My second article has now been published on SearchVMware.com about the new enhancements to vSAN Stretched Clustering.
My second article has now been published on SearchVMware.com about the new enhancements to vSAN Stretched Clustering.
It’s that time of year again when the VMware community starts to cast their votes as to which blog should be crowned “Top vBlog” for 2017…!
This year Duncan Epping (http://www.yellow-bricks.com/) and Frank Denneman (http://frankdenneman.nl) have decided to withdraw their blogs from the voting, which is admirable as they both always feature in the top 5 (or #1 for the past 8 years in the case of Duncan!!). From what I’ve read, both wish that other people get the recognition as sometimes the voting is based on popularity rather than content.
Maybe there should be a hall of fame that the likes of Duncan and Frank could be inducted into?!? =)
Last year, much to my surprise, I ended up ranked #161.. if I’m honest I didn’t even think I would rank! Anyways, thanks to those who voted for me…. hopefully I’ll rank again this year… it’s always nice to be recognised by your peers, but blogging for me is a hobby as I’ve got a hectic work and family life (a 20mth baby takes up alot of time…).
Anyways, head along to vSphere-land to read more about the voting rules:
If you’re looking for a list of all vBlogs, then head over to vLaunchPad:
Once you’re ready to cast your vote, head over to the voting site:
And if you’re interested in last years results, then here they are:
Voting runs until the 30th June.
Yes, I know I’m a bit late with this announcement as voting opened on the 1st June… Unfortunately I’m on holiday and it’s been difficult trying to find decent network reception on the canals of Wales – it seems you can only get 4G network when you’re near a town… =(
Earlier this year it was announced that vSAN had grown to over 7000 customers since launch, which is a pretty decent number given the product went GA just over 3 years ago and we’re on the 6th iteration! What’s even more impressive is how quickly VMware are turning these updates around (almost every 6 months we get an update of sorts), we only got vSAN 6.5 at VMworld last year and 6 months later we now have version 6.6 – what’s funny is half my customers haven’t even started implementing their 6.5 upgrade plan yet and now they will have to re-write that plan…. Lol… =)
In fact I see the number of customers growing quite significantly this year given the huge drive towards HCI – something that I’m seeing within my company’s customer-base (and in the market in general)!
Today sees vSAN 6.6 go GA, and it amazes me on how many new features VMware have packed into this release – features that make vSAN more faster, cost effective and much more secure! And to think that this is just a “minor” patch release! With vSAN 6.6, customers can now evolve their data centre without risk, control IT costs and scale to tomorrow’s business needs (sorry, that was a marketing blurb that I just had to fit in somewhere as it sounded good).
(Note: I know that slide says “Not for distribution”. However, the vSAN vExperts have been given permission to use the material in their blogs)
The biggest features in my opinion are vSAN Data-at-Rest Encryption, Unicast communication and Enhanced Stretched Clustering with Local Protection – these are the 3 features I’m going to concentrate on within this post, trying to expound on all the new features would involve me writing a lengthy technical whitepaper! =)
That said, other new features are as follows:
EMC love calling this by the acronym D@RE…. But this hasn’t quite filtered down to the VMware team…. =)
VMware vSAN 6.6 introduces the industry’s first native HCI security solution with software-defined data-at-rest encryption within the hypervisor. Data-at-rest encryption is built right into the vSAN kernel, and is enabled at the cluster allowing all vSAN objects to be encrypted (ie the entire vSAN datastore).
In my opinion this is one of the most important new feature in vSAN 6.6 – we all know that security within IT has become top priority, featuring very high on a company’s risk-register, but IT Admins have always been reluctant to either deploy encryption at the OS level or let application owners encrypt their apps and data. Data-at-rest encryption takes away that decision by encrypting when the data resides on your vSAN Datastore.
It’s hardware-agnostic which means you can deploy the storage hardware device of your own choice – it doesn’t require the use of expensive Self-Encrypting Drives (SEDs)!
vSAN Encryption is available for both All-Flash and Hybrid configurations and integrates with KMIP 1.1 compliant key management technologies. When vSAN Encryption is enabled, encryption is performed using an XTS AES 256 cipher and occurs both at the cache and capacity tier – wherever data is at rest, which means you can rest assured that if a cache or capacity drive is stolen the data is encrypted! Plus vSAN Encryption is fully compatible with vSANs all-flash space efficiency features, like dedupe, compression and Erasure Coding, delivering highly efficient and secure storage – as data comes into the cache tier it’s encrypted, then as it de-stages it’s decrypted and any relevant dedupe or compression occurs to the data (4k blocks) before it’s re-encrypted as it hits the capacity tier (512b or smaller blocks). As it’s data encryption at rest, I believe that vSAN traffic traversing the network maybe sent in the clear which means you will need to ensure vSAN traffic is protected accordingly.
It’s worth mentioning that whist the cryptographic mechanics are similar to VM encryption that was introduced in vSphere 6.5 (ie it requires a KMS and uses the same encryption modules), there is a vast difference in the way they’re implemented – VM encryption is per-VM (via vSphere API for IO filtering – VAIO), whilst with vSAN encryption it is the entire datastore. Also you get space-saving benefits from vSAN encryption as previously mentioned. The other major difference is that vSAN encryption can carry on functioning if vCenter Server is lost or powered off because the encryption keys are transferred to each vSAN host and via KMIP each host talks directly to the KMS, whereas VM encryption requires you to go through vCenter Server to communicate to the KMS. Not to mention VM-encryption does have some performance impacts and requires Ent Plus licenses.
Turning on vSAN encryption is as simple as clicking a checkbox within the settings of the vSAN cluster and choosing your KMS (which does need to be setup prior to enabling encryption). However, it’s worth noting that a rolling disk reformat is required when encryption is enable which can take a considerable amount of time – especially if large amounts of data residing on the disks must be migrated during the reformatting.
With the enhanced API support, customers who like to automate their infrastructure will be able to setup an encrypted vSAN cluster with all the relevant KMS configuration via scripting – great for automating large scale deployments!
Removal of Multicast
Another big announcements with vSAN 6.6 is that VMware are switching from multicast to unicast for their communication mechanism. This obviously makes networking a lot simpler to manage and setup as customers won’t need to enable multicast on their network switches, or IGMP snooping, or even PIM for routing. It may even mean that customers could use cheaper switches (which may not handle Multicasting very well).
Bit of background:
Typically IP Multicast is used to efficiently send communications to many recipients. The communication can be in the form of one source to many recipients (one-to-many) or many sources to many recipients (many-to-many).
vSAN used multicast to deliver metadata traffic among cluster nodes for efficiency and to optimise network bandwidth consumption for the metadata updates. This eliminates the computing resource and network bandwidth penalties that unicast imposes in order to send identical data to multiple recipients. vSAN depended on multicast for host discovery – the process of joining and leaving cluster groups, as well as other intra-cluster communication services.
While Layer 3 is supported, Layer 2 is recommended to reduce complexity. All VMkernel ports on the vSAN network subscribe to a multicast group using IGMP. IGMP snooping configured with an IGMP querier can be used to limit the multicast traffic to only the switch ports where the vSAN uplinks are connected to – this avoids unnecessary IP multicast floods within the Layer 2 segments.
Although one of the issues that could occur was when multiple vSAN clusters reside on the same layer 2 network – the default multicast address should be changed within the additional vSAN clusters to prevent multiple clusters from receiving all multicast streams.
I believe vSAN now relies on vCenter Server to determine cluster membership, however I haven’t yet read about how the vSAN team have managed to implement unicast communication as that information is still in limited supply. It’ll be interesting to understand how they have done it considering multicast was an efficient and easy way of replicating instructions to multiple nodes within the vSAN cluster when a node needed to perform an action. Although one thing worth noting is that unicast communication probably lends itself to cloud platforms a lot easier than trying to implement a multicast solution!
Local Protection for Stretched Clusters
Stretched vSAN Clusters were introduced back with vSAN 6.1 and built on the foundations of Fault Domains, it was basically a RAID-1 configuration of a vSAN object across two sites – which basically means a copy of the data in each site with a witness site for cluster quorum type services during failure events. The problem was if 1 site failed you would only have a single copy left and an additional failure could lead to data loss. It also meant that if a single host failed in any of the sites then the data on that host would need to be resynced again from the other site (to rebuild the RAID-1).
This new enhancement to Stretched Clusters now gives users more flexibility with regards to local and site protection. For example, you can now configure the local clusters at each site to tolerate two failures whilst also configuring the stretched cluster to tolerate the failure of a site! Brilliant news!
When enabling Stretched Clusters, there are now two protection policies – a “Primary FTT” and a “Secondary FTT”. Primary FTT defines the cross-site protection and is implemented as a RAID-1. It can be set to 0 or 1 in a stretched cluster – 0 means the VM is not stretched whilst 1 means the VM is stretched. Secondary FTT defines how it is protected within a site, and this can be RAID-1, RAID-5 or RAID-6.
One thing to note is that the witness must still be available in order to protect against the loss of a data site!
This new feature doesn’t increase the amount of traffic being replicated between sites as a “Proxy Owner” has been implemented per site, which means instead of writing to all replicas in the second site, a single write is done to the Proxy Owner and it’s then the responsibility of this Proxy Owner to write to all the replicas on that local site.
So that’s about it for now…. if you require more information then pop along to the following sites:
Duncan Epping (Chief Technologist in the Office of CTO for the Storage & Availabiliy BU at VMware) has created some great demos of vSAN 6.6 which can be found on his blog site: http://www.yellow-bricks.com
Things to Note
The underlying release for vSAN 6.6 is vSphere 6.5.0d which is a patch release for vSphere 6.5. For existing vSAN users upgrading to vSAN 6.6, please consult VMware Product Interoperability Matrices to ensure upgrading from your current vSAN version is supported.
Please note that for vSAN users currently on vSphere 6.0 Update 3 – upgrade to vSAN 6.6 is NOT yet supported.
The parent release of vSAN 6.6 is vSphere 6.5 and as shown by VMware Product Interoperability Matrices, an upgrade from 6.0 U3 to vSphere 6.5 (and hence vSAN 6.5) is NOT supported. Please refer to this KB Supported Upgrade Paths for vSAN 6.6 for further details.
p/s: I’ve always liked Rawlinson Rivera‘s Captain vSAN cartoon!! =)
Hmm…. so that was an interesting announcement from VMware last week!….. although if I’m honest it makes perfect sense!
OVH Group announcing it’s intent to acquire the vCloud Air Business from VMware: https://www.vmware.com/radius/vmware-cloud-air-evolves/
Last year when VMware announced their tie up with AWS – vCloud on AWS – many had already started wondering what that partnership would do to VMware’s own cloud offering. The talking point was made more real when VMware also announced their Cross-Cloud Architecture which would allow a customer to choose which cloud platform to deploy their workloads onto – all from a single common operating environment. Then to make things worse, VMware announced VMware Cloud Foundation on IBM Cloud (or what was Softlayer)… an SDDC stack running VMware goodies on IBM Cloud compute!
That triple whammy pretty much made everyone think that vCloud Air’s time was up!!
I had a number of discussions at VMworld Europe last year where we talked about whether VMware would just shut down vCloud Air, or would they migrate it all onto AWS. Although the general consensus was that maybe they would sell off/spin off that part of their business – after all, VMware is a software business and vCloud Air was always seen as a ‘weird’ sibling…. not to mention that it competed against all it’s vCAN (VSPP) partners who were offering their own cloud services built on VMware technology!
I guess there’s no shame in what VMware are doing, Cisco, Dell and HP tried and failed to do what Amazon and Google are doing well at… although surprisingly Microsoft have managed to get Azure up and running well!
In a way, VMware are getting rid of what they probably saw as a hefty investment on infrastructure and hosting for little returns (I doubt there were many customers using vCloud Air to justify the expense of keeping it). Makes more sense to sell it to an existing cloud provider who knows how to sell Public Cloud services and IaaS! Although, I kind of have to wonder what OVH will do given VMware hosted vCloud Air in Equinix/Telstra data centres around the world….. guessing they’ll run down the contract with those providers and bring it all back in house!
In my opinion, selling off vCloud Air is probably a smart move….. VMware’s vision is to enable a customer to run “Any Application on Any Cloud, accessed by Any Device”, and it was going to be difficult to be Cloud-Agnostic if they owned a Public Cloud service! The whole Cross-Cloud Architecture would have produced a conflict of interest if they kept vCloud Air…. now that they’re shot of it, they can concentrate on pushing out their vCloud stack onto Azure and maybe even GCP given that they’re well on their way with the AWS partnership. Why try and beat them at their own game? It’s far easier to embrace them and partner!!
VMware are positioning themselves to be the broker of cloud services…. a single management point that allows end users to decide which public cloud is best for their workloads! In a way it’s a clever move, firstly because it puts the decision-making back with the end user, and secondly it now means that VMware can state that it’s the only virtualisation company that doesn’t tie you into a single cloud vendor (much like how Microsoft tries to ram Azure down the throat of Hyper-V customers).
Interesting times ahead……
Congratulations to all who have been awarded the title of vExpert for 2017.
Honoured to be considered part of this group for the 3rd year running. =)
Well done for all the new vExperts joining in 2017 and welcome to the family!
So it’s probably worth reminding everyone that there are still VMware products that are not yet supported on vSphere 6.5!
I unfortunately found out the hard way when I broke my work’s demo environment (or at least half of it).
Now even though I’ve blogged about compatibility issues previously eating too many mince pies and drinking too much bucks fizz over the Christmas and New Year festivities has obviously taken its toll on my grey matter, and coming back to work in the new year I decided it would be a nice idea to upgrade a part of my works demo environment to vSphere 6.5 so that we can use it to demo to customers!
The problem was I upgraded the part of the lab running NSX and when I got to the point of trying to push the NSX VIBs onto the ESXi hosts (when preparing the hosts to join the NSX cluster), it was having none of it and failing! After several unsuccessful attempts, it slowly dawned on me that NSX was one of those ‘unsupported’ products that doesn’t work with vSphere 6.5…..
Fortunately I didn’t destroy my old vCenter Server 6.0u2 appliance so was able to roll back by re-installing the ESXi hosts with 6.0.
Anyways, the products still not supported are:
Definitely worth keeping an eye on this VMware KB: Important information before upgrading to vSphere 6.5 (2147548)
And if you do end up upgrading to vSphere 6.5, then make sure you follow the recommended upgrade sequence in this VMware KB: Update sequence for vSphere 6.5 and its compatible VMware products (2147289)
After the past 3 years of attending VMworld in Barcelona and packing my schedule full of sessions causing me to run between sessions and grab lunch on the go, I swore to myself that this year I would be more selective with my sessions so that I’m not rushing around like a headless chicken…..
…. Unfortunately I’ve failed in my scheduling prowess….. when the Schedule Builder was released, I pretty much went through the whole content catalog and selected all the interesting sessions I wanted to attend, and basically ended up with another packed out calendar!! >_<”
Dammit… why are there sooo many interesting sessions at VMworld and sooo little time to schedule them all in! I remember watching at least a dozen video replays of sessions I couldn’t attend last year…. I’m now trying to work out whether to attend the sessions in real life or just watch a virtual replay post-VMworld!
Given my hectic schedule…. I wouldn’t be surprised if I end up in the Top 10 yet again in the VMworld attendee game (shame there aren’t any prizes).
I’ve got a packed out PEX day, including trying to fit in my VCP6-DCV Delta exam in the morning….. Best have a quiet Sunday night!
Anyways, if you’re going to VMworld then you’ll find me in these sessions!
Tuesday 18th October:
Wednesday 19th October:
Thursday 20th October:
Sessions down for post-VMworld viewing:
It’s strange that Chad Sakac is no longer presenting his session (The Edge is Still Bleeding: A face-melting technical smorgasbord of all things Converged, Hyper-Converged, Cloud Native & Software Defined [SDDC9462-SPO]) – he’s been replaced by Tom O’Reilly….. such a shame as he’s a great presenter! At least Vaughn Stewart is back this year (Best Practices for All-Flash Data Reduction Arrays with VMware vSphere [INF9455-SPO])!
As you can see, my sessions are heavily skewed towards NSX, and that’s because MTI are a VMware NSX Focus Partner in UK and I’m always after more material to use within my NSX presentation decks. Not to mention that NSX is a focused product from VMware this year (how many times have I said that now in my blogs?)….
Roll on VMworld 2016!
Last year I blogged about the vCS to vCSA converter tool that VMware Labs released as a fling and how I had used it to pretty much convert all my lab vCenters (all bar one) to vCSAs….. since then I’ve been following the releases and a few months ago I noticed the Fling was deprecated (ie you can’t download it). I didn’t think much of it as VMworld 2016 was only round the corner, so thought it might be rolled into an impending vSphere/vCenter release….. unfortunately that never quite materialised in Las Vegas, and rumours are that vSphere 6.5 might be released in Barcelona.
So I was quietly surprised when I got an email notification from VMware Blogs to inform me that a new minor update of vSphere had been released specifically for migration puposes – vSphere 6.0 Update 2m (where the ‘m’ stands for migration).
vSphere 6.0 Update 2m is an automated end to end migration tool from a Windows vCenter Server 5.5 (any update) to a vCenter Server Appliance 6.0 Update 2 (so pretty much what the Fling used to achieve).
It’s common knowledge that trying to migrate from a Windows vCenter Server (with a SQL backend) to a vCenter Server Appliance was not an easy task – in fact in 90% of my customers I’ve just told them to start a fresh rather than go through the pain of scripting a migration. However, I’m so glad that VMware have rolled out the Converter fling into an actual production release – now we have an end-to-end migration tool which takes all the pain out of the equation!
Those of you who are interested in migrating from your Windows vCenter Server 5.5 (any update) to a vCenter Server Appliance 6.0 Update 2 should download and use this release. The vSphere 6.0 Update 2m download is an ISO consisting of the Migration Tool and vCenter Server Appliance 6.0 Update 2, roughly about 2.8GB in size.
Note: you cannot use this release to deploy a new installation of vCSA! To do that you just use the vCSA 6.0 Update 2 install.
Somethings that are worth mentioning prior to starting a migration are:
The only annoying thing is that because I’ve used the fling previously to convert all my Windows vCenter Servers, I now don’t have anything I can test this migration tool on!! >_<”
I’m currently in the process of digging out an old vCenter Server 5.5 ISO so that I can deploy it and upgrade it using the new release!
Anyways, those of you who haven’t yet upgraded to vCenter Server 6.0 and to an appliance, now there’s no reason why you can’t as you have a fully supported tool from VMware!
Best of all, they’re in the process of improving the migration tool so that it can be used to migrate from a Windows vCenter Server 6.0 install to a vCenter Server Appliance 6.0. One feature I hope they will also include is the ability to migrate from an existing vCSA to another vCSA.
vCenter Server 6.0 Update 2m links:
Proud to say that I’ve been chosen as a VSAN vExpert for 2016…. Honoured to have my name amongst some highly rated peers who were chosen out of the large pool of current vExperts!
I didn’t really set out to become a subject matter expert, but when VMware announced they were going to create 2 new subject tracks this year (NSX & VSAN), I thought I’d stick my name into the hat….. =)
Didn’t quite get there for the NSX track, only because I hadn’t really blogged about NSX much – which is funny considering my company is actually one of 5 focused NSX partners in UK&I…. =)
Anyways, congrats to everyone who was chosen to become a VSAN or NSX vExpert!
Roll on VMworld!! =)