Using vRealize Log Insight to troubleshoot #ESXi 7 Error – Host hardware voltage System board 18 VBAT

Posted on

This blog post demonstrates how I used vRLI to solve what seemed like a complex issue and it helped to simplify the outcome.   I use vRLI all the time to parse log files from my devices (hosts, VM’s, etc.), pinpoint data, and resolve issues.  In this case a simple CMOS battery was the issue but its the power of vRLI that allowed me to find detailed enough information to pinpoint the problem.

Recently I was doing some updates on my Home Lab Gen 7 and I noticed this error kept popping up – ‘Host hardware voltage’.  At first I started thinking, might be time for a new power supply, this seems pretty serious.

Next I started looking into this error.  On the host I went into Monitor > Hardware Health > Sensors.  The first sensor to appear gave me some detail around the sensor fault but not quite enough information to figure out what the issue was.  I noted the sensor information – ‘System Board 18 VBAT’

I went into the Supermicro Management interface to see if I could find out more information.  I found some more information around VBAT.  Looks like 3.3v DC is what its expecting, and the event log seems to be registering errors around it, but still not enough to know what exactly is faulting.

With this information I launched vRLI and went into Interactive Analytics.  I choose the last 48 hours and typed ‘vbat’ into the search field.  The first hit that came up stated – ‘Sensor 56 type voltage, Description System Board 18 VBAT state assert for…’  This was very simlar to the errors I noted from ESXi and from the Supermicro motherboard.

Finally, a quick google led me to Intel webpage.  Turns out VBAT was just a CMOS battery issue.

I powered down the host and pulled out the old CMOS battery.  The old battery was pretty warm to the touch. When I placed in on a volt meter and it read less than one volt.

I checked the voltage on the new battery, it came back with 3.3v and inserted into the host.  Since the change the system board has not reported any new errors.

Next I go into vRNI to ensure the error has disappeared from the logs.  I type in ‘vbat’, set my date/time range, and view the results.  From the results, you can see that the errors stopped about 16:00 hours.  That is about the time I put the new battery in, and you see its been error free from for the last hour.  Over the next day or two I’ll check back and make sure its error free.  Additionally, if I wanted to I could setup and alarm to trigger if the log entry returns.

Its results like this is why I like using vRLI to help me troubleshoot, resolve, alert, and monitor results.

If you like my ‘no-nonsense’ videos and blogs that get straight to the point… then post a comment or let me know… Else, I’ll start posting really boring content!

 

 

 

 

Update to VMware Security-Advisory VMSA-2020-0023.1 | Critical, Important CSSv3 5.9-9.8 OpenSLP | New ESXi Patches Released

Posted on Updated on

VMware Security team released this updated information, follow up with VMware if you have questions.

 

Important Update Notes

The ESXi patches released on October 20, 2020 did not address CVE-2020-3992 completely. The ESXi patches listed in the Response Matrix in section 3a have been updated to contain the complete fix for CVE-2020-3992.

In Reference to OpenSLP vulnerability in Section 3a

VMware ESXi 7.0 ESXi70U1a-17119627   (Updated)

Download
Documentation

VMware ESXi 6.7 ESXi670-202011301-SG  (Updated)
Download
Documentation

Note; VMware Cloud Foundation ESXi 3.x & 4.x are still pending at this time.

VMware ESXi

  • VMware vCenter
  • VMware Workstation Pro / Player (Workstation)
  • VMware Fusion Pro / Fusion (Fusion)
  • NSX-T
  • VMware Cloud Foundation
VMSA-2020-0023.1 Severity: Critical
CVSSv3 Range 5.9-9.8
Issue date: 10/20/2020 and updated 11/04/2020
Synopsis: VMware ESXi, vCenter, Workstation, Fusion and NSX-T updates address multiple security vulnerabilities
CVE numbers: CVE-2020-3981   CVE-2020-3982  CVE-2020-3992  CVE-2020-3993  CVE-2020-3994  CVE-2020-3995

 

 

1. Impacted Products
  • VMware ESXi
  • VMware vCenter
  • VMware Workstation Pro / Player (Workstation)
  • VMware Fusion Pro / Fusion (Fusion)
  • NSX-T
  • VMware Cloud Foundation
2. Introduction
Multiple vulnerabilities in VMware ESXi, Workstation, Fusion and NSX-T were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.
3a. ESXi  OpenSLP remote code execution vulnerability (CVE-2020-3992)  Critical
IMPORTANT: The ESXi patches released on October 20, 2020 did not address CVE-2020-3992 completely, see section (3a) Notes for an update.

 Description:
OpenSLP as used in ESXi has a use-after-free issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

Known Attack Vectors

A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution.

Resolution To remediate CVE-2020-3992 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Workarounds Workarounds for CVE-2020-3992 have been listed in the ‘Workarounds’ column of the ‘Response Matrix’ below.

Notes

The ESXi patches released on October 20, 2020 did not address CVE-2020-3992 completely. The ESXi patches listed in the Response Matrix below are updated versions that contain the complete fix for CVE-2020-3992.

Response Matrix Critical
Product Version Running On CVE Identifier CVSSv3 Fixed Version Workarounds
ESXi 7.0 Any CVE-2020-3992 9.8 ESXi70U1a-17119627 Updated KB76372
ESXi 6.7 Any CVE-2020-3992 9.8 ESXi670-202011301-SG  Updated KB76372
ESXi 6.5 Any CVE-2020-3992 9.8 ESXi650-202011401-SG KB76372
Cloud Foundation (ESXi) 4.x Any CVE-2020-3992 9.8 Patch Pending KB76372
Cloud Foundation (ESXi) 3.x Any CVE-2020-3992 9.8 Patch Pending KB76372
Only section 3a has been updated at this time;  The rest of the VMSA is the same; only the links to the new ESX 7U1a and 6.7 updates have been included below this line.
3b. NSX-T Man-in-the-Middle vulnerability MITM (CVE-2020-3993) Important
Description:
VMware NSX-T contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.5.Known Attack Vectors A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node.Resolution To remediate CVE-2020-3993 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Workarounds: None

Response Matrix Important
Product Version Running On CVE Identifier CVSSv3 Fixed Version Workarounds
NSX-T 3.x Any CVE-2020-3993 7.5 3.0.2 None
NSX-T 2.5.x Any CVE-2020-3993 7.5 2.5.2.2.0 None
Cloud Foundation (NSX-T) 4.x Any CVE-2020-3993 7.5 4.1 None
Cloud Foundation (NSX-T) 3.x Any CVE-2020-3993 7.5 3.10.1.1 None
3c. Time-of-check to time-of-use TOCTOU out-of-bounds read vulnerability (CVE-2020-3981)  Important
Description:
VMware ESXi, Workstation and Fusion contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1.Known Attack Vectors A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.Resolution To remediate CVE-2020-3981 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

 Workarounds: None

Response Matrix Important
Product Version Running On CVE Identifier CVSSv3 Fixed Version Workarounds
ESXi 7.0 Any CVE-2020-3981 7.1 ESXi_7.0.1-0.0.16850804 None
ESXi 6.7 Any CVE-2020-3981 7.1 ESXi670-202008101-SG None
ESXi 6.5 Any CVE-2020-3981 7.1 ESXi650-202007101-SG None
Fusion 12.x OS X CVE-2020-3981 N/A Unaffected N/A
Fusion 11.x OS X CVE-2020-3981 7.1 11.5.6 None
Workstation 16.x Any CVE-2020-3981 N/A Unaffected N/A
Workstation 15.x Any CVE-2020-3981 7.1 Patch pending None
Cloud Foundation (ESXi) 4.x Any CVE-2020-3981 7.1 4.1 None
Cloud Foundation (ESXi) 3.x Any CVE-2020-3981 7.1 3.10.1 None
3d. TOCTOU out-of-bounds write vulnerability (CVE-2020-3982)
Description:
VMware ESXi, Workstation and Fusion contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.9.Known Attack Vectors A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine’s vmx process or corrupt hypervisor’s memory heap.

Resolution To remediate CVE-2020-3982 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

 Workarounds: None

Response Matrix Moderate
Product Version Running On CVE Identifier CVSSv3 Fixed Version Workarounds
ESXi 7.0 Any CVE-2020-3982 5.9 ESXi_7.0.1-0.0.16850804 None
ESXi 6.7 Any CVE-2020-3982 5.9 ESXi670-202008101-SG None
ESXi 6.5 Any CVE-2020-3982 5.9 ESXi650-202007101-SG None
Fusion 12.x OS X CVE-2020-3982 N/A Unaffected N/A
Fusion 11.x OS X CVE-2020-3982 5.9 11.5.6 None
Workstation 16.x Any CVE-2020-3982 N/A Unaffected N/A
Workstation 15.x Any CVE-2020-3982 5.9 Patch pending None
Cloud Foundation (ESXi) 4.x Any CVE-2020-3982 5.9 4.1 None
Cloud Foundation (ESXi) 3.x Any CVE-2020-3982 5.9 3.10.1 None
3e. vCenter Server update function MITM vulnerability (CVE-2020-3994)  Important
Description:  VMware vCenter Server contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.5.

Known Attack Vectors A malicious actor with network positioning between vCenter Server and an update repository may be able to perform a session hijack when the vCenter Server Appliance Management Interface is used to download vCenter updates.

Resolution To remediate CVE-2020-3994 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

 Workarounds: None 

Response Matrix Important
Product Version Running On CVE Identifier CVSSv3 Fixed Version Workarounds
vCenter Server 7.0 Any CVE-2020-3994 N/A Unaffected N/A
vCenter Server 6.7 vAppliance CVE-2020-3994 7.5 6.7u3 None
vCenter Server 6.7 Windows CVE-2020-3994 N/A Unaffected N/A
vCenter Server 6.5 vAppliance CVE-2020-3994 7.5 6.5u3k None
vCenter Server 6.5 Windows CVE-2020-3994 N/A Unaffected N/A
Cloud Foundation (vCenter) 4.x Any CVE-2020-3994 N/A Unaffected N/A
Cloud Foundation (vCenter) 3.x Any CVE-2020-3994 7.5 3.9.0 None
3f. VMCI host driver memory leak vulnerability (CVE-2020-3995)  Important
Description:  The VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1.

Known Attack Vectors A malicious actor with access to a virtual machine may be able to trigger a memory leak issue resulting in memory resource exhaustion on the hypervisor if the attack is sustained for extended periods of time.

 Resolution To remediate CVE-2020-3995 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

 Workarounds: None.

Response Matrix Important
Product Version Running On CVE Identifier CVSSv3 Fixed Version Workarounds
ESXi 7.0 Any CVE-2020-3995 N/A Unaffected N/A
ESXi 6.7 Any CVE-2020-3995 7.1 ESXi670-201908101-SG None
ESXi 6.5 Any CVE-2020-3995 7.1 ESXi650-201907101-SG None
Fusion 11.x Any CVE-2020-3995 7.1 11.1.0 None
Workstation 15.x Any CVE-2020-3995 7.1 15.1.0 None
Cloud Foundation (ESXi) 4.x Any CVE-2020-3995 N/A Unaffected N/A
Cloud Foundation (ESXi) 3.x Any CVE-2020-3995 7.1 3.9.0 None
4. References
VMware ESXi 7.0 ESXi70U1a-17119627   (Updated)

Download
Documentation

VMware ESXi 6.7 ESXi670-202011301-SG  (Updated)
Download
Documentation

VMware ESXi670-202008101-SG  (Included with August’s Release of ESXi670-202008001)

Download
Documentation

 VMware ESXi 6.7 ESXi670-202010401-SG
Download
Documentation

VMware vCenter Server 6.7u3

Download
Documentation

VMware vCenter Server 6.5u3k

Download
Documentation

VMware Workstation Pro 15.6

Download

Documentation

VMware Workstation Player 15.6
Download
Documentation

VMware Fusion 11.5.6
Download
Documentation

 VMware NSX-T 3.0.2
Download
Documentation

 VMware NSX-T 2.5.2.2.0
Download

Documentation

VMware vCloud Foundation 4.1

Download

Documentation

VMware vCloud Foundation 3.10.1 & 3.10.1

Download
Documentation

VMware vCloud Foundation 3.9.0

Download
Documentation

Mitre CVE Dictionary Links:
CVE-2020-3981
CVE-2020-3982
CVE-2020-3992
CVE-2020-3993
CVE-2020-3994
CVE-2020-3995 

FIRST CVSSv3 Calculator:

CVE-2020-3981
CVE-2020-3982 

CVE-2020-3992

CVE-2020-3993

CVE-2020-3994

CVE-2020-3995

5. Change Log
2020-10-20 VMSA-2020-0023 Initial security advisory.

2020-11-04 VMSA-2020-0023.1 Updated ESXi patches for section 3a

Disclaimer
This enablement email derives from our VMware Security Advisory and is accurate at the time of creation.  Bulletins maybe updated periodically, when using this email as future reference material, please refer to the full & updated VMware Security Advisory VMSA-2020-0023.1

Updating #VMware #HomeLab Gen 5 to Gen 7

Posted on

Not to long ago I updated my Gen 4 Home Lab to Gen 5 and I posted many blogs and video around this.  The Gen 5 Lab ran well for vSphere 6.7 deployments but moving into vSphere 7.0 I had a few issues adapting it.  Mostly these issues were with the design of the Jinsha Motherboard.  I noted most of these challenges in the Gen 5 wrap up video. Additionally, I had some networking requirements that required several Intel NICs and Home Lab Gen 5 was not going to adapt well or would be very costly to adapt.  These combined adaptions forced my hand to migrate to what I’m calling Home Lab Gen 7.  Wait a minute, what happen to Home Lab Gen 6? I decided to align my Home Lab Generation numbers to match vSphere release number, so I skipped Gen 6 to align.

First: I review my design goals:

Be able to run vSphere 7.x and vSAN Environment
Reuse as much as possible from Gen 5 Home lab, this will keep costs down
Choose products that bring value to the goals, are cost effective, and if they are on the VMware HCL that a plus but not necessary for a home lab
Keep networking (vSAN / FT) on 10Gbe Switch
Support 4 x Intel Gbe Networks
Support have enough CPU cores and RAM to be able to support multiple VMware products (ESXi, VCSA, vSAN, vRO, vRA, NSX, LogInsight)
Be able to fit the the environment into 3 ESXi Hosts
The environment should run well, but doesn’t have to be a production level environment

Second – Evaluate Software, Hardware, and VM requirements:

This is not going to change much from Gen 5, but I used the table from my ‘HOME LABS: A DEFINITIVE GUIDE’, for vSphere 7 and calculated CPU, RAM, and Disk space I’ll need.

Third – Home Lab Design Considerations

This too will be very similar to Gen 5, but I do review this table and make any last changes to my design

Four – Choosing Hardware

Based on my estimations above I’m going to need a very flexible Mobo, supporting lots of RAM, good network connectivity, and should be as compatible as possible with my Gen 5 hardware.  I’ve reused many parts from Gen 5 but the main change came with the Supermicro Motherboard and the addition of 2TB SAS HDD listed below.

Note: I’ve listed the newer items in Italics all other parts I’ve carried over from Gen 5.

Overview:

  • My Gen 7 Home Lab is based on vSphere 7 (VCSA, ESXi, and vSAN) and it contains 3 x ESXi Hosts, 1 x Windows 10 Workstation,  4 x Cisco Switches, 1 x MikroTik 10gbe Switch, 2 x APC UPS

ESXi Hosts:

  • Case:
  • Motherboard:
  • CPU:
    • CPU: Xeon E5-2640 v2 8 Cores / 16 HT (Ebay $30 each)
    • CPU Cooler: DEEPCOOL GAMMAXX 400 (Amazon $19)
  • RAM:
    • 128GB DDR3 ECC RAM (Ebay $170)
  • Disks:
    • 64GB USB Thumb Drive (Boot)
    • 2 x 200 SAS SSD (vSAN Cache)
    • 2 x 2TB SAS HDD (vSAN Capacity – See this post)
    • 1 x 2TB SATA (Extra Space)
  • SAS Controller:
    • 1 x IBM 5210 JBOD (Ebay)
    • CableCreation Internal Mini SAS SFF-8643 to (4) 29pin SFF-8482 (Amazon $18)
  • Network:
    • Motherboard Integrated i350 1gbe 4 Port
    • 1 x MellanoxConnectX3 Dual Port (HP INFINIBAND 4X DDR PCI-E HCA CARD 452372-001)
  • Power Supply:
    • Antec Earthwatts 500-600 Watt (Adapters needed to support case and motherboard connections)
      • Adapter: Dual 8(4+4) Pin Male for Motherboard Power Adapter Cable (Amazon $11)
      • Adapter: LP4 Molex Male to ATX 4 pin Male Auxiliary (Amazon $11)
      • Power Supply Extension Cable: StarTech.com 8in 24 Pin ATX 2.01 Power Extension Cable (Amazon $9)

Network:

  • Core VM Switches:
    • 2 x Cisco 3650 (WS-C3560CG-8TC-S 8 Gigabit Ports, 2 Uplink)
    • 2 x Cisco 2960 (WS-C2960G-8TC-L)
  • 10gbe Network:
    • 1 x MikoTik 10gbe CN309 (Used for vSAN and Replication Network)
    • 2 ea. x HP 684517-001 Twinax SFP 10gbe 0.5m DAC Cable (Ebay)
    • 2 ea. x MELLANOX QSFP/SFP ADAPTER 655874-B21 MAM1Q00A-QSA (Ebay)

Battery Backup UPS:

  • 2 x APC NS1250

Window 10 Workstation:

Thanks for reading, please do reach out if you have any questions.

If you like my ‘no-nonsense’ videos and blogs that get straight to the point… then post a comment or let me know… Else, I’ll start posting really boring content!

#VMware OCTO Initiative: Nonprofit Connect – Complementary Education and Enablement General Links

Posted on Updated on

The VMware Office of the CTO Ambassadors (CTOA) is an internal VMware program which allows field employees to connect and advocate their customer needs inside of VMware.  Additionally, the CTOA program enables field employees to engage in initiates to better serve our customers.  This past year I’ve been working on an CTOA initiative known as Nonprofit Connect (NPC). NPC has partnered with the VMware Foundation to help VMware Non-profit customers through more effective and sustainable technology.   Part of this program was creating and updating an enablement guide which helps Non-Profits gain access to resources.  This resource is open to all our customers and is publicly posted >> NPC Enablement Guide

Michelle Kaiser is leading the Nonprofit Connect initiative and from what I’ve seen she and the team are doing a great job — Keep up the good work!

More information around NPC, CTOA, and the VMware Foundation can be found in the links below:

GA Release VMware NSX-T Data Center 3.1 | Announcement, information, and links

Posted on

VMware Announced the GA Releases of VMware NSX-T Data Center 3.1

See the base table for all the technical enablement links including VMworld 2020 sessions and new Hands On Labs.

Release Overview
VMware NSX-T Data Center 3.1.0   |  Build 17107167

What’s New
NSX-T Data Center 3.1 includes a large list of new features to offer new functionalities for virtualized networking and security for private, public, and multi-clouds. Highlights include new features and enhancements in the following focus areas:

  • Cloud-scale Networking: Federation enhancements, Enhanced Multicast capabilities.
  • Move to Next Gen SDN: Simplified migration from NSX-V to NSX-T,
  • Intrinsic Security: Distributed IPS, FQDN-based Enhancements
  • Lifecycle and monitoring: NSX-T support with vSphere Lifecycle Manager (vLCM), simplified installation, enhanced monitoring, search and filtering.
  • Federation is now considered production ready.

 In addition to these enhancements, the following capabilities and improvements have been added.

  • Federation

Support for standby Global Manager Cluster

Global Manager can now have an active cluster and a standby cluster in another location. Latency between active and standby cluster must be a maximum of 150ms round-trip time.

With the support of Federation upgrade and Standby GM, Federation is now considered production ready.

  • L2 Networking

Change the display name for TCP/IP stack: The netstack keys remain “vxlan” and “hyperbus” but the display name in the UI is now “nsx-overlay” and “nsx-hyperbus”.

The display name will change in both the list of Netstacks and list of VMKNICs

This change will be visible with vCenter 6.7

Improvements in L2 Bridge Monitoring and Troubleshooting

Consistent terminology across documentation, UI and CLI

Addition of new CLI commands to get summary and detailed information on L2 Bridge profiles and stats

Log messages to identify the bridge profile, the reason for the state change, as well as the logical switch(es) impacted

Support TEPs in different subnets to fully leverage different physical uplinks

A Transport Node can have multiple host switches attaching to several Overlay Transport Zones. However, the TEPs for all those host switches need to have an IP address in the same subnet. This restriction has been lifted to allow you to pin different host switches to different physical uplinks that belong to different L2 domains.

Improvements in IP Discovery and NS Groups: IP Discovery profiles can now be applied to NS Groups simplifying usage for Firewall Admins.

  • L3 Networking

Policy API enhancements

Ability to configure BFD peers on gateways and forwarding up timer per VRF through policy API.

Ability to retrieve the proxy ARP entries of gateway through policy API.

  • Multicast

NSX-T 3.1 is a major release for Multicast, which extends its feature set and confirms its status as enterprise ready for deployment.

Support for Multicast Replication on Tier-1 gateway. Allows to turn on multicast for a Tier-1 with Tier-1 Service Router (mandatory requirement) and have Multicast receivers and sources attached to it.

Support for IGMPv2 on all downlinks and uplinks from Tier-1

Support for PIM-SM on all uplinks (config max supported) between each Tier-0 and all TORs  (protection against TOR failure)

Ability to run Multicast in A/S and Unicast ECMP in A/A from Tier-1 → Tier-0 → TOR 

Please note that Unicast ECMP will not be supported from ESXi host → T1 when it is attached to a T1 which also has Multicast enabled.

Support for static RP programming and learning through BS & Support for Multiple Static RPs

Distributed Firewall support for Multicast Traffic

Improved Troubleshooting: This adds the ability to configure IGMP Local Groups on the uplinks so that the Edge can act as a receiver. This will greatly help in triaging multicast issues by being able to attract multicast traffic of a particular group to Edge.

  • Edge Platform and Services

Inter TEP communication within the same host: Edge TEP IP can be on the same subnet as the local hypervisor TEP.

Support for redeployment of Edge node: A defunct Edge node, VM or physical server, can be replaced with a new one without requiring it to be deleted.

NAT connection limit per Gateway: The maximum NAT sessions can be configured per Gateway.

  • Firewall

Improvements in FQDN-based Firewall: You can define FQDNs that can be applied to a Distributed Firewall. You can either add individual FQDNs or import a set of FQDNs from CSV files.

Firewall Usability Features

  • Firewall Export & Import: NSX now provides the option for you to export and import firewall rules and policies as CSVs.
  • Enhanced Search and Filtering: Improved search indexing and filtering options for firewall rules based on IP ranges.
  • Distributed Intrusion Detection/Prevention System (D-IDPS)

Distributed IPS

NSX-T will have a Distributed Intrusion Prevention System. You can block threats based on signatures configured for inspection.

Enhanced dashboard to provide details on threats detected and blocked.

IDS/IPS profile creation is enhanced with Attack Types, Attack Targets, and CVSS scores to create more targeted detection.

  • Load Balancing

HTTP server-side Keep-alive: An option to keep one-to-one mapping between the client side connection and the server side connection; the backend connection is kept until the frontend connection is closed.

HTTP cookie security compliance: Support for “httponly” and “secure” options for HTTP cookie.

A new diagnostic CLI command: The single command captures various troubleshooting outputs relevant to Load Balancer.

  • VPN

TCP MSS Clamping for L2 VPN: The TCP MSS Clamping feature allows L2 VPN session to pass traffic when there is MTU mismatch.

  • Automation, OpenStack and API

NSX-T Terraform Provider support for Federation: The NSX-T Terraform Provider extends its support to NSX-T Federation. This allows you to create complex logical configurations with networking, security (segment, gateways, firewall etc.) and services in an infra-as-code model. For more details, see the NSX-T Terraform Provider release notes.

Conversion to NSX-T Policy Neutron Plugin for OpenStack environment consuming Management API: Allows you to move an OpenStack with NSX-T environment from the Management API to the Policy API. This gives you the ability to move an environment deployed before NSX-T 2.5 to the latest NSX-T Neutron Plugin and take advantage of the latest platform features.

 Ability to change the order of NAT and FWLL on OpenStack Neutron Router: This gives you the choice in your deployment for the order of operation between NAT and FWLL. At the OpenStack Neutron Router level (mapped to a Tier-1 in NSX-T), the order of operation can be defined to be either NAT then firewall or firewall then NAT. This is a global setting for a given OpenStack Platform.

NSX Policy API Enhancements: Ability to filter and retrieve all objects within a subtree of the NSX Policy API hierarchy. In previous version filtering was done from the root of the tree policy/api/v1/infra?filter=Type-, this will allow you to retrieve all objects from sub-trees instead. For example, this allows a network admin to look at all Tier-0 configurations by simply /policy/api/v1/infra/tier-0s?filter=Type-  instead of specifying from the root all the Tier-0 related objects.

  • Operations

NSX-T support with vSphere Lifecycle Manager (vLCM): Starting with vSphere 7.0 Update 1, VMware NSX-T Data Center can be supported on a cluster that is managed with a single vSphere Lifecycle Manager (vLCM) image. As a result, NSX Manager can be used to install, upgrade, or remove NSX components on the ESXi hosts in a cluster that is managed with a single image.

  • Hosts can be added and removed from a cluster that is managed with a single vSphere Lifecycle Manager and enabled with VMware NSX-T Data Center.
  • Both VMware NSX-T Data Center and ESXi can be upgraded in a single vSphere Lifecycle Manager remediation task. The workflow is supported only if you upgrade from VMware NSX-T Data Center version 3.1.
  • Compliance can be checked, a remediation pre-check report can be generated, and a cluster can be remediated with a single vSphere Lifecycle Manager image and that is enabled with VMware NSX-T Data Center.

Simplification of host/cluster installation with NSX-T: Through the “Getting Started” button in the VMware NSX-T Data Center user interface, simply select the cluster of hosts that needs to be installed with NSX, and the UI will automatically prompt you with a network configuration that is recommended by NSX based on your underlying host configuration. This can be installed on the cluster of hosts thereby completing the entire installation in a single click after selecting the clusters. The recommended host network configuration will be shown in the wizard with a rich UI, and any changes to the desired network configuration before NSX installation will be dynamically updated so users can refer to it as needed.

Enhancements to in-place upgrades: Several enhancements have been made to the VMware NSX-T Data Center in-place host upgrade process, like increasing the max limit of virtual NICs supported per host, removing previous limitations, and reducing the downtime in data path during in-place upgrades. Refer to the VMware NSX-T Data Center Upgrade Guide for more details.

Reduction of VIB size in NSX-T: VMware NSX-T Data Center 3.1.0 has a smaller VIB footprint in all NSX host installations so that you are able to install ESX and other 3rd party VIBs along with NSX on their hypervisors.

Enhancements to Physical Server installation of NSX-T: To simplify the workflow of installing VMware NSX-T Data Center on Physical Servers, the entire end-to-end physical server installation process is now through the NSX Manager. The need for running Ansible scripts for configuring host network connectivity is no longer a requirement.

ERSPAN support on a dedicated network stack with ENS: ERSPAN can now be configured on a dedicated network stack i.e., vmk stack and supported with the enhanced NSX network switch i.e., ENS, thereby resulting in higher performance and throughput for ERSPAN Port Mirroring.

Singleton Manager with vSphere HA: NSX now supports the deployment of a single NSX Manager in production deployments. This can be used in conjunction with vSphere HA to recover a failed NSX Manager. Please note that the recovery time for a single NSX Manager using backup/restore or vSphere HA may be much longer than the availability provided by a cluster of NSX Managers.

Log consistency across NSX components: Consistent logging format and documentation across different components of NSX so that logs can be easily parsed for automation and you can efficiently consume the logs for monitoring and troubleshooting.

Support for Rich Common Filters: This is to support rich common filters for operations features like packet capture, port mirroring, IPFIX, and latency measurements for increasing the efficiency of customers while using these features. Currently, these features have either very simple filters which are not always helpful, or no filters leading to inconvenience.

CLI Enhancements: Several CLI related enhancements have been made in this release:

CLI “get” commands will be accompanied with timestamps now to help with debugging

GET / SET / RESET the Virtual IP (VIP) of the NSX Management cluster through CLI

§  While debugging through the central CLI, run ping commands directly on the local machines eliminating extra steps needed to log in to the machine and do the same

§  View the list of core on any NSX component through CLI

§  Use the “*” operator now in CLI

§  Commands for debugging L2Bridge through CLI have also been introduced in this release

Distributed Load Balancer Traceflow: Traceflow now supports Distributed Load Balancer for troubleshooting communication failures from endpoints deployed in vSphere with Tanzu to a service endpoint via the Distributed Load Balancer.

  •  Monitoring

Events and Alarms

  • Capacity Dashboard: Maximum Capacity, Maximum Capacity Threshold, Minimum Capacity Threshold
  • Edge Health: Standby move to different edge node, Datapath thread deadlocked, NSXT Edge core file has been generated, Logical Router failover event, Edge process failed, Storage Latency High, Storage Error
  • ISD/IPS: NSX-IDPS Engine Up/Down, NSX-IDPS Engine CPU Usage exceeded 75%, NSX-IDPS Engine CPU Usage exceeded 85%, NSX-IDPS Engine CPU Usage exceeded 95%, Max events reached, NSX-IDPS Engine Memory Usage exceeded 75%,
    NSX-IDPS Engine MemoryUsage exceeded 85%, NSX-IDPS Engine MemoryUsage exceeded 95%
  • IDFW: Connectivity to AD server, Errors during Delta Sync
  • Federation: GM to GM Split Brain
  • Communication: Control Channel to Transport Node Down, Control Channel to Transport Node Down for too Long, Control Channel to Manager Node Down, Control Channel to Manager Node Down for too Long, Management Channel to Transport Node Down, Management Channel to Transport Node Down for too Long, Manager FQDN Lookup Failure, Manager FQDN Reverse Lookup Failure

ERSPAN for ENS fast path: Support port mirroring for ENS fast path.

System Health Plugin Enhancements: System Health plugin enhancements and status monitoring of processes running on different nodes to ensure that system is running properly by on-time detection of errors.

Live Traffic Analysis & Tracing: A live traffic analysis tool to support bi-directional traceflow between on-prem and VMC data centers.

Latency Statistics and Measurement for UA Nodes: Latency measurements between NSX Manager nodes per NSX Manager cluster and between NSX Manager clusters across different sites.

Performance Characterization for Network Monitoring using Service Insertion: To provide performance metrics for network monitoring using Service Insertion.

  • Usability and User Interface

Graphical Visualization of VPN: The Network Topology map now visualizes the VPN tunnels and sessions that are configured. This aids you to quickly visualize and troubleshoot VPN configuration and settings.

Dark Mode: NSX UI now supports dark mode. You can toggle between light and dark mode.

Firewall Export & Import: NSX now provides the option for you to export and import firewall rules and policies as CSVs.

Enhanced Search and Filtering: Improved the search indexing and filtering options for firewall rules based on IP ranges.

Reducing Number of Clicks: With this UI enhancement, NSX-T now offers a convenient and easy way to edit Network objects.

  • Licensing

Multiple license keys: NSX now has the ability to accept multiple license keys of same edition and metric. This functionality allows you to maintain all your license keys without having to combine your license keys.

License Enforcement: NSX-T now ensures that users are license-compliant by restricting access to features based on license edition. New users will be able to access only those features that are available in the edition that they have purchased. Existing users who have used features that are not in their license edition will be restricted to only viewing the objects; create and edit will be disallowed.

New VMware NSX Data Center Licenses: Adds support for new VMware NSX Firewall and NSX Firewall with Advanced Threat Prevention license introduced in October 2020, and continues to support NSX Data Center licenses (Standard, Professional, Advanced, Enterprise Plus, Remote Office Branch Office) introduced in June 2018, and previous VMware NSX for vSphere license keys. See VMware knowledge base article 52462 for more information about NSX licenses.

  • AAA and Platform Security

Security Enhancements for Use of Certificates And Key Store Management: With this architectural enhancement, NSX-T offers a convenient and secure way to store and manage a multitude of certificates that are essential for platform operations and be in compliance with industry and government guidelines. This enhancement also simplifies API use to install and manage certificates.

Alerts for Audit Log Failures: Audit logs play a critical role in managing cybersecurity risks within an organization and are often the basis of forensic analysis, security analysis and criminal prosecution, in addition to aiding with diagnosis of system performance issues. Complying with NIST-800-53 and industry-benchmark compliance directives, NSX offers alert notification via alarms in the event of failure to generate or process audit data.

Custom Role Based Access Control: Users desire the ability to configure roles and permissions that are customized to their specific operating environment. The custom RBAC feature allows granular feature-based privilege customization capabilities enabling NSX customers the flexibility to enforce authorization based on least privilege principles. This will benefit users in fulfilling specific operational requirements or meeting compliance guidelines. Please note in NSX-T 3.1, only policy based features are available for role customization.

FIPS – Interoperability with vSphere 7.x: Cryptographic modules in use with NSX-T are FIPS 140-2 validated since NSX-T 2.5. This change extends formal certification to incorporate module upgrades and interoperability with vSphere 7.0.

  • NSX Data Center for vSphere to NSX-T Data Center Migration

Migration of NSX for vSphere Environment with vRealize Automation: The Migration Coordinator now interacts with vRealize Automation (vRA) in order to migrate environments where vRealize Automation provides automation capabilities. This will offer a first set of topologies which can be migrated in an environment with vRealize Automation and NSX-T Data Center. Note: This will require support on vRealize Automation.

Modular Distributed Firewall Config Migration: The Migration Coordinator is now able to migrate firewall configurations and state from a NSX Data Center for vSphere environment to NSX-T Data Center environment. This functionality allows a customer to do migrate virtual machines (using vMotion) from one environment to the other and keep their firewall rules and state.

Migration of Multiple VTEP: The NSX Migration Coordinator now has the ability to migrate environments deployed with multiple VTEPs.

Increase Scale in Migration Coordinator to 256 Hosts: The Migration Coordinator can now migrate up to 256 hypervisor hosts from NSX Data Center for vSphere to NSX-T Data Center.

Migration Coordinator coverage of Service Insertion and Guest Introspection: The Migration Coordinator can migrate environments with Service Insertion and Guest Introspection. This will allow partners to offer a solution for migration integrated with complete migrator workflow.

Upgrade Considerations
API Deprecations and Behavior Changes

Retention Period of Unassigned Tags: In NSX-T 3.0.x, NSX Tags with 0 Virtual Machines assigned are automatically deleted by the system after five days. In NSX-T 3.1.0, the system task has been modified to run on a daily basis, cleaning up unassigned tags that are older than one day. There is no manual way to force delete unassigned tags.

I recommend you reviewing the known issues sections General  |  Installation  |  Upgrade  |  NSX Edge  |  NSX Cloud  |  Security  |  Federation

Enablement Links
Release Notes Click Here  |  What’s New  |  General Behavior Changes  |  API and CLI Resources  |  Resolved Issues  |  Known Issues
docs.vmware.com/NSX-T Installation Guide  |  Administration Guide  |  Upgrade Guide  |  Migration Coordinator  |  VMware NSX Intelligence

REST API Reference Guide  |  CLI Reference Guide  |  Global Manager REST API

Upgrading Docs Upgrade Checklist  |  Preparing to Upgrade  |  Upgrading  |  Upgrading NSX Cloud Components  |  Post-Upgrade Tasks

Troubleshooting Upgrade Failures

Installation Docs Preparing for Installation   |  NSX Manager Installation  |    |  Installing NSX Manager Cluster on vSphere  |  Installing NSX Edge

vSphere Lifecycle Manager  |  Host Profile integration  |  Getting Started with Federation  |  Getting Started with NSX Cloud

Migrating Docs Migrating NSX Data Center for vSphere  |  Migrating vSphere Networking  |  Migrating NSX Data Center for vSphere with vRA
Requirements Docs NSX Manager Cluster  |  System  |  NSX Manager VM & Host Transport Node System
NSX Edge VM System  |  NSX Edge Bare Metal  |  Bare Metal Server System  |  Bare Metal Linux Container
Compatibility Information Ports Used  |  Compatibility Guide (Select NSX-T)  |  Product Interoperability Matrix  |
Downloads Click Here
Hands On Labs (New) HOL-2103-01-NET – VMware NSX for vSphere Advanced Topics

HOL-2103-02-NET – VMware NSX Migration Coordinator

HOL-2103-91-NET – VMware NSX for vSphere Flow Monitoring and Traceflow

HOL-2122-01-NET – NSX Cloud Consistent Networking and Security across Enterprise, AWS & Azure

HOL-2122-91-ISM – NSX Cloud Consistent Networking and Security across Enterprise, AWS & Azure Lightning Lab

VMworld 2020 Sessions Update on NSX-T Switching: NSX on VDS (vSphere Distributed Switch) VCNC1197

Demystifying the NSX-T Data Center Control Plane VCNC1164

NSX-T security and compliance deep dive ISNS2256

NSX Data Center for vSphere to NSX-T Migration: Real-World Experience VCNC1590

Blogs NSX-T 3.0 – Innovations in Cloud, Security, Containers, and Operations
 

 

VCSA 7 Error in method invocation [Errno 2] No such file or directory: ‘/storage/core/software-update/updates/index’

Posted on Updated on

This could be my shortest blog to date, but it’s still good to note this error.

In my home lab I wanted to update my VCSA 7 appliance to 7.0u1.  I went into the VCSA Management site, choose update, and the auto update started to look for files in the default repository.  Then I got the following error:

Error in method invocation [Errno 2] No such file or directory: ‘/storage/core/software-update/updates/index’

Doing a bit of research I found out, when the VCSA cannot locate the default vmware.com site repository, then the VSCA will display this error.

In my case, my VCSA could not access the internet so it couldn’t locate the repository. Once I corrected a network issue, the VCSA was able to access the repository and it downloaded the upgrade options.

If you like my ‘no-nonsense’ blog articles that get straight to the point… then post a comment or let me know… Else, I’ll start writing boring blog content.

GA Release VMware PowerCLI 12.1.0 | Announcement, information, and links

Posted on

VMware announced the GA Releases of the following: VMware PowerCLI 12.1.0

See the base table for all the technical enablement links including a VMworld 2020 session and new Hands On Lab

 

Release Overview
VMware PowerCLI is a command-line and scripting tool built on Windows PowerShell, and provides more than 700 cmdlets for managing and automating vSphere, VMware Cloud Director, vRealize Operations Manager, vSAN, NSX-T, VMware Cloud Services, VMware Cloud on AWS, VMware HCX, VMware Site Recovery Manager, and VMware Horizon environments.

 

What’s New
VMware PowerCLI 12.1.0 introduces the following new features, changes, and improvements:

Added cmdlets for

  • vSphere Lifecycle Manager
  • Managing Workload Management clusters in vSphere with Tanzu
  • Specifying cluster’s EDRS policies in VMware Cloud on AWS
  • Managing Cloud Native Storage volumes
  • Managing vSAN secure disk wipe
  • Managing Virtual Volume (vVol) storage containers

New Features

  • VMware Cloud on AWS module is extended with support for i3en host type, large appliance size SDDCs and support for adding new hosts to specific clusters
  • Implemented seamless integration between the VMware Cloud on AWS module and the vSphere module to allow easier way to connect to the cloud SDDC
  • Content Library enhancements to allow uploading from internet and datastore URLs

Added support for

  • Secure Encrypted Virtualization
  • Added support for Site Recovery Manager 8.3.1
  • Added support for VMware Horizon 7.13
Upgrade Considerations
Ensure the following software is present on your system

OS Type .NET Version PowerShell Version
Windows .NET Framework 4.7.2 or later Windows PowerShell 5.1
Linux .NET Core 3.1 PowerShell 7
macOS .NET Core 3.1 PowerShell 7
Updated Components
In VMware PowerCLI 12.1.0, the following modules have been updated:

  • VMware.PowerCLI: Provides a root module which other modules are dependent on. This ensures the PowerCLI product can be installed, upgraded, and removed as a complete package if needed.
  • VMware.VimAutomation.Core: Provides cmdlets for automated administration of the vSphere environment.
  • VMware.VimAutomation.Common: Provides functionality that is common to all PowerCLI modules. This module has no cmdlets, but is required for other modules to function correctly.
  • VMware.VimAutomation.Sdk: Provides SDK functionality that is needed by all PowerCLI modules. This module has no cmdlets, but is required for other modules to function correctly.
  • VMware.VimAutomation.Vds: Provides cmdlets for managing vSphere distributed switches and distributed port groups.
  • VMware.VimAutomation.Cis.Core: Provides cmdlets for managing vSphere Automation SDK servers.
  • VMware.VimAutomation.Storage: Provides cmdlets for managing vSphere policy-based storage.
  • VMware.VimAutomation.StorageUtility: Provides utility scripts for storage.
  • VMware.VumAutomation: Provides cmdlets for automating vSphere Update Manager features.
  • VMware.VimAutomation.Srm: Provides cmdlets for managing VMware Site Recovery Manager features.
  • VMware.VimAutomation.HorizonView: Provides cmdlets for automating VMware Horizon features.
  • VMware.VimAutomation.Vmc: Provides cmdlets for managing VMware Cloud on AWS features.
  • VMware.Vim: Provides vSphere low-level binding libraries. This module has no cmdlets.
  • VMware.VimAutomation.Security: Provides cmdlets for managing vSphere Security, including virtual Trusted Platform Module.
  • VMware.VimAutomation.Hcx: Provides cmdlets for managing VMware HCX features.
  • VMware.VimAutomation.WorkloadManagement: Provides cmdlets for managing Project Pacific.
  • VMware.CloudServices: Provides cmdlets for managing VMware Cloud Services
Enablement Links
Release Notes Click Here  |  What’s New in This Release  |  Resolved Issues  |  Known Issues
docs.vmware.com/pCLI Introduction  |  Installing  |  Configuring  |  cmdlet Reference
Compatibility Information Interoperability Matrix  |  Upgrade Path Matrix
Blogs & Infolinks VMware What’s New pCLI vRLCM  |  VMware What’s New pCLI with AWS  |  PM’s Blog pCLI SSO
Download Click Here
VMworld 2020 Sessions PowerCLI: Into the Deep [HCP1286]
Hands On Labs HOL-2111-04-SDC – VMware vSphere Automation – PowerCLI
 

VMware vSphere 7.0 Update 1 | vCenter, ESXi, vSAN | Information

Posted on Updated on

VMware announced the GA Releases of the following:

  • VMware vCenter 7.0 Update 1
  • VMware ESXi 7.0 Update 1
  • VMware vSAN 7.0 Update 1

See the base table for all the technical enablement links, now including VMworld 2020 OnDemand Sessions

.

Release Overview
vCenter Server 7.0 Update 1 | ISO Build 16860138

ESXi 7.0 Update 1 | ISO Build 16850804

VMware vSAN 7.0 Update 1 | Build 16850804

What’s New vCenter Server
Inclusive terminology: In vCenter Server 7.0 Update 1, as part of a company-wide effort to remove instances of non-inclusive language in our products, the vSphere team has made changes to some of the terms used in the vSphere Client. APIs and CLIs still use legacy terms, but updates are pending in an upcoming release.

  • vSphere Accessibility Enhancements: vCenter Server 7.0 Update 1 comes with significant accessibility enhancements based on recommendations by the Accessibility Conformance Report (ACR), which is the internationally accepted standard.  Read more
  • vSphere Ideas Portal: With vCenter Server 7.0 Update 1, any user with a valid my.vmware.com account can submit feature requests by using the vSphere Ideas portal. Read more
  • Enhanced vSphere Lifecycle Manager hardware compatibility pre-checks for vSAN environments: vCenter Server 7.0 Update 1 adds vSphere Lifecycle Manager hardware compatibility pre-checks. Read more
  • Increased scalability with vSphere Lifecycle Manager: For vSphere Lifecycle Manager​ operations with ESXi hosts and clusters is up to:
    • 64 supported clusters from 15
    • 96 supported ESXi hosts within a cluster from 64. For vSAN environments, the limit is still 64
    • 280 supported ESXi hosts managed by a vSphere Lifecycle Manager Image from 150
    • 64 clusters on which you can run remediation in parallel, if you initiate remediation at a data center level, from 15
  • vSphere Lifecycle Manager support for coordinated upgrades between availability zones: With vCenter Server 7.0 Update 1, to prevent overlapping operations, vSphere Lifecycle Manager updates fault domains in vSAN clusters in a sequence. ESXi hosts within each fault domain are still updated in a rolling fashion. For vSAN stretched clusters, the first fault domain is always the preferred site.
  • Extended list of supported Red Hat Enterprise Linux and Ubuntu versions for the VMware vSphere Update Manager Download Service (UMDS): vCenter Server 7.0 Update 1 adds new Red Hat Enterprise Linux and Ubuntu versions that UMDS supports. For the complete list of supported versions, see Supported Linux-Based Operating Systems for Installing UMDS.
  • Silence Alerts button in VMware Skyline Health – With vCenter Server 7.0 Update 1, you can stop alerts for certain health checks, such as notifications for known issues, by using the Silence Alerts button.  Read more
  • Configure SMTP authentication: vCenter Server 7.0 Update 1 adds support to SMTP authentication in the vCenter Server Appliance to enable sending alerts and alarms by email in secure mode. Configure Mail Sender Settings.   Read more
  • System virtual machines for vSphere Cluster Services: In vCenter Server 7.0 Update 1, vSphere Cluster Services adds a set of system virtual machines in every vSphere cluster to ensure the healthy operation of VMware vSphere Distributed Resource Scheduler. For more information, see VMware knowledge base articles KB80472KB79892 and KB80483.
  • Licensing for VMware Tanzu Basic: With vCenter Server 7.0 Update 1, licensing for VMware Tanzu Basic splits into separate license keys for vSphere 7 Enterprise Plus and VMware Tanzu Basic. In vCenter Server 7.0 Update 1, you must provide either a vSphere 7 Enterprise Plus license key or a vSphere 7 Enterprise Plus with an add-on for Kubernetes license key to enable the Enterprise Plus functionality for ESXi hosts. In addition, you must provide a VMware Tanzu Basic license key to enable Kubernetes functionality for all ESXi hosts that you want to use as part of a Supervisor Cluster.
    When you upgrade a 7.0 deployment to 7.0 Update 1, existing Supervisor Clusters automatically start a 60-day evaluation mode. If you do not install a VMware Tanzu Basic license key and assign it to existing Supervisor Clusters within 60 days, you see some limitations in the Kubernetes functionality. For more information, see Licensing for vSphere with Tanzu and VMware knowledge base article KB80868.
  • For VMware vSphere with Tanzu updates, see VMware vSphere with Tanzu Release Notes.
Upgrade/Install Considerations vCenter
Before upgrading to vCenter Server 7.0 Update 1, you must confirm that the Link Aggregation Control Protocol (LACP) mode is set to enhanced, which enables the Multiple Link Aggregation Control Protocol (the multipleLag parameter) on the VMware vSphere Distributed Switch (VDS) in your vCenter Server system.

If the LACP mode is set to basic, indicating One Link Aggregation Control Protocol (singleLag), the distributed virtual port groups on the vSphere Distributed Switch might lose connection after the upgrade and affect the management vmknic, if it is on one of the dvPort groups. During the upgrade precheck, you see an error such as Source vCenter Server has instance(s) of Distributed Virtual Switch at unsupported lacpApiVersion.

For more information on converting to Enhanced LACP Support on a vSphere Distributed Switch, see VMware knowledge base article 2051311. For more information on the limitations of LACP in vSphere, see VMware knowledge base article 2051307.

Product Support Notices

  • vCenter Server 7.0 Update 1 does not support VMware Site Recovery Manager 8.3.1.
  • Deprecation of Server Message Block (SMB) protocol version 1.0
    File-based backup and restore of vCenter Server by using Server Message Block (SMB) protocol version 1.0 is deprecated in vCenter Server 7.0 Update 1. Removal of SMBv.1 is due in a future vSphere release.
  • End of General Support for ​VMware Tools 9.10.x and 10.0.x  VMware Product Lifecycle Matrix
  • Deprecation of the VMware Service Lifecycle Manager API
    VMware plans to deprecate the VMware Service Lifecycle Manager API (vmonapi service) in a future release. For more information, see VMware knowledge base article 80775.
  • End of support for Internet Explorer 11
    Removal of Internet Explorer 11 from the list of supported browsers for the vSphere Client is due in a future vSphere release.
  • VMware Host Client in maintenance mode
What’s New ESXi
What’s New

  • ESXi 7.0 Update 1 supports vSphere Quick Boot on the following servers:
    • HPE ProLiant BL460c Gen9
    • HPE ProLiant DL325 Gen10 Plus
    • HPE ProLiant DL360 Gen9
    • HPE ProLiant DL385 Gen10 Plus
    • HPE ProLiant XL225n Gen10 Plus
    • HPE Synergy 480 Gen9
  • Enhanced vSphere Lifecycle Manager hardware compatibility pre-checks for vSAN environments: ESXi 7.0 Update 1 adds vSphere Lifecycle Manager hardware compatibility pre-checks. The pre-checks automatically trigger after certain change events such as modification of the cluster desired image or addition of a new ESXi host in vSAN environments. Also, the hardware compatibility framework automatically polls the Hardware Compatibility List database at predefined intervals for changes that trigger pre-checks as necessary.
  • Increased number of vSphere Lifecycle Manager concurrent operations on clusters: With ESXi 7.0 Update 1, if you initiate remediation at a data center level, the number of clusters on which you can run remediation in parallel, increases from 15 to 64 clusters.
  • vSphere Lifecycle Manager support for coordinated updates between availability zones: With ESXi 7.0 Update 1, to prevent overlapping operations, vSphere Lifecycle Manager updates fault domains in vSAN clusters in a sequence. ESXi hosts within each fault domain are still updated in a rolling fashion. For vSAN stretched clusters, the first fault domain is always the preferred site.
  • Extended list of supported Red Hat Enterprise Linux and Ubuntu versions for the VMware vSphere Update Manager Download Service (UMDS): ESXi 7.0 Update 1 adds new Red Hat Enterprise Linux and Ubuntu versions that UMDS supports. For the complete list of supported versions, see Supported Linux-Based Operating Systems for Installing UMDS.
  • Improved control of VMware Tools time synchronization: With ESXi 7.0 Update 1, you can select a VMware Tools time synchronization mode from the vSphere Client instead of using the command prompt. When you navigate to VM Options > VMware Tools > Synchronize Time with Host, you can select Synchronize at startup and resume (recommended)Synchronize time periodically, or, if no option is selected, you can prevent synchronization.
  • Increased Support for Multi-Processor Fault Tolerance (SMP-FT) maximums: With ESXi 7.0 Update 1, you can configure more SMP-FT VMs, and more total SMP-FT vCPUs in an ESXi host, or a cluster, depending on your workloads and capacity planning.
  • Virtual hardware version 18: ESXi Update 7.0 Update 1 introduces virtual hardware version 18 to enable support for virtual machines with higher resource maximums, and:
    • Secure Encrypted Virtualization – Encrypted State (SEV-ES)
    • Virtual remote direct memory access (vRDMA) native endpoints
    • EVC Graphics Mode (vSGA).
  • Increased resource maximums for virtual machines and performance enhancements:
    • With ESXi 7.0 Update 1, you can create virtual machines with three times more virtual CPUs and four times more memory to enable applications with larger memory and CPU footprint to scale in an almost linear fashion, comparable with bare metal. Virtual machine resource maximums are up to 768 vCPUs from 256 vCPUs, and to 24 TB of virtual RAM from 6 TB. Still, not over-committing memory remains a best practice. Only virtual machines with hardware version 18 and operating systems supporting such large configurations can be set up with these resource maximums.
    • Performance enhancements in ESXi that support the larger scale of virtual machines include widening of the physical address, address space optimizations, better NUMA awareness for guest virtual machines, and more scalable synchronization techniques. vSphere vMotion is also optimized to work with the larger virtual machine configurations.
    • ESXi hosts with AMD processors can support virtual machines with twice more vCPUs, 256, and up to 8 TB of RAM.
    • Persistent memory (PMEM) support is up twofold to 12 TB from 6 TB for both Memory Mode and App Direct Mode.
Upgrade/Install Considerations ESXi
In vSphere 7.x, the Update Manager plug-in, used for administering vSphere Update Manager, is replaced with the Lifecycle Manager plug-in. Administrative operations for vSphere Update Manager are still available under the Lifecycle Manager plug-in, along with new capabilities for vSphere Lifecycle Manager.

The typical way to apply patches to ESXi 7.x hosts is by using the vSphere Lifecycle Manager. For details, see About vSphere Lifecycle Manager and vSphere Lifecycle Manager Baselines and Images.

You can also update ESXi hosts without using the Lifecycle Manager plug-in, and use an image profile instead. To do this, you must manually download the patch offline bundle ZIP file from the VMware download page or the Product Patches page and use the esxcli software profile command.
For more information, see the Upgrading Hosts by Using ESXCLI Commands and the VMware ESXi Upgrade guide.

What’s New vSAN
vSAN 7.0 Update 1 introduces the following new features and enhancements:

Scale Without Compromise

  • HCI Mesh. HCI Mesh is a software-based approach for disaggregation of compute and storage resources in vSAN. HCI Mesh brings together multiple independent vSAN clusters by enabling cross-cluster utilization of remote datastore capacity within vCenter Server. HCI Mesh enables you to efficiently utilize and consume data center resources, which provides simple storage management at scale.
  • vSAN File Service enhancements. Native vSAN File Service includes support for SMB file shares. Support for Microsoft Active Directory, Kerberos authentication, and scalability improvements also are available.
  • Compression-only vSAN. You can enable compression independently of deduplication, which provides a storage efficiency option for workloads that cannot take advantage of deduplication. With compression-only vSAN, a failed capacity device only impacts that device and not the entire disk group.
  • Increased usable capacity. Internal optimizations allow vSAN to no longer need the 25-30% of free space available for internal operations and host failure rebuilds. The amount of space required is a deterministic value based on deployment variables, such as size of the cluster and density of storage devices. These changes provide more usable capacity for workloads.
  • Shared witness for two-node clusters. vSAN 7.0 Update 1 enables a single vSAN witness host to manage multiple two-node clusters. A single witness host can support up to 64 clusters, which greatly reduces operational and resource overhead.

Simplify Operations

  • vSAN Data-in-Transit encryption. This feature enables secure over the wire encryption of data traffic between nodes in a vSAN cluster. vSAN data-in-transit encryption is a cluster-wide feature and can be enabled independently or along with vSAN data-at-rest encryption. Traffic encryption uses the same FIPS-2 validated cryptographic module as existing encryption features and does not require use of a KMS server.
  • Enhanced data durability during maintenance mode. This improvement protects the integrity of data when you place a host into maintenance mode with the Ensure Accessibility option. All incremental writes which would have been written to the host in maintenance are now redirected to another host, if one is available. This feature benefits VMs that have PFTT=1 configured, and also provides an alternative to using PFTT=2 for ensuring data integrity during maintenance operations
  • vLCM enhancements. vSphere Lifecycle Manager (vLCM) is a solution for unified software and firmware lifecycle management. In this release, vLCM is enhanced with firmware support for Lenovo ReadyNodes, awareness of vSAN stretched cluster and fault domain configurations, additional hardware compatibility pre-checks, and increased scalability for concurrent cluster operations.
  • Reserved capacity. You can enable capacity reservations for internal cluster operations and host failure rebuilds. Reservations are soft-thresholds designed to prevent user-driven provisioning activity from interfering with internal operations, such as data rebuilds, rebalancing activity, or policy re-configurations.
  • Default gateway override. You can override the default gateway for VMkernel adapter to provide a different gateway for vSAN network. This feature simplifies routing configuration for stretched clusters, two-node clusters, and fault domain deployments that previously required manual configuration of static routes. Static routing is not necessary
  • Faster vSAN host restarts. The time interval for a planned host restart has been reduced by persisting in-memory metadata to disk before the restart or shutdown. This method reduces the time required for hosts in a vSAN cluster to restart, which decreases the overall cluster downtime during maintenance windows.
  • Workload I/O analysis. Analyze VM I/O metrics with IOInsight, a monitoring and troubleshooting tool that is integrated directly into vCenter Server. Gain a detailed view of VM I/O characteristics such as performance, I/O size and type, read/write ratio, and other important data metrics. You can run IOInsight operations against VMs, hosts, or the entire cluster
  • Consolidated I/O performance view. You can select multiple VMs, and display a combined view of storage performance metrics such as IOPS, throughput, and latency. You can compare storage performance characteristics across multiple VMs.
  • VM latency monitoring with IOPS limits. This improvement in performance monitoring helps you distinguish the periods of latency that can occur due to enforced IOPS limits. This view can help organizations that set IOPS limits in VM storage policies.
  • Secure drive erase. Securely wipe flash storage devices before decommissioning from a vSAN cluster through a set of new PowerCLI or API commands. Use these commands to safely erase data in accordance to NIST standards
  • Data migration pre-check for disks. vSAN’s data migration pre-check for host maintenance mode now includes support for individual disk devices or entire disk groups. This offers more granular pre-checks for disk or disk group decommissioning.
  • VPAT section 508 compliant. vSAN is compliant with the Voluntary Product Accessibility Template (VPAT). VPAT section 508 compliance ensures that vSAN had a thorough audit of accessibility requirements, and has instituted product changes for proper compliance.

 Note: vSAN 7.0 Update 1 improves CPU performance by standardizing task timers throughout the system. This change addresses issues with timers activating earlier or later than requested, resulting in degraded performance for some workloads.

Upgrade/Install Considerations vSAN
For instructions about upgrading vSAN, see vSAN Documentation   Upgrading the vSAN Cluster   Before You Upgrade   Upgrading vCenter Server  Upgrading Hosts

Note: Before performing the upgrade, please review the most recent version of the VMware Compatibility Guide to validate that the latest vSAN version is available for your platform.

vSAN 7.0 Update 1 is a new release that requires a full upgrade to vSphere 7.0 Update 1. Perform the following tasks to complete the upgrade:

1. Upgrade to vCenter Server 7.0 Update 1. For more information, see the VMware vSphere 7.0 Update 1 Release Notes.
2. Upgrade hosts to ESXi 7.0 Update 1. For more information, see the VMware vSphere 7.0 Update 1 Release Notes.
3. Upgrade the vSAN on-disk format to version 13.0. If upgrading from on-disk format version 3.0 or later, no data evacuation is required (metadata update only).

 Note: vSAN retired disk format version 1.0 in vSAN 7.0 Update 1. Disks running disk format version 1.0 are no longer recognized by vSAN. vSAN will block upgrade through vSphere Update Manager, ISO install, or esxcli to vSAN 7.0 Update 1. To avoid these issues, upgrade disks running disk format version 1.0 to a higher version. If you have disks on version 1, a health check alerts you to upgrade the disk format version.

Disk format version 1.0 does not have performance and snapshot enhancements, and it lacks support for advanced features including checksum, deduplication and compression, and encryption. For more information about vSAN disk format version, see KB2145267.

Upgrading the On-disk Format for Hosts with Limited Capacity

During an upgrade of the vSAN on-disk format from version 1.0 or 2.0, a disk group evacuation is performed. The disk group is removed and upgraded to on-disk format version 13.0, and the disk group is added back to the cluster. For two-node or three-node clusters, or clusters without enough capacity to evacuate each disk group, select Allow Reduced Redundancy from the vSphere Client. You also can use the following RVC command to upgrade the on-disk format: vsan.ondisk_upgrade –allow-reduced-redundancy

When you allow reduced redundancy, your VMs are unprotected for the duration of the upgrade, because this method does not evacuate data to the other hosts in the cluster. It removes each disk group, upgrades the on-disk format, and adds the disk group back to the cluster. All objects remain available, but with reduced redundancy.

If you enable deduplication and compression during the upgrade to vSAN 7.0 Update 1, you can select Allow Reduced Redundancy from the vSphere Client.

Limitations

For information about maximum configuration limits for the vSAN 7.0 Update 1 release, see the Configuration Maximums  documentation.

Technical Enablement
Release Notes vCenter Click Here  |  What’s New  |  Earlier Releases  |  Patch Info  |  Installation & Upgrade Notes   |  Product Support Notices

Resolved Issues  |  Known Issues

Release Notes ESXi Click Here  |  What’s New  |  Earlier Releases  |  Patch Info  |  Product Support Notices  |  Resolved Issues  |  Known Issues
Release Notes vSAN Click Here  |  What’s New  |  VMware vSAN Community  |  Upgrades for This Release  |  Limitations  |  Known Issues
docs.vmware/vCenter Installation & Setup  |   vCenter Server Upgrade  |   vCenter Server Configuration
Docs.vmware/ESXi Installation & Setup  |  Upgrading   |   Managing Host and Cluster Lifecycle  |   Host Profiles  |   Networking  |   Storage  |   Security

Resource Management  |   Availability  |  Monitoring & Performance

docs.vmware/vSAN Using vSAN Policies  |  Expanding & Managing a vSAN Cluster  |  Device Management  |  Increasing Space Efficiency  |  Encryption

Upgrading the vSAN Cluster   Before You Upgrade   Upgrading vCenter Server  Upgrading Hosts

Compatibility Information Interoperability Matrix vCenter  |  Configuration Maximums vSphere (All)  |  Ports Used vSphere (All)

Interoperability Matrix ESXi  |  Interoperability Matrix vSAN  |  Configuration Maximums vSAN  |  Ports Used vSAN

Blogs & Infolinks What’s New with VMware vSphere 7 Update 1  |  Main VMware Blog vSphere 7    |  vSAN  |  vSphere  |   vCenter Server

Announcing the ESXi-Arm Fling  |  In-Product Evaluation of vSphere with Tanzu

vSphere 7 Update 1 – Unprecedented Scalability

YouTube A Quick Look at What’s New in vSphere 7 Update 1  |  vSphere with Tanzu Overview in 3 Minutes

VMware vSphere with Tanzu webpage  |  eBook: Deliver Developer-Ready Infrastructure Using vSphere with Tanzu

What’s New in vSAN 7 Update 1   |  PM’s Blog, Cormac vSAN 7.0 Update 1

Download vSphere   |   vSAN
VMworld 2020 OnDemand

(Free Account Needed)

Deep Dive: What’s New with vCenter Server [HCP1100]    |   99 Problems, But A vSphere Upgrade Ain’t One [HCP1830]

Certificate Management in vSphere [HCP2050]      |     Connect vSAN Capacity Across Clusters with VMware HCI Mesh [DEM3206]

Deep Dive: vSphere 7 Developer Center [HCP1211]    |

More vSphere & vSAN VMworld Sessions

VMworld HOL Walkthrough

(VMworld Account Needed)

Introduction to vSphere Performance [HOL-2104-95-ISM]

VMware vSphere – What’s New [HOL-2111-95-ISM]

What’s New in vSAN – Getting Started [HOL-2108-95-ISM]

VMworld 2020 | Second Day Summary

Posted on

VMworld 2020 DAY 2 is now in the books and a fellow co-worker did this fantastic write up. I cannot take not credit for this post expect reformatting it to be posted on my blog.

~Enjoy!

Here is your recap of day 2 of VMworld 2020.  The links to vmworld sessions will require your vmworld registration username and password to view.  Your account will also enable you to catch up on over 900+ sessions on-demand on our VMworld platform through Thursday, October 8th and afterwards when our sessions move to our VMworld On-Demand Video Library.

VMworld 2020 Day 2: The Challenges Facing Our Time

  • Fireside Chat: The Extraordinary Events of 2020

We started out with an inspiring conversation with Pat Gelsinger, CEO of VMware, and NYC Business News Anchor, Hope King. The two dived into broad issues such as the pandemic and social justice as well as their thoughts about the cloud industry, and VMware’s commitment to be a force for good. If you missed this inspiring discussion, there are a few more opportunities to catch it on the Vision & Innovation channel before it goes on-demand.

Hear More From Our CEO’s Fireside Chat With Hope King [VI3353]

Breaking News: Extended Access to Complimentary Premium Digital Training

Did you hear the news today during Sumit Dhawan’s session, Our Customer Commitment: Working Together to Maximize Your Value, at VMworld? In case you missed it, to continue enabling our customers to grow their skills and better face current IT challenges, we are extending complimentary access to premium digital training.

View this FAQ for more details about this special offer and how to get complimentary access to the VMware Customer Connect Learning™ Premium Subscription for a full year (from date of enrollment). With 24/7 access to training delivered by top VMware experts and Certified Instructors, Connect Learning (previously VMware Learning Zone) is your single source for digital training from VMware. In addition to the content available with the Basic Subscription (over 1,300 training videos and 65 free eLearning courses), the Premium Subscription* includes access to valuable content such as:

  • Advanced troubleshooting, configuration, and solution-oriented best practice videos
  • 12 Exam Preps (over 650 videos)
  • NEW – VMware Certified Technical Associate training content

Enroll Here

Demo Zones, Hands-on Labs and Odyssey, and Throwdown Videos

We had insightful discussions and learnings from the VMware and Sponsor Demo Zones and hands-on labs interactive simulations. Showcasing 130+ VMware product demos and 100+ joint solutions with our 51 sponsors. And of course, our beloved hands-on labs with over 9,500+ labs delivered with Automate your VMware Cloud on AWS holding the top spot. We hope you had a chance to check out the Command Center too.

New Hands On Labs have been released see here

EUC Product News

 VMworld 2020: All of Our EUC Announcements, Themes & Everything Else You Need to Know

This morning in our Digital Workspace Showcase Keynote. We had a lot of news to cover in a short amount of time, but rest assured that we have plenty of breakout sessions, blog posts and demos detailing all our announcements in depth.

More importantly, I would like to say how grateful all of us at VMware are for the opportunity to help so many of our customers through the changing work environment this year. We have learned many lessons in the process, and we have seen again and again the value of a flexible, modern

digital workspace.

  •            Lessons learned about the role of a digital workspace platform
  •             Employee engagement
  •             IT Modernization
  •             Zero Trust Security

           Read Full Story

 

Horizon News

Four Reasons Horizon is the Choice for Modern and Secure Hybrid-Cloud VDI & Apps: Updates From VMworld 2020 Introducing Workspace Security VDI

We are excited to announce the general availability of Workspace Security VDI, which delivers an intrinsically secure virtual desktop and application solution that has been designed and fully tested by a single vendor. By combining Horizon and VMware Carbon Black Cloud into a single, unified solution, Workspace Security VDI consolidates multiple endpoint security capabilities such as threat identification and prevention, endpoint detection and response, auditing capabilities and the ability to investigate data breaches into a cohesive solution.

VMware Horizon Now Runs on Microsoft Azure VMware Solution

Microsoft recently announced the general availability of Azure VMware Solution (AVS) – a hosted service from Microsoft based on VMware Cloud Foundation that gives our customers the ability to extend the power of Horizon and vSphere to Azure. As a result, you can move on-premises Horizon deployments to Azure as part of a cloud migration, or transform your Horizon environment into an elastic hybrid and multi-cloud desktop virtualization platform that can help you conquer the challenges of today’s fluctuating workplace. Quickly provision and scale Horizon virtual desktop and application workloads leveraging key technologies such as Instant Clones and Blast Extreme protocol. To learn more, read this blog.

Simplified, Modernized Management with (More) Services From the Cloud

The Horizon Control Plane simplifies management with services that connect entitlement and management layers across Horizon pods in different data centers and clouds. The newly integrated Universal Broker delivers a global entitlement layer that intelligently provisions end users to their personal desktop or app in any connected pod or cloud based on availability or proximity to provide the best possible user experience. Image and application management is also simplified with services that can be used across pods and clouds – create an image or app package once and distribute to Horizon deployments as needed. These features, coupled with real-time performance monitoring and end-to-end security, unlock key hybrid and multi-cloud use cases such as work from home, business continuity, real-time bursting, disaster recovery and high availability which simplify and optimize your cloud investment.

Horizon 8: Unleashing the Power of Secure Hybrid and Multi-Cloud Deployments with a Modern Platform

Made available in August this year, Horizon 8 delivers a modern platform for virtual desktop and app delivery across the hybrid cloud, from the market leaders in SDDC and digital workspaces. The release delivered expanded support for hybrid and multi-cloud architectures that allow organizations to scale flexibly across public and private clouds such as VMware Cloud on AWS and Microsoft Azure – now also with support for Google CloudVMware Cloud on Dell EMC, as well as Azure VMware Solution. Full support for new RESTful APIs help automate rich capabilities and orchestrate services on the Horizon platform, modernizing services and processes with speed, providing endless possibilities to enhance and streamline their Horizon environment. The list goes on – read the launch blog for more detailed information.

Reimagining Security for Today’s Future Ready Workforce

We unveiled earlier today VMware’s new security solutions  and our Future Ready Workforce Solutions as they are a true testament to our unique approach to the future of work. Founded on an intrinsic security approach that builds security into every control plane– from network, endpoint, cloud, identity all the way to workload, VMware turns each of these vectors into points of security control, significantly reducing the attack surface. Furthermore, it unifies these threat vectors in the context of apps and data across any app, any cloud, and any device in an industry first approach to increase the level of security for today’s distributed workforce.

Holistic Vision for the Future of Work

This powerful rethink, substantiated through our Future Ready Workforce Solutions, is designed to meet the needs of today’s distributed workforce. During this pandemic, the scale of employees working from home has pushed network capacities, security at the edge and good digital

workspace experiences to the limit. VMware has been able to address these fundamental needs by leveraging key elements of SD-WAN network services and security through Secure Access Services Edge (SASE), Endpoint Security and Digital Workspace. These technologies work together to

deliver any application from  any cloud onto any device, so organizations can unlock the value of this holistic approach – enabling powerful workforce experiences, end to end zero trust security controls, and simplified management, no matter where one is working.

Future Ready Workforce Solutions: Reaping the Rewards

End to End Zero Trust Security: As the perimeter of an organization has now extended to the home, VMware Future Ready Workforce solutions are uniquely positioned to deliver end to end Zero Trust security. Organizations can build trust in devices that are accessing enterprise data with Workspace ONE UEM, better secure them with Carbon Black Endpoint solutions and use it to drive dynamic conditional access decisions to validate user identity as well. Least privilege capabilities that start from devices or virtual sessions with Unified Access Gateway (UAG) and extend to the network with NSX micro-segmentation enable a user session to be protected. And now with our VMware SASE Platform, we have a convergent infrastructure that offers end to end Zero Trust security enabling any user access to any app from any device.

Read Full Story

VMware Cloud Disaster Recovery – On Demand DRaaS

Overview of VMware Cloud Disaster Recovery, an easy- to-use cloud-based DRaaS solution. It combines efficient cloud storage with simple SaaS-based management for IT resiliency at scale. Customers benefit from consistent, familiar VMware operations across production and DR sites, a pay-when-you-need-failover capacity model for DR resources, and instant power-on capabilities for fast recovery.

Watch On YouTube

 

VMworld Announcements From The Office Of The CTO

A Deep Dive into the Tanzu Service Mesh Autoscaling VMworld 2020 Keynote Demo

Summary

The demo shows ACME Inc., a cloud native application, working as expected under normal traffic conditions, and without autoscaling, however, once traffic rapidly increases, the application starts to perform poorly. A quick inspection of the application determines that autoscaling is not configured on the application, therefore in order to remediate, an administrator installs autoscaling YAML to help activate TSM autoscaling at runtime without needing to redeploy the application.  Immediately after the autoscaling is turned on, microservices instances are being scaled and the latency is back to normal levels.  The demo then shows that when traffic subsides, the TSM autoscaler starts to descale the microservice instances without causing latency or performance issues.  Finally, the demo finishes with a quick sneak into the Service Level Objectives (SLO) feature of TSM.

The rest of this post walks through how to set up process in 5 step process.

Key highlights of the demo:

  1. Ability to configure autoscaling functionality without intrusion to application logic.
  2. Visualize the ACME cloud native application from within TSM.
  3. Inspect performance charts of how each microservice is scaling.

Read Full Story

Behind the Scenes of the Folding@home Demo at VMworld 2020 Keynote

The VMware Folding@home appliance project I started with Team VMware #52737. Since the release of our Fling, we have seen over 42,000 downloads, and watched our Team VMware FAH community grow to over 1000 users. When Chris Wolf asked if I could demo Folding@home in the VMware CTO general session keynote at VMworld, I knew it needed to be cool! This is the Office of the CTO, after all. While fighting diseases like COVID-19, Cancer, and Alzheimer’s as citizen scientists is very cool into itself (or very hot if you are next to your folding computer!), many of us have been deploying appliances to ESXi for over a decade, and it does not make for a fascinating demo.

Demo Challenge #1: Make it easy to be a Force for Good at the click of a button with vRA

Demo Challenge #2: Deploy and Manage the VMware Appliance for Folding@home on VMware Cloud on AWS

Demo Challenge #3: Securely manage Folding@home Clients running in the cloud from my couch!

You can learn more about the Folding@home project with Dr. Gregory Bowman, Director of Folding@home, in the VMworld on-demand session “Citizen Philanthropy in Action: Folding@home” [OCTO2230].

Read Full Story

A Deeper Dive into Bitfusion Device Plugin for GPU Sharing on Kubernetes

Machine Learning (ML) applications are increasingly being embraced by organizations to accelerate business growth. As the scale of the ML applications grows, IT infrastructure has challenges to meet the requirements of ML workloads. Infrastructure must be flexible to allow ML developers’ work to be productive through cloud native platforms like Kubernetes. Nowadays, more businesses are leveraging Kubernetes to deploy and manage their ML workloads.

Bitfusion allows more applications to gain access to shared GPUs via the network

Kubernetes usually consists of a cluster of worker nodes that can have a ML workload scheduled to any of its worker nodes. Many ML application use cases need hardware accelerators such as GPU, requiring each worker node to have at least one accelerator installed locally. These accelerators, like GPU, are an expensive infrastructure. Fortunately, VMware vSphere 7 comes with a feature called Bitfusion, which can create pools of hardware accelerators. Different nodes across the network can share GPUs in a pool. vSphere Bitfusion increases the utilization of GPUs, and eliminates the need for local hardware accelerators of every node.

Extending capabilities to Kubernetes, making it easy for any Kubernetes pod to gain access to remote GPUs

Kubernetes provides a device plugin framework for the developer to advertise system hardware resource to the kubelet. The Office of the CTO, Cloud Native Lab at China R&D  created a device plugin that monitors Bitfusion GPU resources and properly allocates the GPU resource to Kubernetes’ workloads (i.e. pods). Since device plugins are a standard approach for Kubernetes to customize hardware resources, the plugin supports Kubernetes advanced features such as resource quota and ensures the plugin is fully aligned with the Kubernetes ecosystem.

The Bitfusion device plugin implements Kubernetes’ device plugin framework and updates the kubelet periodically about the available Bitfusion GPU resources. The information collected is then used when Kubernetes schedules workloads with GPU requirements. The Bitfusion device plugin can be installed as a DaemonSet of Kubernetes so that every worker node can have a running copy of the device plugin to report GPU resources from the Bitfusion pool.

Read Full Story

VMworld Industry News

Lumen Teams with VMware to Expand Edge Compute Capabilities for the 4th Industrial Revolution

Lumen Technologies (NYSE: LUMN) and VMware, Inc. (NYSE: VMW) are announcing a significant collaboration covering edge compute, networking, and security. VMware and Lumen Technologies, or simply Lumen, are taking their current partnership further with the agreement for Lumen to deliver edge services using integrated VMware technologies. This collaboration will help enterprises expand across data center, cloud and edge, moving business applications that require low latency and efficient localization closer to digital interactions. At VMworld, Lumen and VMware will be presenting:

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20200929005451/en/

  • How Lumen can migrate and manage workloads across a range of VMware technologies.
  • Lumen’s edge computing solutions, and how enterprise customers can rely on a consistent experience across a range of hybrid cloud venues, including the VMware Cloud.
  • Lumen’s portfolio of solutions built on and integrated with the VMware Cloud Foundation, allowing companies to deploy business innovations with single-digit millisecond latency to over 2,200 public data centers and more than 170,000 on-fiber enterprise locations across the globe.

Key Facts:

  • Lumen is a VMware Principal Partner and is VMware Cloud Verified.
  • Lumen Private Cloud on VMware Cloud Foundation™ is Lumen’s managed private cloud service, built on VMware Cloud Foundation, available in 100+ of Lumen edge computing locations.
  • Lumen provides fiber-based networking connectivity and managed solutions, with a service portfolio that spans content delivery, cybersecurity, and cloud collaboration.

Read Full Story

VMware and NVIDIA to Enable Next-Gen Hybrid Cloud Architecture and Bring AI to Every Enterprise

VMware and NVIDIA today announced a broad partnership to deliver both an end-to-end enterprise platform for AI and a new architecture for data center, cloud and edge that uses NVIDIA® DPUs (data processing units) to support existing and next-generation applications.

Through this collaboration, the rich set of AI software available on the NVIDIA NGCTM hub will be integrated into VMware vSphereVMware Cloud Foundation and VMware Tanzu. This will help accelerate AI adoption, enabling enterprises to extend existing infrastructure for AI, manage all applications with a single set of operations, and deploy AI-ready infrastructure where the data resides, across the data center, cloud and edge.

Additionally, as part of Project Monterey separately announced today, the companies will partner to deliver an architecture for the hybrid cloud based on SmartNIC technology, including NVIDIA’s programmable NVIDIA BlueField®-2. The combination of VMware Cloud Foundation and NVIDIA BlueField-2 will offer next-generation infrastructure that is purpose-built for the demands of AI, machine learning, high-throughput and data-centric apps. It will also deliver expanded application acceleration beyond AI to all enterprise workloads and provide an extra layer of security through a new architecture that offloads critical data center services from the CPU to SmartNICs and programmable DPUs.

“We are partnering with NVIDIA to bring AI to every enterprise; a true democratization of one of the most powerful technologies,” said Pat Gelsinger, CEO of VMware. “We’re also collaborating to define a new architecture for the hybrid cloud—one purpose built to support the needs and demands of the next generation of applications. Together, we’re positioned to help every enterprise accelerate their use of breakthrough applications to drive their business.”

“AI and machine learning have quickly expanded from research labs to data centers in companies across virtually every industry and geography,” said Jensen Huang, founder and CEO of NVIDIA. “NVIDIA and VMware will help customers transform every enterprise data center into an accelerated AI supercomputer. NVIDIA DPUs will give companies the ability to build secure, programmable, software-defined data centers that can accelerate all enterprise applications at exceptional value.”

  • UCSF Advances Healthcare with NVIDIA and VMware
  • Enterprise-Ready Platform for AI
  • Delivering New Hybrid Cloud Architecture for Next Gen Apps
  • Early Access for Visionary Enterprises

Read Full Story

Partner News From VMworld 2020

 Dell Technologies Innovations Advance Management, Automation and Protection of VMware Environments

Story Highlights – New HCI, cloud, storage and data protection integration with latest VMware releases help customers innovate across edge locations, data centers and hybrid clouds

News summary

  • Dell Technologies Cloud Platform and Dell EMC VxRail now support VMware vSphere with Tanzu and the latest VMware Cloud Foundation, vSphere, and vSAN releases, offering an easy path to Kubernetes adoption while delivering enhancements for traditional workloads
  • Dell EMC PowerMax storage replication, now integrated with VMware vVols, simplifies management and improves access to mission-critical applications
  • Dell EMC ObjectScale, built on VMware Cloud Foundation, allows developers to provision cloud-scale storage for modern applications
  • Dell EMC PowerProtect Data Manager advancements include industry-first protection for VMware Cloud Foundation infrastructure layers and Kubernetes environments
  • VMware Cloud on Dell EMC empowers organizations to support their remote workforce through VMware Horizon, security and compliance certifications

Read Full Story

Druva Achieves VMware Ready Certification for VMware Cloud on AWS and VMware Cloud on Dell EMC

Druva Inc., the leader in Cloud Data Protection and Management, today announced it has been certified as VMware Ready for VMware Cloud. This new certification, unveiled at VMworld 2020, recognizes Druva as a validated and tested solution to protect, backup, and recover VMware Cloud

on AWS environments as well as a broader VMware Cloud portfolio: VMware Cloud on Dell EMC and VMware Cloud on AWS. Regardless of where customers run their VMware infrastructure, they can now have confidence that their data is comprehensively protected and always available with Druva Cloud Platform.

Read Full Story

Kenna Security Delivers Risk-Based Vulnerability Management for New VMware Carbon Black Cloud Workload Protection Solution

 Kenna Security, the enterprise leader in risk-based vulnerability management, and VMware Carbon Black, a leader in cloud-native next-generation endpoint security, are partnering to power the vulnerability assessment and risk scoring capabilities of Carbon Black Cloud WorkloadTM. As a result of this partnership, enterprises running VMware Carbon Black Cloud Workload will be able to efficiently and effectively prioritize critical vulnerabilities and reduce risk to their servers and workloads.

By leveraging Kenna Security capabilities, VMware Carbon Black is able to provide an elegant solution to a long-standing challenge in enterprise cybersecurity. Many organizations have the capacity to patch only a fraction of the vulnerabilities threatening their environments. Additionally, traditional scanning is often too cumbersome for the large number of endpoints in their environment. Although not all vulnerabilities pose a proven risk of weaponization, the challenge for organizations is identifying which vulnerabilities to focus on. With the inclusion of Kenna’s vulnerability assessment capabilities, VMware Carbon Black Cloud Workload is able to efficiently focus resources on the specific critical vulnerabilities facing each organization.

Read Full Story

Ordr Announces Integration with VMware for Campus and Data Center Device Visibility Made Simple

Ordr, a leader in security for enterprise IoT and unmanaged devices, today announced the integration of Ordr Systems Control Engine (SCE) with VMware NSX-T and VMware NSX Intelligence to provide organizations with comprehensive IoT visibility, accelerated data center microsegmentation, and enhanced day-two operations capabilities.

Ordr SCE and NSX-T provide ongoing programmatic synchronization from Ordr to VMware NSX for profile objects and the respective device IP addresses they contain. With the ability to share detailed campus-related device type data points with NSX, organizations now see which types of campus devices are communicating with the data center. Coupled with NSX Intelligence, organizations gain powerful visualization of how these Ordr-defined campus group objects are communicating to various virtual machines (VMs) within the data center.

“The combination of Ordr with VMware NSX and NSX Intelligence gives organizations the ability to understand how campus and branch devices communicate with data center workloads, quickly identify unmanaged campus devices, and use those insights to streamline NSX policy generation for VMs,” said Iain Leiter, Senior Technical Solutions Architect, Ordr. “Organizations will also be able to minimize the business impact of firewall changes by visualizing allowed or blocked campus traffic.”

Read Full Story

Pensando Partners with VMware on Project Monterey to Co-Develop Next-generation Infrastructure Platform

Today at VMworld® 2020, Pensando Systems announced it is collaborating with VMware, Inc. on Project Monterey to co-develop a platform to support the requirements of modern applications.  VMware will leverage the Pensando Distributed Services Platform to deliver industry leading performance and latency, zero-trust security, and simplified operations to VMware Cloud Foundation deployments in virtualized, containerized and bare metal environments.

“Customers around the globe rely on VMware Cloud Foundation to deploy and manage modern applications across multiple environments,” said Krish Prasad, senior vice president and general manager, Cloud Platform Business Unit, VMware. “Together with Pensando, we are building the next generation of more secure and agile infrastructure, leveraging the new breed of accelerators exemplified by the Pensando Distributed Services Platform, to support the evolving requirements of these applications. The work between VMware and Pensando on Project Monterey will help mutual customers benefit substantially from increased performance, enhanced security and a consistent operating model.”

Read Full Story

Pure Storage Expands Design Partnership with VMware, Delivering Enhanced Solutions to Accelerate Hybrid Cloud

Pure Storage (NYSE: PSTG), the IT pioneer that delivers storage as-a-service in a multi-cloud world, announced a spectrum of enhancements to its hybrid cloud solutions across the VMware portfolio, enabling any enterprise to focus on innovation rather than infrastructure. New solution enhancements from Pure help enterprises maximize their VMware investments, delivering agility and efficiency for modern applications across on-premises and cloud environments. Customers will have improved availability of their data services, enabling them to meet demanding Service-level Agreements (SLAs).

  • vSphere Virtual Volumes as principal storage for VMware Cloud Foundation.
  • VMware and Pure enable vSphere Virtual Volumes as Principal storage for VMware Cloud Foundation. Customers can now realize the value of Pure Storage and vSphere Virtual Volumes natively within VMware Cloud Foundation. FlashStack™ delivers the performance, availability, and economics required for a VMware Cloud Foundation hybrid cloud in a single architecture, with the simplicity of integrated application to infrastructure management.
  • Support for vSphere Virtual Volumes storage with Site Recovery Manager.
  • Modern data protection is a critical component for any VMware deployment including those leveraging vSphere Virtual Volumes on Pure. For VMware infrastructure, VMware Site Recovery Manager provides an enterprise solution for automated disaster recovery. As the leader in vSphere Virtual Volumes storage, Pure co-engineered the integration of vSphere Virtual Volumes with SRM. This allows enterprises to consume vSphere Virtual Volumes on Pure while protecting their mission critical applications from disaster.
  • VMware Tanzu and container integration. Pure is a VMware Design Partner for the Cloud Native Storage and vSphere Virtual Volumes programs, providing persistent storage that enables true hybrid cloud mobility for containers running on VMware. Cloud Native Storage and vSphere Virtual Volumes enable workloads in Kubernetes environments to utilize Pure FlashArray™ as CSI-compliant persistent storage, bringing world-class all-flash performance and data services to containerized applications in addition to VMware vSphere environments.
  •  NVMe-oF with vSphere 7. Pure is VMware’s Design Partner for modern data fabric support on vSphere. With vSphere 7, VMware and Pure have worked to provide native end-to-end support for NVMe over Fabrics (NVME-oF) using Pure’s DirectFlash® Fabric. NVMe is a revolution in the storage world, providing lower latency and higher throughput than legacy SCSI devices. This capability unleashes the raw performance of the Pure FlashArray and maximizes performance density in the data center. Mutual customers can enjoy a modern data experience that maximizes the performance and consolidation of critical applications, VMs, and containers.

Read Full Story

Rackspace Technology Makes Significant Investment in Extending its VMware Multi-Cloud Solutions

Rackspace Technology™ (NASDAQ: RXT), a leading end-to-end multicloud technology solutions company, today announced it has strengthened its strategic alliance with VMware by expanding its managed services across VMware-based multicloud solutions. Rackspace Technology now includes support for Azure VMware Solution, Google Cloud VMware Engine, VMware Cloud on Dell EMC, Dell Technologies Cloud Platform (DTCP), and VMware Tanzu.

By expanding its portfolio of VMware multicloud solutions, Rackspace Technology is working to give customers the greatest choice in integrating VMware-based private clouds into multicloud solutions. A few key benefits:

  • Through managed services for the key hyperscalers, customers can accelerate their move to the cloud by extending their VMware environments to AWS, Azure and Google Cloud.
  • Rackspace Technology becomes the first MSP partner of VMware Cloud on Dell EMC where a new Cloud Center of Excellence (COE) has been established to provide mutual customers the ideal cloud service. This important milestone validates the attraction of this local cloud service.
  • By providing managed services for Dell Technologies Cloud Platform (DTCP), customers benefit from a hyper-converged infrastructure based on Dell VxRail and designed specifically for VMware-based software-defined data centers. This managed solution will help to reduce costs and the operational burden of running a private cloud. Rackspace Technology is one of Dell Technologies largest global DTCP certified partners. Organizations can develop, test, and run cloud native applications alongside legacy applications on a single platform.
  • Delivering managed services for VMware Tanzu provides a cohesive and nimble platform to support customers’ ongoing digital transformations.

Read Full Story

 

 

VMworld 2020 | First Day Summary

Posted on Updated on

VMworld 2020 DAY 1 is now in the books and a fellow co-worker did this fantastic write up. I cannot take not credit for this post expect reformatting it to be posted on my blog.

~Enjoy!

VMworld 2020 kicked off this morning and is continuing on throughout the night, ending early Oct 1st. VMworld this year is online, Free* and continuous delivery vmworld; stretching the globe.  Aptly themed “Together, Anything is Possible.”  (*A paid pass was available for deep dive, limited sessions)

I have summarized and linked the announcements, OnDemand sessions, note that any OnDemand session links will require a vmworld 2020 registered account to view the embedded videos.

VMware Announces Intent to Acquire SaltStack

Applications drive digital transformation, and application needs drive multi-cloud strategies. VMware’s cloud strategy has been defined by the notion that all roads lead to the app. VMware Cloud supports the broadest multi-cloud environment, spanning all clouds and application types to deliver consistent infrastructure and operations, and enable a consistent developer model. As any good strategy goes, we are continually listening to customers and looking for ways to improve our VMware Cloud portfolio. Today, I’m pleased to announce VMware’s intent to acquire SaltStack, a pioneer in building intelligent, event-driven automation software.

So, why is SaltStack important to VMware’s customers? Because time is money and speed is the new currency for digital transformation, VMware works hard to give customers a fast and simple path to cloud for their VMware-based workloads. We started by giving customers a home for these workloads in the cloud with VMware Cloud on AWS, which we build, run and sell alongside our strategic public cloud partner AWS. Over the past several years, this has expanded, and customers can now tun VMware-based workloads on every major hyperscaler and more than 200 Cloud Verified partners globally.

To get our customers to the cloud, we offer VMware HCX, which allows customers to literally mass migrate 1,000s of vSphere workloads in a short amount of time. Customers can automate infrastructure across clouds with VMware vRealize, and the next logical step was to enable more seamless onboarding and better cross-cloud orchestration with configuration management. This is what we are getting with SaltStack.

Once closed, SaltStack will allow us to deliver full-stack automation from infrastructure to applications with the ability to do software configuration inside VMs and containers. SaltStack has built a phenomenal open source community, which we will continue to grow and foster consistent with our open source strategy. And while our strategy has been one of supporting best-in-class choice of supporting configuration management, we believe many customers will want something simple and integrated.

Successful companies in this new era will not be the biggest or the fastest, but the ones that are agile, can adapt their business models to the needs of the current times and, simply put, are fast. And cloud is a key ingredient to deliver on that business agility, and we expect SaltStack will help our customers on their multi-cloud journey.

Read On Here

Keynote Recap 

Day 1 kicked off with an inspiring and informative general session led by VMware CEO, Pat Gelsinger. Focusing on the digital foundation for an unpredictable world with your business, your apps, and your data at the core.  Delivering five critical building blocks – app modernization, multi-cloud, digital workspace, virtual cloud network, and intrinsic security – to help our customers with their digital transformation. There were also several major announcements along with inspiring testimonials from across the globe.

Other notes:

  • ESXi being installed on SmartNics
  • Saying goodbye to Wi-Fi with Enterprise 5G
  • Open Radio Access Network, Software Defined 5G Network with VMware NSX

We also heard from VMware COO, Sanjay Poonen, starting with our five priorities being vertically delivered throughout healthcare, education, public sectors, retailers, and financial services industries. He also discussed VMware’s “any app, any cloud, any device” technology strategy with the help of Dormain Drewitz, Purnima Padmanabhan, and Lilit Div.

Several prominent thought leaders made an appearance, sharing their perspectives from their diverse industries. These luminaries included:

    • Claire Babineaux-Fontenot, Feeding America CEO, using VMware technology in their data centers to respond to their demands and delivering 1.5M lbs. of food to ensure no one goes home hungry.
    • John Donahoe, Nike CEO, using VMware products in their digital transformation to help deliver great consumer and employee experiences seamlessly.
    • Jensen Huang, NVIDIA CEO, announcing Project Monterey unleashing AI for every enterprise in accelerating data and security processing to line speed.
    • Lori Beer, JPMC, diving into their private cloud infrastructure where they are seeing their provisioning times decreased significantly with their key measure being speed of delivery.

The world has quickly changed this year, and it’s continuing to – but VMware is always ready to help you meet the need

View the Day One VMworld General Session OnDemand

We were also treated to a thought-provoking conversation with Lori Beer, Global CIO, JP Morgan Chase, joins Sanjay Poonen for a fireside chat. Beer will share her perspective on managing through a pandemic, transforming a business with technology, cyber security in the enterprise, and inclusive strategies for talent.  Also joining Sanjay, Indra Nooyi, former CEO of PepsiCo, on her perspective on transforming a business and the importance of creating an environment that everybody can bring their own self to. We also heard from Stephan Bancel, CEO of

Moderna, on how his team was able to pivot the company and work together to fight COVID-19.

View some of Sanjay’s Fireside Chats OnDemand:

  • Fireside Chat: Sanjay and Lori Beer, Global CIO, JP Morgan Chase [V13460D]
  • Fireside Chat: Sanjay and Indra Nooyi [VI3156]
  • Fireside Chat: Sanjay and Stephane Bancel [VI3157D]

Networking and Security

A huge focus on security is front and center at VMworld, here is a summary of the announcements.

Office workers, apps, data, and devices are increasingly distributed. And that creates new security, scale, and performance challenges. Of course, that’s in addition to the growing challenges we already face in our data centers and in operating across multiple clouds. Today, we announced several compelling innovations that will dramatically improve your organization’s security posture, starting with the VMware SASE Platform.

Hair pinning network traffic to enforce security policy has long been impractical. SASE makes it simple for you to bring essential network and security services near your end users, regardless of where they work. VMware SASE Platform takes advantage of VMware SD-WAN’s massive global footprint of more than 2,700 cloud service nodes across 130 points of presence (POPs).

The key components of the VMware SASE Secure Access Service Edge solution include:

  • VMware SD-WAN, our industry leading platform for transforming wide area networking.  The SD-WAN Maestro’s Hat Trick: VMware Named a Leader in the Gartner 2020 Magic Quadrant for WAN Edge Infrastructure
  • Cloud Access Service Broker (CASB), Secure Web Gateway (SWG) and remote browser isolation via our new collaboration with Menlo Security. These offerings will be sold and supported by VMware.
  • VMware NSX Stateful Layer 7 Firewall SaaS offering.
  • Zero Trust Network Access, which leverages VMware SD-WAN and VMware Workspace ONE in an integrated offering to provide optimal performance and policy-based access centered on the user and device identity for each connection.
  • Edge Network Intelligence, which is the integration of the technology we acquired from Nyansa. The solution uses machine learning-based predictive analytics to ensure SLAs are met, along with providing security and visibility to end-user and IoT devices.

While the SASE announcement is big news, there are several additional security announcements that I believe you’ll find of interest:

    • VMware Workspace Security VDI: VMware Workspace ONE Horizon and VMware Carbon Black Cloud are integrated into a single unified solution that leverages behavioral detection to protect against ransomware and file-less malware. On VMware vSphere, the solution is integrated into VMware Tools, removing the need to install and manage additional security agents.
    • VMware Workspace Security Remote: An integrated solution that provides endpoint management, endpoint security and remote IT for physical Mac and Windows 10 devices. The solution includes the next-generation antivirus, audit and remediation, and detection and response capabilities of Carbon Black Cloud. It also includes the analytics, automation, device health, orchestration, and zero-trust access of the Workspace ONE platform.
    • VMware Carbon Black Cloud Workload: Agentless security for virtual machines on vSphere—the realization of the vision that we articulated at VMworld 2019. This solution makes it much easier for infrastructure operations and security operations to collaborate.
      Security risk visibility is now built into VMware vCenter, providing the same visibility as seen in Carbon Black Cloud, thus streamlining collaboration and more proactive threat remediation. Security is now dynamically ingrained in the VM lifecycle as a part of VMware Tools, making security intrinsic to the infrastructure.
      VMware will offer a 6-month unlimited free trial of VMware Carbon Black Workload Essentials to all current customers with vSphere 6.5 and above, as well as VMware Cloud Foundation 4.0.
      We also plan to introduce a Carbon Black Cloud module for hardening and better securing Kubernetes workloads, giving security teams policy governance and control of their Kubernetes environments.
    • VMware NSX Advanced Threat Prevention brings the technology from our recent Lastline acquisition to the VMware NSX Service-defined Firewall. This solution is the only purpose-built, distributed, scale-out firewall designed to protect east-west traffic across multi-cloud environments. Lastline integration into the service-defined firewall uses unsupervised and supervised machine learning to identify threats and minimize false positives, with the ability to apply virtual patches at every workload and not just at the perimeter—an industry first.

We also announced several new capabilities across our network portfolio:

  • VMware Container Networking with Antrea: A commercial offering consisting of signed images and binaries and full support for open source Project Antrea. VMware Container Networking with Antrea will be included in VMware NSX-T and vSphere 7 with Tanzu. While Antrea can get you started, when you look to scale container networking across clusters, NSX-T will get you there.
  • NSX-T 3.1: New API-driven advanced routing and multicast capabilities, along with automated deployment of workflows through Terraform Provider.
  • VMware vRealize Network Insight 6.0 Network Assurance and Verification: Now leverages formal verification to gather network state build and model how the network functions. The model is then used to provide continuous verification of business policies across virtual, physical, and multi-cloud networks. This allows IT and network operations to discover potential brownouts before they occur.  Announcing vRealize Network Insight 6.0

More details about NSX-T 3.1 & Project Antrea in a section below

VMware vRealize Cloud Universal

On the cloud management front, we announced VMware vRealize Cloud Universal, which combines SaaS and on-premises management software into a single subscription license. This makes it easy to switch between vRealize Cloud solutions without acquiring different licensing.
We also introduced new federation capabilities for a consistent management experience across deployments, as well as Skyline integration, which provides a single integrated workflow to proactively identify and resolve potential and existing issues.

Read On Here

VMware vRealize AI

Starting in 2018, we previewed Project Magna. And now in 2020, we are once again delivering on technology showcased at previous VMworld conferences. Project Magna is now generally available as VMware vRealize AI, which uses reinforcement learning to self-tune application performance.

Early adopters have seen performance improvements as high as 50% for read-and-write I/O with the read-and-write cache optimizations that vRealize AI made to their vSAN environments. Best of all, this is just the beginning.
You will see more capabilities moving forward, bringing your organization a highly intelligent, self-optimizing infrastructure.

Read On Here

Announcing VMware Cloud Disaster Recovery: On-demand DRaaS to Protect your vSphere Workloads

We are very excited to announce VMware Cloud Disaster Recovery – a new VMware on-demand disaster recovery (DR) offering that will be delivered as a simple easy-to-use SaaS solution with the benefits of cloud economics. Based on technology from VMware’s recent acquisition of Datrium, it will enable IT and business continuity teams to resume critical business operations after a disaster event.

Disaster Recovery is Critical for Every Business, and DRaaS Adoption is on the Rise

 In a recent analyst survey, 76 percent of respondents reported an incident during the past two years that required an IT DR plan, while more than 50 percent reported at least two incidents (1). At the same time, cyberattacks are on the rise, increasing business risk. In 2019, 52 percent of global enterprise network security decision-makers had experienced at least one sensitive data breach in the past 12 months (2). And just this month, security researchers reported a seven-fold year-on-year increase in ransomware reports (3). Therefore, it’s no wonder that CxOs and board members increasingly care about DR.

Although organizations realize the importance of implementing a robust DR solution for business continuity, compliance with industry regulations, protection against disasters, ransomware and security breaches, traditional DR solutions can be complex, expensive, and unreliable, leaving many teams less than confident that their DR plan will work when needed. Hence, many are turning to disaster recovery as a service (DRaaS) because of its simplified operations and low total cost of ownership (TCO). In other words, many are seeing DR as an ultimate rentable IT service, and hence why DRaaS adoption is on the rise.

Read On Here

To get an even closer look at the solution, take the VMworld Hands-on Lab. Or check out our product page. Thank you!

Project Monterey Tech Preview

VMware has been pursuing SmartNIC virtualization and integration opportunities over the past couple of years.

Nvidia’s Blog     VMware’s Press Release

In March 2019, we demonstrated ESXi running on a SmartNIC. And last year at VMworld, we demonstrated four hypervisors running simultaneously on the same server with no nesting. Our vision for opportunities related to SmartNICs and composable infrastructure was further solidified at VMworld 2020 with the announcement of Project Monterey.

Applications, data, infrastructure, and security services are seeing increasingly demanding performance requirements. Simultaneously, IT organizations are looking to find greater opportunities for automation and efficiency. Project Monterey takes advantage of emergent hardware innovations to offer new approaches to hybrid cloud architecture and operations.

We’re sharing this information now to open doors for further opportunities to shape this innovation with our customers and technology partners. Leading SmartNIC vendors are already working with us on Project Monterey, which is currently centered around three key use cases:

  1. Network performance and security:Consider running security services such as a L4-7 firewall on SmartNIC, decoupling it from the host platform and achieving line rate performance. Organizations can further isolate tenants, running independent workloads on SmartNICs or even run multiple network functions in isolation on the SmartNIC via isolation provided by the hypervisor (e.g., ESXi on Arm).
    2. Storage performance and dynamic composition:As with networking, you have new opportunities for combinations of scale-up and scale-out architectures by taking advantage of processors on SmartNICs to accelerate a variety of storage functions, such as compression and encryption. Project Monterey will also provide further capabilities to scale storage capacity on-demand to meet performance or capacity requirements.
    3. Bare metal workloads and composability: This is where Project Monterey really gets interesting. Imagine running the ESXi control plane on a SmartNIC, freeing all the x86 host cores to run other workloads, inclusive of bare metal. That allows you to run workloads on bare metal, while still being able to integrate them with core SDDC services, such as VMware vSAN and NSX. From a flexibility perspective, these options take VMware Cloud Foundation to a new level in terms of the ability to dynamically support a variety of hardware interfaces, composing infrastructure on-demand.

For an in-depth look at Project Monterey, take a look at Kit Colbert’s blog post.

VMware Delivers the Next Wave of Virtual Cloud Network Innovation to Connect and Protect Today’s Distributed, Multi-Cloud Enterprise

            NSX-T 3.1, SmartNics & Project Antrea

Delivering the Next Wave of Virtual Cloud Network Innovation

VMware will deliver new Virtual Cloud Network innovations across three areas – automation that enables the public cloud experience; modern application connectivity and security services; and solutions that re-imagine what’s possible in network security.

Network Automation that Delivers a Public Cloud Experience: VMware will add more cloud automation and scale, uptime and resiliency, ML-based predictive analytics, and intelligence to the virtual cloud network. VMware NSX-T 3.1 will support even larger-scale global deployments and disaster recovery use cases and automated deployment workflows. VMware will double the scale of NSX Federation, add new API-driven advanced routing and multicast capabilities, and offer Terraform Provider support. VMware vRealize Network Insight 6.0 will bring new assurance and verification capabilities as well as expanded VMware SD-WAN visibility. These updates will enable better planning for virtual and physical networks, improved network uptime and resiliency, faster troubleshooting, and proactive identification of potential network problems based on intent, and more effectiveness in achieving service level agreements. VMware Edge Network Intelligence is a new AIOps solution based on technology acquired from Nyansa. It will provide automated and actionable intelligence that helps assure users and IoT devices on campus, in branches, or in the

home get the network performance they need to support applications.

Connecting and Protecting Modern Apps: Organizations looking to improve productivity, agility, and customer experience are embracing a container-based, micro-services architecture and standardizing on Kubernetes for container management. The connectivity and security needed to address microservices requirements while at the same time connecting Kubernetes clusters to the infrastructure introduces the need for a rich multilayer networking stack. VMware is extending the Virtual Cloud Network to connect and protect these environments through VMware Tanzu Service Mesh powered by NSX and support for Project Antrea, an open source that enables Kubernetes networking and security wherever Kubernetes runs including on-premise vSphere, public clouds as well as edge. Tanzu Service Mesh includes new capabilities focused on improving application continuity, resiliency, and security. The new VMware Container Networking with Antrea is a commercial offering consisting of signed images and binaries and full support for Project Antrea. VMware Container Networking with Antrea will be included in VMware NSX-T and vSphere 7 with Tanzu. Applications running on Kubernetes clusters using Antrea as the Container Networking Interface (CNI) can be discovered, connected, and better protected by Tanzu Service Mesh.

Re-imagining Network Security: VMware will deliver unmatched levels of firewall performance and programmable intelligence to the Virtual Cloud Network by enabling VMware NSX to run on leading SmartNICs. This includes advanced security for bare metal and highly sensitive workloads such as databases which are hard to protect today. Additionally, it enables “air gapping” of infrastructure, separating applications and hypervisors from the security controls on the SmartNIC. VMware is also announcing VMware NSX Advanced Threat Prevention, which combines NSX Distributed IDS/IPS with advanced malware detection (sandboxing) and AI-powered network traffic analysis (NTA) acquired from Lastline, Inc. These NTA capabilities use unsupervised and supervised ML machine learning models to more accurately identify threats and minimize false positives compared to other network traffic analysis tools. The solution delivers an industry-first ability to apply virtual patches at every workload, something traditionally only implemented at the perimeter, enabling more effective response to sophisticated threats before they disrupt business.

Read On Here

Additional VMware & Nvidia Partnership Announcements

VMware and NVIDIA announced that, together, they will deliver an end-to-end enterprise platform for AI as well as a new architecture for data center, cloud and edge that uses NVIDIA DPUs to support existing and next-generation applications.

“We’re going to bring the power of AI to every enterprise. We’re going to bring the NVIDIA AI computing platform and our AI application frameworks onto VMware,” Huang said.

Through this collaboration, the rich set of AI software available on the NVIDIA NGC hub will be integrated into VMware vSphere, VMware Cloud Foundation and VMware Tanzu.

“For every virtual infrastructure admin, we have millions of people that know how to run the vSphere stack,” Gelsinger said. “They’re running it every day, all day long, it’s now the same tools, the same processes, the same networks, the same security, is now fully being made available on the GPU infrastructure.”

Ref: Understanding DPU, (CPU & GPU)

Multi-Cloud

As with our technology strategy, we remain focused on aligning our innovations toward a multi-cloud future that offers consistent infrastructure and operations, along with a native developer experience.

IT operations should not have barriers to managing and operating data center, multi-cloud, and edge environments. Customers should have a consistent and well-integrated set of tools and processes. Developers should also have the flexibility to use their tools and APIs of choice.  Today, VMware admins can simply provision a Kubernetes namespace to developers, and ops can manage all the underlying infrastructure considerations using their tools of choice. The same holds true for managing applications and services in public clouds.

VMware solutions help IT operations manage and monitor environments, enforce policy and automate remediations without impacting developers’ ability to use the tools and APIs offered by the cloud provider. With that as the strategic backdrop, let’s dig into our multi-cloud announcements.

Azure VMware Solution

Following the announcement that Azure VMware Solution is generally available, there is now a production VMware footprint in every major public cloud:

  • AWS
  • Azure
  • Google Cloud
  • IBM Cloud
  • Oracle Cloud

With the Azure VMware Solution, organizations benefit from the cost savings of Azure Hybrid Benefit, integration with Microsoft Office 365 and other native Azure services, as well as Azure console integration.

There are also several new capabilities for VMware Cloud on AWS, including:

  • VMware Cloud Disaster Recovery: On-demand Disaster Recovery as a Service (DRaaS) that gives you cloud economies and is backed by Amazon S3 storage. The Live Pilot Light option provides instant power-on for VMs running on VMware Cloud on AWS. The service includes several compelling features, including no VM format conversions, continuous DR health checks, built-in audit reports and optimized failbacks.
  • VMware Tanzu support: Makes it simple to extend on-premises Tanzu deployments to VMC and across clouds.
  • VMware Transit Connect: Provides any-to-any connectivity between on-premises, VMC on AWS SDDCs and AWS VPCs using AWS Transit Gateway and AWS Direct Connect Gateway.
  • New regional compliance listings (G-Cloud, HIPAA BAA, EBA) and white papers (UK NCSC 14 Principles, FISC).
  • Enhanced automation and operations: Expanded vRealize Operations, Cloud Automation, Orchestrator, Log Insight and Network Insight support.
  • Enhanced HCX capabilities: Replication Assisted vMotion, local routing for migrated VMs and migration grouping.

VMware Cloud on Dell EMC

Interest continues to grow in VMware Cloud on Dell EMC, which allows you to realize the benefit of cloud IaaS with the flexibility to run the service in your on-premises data center. VMware Cloud on Dell EMC now includes support for VMware HCX-based workload migration, making it simple to migrate VMs to the new environment.

In addition, several compliance and regulatory certifications have been achieved, including:

  • EU GDPR compliance
  • ISO 27001
  • ISO 27018
  • AICPA SOC 2
  • CCPA compliance

There are also many more performance, scalability and sizing options, which you can read about here.

Announcements links in short

Missed out on day 1? Don’t worry, there’s still time to register for another innovative day at VMworld 2020 and access to the OnDemand Sessions. Get up to speed with our Know Before You Go.