vSphere 7 is not only about server virtualization (Virtual Machines) but also about Containers orchestrated by Kubernetes orchestration engine. VMware Kubernetes distribution and the broader platform for modern applications, also known as CNA - Cloud Native Applications or Developer Ready Infrastructure) is called VMware Tanzu. Let's start with enhancements in this area and continue with more traditional areas like Operational, Scalability, and Security improvements.
Developer Ready Infrastructure
vSphere with Tanzu - Integrated LoadBalancer
Update 2 includes fully supported, integrated, highly available,
enterprise-ready Load Balancer for Tanzu Kubernetes Grid Control Plane
and Kubernetes Services of type Load Balancer - NSX Advanced Load
Balancer Essentials (Formerly Avi Load Balancer). NSX Advanced Load
Balancer Essentials is scale out load balancer. The data path for users
accessing the VIPs is through a set of Service Engines that
automatically scale out as workloads increase.
Sphere with Tanzu - Private Registry Support
you are using a container registry with self-signed, or private CA
signed certs – this allows them to be used with TKG clusters.
Sphere with Tanzu - Advanced security for container-based workloads in vSphere with Tanzu on AMD
customers interested in running containers with as much security in
place as possible, Confidential Containers provides full and complete
register and memory isolation and encryption from Pod to Pod and
Hypervisor to Pod.
- Builds on vSphere’s industry-leading, easy-to-enable support for AMD SEV-ES data protections on 2nd & 3rd generation AMD EPYC CPUs
- Each Pod is uniquely encrypted to protect applications and data in use within CPU and memory
- Enabled with standard Kubernetes YAML annotation
Artificial Intelligence & Machine Learning
and NVIDIA. The new Ampere family of NVIDIA GPUs is supported on
vSphere 7U2. This is part of a bigger effort between the two companies
to build a full stack AI/ML offering for customers.
- Support for new NVIDIA Ampere family of GPUs
the new Ampere family of GPUs, the A100 GPU is the new high-end
offering. Previously the high-end GPU was the V100 – the A100 is about
double the performance of the V100.
- Multi-Instance GPU (MIG) improves physical isolation between VMs & workloads
- You can think of MIG as spatial separation as opposed to the older form of vGPU which did time-slicing to separate one VM from another on the GPU. MIG is used through a familiar vGPU profile assigned to the VM. You enable MIG at the vSphere host level firstly using one simple command "nvidia-smi mig enable -I 0". This requires SR-IOV to be switched on in the BIOS (via the iDRAC on a Dell server, for example).
- Performance enhancements with GPUdirect & Address Translation Service in the hypervisor
VMware vSphere Lifecycle Manager - support for Tanzu & NSX-T
- vSphere Lifecycle Manager now handles vSphere with Tanzu “supervisor” cluster lifecycle operations
- Uses declarative model for host management
VMware vSphere Lifecycle Manager Desired Image Seeding
|Extract an image from an existing host|
Suspend to Memory introduces a new option to help reduce the overall ESXi host upgrade time.
- Depends on Quick Boot
- New option to suspend the VM state to memory during upgrades
- Options defined in the Host Remediation Settings
- Adds flexibility andreduces upgrade time
Availability & Efficiency
vSphere HA support for Persistent Memory Workloads
- Use vSphere HA to automatically restart workloads with PMEM
- Admission Control ensures NVDIMM failover capacity
- Can be enabled with VM Hardware 19
Note: By default, vSphere HA will not attempt to restart a virtual machine using NVDIMM on another host. Allowing HA on host failure to failover the virtual machine, will restart the virtual machine on another host with a new, empty NVDIMM
VMware vMotion Auto Scale
vSphere 7 U2 automatically tunes vMotion to the available network bandwidth for faster live-migrations for faster outage avoidance and less time spent on maintenance.
- Faster live migration on 25, 40, and 100 GbE networks means faster outage avoidance and less time spent on maintenance
- One vMotion stream capable of processing 15 Gbps+
- vMotion automatically scales the number of streams to the available bandwidth
- No more manual tuning to get the most from your network
|VMware vMotion Auto Scale|
As customers trust in AMD increases, so is the performance of ESXi on modern AMD processors.
- Optimized scheduler for AMD EPYC architecture
- Better load balancing and cache locality
- Enormous performance gains
Reduced I/O Jitter for Latency-sensitive Workloads
Under the hood vSphere kernel improvements in vSphere 7U2 allow for significantly improved I/O latency for virtual Telco 5G Radio Access Networks (vRAN) deployments.
- Eliminate Jitter for Telco 5G Deployments
- Significantly Improve I/O Latency
- Reduce NIC Passthrough Interrupts
Security & Compliance
ESXi Key Persistence
ESXi Key Persistence helps eliminate dependency loops and creates options for encryption without the traditional infrastructure. It’s the ability to use a Trusted Platform Module, or TPM, on a host to store secrets. A TPM is a secure enclave for a server, and we strongly recommend customers install them in all of their servers because they’re an inexpensive way to get a lot of advanced security.
- Helps EliminateDependencies
- Enabled viaHardware TPM
- EncryptionWithoutvCenter Server
VMware vSphere Native Key Provider
vSphere Native Key Provider puts data-at-rest protections in reach for all customers.
- Easily enable vSAN Encryption, VM Encryption, and vTPM
- Key provider integrated in vCenter Server & clustered ESXi hosts
- Works with ESXi Key Persistence to eliminate dependencies
- Adds flexible and easy-to-use options for advanced data-at-rest security
VMware Tools and Guest OS
Virtual Trusted Platform Module (vTPM) support on Linux & Windows
- Easily enable in-guest security requiring TPM support
- vTPM available for modern versions of Microsoft Windows and select Linux distributions
- Does not require physical TPM
- Requires VM Encryption, easy with Native Key Provider!
VMware Tools Guest Content Distribution
Guest store enables the customers to distribute various types of content to the VMs, like an internal CDN system.
- Distribute content “like an internal CDN”
- Granular control over participation
- Flexibility tochoose content
VMware Time Provider Plugin for Precision Time on Windows
With the introduction of new plugin: vmwTimeProvider shipped with VMware Tools, guests can synchronize directly with hosts over a low-jitter channel.
- VMware Tools plugin to synchronize guest clocks with Windows Time Service
- Added via custom install option in VMware Tools
- Precision Clock device available in VM Hardware 18+
- Supported on Windows 10 and Windows Server 2016+
- High quality alternative to traditional time sources like NTP or Active Directory
vSphere 7 Update 2 is nice evolution of vSphere platform. If you ask me what is the most interesting feature in this release, I would probably answer VMware vSphere Native Key Provider, because it has a positive impact on manageability and simplification of overall architecture. The second one is VMware vMotion Auto Scale, which reduces operational time during ESXi maintenace operations in environments with 25+ Gb NICs already adopted.
Post a Comment