA:5480) and there are a whole bunch of improvements.

 

The overall health of all services is visible in the VAMI interface, and you can restart individual services directly from the UI as well as seeing when a particular disk is running out of space:

 

Improved vCenter backup management

Until version 6.7, you had the option to create a manual backup only, but everybody was missing an option to define the backup schedule as well. Of course, it was possible to do that through the CLI and with a bit of scripting, but that was not convenient. However, this is no longer the case. In VMware vSphere 6.7, you can easily define a backup schedule directly from vCSA management interface:

ESXi single-reboot upgrades

A lot of improvements were made regarding an upgrade procedure between major vSphere versions. In the past, there were two reboots. However, since vSphere 6.7, only one reboot has been required during the upgrade. That does not seem like a big thing, but when working with complex infrastructures, this can save a lot of time. Also, please note that when upgrading from VMware vSphere 6.5 to 6.7, you will experience this feature as well. 

ESXi Quick Boot

To keep things simple, Quick Boot is a way of restarting ESXi without going through the physical hardware reboot process. This is the first implementation of this feature, so only a limited subset of physical hardware is supported. So, how does it work? A second ESXi image is created and updated and, when rebooting new ESXi, the image is booted directly instead of doing a full reboot. Again, the purpose here is to save time.

Currently, the following hardware platforms are supported:

  • HPE ProLiant DL360 Gen10 Server
  • HPE ProLiant DL360 Gen9 Server
  • HPE ProLiant DL380 Gen10 Server
  • HPE ProLiant DL380 Gen9 Server
  • Dell R640
  • Dell R630
  • Dell R740
  • Dell R740xd
  • Dell R730
  • Dell R730xd

Note

To check whether or not your system is compatible with Quick Boot, run this command on the ESXi host from the shell: /usr/lib/vmware/loadesx/bin/loadESXCheckCompat.py. You can also have a look at the knowledge base at https://kb.vmware.com/s/article/52477.

 

Support for Remote Direct Memory Access (RDMA)

vSphere 6.7 introduces new protocol support for  RDMA over Converged Ethernet (RoCE) (pronounced rocky) v2, a new software Fiber Channel over Ethernet (FCoE) adapter, and iSCSI Extension for RDMA (iSER). This feature is particularly useful for applications that require extremely low latency and high bandwidth. Please note that when RDMA is used, most of the ESXi network stack is bypassed, and when used in pass-through mode, this also means that vMotion is not available, so this will be useful specifically for scale-out applications with their high-availability mechanisms:

vSphere persistent memory

Persistent memory is a new storage class used for extremely demanding workloads. Persistent memory, also called non-violated DIMM (NVDIMM), provides much higher performance compared to SSDs at lower costs than DRAM. Furthermore, latency is minimal—around 1 microsecond compared to low milliseconds with SSDs. To use vSphere persistent memory, you must use the latest hardware version, 14. The virtual machines can be configured with one NVDIMM controller and a maximum of 64 NVDIMM devices:

 

Virtual Trusted Platform Module (vTPM)

In physical systems, TPM is a chip that securely stores secrets which are used to authenticate the physical platform (PC, server). The secrets can be passwords, private keys, or certificates. The use of TPM is particularly useful for securing a system and ensuring that the data held in it is safe in case of theft, for example.

 

 

 

 

 

 

A vTPM is similar to a physical TPM device, except the cryptographic operations are performed in the vSphere layer. Instead of storing the secrets in a hardware component, they are stored in the .nvram file which is encrypted using VM encryption. vTPM is not dependent on the physical TPM at all so you can leverage this feature even if you do not have a physical TPM device.

TPM 2.0

Since vSphere 5.x, there has been support for TPM 1.2. In vSphere 6.7, VMware introduced support for TPM 2.0. Please note that TPM 2.0 and TPM 1.2 are two entirely different implementations and there is no backward compatibility with these.

Note

If you are running 6.5 on a server with TPM 2.0, you will not see the TPM 2.0 device because there's no support in 6.5 for TPM 2.0. New features in 6.7 do not use the TPM 1.2 device.

The TPM module is used to store the fingerprint of the ESXi image securely. If there is any manipulation of the image, or if it is not correctly signed, the digitally signed fingerprint will not match.

By enabling TPM, you can then ensure that ESXi has booted using only digitally signed code.

Microsoft virtualization-based security (VBS)

Microsoft VBS is a Windows 10 and Windows Server 2016 security feature that enhances security by creating an isolated region of memory called a memory enclave, using the hypervisor capabilities of Windows. This is used to protect critical systems or security assets such as authenticated user credentials with a credential guard.

To leverage VBS in a VM, the virtual machine must be presented with the same hardware as a bare-metal server. The only difference is that the hardware is virtualized. The following requirements must be met:

  • Virtual hardware version 14
  • Nested virtualization enabled
  • Secure boot enabled
  • EFI firmware

 

Here is an overview of Microsoft virtualization-based security:

Per-VM Enhanced vMotion Compatibility (EVC)

EVC is a cluster-level feature which makes it possible to vMotion virtual machines across different generations of a CPU within the cluster by masking CPU features based on your baseline. vSphere 6.7 has taken EVC to the next level. In VMware vSphere 6.7, you can even configure EVC on a per-VM basis so every single virtual machine can have its own EVC configured. The idea here is to be able to freely move your VMs across different environments, particularly to VMware Cloud on AWS:

Hybrid linked mode

This feature allows you to link your on-premises vCenter Single Sign-On (SSO) domain with a vCenter Server located in VMware Cloud on AWS.

The idea here is to be able to access both on-premises and cloud environments from the single vCenter web client as well as to be able to vMotion your workloads between those two environments. You will also have the option to share tags and categories across vCenter Servers as well as finally sharing unified users and groups management:

 

 

Instant Clone

One of the new features in vSphere 6.7 is Instant Clone. This is not exactly a new feature, however. In the past, the technology was referred to as a VMFork; since vSphere 6.7, it has been fully integrated into vSphere itself as the Instant Clone feature. So, what is it? Imagine a situation in which you need to instantly create and customize(new IP addresses, DNS names, and so on) dozens or even hundreds of VMs from a source VM, and you need to customize them as well.

The way that it works internally is similar to snapshot technology, in which the new changes are written to a delta disk, so all the VMs have a similar base disk at the beginning of their life cycle, but individual changes in those VMs are not affecting each other. You can now add memory as well, so you have new VMs running from the same point in time as the source VM. This feature might be particularly useful in CI/CD workflows where you need to test your application on a large number of nodes:

Configuration maximums

In every version of VMware vSphere, there is an increase in configuration maximums. VMware released a new website on which you can compare different versions with each other. Please note that only versions 6.0 and newer are supported here since version 5.5 is no longer officially supported (general support ended September 19, 2018).

Note

You can check different VMware vSphere configuration maximums for different versions at https://configmax.vmware.com/repcomp/compare.

Let us explore the most interesting configuration maximums and the comparison between VMware vSphere 6.7 and previous versions.

Virtual machine hardware 14

Every new version of VMware vSphere brings a new version of the virtual machine virtual hardware. Currently, the most recent version of VM virtual hardware is 14. Some features, like NVDIMM devices, a virtual TPM, or a Microsoft VBS are available only with the newest virtual hardware version.

A complete feature list and corresponding configuration maximums can be found in hardware features, available with virtual machine Compatibility settings.

The following table summarizes some of the maximum numbers for each VM virtual hardware in the different version of vSphere:

Feature 

ESXi 6.7 and later

ESXi 6.5 and later 

ESXi 6.0 and later 

Hardware version

14

13

11

Maximum memory (GB) 

6,128 

6,128 

4,080 

Maximum number of logical processors 

128

128

128

Maximum number of cores (virtual CPUs) per socket 

128

128

128

NVMe Controllers 

4

4

N/A

Maximum video memory (MB) 

128

128

128

Maximum graphics memory (GB) 

2

2

2

PCI passthrough 

16

16

16

Serial ports 

32

32

32

Virtual RDMA 

Y

Y

N/A

NVDIMM controller 

1

N/A

N/A

NVDIMM device 

Y

N/A

N/A

Virtual I/O MMU 

Y

N/A

N/A

Virtual TPM 

Y

N/A

N/A

Microsoft VBS 

Y

N/A

N/A

A few other changes exist in version 14:

  • The maximum number of virtual disks per Paravirtual SCSI (PVSCSI) adapter raised to 64 for a total maximum of 256 disks per VM (60 before)
  • Support for per-VM EVC

As usual, it is always recommended to upgrade to the newest version of VM virtual hardware, but as always, this is not required. There are some reasons not to upgrade, for example, backward ESXi compatibility. It is not recommended to run a mixed environment without having all hosts or clusters on the same version. However, if you want to use any of the new features mentioned here (such as persistent memory or Microsoft VBS) you will have no choice but to upgrade.

Upgrading the VM virtual hardware does require a reboot of the virtual machine, so take this into consideration and plan such a task during the maintenance window.

ESXi 6.7 hypervisors

In vSphere 6.7, the ESXi host limits increased only slightly compared to version 6.5, and new hardware and new devices are now supported. New 50 GbE and 100 GbE network interface cards were also made available in version 6.7.

The following table summarizes the configuration maximums for an ESXi host:

Feature

ESXi 6.7

ESXi 6.5

ESXi 6.0

Logical CPUs per host

768

576

480

Virtual CPUs per host

4,096

4,096

4,096

Virtual CPUs per core

32

32

32

RAM per host

16 TB

12 TB

12 TB

Virtual machines per host

1,024

1,024

1,024

LUNS per host

1,024

512

256

Non-volatile memory per host

1 TB

N/A

N/A

vCenter Server 6.7

There is no change in configuration maximums for the vCenter Server compared to version 6.5. Please keep in mind that vCSA should be your default choice when installing a new vCenter Server and VMware vSphere 6.7 is the last supported version for vCenter Server on Windows. Furthermore, only vCSA will be available:

vCenter Server maximums   

vCenter Server 6.7

vCenter Server 6.0

vCenter Server 6.0

vMotion operations per datastore   

128

128

128

Storage vMotion operations per host   

2

2

2

Storage vMotion operations per datastore   

8

8

8

Non-vMotion provisioning operations per host   

8

8

8

Hosts per vCenter server   

2,000

2,000

2,000

Total number of libraries per VC   

1,000

1,000

20

Powered-on virtual machines per vCenter server   

25,000

25,000

10,000

Total items per library   

1,000

1,000

20

Registered virtual machines per vCenter server   

35,000

35,000

15,000

Linked vCenter servers   

15

15

10

Total content library items per VC (across all libraries)

2,000

2,000

200

Hosts in linked vCenter servers   

5,000

5,000

4 000

Powered-on virtual machines in linked vCenter servers 

50,000

50,000

30,000

Registered virtual machines in linked vCenter servers   

70,000

70,000

50,000

VMware vSphere 6.7 Editions

Different license levels are available from VMware, covering everything from small business to remote office and branch office, all the way up to a standard enterprise license. In each license type, there are usually multiple options available, each covering a different subset of VMware vSphere functionality.

VMware vSphere Editions

VMware vSphere Editions are the key licensing options available. These focus on standard enterprise companies, and the license is assigned to each physical CPU installed. Please note that you always need to buy a license for the vCenter server itself as well.

There are two vCenter Server licenses available:

Product feature

vCenter foundation

vCenter standard

Host manageable

Max four ESXi hosts

Unlimited ESXi hosts

vCenter High Availability (HA)

Not available

Only for the vCSA

vCenter backup and restore

Not available

Only for the vCSA

Linked mode

Not available

Yes

 

vCenter Foundation is a vCenter server that has a limited functionality (although it provides all cluster services, such as VMware HA an Distributed Resource Scheduling (DRS)) as well as the maximum number of supported hosts. vCenter Standard has no limitations at all.

Once you have your vCenter Server, then you need to assign a proper license to your ESXi host, and again, multiple options are available.

In VMware vSphere 6.7 U1 (which was announced during the writing of this book but has not been released yet), the new edition will be available as VMware vSphere Platinum.

VMware vSphere Platinum edition has the same capabilities as Enterprise Plus but with one big advantage—AppDefense.

Note

If you are interested in more information about AppDefense, feel free to have a look at https://www.vmware.com/products/appdefense.html.

 

Let's focus on features you can find in different vSphere editions:

  • Business Continuity and Security: Features focusing on improved availability, enhanced uptime, and advanced security features are as follows:

Product features

VMware vSphere Standard

VMware vSphere Enterprise Plus

VMware vSphere with operations management

VMware vSphere Platinum

vMotion

Cross-vSwitch/Cross- vCenter/Long Distance/Cross-Cloud

Cross-vSwitch/Cross- vCenter/Long Distance/Cross-Cloud

Cross-vSwitch/Cross- vCenter/Long Distance/ Cross-Cloud

Cross-vSwitch/Cross- vCenter/Long Distance/ Cross-Cloud

vSphere HA

Y

Y

Y

Y

Storage vMotion

Y

Y

Y

Y

Fault Tolerance

2-vCPU

8-vCPU

8-vCPU

8-vCPU

vShield Endpoint

Y

Y

Y

Y

vSphere Replication

Y

Y

Y

Y

Support for 4K Native Storage

Y

Y

Y

Y

vSphere Quick Boot

Y

Y

Y

Y

vSphere Single Reboot

Y

Y

Y

Y

vCenter High Availability

vCenter Server Standard

vCenter Server Standard

vCenter Server Standard

vCenter Server Standard

vCenter Backup and Restore

vCenter Server Standard

vCenter Server Standard

vCenter Server Standard

vCenter Server Standard

vCenter Server Appliance Migration Tool

vCenter Server Standard

vCenter Server Standard

vCenter Server Standard

vCenter Server Standard

vCenter Server Appliance Converge Tool

vCenter Server Standard

vCenter Server Standard

vCenter Server Standard

vCenter Server Standard

TPM 2.0 Support and Virtual TPM

Y

Y

Y

Y

FIPS 140-2 Compliance & TLS 1.2 Support as Default

Y

Y

Y

Y

Cross vCenter Encrypted vMotion

Y

Y

Y

Y

Virtual Machine Encryption

Y

Y

Y

Automated Discovery of Application Assets, Intent, and Communication

Y

Contextual Intelligence of Application State

Y

Orchestrated or Automated Responses to Security Threats

Y

Integration with Third-Party Security Operations Tools

Y

  • Resource prioritization and enhanced application performance: Features aimed for improved performance, workload optimization, and application control:

Product features

vSphere Standard

vSphere Enterprise Plus

vSphere with operations management

vSphere Platinum

Virtual Volumes

Y

Y

Y

Y

Storage Policy-Based Management

Y

Y

Y

Y

Distributed Resource Scheduler (DRS) 

Y

Y

Y

Distributed Power Management (DPM)

Y

Y

Y

Storage DRS

Y

Y

Y

Storage I/O Control

Y

Y

Y

Network I/O Control

Y

Y

Y

Single Root I/O Virtualization (SR-IOV) support

Y

Y

Y

vSphere Persistent Memory

Y

Y

Y

NVIDIA GRID vGPU

Y

Y

Y

Proactive HA

Y

Y

Y

Predictive DRS

Y

  • Automated administration and provisioning: Features enabling streamlined operations and automation of the environment:

Product features

vSphere Standard

vSphere Enterprise Plus

vSphere with operations management

vSphere Platinum

Content Library

Y

Y

Y

Y

vCenter Server Appliance Enhanced Linked Mode with Embedded Platform Services Controller

vCenter Server Standard

vCenter Server Standard

vCenter Server Standard

vCenter Server Standard

Storage APIs for Array Integration, Multipathing

Y

Y

Y

Y

Distributed Switch

Y

Y

Y

Host Profiles and Auto Deploy

Y

Y

Y

VMware vSphere Essentials Kits

VMware vSphere Essentials Kits are for small businesses and combine virtualization for up to three physical servers with centralized management using VMware vCenter Server® for Essentials. vCenter Server for Essentials has a similar capability to vCenter Foundation, but the limit is only three ESXi hosts. Also, Essentials Kits are bundled in a single SKU which contains ESXi licenses as well as the vCenter Server license. There are two different Essentials Kits available:

vSphere Essentials Kit

vSphere Essentials Plus Kit

Overview

Server virtualization and consolidation with centralized management

Server virtualization and consolidation plus business continuity

vCenter Server

vCenter Server for Essentials

vCenter Server for Essentials

License entitlement

Three servers with up to two processors each

Three servers with up to two processors each

Features

ESXi

ESXi, vMotion, high availability, vShield endpoint, vSphere replication

Remote Office Branch Office (ROBO) editions

VMware vSphere ROBO is designed for IT infrastructure located in remote, distributed sites. This delivers improved service levels, standardization, availability, and compliance.

The idea of ROBO edition is that you have one vCenter Server in your HQ and then different ROBO sites that you centrally manage. You can, of course, deploy vCenter Server Foundation as a local management platform in each ROBO site as well.

You can run up to 25 VMs in a single ROBO site, but you can't assign multiple license packs in the single site. However, you can distribute the single license among multiple sites (ROBO site 1 contains 5 VMs, ROBO site 2 contains 10 VMs, and ROBO site 3 contains 10 VMs):

vSphere ROBO Standard 

vSphere ROBO Advanced 

Overview

Remote site server virtualization platform with business continuity and backup features

Remote site server virtualization offering business continuity and backup with advanced features such as standardization of host configurations

Centralized management

vCenter Server for Essentials

vCenter Server for Essentials

License entitlement

Pack of 25 virtual machines

Pack of 25 virtual machines

vCenter Server (sold separately)

vCenter Server Standard

vCenter Server Standard

Features

ESXi, vMotion, Storage vMotion, High Availability, Fault Tolerance (2-vCPU), vShield Endpoint, vSphere Replication, Hot-add, Content Library

ESXi, vMotion, Storage vMotion, High Availability, Fault Tolerance (4-vCPU), vShield Endpoint, vSphere Replication, Hot-add, Content Library, Host Profiles, Auto Deploy, Distributed Switch

 

 

Reasons for and against upgrading


VMware vSphere 6.7 does not represent a major release of vSphere compared to 6.5, but some exciting features might encourage you to think about going for the update. This is especially the case if you are interested in a hybrid cloud solution and interconnection with AWS; vSphere 6.7 is a clear way to go. Furthermore, the features described here are only available in the newest version of VMware vSphere. If you need to use some of those features, then make the update. There are almost no difference in configuration maximums, so scalability is probably not the most significant issue there.

Finally, don't forget to check that your physical hardware is supported by vSphere 6.7. This is necessary as there were some changes, especially with several CPU models that are no longer supported. Don't forget to consider all third-party code, including drivers, services, kernel modules, all vCenter plugins, or integration with external software such as backup products.

Note

You can check all your components with the hardware compatibility List to see if they are fully supported in VMware vSphere 6.7 at https://www.vmware.com/resources/compatibility/search.php.

You can also try one of the newest VMware flings: ESXi compatibility checker. This is a Python script that can validate VMware hardware compatibility and resolve ESXi issues.

Note

You can download the ESXi compatibility checker Python script for free from VMware labs at https://labs.vmware.com/flings/esxi-compatibility-checker.

Why upgrade?

There can be several reasons to upgrade vSphere to the latest version:

  • To extend the support and the life cycle of the product: VMware vSphere 5.5 is no longer supported (since September 2018) and VMware vSphere 6.0 is only supported until March 2020.
  • HTML-5 web client: Brings a big improvement for day-to-day administration of the environment.
  • To have a new product: vSphere 6.7 provides new features but new hardware (and other new software) may require or benefit from this version.
  • New infrastructure functions: This may include Instant Clone or the vTPM.
  • Storage benefits: If you require a super-fast storage subsystem, persistent memory is a big deal.
  • Cloud integration: VMware Cloud on AWS offers a genuinely cloud-based environment with the same capabilities as your on-premises vSphere environment.

Why shouldn't you upgrade?

There can be a few reasons to avoid upgrading vSphere 6.7:

  • You may have a software or hardware part that does not support this version.
  • Does the new version support existing servers? vSphere 6.7 drops the support for some old hardware and software. vSphere 6.7 no longer supports the following processors:
    • AMD Opteron 13xx Series, 23xx Series, 24xx Series, 41xx Series, 61xx Series, 83xx Series, and 84xx Series
    • Intel Core i7-620LE Processor
    • Intel i3/i5 Clarkdale
    • Intel Xeon 31xx Series, 33xx Series, 34xx Series, 34xx Series, 35xx Series, 36xx Series, 52xx Series, 54xx Series, 55xx Series, 56xx Series, 65xx Series, 74xx Series, and 75xx Series
  • Do you really need the new functions? If you are involved in a digital transformation, you will probably need the new platform (AWS for vSphere or vSphere for integrated container management require the new version). However, for SMBs, most of the new functions are not usable or useful yet.
  • Can you really use the new functions? Most of the new features are only for the Enterprise Plus edition (see the next paragraph for more details about the different editions).
  • Is the new version mature and stable enough? Some customers prefer to wait several months for the upgrade to make sure that there are no significant bugs in the code.

Upgrade paths

vSphere 5.5 does not have a direct upgrade path to vSphere 6.7. If you are currently running vSphere 5.5, you must first upgrade to either vSphere 6.0 or vSphere 6.5 before upgrading to vSphere 6.7.

Note

There is no supported upgrade path from vSphere 6.5 Update 2 to vSphere 6.7, as described at https://kb.vmware.com/s/article/53704. However you can upgrade to vSphere 6.7U1

If you have a complex vSphere environment, you should update all components in the correct order, otherwise you might face troubles with the infrastructure. The correct update sequence for VMware vSphere 6.7 and related products is as follows:

  • vRealize Automation (vRA)
  • vRealize Orchestrator (vRB)
  • vRealize Business for Cloud (vRBC)
  • vRealize Operations (vROps)
  • vRealize Operations Manager Endpoint Operations Agent
  • vRealize Log Insight (vRLI)
  • vRealize Log Insight Agent
  • VMware vSphere Storage APIs for Data Protection (vADP)-based backup solution
  • NSX for vSphere (NSX-v)
  • Platform Services Controller (PSC) External 
  • vCenter Server
  • vSphere Update Manager (VUM)
  • vSphere Replication (VR)
  • Site Recovery Manager (SRM)
  • ESXi
  • vSAN
  • Virtual hardware
  • VMware tools

Note

You can find detailed steps for upgrading multiple vSphere components at https://kb.vmware.com/s/article/53710.

 

Summary


This chapter has covered a general overview of modern data center concepts as well as all key products and solutions from VMware.

In this chapter, we also covered VMware Cloud on AWS, a new option for utilizing VMware vSphere infrastructure as a service, its benefits, and guidance for migration from on-premises infrastructure.

We have also looked at new features of the vSphere 6.7 suite, comparing its evolution with the previous releases, and we have covered the differences between the most commonly used VMware vSphere editions currently available.

Finally, in this chapter, we have explained why you should or should not choose to upgrade to vSphere 6.7, and we have also briefly touched on upgrade paths from previous versions.

In the next chapter, we will focus on how to plan a virtualization project in order to build a proper infrastructure solution and reliable data center.

 

Questions


  1. What are three essential products for fulfilling the SDDC concept?

a) VMware vSphere b) VMware Cloud on AWS c) VMware Site Recovery Manager d) VMware vSAN e) VMware Cloud Foundation f) VMware NSX 

 

  1. Based on the following use case, which licensing option will be the most effective?

The customer has an existing central data center with VMware vSphere Enterprise Plus licenses. Additionally, the customer wants to deploy two secondary sites in a branch location, each serving only a small amount of virtual machines. The customer also needs to use vSphere Distributed vSwitch in branch locations:

a) VMware vSphere Enterprise Plus edition b) VMware vSphere Essentials edition c) VMware vSphere ROBO edition d) VMware vSphere Standard edition

  1. What are the benefits of using VMware Cloud on AWS?

a) Full integration with on-premises infrastructure b) Deep integration of VMware vSphere, vSAN, and NSX c) Pay-as-you-go payment model based on the number of ESXi hypervisors d) Fully managed environment e) Zero investment costs f) Dedicated hardware

  1. Can you manage cloud-native workloads (containers) using VMware vSphere?

a) Yes b) No 

  1. Regarding configuration maximums of the vCenter server, are there any differences between vCenter Server for Windows and vCenter Server Appliance?

a) Yesb) No

 

 

  1. What features are available in VMware vSphere Enterprise Plus licenses that are not available in VMware vSphere Standard edition?

a) VMware High Availability b) VMware Distributed vSwitch c) VMware Distributed Resource Scheduler d) VMware Fault Tolerance e) VMware vMotion f) Network I/O Control

  1. What is the primary constraint when planning the upgrade of the ESXi hypervisor?

a) Hardware support b) License costs c) Upgrade complexity

 

Further reading


For more information, feel free to check the following resources:

About the Authors

  • Martin Gavanda

    Martin Gavanda has more than 10 years of experience, mainly for service providers offering IaaS solutions based on VMware vSphere products. He was responsible for the design and implementation of IaaS solution in CE region, he has also worked for one of the world's biggest service providers, supervising thousands of ESXi servers across the globe.

    Currently, he is working as an independent cloud architect, focusing on large infrastructure projects and practicing as a VMware instructor. For the past year, he has led more than a dozen on-site VMware workshops. He has created several virtual classes focusing on the VMware vSphere platform, with thousands of students subscribed, and he runs his own blog about virtualization and the cloud.

    Browse publications by this author
  • Andrea Mauro

    Andrea Mauro has more than 20 years of experience in IT, both in industry and the academic world. He works as a solutions architect and is responsible for infrastructure implementation, architecture design, upgrades, and migration processes. He is a virtualization and storage architect, specializing in VMware, Microsoft, Citrix, and Linux solutions. His first virtualized solution in production was built around ESX 2.x, several years ago. His professional certifications include not only several VMware certifications, but also other vendor-related certifications. He is also a VMware vExpert (2010-18), Nutanix NTC (2014-19), and Veeam Vanguard (2016-19), and he was a Microsoft MVP (2014-16).

    Browse publications by this author
  • Paolo Valsecchi

    Paolo Valsecchi has worked in the IT industry for more than 20 years, and he currently works as a system engineer mainly focused on VMware vSphere, Microsoft technologies, and backup/DR solutions. His current role involves covering all tasks related to ensuring IT infrastructure availability and data integrity (including implementation, upgrades, and administration).

    He holds the VMware VCP65-DCV and Veeam VMCE professional certifications, and he has been awarded the VMware vExpert title (2015-18) and the Veeam Vanguard title (2016-19).

    Browse publications by this author
  • Karel Novak

    Karel Novak has 18 years of experience in the IT world. He currently works as a senior virtual infrastructure engineer at Arrow ECS Czechia, and is responsible for implementation, design, and complete consultation when it comes to VMware and Veeam. As an instructor of advanced VMware and Veeam, he has delivered many courses. He specializes in VMware DCV, NSX, and, of course, Veeam. He has been using VMware for 12 years and Veeam from the first version. He is a VMware vExpert 2012-2018, VMware vExpert NSX 2016-2018, and a Veeam Vanguard 2015-2019. His highest certifications are VCI-Level 2, VCIX6-NV, VCIX6-DCV, VMCT-Mentor, and VMCA. He is also a VMware Certification Subject Matter Expert.

    Browse publications by this author

Latest Reviews

(3 reviews total)
Részletes átgondolt, jól használható tudásbázis.
Great ebook
The buying process was great. I use the books on specific sections and was great.

Recommended For You

Book Title
Access this book, plus 7,500 other titles for FREE
Access now