Continuation of Any Cloud, Any Device & Any App strategy – An update from VMworld 2018 Europe

The beginning

As an avid technologist, I’ve always had a thing for disruptive technologies, especially those that are not just cool tech but also provide genuine business benefits. Some of these benefits are obvious at first, but some are often not even anticipated until after a technology innovation has been achieved.

VMware’s inception: Through the emulation of X86 computing components within software was one of these moments where the power of software driven computing started a whole new shift in the IT industry. In an age of Hardware centric IT, this software defined computing technology paved way to achieve genuine cost savings through consolidation of multiple servers in to a handful of servers instead. For me back then as a lowly server engineer, introduction to this technology was one of those “goose bump” moments, especially when I thought about the possibilities of where this technology innovation could take us going forward, especially when that’s extended beyond just computing.

Fast forward about 12 more years, the software defined capabilities extended beyond compute in to storage and networking too, paving the way for brand new possibilities such as cloud computing. Recognising the commoditisation of this software defined approach by various other vendors, VMware strategically changed their direction to focus on building tools and solutions that provide customers the choice to run any application, on any cloud platform, accessible by any end user device (PC & Mobile). This strategy was launched back in 2015 and I’ve blogged about it here.

Continuation of a solid strategy

Following on from vSphere, vSAN and NSX as pillars of core software defined data center (SDDC), last couple of years showed how this vision from VMware was coming in to reality through the launch of various new solutions as well as modernisation of exiting solutions. IBM cloud (based on SDDC) & VMware Cloud on AWS (based on SDDC) were launched to harness cloud computing capabilities for customers without having to re-platform their workloads saving transformation costs. Along with over 2000 VMware Cloud Provider partner platforms (built on SDDC) all of whom that runs these very same technologies underneath their cloud platforms, this common architecture enabled customers to easily move their workload from on premises to any of these platforms relatively easily. Introduction of technologies such as VMware HCX last year made it even easier through one click migration of these workloads as well as the ability to move a running workload on to a cloud platform with zero downtime (Cloud motion).

In addition to the core infrastructure components, the existing infrastructure management and monitoring toolset deployed on-premises (vRealize suite) was also revamped over the last few years such that they can manage and monitor these environments across all these cloud platforms. vRealize suite was now one of the best Cloud Management Platforms that could provision workloads on to on-prem & on native cloud platforms such as AWS and Azure providing a single pane of glass.

NSX capabilities were also extended to cloud platforms to effectively bring cloud platforms closer to on-premises data centers via network adjacency providing customers easy migration and fall back choices while maintaining networking integrity across both platforms. With these updates, the vision of “Any Cloud” became more of a reality, though most of the use cases were limited to IaaS capabilities across the cloud platforms.

During last year, VMware also launched a number of fully managed, born in the cloud SaaS applications under the category of VMware Cloud Services (v1.0) aimed at extending this “Any Cloud” capabilities to cover none IaaS platforms. These SaaS offerings enabled ability to provision, manage and run cloud native workloads on none vSphere based cloud platforms such as Azure and native AWS platforms. These extended the “Any cloud” capabilities right in to various PaaS platforms too enabling better value to customers. A list of these new solutions and updates were listed on my previous post here.

Last few years also showed us how VMware intended on achieving the “Any Device” vision through the Workspace One platform & Air Watch. Incremental feature upgrades ensured that support for a wide array of end user computing and mobile devices to consume various enterprise IT services in a consistent, secure manner, regardless of where the applications & the data are hosted (on-premises or cloud). These updates include support for key none vSphere based cloud platforms and even competitive technologies such as Citrix providing customers plenty of choice to use any device of their choice to access applications hosted via all major avenues such as Mobile / PC / VDI / Citrix / Microsoft RDS.

“Any App” vision of enabling customers deploy and run any application was all about providing support for traditional (VM) based apps, micro-services based apps (containers) and SaaS apps. The partnership with Google for the implementation formed and new products such as PKE were also launched to provision, manage and run container workloads via an enterprise grade Kubernetes platform, both on premises as well as on cloud platforms, making the Any App strategy also a reality.

Update in 2018!

2018’s VMworld (Europe) messaging was very much an incremental continuation of this same multi-platform, multi app and multi device strategy, adding additional capabilities for core use cases. Some of the new updates also showed how VMware are also adding new use cases such as Edge computing and IoT solutions in to the mix.

Some of the key updates to note from VMworld 2018 include,

  • Heptio acquisition:    To strengthen the VMware’s Kubernetes platform offerings (Complements on-premises focused PKS as well as a SaaS offering for managed Kubernetes in VKE)
  • VMware Cloud PKS:    PKS as a Service (managed by VMware) on AWS with support coming for VMware Cloud on AWS, Azure, GCP and vSphere
  • Project Dimension:    Fully managed VMware Cloud Foundation solution for on-premises with Hybrid Cloud control plane. Beta announced!
  • Launch of VCF 3.5:    Latest version of Cloud Foundation with incremental updates and cloud integration via HCX.
  • CloudHealth in VCS:    Integration of recently acquired CloudHealth in to the VMware cloud services (SaaS offering) portfolio which now extends the cloud platform cost monitoring and resource management as a SaaS offering with better cloud scalability than vROPs
  • Pulse IoT center aaS:    IoT Infrastructure management solution previously available as an on-premises solution now available as a service. Beta announced!
  • New SaaS solutions:    Additional solutions are announced such as Cloud Assembly (vRA aaS), Service broker & Code stream to enhance DevOps app delivery & management.
  • VMware Blockchain:    Enterprise blockchain service inherently more secure than public blockchain that is integrated to underlying VMware tools and technologies for enterprises to consume.

Amongst these, there were also other minor incremental updates to existing tools and solutions such as vRealize suite 2018, Log Intelligence, Wavefront updates to provide application telemetry data (similar to App Dynamics) from container based deployments, vSphere & vSAN incremental updates, availability of vSphere platinum edition (with bundled in AppDefense) that learn (Good app behaviour), lock (the state in) and adapts security (based on changes to the application), Adaptive micro-segmentation via integrating NSX & AppDefense, Increased geo availability of VMware Cloud on AWS (Ireland, Tokyo, N California, Ohio, Gov clud west), availability of AWS RDS on vSphere on premises to name few.

In addition to the above based on the previously established Any Cloud, Any Device & Any App strategy, VMware are also embracing different target markets such as Telco clouds by offering industry specific solutions through the use of their VeloCloud technologies, in preparation for the 5G revolution that is imminent in the industry and large telco Vodafone are helping VMWare co-engineer and test these solutions to ensure their business relevance.

So all in all, there weren’t any attention grabbing headline announcements in this year’s VMworld event, but the focus was rather on providing evidence of the execution of that strategy set back in 2015/2016. VMware’s increasing pivoting to Cloud based solutions is becoming more and more obvious as almost all the net new products and solutions announced within 2017 and 2018 VMworlds are all SaaS offerings managed by VMware. This is a powerful message and customers seem to take note too, if the record breaking 12,000 attendees of VMworld 2018 Europe is anything to go by.

As I mentioned at the beginning of this post, as these technology updates and new innovation is continuing, no doubt there will be additional use cases being realised, and the associated business requirements previously not envisioned being established. In an age of rapid advancements of technology that often driving new business requirements retrospectively, I like how VMware are pushing ahead with a coherent technology strategy focused on providing customer the choice to benefit from innovations across these technology platforms.

VMworld 2017 US – VMware Strategy & My Thoughts

This is a quick post to summerise all the key announcements from VMworld 2017 US event and share my thoughts and insights of the strategy and the direction of VMware, the way I see it.

Key Announcements

A number of announcements were made during the week on products and solutions and below is a high level list of those to recap.

  • Announced the launch of the VMware Cloud Services which consists of 2 main components
    • VMware Cloud on AWS (VMC)
      • Consist of VMware vSphere + vSAN + NSX
      • Running on AWS data centers (bare metal)
      • A complete Public Cloud platform consisting of VMware Software Defined Data Center components
      • Available as a
    • A complete Hybrid-Cloud infrastructure security, management & monitoring & Automation solution made available through a Software as a Service (SaaS) platform
      • Work natively with VMware Cloud on AWS
      • Also work with legacy, on-premises VMware data center
      • Also work with native AWS, Azure and Google public cloud platforms
  • Next generation of network virtualisation solution based NSX-T (aka NSX Multi hypervisor)
    • Version 2.0 announced
    • Supports vSphere & KVM
    • Likely going to be strategically more important to VMware than the NSX-v (vSphere specific NSX that is commongly used today by vSphere customers). Think What ESXi was for VMware when ESX was still around, during early days!

 

 

  • Next version of vRealize Network Insight (version 3.5) released
    • Various cloud platform integrations
    • Additional on-premises 3rd party integrations (Check Point FW, HP OneView, Brocade MLX)
    • Support for additional NSX component integration (IPFIX, Edge dashboard, NSX-v DFW PCI dashboard)

 

  • VMware AppDefense
    • A brand new application security solution that is available via VMware Cloud Services subscription

 

  • VMware Pivotal Container Services (PKS) as a joint collaboration between VMware, Pivotal & Google (Kubernetes)
    • Kubernetes support across the full VMware stack including NSX & vSAN
    • Support for Sever-Less solution capabilities using Functions as a Service (Similar to AWS Lambda or Azure Functions)
    • Enabling persistent storage for stateful applications via the vSphere Cloud Provider, which provides access to vSphere storage powered by vSAN or traditional SAN and NAS storage,
    • Automation and governance via vRealize Automation and provisioning of service provider clouds with vCloud Director,
    • Monitoring and troubleshooting of virtual infrastructure via VMware vRealize Operations
    • Metrics monitoring of containerized applications via Wavefront.

 

  • Workspace One enhancements and updates
    • Single UEM platform for Windows, MacOS, Chrome OS, IOS and Android
    • Integration with unique 3rd party endpoint platform API’s
    • Offer cloud based peer-to-peer SW distribution to deploy large apps at scale
    • Support for managing Chrome devices
    • Provides customers the ability to enforce & manage O365 security policies and DLP alongside all of their applications and devices
    • Workspace One intelligence to provide Insights and automation to enhance user experience (GA Q4 FY18)
  • VMware Integrated OpenStack 4.0 announced
    • OpenStack Ocata integration
    • Additional features include
      • Containerized apps alongside traditional apps in production on OpenStack
      • vRealize Automation integration to enable OpenStack users to use vRealize Automation-based policies and to consume OpenStack components within vRealize Automation blueprints
      • Increased scale and isolation for OpenStack clouds enabled through new multi-VMware vCenter support
    • New pricing & Packaging tier (not free anymore)
  • VMware Skyline
    • A new proactive support offering aligned to global support services
    • Available to Premier support customers (North America initially)
    • Requires an appliance deployment on premise
    • Quicker time to incident resolution

Cross Cloud Architecture Strategy & My Thoughts

VMware announced the Cross Cloud Architecture (CCA) back in VMworld 2016 where they set the vision for VMware to provide the capability to customers to run & manage any application, on any cloud using any device. This was ambitious and was seen as the first step towards VMware recognising that running vSphere on premise should no longer be VMware’s main focus and they want to provide customers with choice.

This choice of platform options were to be,

  • Continue to run vSphere on premise if that is what you want to do
  • OR, let customers run the same vSphere based SDDC stack on the cloud which can be spun up in minutes in a fully automated way (IaaS)
  • OR, run the same workload that used to run on a VMware SDDC platform on a native public cloud platform such as AWS or Azure or Google cloud or IBM Cloud

During that VMworld, VMware also demoed the capability of NSX to bridge all these various private and public cloud platforms through the clever use of NSX to extend networks across all of those platforms. Well, VMworld 2017 has shown additional steps VMware have taken to make this cross cloud architecture even more of a reality. VMware Cloud on AWS (VMC) now lets you spin up a complete VMware based Software Defined Data Center running vSphere on vSAN connected by NSX through a simple web page, much similar to how Azure and AWS native infrastructure platforms allows you to provision VM based infrastructure on demand. Based on some initial articles, this could even be cheaper than running vSphere on-premise which is great news for customers. In addition to this price advantage, when you factor in the rest of Total Cost of Ownership factors such as maintaining on premise skill to set up and manage the infrastructure platforms that are no longer needed, the VMC platform is likely going to be extremely interesting to most customers. And most importantly, most customers will NOT need to go through costly re-architecting of their monolithic application estate to fit a native cloud IaaS platform which simplifies cloud migration of their monolithic application stack. And if that is not enough, you also can carry on managing & securing that workload using the same VMware management and security toolset, even on the cloud too.

When you then consider the announcement of VMware Cloud Services (VCS) offering as a SaaS solution, it now enables integrating a complete VMware hybrid cloud management toolset in to various platforms and workloads, irrespective of where they reside. VCS enables the discovery, monitoring, management and securing of those workloads across different platforms, all through a single pane of glass which is a pretty powerful message that no other public cloud provider can claim to provide in such a heterogeneous manner. This holistic management and security platform allows customers to provision, manage and secure any workload (Monolithic or Microservices based) on any platform (vSphere on premise, VMC on AWS, native AWS, native Azure, Native Google cloud) to be accessed on any device (workstation, laptop, Pad or a mobile). That to me is a true Cross Cloud vision becoming a reality and my guess is once the platform matures and capabilities increase, this is going to be very popular amongst almost all customers.

In addition to this CCA capabilities, VMware obviously appear to be shifting their focus from the infrastructure layer (read “virtual machine”) to the actual application layer, focusing more on enabling application transformation and application security which is great to see. As many have already, VMware too are embracing the concept of containers, not only as a better application architecture but also as the best way to decouple the application from the underlying infrastructure and using containers as a shipping mechanism to enable moving applications across to public cloud (& back). The announcement of various integrations within their infrastructure stack to Docker ecosystem such as Kubernetes testifies to this and would likely be welcomed by customers. I’d expect such integration to continue to improve across all of VMware’s SDDC infrastructure stack. With VMware solutions, you can now deploy container based applications on on-premise vSphere using VIC or Photon or even VMC or a native public cloud platform, store them on vSAN with volume plugins on premise or on cloud, extend the network to the container instance via NSX (on premise or on cloud), extend visibility in to container instance via vRNI and vROPS (on premise or cloud) and also automate provisioning or most importantly, migration of these container apps across on-premise or public cloud platforms as you see fit.

NSX cloud for example will let you extend all the unique capabilities of software defined networking such as micro-segmentation, security groups and overlay network extensions to not just within private data centers but also to native public cloud platforms such as AWS & Azure (roadmap) which enriches the capabilities of a public cloud platform and increases the security available within the network.

My Thoughts

All in all, it was a great VMworld where VMware have genuinely showcased their Hybrid Cloud and Cross Cloud Architecture strategy. As a technologist that have been working with VMware for a while, it was pretty obvious that a software centric organisation like VMware, similar to the likes of Microsoft was always gonna embrace changes, especially changes driven by software such as the public cloud. However most people, especially sales people in the industry I work in as well as some of the customers were starting to worry about the future of VMware and their relevance in the increasingly Cloudy world ahead. This VMworld has showcased to all of those how VMware has got a very good working strategy to embrace that software defined cloud adoption and empower customers by giving them the choice to do the same, without any tie in to a specific cloud platform. The soaring, all time high VMware share price is a testament that analysts and industry experts agree with this too.

If I was a customer, I would want nothing more!

Keen to get your thoughts, please submit via comments below

Other Minor VMworld 2017 (Vegas) Announcements

  • New VMware & HPe partnership for DaaS
    • Include Workspace ONE to HPe DaaS
    • Include Unified Endpoint Management through Airwatch
  • Dell EMC to offer data protection to VMC (VMware Cloud on AWS)
    • Include Data Domain & Data protection app suite
    • Self-service capability
  • VCF related announcements
    • CenturyLink, Fujitsu & Rackspace to offer VCF + Services
    • New HCI and CI platforms (VxRack SDDC, HDS UCP-RS, Fujitsu PRIMEFLEX, QCT QxStack
    • New VCF HW partners
      • Cisco
      • HDS
      • Fujitsu
      • Lenovo
  • vCloud Director v9 announced
    • GA Q3 FY18
  • New vSphere scale-out edition
    • Aimed at Big data and HPC workloads
    • Attractive price point
    • Big data specific features and resource optimisation within vSphere
    • Includes vDS
  • VMware Validated Design (VVD) 4.1 released
    • Include a new optional consolidated DC architecture for small deployments
  • New VMware and Fujitsu partnerships
    • Fujitsu Cloud Services to delivery VMware Cloud Services
  • DXC Technology partnership
    • Managed Cloud service with VMC
    • Workload portability between VMC, DXC DCs and customer’s own DCs
  • Re-announced VMware Pulse IoT Center  with further integration to VMware solutions stack to manage IoT components

 

Cheers

Chan

Introduction To VMware App Defense – Application Security as a Service

Yesterday at VMworld 2017 US, VMware annouced the launch of AppDefense. This post is a quick introduction to look a little closely at what it is & my initial thoughts on it.

AppDefense – What is it?

AppDefense is a solution that uses the Hypervisor to introspect the guest VM application behaviour. It involves analysing the applicaiton (within guest VM) behaviourestablishing its normaly operational behaviour (intended state) & once verified to be the accurate, constantly measuring the future state of those applications against the intended state & least privilege posture and controlling / remediating its behaviour should non-conformance is detected. The aim is increase application security to detect infiltrations at the application layer and automatically prevent propogation of those infiltrations untill remediation.

AppDefense is a cloud hosted managed solution (SaaS) from VMware that is hosted on AWS (https://appdefense.vmware.com) that is managed by VMware rather than an onpremises based monitoring & management solution. It is a key part of the SaaS solution stack VMware also announced yesterday, VMware Cloud Services. (A separate detailed post to follow about VMware Cloud Services)

If you know VMware NSX, you know that NSX will provide least privillege execution environment to prevent attacks or propogation of security attacks through enforcing least privillege at the network level (Micro-Segmentation). AppDefense adds an additional layer by enforcing the same least privillege model to the actual application layer as well within the VM’s guest OS.

AppDefense – How does it work?

The high level stages employed by AppDefense in identifying and providing application security consist of the following high level steps (based on what I understand as of now).

  1. Application base lining (Intended State):  Automatically identifying the normal behavious of an application and producing a baseline for the application based on its “normal” behavioural patters (Intended state).                                                    This intended state can come from analyzing normal, un-infected application behaviour within the guest or even from external application state definition platforms such as Puppet…etc. Pretty cool that is I think!  
  2. Detection:  It will then constantly monitor the application behaviour against this baseline to see if there are any deviations which could amont to potential malicious behaviuours. If any are detected, AppDefense will either block those alien application activities or automatically isolate the application using the Hypervisor constructs, in a similar manner to how NSX & 3rd party AV tools auto isolate guest introspection using heuristic analysis. AppDefense uses an in-memory process anomaly detector rather than taking a hash of the VM file set (which is often how 3rd party security vendors work) which is going to be a unique selling point, in comparison to typical AV tools. An example demo showed by VMware was on an application server that ordinarily talks to a DB server using a SQl server ODBC connectivity, where once protected by AppDefense, it automaticlaly blocks any other form of direct connectivity from that app server to the DB server (say a Powershell query or a script running on the app server for example) even if that happened to be on the same port that is already permitted. – That was pretty cool if you ask me.  
  3. Automated remediation:  Similar to above, it can then take remediation action to automatically prevent propogation.

 

AppDefense Architecture

AppDefense, despite being a SaaS application, will work with cloud (VMware Cloud on AWS) as well as on-premises enviornment. The onpremises proxy appliance will act as the broker. Future road map items will include extending capabilities to non vSphere as well as bare metal workloads onpremises. There will be an agent that is deployed in to the VM’s (guest agent) that will run inside a secure memory space to ensure it’s authenticity.

For the on-premis version, vCenter is the only mandatory pre-req whereas NSX mgr and vRA are optional and only required for remediation and provisioning. (No current plans for Security Manager to be available onsite, yet).

AppDefense Integration with 3rd parties*

  • IBM Security:
    • AppDefense plans to integrate with IBM’s QRadar security analytics platform, enabling security teams to understand and respond to advanced and insider threats that cut across both on-premises and cloud environments like IBM Cloud. IBM Security and VMware will collaborate to build this integrated offering as an app delivered via the IBM Security App Exchange, providing mutual customers with greater visibility and control across virtualized workloads without having to switch between disparate security tools, helping organizations secure their critical data and remain compliant.
  • RSA:
    • RSA NetWitness Suite will be interoperable with AppDefense, leveraging it for deeper application context within an enterprise’s virtual datacenter, response automation/orchestration, and visibility into application attacks. RSA NetWitness Endpoint will be interoperable with AppDefense to inspect unique processes for suspicious behaviors and enable either a Security Analyst or AppDefense Administrators to block malicious behaviors before they can impact the broader datacenter.
  • Carbon Black:
    • AppDefense will leverage Carbon Black reputation feeds to help secure virtual environments. Using Carbon Black’s reputation classification, security teams can triage alerts faster by automatically determining which behaviors require additional verification and which behaviors can be pre-approved. Reputation data will also allow for auto-updates to the manifest when upgrading software to drastically reduce the number of false positives that can be common in whitelisting.
  • SecureWorks:
    • SecureWorks is developing a new solution that leverages AppDefense. The new solution will be part of the SecureWorks Cloud Guardian™ portfolio and will deliver security detection, validation, and response capabilities across a client’s virtual environment. This solution will leverage SecureWorks’ global Threat Intelligence, and will enable organizations to hand off the challenge of developing, tuning and enforcing the security policies that protect their virtual environments to a team of experts with nearly two decades of experience in managed services.
  • Puppet:
    • Puppet Enterprise is integrated with AppDefense, providing visibility and insight into the desired configuration of VMs, assisting in distinguishing between authorized changes and malicious behavior

*Credit: VMware AppDefense release news

Having spoken to the product managers, my guess is these partnerships will grow as the product goes through its evolution to include many more security vendors.

 

Comparison to competition

In comparison to other 3rd party AV tools that have heuristic analysis tools that does similar anomaly detection within the guests, VMware AppDefense is supposed to have a number of unique selling points such as the ability to better understand distributed application behaviours than competition to reduce false positives, the ability to not jut detect but also take remediation orchesatration capabilities (through the use of vRA and NSX) as well as the near future roadmap to use Machine learning capabilities to enhance anomaly detection within the guest which is pretty cool.

Understanding the “Intended state”

Inteded state can come from various information collected from various data center state definition tools such as vCenter, Puppet, vRealize Automation & othr configuraoin management solutions as well as devlopper workflows such as Ansible, Jenkins…etc.

App Defense agent (runs in the guest OS) runs in a protected memory space within the guest (via the hypervisor) to store the security controls that is tamper proof (secure runtime). Any attempts to intrude in to this space are detected and actioned upon automatically. While this is secure, it’s not guranteed at the HW layer (Think HyTrust that uses Intel CPU capabilities such as TXT to achieve HW root of trust), though I suspect this will inevitably come down the line.

 

AppDefense – My (initial) Thoughts

I like the sound of it and its capabilities based on what I’ve seen today. Obviously its a SaaS based application and some people may not like that to monitor and enforce your security, especially if you have an on-premises environment that you’d like to monitor and manage security on, but if you can get over that mindset, this could be potentially quite good. But obviously if you use VMware Cloud Services, especially VMware Cloud on AWS for example, this would have direct integration with that platform to enforce application level security which could be quite handy. As with all products however, the devil is normally in the detail and the this version has only just been released so the details available is quite scarse in order to form a detailed & an accurate opinion. I will be aiming to test this out in detail in the coming future, both with VMware cloud on AWS as well as On-Premises VMware SDDC stack and provide some detailed insights. Furthermore, its a version 1.0 product and realistically, most production customers will likely wait until its battle hardened and becomes richer with capabilities such as using Hardware root of trust capabilities are added before using this for key production workloads.

However until then, its great to see VMware are focusing more on security in general and building in native, differentiated security capabilities focusing on the application layer which is equally important as the security at the infrastructure layer. I’m sure the product will evolve to incorporate things such as AI & machine learning to provide more sophisticated preventive measures in the future. The ability to taken static applicatio / VM state definitions from external platforms like Puppet is really useful and I suspect would probably be where this would be popular with customers, at least initially.

Slide credits go to VMware.!

Cheers

Chan

VMworld 2017 – vSAN New Announcements & Updates

During VMworld 2017 Vegas, a number of vSAN related product announcements will have been made and I was privy to some of those a little earlier than the rest of the general public, due being a vSAN vExpert. I’ve summerised those below. The embargo on disclosing the details lifts at 3pm PST which is when this blog post is sheduled to go live automatically. So enjoy! 🙂

vSAN Customer Adoption

As some of you may know, popularity of vSAN has been growing for a while now as a preferred alternative to legacy SAN vendors when it comes to storing vSphere workloads. The below stats somewhat confirms this growth. I too can testify to this personally as I’ve seen a similar increase to the number of our own customers that consider vSAN as the default choice for storage now.

Key new Announcements

New vSAN based HCI Acceleration kit availability

This is a new ready node program being announced with some OEM HW vendors to provide distributed data center services for data centers to keep edge computing platforms. Consider this to be somewhat in between vSAN RoBo solution and the full blown main data center vSAN solution. Highlights of the offering are as follows

  • 3 x Single socket servers
  • Include vSphere STD + vSAN STD (vCenter is excluded)
  • Launch HW partners limited to Fujitsu, Lenovo, Dell & Super Micro only
  • 25% default discount on list price (on both HW & SW)
  • $25K starting price

           

 

  • My thoughts: Potentially a good move an interesting option for those customers who have a main DC elsewhere or are primarily cloud based (included VMware Cloud on AWS). The practicality of vSAN RoBo was always hampered by the fact that its limited to 25 VMs on 2 nodes. This should slightly increase that market adoption, however the key decision would be the pricing. Noticeably HPe are absent from the initial launch but I’m guessing they will eventually sign up. Note you have to have an existing vCenter license elsewhere as its not included by default.

vSAN Native Snapshots Announced

Tech preview of the native vSAN data protection capabilities through snapshots have been announced and will likely be generally available in FY18. vSAN native snapshots will have the following characteristics.

  • Snapshots are all policy driven
  • 5 mins RPO
  • 100 snapshots per VM
  • Support data efficiency services such as dedupe as well as protection services such as encryption
  • Archival of snapshots will be available to secondary object or NAS storage (no specific vendor support required) or even Cloud (S3?)
  • Replication of snapshots will be available to a DR site.

  • My thoughts: This was a hot request and something that was long time coming. Most vSAN solutions need a 3rd party data center back up product today and often, SAN vendors used to provide this type of snapshot based backup solution from the array (NetApp Snap Manager suite for example) that vSAN couldn’t match. Well, it can now, and since its done at the SW layer, its array independent and you can replicate or archive that anywhere, even on cloud and this would be more than sufficient for lots of customers with a smaller or a point use case to not bother buying backup licenses elsewhere to protect that vSphere workload. This is likely going to be popular. I will be testing this out in our lab as soon as the beta code is available to ensure the snaps don’t have a performance penalty.

 

vSAN on VMware Cloud on AWS Announced

Well, this is not massively new but vSAN is a key part of VMware Cloud on AWS and the vSAN storage layer provide all the on premise vSAN goodness while also providing DR to VMware Cloud capability (using snap replication) and orchestration via SRM.

 

vSAN Storage Platform for Containers Announced

Similar to the NSX-T annoucement with K8 (Kubernetes) support, vSAN also provide persistent storage presentation to both K8 as well as Docker container instances in order to run stateful containers.

 
This capability came from the vmware OpenSource project code named project Hatchway and its freely available via GitHub https://vmware.github.io/hatchway/ now.

  • My thoughts: I really like this one and the approach VMware are taking with the product set to be more and more microservices (container based application) friendly. This capability came from an opensource VMware project called Project hatchway and will likely be popular with many. This code was supposed to be available on GitHub as this is an opensource project but I have not been able to see anything within the VMware repo’s on GitHub yet.

 

So, all in all, not very many large or significant announcements for vSAN from VMworld 2017 Vegas (yet), but this is to be expected as the latest version of vSAN 6.6.1 was only recently released with a ton of updates. The key take aways for me is that the popularity of vSAN is obviously growing (well I knew this already anyways) and the current and future announcements are going to be making vSAN a fully fledged SAN / NAS replacement for vSphere storage with more and more native security, efficiency and availability services which is great for the customers.

Cheers

Chan

 

VMworld 2017 – Network & Security Announcements

As an NSX vExpert, I was privy to an early access preview of some of the NSX updates that are due to be announced during VMworld 2017 Vegas – This is a summary of all those announcements and, while I prepped the post before VMworld announcements were made to general public, by the time this post is published and you read this, it will be all public knowledge.

Growing NSX market

    

  • NSX customer momentum is very good, with around 2600+ new NSX customers in Q2 which is twice that year ago.
  • Typical customer sectors are from all around, Service providers, healthcare, Finance, Technology, Public sector…etc
  • Typical use cases belong to Security (Micro-Segmentation, EUC & DMZ anywhere), Automation and App continuity (DR, Cross cloud)

Since I work for a VMware partner (reseller), I can relate to these points first hand as I see the same kind of customers and use cases being explored by our own customers so these appear to be valid, credible market observations.

Network & Security New Announcements (VMworld 2017)

Given below are some of the key NSX related announcements that will be / have been annouced today at VMworld 2017 Vegas.

  • NSX-T 2.0 release
    • On-premise network virtualisation for non-vSphere workloads
    • Cloud Native App framework (K8 integration)
    • Cloud integration (Native AWS platform)
  • VMware Cloud Services
    • Number of new SaaS solution offerings available from VMware
    • The list of initial solutions available as SaaS offering at launch include
      • Discovery
      • Cost insights
      • Wavefront
      • Network insight
      • NSX Cloud & VMware Cloud on AWS
        • Well, this is not news, but been pre-announced already
      • VMware AppDefense
        • A brand new data center endpoint security product
      • Workspace One (Cloud)
  • vRealize Network Insight 3.5
    • vRNI finally expanding to cloud and additional on-premise 3rd party integrations

NSX-T 2.0 release (For secure networking in the cloud)

So this is VMware’s next big bet. Simply because it is NSX-T that will enable the future of VMware’s cross cloud capabilities by being compatible with all other none vSphere platforms including public cloud platforms to extend the NSX networking constructs in to those environments. Given below are the highlights of NSX-T 2.0 announced today.

  • On-premise automation and networking & Security (Support for KVM)
    • Multi-Domain networking
    • Automation with OpenStack
    • Micro-Segmentation
  • Cloud Native Application Frameworks
    • VMs and containers
    • CNI plugin integration for Kubernetes
    • Micro-Segmentation for containers / Microservices via NST-T 2.0 (roadmap)
    • Monitoring & analytics for containers / Microservices via NST-T 2.0 (roadmap)
  • Public Cloud Integration
    • On-prem, Remote, Public & Hybrid DCs
    • Native AWS with VMware secure networking – Extends out NSX security constructs to legacy AWS network

NSX-T integration with Container as a Service (Kubernetes for example) and Platform as a Service (AWS native networking) components a NSX container plugin and the architecture is shown below.

  

 

VMware Cloud Services (VCS)

This is a much anticipated annoucement where NSX secure networking capabilities will be offerred as a hosted service (PaaS) from VMware – Known as “VMware Cloud Services portal”. This will integrated with various platforms such as your on-premise private cloud environment or even public cloud platforms such as native AWS (available now) or Azure (roadmap) by automatically deploying the NSX-T components required on each cloud platform (NSX manager, NSX controllers & Cloud Services Manager appliance…etc). This is TOTALLY COOL and unlike any other solution available from anyone else.

As a whole, VCS will provide the following capabilities on day 1, as a SaaS / PaaS offering.

 

Key capabilities this PaaS provide include the below, across the full Hybrid-Cloud stack.

  • Discovery
  • Networking Insights
  • Cost management / insight
  • Secure Networking (via NSX Cloud)

The beauty of this offering is this will provide all the NSX natice capabilities such as distributed routing, Micro segmentation, Distributed switching, data encryption and deep visibility in to networking traffic will all be extended out to any part of the hybrid cloud platform. Ths enables you to manage and monitor as well as define & enforce new controls through a single set of security policies, defined on a single pane of glass, via Cloud Services portal. For example, the ditributed  firewall policies that block App servers from talking direct to DB servers, once defined, will apply to the VMs whether they are on premise on vSphere or moved to KVM or even when they reside on AWS (VMware cloud or native AWS platform). All of this becomes possible through the integration of NSX-T with cloud platforms that enables additional services using network overlay. In the case of public cloud, this will provide all these additional capabilities that are not natively available on the cloud platform which is awesome.!

I cannot wait for VCS to have Azure integration also which I believe is in the roadmap.

I will be doing a detailed post on VCS soon.

VMware Cloud on AWS

  

Well, this is NOT news anymore as this was annouced last year during VMworld 2016 and since then technical previews and public beta of the platform has already been available. So I’m not going to cover this in detail as there are plenty of overview posts out there.

However the main announcement today on this front is it is NOW (FINALLY) GENERALLY AVAILABLE for customers to subscribe to. Yey!! The minimum subscription is based on 4 nodes (vSAN requirements).

 

VMware App Defence

A brand new offering that is being annouced today that will extend the security layer to the applications. This is pretty cool too and I’m not going to cover the details here. instead, I will be producing a dedicated post to cover this one later on this week.

Summary

All of these annoucements are the implementation milestones of the VMware Cross Cloud Architecture (CCA) initiative that VMware annouced during last year’s VMworld where VMware will enable the workload mobility between on-premise and all other various public cloud platforms, primarily through the use of NSX to extend the network fabric acorss all platforms. Customers can build these components out themselves or they can simply consume them via a hosted PaaS. I am very excited for all my customers as these capabilities will help you harness the best of each cloud platform and new technology innovations such as containers without loosing the end to end visibility, management capabilities and security of your multi-cloud infrastructure platform.

Cheers

Chan

Heading to VMworld 2017 in Vegas

For the 2nd year running, I’ve been extremely lucky to be able to attend the VMware’s premier technology roadshow, VMworld in the city that never sleeps. This is my 6th consecutive VMworld where I’ve attended the 2012-2015 events at Barcelona and the 2016 event in Vegas. Similar to the last year, I’ve been extremely lucky to be selected and be invited by VMware as an official VMworld blogger due to my vExpert status to attend the event free of charge. (Also well done to my fellow Insight teammate & vExpert Kyle Jenner for being picked to attend VMworld 2017 Europe as an official blogger too). Obviously we are both very lucky to have an employer who value our attendance at such industry events and is happy to foot the bill for other expenses such as logistics which is also appreciated. So thanks VMware & Insight UK.

I attended the VMworld 2016 also in Vegas and to be honest, that was probably not the best event to attend that year in hindsight as all the new announcements were reserved for the European edition a month after. However this year, the word on the street is that VMworld US will carry majority of the new announcements so I am very excited to find out about them before anyone else.!

VMworld 2017 Itineraries

Most people attending VMworld or any similar tech conference overseas would typically travel few days earlier or stay behind few days after the event to explore things around. Unfortunately for me and my in-explicable dedication to playing league cricket between April-September, I am only able to travel out on Sunday the 27th after the game on Saturday. Similarly I have to get back immediately after the event in time for the following Saturday’s game. Silly you might think! I’d tend to agree too.

  • Travel out: Sunday the 27th of August from Manchester to Las Vegas (Thomas Cook – direct flight)
  • Accommodation: Delano Las Vegas (next door to event venue which is Mandalay Bay Hotel)
  • Travel back: Thursday the 31st of August from Las Vegas to Manchester (Thomas Cook – direct flight)

 

Session planning

one of the most important thing one planning on attending VMworld should do (if you wanna genuinely learn something at the event that is), to plan your break out sessions that you want to attend in advance using the schedule builder. This year, I was very luck to be able to get this booked in almost as soon as the schedule builder went live. However even then, some of the popular sessions were fully booked which shows how popular this event is.

Given below is a list of my planned sessions

  • Sunday the 27th of August
    • 4-4:30pm – How to Use CloudFormations in vRealize Automation to Build Hybrid Applications That Span and Reside On-Premises & on VMware Cloud on AWS and AWS Cloud [MMC1464QU]

 

  • Monday the 28th of August
    • 9am-10:30am – General session (you can find me at the specialist blogger seats right at the front of the hall)
    • 12:30-1:30pm – Accelerate the Hybrid Cloud with VMware Cloud on AWS [LHC3159SU]
    • 2:30-3:30pm – Addressing your General Data Protection Regulation (GDPR) Challenges with Security and Compliance Automation Based on VMware Cloud Foundation [GRC3386BUS]
    • 3:30-4:30pm – Big Data for the 99% (of Enterprises) [FUT2634PU]
    • 5:30-6:30pm – VMC Hybrid Cloud Architectural Deep Dive: Networking and Storage Best Practices [LHC3375BUS]

 

  • Tuesday the 29th of August
    • 9am-10:30am – General session (you can find me at the specialist blogger seats right at the front of the hall)
    • 1-2pm – A Two-Day VMware vRealize Operations Manager Customer Success Workshop in 60 Minutes [MGT2768GU]
    • 2-3pm – AWS Native Services Integration with VMware Cloud on AWS: Technical Deep Dive [LHC3376BUS]
    • 3-6:30pm – VMware NSX Community Leaders (vExperts) Summit at Luxor hotel
    • 7-10pm – vExpert Reception – VMworld U.S. 2017 at Pinball Hall of Fame
    • 10pm-12am – Rubrik VMworld Party (Featuring none other than Ice Cube) at Marquee @ Cosmopolitan

 

  • Wednesday the 30th of August
    • 10-11am – Automating vSAN Deployments at Any Scale [STO1119GU]
    • 11-12am – Creating Your VMware Cloud on AWS Data Center: VMware Cloud on AWS Fundamentals [LHC1547BU]
    • 12:30-1:30pm – 3 Ways to Use VMware’s New Cloud Services for Operations to Efficiently Run Workloads Across AWS, Azure and vSphere: VMware and Customer Technical Session [MMC3074BU]
    • 3:30-4:30pm – Intriguing Integrations with VMware Cloud on AWS, EC2, S3, Lambda, and More [LHC2281BU]
    • 7-10pm – VMworld Customer Appreciation Party

 

  • Thursday the 31st of August
    • 10:30-11:30am – NSX and VMware Cloud on AWS: Deep Dive [LHC2103BU]

 

I have left some time in between sessions for blogging activities, various meetings, networking sessions and hall crawl which are also equally important as attending breakout sessions (If anything those are more important as the breakout session content will always be available online afterwards)

Thoughts & Predictions

VMworld is always a good event to attend and going by past experience, its a great event for finding out about new VMware initiatives and announcements as well as all the related partner ecosystem solutions, from the established big boys as well as relatively new or up and coming start-up’s that work with VMware technologies to offer new ways to solve todays business problems. I don’t see this year’s event being any different and my guess would be a lot of focus would be given to VMware’s Cross cloud architecture (announced last year) and everything related to that this year. Such things could include the availability of VMware Cloud on AWS and potentially some NSX related announcements that can facilitate this cross cloud architecture for the customers. We will have to wait and see obviously.

I will be aiming to get a daily summary blog out summarising key announcements from the day and any new or exciting solutions I come across. You can follow me on Twitter also for some live commentary throughout the day.

If you are a VMware customer or a partner, I would highly encourage you to attend VMworld at least once. It is a great event for learning new things, but also most importantly, its a great place to meet and gain access to back end VMware engineering staff that average people never get to see or interact with. This is very valuable if you are a techie. Also if you are a business person, you can network with key VMware executives and product managers to understand the future strategy of their product lines and also, collectively that of VMware.

 

VMware vSphere 6.5 Announced – What’s New?

Cover

VMware has just officially announced the launch of the newest version of vSphere 6.5 today at VMworld 2016 in Barcelona. I’ve been beta testing it for a while and, with the release of this new vSphere version 6.5, there are a number of new enhancements and features that customers would benefit from. I’ve attempted to summarize the key ones below. However note that there may also be many more little tweaks and enhancements that aren’t necessarily been made public by VMware as of yet, that we all will only come to know once its in production use

Out of these, I’ve listed what I think would be the most important ones in blue, below.

vSphere Lifecycle Management

  • Enhanced vCenter Install, Upgrade, Patch: 
    • Streamlined user experience while deploying, upgrading and patching for vCenter Server.              vCSA deploy options
      • Reduced clicks.
      • Client integration plugin NOT required!
      • No browser dependency
      • vCSA ovf deploy target can be ESXi or another vCenter
    • Upgrade option available from Windows version 5.5 & 6.0 to vCSA 6.5
      • vCenter 5.5 and above
      • Deployment type and config preserved
      • Embedded and external SQL and Oracle DB to move to embedded Postgres SQL db within the vCSA appliance
      • Built-in extensions migrated automatically.
      • Migration assistant (windows console application) guides the user with migration process (VMware-Migration-Assistant.exe)
    • Support for CLI template-based vCenter Server lifecycle management.
      • vCSA install via CLI supports install, upgrade form 5.5 or 6.0 to 6.5 and migration from
        • Number of .jason templates are provided and simply edit the templates                                                                                                    Templates
          • ./vcsa-deploy install <template.json>
  • vSphere Update Manager for vCenter Server Appliance:
    • Fully embedded and an integrated vSphere Update Manager experience for vCenter Server Appliance – with no Windows dependencies! (finally)
      • Migrating from Windows vCenter to vCSA 6.5 also enables migration of VUM to vCSA embedded VUM
        • Export baseline from Windows VUm to appliance
        • Support VUM running on the same appliance as vCenter Server Service or external appliance
        • VUM client fully integrated to web-client
  • Enhanced Auto Deploy:
    • New capabilities such as UI support, improved performance and scale, backup and restore of rules for Auto Deploy.
  • Improvements in Host Profiles:
    • Streamlined user experience and host profile management with several new capabilities including DRS integration, parallel host remediation, and improved audit quality compliance results.
  • VMware Tools Lifecycle Management:
    • Simplified and Scalable approach for install and upgrade of VMware Tools, Reboot less upgrade for Linux Tools, OSP upgrades, enhanced version and status reporting via API and UI.
  • Web Client improvements
    • Performance & Usability
    • HTML 5 enablement (Embedded HTML 5 host client as well as the HTML5 Web Client)
  • vCenter Appliance
    • Native HA solution for VCSA (out of the box)                                                                                 HA1            HA2                                     
    • Out of the box backup and restore (file based rather than snapshot based)
    • Enhanced scale and performance (without adding to the underlying host hardware)
    • VUM is now embedded in the VCSA – Yes finally…!!
      • Web client UI for VUM & Auto deploy capability (Auto deploy caching proxies available)
    • Host Profile enhancements
  • Simplified deployment
    • Migration tool from Windows to VCSA (Including VC and VUM migration as a single step migration to achieve upgrade and migrate)
    • CLI interface for VC install, upgrade and migrate – Scripted install and update capability for VC
    • Enhanced UI experience
  • Availability
    • Proactive HA
      • Detect catastrophic health conditions in hosts and notify VI admin, along with remediation steps…etc
      • Ability to vMotion VMs from partially degraded hosts
    • Predictive DRS
      • Evolve DRS to use prediction data from vROPS – Yes..!! Was just a matter of time….!!
      • Perform pre-emptive actions to prepare for CPU/Memory changes
      • Re-balancing of cluster proactively after maintenance events
    • Orchestrated VM Restart using HA:
      • Orchestrated restart allows admins to create dependency chains on VMs or VM groups, allowing for a restart order of these dependencies and multi-tiered applications should an HA restart occur.
      • Not only will Orchestrated restart do this in the order specified by the admin, it can also wait until the previous VM is running and ready before beginning the HA restart of a dependent VM.
    • Fault Tolerance
      • Scalability limits stay the same (4 vCPUs, /64GB vRAM & 8vCPU / 64GB vRAM support still the same)
      •  Improvements in vSphere 6.5
        • Performance improvements and maximum and average response times
          • Reduced max latency from 100ms to 12ms, average of 1ms through FT algo optimisations (i.e. avg ping response down to 1.1ms from 6.6ms in vSphere 6.0, increased TCP request / response throughput, Increased bandwidth)
        • Inter-operate with VSAN (already on 6.0 u1)
          • Persevere storage policies on VM’s in a vsan cluster
        • Interoperate with DRS
          • DRS considers FT requirements in determining optimal initial host placement
        • Multiple NIC aggregation for improved FT network performance
      • Future roadmap discussion topics for FT (no guarantee)
        • Restart FT VM in a different geographical site

vSphere Compute

  • Expanded Support for New Hardware, Architectures and Guest Operating Systems:
    • Expanded support for the latest x86 chipsets, devices and drivers.
    • NVMe enhancements, and several new performance and scale improvements due to the introduction of native driver stack.
  • Guest OS and Customization Support:
    • Continue to offer broad support for guest OS’s, including recent Windows 10 builds, the latest from RHEL 7.x, Ubuntu 16.xx, SUSE 12 SPx and CoreOS 899.x. and Tech Preview of Windows Server 2016.
  • VMware Host Client:
    • HTML5-based UI to manage individual ESX hosts.
    • Supported tasks include creating and updating of VM, host, networking and storage resources, VM console access, and performance graphs and logs to aid in ESX troubleshooting.
    • Negligible host requirements
    • Console access to VM through the WebMKS
    • HTML5 redirection for the vSphere client (C#)
  • Virtual Hardware 13:
    • VMs up to 6TB of memory, and provide UEFI secure boot for guest OS.
  • Increased Scalability and Performance for ESXi and vCenter Server:
    • Continued increases in scale and performance beyond vSphere 6
      • Cluster maximums increased to support up to 64 nodes and 8K VMs.
      • Virtual Machines supported up to 128 vCPUs and 6TB vRAM 
      • Hosts supported up to 480 physical CPUs , 12 TB RAM,
      • 64 TB data stores
      • 1000+ VMs.

vSphere Storage

  • Enhancements to Storage I/O Control:
    • Support for I/O limits, shares and reservations is now fully integrated with Storage Policy-Based Management. SIOC
    • Delivers comprehensive I/O prioritization for virtual machines accessing a shared storage pool.
  • Storage Policy-Based Management Components:
    • Easily create and reuse Storage Policy Components in policies to effectively manage a multitude of data services including encryption, caching, replication, and I/O control. (via SPBM – As yo can see in the screenshot below)     SIOC SPBM
  • Enhancements in NFS 4.1 client:
    • Support for stronger cryptographic algorithms with Kerberos (AES), support for IPV6 with Kerberos and also support for Kerberos integrity check (SEC_KRB5i).
    • PowerCLI support for NFS 4.1 as well in this release.
  • Increased Datastore & Path limit:
    • Number of LUNs supported per host increased to 1024 and number of Paths increased to 4096.
  • Native support for 4k native drives in 512e mode
    • Also means VSAN 6.5 now supports large 4k drives

Management

  • vSphere Web Client enhancements:
    • New Web Client UI features like Custom Attributes, Object Tabs, and Live Refresh are presented alongside other performance and usability improvements.
  • Content Library Improvements:
    • Enhancements to Content Library including ISO mount to a VM directly from Content Library, VM Guest OS customization, simplified library item update capabilities and optimizations in streaming content between vCenter Server.
  • Enhanced DRS:
    • Enhancements to DRS settings with addition of DRS Policies that provides easier way to set advanced options including capabilities like even distribution of virtual machines, consumed vs. active memory, CPU over-commitment.

Security

  • Secure Boot Support for ESXi Host and Guest VM:
    • UEFI secure boot for ESXi and VMs – Protection against image tampering during boot
      • At boot time, we have assurance that ESXi and Guest VM’s are booting the right set of vibs.
      • If the trust is violated, ESXi and the VM’s will not boot and customers can capture the outcome.
  • Enhanced vCenter Events, Alarms and vSphere Logging:
    • Enhancements to vSphere Logging and events to provide granular visibility into current state, changes made, who made the changes and when.
    • Deliver audit-quality logging – Easier auditing and troubleshooting and forensic analysis using logs
  • Other security enhancements
    • VM encryption (Disk + Data) – Can be used to lock down critical VMs
    • Provide file integrity monitoring to meet PCI DSS requirements
    • Encrypted vMotion – Yes finally..!! (provide secure vMotion)

 

There you have it. Some really cool and really innovative features and improvements being delivered by VMware as always. Also note that this is not a major product platform release but only a minor (step) release so the new feature set is relatively minor. Expect bigger and better changes in the next version of vSphere when due out (perhaps next year??)

Slide credit goes to VMware…!!

Cheers

Chan

VSAN, NSX on Cisco Nexus, vSphere Containers, NSX Future & a chat with VMware CEO – Highlights Of My Day 2 at VMworld 2016 US

In this post,  I will aim to highlight the various breakout sessions I’ve attended during the day 2 at VMworld 2016 US, key items / notes / points learnt and few other interesting things I was privy to  during the day that is worth mentioning, along with my thoughts on them…!!

Day 2 – Breakout Session 1 – Understanding the availability features of VSAN

vsan-net-deploy-support

  • Session ID: STO8179R
  • Presenters:
    • GS Khalsa – Sr. Technical Marketing manager – VMware (@gurusimran)
    • Jeff Hunter – Staff Technical Marketing Architect – VMware (@Jhuntervmware)

In all honesty, I wasn’t quite sure why I signed up to this breakout session as I know VSAN fairly well, including its various availability features as I’ve been working with testing & analysing its architecture and performance when VSAN was first launched to then designing and deploying VSAN solutions on behalf of my customers for a while. However, having attended the session it reminded me of a key fact that I normally try to never forget which is “you always learn something new” even when you think you know most of it.

Anyways, about the session itself, it was good and was mainly aimed at the beginners to VSAN but I did manage to learn few new things as well as refresh my memory on few other facts, regarding VSAN architecture. The key new ones I learnt are as follows

  • VSAN component statuses (as shown within vSphere Web Client) and their meanings
    • Absent
      • This means VSAN things the said component will probably return. Examples are,
        • Host rebooted
        • Disk pulled
        • NW partition
        • Rebuild starts after 60 mins
      • When an item is detected / marked as absent, VSNA typically wait for 60 minutes before a rebuild is started in order to allow temporary failure to rectify itself
        • This means for example, pulling disks out of VSAN will NOT trigger an instant rebuild / secondary copy…etc. so it wont be an accurate test of VSAN
    • Degraded
      • This typically means the device / component is unlikely to return. Examples include,
        • A permeant Device Loss (PDL) or a failed disk
      • When a degraded item is noted, a rebuild started immediately
    • Active-Stale
      • This means the device is back online from a failure (i.e. was absent) but the data residing on it are NOT up to date.
  • VSAN drive degradation monitoring is proactively logged in the following log files
    • vmkernel.log indicating LSOM errors
  • Dedupe and Compression during drive failures
    • During a drive failure, de-duplication and compression (al flash only) is automatically disabled – I didn’t know this before

 

Day 2 – Breakout Session 2 – How to deploy VMware NSX with Cisco Nexus / UCS Infrastructure

  • Session ID: NET8364R
  • Presenters:
    • Paul Mancuso – Technical Product Manager (VMware)
    • Ron Fuller – Staff System Engineer (VMware)

This session was about a deployment architecture for NSX which is becoming increasingly popular, which is about how to design & deploy NSX on top of Cisco Nexus switches with ACI as the underlay network and Cisco UCS hardware. Pretty awesome session and a really popular combination too. (FYI – I’ve been touting that both these solutions are better together since about 2 years back and its really good to see both companies recognising this and now working together on providing guidance stuff like these). Outside of this session I also found out that the Nexus 9k switches will soon have the OVS DB support so that they can be used as TOR switches too with NSX (hardware VTEP to bridge VXLANs to VLANs to communication with physical world), much like the Arista switches with NSX – great great news for the customers indeed.

ACI&NSX-2

I’m not going to summarise the content of this session but wold instead like to point people at the following 2 documentation sets from VMware which covers everything that this session was based on, its content and pretty simply, everything you need to know when designing NSX solutions together with Cisco ACI using Nexus 9K switches and Cisco UCS server hardware (blades & rack mounts)

One important thing to keep in mind for all Cisco folks though: Cisco N1K is NOT supported for NSX. All NSX prepped clusters must use vDS. I’m guessing this is very much expected and probably only a commercial decision rather than a technical one.

Personally I am super excited to see VMware ands Cisco are working together again (at least on the outset) when it comes to networking and both companies finally have realised the use cases of ACI and NSX are somewhat complementary to each other (i.e. ACI cannot do most of the clever features NSX is able to deliver in the virtual world, including public clouds and NSX cannot do any of the clever features ACI can offer to a physical fabric). So watch this space for more key joint announcements from both companies…!!

Day 2 – Breakout Session 3 – Containers for the vSphere admin

Capture

  • Session ID: CNA7522
  • Presenters:
    • Ryan Kelly – Staff System Engineer (VMware)

A session about how VMware approaches the massive buzz around containerisation through their own vSphere integrated solution (VIC) as well as a brand new hypervisor system designed from ground up with containerisation in mind (Photon platform). This was more of a refresher session for than anything else and I’m not going to summarise all of it but instead, will point you to the dedicated post I’ve written about VMware’s container approach here.

Day 2 – Breakout Session 4 – The architectural future of Network Virtualisation

the-vision-for-the-future-of-network-virtualization-with-vmware-nsx-27-638

  • Session ID: NET8193R
    Presenters: Bruce Davie – CTO, Networking (VMware)

Probably the most inspiring session of the day 2 as Bruce went through the architectural future of NSX where he described what the NSX team within VMware are focusing on as key improvements & advancements of the NSX platform. The summary of the session is as follows

  • NSX is the bridge from solving today’s requirement to solving tomorrow’s IT requirements
    • Brings remote networking closer easily (i.e. Stretched L2)
    • Programtically (read automatically) provisoned on application demand
    • Security ingrained at a kernel level and every hop outwards from the applications
  • Challenges NSX is trying address (future)
    • Developers – Need to rapidly provision and destroy complex networks as a pre-reqs for applications demanded by developers
    • Micro services – Container networking ands security
    • Containers
    • Unseen future requirements
  • Current NSX Architecture
    • Cloud consumption plane
    • Management plane
    • Control plane
    • Data plane
  • Future Architecture – This is what the NSX team is currently looking at for NSX’s future.
    • Management plane scale out
      • Management plane now needs to be highly available in order to constantly keep taking large number of API calls for action from cloud consumption systems such as OpenStack, vRA..etc – Developer and agile development driven workflows….etc.
      • Using & scaling persistent memory for the NSX management layer is also being considered – This is to keep API requests in persistent memory in a scalable way providing write and read scalability & Durability
      • Being able to take consistent NSX snapshots – Point in time backups
      • Distributed log capability is going to be key in providing this management plane scale out whereby distributed logs that store all the API requests coming from Cloud Consumption Systems will be synchronously stored across multiple nodes providing up to date visibility of the complete state across to all nodes, while also increasing performance due to management node scale out
    • Control plane evolution
      • Heterogeneity
        • Currently vSphere & KVM
        • Hyper-V support coming
        • Control plane will be split in to 2 layers
          • Central control plane
          • Local control plane
            • Data plane (Hyper-V, vSphere, KVM) specific intelligence
    • High performance data plane
      • Use the Intel DPDK – A technology that optimize packet processing in Intel CPU
        • Packet switching using x86 chips will be the main focus going forward and new technologies such as DPDK will only make this better and better
        • DPDK capacities are best placed to optimise iterative processing rather than too many context switching
        • NSX has these optimisation code built in to its components
          • Use DPDK CPUs in the NSX Edge rack ESXi servers is  a potentially good design decision?
  • Possible additional NSX use cases being considered
    • NSX for public clouds
      • NSX OVS and an agent is deployed to in guest – a technical preview of this solution was demoed by Pat Gelsinger during the opening key note on day 1 of VMworld.
    • NSX for containers
      • 2 vSwitches
        • 1 in guest
        • 1 in Hypervisor

 

My thoughts

I like what I heard from the Bruce about the key development focus areas for NSX and looks like all of us, partners & customers of VMware NSX alike, are in for some really cool, business enabling treats from NSX going forward, which kind of reminds me of when vSphere first came out about 20 years ago :-). I am extremely excited about the opportunities NSX present to remove what is often the biggest bottleneck enterprise or corporate IT teams have to overcome to simply get things done quickly and that is the legacy network they have. Networks in most organisations  are still very much managed by an old school minded, networking team that do not necessarily understand the convergence of networking with other silos in the data center such as storage and compute, and most importantly when it comes to convergence with modern day applications. It is a fact that software defined networking will bring the efficiency to the networking the way vSphere brought efficiency to compute (want examples how this SDN efficiency is playing today? Look at AWS and Azure as the 2 biggest use cases) where the ability to spin up infrastructure, along with a “virtual” networking layer significantly increases the convenience for the businesses to consume IT (no waiting around for weeks for your networking team to set up new switches with some new VLANs…etc.) as well as significantly decreasing the go to market time for those businesses when it comes to launching new products / money making opportunities. All in all, NSX will act as a key enabler for any business, regardless of the size to have an agile approach to IT and even embrace cloud platforms.

From my perspective, NSX will provide the same, public cloud inspired advantages to customers own data center and not only that but it will go a step further by effectively converting your WAN to an extended LAN by bridging your LAN with a remote network / data center / Public cloud platform to create something like a LAN/WAN (Read LAN over WAN – Trade mark belongs to me :-))which can automatically get deployed, secured (encryption) while also being very application centric (read “App developers can request networking configuration through an API as a part of the app provisioning stage which can automatically apply all the networking settings including creating various networking segments, routing in between & the firewall requirements…etc. Such networking can be provisioned all the way from a container instance where part of the app is running (i.e. DB server instance as a container service) to a public cloud platform which host the other parts (i.e. Web servers).

I’ve always believed that the NSX solution offering is going to be hugely powerful given its various applications and use cases and natural evolution of the NSX platform through the focus areas like those mentioned above will only make it an absolute must have for all customers, in my humble view.

 

Day 2 – Meeting with Pat Gelsinger and Q&A’s during the exclusive vExpert gathering

vExpert IMG_5750

As interesting as the breakout sessions during the day have been, this was by far the most significant couple of hours for me on the day. As a #vExpert, I was invited to an off site, vExpert only gathering held at Vegas Mob Museum which happened to include VMware CEO, Pat Gelsinger as the guest of honour. Big thanks to the VMware community team lead by Corey Romero (@vCommunityGuy) for organising this event.

This was an intimate gathering for about 80-100 VMware vExperts who were present at VMworld to meet up at an off site venue and discuss things and also to give everyone a chance to meet with VMware CEO and ask him direct questions, which is something you wouldn’t normally get as an ordinary person so it was pretty good. Pat was pretty awesome as he gave a quick speech about the importance of vExpert community to VMware followed up by a Q&A session where we all had a chance to ask him questions on various fronts. I myself started the Q&A session by asking him the obvious question, “What would be the real impact on VMware once the Dell-EMC merger completes” and Pats answer was pretty straight forward. As Michael Dell (who happened to come on stage during the opening day key note speech said it himself), Dell is pretty impressed with the large ecosystem of VMware partners (most of whom are Dell competitors) and will keep that ecosystem intact going forward and Pat echoed the same  message, while also hinting that Dell hardware will play a key role in all VMware product integrations, including using Dell HW by default in most pre-validated and hyper-converged solution offerings going forward, such as using Dell rack mount servers in VCE solutions….etc. (in Pat’s view, Cisco will still play a big role in blade based VCE solution offerings and they are unlikely to walk away from it all just because of Dell integration given the substantial size of revenue that business brings to Cisco).

If I read in between the lines correctly (may be incorrect interpretations from my end here),  he also alluded that the real catch of the EMC acquisition as far as Dell was concerned was VMware. Pat explained that most of the financing charges behind the capital raised by Dell will need to be paid through EMC business’s annual run rate revenue (which by the way is roughly the same as the financing interest) so in a way, Dell received VMware for free and given their large ecosystem of partners all contributing towards VMware’s revenue, it is very likely Dell will continue to let VMware run as an independent entity.

There were other interesting questions from the audience and some of the key points made by Pat in answering those questions were,

  • VMware are fully committed to increasing NSX adoption by customers and sees NSX as a key revenue generator due to what it brings to the table – I agree 100%
  • VMware are working on the ability to provide networking customers through NSX, a capability similar to VMotion for compute as one of their (NSX business units) key goals. Pat mentioned that engineering in fact have this figured out already and testing internally but not quite production ready.
  • In relation to VMware’s Cross Cloud Services as a service offering (announced by Pat during the event opening keynote speech), VMware are also working on offering NSX as a service – Though the detail were not discussed, I’m guessing this would be through the IBM and vCAN partners
  • Hinted that a major announcement on the VMware Photon platform  (One of the VMware vSphere container solutions) will be taking place during VMworld Barcelona – I’ve heard the same from the BU’s engineers too and look forward to Barcelona announcements
  • VMware’s own cloud platform, vCloud air WILL continue to stay focused on targeted use cases while the future scale of VMware’s cloud business will be expected to come from the vCAN partners (hosting providers that use VMware technologies and as a result are part of the VMware vCloud Air Network…i.e IBM)
  • Pat also mentioned about the focus VMware will have on IOT and to this effect, he mentioned about the custom IOT solution VMware have already built or working on (I cannot quite remember which was it) for monitoring health devices through the Android platform – I’m guessing this is through their project ICE and LIOTA (Little IOT Agent) platform which already had similar device monitoring solutions being demoed in the solutions exchange during VMworld 2016. I mentioned about that during my previous post here

It was really good to have had the chance to listen to Pat up close and be able to ask direct questions and get frank answers which was a fine way to end a productive and an education day for me at VMworld 2016 US

Image credit goes to VMware..!!

Cheers

Chan

 

 

VMworld 2016 US – Key Announcements From Day 2

A quick summary of this morning’s key note speech at VMworld 2’016 US and few annoucements.

Opening Keynote Speech

The morning keynote speech was hosted by Sunjay Poonan (@Spoonan), who heads up the EUC BU within VMware. Sunjay’s speech was pretty much in line with the general VMware focus areas, mentioned yesterdays key note by Pat Gelsinger which is a complete solution that enable customers of todays enterprises & corporates the ability to use any device, any app & any cloud platform as they see fit without having to worry about workload mobility, cross platform management and monitoring.

While yesterdays session was more focused on the server side of things, Sunjay’s message today was focused on the End User Computing side of things, predictably to a bigger degree. The initial messaging was around the VMware Workspace One suite.

Workspace One suite with VMware identity manager appears to be focusing more and more on the following 3 key areas which are key to todays enterprise IT.

  • Apps and identity
  • Desktop & Mobile
  • Management & Security

Workspace one integration with mobile devices to push out corporate apps on mobile devices similar to Apple app store like interface was demoed which emphasize the slick capabilities of the solution which really appears to be ready for primetime now. He also demoed the conditional access capabilities wihtin the Horizon Workspace suite that prevents data sharing between managed and unmanaged apps. The conditional access can also be extended out to NSX to utilise micro segmentation hand in hand to provide even tighter security which is quite handy.

Stephanie Buscemi – EVP of Salesforce came on stage to talk about how they use VMware Wotrkspace suite to empower their sales people to work on the go which was pretty cool I thought, though there was a little marketing undertone to the whole pitch.

  • My take: Personally I dont cover EUC offerings that much myself though I have a good awareness of their Digital Workspace strategy and have also had hands on design and experience with the Horizon View from back in the days. However I can see the EUC offering from VMware getting better and better every day over the last 5 odd years and dare I say, right now, its one of the best solutions out there for most customers if not the best, given its feature set and the integration to other VMware and non VMware compoenents in the back end data center and Cloud. If you are looking at any EUC solutions, this should be on top of your list to investigate / evaluate.

Endpoint Security

VMware TrustPoint powered by Tanium was showcased and its integration with AirWatch to provide a mobile device management solution togewther with a comprehensive security solution that can track devices and their activities real time (no database-full of old device activity info) and apply security controls real time too. This looked a very attractive proposition given the security concerns of the todays enterprise and I can see where this would add value, provided that the costs stack up.

Free VMware Fusion and Workstation license annouicement

VMware also annouced today thye availability of VMware Fusion and Workstation free liceses to all VMworld attendees through the VMworld 2016 app (already claimed mine) – pretty cool huh?

Cloud Native Applications

Kit Colbert, Cloud Native CTO at VMware spoke about the challenges of using the containerised apps in the enterprise environments which currently lacks a comprehensive management solution. Having been looking at containerisation myself and its practical use for majority of ordinary customers, I can relate to that too myself, especially when you compare managing applications based on containers like Docker to legacy appications that run on a dedicated OSE (Windows, Linux…etc) which can be managed, tracked and monitored with session & data persistence that is lacking in a container instance to a level withouth 3rd party components.

Today, couple of new additional features have been annouced on VIC as folows (If you are new to VIC, refer to my intro blog post here)

  • New: Container registry
  • New: Container management portal

1

vSphere Integrated Containers beta programme is also now available if you want to have a look at http://learn.vmware.com/vicbeta

 

VMware Integrated OpenStack (VIO)

Also, VIO 3.0 was oifficially annouced today by Kit. I was privy to this information beforehand due to a vExpert only briefing for the same but was not able to disclose anything due to embargo until now.

VIO is a VMware customised distro of OpenStack and the below slide should give you an intro for those of you who aren’t familer with VIO all that well.

VIO1

Running native OpenStack is a bit of a nightmare as it requires lots of skills and resources which restricts its proper production use to large scale organisations with plenty of technical expertise and resources. Based on my experience, lots of customers that I know who’ve initially started out with ambitious (vanila) OpenStack projects have decided to abandon half way through due to complexity…etc. to switch back to vSphere. VIO attempts to solve this somewhat to help customers run OpenStack with a VMware flavour to make things easier for mass customer adoptoin.

The annoucements for VIO was the release of the VIO 3.0 which has the following key features / improvements

  • Mitaka Based
    • VIO 3.0 distribution is now based on the latest OpenStack release (Mitaka)
    • Leverage the latest features and enhancement of the Mitaka Release
      • Improved day-to-day experience for cloud admins and administrators.
      • Simplified configuration for Nova compute service.
      • Streamlined Keystone identity service is now a one-step process for setting up the identity management features of a cloud network.
      • Keystone now supports multi-backend allowing local authentication and AD accounts simultaneously.
      • Heat’s convergence engine optimized to handle larger loads and more complex actions for horizontal scaling for improved performance for stateless mode.
      • Enhanced OpenStack Client provides a consistent set of calls for creating resources no longer requiring the need to learn the intricacies of each service API.
      • Support for software development kits (SDKs) in various languages.
        –New “give me a network,” feature capable of creating a network, attaching a server to it, assigning an IP to that server, and making the network accessible, in a single action
  • Compact VIO control pane
    • VIO management control plane has been optimized and architected to run in a compact architecture   VIO
      • Reduces infrastructure and costs required to run an OpenStack Cloud
      • Ideal for multiple small deployments
      • Attractive in relaxed SLA scenarios
      • Database backed up in real time: No data loss
    • Slimmer HA architecture
      • VIO0
      • educed footprint on management cluster
      • Full HA: No service downtime
      • Database replication: No data loss
      • 6000+ VMs
      • 200+ Hypervisors
  • Import existing vSphere workloads
    • Existing vSphere VMs can be imported and managed via VIO OpenStack APIs
      • Quickly import vSphere VMs into VIO
      • Start managing vSphere VMs through standard OpenStack APIs
    • Quickly start consuming existing VMs through OpenStack

 

Nike CTO who’s a VIo customer came on stage to discuss how Nike deployed a large greenfield OpenStack deployment using VMware Integrated OpenStack (VIO) and an EUC solution at all Nike outlets / shops using Airwatch which was a good testement for customer confidence though it did have a little markletting undertone to it all.

 

NSX

the head of the NSX business unit within VMware highlighted the key advancements NSX have made and the 400% YoY growth of adoption from fee paying customers deploying NSX to benefit from Micro segmentation (through the distributed firewall capability) and automation and orchestration. NSX roadmap extends far beyond what you can imagine as its current usecases and its sufficient to say that NSX will play a being part as an enabler for customers to freely move their workloads from onbe place (i.e. On premise) to a Public cloud (i.e. AWS) through the dynamic extension of L2 adjacency and other LAN services, transforming the WAN in to an extended LAN.

To this effect, VMware also announced the availability of a free NSX Pre-Assessment which is now intended to enable customers to employ the Assess -> Plan -> Enforce -> Monitor approcah to NSX adoption.

 

VSAN

Yanbing Li, whos the VSAN business unit head came on stage and discussed the hugh demand from customers in VSAN which currently stands over 5000 fee paying customers using VSAN in production as the preferred storage for vSphere. The following roadmap items were also mentioned for VSAN

  • VSAN is the default supported storage platform for VIO and Photon.
  • Intelligent performance analytics & policies in VSAN for proactive management
  • Fully integreated software defined encryption for VSAN

There are couple of other new features coming out soon which I am fully aware of but were not annouced during VMworld 2016 US so im guressing they’ll be annouced during the Barcelona event? (I cannot disclose until then of course :-))

All in all, not a large number of new product or feature accouncements on day 2. But the key message is NSX & VSAN are key focius areads (we already knew this) and VIC & VIO will continue to be improved which is good to see.

 

Slide credit goes to VMware

 

Cheers

Chan

 

 

VMworld 2016 US – Arrival & Summary From Day 0

Entrance

A very quick post on the my first day at VMWare VMworld 2016 US today and few tips for the attendees of the event.

As per explained my previous post, I’ve arrived at Vegas on Sunday afternoon as had planned after which felt like a looooong flight from London Heathrow, via Chicago to Vegas. I had been up since about 4am Sunday morning to catch the early flight and having not had much sleep on the flight (doesn’t work for me), I managed to get to my hotel by around 2pm. And unfortunately due to sheer number of guests arriving (mostly VMworld guests form what I could see), I then spent the next 2 & 1/2 hours simply queuing at the check-in desk which really didn’t help.

Anyhow, after check-in -> Shower, I decided to have a quick shower and go over to the event venue (its a short cab ride away from my hotel) in order to register and collect my badge before the morning rush on the event’s public opening day on Tuesday which went smoothly as been the case at every other VMworld event I’ve attended.

After the registration, it is typical that you go to collect your official VMworld back pack and having picked up this years, I have  to say I’m not impressed. it looks a little tacky compared to previous years and slightly on the cheaper side when it comes to the build quality etc. So I’m thinking that I’d stick to using the last years bag myself and give the new one away to a colleague / customer who might appreciate it more than I would.

Bag comparison

After collecitng the bag, I ventured out to the Solutipons Exchange. Solutions Exchange is where all the VMware partners (other vendors) have their exhibitoion booths that showcase all of their product and solution offerings that typically go hand in hand with VMware (and competitive offerings in some cases like Nutanix).

In the solutions exchange, I had a brief look around, spoke to few vendors after which I moved on to go find my fellow VMUG members at the VMUG party at house of Blues with a live band to have few drinks and catch up. Well, sure I had some drinks but didn’t really see many that I knew as it turned out most of the attendees were form all the US VMUG’s whom I’d never met 🙂

IMG_5684

After couple of drinks and some food there, I was feeling pretty tired given the extra long day I’d had by then and decided to go back to my hotel for getting this post out and catching up on some sleep. I decided to take the tram from the venue (Mandalay bay hotel) which takes you all the way to Luxor hotel & Casino which was a short walk away from my hotel. As I was walking over one of the flyovers, I did manage to get a nice view of the famous Vegas strip too which looks full of life at night (below) though my priority was just getting back my air conditioned room pronto as I’d had enough of the heat by this time (note to myself: no more walking between hotels)

IMG_5685

 

Cheers

Chan

 

#VMworld 2016 #Day 0