VMworld 2018 US – Day 1 General Session Round Up

So the great thing about VMworld US is that they live stream the General Session for the rest of us who can’t make it over to Vegas… whilst you can’t get the whole VMworld US experience just by watching the GS live stream, at least you get to hear the same news as those in Vegas.

Pat Gelsinger opened up the GS by showing the world his bad-ass “VMware” tattoo… not quite sure if it’s real – many commenting on VMware’s tweet that the tattoo gun doesn’t look like it has ink in it… =P
https://twitter.com/vmwarenews/status/1034109813129535488

A nice little montage to celebrate the 20th anniversary of VMware… 1998… long time… From Server Virtualisation to EUC to Network Virtualisation to Cloud and now Hybrid/Multi-Cloud.

VMware’s Vision is still the same – Any Device, Any App, Any Cloud… and we’re told businesses are still on a multi-cloud journey! The thing is, so many companies have a ‘cloud’ strategy, but many just can’t execute that cloud adoption because they are stuck trying to migrate workloads off their traditional DC into the public cloud!
This is where VMware stands apart with their partnership with AWS and their Cloud Foundations solution! Move your on-prem DC to a SDDC and then “ruthlessly automate everything!!” =)

Project Dimension was quickly mentioned as a Tech Preview that will extend VMware Cloud to the data center, ROBO and edge. It combines VMware Cloud Foundations with HCI and a VMware Cloud managed service to deliver an SDDC solution, end-to-end, operated and supported by VMware. The solution will simplify cloud deployments handling all aspects of configuration, security, and management – leaving customers to worry-less about infrastructure and focus more on their business innovations!

Dimension

There were a few nice VMC on AWS announcements…

  • firstly the rollout of its services in Sydney to serve APJ
  • secondly that vSAN will be using Amazon Elastic Block Storage (EBS) allowing customers to independently scale compute and storage requirements (and effectively allowing users to deploy storage-dense workloads)
  • thirdly Amazon Relational Database Service (RDS) on VMware making it easy for customers to set up, operate, scale and migrate Relational DBs on-prem and in VMC on AWS.

It’s amazing how far the partnership has come in a single year!

Roadmap for further rollouts:
vmconaws.png

More here: https://cloud.vmware.com/community/2018/08/26/vmware-cloud-aws-charging-ahead/

Finally there was an announcement of the acquisition of CloudHealth Technologies… From what I can see, CloudHealth Tech delivers a SAAS platform that offers Cloud Operations across AWS, Azure and GCP – it helps customers to analyze, manage cloud costs, usage and monitor performance across multi-clouds. This looks like a CMP on steroids and should complement VMware’s existing CMP and SAAS offerings (vRealize/Cloud Automation Services and Wavefront). CloudHealth will become ‘the’ Cloud Operations Platform of choice for the industry…. allowing customers to control, analyze the costs, compliance and performance of their compute environments across on-prem and public clouds!

To end it all, VMware’s CTO – Ray O’Farrell – came on stage to demo several of the new announcements and new products:

  • Migrating workloads from on-prem to the cloud – demo’ing bulk migration of an entire data centre using vSphere replication and then vMotion – with no downtime!
  • Project Dimension showing how cloud services can be ‘stretched’ between VMC on AWS and a customers on-prem DC. Also how both on-prem and edge infrastructure can be monitored as part of VMware’s managed service.
  • Short Amazon RDS demo showing the service running on-prem and in AWS.
  • A mention of something called Project Magna which leverages AI and Machine Learning to self-optimize a virtual environment…. changing the SD in SDDC from Software-Defined to Self-Driving!
  • A demo of VMware PKS showing the integration of NSX with PKS and how you can automate security of kubernetes.
  • A nice demo showing vROPs monitoring workloads requiring GPUs and the new feature of vMotion for GPU enabled VMs (a limitation previously of Horizon/vSphere)
  • Blockchain is everywhere!! Project Concord is an open source infrastructure for Enterprise Blockchains focusing on performance and scalability.
  • Dell EMC’s new factory-provisioning service for VMware Workspace ONE, where devices will ship ready for integration as end-points.
  • Workspace ONE intelligence, advising IT operations of problems with incompatible applications and patches (automate patch testing to predict whether a new patch will work).
  • A demo to show the support of ESXi on 64-bit ARM platforms.

And to close the GS, two major annoucements around security, one for compute and one for Network…

  • Firstly – vSphere Platinum, packaging AppDefense with vSphere ESXi. This new offering will have AppDefense built in which uses machine learning and a variety of other inputs to baseline known good states of a VM. AppDefense can then act on deviations of that baseline, executing automated actions – such as changing firewall settings, alerting, offloading for deeper network packet inspection.
  • Secondly – Adaptive Micro-Segmentation, integrating AppDefense and NSX. Security solutions should “Learn, Lock and Adapt” to threats… AppDefense will offer the dynamic learning and adaption looking into the VM and applications, NSX will offer the Lock.

 

And with that…. I end my summary of the first day’s GS…. =)

 

EDIT: Day 1 General Session is now available for replay: https://www.vmworld.com/en/us/learning/general-sessions.html

Advertisements

VMware vExpert vSAN 2018 Announced

Phew…. *sigh of relief* ….. thankfully this year I’ve made the cut again for the vExpert vSAN track! =)

Almost didn’t make it as I was on holiday during the application process and missed the original deadline. Thankfully the application was still live so I sneaked in an application and sent my apologies to the vExpert admin team.

Anyways, congrats to all returning vExpert vSAN members and welcome to all new members joining for the 1st time!

https://blogs.vmware.com/vmtn/2018/06/vexpert-vsan-2018-announcement.html

Let’s keep evangelising about vSAN and drive that customer demand…… as VMware announced recently, there are now over 14,000 vSAN and VxRail customers (as of the end of Q1)! That’s impressive for a product that was only launched in 2014!

I’m a big big advocate of VxRail and love talking about the HCI solution to my customers… I’m also proud that MTI are one of the leading partners in the UK for VxRail (and also one of the very first partners to sell/deploy VxRail when it launched)!

VMworld 2017 US General Session Day 1

If like me, you’re stuck in a sweltering London enjoying the bank holiday and watching the Game of Thrones season 7 finale, you may have forgotten that over in Vegas the city is just getting over the big fight of Mayweather vs McGregor and is now inundated with people looking to attend VMworld 2017 US.

It’s great that VMware live stream their keynotes, as it gives everyone an opportunity to hear first hand what VMworld will be about this year and also what is being announced!

And it’s of no surprise that VMware have continued to strengthen their vision on “Any Device, Any Application, Any Cloud” with the keynote by Pat Gelsinger. Whilst heterogeneous is a great thing that leads to the consumerisation of IT, it plays havoc with IT admins who’s key focus is to contain and secure a company’s data – and it’s worth noting how much emphasis is being placed on security within VMware – NSX is intrinsic to every solution that was mentioned during the keynote!

Vision

The first thing that was covered was how the digital transformation is affecting end users – the goal for any company is to ensure that their employees are well connected, yet the challenge is a complex one when you realise how many different technologies an end user has access to – smartphones, tablets, laptops – even smartwatches and cars now! So how do you deliver an unified workspace securely across multiple technologies?

Simple – Workspace ONE – piecing it all together to give companies a “consumer simple but enterprise secure” solution. Delivered in 3 areas:

  1. Apps and Identity – applications with a consistent feel across multiple devices. Secured by a common identity framework with a simple Single Sign-on experience.
  2. Management and Security – IT in control, delivering consistent management & security. Drastically improving  tasks that were previously costly, time consuming, and resource intensive, whilst still in control of data by combining identity and device management to enforce Data Security and Endpoint Compliance.
  3. Desktop and Mobile – Device Management and Compliance provided by AirWatch Unified Endpoint Management, protecting sensitive data as well as conditional access to how that data can be consumed by end-users.

workspaceone

Next Pat went on to explain that virtualisation has led to end-users deploying a private cloud within their own data centres, yet making such a transition is not an easy step – deployment isn’t straight forward, lifecycle management and day 2 operations isn’t always easy, and trying to secure different technologies of a private cloud is painful!

VMware’s goal is to “make Private Cloud Easy and that’s where Cloud Foundation comes along – a fully integrated SDDC stack that ‘just works’…. simple… agile… secure! version 2.2 was announced and is now GA.

Pat was then joined by Andy Jassy, CEO of AWS, to announce the General Availability of VMware Cloud on AWS. Announced as a tech preview at last years VMworld, it should be noted that it’s currently only available today in the US West Coast region Availability Zone, it will then be rolled out across the East Coast AZ before rolling out to the rest of the AWS global AZs by the end of 2018. So I guess we’re going to expect it in the UK late 2017/early 2018!

VMware Cloud on AWS allows you to seamlessly take a workload running on vSphere in your data centre and migrate it to AWS Public Cloud running a VMware stack – using the same tools (vCenter Server) to manage both your private and your public cloud workloads from a single pane of glass! A consistent feel no matter where your workload resides. What Andy Jassy said was correct – in the past customers hated the fact that if they wanted to consume public cloud, there was no easy way of migrating workloads across without some form of translation occurring. It was also painful and costly to manage as you couldn’t use a single tool to manage both private and public cloud.

VMware’s Cloud Strategy is as follows:

cloud

The first 7 VMware Cloud Services were announced as available for consumption.

VMware Cloud Services

NSX Cloud is an interesting service that addresses networking and security operational challenges inherent with using multiple public clouds. Unfortunately at launch it’s only available on AWS to protect EC2 workloads (ie native AWS workloads – not vSphere workloads which is what VMware Cloud on AWS gives). It differs from on-premise NSX as it is delivered as a service and managed by VMware.

As I previously said, NSX is a key foundation to every solution at VMware currently:

nsx

Security is hugely important… and Pat breaks it down into 3 components:

  1. the need to build it into the infrastructure
  2. the need to integrate with the current security vendor ecosystem
  3. the need to ensure good cyber hygiene and ensure security policies are in place. The 5 pillars of Cyber Hygiene are:
    • Least Privilege
    • Micro-segmentation
    • Encryption
    • Multi-factor authentication
    • Patching

Two years ago, VMware first began talking about the concept of the “Goldilocks Zone” where the hypervisor sits at the ideal location in the network to improve security. During the keynote VMware announced a new product named AppDefense which looks to be the fruition of Project Goldilocks.

AppDefense allows a virtual machine to learn its manifest and understand what is a good and secure process, it’s then able to determine whether the runtime behaviour of a VM or application deviates from its intended state. Finally it’s able to trigger an automated/orchestrated response to remediate or quarantine any detected anomalies.

appdefense

 

Strange that searching the VMworld Europe Content Catalog for AppDefense doesn’t bring up any sessions…. which is a shame as I was hoping to schedule a session after hearing the keynote and reading about it.

Roll on Day 2….

 

vExpert 2017 Announcements

Congratulations to those who have been recognised as vExperts and will be joining the group for the 2nd half of 2017!

https://blogs.vmware.com/vmtn/2017/08/vexpert-2017-second-half-announcement.html

Also congratulations to existing vExperts who have been recognised as experts in the 2 sub categories – NSX and vSAN!

https://blogs.vmware.com/vmtn/2017/08/vexpert-nsx-2017-award-announcement.html

https://blogs.vmware.com/vmtn/2017/08/vexpert-2017-vsan-announcement.html

 

I’m fortunate enough to be once again considered as a vSAN vExpert for this year! =)

HCIBench 1.6.2 – Testing vSAN performance

Over the past month or so I’ve been running a number of performance tests on VxRail and vSAN solutions.

HCIBench is a brilliant tool to help end-users understand the type of performance that they can achieve with their vSAN solution.

It’s essentially an automation wrapper around the popular Vdbench tool. Vdbench is an utility specifically created to help engineers and customers generate disk I/O workloads to use for validating storage performance and storage data integrity. Vdbench is a complex beast to run, with lots of different variables that can be configured via CLI… so the HCIBench wrapper helps simplify workload profiles and makes it so much easier to run benchmark tests!!

Please note, HCIBench is a VMware Labs Fling and so there’s limited support available and it shouldn’t be used in production environments (although the latter is just to cover themselves). If I’m honest, the creators of HCIBench are pretty good at replying to comments and feedback!

https://labs.vmware.com/flings/hcibench

It’s definitely worth remembering that as a benchmark tool, it can’t quite simulate real-world workloads! However, if you understand how your workload behaves (ie block size, read/write ratio, etc) then you can get pretty close to creating a workload profile that matches your workload (albeit running a test at max. workrate rather than the bursty rate we see in real-life).

 

HCIbench was updated 2 days ago in response to the recent release of vSphere 6.5u1, and in my opinion is even cooler now that it can utilise the new vSAN Performance Diagnostic feature of vSAN 6.6.1 (API integration with the new Performance Diagnostics part of vSAN Cloud Analytics).

You can now run an HCIBench test and view detailed results of the test in Performance Diagnostics with supporting graphs – you’re able to select a goal for the test based on “Max IOPS”, “Max Throughput” or “Min Latency”, and then get details on potential issues found in the analysed data which you can then use to improve the workload profile you’re using in HCIBench.

Point your browser here for more info:
https://blogs.vmware.com/virtualblocks/2017/07/31/what-to-expect-from-hcibench-1-6-2/

Note: You need to have Customer Experience Improvement Program(CEIP) and vSAN Performance Service turned on to get this feature enabled

More on vSAN Encryption

So not long after my article was published on SearchVMware, the guys at Virtual Blocks (VMware’s own storage blog) released 2 articles which went into vSAN encryption in a bit more detail.

https://blogs.vmware.com/virtualblocks/2017/06/24/vsan-encryption-1/
https://blogs.vmware.com/virtualblocks/2017/06/24/vsan-encryption-2/

It’s definitely worth noting that using hardware encryption does have an overhead whenever you need to rekey (eg when you need to rekey every drive), obviously because vSAN encryption is within the hypervisor this overhead is significantly reduced.

The First article simply goes over what vSAN encryption is all about, the second dives into more detail on how it’s setup, the trust model of the KMS, and also how the disk format is changed when vSAN encryption is enabled. I find this 2nd article very informative in trying to understand how vSAN encryption works.

There’s also a new KB that briefly goes over the different between vSAN encryption and VM encryption: Understanding vSAN Datastore Encryption vs. VMcrypt Encryption

Enjoy…. =)