The latest updates in vSphere 6.5 and VSAN 6.5
This day has come – vSphere 6.5 has been just announced. As many of you I have been waiting for the presentation of new vSphere during VMworld event in the USA, but I guess VMware preferred to use vSphere 6.5 as a treat for those who were in doubt whether to attend VMworld Europe or not after all VMworld US were made available online to everyone; or perhaps VMware hasn’t decided what features should be included into the GA release.
In this post, I will try to cover all new features of vSphere 6.5 and VSAN 6.5, but if I missed something feel free to let me know by leaving a comment.
To be honest, there is so much to talk about and some of the new features require separate posts to be explained properly. Therefore, please don’t expect detailed review of the every single feature.. This is more ‘What’s new in vSphere 6.5 and VSAN 6.5′ overview, but in the future posts I will be talking about some of the most interesting improvements and enhancements in detail.
vCenter Server Appliance is a first choice now.
It has been a long race between vCSA and vCenter on Windows and only now vCSA caught up with the leader and even went further by offering some exclusive features. So, there are no doubts vCSA is the new default choice now.
vCSA 6.5 switched from SLES to Photon OS – http://blogs.vmware.com/cloudnative/introducing-photon/. It delivers great performance – 3x compared to vCenter Server 6.5 on Windows; and its boot time is significantly shorter compared to vCSA 6.0. vCenter server is the first product running on Photon OS with more to follow.
Let’s talk about exclusive features of vCSA:
- Native HA for vCenter ServerOne of the biggest and long awaited improvements in vSphere 6.5. There were different attempts to provide high availability in the history of vCenter server – vSphere HA, vCenter Hearbeat, Microsoft Failover Clustering, but each of them had its own flaws.The vCenter HA cluster consists of Active and Passive vCenters and Witness appliance. VMware promise vCenter failover with RTO of 5 minutes. There will be a post dedicated to vCenter HA topology, deployment and failover scenarios.
- Nothing changed for external PSC deployment, but embedded PSC can be protected as part of VCSA HA Cluster.
- Embedded vSphere Update Manager.Finally, we can get rid of that Windows server we had to deploy with every single vCenter.
It is part of vCSA HA and Backup!
- Improved Appliance Management and Monitoring
- New sleek VAMI interface
- Built-in monitoring of CPU, Memory and Network resources, Postgres DB monitoring
- Disk space pro-active monitoring. Now you will get a warning at 80% of disk space usage and vCSA will gracefully shutdown at 90%. That is to avoid data corruption.
- Native Backup/Restore of vCSA
- No dependancy on 3-rd party backup solutions.
- Supports backup and restore of vCSA, PSC, VUM, AutoDeploy
- Supports encryption of backup
- Restore can run directly from ISO file
- Runs over HTTP, FTP, SCP
- New vCenter Appliance Migration Tool.It will let you move from vCenter Server 5.5 or 6.0 on Windows to vCSA 6.5. All types of source topologies and databases are supported. All PSC topologies – embedded and external – are supported too. All sources databases are supported too. On top of that it allows migration of Windows VUM to vCSA VUM as well.
- Extra flexibility of vCSA installer. Now you can run installer on macOS, Linux and Windows.
There are few changes with management interfaces:
- HTML5 clientYou might have already heard that VMware had dumped traditional C# vSphere Client, but it kept the name, vSphere Client, as the new name for HTML5 client. It used to be a VMware fling, but with vSphere 6.5 it is part of the product now. New vSphere Client still has partially functionality compared to Web Client, but it already supports Enhanced Link Mode. Hopefully, the client will get full functionality in the next 6 months. But so far everyone loves it for its amazing performance.HTML5 client has new clean UI that will be used as a standard across all VMware products. No plugins are required with H5 client.
- Web ClientThe Web Client based on Adobe Flex remains the main management client for vSphere. But you can fully trust it as it has Live Refresh now, like old C# Client had.The best thing about Web Client is that VMware finally has got rid of Integration Plugin and replaced its functionality using browser capabilities. It used to be one of the biggest frustrations of Web Client and never worked for me on Mac.There are still two features – Integrated Windows Authentication and Smart Card Authentication – that couldn’t be replaced by browser functionality. If you need either of them, you will have to install Enhanced Authentication Plugin.Web Client GUI has been redesigned a bit and some parts of it have been renamed, e.g. former ‘Manage’ tab is called ‘Configure’ now.
- Standalone Host ClientThis HTML5 client was introduced in vSphere 6.0, but it matured and became noticeably faster and more reliable.
The Content Library received the functionality it has lacked from the first day.
Finally, you can implement Guest OS Customization Specifications when deploying a virtual machine from the template in the Content Library. Another improvement is that ISO files can be mounted directly from the Content Library.
Also, templates can be updated directly in the Content Library using very simple versioning of templates.
vSphere 6.5 brings great improvements into Host Lifecycle :
Let’s go through the main operational improvements of the Auto Deploy:
- Interactive deployments of new hosts.There is some kind of wizard that allows to configure standby hosts with Auto Deploy by assigning deployment rule and image.
- Post-boot scripts for advanced configurationAllows configuration of some of aspects that cannot be covered with Host Profiles.
- UEFI and IPv6 supportThere have also been some positive changes to Auto Deploy Performance and Resilience.
- Scalability improvementsAuto Deploy can concurrently boot up to 300 hosts now.
- vCSA HA & Backup supportSince Auto Deploy is part of vCSA it will failover along with vCenter, although it is not a stateful failover.
- Round-robin reverse proxy caching. Using industry standard reverse proxy servers, you can cache deploy images to reduce load on the Auto Deploy
- Backup and restore state with PowerCLI
New commandlets are introduced to run a full backup of Auto Deploy server.
There have also been improvements in Manageability and Operational aspect of host profiles:
- Bulk Edit Host CustomizationsIt will save you a lot of time on large environments with some unique host settings, e.g. IP Addresses. You can now export host customizations to CSV, update it using your preferred editor and import back.
- Copy settings between profilesThe use case here is creating one host profile that will be used as a golden template to source its settings to other cluster-specific profiles.
- Streamlined remediation wizard
- Pre-check proposed settingsThis new feature will help to ensure that remediation of the host will complete successfully by checking all prerequisites and dependencies.
- Detailed compliance resultsNow you will be able to see what configuration setting of the host is not in compliance with host profile
- DRS integration – rolling remediation using DRS & vMotionRemediating ESXi servers with host profiles can require reboot of the hosts. DRS now will take care of automated evacuation of virtual machines if the host requires a reboot. It is very similar experience you had with vSphere Update Manager and DRS.
- Parallel RemediationAgain, like with VUM you can remediate more than one host at a time.
There are quite a lot of improvements VMware made in vSphere 6.5 High Availability. It is worth a separate blog post, but for now I will briefly explain the main changes.
- Host Failures Cluster tolerateAdmission Control Policy now automatically calculates resource percentage reservations based on numberof host failures to tolerate.
- There is another amazing feature I have personally been waiting for a long time.The problem with previous Admission Control model was that it was using only reservations and overhead in its calculations. Actual usage of CPU and Memory has never been taken into consideration. Have a look at my blog post where I discuss this issue.
Now you can configure the performance reduction to tolerate in the event of the host failure. This setting is based on actually allocated resources, not on reservations.
- Two extra restart prioritiesA bit more granularity is added with two additional restart priorities – Highest and Lowest, which makes 5 priorities in total now
- HA – orchestrated restart of VMs.Now HA can wait to start VM until others are started. This is very useful setting for multi-tier applications as it increases the chances of successful recovery of the applications.
- Proactive HAIn two words, this new feature will leverage DRS to vMotion virtual machines off the degraded host prior to host failure. To make it work there must be hardware integration which will let vSphere read vendors’ health sensors to monitor the state of the servers. This results in less VMs being restarted during host’s failure.
This is another topic which requires a separate post – so many enhancements are brought in vSphere 6.5 DRS. Let’s quickly go through them:
- DRS PoliciesThere are 3 new DRS policies that will help you to adjust virtual machine balancing to achieve the best performance:
- Even distribution of VMs across hosts where DRS tries to equalize a number of VMs per host
- Consumed Memory vs default Active Memory. Previous DRS used active memory +25% to calculate the right balance of memory distribution. Now you can instruct DRS to use consumed memory instead. It can be useful in environments where you aim not to overcommit memory.
- CPU Overcommit. This policy will make DRS keep you CPU over-commitment ratio under configured threshold.
- DRS is network aware nowNot only it computes CPU and Memory when taking decision on resource balance but it will also use Rx/Tx stats of the host’s NICs, however, CPU/Memory considerations have higher priority over Network
There are few very major changes in vSphere 6.5 Security.
- Virtual Machine EncryptionThis is a VM-agnostic approach which encrypts VMDK and VMX files of the virtual machine and requires zero Guest OS modifications. The encryption is implemented through Storage Policy Based Management framework which allows per-VM granularity.Guest OS has no access to the encryption keys which are managed by the Key Management Server. This is not a part of vCenter. Instead, vCenter is a client of KMS server.Again, this topic is too big for this post and it will be explained in depth in the future posts.
- Encrypted vMotionVirtual Machine with company’s sensitive data can now be configured to use encrypted vMotion. This is a per VM setting which has three options: Disabled, Opportunistic, Required
Encrypted virtual machines always use encrypted vMotion.
- Secure bootESXi server verifies that the set of VIBs is not compromised which prevents the load of unauthorized components
- Enhanced monitoring and tracking of eventsvSphere 6.5 provides enhanced audit/logging of administrator actions.
VSAN has matured in vSphere 6 U2 and received a good reception amongst 5000 clients worldwide.
New VSAN release is probably not as big as VSAN 6.2 featuring Deduplication and Compression, but it still delivers very interesting improvements. Let’s have a quick look at them:
VSAN becomes a centralized storage solution not only for vSphere and products running on top of it, but also for external physical servers and third-party hypervisors.
You don’t need to spin up extra virtual machines on VSAN to provide iSCSI storage. The iSCSI target functionality is built in ESX, which uses VMDK as iSCSI targets.
iSCSI storage supports all the VSAN features – diferent RAID levels, dedup, compression, checksums.
That will also let you run virtual Microsoft Failover Cluster solutions on top of VSAN where iSCSI disks are presented as RDM disks and shared between MSCS virtual nodes.
2-node direct connect
This new feature is supposed to save 2-3 thousand dollars on 10Gb switch when deploying Robo VSAN.
Essentially, it allows you to cross-connect 2 VSAN nodes over 10Gb links and while separating witness traffic on externally facing NICs.
Like I said, the primary use case of this functionality is RoBo VSAN, but I can also see it as de-facto default storage solution in home lab.
As you can see this is really huge release and there is so much to read and to play with in the homelab so I am planning to be very busy another couple of months. Both new products are not released and so these are not available for download yet. GA date hasn’t been announced, but from my experience GA usually comes 1-2 months after announcement.
Meanwhile, you can join vSphere Beta program and get your hands on Release Candidate of vSphere 6.5 and VSAN 6.5 to fully enjoy all new features and improvements.
- vSphere Replication traffic isolation
- How Transparent Page Sharing memory deduplication technology works in VMware vSphere 6.0