Using vRealize Log Insight to troubleshoot #ESXi 7 Error – Host hardware voltage System board 18 VBAT
This blog post demonstrates how I used vRLI to solve what seemed like a complex issue and it helped to simplify the outcome. I use vRLI all the time to parse log files from my devices (hosts, VM’s, etc.), pinpoint data, and resolve issues. In this case a simple CMOS battery was the issue but its the power of vRLI that allowed me to find detailed enough information to pinpoint the problem.
Recently I was doing some updates on my Home Lab Gen 7 and I noticed this error kept popping up – ‘Host hardware voltage’. At first I started thinking, might be time for a new power supply, this seems pretty serious.
Next I started looking into this error. On the host I went into Monitor > Hardware Health > Sensors. The first sensor to appear gave me some detail around the sensor fault but not quite enough information to figure out what the issue was. I noted the sensor information – ‘System Board 18 VBAT’
I went into the Supermicro Management interface to see if I could find out more information. I found some more information around VBAT. Looks like 3.3v DC is what its expecting, and the event log seems to be registering errors around it, but still not enough to know what exactly is faulting.
With this information I launched vRLI and went into Interactive Analytics. I choose the last 48 hours and typed ‘vbat’ into the search field. The first hit that came up stated – ‘Sensor 56 type voltage, Description System Board 18 VBAT state assert for…’ This was very simlar to the errors I noted from ESXi and from the Supermicro motherboard.
Finally, a quick google led me to Intel webpage. Turns out VBAT was just a CMOS battery issue.
I powered down the host and pulled out the old CMOS battery. The old battery was pretty warm to the touch. When I placed in on a volt meter and it read less than one volt.
I checked the voltage on the new battery, it came back with 3.3v and inserted into the host. Since the change the system board has not reported any new errors.
Next I go into vRNI to ensure the error has disappeared from the logs. I type in ‘vbat’, set my date/time range, and view the results. From the results, you can see that the errors stopped about 16:00 hours. That is about the time I put the new battery in, and you see its been error free from for the last hour. Over the next day or two I’ll check back and make sure its error free. Additionally, if I wanted to I could setup and alarm to trigger if the log entry returns.
Its results like this is why I like using vRLI to help me troubleshoot, resolve, alert, and monitor results.
If you like my ‘no-nonsense’ videos and blogs that get straight to the point… then post a comment or let me know… Else, I’ll start posting really boring content!
Update to VMware Security-Advisory VMSA-2020-0023.1 | Critical, Important CSSv3 5.9-9.8 OpenSLP | New ESXi Patches Released
VMware Security team released this updated information, follow up with VMware if you have questions.
Important Update Notes
The ESXi patches released on October 20, 2020 did not address CVE-2020-3992 completely. The ESXi patches listed in the Response Matrix in section 3a have been updated to contain the complete fix for CVE-2020-3992.
In Reference to OpenSLP vulnerability in Section 3a
VMware ESXi 7.0 ESXi70U1a-17119627 (Updated)
Note; VMware Cloud Foundation ESXi 3.x & 4.x are still pending at this time.
- VMware vCenter
- VMware Workstation Pro / Player (Workstation)
- VMware Fusion Pro / Fusion (Fusion)
- VMware Cloud Foundation
|Issue date:||10/20/2020 and updated 11/04/2020|
|Synopsis:||VMware ESXi, vCenter, Workstation, Fusion and NSX-T updates address multiple security vulnerabilities|
|CVE numbers:||CVE-2020-3981 CVE-2020-3982 CVE-2020-3992 CVE-2020-3993 CVE-2020-3994 CVE-2020-3995|
|1. Impacted Products|
|Multiple vulnerabilities in VMware ESXi, Workstation, Fusion and NSX-T were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.|
|3a. ESXi OpenSLP remote code execution vulnerability (CVE-2020-3992)||Critical|
|IMPORTANT: The ESXi patches released on October 20, 2020 did not address CVE-2020-3992 completely, see section (3a) Notes for an update.
Known Attack Vectors
A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution.
Resolution To remediate CVE-2020-3992 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
Workarounds Workarounds for CVE-2020-3992 have been listed in the ‘Workarounds’ column of the ‘Response Matrix’ below.
The ESXi patches released on October 20, 2020 did not address CVE-2020-3992 completely. The ESXi patches listed in the Response Matrix below are updated versions that contain the complete fix for CVE-2020-3992.
|Product||Version||Running On||CVE Identifier||CVSSv3||Fixed Version||Workarounds|
|Cloud Foundation (ESXi)||4.x||Any||CVE-2020-3992||9.8||Patch Pending||KB76372|
|Cloud Foundation (ESXi)||3.x||Any||CVE-2020-3992||9.8||Patch Pending||KB76372|
|Only section 3a has been updated at this time; The rest of the VMSA is the same; only the links to the new ESX 7U1a and 6.7 updates have been included below this line.|
|3b. NSX-T Man-in-the-Middle vulnerability MITM (CVE-2020-3993)||Important|
VMware NSX-T contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.5.Known Attack Vectors A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node.Resolution To remediate CVE-2020-3993 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
|Product||Version||Running On||CVE Identifier||CVSSv3||Fixed Version||Workarounds|
|Cloud Foundation (NSX-T)||4.x||Any||CVE-2020-3993||7.5||4.1||None|
|Cloud Foundation (NSX-T)||3.x||Any||CVE-2020-3993||7.5||18.104.22.168||None|
|3c. Time-of-check to time-of-use TOCTOU out-of-bounds read vulnerability (CVE-2020-3981)||Important|
VMware ESXi, Workstation and Fusion contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1.Known Attack Vectors A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.Resolution To remediate CVE-2020-3981 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
|Product||Version||Running On||CVE Identifier||CVSSv3||Fixed Version||Workarounds|
|Cloud Foundation (ESXi)||4.x||Any||CVE-2020-3981||7.1||4.1||None|
|Cloud Foundation (ESXi)||3.x||Any||CVE-2020-3981||7.1||3.10.1||None|
|3d. TOCTOU out-of-bounds write vulnerability (CVE-2020-3982)|
VMware ESXi, Workstation and Fusion contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.9.Known Attack Vectors A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine’s vmx process or corrupt hypervisor’s memory heap.
Resolution To remediate CVE-2020-3982 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
|Product||Version||Running On||CVE Identifier||CVSSv3||Fixed Version||Workarounds|
|Cloud Foundation (ESXi)||4.x||Any||CVE-2020-3982||5.9||4.1||None|
|Cloud Foundation (ESXi)||3.x||Any||CVE-2020-3982||5.9||3.10.1||None|
|3e. vCenter Server update function MITM vulnerability (CVE-2020-3994)||Important|
|Description: VMware vCenter Server contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.5.
Known Attack Vectors A malicious actor with network positioning between vCenter Server and an update repository may be able to perform a session hijack when the vCenter Server Appliance Management Interface is used to download vCenter updates.
Resolution To remediate CVE-2020-3994 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
|Product||Version||Running On||CVE Identifier||CVSSv3||Fixed Version||Workarounds|
|Cloud Foundation (vCenter)||4.x||Any||CVE-2020-3994||N/A||Unaffected||N/A|
|Cloud Foundation (vCenter)||3.x||Any||CVE-2020-3994||7.5||3.9.0||None|
|3f. VMCI host driver memory leak vulnerability (CVE-2020-3995)||Important|
|Description: The VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1.
Known Attack Vectors A malicious actor with access to a virtual machine may be able to trigger a memory leak issue resulting in memory resource exhaustion on the hypervisor if the attack is sustained for extended periods of time.
Resolution To remediate CVE-2020-3995 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
|Product||Version||Running On||CVE Identifier||CVSSv3||Fixed Version||Workarounds|
|Cloud Foundation (ESXi)||4.x||Any||CVE-2020-3995||N/A||Unaffected||N/A|
|Cloud Foundation (ESXi)||3.x||Any||CVE-2020-3995||7.1||3.9.0||None|
|VMware ESXi 7.0 ESXi70U1a-17119627 (Updated)
VMware ESXi670-202008101-SG (Included with August’s Release of ESXi670-202008001)
VMware vCenter Server 6.7u3
VMware vCenter Server 6.5u3k
VMware Workstation Pro 15.6
VMware NSX-T 22.214.171.124.0
VMware vCloud Foundation 4.1
VMware vCloud Foundation 3.10.1 & 3.10.1
VMware vCloud Foundation 3.9.0
FIRST CVSSv3 Calculator:
|5. Change Log|
|2020-10-20 VMSA-2020-0023 Initial security advisory.
2020-11-04 VMSA-2020-0023.1 Updated ESXi patches for section 3a
|This enablement email derives from our VMware Security Advisory and is accurate at the time of creation. Bulletins maybe updated periodically, when using this email as future reference material, please refer to the full & updated VMware Security Advisory VMSA-2020-0023.1|
Not to long ago I updated my Gen 4 Home Lab to Gen 5 and I posted many blogs and video around this. The Gen 5 Lab ran well for vSphere 6.7 deployments but moving into vSphere 7.0 I had a few issues adapting it. Mostly these issues were with the design of the Jingsha Motherboard. I noted most of these challenges in the Gen 5 wrap up video. Additionally, I had some new networking requirements mainly around adding multiple Intel NIC ports and Home Lab Gen 5 was not going to adapt well or would be very costly to adapt. These combined adaptions forced my hand to migrate to what I’m calling Home Lab Gen 7. Wait a minute, what happen to Home Lab Gen 6? I decided to align my Home Lab Generation numbers to match vSphere release number, so I skipped Gen 6 to align.
First: I review my design goals:
- Be able to run vSphere 7.x and vSAN Environment
- Reuse as much as possible from Gen 5 Home lab, this will keep costs down
- Choose products that bring value to the goals, are cost effective, and if they are on the VMware HCL that a plus but not necessary for a home lab
- Keep networking (vSAN / FT) on 10Gbe MikroTik Switch
- Support 4 x Intel Gbe Networks
- Ensure there will be enough CPU cores and RAM to be able to support multiple VMware products (ESXi, VCSA, vSAN, vRO, vRA, NSX, LogInsight)
- Be able to fit the the environment into 3 ESXi Hosts
- The environment should run well, but doesn’t have to be a production level environment
Second – Evaluate Software, Hardware, and VM requirements:
My calculated numbers from my Gen 5 build will stay rather static for Gen 7. The only update for Gen 7 is to use the updated requirements table which can be found here >> ‘HOME LABS: A DEFINITIVE GUIDE’
Third – Home Lab Design Considerations
This too will be very similar to Gen 5, but I do review this table and made any last changes to my design
Four – Choosing Hardware
Based on my estimations above I’m going to need a very flexible Mobo, supporting lots of RAM, good network connectivity, and should be as compatible as possible with my Gen 5 hardware. I’ve reused many parts from Gen 5 but the main change came with the Supermicro Motherboard and the addition of 2TB SAS HDD listed below.
Note: I’ve listed the newer items in Italics all other parts I’ve carried over from Gen 5.
- My Gen 7 Home Lab is based on vSphere 7 (VCSA, ESXi, and vSAN) and it contains 3 x ESXi Hosts, 1 x Windows 10 Workstation, 4 x Cisco Switches, 1 x MikroTik 10gbe Switch, 2 x APC UPS
- Rosewill RISE Glow EATX (Newegg $54)
- CPU: Xeon E5-2640 v2 8 Cores / 16 HT (Ebay $30 each)
- CPU Cooler: DEEPCOOL GAMMAXX 400 (Amazon $19)
- 128GB DDR3 ECC RAM (Ebay $170)
- 64GB USB Thumb Drive (Boot)
- 2 x 200 SAS SSD (vSAN Cache)
- 2 x 2TB SAS HDD (vSAN Capacity – See this post)
- 1 x 2TB SATA (Extra Space)
- SAS Controller:
- 1 x IBM 5210 JBOD (Ebay)
- CableCreation Internal Mini SAS SFF-8643 to (4) 29pin SFF-8482 (Amazon $18)
- Motherboard Integrated i350 1gbe 4 Port
- 1 x MellanoxConnectX3 Dual Port (HP INFINIBAND 4X DDR PCI-E HCA CARD 452372-001)
- Power Supply:
- Antec Earthwatts 500-600 Watt (Adapters needed to support case and motherboard connections)
- Core VM Switches:
- 2 x Cisco 3650 (WS-C3560CG-8TC-S 8 Gigabit Ports, 2 Uplink)
- 2 x Cisco 2960 (WS-C2960G-8TC-L)
- 10gbe Network:
Battery Backup UPS:
- 2 x APC NS1250
Windows 10 Workstation:
- Case: Phanteks Enthoo Pro series PH-ES614PC_BK Black Steel
- Motherboard: MSI PRO Z390-A PRO
- CPU: Intel Core i7-8700
- RAM: 64GB DDR4 RAM
- 1TB NVMe
Thanks for reading, please do reach out if you have any questions.
If you like my ‘no-nonsense’ videos and blogs that get straight to the point… then post a comment or let me know… Else, I’ll start posting really boring content!
The VMware Office of the CTO Ambassadors (CTOA) is an internal VMware program which allows field employees to connect and advocate their customer needs inside of VMware. Additionally, the CTOA program enables field employees to engage in initiates to better serve our customers. This past year I’ve been working on an CTOA initiative known as Nonprofit Connect (NPC). NPC has partnered with the VMware Foundation to help VMware Non-profit customers through more effective and sustainable technology. Part of this program was creating and updating an enablement guide which helps Non-Profits gain access to resources. This resource is open to all our customers and is publicly posted >> NPC Enablement Guide
Michelle Kaiser is leading the Nonprofit Connect initiative and from what I’ve seen she and the team are doing a great job — Keep up the good work!
More information around NPC, CTOA, and the VMware Foundation can be found in the links below:
VMware Announced the GA Releases of VMware NSX-T Data Center 3.1
See the base table for all the technical enablement links including VMworld 2020 sessions and new Hands On Labs.
|VMware NSX-T Data Center 3.1.0 | Build 17107167|
|NSX-T Data Center 3.1 includes a large list of new features to offer new functionalities for virtualized networking and security for private, public, and multi-clouds. Highlights include new features and enhancements in the following focus areas:
In addition to these enhancements, the following capabilities and improvements have been added.
Support for standby Global Manager Cluster
Global Manager can now have an active cluster and a standby cluster in another location. Latency between active and standby cluster must be a maximum of 150ms round-trip time.
With the support of Federation upgrade and Standby GM, Federation is now considered production ready.
Change the display name for TCP/IP stack: The netstack keys remain “vxlan” and “hyperbus” but the display name in the UI is now “nsx-overlay” and “nsx-hyperbus”.
The display name will change in both the list of Netstacks and list of VMKNICs
This change will be visible with vCenter 6.7
Improvements in L2 Bridge Monitoring and Troubleshooting
Consistent terminology across documentation, UI and CLI
Addition of new CLI commands to get summary and detailed information on L2 Bridge profiles and stats
Log messages to identify the bridge profile, the reason for the state change, as well as the logical switch(es) impacted
Support TEPs in different subnets to fully leverage different physical uplinks
A Transport Node can have multiple host switches attaching to several Overlay Transport Zones. However, the TEPs for all those host switches need to have an IP address in the same subnet. This restriction has been lifted to allow you to pin different host switches to different physical uplinks that belong to different L2 domains.
Improvements in IP Discovery and NS Groups: IP Discovery profiles can now be applied to NS Groups simplifying usage for Firewall Admins.
Policy API enhancements
Ability to configure BFD peers on gateways and forwarding up timer per VRF through policy API.
Ability to retrieve the proxy ARP entries of gateway through policy API.
NSX-T 3.1 is a major release for Multicast, which extends its feature set and confirms its status as enterprise ready for deployment.
Support for Multicast Replication on Tier-1 gateway. Allows to turn on multicast for a Tier-1 with Tier-1 Service Router (mandatory requirement) and have Multicast receivers and sources attached to it.
Support for IGMPv2 on all downlinks and uplinks from Tier-1
Support for PIM-SM on all uplinks (config max supported) between each Tier-0 and all TORs (protection against TOR failure)
Ability to run Multicast in A/S and Unicast ECMP in A/A from Tier-1 → Tier-0 → TOR
Please note that Unicast ECMP will not be supported from ESXi host → T1 when it is attached to a T1 which also has Multicast enabled.
Support for static RP programming and learning through BS & Support for Multiple Static RPs
Distributed Firewall support for Multicast Traffic
Improved Troubleshooting: This adds the ability to configure IGMP Local Groups on the uplinks so that the Edge can act as a receiver. This will greatly help in triaging multicast issues by being able to attract multicast traffic of a particular group to Edge.
Inter TEP communication within the same host: Edge TEP IP can be on the same subnet as the local hypervisor TEP.
Support for redeployment of Edge node: A defunct Edge node, VM or physical server, can be replaced with a new one without requiring it to be deleted.
NAT connection limit per Gateway: The maximum NAT sessions can be configured per Gateway.
Improvements in FQDN-based Firewall: You can define FQDNs that can be applied to a Distributed Firewall. You can either add individual FQDNs or import a set of FQDNs from CSV files.
Firewall Usability Features
NSX-T will have a Distributed Intrusion Prevention System. You can block threats based on signatures configured for inspection.
Enhanced dashboard to provide details on threats detected and blocked.
IDS/IPS profile creation is enhanced with Attack Types, Attack Targets, and CVSS scores to create more targeted detection.
HTTP server-side Keep-alive: An option to keep one-to-one mapping between the client side connection and the server side connection; the backend connection is kept until the frontend connection is closed.
HTTP cookie security compliance: Support for “httponly” and “secure” options for HTTP cookie.
A new diagnostic CLI command: The single command captures various troubleshooting outputs relevant to Load Balancer.
TCP MSS Clamping for L2 VPN: The TCP MSS Clamping feature allows L2 VPN session to pass traffic when there is MTU mismatch.
NSX-T Terraform Provider support for Federation: The NSX-T Terraform Provider extends its support to NSX-T Federation. This allows you to create complex logical configurations with networking, security (segment, gateways, firewall etc.) and services in an infra-as-code model. For more details, see the NSX-T Terraform Provider release notes.
Conversion to NSX-T Policy Neutron Plugin for OpenStack environment consuming Management API: Allows you to move an OpenStack with NSX-T environment from the Management API to the Policy API. This gives you the ability to move an environment deployed before NSX-T 2.5 to the latest NSX-T Neutron Plugin and take advantage of the latest platform features.
Ability to change the order of NAT and FWLL on OpenStack Neutron Router: This gives you the choice in your deployment for the order of operation between NAT and FWLL. At the OpenStack Neutron Router level (mapped to a Tier-1 in NSX-T), the order of operation can be defined to be either NAT then firewall or firewall then NAT. This is a global setting for a given OpenStack Platform.
NSX Policy API Enhancements: Ability to filter and retrieve all objects within a subtree of the NSX Policy API hierarchy. In previous version filtering was done from the root of the tree policy/api/v1/infra?filter=Type-, this will allow you to retrieve all objects from sub-trees instead. For example, this allows a network admin to look at all Tier-0 configurations by simply /policy/api/v1/infra/tier-0s?filter=Type- instead of specifying from the root all the Tier-0 related objects.
NSX-T support with vSphere Lifecycle Manager (vLCM): Starting with vSphere 7.0 Update 1, VMware NSX-T Data Center can be supported on a cluster that is managed with a single vSphere Lifecycle Manager (vLCM) image. As a result, NSX Manager can be used to install, upgrade, or remove NSX components on the ESXi hosts in a cluster that is managed with a single image.
Simplification of host/cluster installation with NSX-T: Through the “Getting Started” button in the VMware NSX-T Data Center user interface, simply select the cluster of hosts that needs to be installed with NSX, and the UI will automatically prompt you with a network configuration that is recommended by NSX based on your underlying host configuration. This can be installed on the cluster of hosts thereby completing the entire installation in a single click after selecting the clusters. The recommended host network configuration will be shown in the wizard with a rich UI, and any changes to the desired network configuration before NSX installation will be dynamically updated so users can refer to it as needed.
Enhancements to in-place upgrades: Several enhancements have been made to the VMware NSX-T Data Center in-place host upgrade process, like increasing the max limit of virtual NICs supported per host, removing previous limitations, and reducing the downtime in data path during in-place upgrades. Refer to the VMware NSX-T Data Center Upgrade Guide for more details.
Reduction of VIB size in NSX-T: VMware NSX-T Data Center 3.1.0 has a smaller VIB footprint in all NSX host installations so that you are able to install ESX and other 3rd party VIBs along with NSX on their hypervisors.
Enhancements to Physical Server installation of NSX-T: To simplify the workflow of installing VMware NSX-T Data Center on Physical Servers, the entire end-to-end physical server installation process is now through the NSX Manager. The need for running Ansible scripts for configuring host network connectivity is no longer a requirement.
ERSPAN support on a dedicated network stack with ENS: ERSPAN can now be configured on a dedicated network stack i.e., vmk stack and supported with the enhanced NSX network switch i.e., ENS, thereby resulting in higher performance and throughput for ERSPAN Port Mirroring.
Singleton Manager with vSphere HA: NSX now supports the deployment of a single NSX Manager in production deployments. This can be used in conjunction with vSphere HA to recover a failed NSX Manager. Please note that the recovery time for a single NSX Manager using backup/restore or vSphere HA may be much longer than the availability provided by a cluster of NSX Managers.
Log consistency across NSX components: Consistent logging format and documentation across different components of NSX so that logs can be easily parsed for automation and you can efficiently consume the logs for monitoring and troubleshooting.
Support for Rich Common Filters: This is to support rich common filters for operations features like packet capture, port mirroring, IPFIX, and latency measurements for increasing the efficiency of customers while using these features. Currently, these features have either very simple filters which are not always helpful, or no filters leading to inconvenience.
CLI Enhancements: Several CLI related enhancements have been made in this release:
CLI “get” commands will be accompanied with timestamps now to help with debugging
GET / SET / RESET the Virtual IP (VIP) of the NSX Management cluster through CLI
§ While debugging through the central CLI, run ping commands directly on the local machines eliminating extra steps needed to log in to the machine and do the same
§ View the list of core on any NSX component through CLI
§ Use the “*” operator now in CLI
§ Commands for debugging L2Bridge through CLI have also been introduced in this release
Distributed Load Balancer Traceflow: Traceflow now supports Distributed Load Balancer for troubleshooting communication failures from endpoints deployed in vSphere with Tanzu to a service endpoint via the Distributed Load Balancer.
Events and Alarms
ERSPAN for ENS fast path: Support port mirroring for ENS fast path.
System Health Plugin Enhancements: System Health plugin enhancements and status monitoring of processes running on different nodes to ensure that system is running properly by on-time detection of errors.
Live Traffic Analysis & Tracing: A live traffic analysis tool to support bi-directional traceflow between on-prem and VMC data centers.
Latency Statistics and Measurement for UA Nodes: Latency measurements between NSX Manager nodes per NSX Manager cluster and between NSX Manager clusters across different sites.
Performance Characterization for Network Monitoring using Service Insertion: To provide performance metrics for network monitoring using Service Insertion.
Graphical Visualization of VPN: The Network Topology map now visualizes the VPN tunnels and sessions that are configured. This aids you to quickly visualize and troubleshoot VPN configuration and settings.
Dark Mode: NSX UI now supports dark mode. You can toggle between light and dark mode.
Firewall Export & Import: NSX now provides the option for you to export and import firewall rules and policies as CSVs.
Enhanced Search and Filtering: Improved the search indexing and filtering options for firewall rules based on IP ranges.
Reducing Number of Clicks: With this UI enhancement, NSX-T now offers a convenient and easy way to edit Network objects.
Multiple license keys: NSX now has the ability to accept multiple license keys of same edition and metric. This functionality allows you to maintain all your license keys without having to combine your license keys.
License Enforcement: NSX-T now ensures that users are license-compliant by restricting access to features based on license edition. New users will be able to access only those features that are available in the edition that they have purchased. Existing users who have used features that are not in their license edition will be restricted to only viewing the objects; create and edit will be disallowed.
New VMware NSX Data Center Licenses: Adds support for new VMware NSX Firewall and NSX Firewall with Advanced Threat Prevention license introduced in October 2020, and continues to support NSX Data Center licenses (Standard, Professional, Advanced, Enterprise Plus, Remote Office Branch Office) introduced in June 2018, and previous VMware NSX for vSphere license keys. See VMware knowledge base article 52462 for more information about NSX licenses.
Security Enhancements for Use of Certificates And Key Store Management: With this architectural enhancement, NSX-T offers a convenient and secure way to store and manage a multitude of certificates that are essential for platform operations and be in compliance with industry and government guidelines. This enhancement also simplifies API use to install and manage certificates.
Alerts for Audit Log Failures: Audit logs play a critical role in managing cybersecurity risks within an organization and are often the basis of forensic analysis, security analysis and criminal prosecution, in addition to aiding with diagnosis of system performance issues. Complying with NIST-800-53 and industry-benchmark compliance directives, NSX offers alert notification via alarms in the event of failure to generate or process audit data.
Custom Role Based Access Control: Users desire the ability to configure roles and permissions that are customized to their specific operating environment. The custom RBAC feature allows granular feature-based privilege customization capabilities enabling NSX customers the flexibility to enforce authorization based on least privilege principles. This will benefit users in fulfilling specific operational requirements or meeting compliance guidelines. Please note in NSX-T 3.1, only policy based features are available for role customization.
FIPS – Interoperability with vSphere 7.x: Cryptographic modules in use with NSX-T are FIPS 140-2 validated since NSX-T 2.5. This change extends formal certification to incorporate module upgrades and interoperability with vSphere 7.0.
Migration of NSX for vSphere Environment with vRealize Automation: The Migration Coordinator now interacts with vRealize Automation (vRA) in order to migrate environments where vRealize Automation provides automation capabilities. This will offer a first set of topologies which can be migrated in an environment with vRealize Automation and NSX-T Data Center. Note: This will require support on vRealize Automation.
Modular Distributed Firewall Config Migration: The Migration Coordinator is now able to migrate firewall configurations and state from a NSX Data Center for vSphere environment to NSX-T Data Center environment. This functionality allows a customer to do migrate virtual machines (using vMotion) from one environment to the other and keep their firewall rules and state.
Migration of Multiple VTEP: The NSX Migration Coordinator now has the ability to migrate environments deployed with multiple VTEPs.
Increase Scale in Migration Coordinator to 256 Hosts: The Migration Coordinator can now migrate up to 256 hypervisor hosts from NSX Data Center for vSphere to NSX-T Data Center.
Migration Coordinator coverage of Service Insertion and Guest Introspection: The Migration Coordinator can migrate environments with Service Insertion and Guest Introspection. This will allow partners to offer a solution for migration integrated with complete migrator workflow.
|API Deprecations and Behavior Changes
Retention Period of Unassigned Tags: In NSX-T 3.0.x, NSX Tags with 0 Virtual Machines assigned are automatically deleted by the system after five days. In NSX-T 3.1.0, the system task has been modified to run on a daily basis, cleaning up unassigned tags that are older than one day. There is no manual way to force delete unassigned tags.
|Release Notes||Click Here | What’s New | General Behavior Changes | API and CLI Resources | Resolved Issues | Known Issues|
|docs.vmware.com/NSX-T||Installation Guide | Administration Guide | Upgrade Guide | Migration Coordinator | VMware NSX Intelligence|
|Upgrading Docs||Upgrade Checklist | Preparing to Upgrade | Upgrading | Upgrading NSX Cloud Components | Post-Upgrade Tasks|
|Installation Docs||Preparing for Installation | NSX Manager Installation | | Installing NSX Manager Cluster on vSphere | Installing NSX Edge|
|Migrating Docs||Migrating NSX Data Center for vSphere | Migrating vSphere Networking | Migrating NSX Data Center for vSphere with vRA|
|Requirements Docs||NSX Manager Cluster | System | NSX Manager VM & Host Transport Node System
NSX Edge VM System | NSX Edge Bare Metal | Bare Metal Server System | Bare Metal Linux Container
|Compatibility Information||Ports Used | Compatibility Guide (Select NSX-T) | Product Interoperability Matrix ||
|Hands On Labs (New)||HOL-2103-01-NET – VMware NSX for vSphere Advanced Topics|
|VMworld 2020 Sessions||Update on NSX-T Switching: NSX on VDS (vSphere Distributed Switch) VCNC1197|
|Blogs||NSX-T 3.0 – Innovations in Cloud, Security, Containers, and Operations|
VCSA 7 Error in method invocation [Errno 2] No such file or directory: ‘/storage/core/software-update/updates/index’
This could be my shortest blog to date, but it’s still good to note this error.
In my home lab I wanted to update my VCSA 7 appliance to 7.0u1. I went into the VCSA Management site, choose update, and the auto update started to look for files in the default repository. Then I got the following error:
Error in method invocation [Errno 2] No such file or directory: ‘/storage/core/software-update/updates/index’
Doing a bit of research I found out, when the VCSA cannot locate the default vmware.com site repository, then the VSCA will display this error.
In my case, my VCSA could not access the internet so it couldn’t locate the repository. Once I corrected a network issue, the VCSA was able to access the repository and it downloaded the upgrade options.
If you like my ‘no-nonsense’ blog articles that get straight to the point… then post a comment or let me know… Else, I’ll start writing boring blog content.
VMware announced the GA Releases of the following: VMware PowerCLI 12.1.0
See the base table for all the technical enablement links including a VMworld 2020 session and new Hands On Lab
|VMware PowerCLI is a command-line and scripting tool built on Windows PowerShell, and provides more than 700 cmdlets for managing and automating vSphere, VMware Cloud Director, vRealize Operations Manager, vSAN, NSX-T, VMware Cloud Services, VMware Cloud on AWS, VMware HCX, VMware Site Recovery Manager, and VMware Horizon environments.
|VMware PowerCLI 12.1.0 introduces the following new features, changes, and improvements:
Added cmdlets for
Added support for
|Ensure the following software is present on your system
|In VMware PowerCLI 12.1.0, the following modules have been updated:
|Release Notes||Click Here | What’s New in This Release | Resolved Issues | Known Issues|
|docs.vmware.com/pCLI||Introduction | Installing | Configuring | cmdlet Reference|
|Compatibility Information||Interoperability Matrix | Upgrade Path Matrix|
|Blogs & Infolinks||VMware What’s New pCLI vRLCM | VMware What’s New pCLI with AWS | PM’s Blog pCLI SSO|
|VMworld 2020 Sessions||PowerCLI: Into the Deep [HCP1286]|
|Hands On Labs||HOL-2111-04-SDC – VMware vSphere Automation – PowerCLI|
VMware announced the GA Releases of the following:
- VMware vCenter 7.0 Update 1
- VMware ESXi 7.0 Update 1
- VMware vSAN 7.0 Update 1
See the base table for all the technical enablement links, now including VMworld 2020 OnDemand Sessions
|vCenter Server 7.0 Update 1 | ISO Build 16860138
ESXi 7.0 Update 1 | ISO Build 16850804
VMware vSAN 7.0 Update 1 | Build 16850804
|What’s New vCenter Server|
|Inclusive terminology: In vCenter Server 7.0 Update 1, as part of a company-wide effort to remove instances of non-inclusive language in our products, the vSphere team has made changes to some of the terms used in the vSphere Client. APIs and CLIs still use legacy terms, but updates are pending in an upcoming release.
|Upgrade/Install Considerations vCenter|
|Before upgrading to vCenter Server 7.0 Update 1, you must confirm that the Link Aggregation Control Protocol (LACP) mode is set to enhanced, which enables the Multiple Link Aggregation Control Protocol (the multipleLag parameter) on the VMware vSphere Distributed Switch (VDS) in your vCenter Server system.
If the LACP mode is set to basic, indicating One Link Aggregation Control Protocol (singleLag), the distributed virtual port groups on the vSphere Distributed Switch might lose connection after the upgrade and affect the management vmknic, if it is on one of the dvPort groups. During the upgrade precheck, you see an error such as Source vCenter Server has instance(s) of Distributed Virtual Switch at unsupported lacpApiVersion.
For more information on converting to Enhanced LACP Support on a vSphere Distributed Switch, see VMware knowledge base article 2051311. For more information on the limitations of LACP in vSphere, see VMware knowledge base article 2051307.
Product Support Notices
|What’s New ESXi|
|Upgrade/Install Considerations ESXi|
|In vSphere 7.x, the Update Manager plug-in, used for administering vSphere Update Manager, is replaced with the Lifecycle Manager plug-in. Administrative operations for vSphere Update Manager are still available under the Lifecycle Manager plug-in, along with new capabilities for vSphere Lifecycle Manager.
You can also update ESXi hosts without using the Lifecycle Manager plug-in, and use an image profile instead. To do this, you must manually download the patch offline bundle ZIP file from the VMware download page or the Product Patches page and use the esxcli software profile command.
|What’s New vSAN|
|vSAN 7.0 Update 1 introduces the following new features and enhancements:
Scale Without Compromise
Note: vSAN 7.0 Update 1 improves CPU performance by standardizing task timers throughout the system. This change addresses issues with timers activating earlier or later than requested, resulting in degraded performance for some workloads.
|Upgrade/Install Considerations vSAN|
|For instructions about upgrading vSAN, see vSAN Documentation Upgrading the vSAN Cluster Before You Upgrade Upgrading vCenter Server Upgrading Hosts
Note: Before performing the upgrade, please review the most recent version of the VMware Compatibility Guide to validate that the latest vSAN version is available for your platform.
vSAN 7.0 Update 1 is a new release that requires a full upgrade to vSphere 7.0 Update 1. Perform the following tasks to complete the upgrade:
1. Upgrade to vCenter Server 7.0 Update 1. For more information, see the VMware vSphere 7.0 Update 1 Release Notes.
Note: vSAN retired disk format version 1.0 in vSAN 7.0 Update 1. Disks running disk format version 1.0 are no longer recognized by vSAN. vSAN will block upgrade through vSphere Update Manager, ISO install, or esxcli to vSAN 7.0 Update 1. To avoid these issues, upgrade disks running disk format version 1.0 to a higher version. If you have disks on version 1, a health check alerts you to upgrade the disk format version.
Disk format version 1.0 does not have performance and snapshot enhancements, and it lacks support for advanced features including checksum, deduplication and compression, and encryption. For more information about vSAN disk format version, see KB2145267.
Upgrading the On-disk Format for Hosts with Limited Capacity
During an upgrade of the vSAN on-disk format from version 1.0 or 2.0, a disk group evacuation is performed. The disk group is removed and upgraded to on-disk format version 13.0, and the disk group is added back to the cluster. For two-node or three-node clusters, or clusters without enough capacity to evacuate each disk group, select Allow Reduced Redundancy from the vSphere Client. You also can use the following RVC command to upgrade the on-disk format: vsan.ondisk_upgrade –allow-reduced-redundancy
When you allow reduced redundancy, your VMs are unprotected for the duration of the upgrade, because this method does not evacuate data to the other hosts in the cluster. It removes each disk group, upgrades the on-disk format, and adds the disk group back to the cluster. All objects remain available, but with reduced redundancy.
If you enable deduplication and compression during the upgrade to vSAN 7.0 Update 1, you can select Allow Reduced Redundancy from the vSphere Client.
For information about maximum configuration limits for the vSAN 7.0 Update 1 release, see the Configuration Maximums documentation.
|Release Notes vCenter||Click Here | What’s New | Earlier Releases | Patch Info | Installation & Upgrade Notes | Product Support Notices|
|Release Notes ESXi||Click Here | What’s New | Earlier Releases | Patch Info | Product Support Notices | Resolved Issues | Known Issues|
|Release Notes vSAN||Click Here | What’s New | VMware vSAN Community | Upgrades for This Release | Limitations | Known Issues|
|docs.vmware/vCenter||Installation & Setup | vCenter Server Upgrade | vCenter Server Configuration|
|Docs.vmware/ESXi||Installation & Setup | Upgrading | Managing Host and Cluster Lifecycle | Host Profiles | Networking | Storage | Security|
|docs.vmware/vSAN||Using vSAN Policies | Expanding & Managing a vSAN Cluster | Device Management | Increasing Space Efficiency | Encryption|
|Compatibility Information||Interoperability Matrix vCenter | Configuration Maximums vSphere (All) | Ports Used vSphere (All)|
|Blogs & Infolinks||What’s New with VMware vSphere 7 Update 1 | Main VMware Blog vSphere 7 | vSAN | vSphere | vCenter Server|
|Download||vSphere | vSAN|
|VMworld 2020 OnDemand
(Free Account Needed)
|Deep Dive: What’s New with vCenter Server [HCP1100] | 99 Problems, But A vSphere Upgrade Ain’t One [HCP1830]|
|VMworld HOL Walkthrough
(VMworld Account Needed)
|Introduction to vSphere Performance [HOL-2104-95-ISM]|
VMworld 2020 DAY 2 is now in the books and a fellow co-worker did this fantastic write up. I cannot take not credit for this post expect reformatting it to be posted on my blog.
Here is your recap of day 2 of VMworld 2020. The links to vmworld sessions will require your vmworld registration username and password to view. Your account will also enable you to catch up on over 900+ sessions on-demand on our VMworld platform through Thursday, October 8th and afterwards when our sessions move to our VMworld On-Demand Video Library.
VMworld 2020 Day 2: The Challenges Facing Our Time
- Fireside Chat: The Extraordinary Events of 2020
We started out with an inspiring conversation with Pat Gelsinger, CEO of VMware, and NYC Business News Anchor, Hope King. The two dived into broad issues such as the pandemic and social justice as well as their thoughts about the cloud industry, and VMware’s commitment to be a force for good. If you missed this inspiring discussion, there are a few more opportunities to catch it on the Vision & Innovation channel before it goes on-demand.
Hear More From Our CEO’s Fireside Chat With Hope King [VI3353]
Breaking News: Extended Access to Complimentary Premium Digital Training
Did you hear the news today during Sumit Dhawan’s session, Our Customer Commitment: Working Together to Maximize Your Value, at VMworld? In case you missed it, to continue enabling our customers to grow their skills and better face current IT challenges, we are extending complimentary access to premium digital training.
View this FAQ for more details about this special offer and how to get complimentary access to the VMware Customer Connect Learning™ Premium Subscription for a full year (from date of enrollment). With 24/7 access to training delivered by top VMware experts and Certified Instructors, Connect Learning (previously VMware Learning Zone) is your single source for digital training from VMware. In addition to the content available with the Basic Subscription (over 1,300 training videos and 65 free eLearning courses), the Premium Subscription* includes access to valuable content such as:
- Advanced troubleshooting, configuration, and solution-oriented best practice videos
- 12 Exam Preps (over 650 videos)
- NEW – VMware Certified Technical Associate training content
Demo Zones, Hands-on Labs and Odyssey, and Throwdown Videos
We had insightful discussions and learnings from the VMware and Sponsor Demo Zones and hands-on labs interactive simulations. Showcasing 130+ VMware product demos and 100+ joint solutions with our 51 sponsors. And of course, our beloved hands-on labs with over 9,500+ labs delivered with Automate your VMware Cloud on AWS holding the top spot. We hope you had a chance to check out the Command Center too.
New Hands On Labs have been released see here
EUC Product News
VMworld 2020: All of Our EUC Announcements, Themes & Everything Else You Need to Know
This morning in our Digital Workspace Showcase Keynote. We had a lot of news to cover in a short amount of time, but rest assured that we have plenty of breakout sessions, blog posts and demos detailing all our announcements in depth.
More importantly, I would like to say how grateful all of us at VMware are for the opportunity to help so many of our customers through the changing work environment this year. We have learned many lessons in the process, and we have seen again and again the value of a flexible, modern
- Lessons learned about the role of a digital workspace platform
- Employee engagement
- IT Modernization
- Zero Trust Security
Four Reasons Horizon is the Choice for Modern and Secure Hybrid-Cloud VDI & Apps: Updates From VMworld 2020 Introducing Workspace Security VDI
We are excited to announce the general availability of Workspace Security VDI, which delivers an intrinsically secure virtual desktop and application solution that has been designed and fully tested by a single vendor. By combining Horizon and VMware Carbon Black Cloud into a single, unified solution, Workspace Security VDI consolidates multiple endpoint security capabilities such as threat identification and prevention, endpoint detection and response, auditing capabilities and the ability to investigate data breaches into a cohesive solution.
VMware Horizon Now Runs on Microsoft Azure VMware Solution
Microsoft recently announced the general availability of Azure VMware Solution (AVS) – a hosted service from Microsoft based on VMware Cloud Foundation that gives our customers the ability to extend the power of Horizon and vSphere to Azure. As a result, you can move on-premises Horizon deployments to Azure as part of a cloud migration, or transform your Horizon environment into an elastic hybrid and multi-cloud desktop virtualization platform that can help you conquer the challenges of today’s fluctuating workplace. Quickly provision and scale Horizon virtual desktop and application workloads leveraging key technologies such as Instant Clones and Blast Extreme protocol. To learn more, read this blog.
Simplified, Modernized Management with (More) Services From the Cloud
The Horizon Control Plane simplifies management with services that connect entitlement and management layers across Horizon pods in different data centers and clouds. The newly integrated Universal Broker delivers a global entitlement layer that intelligently provisions end users to their personal desktop or app in any connected pod or cloud based on availability or proximity to provide the best possible user experience. Image and application management is also simplified with services that can be used across pods and clouds – create an image or app package once and distribute to Horizon deployments as needed. These features, coupled with real-time performance monitoring and end-to-end security, unlock key hybrid and multi-cloud use cases such as work from home, business continuity, real-time bursting, disaster recovery and high availability which simplify and optimize your cloud investment.
Horizon 8: Unleashing the Power of Secure Hybrid and Multi-Cloud Deployments with a Modern Platform
Made available in August this year, Horizon 8 delivers a modern platform for virtual desktop and app delivery across the hybrid cloud, from the market leaders in SDDC and digital workspaces. The release delivered expanded support for hybrid and multi-cloud architectures that allow organizations to scale flexibly across public and private clouds such as VMware Cloud on AWS and Microsoft Azure – now also with support for Google Cloud, VMware Cloud on Dell EMC, as well as Azure VMware Solution. Full support for new RESTful APIs help automate rich capabilities and orchestrate services on the Horizon platform, modernizing services and processes with speed, providing endless possibilities to enhance and streamline their Horizon environment. The list goes on – read the launch blog for more detailed information.
Reimagining Security for Today’s Future Ready Workforce
We unveiled earlier today VMware’s new security solutions and our Future Ready Workforce Solutions as they are a true testament to our unique approach to the future of work. Founded on an intrinsic security approach that builds security into every control plane– from network, endpoint, cloud, identity all the way to workload, VMware turns each of these vectors into points of security control, significantly reducing the attack surface. Furthermore, it unifies these threat vectors in the context of apps and data across any app, any cloud, and any device in an industry first approach to increase the level of security for today’s distributed workforce.
Holistic Vision for the Future of Work
This powerful rethink, substantiated through our Future Ready Workforce Solutions, is designed to meet the needs of today’s distributed workforce. During this pandemic, the scale of employees working from home has pushed network capacities, security at the edge and good digital
workspace experiences to the limit. VMware has been able to address these fundamental needs by leveraging key elements of SD-WAN network services and security through Secure Access Services Edge (SASE), Endpoint Security and Digital Workspace. These technologies work together to
deliver any application from any cloud onto any device, so organizations can unlock the value of this holistic approach – enabling powerful workforce experiences, end to end zero trust security controls, and simplified management, no matter where one is working.
Future Ready Workforce Solutions: Reaping the Rewards
End to End Zero Trust Security: As the perimeter of an organization has now extended to the home, VMware Future Ready Workforce solutions are uniquely positioned to deliver end to end Zero Trust security. Organizations can build trust in devices that are accessing enterprise data with Workspace ONE UEM, better secure them with Carbon Black Endpoint solutions and use it to drive dynamic conditional access decisions to validate user identity as well. Least privilege capabilities that start from devices or virtual sessions with Unified Access Gateway (UAG) and extend to the network with NSX micro-segmentation enable a user session to be protected. And now with our VMware SASE Platform, we have a convergent infrastructure that offers end to end Zero Trust security enabling any user access to any app from any device.
VMware Cloud Disaster Recovery – On Demand DRaaS
Overview of VMware Cloud Disaster Recovery, an easy- to-use cloud-based DRaaS solution. It combines efficient cloud storage with simple SaaS-based management for IT resiliency at scale. Customers benefit from consistent, familiar VMware operations across production and DR sites, a pay-when-you-need-failover capacity model for DR resources, and instant power-on capabilities for fast recovery.
VMworld Announcements From The Office Of The CTO
A Deep Dive into the Tanzu Service Mesh Autoscaling VMworld 2020 Keynote Demo
The demo shows ACME Inc., a cloud native application, working as expected under normal traffic conditions, and without autoscaling, however, once traffic rapidly increases, the application starts to perform poorly. A quick inspection of the application determines that autoscaling is not configured on the application, therefore in order to remediate, an administrator installs autoscaling YAML to help activate TSM autoscaling at runtime without needing to redeploy the application. Immediately after the autoscaling is turned on, microservices instances are being scaled and the latency is back to normal levels. The demo then shows that when traffic subsides, the TSM autoscaler starts to descale the microservice instances without causing latency or performance issues. Finally, the demo finishes with a quick sneak into the Service Level Objectives (SLO) feature of TSM.
The rest of this post walks through how to set up process in 5 step process.
Key highlights of the demo:
- Ability to configure autoscaling functionality without intrusion to application logic.
- Visualize the ACME cloud native application from within TSM.
- Inspect performance charts of how each microservice is scaling.
Behind the Scenes of the Folding@home Demo at VMworld 2020 Keynote
The VMware Folding@home appliance project I started with Team VMware #52737. Since the release of our Fling, we have seen over 42,000 downloads, and watched our Team VMware FAH community grow to over 1000 users. When Chris Wolf asked if I could demo Folding@home in the VMware CTO general session keynote at VMworld, I knew it needed to be cool! This is the Office of the CTO, after all. While fighting diseases like COVID-19, Cancer, and Alzheimer’s as citizen scientists is very cool into itself (or very hot if you are next to your folding computer!), many of us have been deploying appliances to ESXi for over a decade, and it does not make for a fascinating demo.
Demo Challenge #1: Make it easy to be a Force for Good at the click of a button with vRA
Demo Challenge #2: Deploy and Manage the VMware Appliance for Folding@home on VMware Cloud on AWS
Demo Challenge #3: Securely manage Folding@home Clients running in the cloud from my couch!
You can learn more about the Folding@home project with Dr. Gregory Bowman, Director of Folding@home, in the VMworld on-demand session “Citizen Philanthropy in Action: Folding@home” [OCTO2230].
A Deeper Dive into Bitfusion Device Plugin for GPU Sharing on Kubernetes
Machine Learning (ML) applications are increasingly being embraced by organizations to accelerate business growth. As the scale of the ML applications grows, IT infrastructure has challenges to meet the requirements of ML workloads. Infrastructure must be flexible to allow ML developers’ work to be productive through cloud native platforms like Kubernetes. Nowadays, more businesses are leveraging Kubernetes to deploy and manage their ML workloads.
Bitfusion allows more applications to gain access to shared GPUs via the network
Kubernetes usually consists of a cluster of worker nodes that can have a ML workload scheduled to any of its worker nodes. Many ML application use cases need hardware accelerators such as GPU, requiring each worker node to have at least one accelerator installed locally. These accelerators, like GPU, are an expensive infrastructure. Fortunately, VMware vSphere 7 comes with a feature called Bitfusion, which can create pools of hardware accelerators. Different nodes across the network can share GPUs in a pool. vSphere Bitfusion increases the utilization of GPUs, and eliminates the need for local hardware accelerators of every node.
Extending capabilities to Kubernetes, making it easy for any Kubernetes pod to gain access to remote GPUs
Kubernetes provides a device plugin framework for the developer to advertise system hardware resource to the kubelet. The Office of the CTO, Cloud Native Lab at China R&D created a device plugin that monitors Bitfusion GPU resources and properly allocates the GPU resource to Kubernetes’ workloads (i.e. pods). Since device plugins are a standard approach for Kubernetes to customize hardware resources, the plugin supports Kubernetes advanced features such as resource quota and ensures the plugin is fully aligned with the Kubernetes ecosystem.
The Bitfusion device plugin implements Kubernetes’ device plugin framework and updates the kubelet periodically about the available Bitfusion GPU resources. The information collected is then used when Kubernetes schedules workloads with GPU requirements. The Bitfusion device plugin can be installed as a DaemonSet of Kubernetes so that every worker node can have a running copy of the device plugin to report GPU resources from the Bitfusion pool.
VMworld Industry News
Lumen Teams with VMware to Expand Edge Compute Capabilities for the 4th Industrial Revolution
Lumen Technologies (NYSE: LUMN) and VMware, Inc. (NYSE: VMW) are announcing a significant collaboration covering edge compute, networking, and security. VMware and Lumen Technologies, or simply Lumen, are taking their current partnership further with the agreement for Lumen to deliver edge services using integrated VMware technologies. This collaboration will help enterprises expand across data center, cloud and edge, moving business applications that require low latency and efficient localization closer to digital interactions. At VMworld, Lumen and VMware will be presenting:
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20200929005451/en/
- How Lumen can migrate and manage workloads across a range of VMware technologies.
- Lumen’s edge computing solutions, and how enterprise customers can rely on a consistent experience across a range of hybrid cloud venues, including the VMware Cloud.
- Lumen’s portfolio of solutions built on and integrated with the VMware Cloud Foundation, allowing companies to deploy business innovations with single-digit millisecond latency to over 2,200 public data centers and more than 170,000 on-fiber enterprise locations across the globe.
- Lumen is a VMware Principal Partner and is VMware Cloud Verified.
- Lumen Private Cloud on VMware Cloud Foundation™ is Lumen’s managed private cloud service, built on VMware Cloud Foundation, available in 100+ of Lumen edge computing locations.
- Lumen provides fiber-based networking connectivity and managed solutions, with a service portfolio that spans content delivery, cybersecurity, and cloud collaboration.
VMware and NVIDIA to Enable Next-Gen Hybrid Cloud Architecture and Bring AI to Every Enterprise
VMware and NVIDIA today announced a broad partnership to deliver both an end-to-end enterprise platform for AI and a new architecture for data center, cloud and edge that uses NVIDIA® DPUs (data processing units) to support existing and next-generation applications.
Through this collaboration, the rich set of AI software available on the NVIDIA NGCTM hub will be integrated into VMware vSphere, VMware Cloud Foundation and VMware Tanzu. This will help accelerate AI adoption, enabling enterprises to extend existing infrastructure for AI, manage all applications with a single set of operations, and deploy AI-ready infrastructure where the data resides, across the data center, cloud and edge.
Additionally, as part of Project Monterey separately announced today, the companies will partner to deliver an architecture for the hybrid cloud based on SmartNIC technology, including NVIDIA’s programmable NVIDIA BlueField®-2. The combination of VMware Cloud Foundation and NVIDIA BlueField-2 will offer next-generation infrastructure that is purpose-built for the demands of AI, machine learning, high-throughput and data-centric apps. It will also deliver expanded application acceleration beyond AI to all enterprise workloads and provide an extra layer of security through a new architecture that offloads critical data center services from the CPU to SmartNICs and programmable DPUs.
“We are partnering with NVIDIA to bring AI to every enterprise; a true democratization of one of the most powerful technologies,” said Pat Gelsinger, CEO of VMware. “We’re also collaborating to define a new architecture for the hybrid cloud—one purpose built to support the needs and demands of the next generation of applications. Together, we’re positioned to help every enterprise accelerate their use of breakthrough applications to drive their business.”
“AI and machine learning have quickly expanded from research labs to data centers in companies across virtually every industry and geography,” said Jensen Huang, founder and CEO of NVIDIA. “NVIDIA and VMware will help customers transform every enterprise data center into an accelerated AI supercomputer. NVIDIA DPUs will give companies the ability to build secure, programmable, software-defined data centers that can accelerate all enterprise applications at exceptional value.”
- UCSF Advances Healthcare with NVIDIA and VMware
- Enterprise-Ready Platform for AI
- Delivering New Hybrid Cloud Architecture for Next Gen Apps
- Early Access for Visionary Enterprises
Partner News From VMworld 2020
Dell Technologies Innovations Advance Management, Automation and Protection of VMware Environments
Story Highlights – New HCI, cloud, storage and data protection integration with latest VMware releases help customers innovate across edge locations, data centers and hybrid clouds
- Dell Technologies Cloud Platform and Dell EMC VxRail now support VMware vSphere with Tanzu and the latest VMware Cloud Foundation, vSphere, and vSAN releases, offering an easy path to Kubernetes adoption while delivering enhancements for traditional workloads
- Dell EMC PowerMax storage replication, now integrated with VMware vVols, simplifies management and improves access to mission-critical applications
- Dell EMC ObjectScale, built on VMware Cloud Foundation, allows developers to provision cloud-scale storage for modern applications
- Dell EMC PowerProtect Data Manager advancements include industry-first protection for VMware Cloud Foundation infrastructure layers and Kubernetes environments
- VMware Cloud on Dell EMC empowers organizations to support their remote workforce through VMware Horizon, security and compliance certifications
Druva Achieves VMware Ready Certification for VMware Cloud on AWS and VMware Cloud on Dell EMC
Druva Inc., the leader in Cloud Data Protection and Management, today announced it has been certified as VMware Ready for VMware Cloud. This new certification, unveiled at VMworld 2020, recognizes Druva as a validated and tested solution to protect, backup, and recover VMware Cloud
on AWS environments as well as a broader VMware Cloud portfolio: VMware Cloud on Dell EMC and VMware Cloud on AWS. Regardless of where customers run their VMware infrastructure, they can now have confidence that their data is comprehensively protected and always available with Druva Cloud Platform.
Kenna Security Delivers Risk-Based Vulnerability Management for New VMware Carbon Black Cloud Workload Protection Solution
Kenna Security, the enterprise leader in risk-based vulnerability management, and VMware Carbon Black, a leader in cloud-native next-generation endpoint security, are partnering to power the vulnerability assessment and risk scoring capabilities of Carbon Black Cloud WorkloadTM. As a result of this partnership, enterprises running VMware Carbon Black Cloud Workload will be able to efficiently and effectively prioritize critical vulnerabilities and reduce risk to their servers and workloads.
By leveraging Kenna Security capabilities, VMware Carbon Black is able to provide an elegant solution to a long-standing challenge in enterprise cybersecurity. Many organizations have the capacity to patch only a fraction of the vulnerabilities threatening their environments. Additionally, traditional scanning is often too cumbersome for the large number of endpoints in their environment. Although not all vulnerabilities pose a proven risk of weaponization, the challenge for organizations is identifying which vulnerabilities to focus on. With the inclusion of Kenna’s vulnerability assessment capabilities, VMware Carbon Black Cloud Workload is able to efficiently focus resources on the specific critical vulnerabilities facing each organization.
Ordr Announces Integration with VMware for Campus and Data Center Device Visibility Made Simple
Ordr, a leader in security for enterprise IoT and unmanaged devices, today announced the integration of Ordr Systems Control Engine (SCE) with VMware NSX-T and VMware NSX Intelligence to provide organizations with comprehensive IoT visibility, accelerated data center microsegmentation, and enhanced day-two operations capabilities.
Ordr SCE and NSX-T provide ongoing programmatic synchronization from Ordr to VMware NSX for profile objects and the respective device IP addresses they contain. With the ability to share detailed campus-related device type data points with NSX, organizations now see which types of campus devices are communicating with the data center. Coupled with NSX Intelligence, organizations gain powerful visualization of how these Ordr-defined campus group objects are communicating to various virtual machines (VMs) within the data center.
“The combination of Ordr with VMware NSX and NSX Intelligence gives organizations the ability to understand how campus and branch devices communicate with data center workloads, quickly identify unmanaged campus devices, and use those insights to streamline NSX policy generation for VMs,” said Iain Leiter, Senior Technical Solutions Architect, Ordr. “Organizations will also be able to minimize the business impact of firewall changes by visualizing allowed or blocked campus traffic.”
Pensando Partners with VMware on Project Monterey to Co-Develop Next-generation Infrastructure Platform
Today at VMworld® 2020, Pensando Systems announced it is collaborating with VMware, Inc. on Project Monterey to co-develop a platform to support the requirements of modern applications. VMware will leverage the Pensando Distributed Services Platform to deliver industry leading performance and latency, zero-trust security, and simplified operations to VMware Cloud Foundation deployments in virtualized, containerized and bare metal environments.
“Customers around the globe rely on VMware Cloud Foundation to deploy and manage modern applications across multiple environments,” said Krish Prasad, senior vice president and general manager, Cloud Platform Business Unit, VMware. “Together with Pensando, we are building the next generation of more secure and agile infrastructure, leveraging the new breed of accelerators exemplified by the Pensando Distributed Services Platform, to support the evolving requirements of these applications. The work between VMware and Pensando on Project Monterey will help mutual customers benefit substantially from increased performance, enhanced security and a consistent operating model.”
Pure Storage Expands Design Partnership with VMware, Delivering Enhanced Solutions to Accelerate Hybrid Cloud
Pure Storage (NYSE: PSTG), the IT pioneer that delivers storage as-a-service in a multi-cloud world, announced a spectrum of enhancements to its hybrid cloud solutions across the VMware portfolio, enabling any enterprise to focus on innovation rather than infrastructure. New solution enhancements from Pure help enterprises maximize their VMware investments, delivering agility and efficiency for modern applications across on-premises and cloud environments. Customers will have improved availability of their data services, enabling them to meet demanding Service-level Agreements (SLAs).
- vSphere Virtual Volumes as principal storage for VMware Cloud Foundation.
- VMware and Pure enable vSphere Virtual Volumes as Principal storage for VMware Cloud Foundation. Customers can now realize the value of Pure Storage and vSphere Virtual Volumes natively within VMware Cloud Foundation. FlashStack™ delivers the performance, availability, and economics required for a VMware Cloud Foundation hybrid cloud in a single architecture, with the simplicity of integrated application to infrastructure management.
- Support for vSphere Virtual Volumes storage with Site Recovery Manager.
- Modern data protection is a critical component for any VMware deployment including those leveraging vSphere Virtual Volumes on Pure. For VMware infrastructure, VMware Site Recovery Manager provides an enterprise solution for automated disaster recovery. As the leader in vSphere Virtual Volumes storage, Pure co-engineered the integration of vSphere Virtual Volumes with SRM. This allows enterprises to consume vSphere Virtual Volumes on Pure while protecting their mission critical applications from disaster.
- VMware Tanzu and container integration. Pure is a VMware Design Partner for the Cloud Native Storage and vSphere Virtual Volumes programs, providing persistent storage that enables true hybrid cloud mobility for containers running on VMware. Cloud Native Storage and vSphere Virtual Volumes enable workloads in Kubernetes environments to utilize Pure FlashArray™ as CSI-compliant persistent storage, bringing world-class all-flash performance and data services to containerized applications in addition to VMware vSphere environments.
- NVMe-oF with vSphere 7. Pure is VMware’s Design Partner for modern data fabric support on vSphere. With vSphere 7, VMware and Pure have worked to provide native end-to-end support for NVMe over Fabrics (NVME-oF) using Pure’s DirectFlash® Fabric. NVMe is a revolution in the storage world, providing lower latency and higher throughput than legacy SCSI devices. This capability unleashes the raw performance of the Pure FlashArray and maximizes performance density in the data center. Mutual customers can enjoy a modern data experience that maximizes the performance and consolidation of critical applications, VMs, and containers.
Rackspace Technology™ (NASDAQ: RXT), a leading end-to-end multicloud technology solutions company, today announced it has strengthened its strategic alliance with VMware by expanding its managed services across VMware-based multicloud solutions. Rackspace Technology now includes support for Azure VMware Solution, Google Cloud VMware Engine, VMware Cloud on Dell EMC, Dell Technologies Cloud Platform (DTCP), and VMware Tanzu.
By expanding its portfolio of VMware multicloud solutions, Rackspace Technology is working to give customers the greatest choice in integrating VMware-based private clouds into multicloud solutions. A few key benefits:
- Through managed services for the key hyperscalers, customers can accelerate their move to the cloud by extending their VMware environments to AWS, Azure and Google Cloud.
- Rackspace Technology becomes the first MSP partner of VMware Cloud on Dell EMC where a new Cloud Center of Excellence (COE) has been established to provide mutual customers the ideal cloud service. This important milestone validates the attraction of this local cloud service.
- By providing managed services for Dell Technologies Cloud Platform (DTCP), customers benefit from a hyper-converged infrastructure based on Dell VxRail and designed specifically for VMware-based software-defined data centers. This managed solution will help to reduce costs and the operational burden of running a private cloud. Rackspace Technology is one of Dell Technologies largest global DTCP certified partners. Organizations can develop, test, and run cloud native applications alongside legacy applications on a single platform.
- Delivering managed services for VMware Tanzu provides a cohesive and nimble platform to support customers’ ongoing digital transformations.
VMworld 2020 DAY 1 is now in the books and a fellow co-worker did this fantastic write up. I cannot take not credit for this post expect reformatting it to be posted on my blog.
VMworld 2020 kicked off this morning and is continuing on throughout the night, ending early Oct 1st. VMworld this year is online, Free* and continuous delivery vmworld; stretching the globe. Aptly themed “Together, Anything is Possible.” (*A paid pass was available for deep dive, limited sessions)
- No Cost Online Premium Digital Training Breaking News from VMworld: Extended Access to Complimentary Premium Digital Training For A Full Year
I have summarized and linked the announcements, OnDemand sessions, note that any OnDemand session links will require a vmworld 2020 registered account to view the embedded videos.
VMware Announces Intent to Acquire SaltStack
Applications drive digital transformation, and application needs drive multi-cloud strategies. VMware’s cloud strategy has been defined by the notion that all roads lead to the app. VMware Cloud supports the broadest multi-cloud environment, spanning all clouds and application types to deliver consistent infrastructure and operations, and enable a consistent developer model. As any good strategy goes, we are continually listening to customers and looking for ways to improve our VMware Cloud portfolio. Today, I’m pleased to announce VMware’s intent to acquire SaltStack, a pioneer in building intelligent, event-driven automation software.
So, why is SaltStack important to VMware’s customers? Because time is money and speed is the new currency for digital transformation, VMware works hard to give customers a fast and simple path to cloud for their VMware-based workloads. We started by giving customers a home for these workloads in the cloud with VMware Cloud on AWS, which we build, run and sell alongside our strategic public cloud partner AWS. Over the past several years, this has expanded, and customers can now tun VMware-based workloads on every major hyperscaler and more than 200 Cloud Verified partners globally.
To get our customers to the cloud, we offer VMware HCX, which allows customers to literally mass migrate 1,000s of vSphere workloads in a short amount of time. Customers can automate infrastructure across clouds with VMware vRealize, and the next logical step was to enable more seamless onboarding and better cross-cloud orchestration with configuration management. This is what we are getting with SaltStack.
Once closed, SaltStack will allow us to deliver full-stack automation from infrastructure to applications with the ability to do software configuration inside VMs and containers. SaltStack has built a phenomenal open source community, which we will continue to grow and foster consistent with our open source strategy. And while our strategy has been one of supporting best-in-class choice of supporting configuration management, we believe many customers will want something simple and integrated.
Successful companies in this new era will not be the biggest or the fastest, but the ones that are agile, can adapt their business models to the needs of the current times and, simply put, are fast. And cloud is a key ingredient to deliver on that business agility, and we expect SaltStack will help our customers on their multi-cloud journey.
Day 1 kicked off with an inspiring and informative general session led by VMware CEO, Pat Gelsinger. Focusing on the digital foundation for an unpredictable world with your business, your apps, and your data at the core. Delivering five critical building blocks – app modernization, multi-cloud, digital workspace, virtual cloud network, and intrinsic security – to help our customers with their digital transformation. There were also several major announcements along with inspiring testimonials from across the globe.
- ESXi being installed on SmartNics
- Saying goodbye to Wi-Fi with Enterprise 5G
- Open Radio Access Network, Software Defined 5G Network with VMware NSX
We also heard from VMware COO, Sanjay Poonen, starting with our five priorities being vertically delivered throughout healthcare, education, public sectors, retailers, and financial services industries. He also discussed VMware’s “any app, any cloud, any device” technology strategy with the help of Dormain Drewitz, Purnima Padmanabhan, and Lilit Div.
Several prominent thought leaders made an appearance, sharing their perspectives from their diverse industries. These luminaries included:
- Claire Babineaux-Fontenot, Feeding America CEO, using VMware technology in their data centers to respond to their demands and delivering 1.5M lbs. of food to ensure no one goes home hungry.
- John Donahoe, Nike CEO, using VMware products in their digital transformation to help deliver great consumer and employee experiences seamlessly.
- Jensen Huang, NVIDIA CEO, announcing Project Monterey unleashing AI for every enterprise in accelerating data and security processing to line speed.
- Lori Beer, JPMC, diving into their private cloud infrastructure where they are seeing their provisioning times decreased significantly with their key measure being speed of delivery.
The world has quickly changed this year, and it’s continuing to – but VMware is always ready to help you meet the need
We were also treated to a thought-provoking conversation with Lori Beer, Global CIO, JP Morgan Chase, joins Sanjay Poonen for a fireside chat. Beer will share her perspective on managing through a pandemic, transforming a business with technology, cyber security in the enterprise, and inclusive strategies for talent. Also joining Sanjay, Indra Nooyi, former CEO of PepsiCo, on her perspective on transforming a business and the importance of creating an environment that everybody can bring their own self to. We also heard from Stephan Bancel, CEO of
Moderna, on how his team was able to pivot the company and work together to fight COVID-19.
View some of Sanjay’s Fireside Chats OnDemand:
- Fireside Chat: Sanjay and Lori Beer, Global CIO, JP Morgan Chase [V13460D]
- Fireside Chat: Sanjay and Indra Nooyi [VI3156]
- Fireside Chat: Sanjay and Stephane Bancel [VI3157D]
Networking and Security
A huge focus on security is front and center at VMworld, here is a summary of the announcements.
Office workers, apps, data, and devices are increasingly distributed. And that creates new security, scale, and performance challenges. Of course, that’s in addition to the growing challenges we already face in our data centers and in operating across multiple clouds. Today, we announced several compelling innovations that will dramatically improve your organization’s security posture, starting with the VMware SASE Platform.
Hair pinning network traffic to enforce security policy has long been impractical. SASE makes it simple for you to bring essential network and security services near your end users, regardless of where they work. VMware SASE Platform takes advantage of VMware SD-WAN’s massive global footprint of more than 2,700 cloud service nodes across 130 points of presence (POPs).
The key components of the VMware SASE Secure Access Service Edge solution include:
- VMware SD-WAN, our industry leading platform for transforming wide area networking. The SD-WAN Maestro’s Hat Trick: VMware Named a Leader in the Gartner 2020 Magic Quadrant for WAN Edge Infrastructure
- Cloud Access Service Broker (CASB), Secure Web Gateway (SWG) and remote browser isolation via our new collaboration with Menlo Security. These offerings will be sold and supported by VMware.
- VMware NSX Stateful Layer 7 Firewall SaaS offering.
- Zero Trust Network Access, which leverages VMware SD-WAN and VMware Workspace ONE in an integrated offering to provide optimal performance and policy-based access centered on the user and device identity for each connection.
- Edge Network Intelligence, which is the integration of the technology we acquired from Nyansa. The solution uses machine learning-based predictive analytics to ensure SLAs are met, along with providing security and visibility to end-user and IoT devices.
While the SASE announcement is big news, there are several additional security announcements that I believe you’ll find of interest:
- VMware Workspace Security VDI: VMware Workspace ONE Horizon and VMware Carbon Black Cloud are integrated into a single unified solution that leverages behavioral detection to protect against ransomware and file-less malware. On VMware vSphere, the solution is integrated into VMware Tools, removing the need to install and manage additional security agents.
- VMware Workspace Security Remote: An integrated solution that provides endpoint management, endpoint security and remote IT for physical Mac and Windows 10 devices. The solution includes the next-generation antivirus, audit and remediation, and detection and response capabilities of Carbon Black Cloud. It also includes the analytics, automation, device health, orchestration, and zero-trust access of the Workspace ONE platform.
- VMware Carbon Black Cloud Workload: Agentless security for virtual machines on vSphere—the realization of the vision that we articulated at VMworld 2019. This solution makes it much easier for infrastructure operations and security operations to collaborate.
Security risk visibility is now built into VMware vCenter, providing the same visibility as seen in Carbon Black Cloud, thus streamlining collaboration and more proactive threat remediation. Security is now dynamically ingrained in the VM lifecycle as a part of VMware Tools, making security intrinsic to the infrastructure.
VMware will offer a 6-month unlimited free trial of VMware Carbon Black Workload Essentials to all current customers with vSphere 6.5 and above, as well as VMware Cloud Foundation 4.0.
We also plan to introduce a Carbon Black Cloud module for hardening and better securing Kubernetes workloads, giving security teams policy governance and control of their Kubernetes environments.
- VMware NSX Advanced Threat Prevention brings the technology from our recent Lastline acquisition to the VMware NSX Service-defined Firewall. This solution is the only purpose-built, distributed, scale-out firewall designed to protect east-west traffic across multi-cloud environments. Lastline integration into the service-defined firewall uses unsupervised and supervised machine learning to identify threats and minimize false positives, with the ability to apply virtual patches at every workload and not just at the perimeter—an industry first.
We also announced several new capabilities across our network portfolio:
- VMware Container Networking with Antrea: A commercial offering consisting of signed images and binaries and full support for open source Project Antrea. VMware Container Networking with Antrea will be included in VMware NSX-T and vSphere 7 with Tanzu. While Antrea can get you started, when you look to scale container networking across clusters, NSX-T will get you there.
- NSX-T 3.1: New API-driven advanced routing and multicast capabilities, along with automated deployment of workflows through Terraform Provider.
- VMware vRealize Network Insight 6.0 Network Assurance and Verification: Now leverages formal verification to gather network state build and model how the network functions. The model is then used to provide continuous verification of business policies across virtual, physical, and multi-cloud networks. This allows IT and network operations to discover potential brownouts before they occur. Announcing vRealize Network Insight 6.0
More details about NSX-T 3.1 & Project Antrea in a section below
VMware vRealize Cloud Universal
On the cloud management front, we announced VMware vRealize Cloud Universal, which combines SaaS and on-premises management software into a single subscription license. This makes it easy to switch between vRealize Cloud solutions without acquiring different licensing.
We also introduced new federation capabilities for a consistent management experience across deployments, as well as Skyline integration, which provides a single integrated workflow to proactively identify and resolve potential and existing issues.
VMware vRealize AI
Starting in 2018, we previewed Project Magna. And now in 2020, we are once again delivering on technology showcased at previous VMworld conferences. Project Magna is now generally available as VMware vRealize AI, which uses reinforcement learning to self-tune application performance.
Early adopters have seen performance improvements as high as 50% for read-and-write I/O with the read-and-write cache optimizations that vRealize AI made to their vSAN environments. Best of all, this is just the beginning.
You will see more capabilities moving forward, bringing your organization a highly intelligent, self-optimizing infrastructure.
Announcing VMware Cloud Disaster Recovery: On-demand DRaaS to Protect your vSphere Workloads
We are very excited to announce VMware Cloud Disaster Recovery – a new VMware on-demand disaster recovery (DR) offering that will be delivered as a simple easy-to-use SaaS solution with the benefits of cloud economics. Based on technology from VMware’s recent acquisition of Datrium, it will enable IT and business continuity teams to resume critical business operations after a disaster event.
Disaster Recovery is Critical for Every Business, and DRaaS Adoption is on the Rise
In a recent analyst survey, 76 percent of respondents reported an incident during the past two years that required an IT DR plan, while more than 50 percent reported at least two incidents (1). At the same time, cyberattacks are on the rise, increasing business risk. In 2019, 52 percent of global enterprise network security decision-makers had experienced at least one sensitive data breach in the past 12 months (2). And just this month, security researchers reported a seven-fold year-on-year increase in ransomware reports (3). Therefore, it’s no wonder that CxOs and board members increasingly care about DR.
Although organizations realize the importance of implementing a robust DR solution for business continuity, compliance with industry regulations, protection against disasters, ransomware and security breaches, traditional DR solutions can be complex, expensive, and unreliable, leaving many teams less than confident that their DR plan will work when needed. Hence, many are turning to disaster recovery as a service (DRaaS) because of its simplified operations and low total cost of ownership (TCO). In other words, many are seeing DR as an ultimate rentable IT service, and hence why DRaaS adoption is on the rise.
To get an even closer look at the solution, take the VMworld Hands-on Lab. Or check out our product page. Thank you!
- VMware Cloud Disaster Recovery Product Page
- VMworld 2020 Sessions: HCI2876, HCI2886, HCI2865
- VMworld Hands-on Lab: HOL-2193
Project Monterey Tech Preview
VMware has been pursuing SmartNIC virtualization and integration opportunities over the past couple of years.
In March 2019, we demonstrated ESXi running on a SmartNIC. And last year at VMworld, we demonstrated four hypervisors running simultaneously on the same server with no nesting. Our vision for opportunities related to SmartNICs and composable infrastructure was further solidified at VMworld 2020 with the announcement of Project Monterey.
Applications, data, infrastructure, and security services are seeing increasingly demanding performance requirements. Simultaneously, IT organizations are looking to find greater opportunities for automation and efficiency. Project Monterey takes advantage of emergent hardware innovations to offer new approaches to hybrid cloud architecture and operations.
We’re sharing this information now to open doors for further opportunities to shape this innovation with our customers and technology partners. Leading SmartNIC vendors are already working with us on Project Monterey, which is currently centered around three key use cases:
- Network performance and security:Consider running security services such as a L4-7 firewall on SmartNIC, decoupling it from the host platform and achieving line rate performance. Organizations can further isolate tenants, running independent workloads on SmartNICs or even run multiple network functions in isolation on the SmartNIC via isolation provided by the hypervisor (e.g., ESXi on Arm).
2. Storage performance and dynamic composition:As with networking, you have new opportunities for combinations of scale-up and scale-out architectures by taking advantage of processors on SmartNICs to accelerate a variety of storage functions, such as compression and encryption. Project Monterey will also provide further capabilities to scale storage capacity on-demand to meet performance or capacity requirements.
3. Bare metal workloads and composability: This is where Project Monterey really gets interesting. Imagine running the ESXi control plane on a SmartNIC, freeing all the x86 host cores to run other workloads, inclusive of bare metal. That allows you to run workloads on bare metal, while still being able to integrate them with core SDDC services, such as VMware vSAN and NSX. From a flexibility perspective, these options take VMware Cloud Foundation to a new level in terms of the ability to dynamically support a variety of hardware interfaces, composing infrastructure on-demand.
For an in-depth look at Project Monterey, take a look at Kit Colbert’s blog post.
VMware Delivers the Next Wave of Virtual Cloud Network Innovation to Connect and Protect Today’s Distributed, Multi-Cloud Enterprise
NSX-T 3.1, SmartNics & Project Antrea
Delivering the Next Wave of Virtual Cloud Network Innovation
VMware will deliver new Virtual Cloud Network innovations across three areas – automation that enables the public cloud experience; modern application connectivity and security services; and solutions that re-imagine what’s possible in network security.
Network Automation that Delivers a Public Cloud Experience: VMware will add more cloud automation and scale, uptime and resiliency, ML-based predictive analytics, and intelligence to the virtual cloud network. VMware NSX-T 3.1 will support even larger-scale global deployments and disaster recovery use cases and automated deployment workflows. VMware will double the scale of NSX Federation, add new API-driven advanced routing and multicast capabilities, and offer Terraform Provider support. VMware vRealize Network Insight 6.0 will bring new assurance and verification capabilities as well as expanded VMware SD-WAN visibility. These updates will enable better planning for virtual and physical networks, improved network uptime and resiliency, faster troubleshooting, and proactive identification of potential network problems based on intent, and more effectiveness in achieving service level agreements. VMware Edge Network Intelligence is a new AIOps solution based on technology acquired from Nyansa. It will provide automated and actionable intelligence that helps assure users and IoT devices on campus, in branches, or in the
home get the network performance they need to support applications.
Connecting and Protecting Modern Apps: Organizations looking to improve productivity, agility, and customer experience are embracing a container-based, micro-services architecture and standardizing on Kubernetes for container management. The connectivity and security needed to address microservices requirements while at the same time connecting Kubernetes clusters to the infrastructure introduces the need for a rich multilayer networking stack. VMware is extending the Virtual Cloud Network to connect and protect these environments through VMware Tanzu Service Mesh powered by NSX and support for Project Antrea, an open source that enables Kubernetes networking and security wherever Kubernetes runs including on-premise vSphere, public clouds as well as edge. Tanzu Service Mesh includes new capabilities focused on improving application continuity, resiliency, and security. The new VMware Container Networking with Antrea is a commercial offering consisting of signed images and binaries and full support for Project Antrea. VMware Container Networking with Antrea will be included in VMware NSX-T and vSphere 7 with Tanzu. Applications running on Kubernetes clusters using Antrea as the Container Networking Interface (CNI) can be discovered, connected, and better protected by Tanzu Service Mesh.
Re-imagining Network Security: VMware will deliver unmatched levels of firewall performance and programmable intelligence to the Virtual Cloud Network by enabling VMware NSX to run on leading SmartNICs. This includes advanced security for bare metal and highly sensitive workloads such as databases which are hard to protect today. Additionally, it enables “air gapping” of infrastructure, separating applications and hypervisors from the security controls on the SmartNIC. VMware is also announcing VMware NSX Advanced Threat Prevention, which combines NSX Distributed IDS/IPS with advanced malware detection (sandboxing) and AI-powered network traffic analysis (NTA) acquired from Lastline, Inc. These NTA capabilities use unsupervised and supervised ML machine learning models to more accurately identify threats and minimize false positives compared to other network traffic analysis tools. The solution delivers an industry-first ability to apply virtual patches at every workload, something traditionally only implemented at the perimeter, enabling more effective response to sophisticated threats before they disrupt business.
Additional VMware & Nvidia Partnership Announcements
VMware and NVIDIA announced that, together, they will deliver an end-to-end enterprise platform for AI as well as a new architecture for data center, cloud and edge that uses NVIDIA DPUs to support existing and next-generation applications.
“We’re going to bring the power of AI to every enterprise. We’re going to bring the NVIDIA AI computing platform and our AI application frameworks onto VMware,” Huang said.
“For every virtual infrastructure admin, we have millions of people that know how to run the vSphere stack,” Gelsinger said. “They’re running it every day, all day long, it’s now the same tools, the same processes, the same networks, the same security, is now fully being made available on the GPU infrastructure.”
As with our technology strategy, we remain focused on aligning our innovations toward a multi-cloud future that offers consistent infrastructure and operations, along with a native developer experience.
IT operations should not have barriers to managing and operating data center, multi-cloud, and edge environments. Customers should have a consistent and well-integrated set of tools and processes. Developers should also have the flexibility to use their tools and APIs of choice. Today, VMware admins can simply provision a Kubernetes namespace to developers, and ops can manage all the underlying infrastructure considerations using their tools of choice. The same holds true for managing applications and services in public clouds.
VMware solutions help IT operations manage and monitor environments, enforce policy and automate remediations without impacting developers’ ability to use the tools and APIs offered by the cloud provider. With that as the strategic backdrop, let’s dig into our multi-cloud announcements.
Azure VMware Solution
Following the announcement that Azure VMware Solution is generally available, there is now a production VMware footprint in every major public cloud:
- Google Cloud
- IBM Cloud
- Oracle Cloud
With the Azure VMware Solution, organizations benefit from the cost savings of Azure Hybrid Benefit, integration with Microsoft Office 365 and other native Azure services, as well as Azure console integration.
There are also several new capabilities for VMware Cloud on AWS, including:
- VMware Cloud Disaster Recovery: On-demand Disaster Recovery as a Service (DRaaS) that gives you cloud economies and is backed by Amazon S3 storage. The Live Pilot Light option provides instant power-on for VMs running on VMware Cloud on AWS. The service includes several compelling features, including no VM format conversions, continuous DR health checks, built-in audit reports and optimized failbacks.
- VMware Tanzu support: Makes it simple to extend on-premises Tanzu deployments to VMC and across clouds.
- VMware Transit Connect: Provides any-to-any connectivity between on-premises, VMC on AWS SDDCs and AWS VPCs using AWS Transit Gateway and AWS Direct Connect Gateway.
- New regional compliance listings (G-Cloud, HIPAA BAA, EBA) and white papers (UK NCSC 14 Principles, FISC).
- Enhanced automation and operations: Expanded vRealize Operations, Cloud Automation, Orchestrator, Log Insight and Network Insight support.
- Enhanced HCX capabilities: Replication Assisted vMotion, local routing for migrated VMs and migration grouping.
VMware Cloud on Dell EMC
Interest continues to grow in VMware Cloud on Dell EMC, which allows you to realize the benefit of cloud IaaS with the flexibility to run the service in your on-premises data center. VMware Cloud on Dell EMC now includes support for VMware HCX-based workload migration, making it simple to migrate VMs to the new environment.
In addition, several compliance and regulatory certifications have been achieved, including:
- EU GDPR compliance
- ISO 27001
- ISO 27018
- AICPA SOC 2
- CCPA compliance
There are also many more performance, scalability and sizing options, which you can read about here.
Announcements links in short
- Read Kit Colbert’s blog post “Announcing Project Monterey – Redefining Hybrid Cloud Architecture”
- Learn more about VMware Cloud Foundation
- Read a summary of today’s news from Chris Wolf: VMworld 2020: Innovating with the Expectation of Change
- VMware Announces Future-Ready Workforce Solutions to Address the Needs of the Distributed Workforce
- VMware Delivers Intrinsic Security to the World’s Digital Infrastructure
- VMware Empowers Customers to Build their Multi-Cloud Future
- VMware Expands Tanzu Portfolio and Partnerships to Accelerate Customers’ Infrastructure and Application Modernization Efforts
- VMware vSphere 7 U1 with NVIDIA Multi-Instance GPUs (MIG) for Machine Learning Applications
- SASE Blog Series: Why is SASE akin to Networking Nirvana?
- VMware Edge Network Intelligence: Network Intelligence for the Globally Distributed Enterprise
- VMware & zScaler