Embed Size (px)
Citation preview
NL VMUG UserCon – 16 March 2017
What’s New With vSphere 6.5Rob Groenhuis & Jennifer van der Boon
VMware Netherlands BV
Agenda
Overview
vCenter Server 6.5
vSphere 6.5: Availability - Security - Scalability
vSphere 6.5: Compute - Storage - Network
Summary
Next Steps
4
Virtualization Market Leader
Pat Gelsinger CEO• vSphere Is Still Very Important
• Grow VMware
• Focus On Quality
Leading in Gartner’s Magic Quadrant for x86 Server Virtualization
Overview
5
Compute & Management SKUs per CPU
ENT+vSphere
ENT+
vROps STD
STD
vSphereSTD ENT+
vCloud Suite = vSphere ENT+ for VCS & vRealize SuiteSTD ADV ENT
vSOMENT+
vCenter Server
vSphere ENT+ for vCS
vROps ADV: SDDC monitoring for hybrid
clouds
vRBC STD: Cloud Compare, Costing
Log Analysis
vRA ADV: Infra Automation
vRA ENT: Infra Automation
vRA ENT: App Automation
vROps ADV: SDDC monitoring for hybrid
clouds
vROps ADV: SDDC monitoring for hybrid
clouds
vROPs: App Monitoring
vRBC ADV: Cloud Planning, Costing
Log Analysis
vRBC ADV: Cloud Planning, Costing
Log Analysis
vSphere ENT+ for vCS vSphere ENT+ for vCS
vSp
her
e Es
sen
tial
s /
Esse
nti
als
Plu
s
vSp
her
e fo
r R
emo
te O
ffic
e B
ran
ch O
ffic
e
6
What about vSphere Enterprise?
• Versions 6.0 and 6.5 are treated as 6.x
• Existing customers can keep using it until End of General Support March 2020
• Upgrade promo to Enterprise Plus with 50% discount extended to June 29, 2017
• Extra functionality
• Extended functionality
• More control over resources
End of Availability since June 30, 2016
vMotion (XvC, LD) Fault Tolerance (4P)
Storage DRS
Storage I/O Control
Network I/O Control
SR-IOV
Flash Read Cache
NVIDIA GRID vGPU
Distributed Switch Auto Deploy Host Profiles
7
Overview vSphere 6.5
Scalability
vSphere 6.5
Security
• Native vCenterAvailabilty
• HA Admission Control
• Predictive DRS
Availability
NetworkStorage
• Nested ESXiEnhancements
Compute
vCenter Server & vRealize Operations
• Actionable Logging
• VM Encryption
• Encrypted vMotion
• Secure Boot
• 512 Storage Devices & 2000 Paths
• 25k VMs per vCenterServer
• VMFS 6
• SIOC + SPBM
• Virtual SAN 6.5
• Virtual HW 13
• 6 TB RAM VMs
8
vCenter Appliance as “First Choice”2015 +
Metric Windows Appliance
Hosts per VC 1k ✔
Powered on VMs per VC 25k ✔
Hosts per cluster 64 ✔
VMs per cluster 8k ✔
Linked Mode 10 ✔
Overview
• Deliver complete lifecycle management for vCenterServer Appliance
• Support “Enterprise-ready” scale, high availability and backup
• Provide comprehensive appliance management and monitoring
Benefits
• Simpler, Faster, Reduced TCO
Tools
• Supported Windows VCSA Migration Tool
• 5.5 or 6.0 6.5
• 5.5 6.0 (6.0U2m)
X
vCenter 6.5
9
DB and File Replication
Witness(Passive)
vCenter(Passive)
Private IP
vCenter(Active)
Private IP
Public IP
Native vCSA High Availability
• VCSA only• RTO of less than 5 minutes
• Supports both external and embedded PSC
• Active / Passive with Witness
• Required network configuration• eth0 – public network
• eth1 – private network (added during configuration)
• Automatic failover (Web Client may require re-login)
10
vCSA with integrated Update Manager
vCenter Server6.0 or 6.5
on Windows
UpdateManager
on Windows
VCSA 6.5 withIntegrated VUM
Additional Windows VM for VUM
Extra configuration & DB dependency
Sizing and latency considerations
No inherent backup or failover
Integrated and enabled by default
Zero setup; embedded DB
Scalable and low impact on resources
Leverages VCSA HA and backup
MigrationSupport!
11
vCSA Monitoring
• New vCenter Server Appliance Management Interface
• Built in monitoring : Network, CPU, and Memory
• Visibility to vPostgres DB
• Remote syslog configuration
• vMon: enhanced watchdog functionality
12
Native vCSA Backup & Restore
• Removes dependency on 3rd party backup solutions
• Restore vCenter Server instance to a brand new appliance
• Supports backup/restore of VCSA & PSC appliances
• Includes embedded and external deployments
• Supported Protocols include HTTP/S, SCP, FTP/S
• Option for Encryption
13
Operational Performance & Resiliency
GUI for Image Builder, Deploy Rules
Interactive deployment of new hosts
Post-boot scripts for advanced configs
UEFI and IPv6 support
Scalability improvements - 300+ hosts
VCSA HA & backup support
Round robin reverse proxy caching
Backup and restore state with PowerCLI
Auto Deploy Enhancements
14
Host Profiles Enhancements
Manageability Operational
Editor enhancements: filter & favorites
Bulk edit host customizations (CSV)
Copy settings between profiles
Streamlined remediation wizard
Pre-check proposed changes
Detailed compliance results
DRS integration - rolling remediation
Parallel remediation
15
vSphere Management Interfaces
vSphere Web Client
The primary management UI for vCenter Server which is based on Adobe Flex.
vSphere Client
The future successor of the vSphere Web Client and based on HTML5. Available as a Fling and partial functionality with the 6.5 release.
Appliance Management UI
Contains basic health information along with the ability to reboot, shutdown, and collect support bundles. Accessed via port 5480.
PSC UI
Allows for basic SSO configuration as well as certificate management. Available only on embedded or external PSC nodes.
Host Client
A robust interface for managing ESXi hosts directly through a web browser. Replaces the C# client for host management.
16
Transforming vCenter APIs & API ExplorerDeveloper and Automation friendly API and interfaces that simplify automation and development
REST API
vCenterServer
SDKsAutomation
ToolingREST
based toolsDocs
17
Simplified HA Admission Control
• Choose host failures to tolerate (FTT) and we do the rest
• Based on % of cluster resources reserved
• Automatic calculations
• Overrides possible
• Issue warning in case of possible VM performance degradation after host failure
Availability
18
HA VM Restart Priorities• VM Restart priorities determine the order
resources are allocated in the cluster post-failure
• Additional Restart Priorities added• Highest
• High
• Medium
• Low
• Lowest
• Additional priorities provide greater control to restart order
• Admission Control can prevent lower priority VMs from restarting
Highest Priority
High Priority
Medium Priority
Low Priority
Lowest Priority
VM VM VMVM VM VMVM
VM VM VM VM VM VMVM
VM VM VMVM VM VMVM
VM VM VMVM VM VMVM
VM VMVM VM VMVM
19
vSphere HA Orchestrated Restart
• Enforce VM to VM dependency chains • Great for multi-tier applications that require VMs to restart in a
particular order
• Improved application recoverability
• Database < App < Web
• Validation checks• Detects circular dependency rules
• Within and outside priority group
DB APP WEB
1 2 3DB WEB
1 3
APP
2
20
Proactive HA & Quarantine Mode
• Detect hardware conditions of host components by receiving alerts from hardware vendor monitoring solution
• Dell Openmanage
• HP Insight Manager
• Cisco UCS Manager
• Notifications of host impacted, its current state, error causes, severity and physical remediation steps
• vMotion VMs from partially degraded hosts
• Configurable based on type of failure
Healthy
Moderate degradation
Severe degradation
21
Network-Aware DRS
• Adds network bandwidth considerations by calculating host network saturation (Tx & Rx of connected physical uplinks)
• Avoids a over-subscribing a host network links, although not guaranteed. Best effort approach. CPU & MEM performance is still priorities over network
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
Host 1 Host 2 Host 3 Host 4
Host Utilization
CPU Memory Network
22
Predictive DRS• Tight integration between vSphere 6.5 DRS and vROps 6.4+
• Resource utilization trends are observed by vRealize Operations Manager and sent to vSphere DRS
• Predicted demand of workloads is incorporated into vSphere DRS algorithms• vSphere DRS moves, initial placement and load balancing
• Current VM demands are honored before future demands are satisfied
Predicted spike: prepareProactive remediation complete
Observed
Predicted
Observed spike: react!
Remediation complete
time
resource demand
23
Actionable LoggingWho, What, When, How
Security
24
VM Encryption
ESXi
vCenter
3rd PartyKey Management Server
vSphere
VM Encryption
Tenant VM Key
VM1VM2
✔✔
No Cryptography AdministratorsAll permissions, but- No encrypt- No decrypt
And others …
Customer provided tenant VM keyProtected by customer’s key management server
ESXi generated internal encryption key
VM Data
Protected by a customer provided encryption key
Protected by an ESXi generated internal key that is encrypted by
the KMS key
Security Adminwill manageyour KMS and keys
25
Encrypted vMotion for ALL VMs!Virtual Machine vMotion data encrypted/decrypted (NOT vMotion Network!)
Disabled
• Do not use encrypted vMotion
Opportunistic
• Use encrypted vMotion if source and destination hosts support it
Required
• Allow only encrypted vMotion• If the source or destination host does not support
encrypted vMotion, migration with vMotion fails
26
Host UEFI Secure Boot & VM EFI Secure Boot Avoid tampering with ESXi and VM startup code
UEFI Firmware
Boot Loading Components
VMkernel
Secure Boot Verifier
ESXi RunningHostd/DCUI/etc
Hardware
✔
27
Scalability
• 512 Storage Devices & 2000 Paths• Previously 256 & 1024
• vCenter Enhancements• The Appliance equals the
Windows based vCenter
Metric Windows Appliance
Hosts per VC 1k ✔
Powered on VMs per VC 25k ✔
Hosts per cluster 64 ✔
VMs per cluster 8k ✔
Linked Mode 10 ✔
Scalability
28
Compute
vHW 136 TB memory per VM
Compute
29
VMFS 6
• Support for Advanced Format (AF) 4K drives in 512e mode
• Small-file and large-file block sizes
• Shared resource pool locks
• SEsparse (Space Efficient) as default snapshot format
• Automatic Space Reclamation - VAAI UNMAP
Storage
30
Automatic UNMAP For Space Reclamation
vSphere
Shared Storage
Delete 1 TB File from the
VM
10 TB VMDK
1 TB File
1 TB Space
VMDK Space
Delete VM
Automatic Space Reclaimed
• Automatic UNMAP does not require any manual intervention or scripts
• Space reclamation happens in the background
• CLI based UNMAP continues to be supported
• Storage I/O impact due to automatic UNMAP is minimal
• Supported in vSphere 6.5 with new VMFS 6 datastores
31
VMFS 5 to VMFS 6
• Create VMFS 6 Datastore
• Storage vMotion
VMFS 5 VMFS 6
VMFS 5 VMFS 6
32
• Managed using a policy via Storage Policy Based Management (SPBM)
• Storage IO limits are enforced using IO Filters (VAIO)
Storage I/O Control + Storage PBM
33
SPBM for Virtual Volumes Replication
Replicated
Legacy Datastore Centric Model
Replicated Non-Replicated
Storage Container
Policy-Drive VM Centric Model with VVols
Replication Group A Replication Group B
Overview
• Replicate Virtual Machines by applying suitable storage policies to the VM
• Replication automation exposed via public API and PowerCLI
Benefits
• Protect important workloads with data replication
• Access the full replication capabilities of the storage array such as RPO, RTO, consistency features etc. at a Virtual Volume level
• SPBM provides a common layer for provisioning, no vendor orchestration of configuration required for VMs
34
vSAN Powered By vSphere
35
vSphere
vSAN
CapacityCache
…
vSAN Datastore
35What is vSAN?
CapacityCache CapacityCache
Runs on any standard x86 server
Pools HDD/SSD into a shared datastore
Enterprise-grade scale and performance
Managed through per-VM storage policies
Deeply integrated with the VMware stack
35
Accelerating Innovation
VSAN 5.5March 2014
VSAN 6.0March 2015
All Flash64 Node ClusterX2 Hybrid PerformanceVSAN SnapshotsVSAN ClonesRack Awareness
VSAN 6.2March 2016
VSAN 6.1September 2015
Stretched ClusterReplication - 5 Min RPORoot Cause AnalysisHealth Monitoring
DeduplicationCompressionErasure Coding (RAID 5/6)Quality of Service Performance & Capacity Monitoring
VSAN 6.5November 2016
All-flash within every editionISCSi targetsROBO Direct ConnectSupport for CNA
36
vSAN 6.5: iSCSI Support Support Physical Servers Through iSCSI
iSCSI Target
Overview
• vSAN iSCSI Target Service enables Block Storage!
Support for Oracle RAC with shared storage
Storage for physical workloads
• Max LUN size of 62TB
• Provides all core vSAN functionality for the iSCSI target
Dedupe and Compression, RAID-1, RAID-5, RAID-6
Benefits
• Storage for physical workloads
vSAN Datastore
iSCSI Initiator iSCSI Initiator
Network
37
vSAN 6.5: ROBO 2-Node Direct ConnectAbility to Directly Connect Two Hosts in a Remote Office with Crossover Cables for a Very Low-Cost Deployment
1.5Mbps500ms RTTL3
Crossover Cable(s)vmknic2 – vSAN trafficVmknic3 – vSAN traffic (optional)
vmknic0 - managementvmknic1 - Witness Traffic
Overview
• Connect the two nodes in a remote/branch office directly using crossover cables
• 10Gbps is preferred
• Separate the vSAN data traffic from witness traffic by configuring separate vmknics
Benefits
• Very low cost two-node solution for ROBO (no need for routers or switches)
witness
38
vSAN Licensing Changes
39
vSAN Beta: Encryption for Data-at-Rest Protecting Sensitive Data Residing on Virtual SAN
…
vSphere + Virtual SAN
Overview
• End-to-end software encryption for data-at-rest
• Integration with major central key management technologies like SafeNet that are KMIP compliant
• Plan to be FIPS 140-2 Level 1 compliant; AES 256
• Integrate with deduplication, compression, and other data services. (Sequence: Checksum→Deduplication→Compression→Encryption)
Benefits
• Enterprise-class security
• Protection against security threats
• Safely transfer drives to other facilities
40
vSAN Beta: Local Failure ProtectionProtect Stretched Clusters Against Failures of Hosts or Disk Groups
Overview
• Provide failure protection for local hosts / disk groups
• RAID1 of RAID5/RAID6/RAID1 support on All-Flash configurations
• RAID1 of RAID1 support on hybrid configurations
Benefits
• In case of a site failure, local availability would be sustained within the surviving site
vSphere +Virtual SAN
5ms RTT, 10GbE
witness
100Mbps200ms RTTL3
100Mbps200ms RTT
L3
RAID1
RAID5 RAID5
41
Nested ESXi Enhancements
Before vSphere 6.5 • Only a single unicast MAC address per vNIC port.
• For Nested ESXi, promiscuous mode needed
• All external traffic was being forwarded.
• High CPU usage, low network throughput.
With vSphere 6.5:• Provides new MAC learning capability for the outer vSwitch
forwards only required packets
• Significant performance improvement in Nested ESXi environment.
Networking
42
vSphere Makes Security Easy to Manage
DisasterRecovery
SecurityAssurance
Policy-based Infrastructure Governance
Encryption
*&*%*^$]+(
Network Security Services
Infrastructure Provided Security Services
43
vRealize NSX vSAN Horizon
vSphere
Universal App Platform
Apps
APP APP APP APP APP APP APP APP APPAPP APP APP APP
And Many More
...
Business Critical Apps Desktop Virtualization Big Data Cloud Native Apps3D Graphics Deep Learning w/ GPUTest / Dev / Tier 2/3
44
vSphere Integrated Containers (VIC)Enabling the Best of Both Worlds
Docker compatible interface Full enterprise-grade power ofthe Software-Defined Data Center
45
vSphere Integrated Containers Framework
•Enterprise Registry for securely storing containers images
•Role-based Access Control
• Image replication
Harbor: Container Registry
•Docker remote API-compatible engine
• Instantiates container images in VMs
•Deeply integrated into vSphereContainer Engine
•Container repositories
•Hosts
• Images
•Running container instances
Admiral: Container Management
Portal
46
Linux
Container Engine
CCC
VM
Linux Kernel
Linux Kernel
Linux Kernel
vSphere
Virtual Container Host
vSphere Integrated Containers Engine
47
Full Visibility Proven Security Mature Ecosystem
vSphere
Linux Kernel
Linux Kernel
Linux Kernel
CCC
VM
Virtual Container Host
Portable
Fast
Light
Security
Visibility
Management
48
Summary vSphere 6.5
• Automation & management at scale
• Simplified architecture
• Streamlined Operations
• Improved User Experience
• Secure Data
• Secure Infrastructure
• Secure Access
• Scale and performance to meet the demands of new applications
• Containerized Workloads
• Foundation of SDDC and VMware cloud strategy
Dramatically Simplified Experience
ComprehensiveBuilt-in Security
Universal App Platform
Make IT more efficient Secure the data center Run any app, anywhere
49
• Product Info & 60-Days Eval: http://www.vmware.com/products/vsphere
• Hands-On Labs (HOL-1710-SDC-6 - What's New: vSphere 6.5): http://labs.hol.vmware.com
• VCA - VCP - VCAP - VCIX - VCDX Certification
Next Steps
50
VMware Authorized Training Centers
51
Data Center Virtualization Certifications
52
Other tracks: Desktop - Cloud - Network
Remember to recertify every 2 years! (any track)
VMware R&DAsk your questions on the R&D booth!
Especially for these solutions:
• Container Management with Project Admiral
• vRealize Automation
• vRealize Orchestrator
• Other questions are also welcome!
53
54
