VMworld 2016 US – Key Announcements From Day 2

A quick summary of this morning’s key note speech at VMworld 2’016 US and few annoucements.

Opening Keynote Speech

The morning keynote speech was hosted by Sunjay Poonan (@Spoonan), who heads up the EUC BU within VMware. Sunjay’s speech was pretty much in line with the general VMware focus areas, mentioned yesterdays key note by Pat Gelsinger which is a complete solution that enable customers of todays enterprises & corporates the ability to use any device, any app & any cloud platform as they see fit without having to worry about workload mobility, cross platform management and monitoring.

While yesterdays session was more focused on the server side of things, Sunjay’s message today was focused on the End User Computing side of things, predictably to a bigger degree. The initial messaging was around the VMware Workspace One suite.

Workspace One suite with VMware identity manager appears to be focusing more and more on the following 3 key areas which are key to todays enterprise IT.

  • Apps and identity
  • Desktop & Mobile
  • Management & Security

Workspace one integration with mobile devices to push out corporate apps on mobile devices similar to Apple app store like interface was demoed which emphasize the slick capabilities of the solution which really appears to be ready for primetime now. He also demoed the conditional access capabilities wihtin the Horizon Workspace suite that prevents data sharing between managed and unmanaged apps. The conditional access can also be extended out to NSX to utilise micro segmentation hand in hand to provide even tighter security which is quite handy.

Stephanie Buscemi – EVP of Salesforce came on stage to talk about how they use VMware Wotrkspace suite to empower their sales people to work on the go which was pretty cool I thought, though there was a little marketing undertone to the whole pitch.

  • My take: Personally I dont cover EUC offerings that much myself though I have a good awareness of their Digital Workspace strategy and have also had hands on design and experience with the Horizon View from back in the days. However I can see the EUC offering from VMware getting better and better every day over the last 5 odd years and dare I say, right now, its one of the best solutions out there for most customers if not the best, given its feature set and the integration to other VMware and non VMware compoenents in the back end data center and Cloud. If you are looking at any EUC solutions, this should be on top of your list to investigate / evaluate.

Endpoint Security

VMware TrustPoint powered by Tanium was showcased and its integration with AirWatch to provide a mobile device management solution togewther with a comprehensive security solution that can track devices and their activities real time (no database-full of old device activity info) and apply security controls real time too. This looked a very attractive proposition given the security concerns of the todays enterprise and I can see where this would add value, provided that the costs stack up.

Free VMware Fusion and Workstation license annouicement

VMware also annouced today thye availability of VMware Fusion and Workstation free liceses to all VMworld attendees through the VMworld 2016 app (already claimed mine) – pretty cool huh?

Cloud Native Applications

Kit Colbert, Cloud Native CTO at VMware spoke about the challenges of using the containerised apps in the enterprise environments which currently lacks a comprehensive management solution. Having been looking at containerisation myself and its practical use for majority of ordinary customers, I can relate to that too myself, especially when you compare managing applications based on containers like Docker to legacy appications that run on a dedicated OSE (Windows, Linux…etc) which can be managed, tracked and monitored with session & data persistence that is lacking in a container instance to a level withouth 3rd party components.

Today, couple of new additional features have been annouced on VIC as folows (If you are new to VIC, refer to my intro blog post here)

  • New: Container registry
  • New: Container management portal

1

vSphere Integrated Containers beta programme is also now available if you want to have a look at http://learn.vmware.com/vicbeta

 

VMware Integrated OpenStack (VIO)

Also, VIO 3.0 was oifficially annouced today by Kit. I was privy to this information beforehand due to a vExpert only briefing for the same but was not able to disclose anything due to embargo until now.

VIO is a VMware customised distro of OpenStack and the below slide should give you an intro for those of you who aren’t familer with VIO all that well.

VIO1

Running native OpenStack is a bit of a nightmare as it requires lots of skills and resources which restricts its proper production use to large scale organisations with plenty of technical expertise and resources. Based on my experience, lots of customers that I know who’ve initially started out with ambitious (vanila) OpenStack projects have decided to abandon half way through due to complexity…etc. to switch back to vSphere. VIO attempts to solve this somewhat to help customers run OpenStack with a VMware flavour to make things easier for mass customer adoptoin.

The annoucements for VIO was the release of the VIO 3.0 which has the following key features / improvements

  • Mitaka Based
    • VIO 3.0 distribution is now based on the latest OpenStack release (Mitaka)
    • Leverage the latest features and enhancement of the Mitaka Release
      • Improved day-to-day experience for cloud admins and administrators.
      • Simplified configuration for Nova compute service.
      • Streamlined Keystone identity service is now a one-step process for setting up the identity management features of a cloud network.
      • Keystone now supports multi-backend allowing local authentication and AD accounts simultaneously.
      • Heat’s convergence engine optimized to handle larger loads and more complex actions for horizontal scaling for improved performance for stateless mode.
      • Enhanced OpenStack Client provides a consistent set of calls for creating resources no longer requiring the need to learn the intricacies of each service API.
      • Support for software development kits (SDKs) in various languages.
        –New “give me a network,” feature capable of creating a network, attaching a server to it, assigning an IP to that server, and making the network accessible, in a single action
  • Compact VIO control pane
    • VIO management control plane has been optimized and architected to run in a compact architecture   VIO
      • Reduces infrastructure and costs required to run an OpenStack Cloud
      • Ideal for multiple small deployments
      • Attractive in relaxed SLA scenarios
      • Database backed up in real time: No data loss
    • Slimmer HA architecture
      • VIO0
      • educed footprint on management cluster
      • Full HA: No service downtime
      • Database replication: No data loss
      • 6000+ VMs
      • 200+ Hypervisors
  • Import existing vSphere workloads
    • Existing vSphere VMs can be imported and managed via VIO OpenStack APIs
      • Quickly import vSphere VMs into VIO
      • Start managing vSphere VMs through standard OpenStack APIs
    • Quickly start consuming existing VMs through OpenStack

 

Nike CTO who’s a VIo customer came on stage to discuss how Nike deployed a large greenfield OpenStack deployment using VMware Integrated OpenStack (VIO) and an EUC solution at all Nike outlets / shops using Airwatch which was a good testement for customer confidence though it did have a little markletting undertone to it all.

 

NSX

the head of the NSX business unit within VMware highlighted the key advancements NSX have made and the 400% YoY growth of adoption from fee paying customers deploying NSX to benefit from Micro segmentation (through the distributed firewall capability) and automation and orchestration. NSX roadmap extends far beyond what you can imagine as its current usecases and its sufficient to say that NSX will play a being part as an enabler for customers to freely move their workloads from onbe place (i.e. On premise) to a Public cloud (i.e. AWS) through the dynamic extension of L2 adjacency and other LAN services, transforming the WAN in to an extended LAN.

To this effect, VMware also announced the availability of a free NSX Pre-Assessment which is now intended to enable customers to employ the Assess -> Plan -> Enforce -> Monitor approcah to NSX adoption.

 

VSAN

Yanbing Li, whos the VSAN business unit head came on stage and discussed the hugh demand from customers in VSAN which currently stands over 5000 fee paying customers using VSAN in production as the preferred storage for vSphere. The following roadmap items were also mentioned for VSAN

  • VSAN is the default supported storage platform for VIO and Photon.
  • Intelligent performance analytics & policies in VSAN for proactive management
  • Fully integreated software defined encryption for VSAN

There are couple of other new features coming out soon which I am fully aware of but were not annouced during VMworld 2016 US so im guressing they’ll be annouced during the Barcelona event? (I cannot disclose until then of course :-))

All in all, not a large number of new product or feature accouncements on day 2. But the key message is NSX & VSAN are key focius areads (we already knew this) and VIC & VIO will continue to be improved which is good to see.

 

Slide credit goes to VMware

 

Cheers

Chan

 

 

vSphere Integrated Containers – My thoughts

Capture

During the VMworld 2016, one thing that struck me was the continued focus VMware appears to have on containerisation. I have been looking at containerisation over the last year and half with interest to understand the conept, current capabilities of the available platforms and the practical use for the typical customer. I was also naturally keen on what companies such as VMware and Microsoft have to offer on the same front. VMware annouced number of initiatives such as vSphere Integrated Containers & the Photon platform during VMworld 2015 as their answers to the containerisation and having been looking at their solutions, and also having seen & listened to various speakers / engineers / evagelists during the VMworld 2016 US event, it kind of emphesized the need for me to venture further in to containerisation and especially, VMware’s solutions to containerisation. So Im gonna begin with a quick intro blog post about one of VMware’s approach to containers and what my thoughts are on the solution. I will aim to provide future posts to dig deeper in to th architecture and the deployment apsect of it…etc.

On the front of containers, VMware’s strategy is focused on 2 key solution offerings, vSphere Integrated Containers and Photon platform. While the Photon solution is not yet quite ready for production deployment in my view, its aimed at all greenfield customers who currently do not have legacy vSphere deployments and are strating out afresh. VIC on the other hand is available today & specially aimed at existring vSphere customers hence the main focus of this post.

vSphere Integrated Containers (VIC)

This is the containerisation solution for existing VMware vSphere customers and has been designed for extending vSphere capabilities to the containerised world (or vise versa, depending on how you look at it). It is predominantly aimed at existing vSphere customers who are wanting to jump on to or explore containerised app development for production use.

For those of you who are new to VIC, here’s a quick intro.

In addiiton to typical vSphere components, VIC solution itself consist of 3 main components

  1. VIC Engine – A container run time for vSphere which is deployed on to ESXi. This is an OpenSource development and is available on GitHub. This allows developpers familer wiyth Docker container developments to deploy them alongside existing VMs on an ESXi / vSphere platform and is directly manageable from using the vSphere UI (Web Client). VIC engine is referred to as VCH (Virtual Container Host) and is backed by a vSphere resource pool typically within a cluster. It also containes a copy of the conatainer images which are mapped as vmdk’s on tradiitonal vSphere components such as a VSAN datastore.                    vch-endpoint
  2. Harbour – An enterprise class registry service that stores & distributes Docker images that also include additional security, identity and management for the enterprise. Can be used as a lovcal, on-premise Docker repository so that enterprises using Docker containers won’t have to worry about the security concerns of using the public Docker repository over internet
  3. Admiral – Scalable, lightweight container management playtform used to deploy and manage container based applications

Together with vSphere, VIC provide the customers the ability to deliver a containr based solution in a production environment without having to build a dedicated environment exclusively for the containers.

The main difference between a native container approach such as native Docker on Linux Vs VIC is that,

  • Docker on Linux:  Docker outilises native Linux concept called namespaces. While more inforamtion can be found here, Docker on Linux relies on spewing multiple namespaces / containers within the same Linux server instance so spinning up an applicatiojn service 9that runs inside a container) is super fast (say, compared to powering on a VM with a full blown OS which takes time to load up and then launch the application). Same applies when you stop an application service (just stops the underlying container on th eLinux kerner). Both these operations are executed in memory. Containers
  • VMware Integrated Containers:  The container instance runs in a dedicated, micro OSE (Operating System Environment) called JeVM (Just Enough VM) which consist of a minimalistick version of Linux kernel that is just sufficient to run a container instance.. This kernal is derived from VMware’s project Photon. Photon platform itself is seperate to VIC solution and is supposed to be the second approach VMware are taking for conatiners and Cloud Native Applications, especifically aimed at greenfield deployments where you do not have an existing vSphere stack. in the case of VIC, it is important to remember that the Photon project code used within this micro VM consist of the minimal requirements to run a Docker container instance (Linux kernel and few addiitonal supporting resources giving it a minimum footprint). This Je VM instance is also using the instance clone feature available on vSphere 6.0 to quickly spin up Je VM’s for container instantiation (upon “docker run” for exmaple) so they strats up and closes down at near native speeds to that of a native container on Linux. In return for this fat client approach, customer gets a similar experience when it comes to managing these conatiner environments to that of thatier legacy infrastructure as the existing VMware tools such as vROPS, NSX…etc are all compatible with them (no such compatibility when runniong native Linux containers with Docker)

VIC3

The typical VIC architecture looks like below

VIC2

At the foundation of VIC is vSphere, the same infrastructure that customers have standardized on for all applications from test/dev to business critical apps. VIC adds a graphical plug in to the Web Client for management and monitoring. The Virtual Container Host provides a Docker API endpoint backed by a vSphere resource pool – beyond one VM or dedicated physical host. Instant Clone Template is running Photon OS Linux kernel. Developers interact from standard Docker command line interfaces or API clients. Docker commands are mapped to corresponding vSphere actions by the VCH. A request to run a new image invokes Instant Clone to rapidly fork new “just enough” VMs (Je VM) for execution of the container. Traditional apps can also run alongside containers on the VCH.

As for my thoughts, if you are an existing VMware customer, VIC gives you get the best of both worlds where you can benefit from the existing infrastructure while also benefiting from the agility available through the use of Docker container instances. For example, during the VMworld 2016 US event, VMware’s head of Cloud Native Applications BU, Kit Colbert demoed the integration of vSphere Integrated Containers with vROPS where even containerised apps can have the typical health and performance details shown via vROPS dashboards, much like legacy apps and such capabilities that are not natively available with vanila Docker instances. He also demoed the vRA integration which enables developers to self service containerised application storage placement through a policy change which automatically move the container VM / image content over from one VSAN storage tier to another. I believe such inter-operability and integration with th elegacy toolkit is very important for mass adoption of containerised apps going forward, especially for existing customers with legacy tools and apps. Furthermore, VIC solution also integrate with NSX for extending networking security components in to the container VMs / instance too which is totally cool.

Most importantly, VIC is available free as an opensource download for all VMware customers which makes the case for it even more appealing.

Cheers

Chan

P.S. Slide credit goes to VMware

#Cloud Native #VIC #Photon #VMware #VMworld