Tag Archives: VCSA

VMware vSphere 6.5 Announced – What’s New?

Cover

VMware has just officially announced the launch of the newest version of vSphere 6.5 today at VMworld 2016 in Barcelona. I’ve been beta testing it for a while and, with the release of this new vSphere version 6.5, there are a number of new enhancements and features that customers would benefit from. I’ve attempted to summarize the key ones below. However note that there may also be many more little tweaks and enhancements that aren’t necessarily been made public by VMware as of yet, that we all will only come to know once its in production use

Out of these, I’ve listed what I think would be the most important ones in blue, below.

vSphere Lifecycle Management

  • Enhanced vCenter Install, Upgrade, Patch: 
    • Streamlined user experience while deploying, upgrading and patching for vCenter Server.              vCSA deploy options
      • Reduced clicks.
      • Client integration plugin NOT required!
      • No browser dependency
      • vCSA ovf deploy target can be ESXi or another vCenter
    • Upgrade option available from Windows version 5.5 & 6.0 to vCSA 6.5
      • vCenter 5.5 and above
      • Deployment type and config preserved
      • Embedded and external SQL and Oracle DB to move to embedded Postgres SQL db within the vCSA appliance
      • Built-in extensions migrated automatically.
      • Migration assistant (windows console application) guides the user with migration process (VMware-Migration-Assistant.exe)
    • Support for CLI template-based vCenter Server lifecycle management.
      • vCSA install via CLI supports install, upgrade form 5.5 or 6.0 to 6.5 and migration from
        • Number of .jason templates are provided and simply edit the templates                                                                                                    Templates
          • ./vcsa-deploy install <template.json>
  • vSphere Update Manager for vCenter Server Appliance:
    • Fully embedded and an integrated vSphere Update Manager experience for vCenter Server Appliance – with no Windows dependencies! (finally)
      • Migrating from Windows vCenter to vCSA 6.5 also enables migration of VUM to vCSA embedded VUM
        • Export baseline from Windows VUm to appliance
        • Support VUM running on the same appliance as vCenter Server Service or external appliance
        • VUM client fully integrated to web-client
  • Enhanced Auto Deploy:
    • New capabilities such as UI support, improved performance and scale, backup and restore of rules for Auto Deploy.
  • Improvements in Host Profiles:
    • Streamlined user experience and host profile management with several new capabilities including DRS integration, parallel host remediation, and improved audit quality compliance results.
  • VMware Tools Lifecycle Management:
    • Simplified and Scalable approach for install and upgrade of VMware Tools, Reboot less upgrade for Linux Tools, OSP upgrades, enhanced version and status reporting via API and UI.
  • Web Client improvements
    • Performance & Usability
    • HTML 5 enablement (Embedded HTML 5 host client as well as the HTML5 Web Client)
  • vCenter Appliance
    • Native HA solution for VCSA (out of the box)                                                                                 HA1            HA2                                     
    • Out of the box backup and restore (file based rather than snapshot based)
    • Enhanced scale and performance (without adding to the underlying host hardware)
    • VUM is now embedded in the VCSA – Yes finally…!!
      • Web client UI for VUM & Auto deploy capability (Auto deploy caching proxies available)
    • Host Profile enhancements
  • Simplified deployment
    • Migration tool from Windows to VCSA (Including VC and VUM migration as a single step migration to achieve upgrade and migrate)
    • CLI interface for VC install, upgrade and migrate – Scripted install and update capability for VC
    • Enhanced UI experience
  • Availability
    • Proactive HA
      • Detect catastrophic health conditions in hosts and notify VI admin, along with remediation steps…etc
      • Ability to vMotion VMs from partially degraded hosts
    • Predictive DRS
      • Evolve DRS to use prediction data from vROPS – Yes..!! Was just a matter of time….!!
      • Perform pre-emptive actions to prepare for CPU/Memory changes
      • Re-balancing of cluster proactively after maintenance events
    • Orchestrated VM Restart using HA:
      • Orchestrated restart allows admins to create dependency chains on VMs or VM groups, allowing for a restart order of these dependencies and multi-tiered applications should an HA restart occur.
      • Not only will Orchestrated restart do this in the order specified by the admin, it can also wait until the previous VM is running and ready before beginning the HA restart of a dependent VM.
    • Fault Tolerance
      • Scalability limits stay the same (4 vCPUs, /64GB vRAM & 8vCPU / 64GB vRAM support still the same)
      •  Improvements in vSphere 6.5
        • Performance improvements and maximum and average response times
          • Reduced max latency from 100ms to 12ms, average of 1ms through FT algo optimisations (i.e. avg ping response down to 1.1ms from 6.6ms in vSphere 6.0, increased TCP request / response throughput, Increased bandwidth)
        • Inter-operate with VSAN (already on 6.0 u1)
          • Persevere storage policies on VM’s in a vsan cluster
        • Interoperate with DRS
          • DRS considers FT requirements in determining optimal initial host placement
        • Multiple NIC aggregation for improved FT network performance
      • Future roadmap discussion topics for FT (no guarantee)
        • Restart FT VM in a different geographical site

vSphere Compute

  • Expanded Support for New Hardware, Architectures and Guest Operating Systems:
    • Expanded support for the latest x86 chipsets, devices and drivers.
    • NVMe enhancements, and several new performance and scale improvements due to the introduction of native driver stack.
  • Guest OS and Customization Support:
    • Continue to offer broad support for guest OS’s, including recent Windows 10 builds, the latest from RHEL 7.x, Ubuntu 16.xx, SUSE 12 SPx and CoreOS 899.x. and Tech Preview of Windows Server 2016.
  • VMware Host Client:
    • HTML5-based UI to manage individual ESX hosts.
    • Supported tasks include creating and updating of VM, host, networking and storage resources, VM console access, and performance graphs and logs to aid in ESX troubleshooting.
    • Negligible host requirements
    • Console access to VM through the WebMKS
    • HTML5 redirection for the vSphere client (C#)
  • Virtual Hardware 13:
    • VMs up to 6TB of memory, and provide UEFI secure boot for guest OS.
  • Increased Scalability and Performance for ESXi and vCenter Server:
    • Continued increases in scale and performance beyond vSphere 6
      • Cluster maximums increased to support up to 64 nodes and 8K VMs.
      • Virtual Machines supported up to 128 vCPUs and 6TB vRAM 
      • Hosts supported up to 480 physical CPUs , 12 TB RAM,
      • 64 TB data stores
      • 1000+ VMs.

vSphere Storage

  • Enhancements to Storage I/O Control:
    • Support for I/O limits, shares and reservations is now fully integrated with Storage Policy-Based Management. SIOC
    • Delivers comprehensive I/O prioritization for virtual machines accessing a shared storage pool.
  • Storage Policy-Based Management Components:
    • Easily create and reuse Storage Policy Components in policies to effectively manage a multitude of data services including encryption, caching, replication, and I/O control. (via SPBM – As yo can see in the screenshot below)     SIOC SPBM
  • Enhancements in NFS 4.1 client:
    • Support for stronger cryptographic algorithms with Kerberos (AES), support for IPV6 with Kerberos and also support for Kerberos integrity check (SEC_KRB5i).
    • PowerCLI support for NFS 4.1 as well in this release.
  • Increased Datastore & Path limit:
    • Number of LUNs supported per host increased to 1024 and number of Paths increased to 4096.
  • Native support for 4k native drives in 512e mode
    • Also means VSAN 6.5 now supports large 4k drives

Management

  • vSphere Web Client enhancements:
    • New Web Client UI features like Custom Attributes, Object Tabs, and Live Refresh are presented alongside other performance and usability improvements.
  • Content Library Improvements:
    • Enhancements to Content Library including ISO mount to a VM directly from Content Library, VM Guest OS customization, simplified library item update capabilities and optimizations in streaming content between vCenter Server.
  • Enhanced DRS:
    • Enhancements to DRS settings with addition of DRS Policies that provides easier way to set advanced options including capabilities like even distribution of virtual machines, consumed vs. active memory, CPU over-commitment.

Security

  • Secure Boot Support for ESXi Host and Guest VM:
    • UEFI secure boot for ESXi and VMs – Protection against image tampering during boot
      • At boot time, we have assurance that ESXi and Guest VM’s are booting the right set of vibs.
      • If the trust is violated, ESXi and the VM’s will not boot and customers can capture the outcome.
  • Enhanced vCenter Events, Alarms and vSphere Logging:
    • Enhancements to vSphere Logging and events to provide granular visibility into current state, changes made, who made the changes and when.
    • Deliver audit-quality logging – Easier auditing and troubleshooting and forensic analysis using logs
  • Other security enhancements
    • VM encryption (Disk + Data) – Can be used to lock down critical VMs
    • Provide file integrity monitoring to meet PCI DSS requirements
    • Encrypted vMotion – Yes finally..!! (provide secure vMotion)

 

There you have it. Some really cool and really innovative features and improvements being delivered by VMware as always. Also note that this is not a major product platform release but only a minor (step) release so the new feature set is relatively minor. Expect bigger and better changes in the next version of vSphere when due out (perhaps next year??)

Slide credit goes to VMware…!!

Cheers

Chan

vRealize Infrastructure Navigator not appearing in the Web Client

I was playing around deploying the latest version of the vRealize infrastructure Navigator (5.8.6.230 – build 3923091) in my HomeLab (vSphere 6.5 with VCSA as the vCenter) and noticed that after the deployment of the VIN appliance and successfully starting it up, the Infrastructure Navigator option was not appearing within the home screen of the vSphere web client.

Upon some investigation, it turned out that the VIN plugin was not correctly downloaded to the web client so you need to manually check for new plugins to install. To achieve this, follow the process below

  1. In the Web Client, go to Home -> Administration -> Client plug-ins (under Solutions drop down menu on left) and verify that the Infrastructure Navigator plugin is not available
  2. Click the check for new plugins link on the top left. A small pop up box appears on the bottom right notifying you of the new plugin check-in action. 2
  3. Click on the Go to the event console link that’s on this pop up box to see the event updates and verify that the task is running to check for new plugins 3
  4. Wait until new plugin check is completed and is successful.   4
  5. Log off, and lock back in to vSphere web client to see the Infrastructure Navigator option appearing on the home screen so that you can go in to it and configure the VM discovery  5 6

Cheers

Chan

1. VMware vSphere 6.x – Deployment Architecture Key Notes

<-Home Page for VMware vSphere 6.x articles

First thing to do in a vSphere 6.x deployment is to understand the new deployment architecture options available on the vSphere 6.0 platform, which is somewhat different from the previous versions of vSphere. The below will highlight key information but is not a complete guide to all the changes..etc. For that I’d advise you to refer to the official vSphere documentation (found here)

Deployment Architecture

The deployment architecture for vSphere 6 is somewhat different from the legacy versions. I’m not going to document all of the architectural deference’s  (Please refer to the VMware product documentation for vSphere 6) but I will mention few of the key ones which I think are important, in a bullet point below.

  • vCenter Server – Consist of 2 key components
    • Platform Service Controller (PSC)
      • PSC include the following components
        • SSO
        • vSphere Licensing Server
        • VMCA – VMware Certificate Authority (a built in SSL certification authority to simply certificate provisioning to all VMware products including vCenter, ESXi, vRealize Automation….etc. The idea is you associate this to your existing enterprise root CA or a subordinate CA such as a Microsoft CA and point all VMware components at this.)
      • PSC can be deployed as an appliance or on a windows machine
    • vCenter Server
      • Appliance (vCSA) – Include the following services
        • vCenter Inventory server
        • PostgreSQL
        • vSphere Web Client
        • vSphere ESXi Dump collector
        • Syslog collector
        • Syslog Service
        • Auto Deploy
      • Windows version is also available.

Note: ESXi remains the same as before without any significant changes to its core architecture or the installation process.

Deployment Options

What’s in red below are the deployment options that I will be using in the subsequent sections to deploy vSphere 6 u1 as they represent the likely choices adopted during most of the enterprise deployments.

  • Platform Services Controller Deployment
    • Option 1 – Embedded with vCenter
      • Only suitable for small deployments
    • Option 2 – External – Dedicated separate deployment of PSC to which external vCenter(s) will connect to
      • Single PSC instance or a clustered PSC deployment consisting of multiple instances is supported
      • 2 options supported here.
        • Deploy an external PSC on Windows
        • Deploy an external PSC using the Linux based appliance (note that this option involves deploying the same vCSA appliance but during deployment, select the PSC mode rather than vCenter)
    • PSC need to be deployed first, followed by vCenter deployment as concurrent deployment of both are NOT supported!
  • vCenter Server Deployment – vCenter Deployment architecture consist of 2 choices
    • Windows deployment
      • Option 1: with a built in Postgre SQL
        • Only supported for a small – medium sized environment (20 hosts or 200VMs)
      • Option 2: with an external database system
        • Only external database system supported is Oracle (no more SQL databases for vCenter)
      • This effectively mean that you are now advised (indirectly, in my view) to always deploy the vCSA version as opposed to the Windows version of vCenter, especially since the feature parity between vCSA and Windows vCenter versions are now bridged
    • vCSA (appliance) deployment
      • Option 1: with a built in Postgre SQL DB
        • Supported for up to 1000 hosts and 10,000 VMs (This I reckon would be the most common deployment model now for vCSA due to the supported scalability and the simplicity)
      • Option 2: with an external database system
        • As with the Windows version, only Oracle is supported as an external DB system

PSC and vCenter deployment topologies

Certificate Concerns

  • VMCA is a complete Certificate Authority for all vSphere and related components where the vSphere related certificate issuing process is automated (happens automatically during adding vCenter servers to PSC & adding ESXi servers to vCenter).
  • For those who already have a Microsoft CA or a similar enterprise CA, the recommendation is to make the VMCA a subordinate CA so that all certificates allocated from VMCA to all vSphere components will have the full certificate chain, all the way from your Microsoft root CA(i.e. Microsoft Root CA cert->Subordinate CA cert->VMCA Root CA cert->Allocated cert, for the vSphere components).
  • In order to achieve this, the following steps need to be followed in the listed order.
    • Install the PSC / Deploy the PSC appliance first
    • Use an existing root / enterprise CA (i.e. Microsoft CA) to generate a subordinate CA certificate for the VMCA and replace the default VMCA root certificate on the PSC.
      • To achieve this, follow the VMware KB articles listed here.
      • Once the certificate replacement is complete on the PSC, do follow the “Task 0” outlined here to ensure that the vSphere service registrations with the VMware lookup service are also update. If not, you’ll have to follow the “Task 1 – 4” to manually update the sslTrust parameter value for the service registration using the ls_update_certs.py script (available on the PSC appliance). Validating this here can save you lots of headache down the line.
    • Now Install vCenter & point at the PSC for SSO (VMCA will automatically allocate appropriate certificates)
    • Add ESXi hosts (VMCA will automatically allocate appropriate certificates)

Key System Requirements

  • ESXi system requirements
    • Physical components
      • Need a minimum of 2 CPU cores per host
      • HCL compatibility (CPU released after sept 2006 only)
      • NX/SD bit enabled in BIOS
      • Intel VT-x enabled
      • SATA disks will be considered remote (meaning, no scratch partition on SATA)
    • Booting
      • Booting from UEFI is supported
      • But no auto deploy or network booting with UEFI
    • Local Storage
      • Disks
        • Recommended for booting from local disk is 5.2GB (for VMFS and the 4GB scratch partition)
        • Supported minimum is 1GB
          • Scratch partition created on another local disk or RAMDISK (/tmp/ramdisk) – Not recommended to be left on ramdisk for performance & memory optimisation
      • USB / SD
        • Installer DOES NOT create scratch on these drives
        • Either creates the scratch partition on another local disk or ramdisk
        • 4GB or larger recommended (though min supported is 1GB)
          • Additional space used for the core dump
        • 16GB or larger is highly recommended
          • Prolongs the flash cell life
  • vCenter Server System Requirements
    • Windows version
      • Must be connected to a domain
      • Hardware
        • PSC – 2 cpu / 2GB RAM
        • Tiny environment (10 hosts / 100 VM- 2 cpu / 8GB RAM
        • Small (100 hosts / 1000 VMs) – 4 cpus / 16GB RAM
        • Medium (400 hosts / 400 VMs) – 8cpus / 24GB RAM
        • Large (1000 hosts / 10000 VMs) – 16 cpus / 32GB RAM
    • Appliance version
      • Virtual Hardware
        • PSC- 2 cpu / 2GB RAM
        • Tiny environment (10 hosts / 100 VM- 2 cpu / 8GB RAM
        • Small (100 hosts / 1000 VMs) – 4 cpus / 16GB RAM
        • Medium (400 hosts / 400 VMs) – 8cpus / 24GB RAM
        • Large (1000 hosts / 10000 VMs) – 16 cpus / 32GB RAM

In the next post, we’ll look at the key deployment steps involved.