VMware vSAN 6.6 launched – so What’s New?

Earlier this year it was announced that vSAN had grown to over 7000 customers since launch, which is a pretty decent number given the product went GA just over 3 years ago and we’re on the 6th iteration! What’s even more impressive is how quickly VMware are turning these updates around (almost every 6 months we get an update of sorts), we only got vSAN 6.5 at VMworld last year and 6 months later we now have version 6.6 – what’s funny is half my customers haven’t even started implementing their 6.5 upgrade plan yet and now they will have to re-write that plan…. Lol… =)

In fact I see the number of customers growing quite significantly this year given the huge drive towards HCI – something that I’m seeing within my company’s customer-base (and in the market in general)!

Today sees vSAN 6.6 go GA, and it amazes me on how many new features VMware have packed into this release – features that make vSAN more faster, cost effective and much more secure! And to think that this is just a “minor” patch release! With vSAN 6.6, customers can now evolve their data centre without risk, control IT costs and scale to tomorrow’s business needs (sorry, that was a marketing blurb that I just had to fit in somewhere as it sounded good).

vSAN features

(Note: I know that slide says “Not for distribution”. However, the vSAN vExperts have been given permission to use the material in their blogs)

The biggest features in my opinion are vSAN Data-at-Rest Encryption, Unicast communication and Enhanced Stretched Clustering with Local Protection – these are the 3 features I’m going to concentrate on within this post, trying to expound on all the new features would involve me writing a lengthy technical whitepaper! =)

That said, other new features are as follows:

  • ESXi Host Client (HTML-5) – management and monitoring functionality available on each host in the case where vCenter server is offline.
  • Simpler installation/configuration – The ability to create a single node vSAN datastore by using the vCSA installer and then allowing you to deploy vCSA/PSC onto that vSAN datastore.
  • Enhanced rebalancing – allowing large components to be split up during redistribution.
  • Site Affinity in Stretched Clusters – a new Affinity policy rule allows users to request where a VM gets deployed to, although this is only applicable when the PFTT is set to 0. Although it’s worth noting that DRS/HA rules should be aligned to data locality!
  • Always-On Protection – Enhanced repairs with Re-sync traffic throttling – allowing vSAN to respond to failed disks/nodes more quickly, intelligently and more efficiently. New Degraded Device Handling (DDH) intelligently monitors the health of drives and proactively evacuates data before failures can happen.
  • Maintenance Pre-Check – enhanced checks to ensure there are enough resources for vSAN when entering maintenance mode (or decommissioning vSAN nodes).
  • Stretched Cluster Witness Replacement UI – simpler method of changing the Witness host without having to disable the Stretched Cluster.
  • vSAN Cloud Analytics – pro-active, real-time support notifications and recommendations with real-time custom alerts through the vSAN health Service.
  • API enhancements – vSAN SDK updated to handle all new features, with additional enhanced PowerCLI support.
  • vSAN Config Assist / Firmware Update – Enhanced health monitoring and HCL checks using health-check assistant to ensure the vSAN hardware has the latest firmware and drivers installed.
  • Enhanced Performance – up to 50% higher all-flash IOPs performance per host and Health Monitoring
  • New Hardware Support – Support for Intels new Optane technology, NVMe SSDs and larger 1.6TB SSDs for cache drives.
  • Support for Photon Platform 1.1 as well as a Docker Volume Driver – great for customers (ie DevOps) who prefer working with micro-services/containers. This allows customers to use vSAN as storage for Docker VMs giving them the ability to apply storage based polices (such as FTT, QoS, access permissions, etc) to the VM, it also gives customers the ability to support persistent storage to allow stateful container apps to be built (such as DBs).

 

Data-at-Rest Encryption

EMC love calling this by the acronym D@RE…. But this hasn’t quite filtered down to the VMware team…. =)

VMware vSAN 6.6 introduces the industry’s first native HCI security solution with software-defined data-at-rest encryption within the hypervisor. Data-at-rest encryption is built right into the vSAN kernel, and is enabled at the cluster allowing all vSAN objects to be encrypted (ie the entire vSAN datastore).

In my opinion this is one of the most important new feature in vSAN 6.6 – we all know that security within IT has become top priority, featuring very high on a company’s risk-register, but IT Admins have always been reluctant to either deploy encryption at the OS level or let application owners encrypt their apps and data. Data-at-rest encryption takes away that decision by encrypting when the data resides on your vSAN Datastore.

It’s hardware-agnostic which means you can deploy the storage hardware device of your own choice – it doesn’t require the use of expensive Self-Encrypting Drives (SEDs)!

vSAN DARE

vSAN Encryption is available for both All-Flash and Hybrid configurations and integrates with KMIP 1.1 compliant key management technologies. When vSAN Encryption is enabled, encryption is performed using an XTS AES 256 cipher and occurs both at the cache and capacity tier – wherever data is at rest, which means you can rest assured that if a cache or capacity drive is stolen the data is encrypted! Plus vSAN Encryption is fully compatible with vSANs all-flash space efficiency features, like dedupe, compression and Erasure Coding, delivering highly efficient and secure storage – as data comes into the cache tier it’s encrypted, then as it de-stages it’s decrypted and any relevant dedupe or compression occurs to the data (4k blocks) before it’s re-encrypted as it hits the capacity tier (512b or smaller blocks). As it’s data encryption at rest, I believe that vSAN traffic traversing the network maybe sent in the clear which means you will need to ensure vSAN traffic is protected accordingly.

It’s worth mentioning that whist the cryptographic mechanics are similar to VM encryption that was introduced in vSphere 6.5 (ie it requires a KMS and uses the same encryption modules), there is a vast difference in the way they’re implemented – VM encryption is per-VM (via vSphere API for IO filtering – VAIO), whilst with vSAN encryption it is the entire datastore. Also you get space-saving benefits from vSAN encryption as previously mentioned. The other major difference is that vSAN encryption can carry on functioning if vCenter Server is lost or powered off because the encryption keys are transferred to each vSAN host and via KMIP each host talks directly to the KMS, whereas VM encryption requires you to go through vCenter Server to communicate to the KMS. Not to mention VM-encryption does have some performance impacts and requires Ent Plus licenses.

Turning on vSAN encryption is as simple as clicking a checkbox within the settings of the vSAN cluster and choosing your KMS (which does need to be setup prior to enabling encryption). However, it’s worth noting that a rolling disk reformat is required when encryption is enable which can take a considerable amount of time – especially if large amounts of data residing on the disks must be migrated during the reformatting.

vsan-encrypt

With the enhanced API support, customers who like to automate their infrastructure will be able to setup an encrypted vSAN cluster with all the relevant KMS configuration via scripting – great for automating large scale deployments!

 

Removal of Multicast

vSAN Multicast

Another big announcements with vSAN 6.6 is that VMware are switching from multicast to unicast for their communication mechanism. This obviously makes networking a lot simpler to manage and setup as customers won’t need to enable multicast on their network switches, or IGMP snooping, or even PIM for routing. It may even mean that customers could use cheaper switches (which may not handle Multicasting very well).

Bit of background:

Typically IP Multicast is used to efficiently send communications to many recipients. The communication can be in the form of one source to many recipients (one-to-many) or many sources to many recipients (many-to-many).

vSAN used multicast to deliver metadata traffic among cluster nodes for efficiency and to optimise network bandwidth consumption for the metadata updates. This eliminates the computing resource and network bandwidth penalties that unicast imposes in order to send identical data to multiple recipients. vSAN depended on multicast for host discovery – the process of joining and leaving cluster groups, as well as other intra-cluster communication services.

While Layer 3 is supported, Layer 2 is recommended to reduce complexity. All VMkernel ports on the vSAN network subscribe to a multicast group using IGMP. IGMP snooping configured with an IGMP querier can be used to limit the multicast traffic to only the switch ports where the vSAN uplinks are connected to – this avoids unnecessary IP multicast floods within the Layer 2 segments.

Although one of the issues that could occur was when multiple vSAN clusters reside on the same layer 2 network – the default multicast address should be changed within the additional vSAN clusters to prevent multiple clusters from receiving all multicast streams.

I believe vSAN now relies on vCenter Server to determine cluster membership, however I haven’t yet read about how the vSAN team have managed to implement unicast communication as that information is still in limited supply. It’ll be interesting to understand how they have done it considering multicast was an efficient and easy way of replicating instructions to multiple nodes within the vSAN cluster when a node needed to perform an action. Although one thing worth noting is that unicast communication probably lends itself to cloud platforms a lot easier than trying to implement a multicast solution!

 

Local Protection for Stretched Clusters

Stretched vSAN Clusters were introduced back with vSAN 6.1 and built on the foundations of Fault Domains, it was basically a RAID-1 configuration of a vSAN object across two sites – which basically means a copy of the data in each site with a witness site for cluster quorum type services during failure events. The problem was if 1 site failed you would only have a single copy left and an additional failure could lead to data loss. It also meant that if a single host failed in any of the sites then the data on that host would need to be resynced again from the other site (to rebuild the RAID-1).

vSAN ESC

This new enhancement to Stretched Clusters now gives users more flexibility with regards to local and site protection. For example, you can now configure the local clusters at each site to tolerate two failures whilst also configuring the stretched cluster to tolerate the failure of a site! Brilliant news!

When enabling Stretched Clusters, there are now two protection policies – a “Primary FTT” and a “Secondary FTT”. Primary FTT defines the cross-site protection and is implemented as a RAID-1. It can be set to 0 or 1 in a stretched cluster – 0 means the VM is not stretched whilst 1 means the VM is stretched. Secondary FTT defines how it is protected within a site, and this can be RAID-1, RAID-5 or RAID-6.

One thing to note is that the witness must still be available in order to protect against the loss of a data site!

This new feature doesn’t increase the amount of traffic being replicated between sites as a “Proxy Owner” has been implemented per site, which means instead of writing to all replicas in the second site, a single write is done to the Proxy Owner and it’s then the responsibility of this Proxy Owner to write to all the replicas on that local site.

 

So that’s about it for now…. if you require more information then pop along to the following sites:

Duncan Epping (Chief Technologist in the Office of CTO for the Storage & Availabiliy BU at VMware) has created some great demos of vSAN 6.6 which can be found on his blog site: http://www.yellow-bricks.com

Things to Note

The underlying release for vSAN 6.6 is vSphere 6.5.0d which is a patch release for vSphere 6.5. For existing vSAN users upgrading to vSAN 6.6, please consult VMware Product Interoperability Matrices to ensure upgrading from your current vSAN version is supported.

Please note that for vSAN users currently on vSphere 6.0 Update 3 – upgrade to vSAN 6.6 is NOT yet supported.

The parent release of vSAN 6.6 is vSphere 6.5 and as shown by VMware Product Interoperability Matrices, an upgrade from 6.0 U3 to vSphere 6.5 (and hence vSAN 6.5) is NOT supported. Please refer to this KB Supported Upgrade Paths for vSAN 6.6 for further details.

 

p/s: I’ve always liked Rawlinson Rivera‘s Captain vSAN cartoon!! =)

VMware sells off vCloud Air to OVH

Hmm…. so that was an interesting announcement from VMware last week!….. although if I’m honest it makes perfect sense!

OVH Group announcing it’s intent to acquire the vCloud Air Business from VMware: https://www.vmware.com/radius/vmware-cloud-air-evolves/

Last year when VMware announced their tie up with AWS – vCloud on AWS – many had already started wondering what that partnership would do to VMware’s own cloud offering. The talking point was made more real when VMware also announced their Cross-Cloud Architecture which would allow a customer to choose which cloud platform to deploy their workloads onto – all from a single common operating environment. Then to make things worse, VMware announced VMware Cloud Foundation on IBM Cloud (or what was Softlayer)… an SDDC stack running VMware goodies on IBM Cloud compute!

That triple whammy pretty much made everyone think that vCloud Air’s time was up!!

I had a number of discussions at VMworld Europe last year where we talked about whether VMware would just shut down vCloud Air, or would they migrate it all onto AWS. Although the general consensus was that maybe they would sell off/spin off that part of their business – after all, VMware is a software business and vCloud Air was always seen as a ‘weird’ sibling…. not to mention that it competed against all it’s vCAN (VSPP) partners who were offering their own cloud services built on VMware technology!

I guess there’s no shame in what VMware are doing, Cisco, Dell and HP tried and failed to do what Amazon and Google are doing well at… although surprisingly Microsoft have managed to get Azure up and running well!

In a way, VMware are getting rid of what they probably saw as a hefty investment on infrastructure and hosting for little returns (I doubt there were many customers using vCloud Air to justify the expense of keeping it). Makes more sense to sell it to an existing cloud provider who knows how to sell Public Cloud services and IaaS! Although, I kind of have to wonder what OVH will do given VMware hosted vCloud Air in Equinix/Telstra data centres around the world….. guessing they’ll run down the contract with those providers and bring it all back in house!

In my opinion, selling off vCloud Air is probably a smart move….. VMware’s vision is to enable a customer to run “Any Application on Any Cloud, accessed by Any Device”, and it was going to be difficult to be Cloud-Agnostic if they owned a Public Cloud service! The whole Cross-Cloud Architecture would have produced a conflict of interest if they kept vCloud Air…. now that they’re shot of it, they can concentrate on pushing out their vCloud stack onto Azure and maybe even GCP given that they’re well on their way with the AWS partnership. Why try and beat them at their own game? It’s far easier to embrace them and partner!!

VMware are positioning themselves to be the broker of cloud services…. a single management point that allows end users to decide which public cloud is best for their workloads! In a way it’s a clever move, firstly because it puts the decision-making back with the end user, and secondly it now means that VMware can state that it’s the only virtualisation company that doesn’t tie you into a single cloud vendor (much like how Microsoft tries to ram Azure down the throat of Hyper-V customers).

Interesting times ahead……

Opinion Piece on VMware Licensing

So over the past few months I’ve been seeing a lot of customers within the Public Sector and Education looking at transitioning off VMware vSphere and onto Microsoft Hyper-V! With tightening budgets or even budget cuts, IT admins in these industries are looking for quick wins in slashing their IT bills and many see dropping VMware for the ‘free’ Microsoft hypervisor as an obvious choice!

The problem is, you can argue about VM densities per host, resource scheduling, live migrations, DR, and other technical aspects of why vSphere trumps Hyper-V…. However, the reply is always the same…. “Well Hyper-V is Good Enough for our environment…. and it’s Free!!”

Yes, Hyper-V is good enough as a hypervisor… and yes it’s free…. but when you have a large estate, the density ratio impacts the amount of servers you need to buy and you still need to invest in System Center with Virtual Machine Manager (SCVMM) if you want to effectively manage a cluster of Hyper-V hosts.

Unfortunately, I’m now of the impression that VMware advocates can no longer keep using the same argument when doing comparisons between vSphere and other hypervisors…. IT admins just don’t care any more…. “if the hypervisor is free and can virtualise my servers, then that’s the one I’m going for!!”

Anyways, I ended up sitting down and writing an opinion piece for SearchVMware.com on this topic….. you can view it here:

http://searchvmware.techtarget.com/opinion/Could-market-saturation-push-VMware-to-make-vSphere-Standard-free

What’s new with VMware vSAN 6.5?

Given that I’m a VMware vExpert for vSAN, I guess I’m kind of obliged to write about what’s new with the latest iteration of vSAN – 6.5….. =)

vSAN 6.5 is the 5th version of vSAN to be released and it’s had quite a rapid adoption in the industry as end-users start looking at Hyper-Converged Solutions. There are over 5000+ customers now utilising vSAN – everything from Production workloads through to Test & Dev, including VDI workloads and DR solutions! This is quite surprising considering we’re looking at a product that’s just under 3 years old… it’s become a mature product in such a short period of time!

The first thing to note is the acronym change…. it’s now little ‘v’ for vSAN in order to fall in line with most of the other VMware products! =)

So what are the key new features?

1. vSAN iSCSI

This is probably the most useful feature in 6.5 as it gives you the ability to create iSCSI targets and LUNs within your vSAN cluster and present these outside of the vSAN Cluster – which means you can now connect other VMs or physical servers to your vSAN storage (this could be advantageous if you’re trying to run a MSCS workload). The iSCSI support is native from within the VMkernel and doesn’t use any sort of storage appliance to create and mount the LUNs. At present only 128 targets are supported with 1024 LUNs and a max. LUN size of 62TB.

vsan-iscsi

It seems quite simple to setup (famous last words – I’ve not deployed 6.5 with iSCSI targets yet). First thing is to enabled the vSAN iSCSI Target service on the vSAN cluster, after that you create an iSCSI target and assign a LUN to it… that’s pretty much it!

Great thing about this feature is because the LUNs are basically vSAN objects, you can assign a storage policy to it and use all the nice vSAN SPBM features (dedupe, compression, erasure-coding, etc).

2. 2-node direct connect for vSAN ROBO + vSAN Advanced ROBO

Customers find it quite difficult to try and justify purchasing a 10GbE network switch in order to connect together a few nodes at a ROBO site. VMware have taken customer feedback and added a new feature which allows you to direct connect the vSAN ROBO nodes together using a cross-over network cable.

In prior versions of vSAN both vSAN traffic and witness traffic used the same VMkernel port which prevented the ability to use a direct connection as there would be no way to communicate with the witness node (usually back in the primary DC where the vCenter resides). In vSAN 6.5 you now have the ability to separate out vSAN and witness traffic onto separate VMkernel ports which means you can direct connect your vSAN ports together. This is obviously great as you can then stick in a 10GbE NIC and get 10Gb performance for vSAN traffic (and vMotion) without the need of a switch!

vsan_2node_robo

The only minor issue is you need to use the CLI to run some commands to tag a VMkernel port as the designated witness interface. Also the recommended setup would be to use 2 VMkernel ports per traffic flow in order to give you an active/standby configuration.

vsan-2node2nic

It’s also worth noting that the new vSAN Advanced ROBO licenses now allow end-users to deploy all-flash configurations at their ROBO site with the added space efficiency features!

3. vSAN All-Flash now available on all license editions

Yup, the All-Flash Tax has gone! You can now deploy an All-Flash vSAN configuration without having to buy an advanced or enterprise license. However, if you want any of the space saving features such as dedupe, compression and erasure coding then you require at least the Advanced edition.

4. 512e drive support

With larger drives now coming onto the market, there has been a request from customers for 4k drive support. Unfortunately there is still no support for the 4k native devices, however there is now support for 512e devices (so physical sector is 4k, logical sector emulates 512bytes).

More information on 4Kn or 512e support can be found here: https://kb.vmware.com/kb/2091600

5. PowerCLI cmdlets for vSAN

New cmdlets are available for vSAN allowing you to script and automate various vSAN tasks (from enabling vSAN to the deployment and configuration of a vSAN stretched cluster). The most obvious use will be using cmdlets to automatically assign storage policies to multiple VMs.

More info on he cmdlet updates available here: http://blogs.vmware.com/PowerCLI/2016/11/new-release-powercli-6-5-r1.html

6. vSAN storage for Cloud Native Apps (CNA)

Integration with Photon means you can now use a vSAN cluster in a CNA enviroment managed by Photon Controller. In addition, now that vSphere Integrated Containers (VIC) is included with vSphere 6.5, you can now use vSAN as storage for the VIC engine. Finally Docker Volume Driver enables you to create and manage Docker container data volumes on vSAN.

For more information about vSAN 6.5, point your browsers to this great technical website: https://storagehub.vmware.com/#!/vmware-vsan/vmware-vsan-6-5-technical-overview

vSphere/vCenter 6.5 released

So post VMworld, I wrote a long article about what’s new for vSphere 6.5 which I was hoping would be published on SearchVMware.com…. unfortunately I’m still waiting on it to be published, last I heard the article was too long and they were splitting it up into two articles! ¬_¬”

Anyways, whilst I wait for the article to be published, I’ll give a quick summary of things I’ve learnt about the new vSphere/vCenter 6.5 that was released 2 days ago.

  • New HTML5 vSphere Client
  • Fully Integrated vSphere Update Manager and AutoDeploy with vCenter Server Appliance
  • Native High Availability for the vCSA
  • Native backup/restore for vCSA
  • Built-in monitoring web interface for the vCSA
  • Over 2x increase in scale and 3x in performance
  • Easy to migrate from Windows vCenter to vCSA
  • Client Integration Plugin for the vSphere Web Client is no longer required
  • The vCSA deployment installer can be run on Windows, Mac and Linux
  • The installer now supports install, upgrade, migrate and restore
  • vSphere API Explorer
  • VM Encryption / Encrypted vMotion
  • Secure Boot (for ESXi host and VM)
  • VMware Tools 10.1 and 10.0.12 (for older guest OSes that are out of support)
  • Multi-factor authentication with Smartcard or SecurID
  • VMFS-6 (4k drive support in 512e mode – emulating 512 sectors)
  • Automatic Space Reclamation – VAAI UNMAP now automatic and integrated it UI
  • VVOLs 2.0 plus VASA 3.0
  • vSphere HA is now known as vSphere Availability, enhancements to Admission Control
  • HA Orchestrated Restarts (adding in dependencies when HA restarts a VM)
  • Proactive HA (when host components are failing they are put into a quarantine mode)
  • Enhancements to DRS (VM distribution, CPU Over-commit, Network aware)
  • Predictive-DRS if vRealize Operations 6.4 is deployed (forecasted trends will kick off DRS)
  • vSphere Replication enhancements (now 5min RPOs like vSAN)

 

To find out more information, head along to the following:

 

In addition to the GA of vSphere/vCenter 6.5 there were a load of other releases on the same day:

 

I’m still waiting on the launch of vRealize Automation 7.2 and NSX 6.3….. those should be imminent as well!

As always, all downloads are available via the My VMware Portal.

VMworld 2016 Europe – Sessions

After the past 3 years of attending VMworld in Barcelona and packing my schedule full of sessions causing me to run between sessions and grab lunch on the go, I swore to myself that this year I would be more selective with my sessions so that I’m not rushing around like a headless chicken…..

…. Unfortunately I’ve failed in my scheduling prowess….. when the Schedule Builder was released, I pretty much went through the whole content catalog and selected all the interesting sessions I wanted to attend, and basically ended up with another packed out calendar!! >_<”

Dammit… why are there sooo many interesting sessions at VMworld and sooo little time to schedule them all in! I remember watching at least a dozen video replays of sessions I couldn’t attend last year…. I’m now trying to work out whether to attend the sessions in real life or just watch a virtual replay post-VMworld!

Given my hectic schedule…. I wouldn’t be surprised if I end up in the Top 10 yet again in the VMworld attendee game (shame there aren’t any prizes).

I’ve got a packed out PEX day, including trying to fit in my VCP6-DCV Delta exam in the morning….. Best have a quiet Sunday night!

Anyways, if you’re going to VMworld then you’ll find me in these sessions!

Tuesday 18th October:

  • VMware NSX-Deep Dive [NET9152]
  • The Practical Path to NSX [NET8675]
  • What’s New with vSphere [INF8375]
  • Reference Design for SDDC with NSX and vSphere: Part 1 [NET7857R]
  • Reference Design for SDDC with NSX and vSphere: Part 2 [NET7858R]

Wednesday 19th October:

  • Monitoring and Troubleshooting NSX with vRealize Network Insight (Arkin) [NET8241]
  • vSphere Client Roadmap: Host Client, HTML5 Client, and Web Client [INF8172]
  • Operational Best Practices for VMware NSX [NET7865]
  • What’s New with vCenter Server [INF9944]
  • VMware Cloud Foundation Architecture Deep Dive [SDDC8481]

Thursday 20th October:

  • Virtual Volumes Technical Deep Dive [STO7645]
  • Enhanced Disaster Recovery with NSX and Site Recovery Manager [NET7760]
  • Simplifying Disaster Recovery in 2016 using VSAN, NSX and SRM [STO7802]
  • Introducing VMware Cloud Foundation [SDDC8618]

Sessions down for post-VMworld viewing:

  • Software-Defined Storage at VMware Primer [STO7650]
  • Virtual SAN Technical Deep Dive and What’s New [STO8246]
  • Hot Topics in VMware Research [CTO9406]
  • Tech Preview: Enhanced VM Availability Leveraging vCenter and Partner Hardware Integration [INF8020]
  • Discover What’s New in Workspace ONE and AirWatch [EUC3908-C]
  • VSAN Vision: The Future of HCI [STO9424]
  • vSphere Encryption Deep Dive: Technology Preview [INF8856]
  • VMware Cloud Foundation on Public Clouds: A Technical Deep-Dive [INF7849]

It’s strange that Chad Sakac is no longer presenting his session (The Edge is Still Bleeding: A face-melting technical smorgasbord of all things Converged, Hyper-Converged, Cloud Native & Software Defined [SDDC9462-SPO]) – he’s been replaced by Tom O’Reilly….. such a shame as he’s a great presenter! At least Vaughn Stewart is back this year (Best Practices for All-Flash Data Reduction Arrays with VMware vSphere [INF9455-SPO])!

As you can see, my sessions are heavily skewed towards NSX, and that’s because MTI are a VMware NSX Focus Partner in UK and I’m always after more material to use within my NSX presentation decks. Not to mention that NSX is a focused product from VMware this year (how many times have I said that now in my blogs?)….

Roll on VMworld 2016!

VMworld 2016 US – Day 2 General Session Overview

One of the issues with working and having a young family is you end up doing a full days work and going home to a baby who wants loads of attention who then doesn’t let you sleep because she’s teething….. Yup, the joys of being a parent…. but I wouldn’t give it up for anything!!

So this blog comes a few days late because I didn’t have much time to finish watching the replay of Tuesday General Session and write a blog due to already mentioned circumstances. =)

Tuesdays’ General Session replay is now available here:

So Monday was all about the transformation of the data centre, making it cloud friendly and able to support workloads wherever they’re deployed (so Any Cloud).

Tuesdays’ session was more around the End Users experience, Any Application on Any Device and I have to admit that I thought Sanjay Poonen’s demo of Workspace ONE was pretty awesome – I’ve not seen a full demo of the products capabilities but I was struck by how much you could do with the suite of products and how integrated it all was – Infrastructure, VDI, Mobile Device Management, Identity Management, Security…… Control yet Choice!!

We’ve all seen the demos of AirWatch integration, how single sign on has been implemented, we’ve seen the demos of Horizon View on tablets, etc…. what I’ve not seen before was how security could be implemented to prevent unauthorised data being published…. like the conditional-access demo of how financial data taken from a spreadsheet in Office 365 was blocked from being copied into Twitter (which was an unmanaged application). What was even more impressive was the NSX integration to use conditional-access policies (ie changes to firewall rules for a particular group of people) to prevent data being presented in a dashboard depending on whether the user is accessing it inside the corporate firewall or externally.

And I was impressed with the VMware Trustpoint demo of endpoint visibility and management, looked very simple to use to implement endpoint security.

Finally, VMware introduced a brand new technology that represents the next phase of their digital workspace vision – VMware Unified Endpoint Management (UEM) – a new architecture that brings app, desktop and mobile management together with next-gen security and identity interwoven throughout, delivering a simpler but more secure digital workspace!

 

Next up was Ray O’Farrell and Kit Colbert to talk about containers…. and how admins can extend management, monitoring and security to containers. It looks like VMware vSphere Integrated Containers will have 2 new features:

  • Admiral – which is a Container Management Portal to allow developers and app teams to manage their repositories and images.
  • Harbor – which is a Container Registry (based on Docker Distribution) which allows developers and app teams to securely store their images including management and access control.

The demo was interesting as it showed the integration between VIC and NSX and how network security can be applied to containers, as well as the integration between VIC and vROps for monitoring of containers. The demo went one step further and showed how vRA was used to automate the deployment of container hosts as well as showing access to the Container Management Portal.

There wasn’t much on Photon Platform that we didn’t already know – VIC allows IT to extend the existing infrastructure to accommodate container-based applications alongside traditional apps, and Photon Platform allows IT to build a complete computing platform solely for containers and cloud-native apps.

 

Next up was the new GM/EVP of Networking and Security to talk about NSX. If I’m honest, I found Rajiv Ramaswami a bit wooden – far different from the charisma of Matin Casado…. which is a shame as the one product everyone should get excited about this year is NSX! I have to agree with Rajiv when he says that “the single greatest infrastructure transformation he has seen” is with Network Virtualisation. Networking is undergoing a huge transformation with vendors and customers looking at transitioning from hardware-centric to software based solutions.

Not much was said about NSX that we didn’t already know….

  • Security – it does Micro-segmentation to allow you to provide fine-grained security to every VM and helps you architect security as an essential part of the data centre
  • Automation – it allows you to automate workload provisioning and cuts down deployment time because network and security can be quickly provisioned in software and attached to VMs (policy-based management)
  • Application Continuity – it enables your applications and data to reside and be accessible anywhere. In addition it can reduce your RTO when integrated into your Disaster Recovery solution.

One thing that was new was the demo of vRealize Network Insight used to create NSX pre-assessment reports. Those of you following the news will know that this has come about from the acquisition of Arkin a few months back. I’ve had a play with the Arkin tool as the VMware NSX SEs in the UK were recommending it as a Network Assessment tool for partners to use when trying to sell NSX (prior to the acquisition and release of vRNI). I really like how it graphs traffic flow and patterns, tracing network traffic between VMs and giving you deeper insight into what goes on inside your virtual environment (ie the East-West traffic flows). The other clever thing is how it is able to carry out flow analytics to provide recommendations for grouping VMs together when planning for micro-segmentation. The only issue is it needs vSphere Distributed Switches!

I quite liked the NSX Planning tool tech preview – how flows can be captured, then analysed and grouped into traffic patterns and security groups. The application map can then be used to create firewall rules based on what the tool discovered. Very clever stuff!

 

 

Finally Yangbing Li talked about Hyper Converged Infrastructure and VSAN. VSAN has come a long way since its launch a few years ago, and I see it as an enterprise-ready storage offering! HCI is a very hot topic this year, customers are now looking at HCI solutions when it comes to new projects or hardware refreshes. Hardware vendors are aware of this and there are so many different types of HCI solutions in the market today! I’ve been involved in a number of discussions with my customers around HCI and EMC/VCE VxRail in particular!

A couple of new features were introduced during the VSAN demo: software-based Encryption and Analytics. The VSAN demo with vRA showed how the performance analytics engine could pro-actively inform users that a VM should be migrated from a VSAN hybrid cluster to an all-flash cluster, and through changing the storage policy in vRA the VM was automatically migrated (in the demos case, the VM was migrated to a public cloud!). What this also underlined was how NSX was also involved in moving the network and security policies as the VM was migrated to the public cloud (although you didn’t see it in the demo). So not only did the demo show the analytics engine working, it also showed how the VMware Cloud Foundation platform could be used.

 

I don’t know if it’s just me, but it seems that everything mentioned during the two keynote sessions always reverted back to network and security, it felt that NSX was underpinning everything (Cross-Cloud Services, Workspace ONE, containers, etc). VMware are putting a lot of emphasis on Cross-Cloud capabilities and how data management and governance will play a key part of cloud consumption. I guess the VMware vision of Any Device, Any Application, Any Cloud really does require something that can govern where data sits and how it’s being consumed!

VMworld 2016 US – Day 1 General Session Overview

So the replay of yesterdays Day 1 General Session is now online:

The biggest announcement is the tech preview of Cross-Cloud Architecture. This is obviously VMware’s next step in their “Any Cloud, Any Application, Any Device” vision.

According to VMware:
“This architecture extends VMware’s hybrid cloud strategy, enabling customers to run, manage, connect and secure their applications across clouds and devices in a common operating environment. VMware Cross-Cloud Architecture is delivered through VMware Cloud Foundation, a new set of Cross-Cloud Services VMware is developing, and VMware vRealize Cloud Management Platform.”

This new architecture gives customers a set of tools to manage their virtual estate both on-premise and off-premise across multiple clouds – a single pane of glass to manage VMs on the likes of AWS, Azure, Google, as well as vSphere clouds.

Most customers already utilise multiple clouds (unbeknownst to IT) and this new architecture will enable IT to resume control of what is out in the cloud – allowing network and security policies to be applied to workloads being deployed in the cloud. In addition to allowing migration between clouds!

Much like how vSphere ESXi was used to allow you to span multiple server hardware vendors (HP, Dell, IBM), and how NSX allows you to span multiple network hardware vendors (Cisco, Arista, Brocade), VMware Cross-Cloud Services will offer a common platform to overlay your cloud vendors to offer you the ability to deploy your applications across clouds without having to mess around with the underlying cloud services (which are inherently different depending on cloud vendor)!

VMware Cross-Cloud Services will centralize management, operations, networking, security and data management.

Cross-CloudServices

It looks like the common Network & Security piece will be handled by NSX – which will include a forthcoming feature called Distributed Network Encryption (DNE).

The Management and Visibility piece will be SaaS based (a cloud service) and allows you to connect your existing public cloud accounts to ingest those workloads into the management platform, it will then show you cost and utilisation across your clouds and allow you to deploy applications across clouds.

The other major announcement was the new VMware Cloud Foundation offering which basically bundles vSphere, VSAN and NSX into a single, fully integrated, SDDC stack that can be provisioned on premise or be run as a service in the cloud.

To quote VMware:
“VMware Cloud Foundation is a next-generation hyper-converged infrastructure for building private clouds that for the first time combines VMware’s highly scalable hyper-converged software (VMware vSphere and VMware Virtual SAN) with the world’s leading network virtualization platform, NSX. Cloud Foundation provides a consistent multi-cloud IaaS that is simple to deploy, operate, and maintain, and gives applications a consistent, scalable and highly available infrastructure services, regardless of where they run”

“The goal of Cloud Foundation is to be able to provision cloud infrastructure like you provision VMs.”

CloudFoundation

In addition to this announcement was the partnership with IBM Cloud to offer VMware Cloud Foundation as a service.

The key to the Cloud Foundation is the SDDC Manager which will be the tool for IT admins to build and maintain their cloud (making use of a lot automation policies to build the cloud and deploy workloads)

Other announcements include vCloud Availability for vCloud Director, which enables customers to leverage the vCloud Air Network ecosystem (ie VMware Partner cloud solutions) for simple, automated disaster recovery as a service (DRaaS) – much like the offering from vCloud Air DR.

VMware vCloud Air Hybrid Cloud Manager has added several major enhancements, including zero-downtime, bi-directional application migrations in and out of vCloud Air. This includes the migration of NSX security policies, providing simple migration of workloads to vCloud Air with no need for any network or security reconfiguration once the migration completes.

 

It seems that the main takeaway from yesterdays general session was that now it’s time to take back control of your cloud.

VMware VSAN & NSX vExperts 2016 Announced

Proud to say that I’ve been chosen as a VSAN vExpert for 2016…. Honoured to have my name amongst some highly rated peers who were chosen out of the large pool of current vExperts!

I didn’t really set out to become a subject matter expert, but when VMware announced they were going to create 2 new subject tracks this year (NSX & VSAN), I thought I’d stick my name into the hat….. =)

Didn’t quite get there for the NSX track, only because I hadn’t really blogged about NSX much – which is funny considering my company is actually one of 5 focused NSX partners in UK&I…. =)

Anyways, congrats to everyone who was chosen to become a VSAN or NSX vExpert!

https://blogs.vmware.com/virtualblocks/2016/08/18/announcing-vsan-vexperts/

http://blogs.vmware.com/vmtn/2016/08/vexpert-nsx-2016-award-announcement.html

 

Roll on VMworld!! =)