The leading developers in this technology were VMWare with vSphere and Microsoft with Hyper-V technologies. To select a hypervisor for the infrastructure of Avantrade LLC, it is necessary to conduct a comparative analysis of the two solutions.

Overview of VMWare Products

VMware has been developing custom virtualization products since 1998. The entire package of the company's products, one way or another, is connected with virtualization technologies and the possibilities of their application. It should be noted that among the three main players in the market of commercial virtualization products (Citrix, Microsoft, VMware), only VMware is a highly specialized company in virtualization products, which allows it to stay ahead of all competitors in product functionality.

VMware's flagship products are VMware ESX/ESXi, bare metal hypervisors. At the moment, the latest version of the product is the fourth version, released in mid-2009. The hypervisor is the basis for server virtualization, it allows you to share resources in such a way as to create separate, independent environments for multiple operating systems on a single physical server. However, the hypervisor itself has a very limited range of capabilities, but to realize all the benefits, a solution is required that includes not only virtualization tools, but also infrastructure management (vCenter) - this comprehensive solution is called vSphere.

An analysis of the efficiency of using server equipment shows that most of the working time, the load is about 5-8% of the maximum, while during non-working hours, the servers simply stand idle, heating the air. When using VMware vSphere, we consolidate the load from several servers on one physical server (we transfer not only applications, but also operating systems to one server). The performance of modern servers makes the previously popular concept of “one task one server” extremely inefficient, but thanks to virtualization, a new one can now be used: “one task - one virtual machine”. Thus, the problem of compatibility of various software is solved - not all applications can be run in one instance of the operating system. In addition, often the infrastructure uses old applications that are no longer compatible with current OS versions, and installation of old versions is not supported on new hardware. Virtualization also solves this problem - you can even run Windows NT 4.0 or MS-DOS in an ESX virtual machine.

Server virtualization products find their application in a wide variety of infrastructures, from small companies to large enterprises.

In small companies, the product allows you to minimize the amount of server hardware, while maintaining the ability to use different operating systems if necessary. With the help of virtualization technologies, we can place all services on one or two full-fledged servers (instead of several ordinary PCs, as is often the case) and solve both the quality of equipment and its quantity.

In medium and large enterprises, server virtualization allows you to increase the availability of services using fault tolerance technologies and the migration of virtual servers between physical servers. The ability to move virtual servers from one physical server to another without stopping can significantly increase the availability of the service and facilitate the maintenance of the entire system. The time for deploying new services is significantly reduced - you no longer need to wait for the delivery of a new server, it is enough to deploy a new virtual machine in a few minutes and install the necessary software. Due to the fact that virtual machines do not require the installation of specific drivers, firmware updates, etc. administrative tasks are also greatly simplified.

VMware vSphere has a universal system for monitoring the status of the elements of the entire system, both at the level of physical servers and at the level of enterprise virtual servers. If a standard means monitoring is not enough for some reason, there are a number of additional applications third firms with additional capabilities.

It is possible to provide increased availability of virtual servers by restarting on a backup physical server in case of failure of the main one, as shown in Figure 2.3.

Figure 2.3 - Organization of the hypervisor in case of failures

Thus, due to the availability of backup servers, it is possible to quickly restore the system's performance by moving data from the main server in case of failure to the backup one.

Today I would like to tell you about products that used to be released by VMware, but for one reason or another were taken off the market and stopped developing. The list is far from complete and contains, for the most part, my opinion about the products based on the results of working with them.

VMware ESX Server

I'll start with perhaps the most significant product, thanks to which VMware has become a leader in the server virtualization market.

VMware ESX Server is the first type 1 hypervisor for Intel x86 processors. ESX wasn't the first server hypervisor, and it wasn't even the first VMware product. However, it was the first to implement features such as live migration of VMs (vMotion), high availability of VMs (High Availability), automatic balancing (Distributed Resource Scheduler), power management (Distributed Power Management) and much more.

By the way, have you ever wondered what the abbreviation ESX means? So, ESX is Elastic Sky X. Which once again proves that back in 2002, VMware developed its products with an eye on cloud computing...

ESX was built on the basis of a monolithic architecture, all drivers, network and I / O subsystem worked at the hypervisor level. However, to manage the hypervirus, a small service VM was installed on each host - Service Console based on a modified Red Hat Linux distribution. On the one hand, this imposed a number of restrictions - the service VM ate off part of the host's computing resources, its disks, like any other VM, needed to be placed on VMFS storage, and each host needed at least two IP addresses, one for the VMKernel interface , the second one is for the Service Console. On the other hand, the Service Console provided the ability to install third-party software (agents, plugins), which expanded the possibilities for monitoring and managing the hypervisor. The presence of the Service Console has given rise to a common misconception that the ESX hypervisor is a modified Linux "th.

It is worth mentioning that the first versions of ESX were installed and managed separately, however, starting with ESX 2.0, VMware VirtualCenter (now well known as vCenter Server) appeared to centrally manage multiple hosts. Then, in fact, Virtual Infrastructure appeared, which was a set of products for virtualization, consisting of the ESX hypervisor and VirtualCenter management software. By version 4.0, Virtual Infrastructure has been renamed to vSphere.

In 2008, an alternative hypervisor appeared - ESXi, which did not need the Service Console, was much smaller in size, but did not support much of what ESX could do (ESXi did not have a WEB interface, a built-in firewall, the ability to boot over SAN, integration with Active Directory etc.). With each new version, VMware gradually increased the functionality of ESXi. VMware vSphere 4.1 was the latest release to include the ESX hypervisor. Starting with 5.0, VMware left only ESXi.

VMware GSX Server

For many years, VMware GSX Server was released in parallel with VMware ESX. Ground Storm X (this is how the abbreviation GSX stands for) was a type 2 hypervisor and was installed on top of server operating systems Microsoft Windows, RedHat or SUSE Linux. Using a type 2 hypervisor had its advantages. Firstly, GSX supported a much wider range of hardware and could even run on desktop hardware, unlike the "whimsical" ESX. Secondly, VMware GSX was extremely easy to install and configure, anyone who worked with VMware Workstation was able to handle GSX as well. Thirdly, GSX had a built-in NAT and DHCP server, which made it easy to set up a network for a VM.

Like its older brother, GSX supported centralized management through VirtualCenter.

Later, GSX was renamed to VMware Server, while gaining the ability to run 64-bit VMs, as well as to allocate several virtual processors to the VM. Released at the end of 2008, VMware Server 2.0 became free, acquired a full-fledged web interface and the ability to forward USB devices inside the VM, but lost support for VMware VirtualCenter.

By this time, ESX and ESXi hypervisors had taken over most of the server virtualization market. The release of free versions of VMware ESXi Free and Microsoft Hyper-V Server was the final nail in the coffin of VMware Server. VMware and Microsoft have abandoned their server OS hypervisors.

VMware vCenter Server Heartbeat

The product, designed to provide high availability of vCenter services and related services (DBMS, SSO, Update Manager), was developed not by VMware itself, but by a third-party company - Neverfail Group.

The protection mechanism was based on the idea of ​​organizing a two-node cluster operating in active-passive mode. The passive node monitored the state of the main node, and if it was unavailable, it launched clustered services. The cluster did not require shared storage to operate. changes made on the active node are periodically replicated to the passive node. vCenter Heartbeat provided protection for both physical and virtual, and even mixed vCenter configurations, with one node being physical and the other being virtual.

Although for a while vCenter Heartbeat was the only way to protect vCenter not only from hardware failures, but also from software failures, the implementation was frankly lame. The complex procedure for installing and maintaining the cluster, as well as a lot of bugs, did their dirty work. As a result, starting from vSphere 5.5 U3 / vSphere 6.0 VMware abandoned vCenter Heartbeat and returned to a more familiar way of clustering using Microsoft Failover Cluster.

VMware vCenter Protect

For those of you who have worked with vSphere at least since version 4, you should know that at that time vCenter Update Manager supported the installation of updates not only for ESX / ESXi hypervisors, but also for guest operating systems and various software. However, since 5.0 this functionality has been removed from Update Manager, instead VMware began to offer a separate product - VMware vCenter Protect, which was acquired with Shavlik.

In addition to updating guest OSes, vCenter Protect made it possible to perform an inventory of software and hardware, run various scripts on a schedule, and scan for vulnerabilities.

But it didn't seem to be selling very well, and VMware's portfolio included vRealize Configuration Manager, acquired in 2010 from EMC, which handled patch management, inventory, and more. Therefore, in 2013 vCenter Protect was sold to LANDesk.

VMware Virtual Storage Appliance

The Virtual Storage Appliance is VMware's first foray into the software-defined storage market. VSA was intended for SMB and allowed the creation of a shared fault-tolerant storage system based on local disks installed in the server.

A dedicated VSA application was deployed on each ESXi host. VSA virtual disks were placed on VMFS storage created on volumes of the local RAID controller. Half of the disk space was intended for mirroring data from another VSA (a kind of network analogue of RAID 1) located on a neighboring host, half remained for useful data. Each app then presented its mirrored NFS storage back to all virtualization hosts. One installation supported 2 or 3 virtualization hosts, when using 2 hosts vCenter Server acted as an arbitrator and had to be deployed on a separate physical server or ESXi host that is not part of the VSA.

The functionality of VSA was very limited. So, for example, the first version of VSA only supported placement on VMFS volumes with RAID 1 or 10, which led to high data storage overheads (in fact, usable space was less than 1/4 of the volume of local disks), there was no support for VAAI, there was no support for caching or tearing.

All this, combined with a not too low price and low performance, did not allow VSA to force out the usual storage systems from the SMB segment. Therefore, shortly after the release of the first version of Virtual SAN in 2014, the product was withdrawn from sales.

VMware Virsto

Another victim of Virtual SAN, a product of the company of the same name, which VMware acquired in 2013. As far as I know, after the purchase, Virsto did not appear in the price lists, but was almost immediately multiplied by zero.

A promising development in the field of software-defined data storage, Virsto was a virtual application that acted as a storage virtualizer, i.e. storage resources were presented to uplines, and uplines, in turn, gave disk space to hosts using the NFS protocol. The heart of Virsto was VirstoFS - a specialized file system, which allows you to optimize write and read operations through the use of mechanisms similar to those that can be seen in NetApp FAS storage. Virsto could accumulate random write operations in a special log and then sequentially write data to the storage system, which had a positive effect on IOPS and latency. In addition, Virsto supported multi-level data storage (tearing) and optimized the work with snapshots by storing metadata in RAM about which data block is in which of the snapshots.

Despite the fact that the product never came out, the efforts of the developers were not in vain - in Virtual SAN 6.0, instead of VMFS-L, a new disk layout format based on VirstoFS and support for "advanced" snapshots appeared.

VMware Lab Manager

A product for automating the deployment and lifecycle management of VMs in test environments.

In fact, Lab Manager was a manager of managers, deployed on top of an existing installation of VMware ESX / ESXi and vCenter and allowed organizing multi-user (multi-tenant) access to a common virtual infrastructure, allocating the necessary set of computing resources to users, automatically issuing VM IP addresses from pools, creating isolated networks for VM, specify the lease period for the VM.

With the growing popularity of the topic of cloud computing, VMware switched to another product - vCloud Director, gradually transferring all the accumulated chips from Lab Manager and closing it.

VMware ACE

I want to finish the review on a fairly rare beast - VMware ACE. Even before the advent of VDI in its classic form and the widespread adoption of BYOD, VMware offered customers software for centralized management of virtual workstations that could run on personal computers users - VMware ACE.

ACE worked in conjunction with VMware Workstation and Player client hypervisors and allowed VMs to be managed based on specified policies. With the help of policies, administrators could restrict the functionality of the VM (for example, disable USB device forwarding or control network access), force encryption of virtual disks, allow access to the VM only for authorized users, configure the VM lifetime after which the VM stops starting, etc. d. VMs, along with policies and the VMware Player hypervisor, could be exported as a ready-made Pocket ACE package and transferred to the user in any convenient way (on a CD, flash drive, or over the network). If necessary, the administrator could deploy an ACE Management Server on the network, to which client hypervisors connected and requested the current policy settings for the VM.

Despite the interesting functionality, the product was not widely used, and according to VMware did not meet all the requirements of the few customers that used it, so in 2011 it was withdrawn from sale. A few years later, ACE was replaced by VMware Horizon FLEX, which has its own mechanism for delivering VMs to user computers, as well as supporting the VMware Fusion Pro hypervisor for Apple MAC OS X.

vSAN 6.7 improves HCI operational efficiency, reduces training time, and accelerates decision making. This release provides more consistent, resilient, and secure application support. In addition, the knowledge of leading experts, the latest technologies and analysis tools are used to resolve problems more conveniently and faster. More companies and cloud service providers are choosing VMware vSAN as their hyperconverged infrastructure solution.

CAPABILITIES

Product Improvements

Below are the major new features and updates in vSAN 6.7.

• HTML5 based user interface
• Completely updated user interface provides state-of-the-art management capabilities. The new interface was built on the same platform as used in other VMware products, giving customers a unified and seamless experience for managing the most complete SDDC product stack. In addition, the new interface reduces the number of steps required to complete many tasks by streamlining workflows.
• vRealize Operations in vCenter
• Integrated directly into vCenter, vRealize Operations provides complete visualization of HCI environments deployed on-premises or across a wide range of public clouds and is available free of charge to all vSAN Advanced and Enterprise edition customers. With customizable vSAN dashboards in a single management console, you can monitor and control your HCI environment. Integrating new or existing vROPs is non-disruptive.
• vSAN ReadyCare
• vSAN ReadyCare Support underscores VMware's commitment to vSAN customers and provides end-to-end support with leading experts and the latest analytics and technologies. Using predictive modeling in vSAN Support Insight, VMware analyzes anonymously collected data from thousands of vSAN customers and sends notifications to them before problems occur. In addition, vSAN health check services provide real-time notifications and troubleshooting recommendations.
• FIPS 140-2 Encryption
• vSAN implements the first industry-standard data-at-rest encryption solution for HCI. vSAN 6.7 introduces vSAN Encryption - the first software solution, which complies with FIPS 140-2 and stringent U.S. federal government regulations. vSAN Encryption reduces data protection costs and increases agility by being hardware-free and simplifying key management processes. It is also the first HCI solution to have STIG approved by the Defense Information Systems Agency (DISA).
• Enhanced application resiliency
• The vSAN solution provides a consistent end-user experience with applications through intelligent self-healing capabilities such as adaptive resynchronization, fast failover for physically separated networks, and replica consolidation. Adaptive Sync optimizes I/O traffic management to keep applications healthy during synchronization. Consolidating replicas reduces the time and effort required to bring a node into maintenance mode. Finally, the need for failover of physically separated networks is eliminated with instantaneous failover.
• Increased availability of distributed clusters
• Distributed cluster environments are made even more efficient by intelligently separating witness component traffic, redefining the primary environment, and efficient resynchronization. Witness traffic separation and efficient synchronization optimize the route and size of the data that is sent on each link, making failover transparent to application end users. Redefining the primary environment improves the availability of workloads by using more efficient logic in the event of an environment failure.
• Optimized Next Generation Apps
• The vSAN solution uses a new storage policy (pinning vSAN hosts) to bring the efficiency and resiliency of vSAN in line with the needs of the latest "shared-nothing" applications. By applying this policy, vSAN keeps one copy of the data and writes blocks of data on the ESXi host that is running the VM. This capability is especially important for data-intensive applications (Hadoop), NoSQL (DataStax), and other applications that back up data at the application level.
• Extended support for critical business application environments
• vSAN Now Supports More Critical Application Environments with Failover Clustering Support Windows Server, which simplifies storage management for these workloads and helps customers accelerate their transition to a centralized software data center.
• Proactive support with vSAN Support Insight
• Proactive support improves vSAN reliability with alerts that are generated before infrastructure issues occur, and reduces traditional support time with periodic data collection. To use this feature, you must enroll in the User Experience Improvement Program.
• Support for Adaptive Core Dump
• Adaptive Core Dump support reduces the resolution time for vSAN customers for more types of environments by automatically adjusting the direction and size of valuable data used to speed up support.
• Extended hardware support
• vSAN now supports 4Kn drives to help prepare vSAN environments for future needs and provide an opportunity to reduce total cost of ownership.

In this article, we will not go into any technical details. Instead, let's understand the terminology of VMware. This small review will be useful to those who want to understand the difference between the base VMware products. Almost everyone knows about ESXi. What about vSphere and vCenter? People often confuse these terms, but in fact there is nothing complicated about them. Let's break it all down.

Launched in 2001, the VMware ESX hypervisor (formerly known as VMware ESX Server) launched the virtual revolution. Today, VMware is a leading developer of virtualization software products (now part of Dell). Every year and a half, the company releases new software with advanced features that are compatible with a wide range of hardware, including NVMe SSD drives, extra-large-capacity hard drives, and the latest central processors Intel or AMD.

VMware ESXi

ESXi is a hypervisor; tiny particle software, which is installed on a physical server and allows you to run multiple operating systems on a single host computer. These operating systems operate separately from each other, but can interact with the outside world through a network. While other computers are connected to local network(Local Area Network, LAN). Operating Systems run on virtual machines (Virtual Machine, VM), each of which has its own virtual hardware.

There are paid and free versions of VMware ESXi. You can order the installation of a free version on . The functionality of the free version is somewhat limited. It allows you to consolidate a limited number of operating systems on one computer, and it cannot be managed through a central management server - vCenter. However, Free ESXi (or VMware ESXi Hypervisor) connects to remote storages where you can create, store and use virtual machines. That is, this remote storage can be shared between several ESXi hosts, but not between virtual machines. Virtual machines are "owned" by each host, making central management impossible.

Work with free version ESXi is very simple and consists of basic processes: training, testing production processes, checking disaster recovery systems, approving architectural solutions. Using snapshots, you can check the correct operation of Windows patches. Alternatively, this can be useful if you decide to clone your production server using VMware Converter or P2V technology and want to test the Microsoft update package before installing it.

VMware vCenter

VMware vCenter is a centralized management platform for VMware virtual infrastructure. With it, you can manage almost all processes from just one console. The vCenter Server can be installed on Windows or deployed as a pre-configured virtual machine using Photon OS, a powerful Windows distribution. Linux-based. VMware used to use the Suse Linux Enterprise Server (SUSE) distribution, but recently switched to Photon OS.

vCenter Server is licensed software. You can buy it in two ways:

• vCenter Server Essentials as part of the vSphere Essentials package. This version of vCenter manages to manage three hosts with two physical processors each. If you have a small company, then you will operate with about 60 VMs, and this version of vCenter will suit you. With the basic set, you get a license not only for vCenter server, but also for ESXi (up to three hosts with two CPUs on each).
• Standalone vCenter Server is a complete standalone vCenter server capable of managing 2,000 hosts with 25,000 working virtual machines. This is a license exclusively for vCenter. The vCenter itself is only part of the licensing puzzle. To manage all hosts from one device, you need a license for each of them. There are three types of licenses: standard, enterprise, enterprise Plus, and each covers one processor. So, if you plan to create a host with two physical processors, then you will need 2 licenses for this one host only.

VMware vSphere

VMware vSphere is the commercial name for the entire VMware suite of products. As mentioned earlier, different software packages cost different amounts of money. The cheapest are the base vSphere essentials or Essentials Plus packages. Is there a difference between them? Yes, but it consists in the number of available functions, and not in the software content itself.

Depending on the type of license, you get access to a certain number of features that can be controlled through the vSphere Web client. There is also a vSphere HTML 5 client program, but it is not yet usable. The company continues to develop it.

The Essentials package does not include High Availability (automatic restart of the VM), vMotion, backup software (VDP), and the ability to use VSAN storage.

The Essentials package is suitable for small businesses that don't need to be online all the time. On the other hand, being able to move your virtual machines to another host and perform host maintenance or upgrades while still online gives you a real advantage. All this can be done during the working day, without interrupting the work of users.

In addition, in the event of an unexpected hardware failure, vSphere High Availability (HA) will automatically restart the virtual machines that failed along with the affected host. These virtual machines are automatically restarted on other hosts from the VMware cluster. It takes a little time for the system to determine which computer has failed and which hosts can temporarily take over its virtual machines. These hosts must have enough memory and CPU power to handle the extra load. As soon as the system finishes the analysis, the VMs are restarted. The whole process is automated and does not require administrator intervention.

Summarize

As you can see, the VMware terminology is pretty easy to understand, as is the difference between ESXi, vSphere, and vCenter. The licensing system is also clear. The hypervisor itself is free, but its functionality is limited, as a result of which such software is not immune from data loss. Therefore, ESXi is intended to be used only in test environments.

What's new in VMware Cloud Foundation 4?

Recently, we talked about new platform features and other updates to the VMware product line, announced simultaneously with the flagship product. Recall these articles:

Today we will tell you about another important update - new version VMware Cloud Foundation 4 Hybrid Infrastructure Solutions Suite. We wrote about the previous version of this VCF 3.9.1 package. As you remember, it is a comprehensive software solution that includes VMware vRealize Suite, VMware vSphere Integrated Containers, VMware Integrated OpenStack, VMware Horizon, NSX and others components running on premium, cloud or hybrid enterprise infrastructure managed by SDDC Manager.

The fourth version of the VCF includes all the latest components, the articles that we described above:

• vSphere 7
• VMware vSAN 7
• VMware NSX-T
• VMware vRealize Suite 2019
• with Kubernetes support

As we can see, a fundamentally new component has appeared in the VCF stack - VMware Tanzu Kubernetes Grid. We already wrote about the container support infrastructure in the new version of the vSphere platform and. With the new VCF architecture, administrators can deploy and serve applications on Kubernetes clusters using Kubernetes tools and a restful API.

At the same time, vSphere with Kubernetes technology (aka Project Pacific) will provide the following functionality:

• Kubernetes-powered vSphere Pod Services will allow nodes to run directly on the ESXi hypervisor. When an administrator deploys containers through vSphere Pod Services, they receive the same level of security, isolation, and performance guarantees as virtual machines.
• The Registry Service allows developers to store and maintain Docker and OCI images on the Harbor platform.
• Network Services allow developers to manage Virtual Routers, Load Balancers, and Firewall Rules.
• Storage Services allow developers to manage persistent disks for use with containers, Kubernetes clusters, and virtual machines.

All this allows you to get all the benefits of a hybrid infrastructure (VM + containers), which are interestingly described.

Otherwise, VCF 4 acquires all the newest features that the already listed new releases of vSphere, vSAN, NSX-T and others give.

Separately, it should be noted that vSphere Lifecycle Manager (vLCM) is very tightly integrated with the vSphere 7 platform. vLCM complements the lifecycle management capabilities of virtualization infrastructure components that are already in SDDC Manager, but at a deeper level - namely, at the firmware management level for vSAN hosts ReadyNodes (for example, HBA firmware updates).

Like all other updates of the vSphere line, the VCF 4.0 update is expected in April. Updates can be followed on this page.

Tags: VMware, Cloud, VCF, Update, vCloud, Enterprse

Today we will talk about the Identity Federation services introduced in VMware vSphere 7.

In the modern world, corporate infrastructure is increasingly moving away from legacy password authentication and moving towards two-factor (2FA) or multi-factor (MFA) authentication practices. The user identification process is always based on 3 key things: something you know (password), something you have (phone) or someone you are (fingerprint).

Identity Federation Services allows you to combine your vCenter Server infrastructure with other Identity Providers, such as Active Directory Federation Services (ADFS), to unify the two- or multi-factor authentication process. In other words, users logging in via 2FA to their desktop or cloud service will use the same procedure for operations with vCenter Server.

When connected to one of the authentication providers (for example, ADFS), the vSphere Client will redirect to the login form of this provider when logging in. After authorization on the provider's side, a reverse redirect will be made using a secure token, through which the user will already work with vCenter services.

In terms of user experience, this is similar to, for example, logging into a website using Google or Facebook. The OAUTH2 and OIDC protocols are used to exchange information.

If you enable Identity Federation, you can use traditional Active Directory, Integrated Windows Authentication, and LDAP/LDAPS to authenticate with vCenter Server. However, it must be understood that all these authentication methods do not affect vSphere Single Sign-on (SSO), which is still used to make administrative settings in the vSphere platform itself.

Bob Plankers talks about this mechanism in more detail in the video below:

Tags: VMware, vSphere, Security, Client, Update

Here's what's new in the Ubuntu OVA for Horizon 1.2 image:

• Minimum support for Horizon 7.11 / Horizon Client 5.3 and later
• Minimum support for vSphere 6.7 and later
• Updated OVA template base image on Ubuntu 18.04.4 LTS
• Updated virtual hardware - Virtual Hardware v14
• Added the ability to set a static IP address
• Added support for USB 3.0 and USB Redirection (via linux-agent-installer.sh script)
• Added option to select KDE Desktop environment
• Added Gnome environment selection option (recommended)
• Developer Desktop Package option
• Choosing a keyboard layout
• Ability to enable SSH
• Removed runlevel 5 setting
• Fixed bugs with MOTD
• Turned off automatic update ON
• Improved SSO support
• Optimization script improvements, now called optimize.sh

Tags: VMware, Labs, VDI, Horizon, Linux, Update, VMachines

Recall also that now you do not have a vCenter Server installer for Windows. , vSphere 6.7 - it was latest version platforms where vCenter still had a Windows version. It is now only a vCenter Server Appliance (vCSA) virtual appliance based on Photon OS.

Earlier we wrote that using the utility that appeared in , you can migrate an external Platform Services Controller (PSC) server to an easy-to-manage embedded PSC using the vCenter Server CLI command interface or the vSphere Client graphical client:

The vCenter 7 installer also upgrades vCenter and transfers all services to the Embedded PSC as part of a single task, so the upgrade will be completed immediately. The new vCenter 7 installer does not have an option to deploy an external PSC:

2. Migration process

If you are migrating from vCenter Server for Windows to vCenter Server Appliance (VCSA), then the scheme will be exactly the same - in the end you will get vCenter 7 on vCSA in an embedded PSC:

Once the external PSC has been converted, it will remain in the console and its decomission is the next task for the vSphere administrator. You can do this using the CMSSO-UTIL command or from the client GUI (in the System Configuration section):

3. Ways to upgrade

Everything is simple here. The upgrade is supported according to this plate:

As you can see from the table, the upgrade is supported starting from vSphere 6.5, but many administrators prefer to deploy vCenter services again when upgrading their virtual infrastructure, so as not to drag along the history of possible bugs that may appear during the upgrade.

Before upgrading, you must definitely look at the documents and. But remember that before the official release of vSphere 7, these documents do not contain up-to-date information about the seventh version.

Tags: VMware, vCenter, Upgrade

Now there is an opportunity to override policies. Computer-based policies are applied at system startup. With value RefreshInterval you can control how often these settings are updated before the user logs into the system. And with the value ContinueRefreshAfterLogon you can continue to update the settings after the user login.

Well, the final interesting new feature in DEM 9.11 is Find Items. It will allow you to search in the configuration templates available in the Marketplace, in the Horizon Smart Policies you have created, in a certain set of conditions (condition set) and other elements, which is very convenient for administrators:

You can download Dynamic Environment Manager 9.11 from this link. Release notes are available.

Tags: VMware, DEM, Update, VDI, EUC
Tags: VMware, Horizon, Update, VDI, DEM, Client, EUC

Let's take a look at what's new in vRealize Operations 8.1:

1. Operations with integrated vSphere and Kubernetes infrastructure.

vRealize Operations 8.1 allows you to discover and monitor Kubernetes clusters within a vSphere-integrated infrastructure with the ability to auto-add Supervisor Cluster objects, namespaces (Namespaces), nodes (PODs), and clusters as soon as you add them to vCenter using Workload Management features.

This will give you access to the Summary pages for monitoring performance, capacity, resource usage, and Kubernetes configuration on the vSphere 7.0 platform. For example, Capacity forecasting features will show infrastructure bottlenecks at the node level, while daily operations will benefit from dashboards, reports, views, and alerts.

2. Operations in VMware Cloud on AWS infrastructure.

Now in VMware Cloud on AWS, you can use the VMware Cloud Service Portal token to auto-discover SDDC data centers and set up monitoring tools in a few simple steps. It will also be possible to use one account to manage multiple SDDC objects on the VMware Cloud on AWS platform, including vCenter, vSAN and NSX services, and there will also be full integration with VMConAWS billing.

In the cloud, you can use the following dashboards:

• Monitor resource usage and performance of virtual machines, including NSX Edge, Controller, and vCenter Server services.
• Monitoring of key resources, including CPU, memory, disk and network for the entire infrastructure and virtual machines.
• Monitor resource consumption trends and predict metrics such as Time Remaining, Capacity Remaining, and Virtual Machines Remaining.
• Finding virtual machines that consume unreasonably many resources and require reconfiguration based on historical data.

In addition, VMware NSX-T services will have full support for visualization and monitoring tools:

Well, in the vROPs 8.1 release, there is a full integration of the VMware Cloud on AWS cost tracking functionality with the vRealize Operations solution in the portal interface. This will allow you to control the costs already made and deferred, as well as detail them by subscriptions, consumption and due dates.

The AWS migration assessment engine has also been updated to allow you to save multiple results from different scenarios for further analysis. These scenarios include various options for Reserved CPU, Reserved Memory, Fault Tolerance, Raid Level, and Discounts.

3. Functions for monitoring multiple clouds (Unified Multicloud monitoring).

Monitoring tools now provide even more advanced features such as Google Cloud Platform support, improved AWS support, and new package Cloud Health Management pack.

vROPS 8.1 now has the following GCP services:

• Compute Engine Instance
• storage bucket
• Cloud VPN
• Big Query
• Kubernetes Engine

The AWS Management Pack now supports the following AWS Objects:

• Elastic Beanstalk
• Direct Connect Gateway
• Target Group
• Transit Gateway
• Internet gateway
• Elastic Network Interface (ENI)
• EKS Cluster

The CloudHealth Management Pack has also been enhanced to include the ability to push GCP prospects and pricing data to vRealize Operations 8.1. You can also create any number of custom dashboards by combining prices for different ratios of public, hybrid or private cloud resources.

As expected, vRealize Operations 8.1 will be released in April this year, simultaneously with the release of VMware vSphere 7. We will definitely write about it.

Tags: VMware, vRealize, Operations, Update, Monitoring, vSphere, Cloud
Tags: VMware, vCenter, VEBA, Labs
Tags: VMware, SRM, Update, DR, Replication, Enterprise

Let's say right away that this is just an announcement, and not an announcement about the availability of a new version of the product for download - as a rule, the GA version of vSphere appears within a month after the announcement. Therefore, we will wait for VMware vSphere 7 in April for the time being, and today we will talk about the new features of this platform.

1. Improvements to VMware vCenter services

Here you can note the simplification of the vCenter Server SSO topology:

• Ability to upgrade vCenter Server for users with an external PSC to a consolidated topology based on a single vCSA server.
• Embedded PSC is now the only possible deployment option. External PSC is no longer supported.

vCenter Server Profiles:

• This new feature for vCenter servers works exactly the same as Host Profiles works for hosts. You can now compare and export vCenter server settings in JSON format for backup purposes or apply those settings to another vCenter server via the REST API.

vCenter Multi-Homing Features:

• Up to 4 vNICs can now be used for vCSA management traffic, with one vNIC reserved for the vCHA mechanism.

Content Library Improvements

• There is now a new template management view that provides Check-In and Check-Out functions for managing template versions and the ability to roll back to a previous version.
• First, a Check-Out is done to open the possibility of making changes, then a Check-In can be done to save the changes in the library.

New vCenter Server Update Planner feature:

• The new capability is available as part of vSphere Lifecycle Manager (vLCM) for vCenter Servers.
• With the Upgrade Scheduler, you can be notified about vCenter upgrades, schedule upgrades, roll them out, and perform what-if analysis before upgrading.
• Ability to perform pre-upgrade checks for the selected vCenter server.

2 Improvements to the VMware DRS mechanism

• DRS now runs every minute instead of every 5 minutes as before.
• To generate recommendations, the VM DRS score mechanism (aka ) is used.
• Now this is a Workload centric mechanism - this means that now the needs of the virtual machine itself and the application in it are taken into account first of all, and only then the use of host resources.
• Memory calculations are based on granted memory instead of cluster standard deviation.
• The Scaleable Shares mechanism has appeared, which allows you to better allocate Shares in the resource pool in terms of their balancing.

3. vMotion improvements

Here are the improvements:

• Improvements to Monster VM migrations (large resources and very high load) to increase the chance of a successful migration.
• Using only one vCPU when tracking changed pages (page tracer) instead of all vCPUs, which has less impact on performance during migration.
• Reduced context switch time to another server (now less than one second). Achieved by switching when the compacted memory bitmap has already been transferred to the target server, instead of waiting for the full bitmap to be transferred.

4. New Features in vSphere Lifecycle Manager (vLCM)

There are 2 improvements here:

• Cluster Image Management feature, which includes firmware updates, drivers and ESXi images of different versions.
• Initial support for Dell OpenManage and HP OneView solutions.

5. Application Acceleration Features (Tech Preview)

These features come from the acquired company Bitfusion. They allow you to optimize GPU usage in a pool over the network, when the vGPU can be partially shared between several VMs. This can be used for AI/ML application task workloads.

All this allows you to organize computing in such a way that ESXi hosts with GPU hardware modules run virtual machines, and their VM companions on regular ESXi servers run applications directly. At the same time, CUDA instructions from client VMs are transmitted to server VMs over the network. You can read more.

6. Assignable Hardware Functions

This feature allows the use of so-called Dynamic DirectPath I/O for machines that need to work with PCIe passthrough and Nvidia GRID devices. It can now be used to match hosts with specific hardware requirements such as vGPU and PCIe. This allows, in turn, to use HA and DRS Initial Placement technologies for such VMs in a cluster where there are ESXi hosts that are compatible in hardware.

7. Certificate Management

There are 2 major new features here:

• New certificate import wizard.
• Certificate API for managing certificates using scripts.

8. Features of Identity Federation

ADFS features are now supported out of the box, and more IDPs using the OAUTH2 and OIDC mechanisms will also be supported.

9. Functions of vSphere Trust Authority (vTA)

• vTA uses a separate cluster of ESXi hosts to create a separate hardware trust node.
• This cluster will be able to encrypt the compute cluster and its VM along with vCenter and other management components.
• You can use the attestation mechanism when encryption keys are required.
• It is now easier to enforce the principle of least privilege and expand the scope of the audit.

10. vSGX/Secures Enclaves capability (Intel)

• Intel Software Guard Extensions (SGX) allow you to move sensitive application logic and storage to a protected area that cannot be accessed by guest OSes and the ESXi hypervisor.
• SGX features exclude the use of vMotion, snapshots, Fault Tolerance and other technologies. Therefore, SGX is best used only when there is no other way.

11. New edition of vSphere with Kubernetes (Project Pacific)

We talked about Project Pacific in detail. It is a set of tools for converting a VMware vSphere environment into a native platform for Kubernetes clusters. vCenter Server provides the ability to manage k8s clusters (any clusters older than n-2 will be upgraded). Also integrated into the solution is Harbor, which can be enabled for each namespace.

This is only available for VMware Cloud Foundation (4.0) users so far, as the solution is tied to the .

12. VMware Tools Improvements

Guest Store features are now available in the guest OS (such as updating VMware Tools from the guest OS).

13. Updated hardware (VM Hardware v17)

Here are the main improvements:

• Virtual Watchdog Timer - now there is no dependency on the physical hardware to restart the VM in case the guest OS is not responding.
• Precision Time Protocol (PTP) - for very time sensitive applications (such as trading platforms for traders) you can use PTP instead of NTP and assign its use to virtual machines.

14. vSphere Client improvements

Here are the following improvements:

• The search history began to be saved.
• API Explorer now has a better view of all available APIs.
• Code Capture now has a choice of scripting language - PowerCLI, Javascript, Python or Go.

Of course, this is not all the new features of VMware vSphere 7, presented recently. In the near future we will tell you a lot more about them, and in addition, we will also look at the announced solutions from the VMware Tanzu family, VMware Cloud Foundation 4 and vRealize 8.1.

Tags: VMware, vSphere, Update, Enterprise, Kubernetes, vCenter

To translate virtual addresses into physical ones, a Page Table containing PTE records (Page Table Entries) is used:

PTE records store links to real physical addresses and some memory page parameters (you can read more about it). PTE record structures can be of different sizes - they are WORD (16 bits/2 bytes), DWORD (32 bits/4 bytes) and QWORD (64 bits/8 bytes). They address large blocks of addresses in physical memory, for example, a DWORD addresses a block of addresses of 4 kilobytes (for example, addresses from 4096 to 8191).

Memory is read and transferred to the guest system and applications in 4 KB or 2 MB pages - this allows you to read the contents of memory cells in blocks, which significantly speeds up performance. Naturally, with this approach, there is memory fragmentation - rarely when you need to write an integer number of pages, and part of the memory remains unused. As the page size increases, their fragmentation also increases, but speed increases.

Page tables (and there may be more than one) are managed by a software or hardware component of the Memory Management Unit (MMU). In the case of a hardware MMU, the hypervisor transfers broadcast control functions to it, and a software MMU is implemented at the VMM level (Virtual Machine Monitor, part of the ESXi hypervisor):

An important component of the MMU is the Translation Lookaside Buffer (TLB), which is a cache for the MMU. TLB is always located at least in physical memory, and for processors it is often implemented at the level of the CPU itself, so that access to it is as fast as possible. Therefore, the typical TLB access time on the processor is about 10 nanoseconds, while physical memory access is about 100 nanoseconds. VMware vSphere supports Hardware MMU Offload, that is, the transfer of memory management functions to the MMU side of the physical processor.

So, if a request came from the virtual machine to access the virtual address 0x00004105, then this address is split into the virtual page address (Virtual page number - 0x0004) and offset (Offset - 0x105- the area inside the page that is accessed):

The offset is directly passed when accessing a physical page of memory, but the virtual page tag is looked up in the TLB. In this case, there is an entry in the TLB that the address of the physical page corresponding to this tag is 0x0007, respectively, the translation of the virtual page into the physical one was successful. It is called TLB Hit, i.e. cache hit.

Another situation is also possible - when decomposing a virtual address, the resulting tag 0x0003 missing from TLB. In this case, the page is searched for in physical memory by tag (page number 3) and its address is already translated ( 0x006). Next, an entry with this tag is added to the TLB (while old entries are evicted from the cache if it is full):

It should be noted that such an operation causes a slightly higher delay (since it has to be searched in global memory), and this situation is called TLB Miss, that is, a TLB miss.

But this is not the worst situation, since the latency count still goes to nanoseconds. But access can be much longer (milliseconds and even seconds) if the page needed by the guest OS is swapped to disk.

Let's look at an example:

The virtual machine accessed the virtual address 0x00000460, for which there is a tag 0x0000. In physical memory, page 0 is allocated for this tag, which means that you need to look for this page on the disk where the page was flushed due to lack of physical RAM.

In this case, the page is restored from disk in RAM(displacing the oldest page in terms of access time), and then the address to this page is translated. This situation is called page failure ( Page Fault), which leads to delays in application operations, so it is sometimes useful to track the Page Faults of individual processes in order to understand the reason for the performance degradation when working with memory.

Tags: VMware, vSphere, ESXi, Memory, Performance, Blogs

Existing vSphere Platinum users will receive vSphere Enterprise Plus licenses, the VMware AppDefense SaaS product, and the VMware AppDefense Plugin for vSphere plugin after the announced date (where to download this plugin is written). For vCloud Suite Platinum and Cloud Foundation Platinum users, nothing changes, except for the evolution of vSphere itself, which is part of the packages.

Tags: VMware, vSphere, Platinum, Update, Support

The package focuses on code quality, code reuse, unit testing, relationship management, and parallel project releases for the vRealize platform. vRealize Build Tools are extensions packaged in the Maven repository format that support the use of an IDE (via Maven) as well as a CLI interface for developing, testing, and deploying solutions for vRA/vRO platforms.

Let's see what's new in the second version:

• Support for the solution, its blueprints, custom forms, subscriptions, and flavor-mapping mechanics
• Support for existing content and import it for vRO 8
• Support for vRO 8 features to export workflows to a folder structure based on their tags
• Running workflows on vRO using maven command
• Ability to save JS Actions IDs on origin to prevent conflicts in vRO environment
• Improvements to experimental support for TypeScript projects
• Bug fixes and documentation updates

To get started with vRealize Build Tools, you will need the following tools:

• vRealize Orchestrator
• Microsoft VS Code

You can download vRealize Build Tools from this link.

Tags: VMware, Labs, vRealize, Automation, Orchestrator, Update

In addition to many bug fixes, the utility has several new cmdlets:

• Add-vRA-Project-Administrator
• Add-vRA-Project-Member
• Get-vRA-DeploymentFilters
• Get-vRA-DeploymentFilterTypes
• Get-vRA-FabricNetworksFilter
• Get-vRA-FabricImagesFilter
• Remove-vRA-Project-Administrator
• Remove-vRA-Project-Member
• Update-vRA-Project-ZoneConfig

Recall that this module is not supported by VMware (like all utilities on VMware Labs that are in the Tech Preview status), so use it carefully.

This tool may be useful to you in the following cases:

• When you need to compare two clusters in terms of performance (for example, on different hardware)
• When to Understand the Impact of Cluster Configuration Changes on Performance
• When to check if a new cluster is configured correctly before launching it into a production environment

To run Weathervane, you need to create container images, prepare a configuration file, and run a benchmark. Further, the utility itself will deploy containers in the cluster, launch applications and collect test results.

Weathervane deploys the benchmark application on the nodes and feeds the load there, which is generated through the Workload driver component. This driver can be located either together with the benchmark application or in an external environment, in a separate cluster.

Weathervane can be set to run at a constant load for a fixed number of simulated users, or it can be configured to look for the maximum number of users so that quality-of-service (QoS) requirements are met. In the latter case, the result of the test will be the maximum number of WvUsers that the cluster can support. Actually, this parameter should be used to compare clusters in terms of performance.

Here are the components of the Weathervane solution (the Run harness component is responsible for executing the test runs and getting the test results):

Weathervane uses a multi-tiered web application that includes both stateless and stateful services. You can choose from one of these application deployment types. Multiple application instances can be run in a single run, allowing testing to scale across large clusters.

The Weathervane app has several tiers. The application logic is implemented through Java services running on the Tomcat server, which communicate via the REST API and RabbitMQ messages, and Zookeeper is used for coordination. Backend storages are implemented using PostgreSQL and Cassandra. Frontend web servers and proxy cache servers are implemented on Nginx.

Tags: VMware, Kubernetes, Weathvane, Update, Performance

In Russia, there are already 10 vExpert carriers, not so many, but not enough (at the level of Sweden and Norway). It is clear that the majority of vExpert is from those countries where everything is fine with English, since the audience of blogs in English is wider, which motivates authors to write posts (and in general, vExpert is given for blogging).

This is what the top ten looks like:

And here are those specialists from Russia who received vExpert this year:

Tags: VMware, vExpert, Blogs

VMware vCenter Server 6.7 server performance when working with virtual infrastructure of VMware ESXi servers of remote offices and branches

Many users of the VMware vSphere platform know that there is such an option for deploying and operating a distributed virtual infrastructure as ROBO (Remote or Brunch Offices). It implies the presence of one or more main data centers, from where small remote offices are managed, hosting several VMware ESXi servers with or without their own vCenter.

At the end of last year, VMware released an interesting document "Performance of VMware vCenter Server 6.7 in Remote Offices and Branch Offices" ( we have already talked about it a little), which discusses the main aspect of using such a scenario - performance. After all, remote offices can be located in other cities, countries and even continents, which are accessed via different types of connections (for example, 4G or satellite), so it is very important how much traffic various operations consume, and how quickly they work out from the point of view of the administrator.

Options various types network connections in VMware were summarized in a table (in the right column, which was obtained as a result of using a test configuration, and in the left column, as happens in scenarios with real data centers):

For testing, a remote configuration of 128 ESXi hosts was used, where 3840 virtual machines were registered (960 VMs per cluster, 30 per host), of which up to 3000 machines were turned on simultaneously.