Why upgrade VMware vSphere from 6.5 to 6.7 - or why not

Why upgrade to VMware vSphere 6.7 (or why not)

Now that VMware vSphere 6.7 has been announced and it’s also available in General Availability (GA), some people may ask if it makes sense upgrade to this version (or when will make sense upgrade to 6.7). Is a GA release ready for a production environment? Or is it mature and stable enough?

And, if you are building a new infrastructure from scratch what is the latest “stable” version for vSphere? Or what could be probably the best choices?

Why upgrade?

VMware vSphere 6.7 add a lot of new features and will be difficult summarize all of them in this post. For more information see: https://blogs.vmware.com/vsphere/launch

There can be several reasons to upgrade vSphere to the 6.7 version. Can we consider still valid the same reason on why upgrade to vSphere 6.5? For example VMware has built a list of a top ten reasons (https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/vsphere/vmware-vsphere-top-reasons-to-upgrade-infographic.pdf) from a “manager” perspective.

VMware has also written a post (vSphere 6.7 or 6.5 – What Should I Deploy?) that also it’s focused on the business and IT objectives and the choice could be analyzed in those points:

First, get educated on what vSphere 6.7 brings to the table. This is ALWAYS the best place to start. This can be done by reviewing the release notes, blogs, or the large variety of VMware events and/or resources available.
Once you are educated on the feature set and value the 6.7 product release can provide, does this make sense in your environment? I have many customer interactions where I go through a list of features and only one really resonates with my audience but that one is a must-have feature. Is there that one or more within the vSphere 6.7 release for you or your organization?
If the answer is no, then 6.5 may be a better path in the short term. This may be especially true for customers with long release adoption cycles that involve testing that can last months. It may also be the case for customers that are more risk averse as 6.5 has been through a few patch and update cycles already.

In this article, let’s try to build a list from a technical and architect perspective, with a critical view.

Support

Support is one of the keys for each product environment and you cannot rely on an environment without it!

VMware vSphere 6.7 actually has the same deadlines of the version 6.5 (maybe something could change with updated versions, like has happened with vSphere 6.5 update 1). So, from this point of view there is no difference between 6.5 and 6.7 and this isn’t a reason to upgrade to 6.7 version.

To summarize the current status of VMware general support deadlines for vSphere versions:

VMware vSphere prior version 5.5 are all out of support.
VMware vSphere 5.5 will go to the end of general support on September, 19th 2018.
VMware vSphere 6.0 will be supported until March, 12th 2020
VMware vSphere 6.5 and 6.7 will be supported until November 15th, 2021.

The recent Meltdown and Spectre bugs demonstrate how is important having supported products.

For more information on the support deadline for each product, see the official VMware Lifecycle Product Matrix: https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/support/product-lifecycle-matrix.pdf

But of course, there isn’t only the support deadline to consider. VMware vSphere 6.7 has several improvements that can help in lifecycle management, updating, monitoring, troubleshooting.

Other products

Integration with other products could be the main reason to upgrade or not (yet) upgrade.

Actually, the only product that requires vSphere 6.7 it’s the new vSAN 6.7.

On the other part, the other products are not yet certified for vSphere 6.7 so should wait some time.

For the integration aspect, the new VCSA improve the REST-based APIs interface, introduced in VCSA 6.5, to makes it easy to automate operations or integrate vSphere management inside other portals, programs or interfaces.

Enterprise Applications

VMware vSphere was already used for all business-critical application, due to the large scalability and the support of “Monster VMs”. But vSphere 6.7 introduces new storage and networking features which have a major impact on the performance of enterprise applications like Persistent Memory (PMEM) and enhanced support for Remote Directory Memory Access (RDMA).

PMEM is a new layer called Non-Volatile Memory (NVM) and sits between NAND flash and DRAM, providing faster performance relative to NAND flash but also providing the non-volatility not typically found in traditional memory offerings.

Enterprise applications can be deployed in virtual machines which are exposed to PMEM datastores. Applications deployed on PMEM backed datastores can benefit from live migration (VMware vMotion) and VMware DRS – this is not possible with PMEM in physical deployments.

VMware vSphere 6.7 VMs will support:

Max 1 NVDIMM controllers per VM
Max 64 NVDIMMs per VM
Max 1 TB Non-volatile memory per VM

Security

Some of the new security features of the latest vSphere are really cool and unique. The new vSphere 6.7 increase again the security of the VMs by adding the support for Trusted Platform Module (TPM) 2.0 hardware devices and also introduces Virtual TPM 2.0. This can significantly enhance protection and assuring integrity for both – the hypervisor and the guest operating system. All at infrastructure level!

Note that virtual TPM data are stored to the VM’s NVRAM file (the VM BIOS file) and are secured with VM Encryption.

Also, vSphere 6.7 adds support for Microsoft Virtualization Based Security (Credential Guard or VBS). When you enable VBS on your laptop running Windows 10 the system will reboot and instead of booting Windows 10 directly the system will boot Microsoft’s hypervisor. For vSphere, this means the virtual machine that was running Windows 10 directly is now running Microsoft’s hypervisor which is now running Windows 10 in a “nested virtualization” configuration.

But note that existing features (introduced in 6.5) are also improved:

VM Encryption is further enhanced and more operationally simple to manage. vSphere 6.7 simplifies workflows for VM Encryption, designed to protect data at rest and in motion, making it as easy as a right-click while also increasing the security posture of encrypting the VM and giving the user a greater degree of control to protect against unauthorized data access.
Encrypted vMotion across now can work across different vCenter instances as well as versions, making it easy to securely conduct data center migrations, move data across a hybrid cloud environment (between on-premises and public cloud), or across geographically distributed data centers.

Manageability

In the 6.5 version of vSphere the legacy C# vSphere Client for Windows has been finally dropped and a new HTML5 web client (still called vSphere Client) has been introduced. Unfortunately, this client wasn’t yet 100% complete, but it’s very close, at least for operational tasks. In version 6.7 there is another step closest to the full migration (but you still need the Flash client in some cases). At least some products, like vSAN and VUM now can totally work with the vSphere Client!

Some of the newer workflows in the vSphere Client 6.7 are:

vSphere Update Manager
Content Library
vSAN
Storage Policies
Host Profiles
vDS Topology Diagram
Licensing

As announced, this will be the latest version of vSphere that include the vSphere Web Client.

Version 6.7 will also be the latest vSphere version that includes a vCenter Windows based version. The vCenter Server Appliance (VCSA) was first introduced with the release of vSphere 5.0 and has evolved to become the definitive deployment model for vCenter Server.

With version 6.5 the VCSA was finally the first choice, due to the full capabilities and also for the new functions!

Now there are several improvements, starting with the vSphere Appliance Management Interface (VAMI) that has received an update to the Clarity UI, used in several others VMware’s products.

Another interesting aspect is the fully supported for Embedded PSC, that now are able to use Enhanced Linked Mode with some interesting benefits:

No load balancer required for high availability and fully supports native vCenter Server High Availability.
SSO Site boundary removal provides flexibility of placement.
Fully support for hybrid scenarios, like vSphere on AWS
Supports vSphere scale maximums: allows for 15 deployments in a vSphere Single Sign-On Domain.
Reduces the number of nodes to manage and maintain.

Maybe is the first step to simplify the tons of deployment models for PSC / vCenter and moving to simple and single appliance model.

Lifecycle

VMware vSphere 6.7 includes several improvements that accelerate the host lifecycle management experience to save administrators valuable time.

For example, vSphere 6.7 introduces vSphere Quick Boot – a new capability designed to reduce the time required for a VMware ESXi host to reboot during update operations. Quick Boot eliminates the time-consuming hardware initialization phase by shutting down ESXi in an orderly manner and then immediately re-starting it. If it takes several minutes, or more, for the physical hardware to initialize devices and perform necessary self-tests, then that is the approximate time savings to expect when using Quick Boot!

Also there are several improvements in VMware Updated Manager 6.7.

Monitoring

To provide good monitoring capabilities, vSphere with Operations Management (or another good tool) is needed, due to limited native capabilities of vCenter Center (especially in historical statistics management).

Now vSphere with Operations Management 6.7 has a new plugin for the vSphere Client. This plugin is available out-of-the-box and provides some great new functionality. When interacting with this plugin, you will be greeted with 6 vRealize Operations Manager (vROps) dashboards directly in the vSphere client! The dashboards are an overview, cluster view, and alerts for both vCenter and vSAN views.

Scalability

The new version of vSphere means new maximums, but honestly, for ESXi and VMs they are not so much bigger compared to version 6.0 or 6.5 (where already they were huge!).

But for vCenter Server there is a great improvement. There is a huge increase in the vSphere 6.7 vCSA delivers compared at cluster scale limits, versus vSphere 6.5:

2X faster performance in vCenter operations per second
3X reduction in memory usage
3X faster DRS-related operations (e.g. power-on virtual machine)

Storage and Network

VMware vSphere 6.7 introduces new protocol support for Remote Direct memory Access (RDMA) over Converged Ethernet, or RoCE v2, a new software Fiber Channel over Ethernet (FCoE) adapter, and iSCSI Extension for RDMA (iSER). These features enable customers to integrate with even more high-performance storage systems providing more flexibility to use the hardware that best compliments their workloads.

RDMA support is enhanced with vSphere 6.7 to bring even more performance to enterprise workloads by leveraging kernel and OS bypass reducing latency and dependencies.

When virtual machines are configured with RDMA in a pass-thru mode, the workload is basically tied to a physical host with no DRS capability i.e. no ability to vMotion. However customers who want to harness the power vMotion and DRS and still experience the benefits of RDMA , albeit at a very small performance penalty can do so – with para-virtualized RDMA software (PVRDMA). With PVRDMA, applications can run even in the absence of a Host Channel Adapter (HCA) card. RDMA-based applications can be run in ESXi guests while ensuring virtual machines can be live migrated.

There are several other storage improvements in:

vSAN 6.7
Virtual Volumes
Support for native 4K drivers
VAAI (UNMAP and XCOPY commands)
Increased maximum number of LUNs/Paths (1K/4K LUN/Path)

Note that starting with vSphere 6.7, VMFS-3 will no longer be supported. Any volume/datastore still using VMFS-3 will automatically be upgraded to VMFS-5 during the installation or upgrade to vSphere 6.7. Any new volume/datastore created going forward will use VMFS-6 as the default.

Backup

Backup of VCSA configuration has been introduced in version 6.5, but now is possible to schedule the backups of vCenter Server Appliances and select how many backups to retain.

Another new section for File-Based backup is Activities. Once the backup job is complete it will be logged in the activity section with detailed information. We can’t talk backup without mentioning restore. The Restore workflow now includes a backup archive browser. The browser displays all your backups without having to know the entire backup path.

About the backup products “native” for vSphere (using the VDAP API), actually you should wait to have new versions or updated build that are officially supporting vSphere 6.7. Manfred Hofer had built a nice compatibility matrix (http://www.vbrain.info/backup-interoperability-matrix-vsphere/) but it’s not yet updated to vSphere 6.7.

Why don’t upgrade?

Also if there are so many reasons to upgrade your environment to vSphere 6.7, there can still be few reasons to skip this upgrade.

Compatibility

You may have a software or hardware part that does not support this version. Note that from the next version of vSphere, several generations of servers will no longer be supported (for example, Dell PowerEdge 11G).

VMware vSphere 6.7 no longer supports the following processors:

AMD Opteron 13xx Series
AMD Opteron 23xx Series
AMD Opteron 24xx Series
AMD Opteron 41xx Series
AMD Opteron 61xx Series
AMD Opteron 83xx Series
AMD Opteron 84xx Series
Intel Core i7-620LE Processor
Intel i3/i5 Clarkdale Series
Intel Xeon 31xx Series
Intel Xeon 33xx Series
Intel Xeon 34xx Clarkdale Series
Intel Xeon 34xx Lynnfield Series
Intel Xeon 35xx Series
Intel Xeon 36xx Series
Intel Xeon 52xx Series
Intel Xeon 54xx Series
Intel Xeon 55xx Series
Intel Xeon 56xx Series
Intel Xeon 65xx Series
Intel Xeon 74xx Series
Intel Xeon 75xx Series

Be sure to check the compatibility matrix both for all hardware parts, but also for all software parts.

Learning curve

If you are still working with the legacy C# vSphere Client, you need to learn a new client and unfortunately the new HMTL5 vSphere Client it’s not complete… so probably you need to learn on how to use two new clients (remember that the vSphere Web Client based on Flash will be dropped in the future).

Same for the vCenter, if you have used in the past the Windows version you need to learn the new VCSA.

Maturity

The beta period of vSphere 6.7 was quite long, but there are some important changes, like in the driver’s support and maybe a GA could be considered premature.

For sure the history tells us that there were some bugs in the GA version, usually solved in the first 6 months.

There vSphere 6.7 Release notes documents have a list of known issues, but be sure to check the VMware site to learn about possible bugs or future issues.

Are new functions useful or usable?

Do you really need the new functions? If you are involved in a digital transformation, you will probably need the new platform. But for SMBs, most of the new functions are not usable or useful yet.

Can you really use the new functions? Most of the new features are only for the Enterprise Plus edition.

Finally, I decide to upgrade

In this case, for instructions about upgrading ESXi hosts and vCenter Server, see the ESXi Upgrade and the vCenter Server Upgrade documentation.

The VMware Product Interoperability Matrix provides details about the compatibility of current and earlier versions of VMware vSphere components, including ESXi, VMware vCenter Server, and optional VMware products. Check the VMware Product Interoperability Matrix also for information about supported management and backup agents before you install ESXi or vCenter Server.