Wednesday, 2 December 2020

 vSphere 7 – Content Library

VMware vSphere IconContent Library has come a long way since its inception in vSphere 6.0. Having such a library allows for virtual machine templates, as well as scripts, text files, and ISO images to be stored efficiently and centralized for sharing within the datacenter. Content Library in vSphere 7 does not disappoint by adding additional features to support VM Template (vmtx) management, further simplifying vSphere content distribution.

In vSphere 7, customers can now manage VM templates in a more efficient and flexible manner. Quickly edit VM templates by checking them out, making necessary changes, and checking them in. Additionally, administrators can edit the configuration of Advanced Content Library settings across vCenter Server instances directly from the vSphere Client.

What is Check-In/Check-Out?

Before vSphere 7, when an administrator needed to perform maintenance on a VM Template (vmtx), the process was quite manual and included multiple steps. An example of those tasks:

  • Convert the VM template back to a VM
  • Snapshot the VM, if rollback needed
  • Update the guest OS or other VM object settings
  • Convert the VM back to a VM template
  • Copy the VM template back to Content Library
  • Delete the old VM template(s) from Content Library

With the introduction of Check-In and Check-Out operations for updating virtual machine templates, when a VM template is stored in Content Library, Check-In and Check-Out actions, as well as template versioning, are available to allow an Administrator to quickly make changes and keep track of VM Template versions. It is no longer necessary to perform the mentioned manual steps for editing the VM template as the process has been included in the new workflows. During this process, the VM template is not available for checkout from other users but will be available to deploy a virtual machine from the VM template without disruption.

Checking out a VM template allows for edits, and Checking in a template, creates a new version of the template containing the updated state of the virtual machine. Below we can see a template being checked in to save the changes made.

Once checked in, the VM template now has an audit trail, or versioning to keep track of any edits. Notes as well as timestamps, and names of the privileged user making the edits are preserved. This new view of template history keeps things simple and easy to manage.

Template Versioning

VM Template versioning is enabled when a VM template is stored in a Content Library. This allows an administrator to keep a history of changes over time with a vertical timeline view. In the Versioning tile, the timeline view provides detailed information about different VM template versions, updates made by privileged users, and when the last change was performed. Quickly and efficiently revert VM templates back to their previous state or delete an unwanted version of a VM template.

NOTE: VM templates that are stored outside of a Content Library are still used in vSphere 7.0, but template management features like Check-In/Check-Out and versioning will not be available for those templates.

Advanced Settings

Content Library in vSphere 7 now allows easy access to editing Content Library service settings directly from the vSphere Client. On the Content Libraries screen, an Advanced button is displayed.

Clicking this button will open the Advanced Configuration settings page where edits can be made. A menu option allows the selection of the vCenter Server instance whose settings need to be changed.

Note: The drop-down menu only appears if the SSO Domain contains more than one vCenter Server.

If an advanced setting requires a restart of the Content Library service after being edited, a prompt will guide the administrator to the vCenter Server Appliance Management Interface (VAMI) on port 5480 (https://<vCenterServer-FQDN>:5480), to perform the service restart.

Privileges

Content Library in vSphere 7 has a few new privileges that are important to bring up as well as a few existing ones that should be considered. Please refer to the chart below for more details.

 

Wrapping Up

Content Library has definitely evolved over the years and in vSphere 7 we have made managing templates within those libraries a much simpler process. Gone are the days of extra steps to complete simple tasks. Remember that PowerCLI 11.5 included many new cmdlets for managing a Content Library. Utilizing these commands can dramatically decrease operations like Creating a new Library or even just adding or removing content. Stay tuned for more content and demos on vSphere 7 and its features.

 

ESXi System Storage Changes

Partition Lay-out in vSphere 6.x

The partition sizes in vSphere 6.x are fixed, with an exception for the scratch partition and the optional VMFS datastore. These are created depending on the used boot media and its capacity.

Consolidated Partition Lay-out in vSphere 7

To overcome the challenges presented by using this configuration, the boot partitions in vSphere 7 are consolidated.

The ESXi 7 System Storage lay-out only consists of four partitions.

  • System boot
    • Stores boot loader and EFI modules.
    • Type: FAT16
  • Boot-banks (x2)
    • System space to store ESXi boot modules
    • Type: FAT16
  • ESX-OSData
    • Acts as the unified location to store extra (nonboot) modules, system configuration and state, and system virtual machines
    • Type: VMFS-L
    • Should be created on high-endurance storage devices

The OSData partition is divided into two high-level categories of data called ROM-data and RAM-data. Frequently written data, for example, logs, VMFS global traces, vSAN EPD and traces, and live databases are referred to as RAM-data. ROM-data is data written infrequently, for example, VMtools ISOs, configurations, and core dumps.

ESXi 7 System Storage Sizes

Depending the boot media used, the capacity used for each partition varies. The only constant here is the system boot partition. If the boot media is larger than 128GB, a VMFS datastore is created automatically to use for storing virtual machine data.

For storage media such as USB or SD devices, the ESX-OSData partition is created on a high-endurance storage device such as an HDD or SSD. When a secondary high-endurance storage device is not available, ESX-OSData is created on USB or SD devices, but this partition is used only to store ROM-data. RAM-data is stored on a RAM disk.

ESXi 7 System Storage Contents

The sub-systems that require access to the ESXi partitions, access these partitions using the symbolic links. For example: /bootbank and /altbootbank symbolic links are used for accessing the active bootbank and alternative bootbank. The /var/core symbolic link is used to access the core-dumps.

 

 

Review the System Storage Lay-out

When examining the partition details in the vSphere Client, you’ll notice the partition lay-out as described in the previous chapters. Use this information to review your boot media capacity and the automatic sizing as configured by the ESXi installer.

A similar view can be found in the CLI of an ESXi host. You’ll notice the partitions being labeled as BOOTBANK1/2 and OSDATA.

You might notice the OSDATA partition being formatted as the Virtual Flash File System (VFFS). When the OSDATA partition is placed on a SDD or NVMe device, VMFS-L is labeled as VFSS.

Boot Media

vSphere supports a wide variety of boot media. This ranges from USB/SD media to local storage media devices like HDD, SSD and NVMe, or boot from a SAN LUN. To install ESXi 7, the following boot media requirements must be met:

  • Boot media of at least 8GB for USB or SD devices
  • 32GB for other boot devices like hard disks, or flash media like SSD or NVMe devices.
  • A boot device must not be shared between ESXi hosts.

Upgrading to from ESXi 6.x to ESXi 7.0 requires a boot device that is a minimum of 4 GB. Review the full vSphere ESXi hardware requirements here. As always, the VMware Compatibility Guide is the source of truth for supported hardware devices.

 

VMware vSphere: What's New [V6.7 to V7]

 Installation and Upgrade
•  Describe the new vCenter Server Appliance deployment model
•  Upgrade a vCenter Server Appliance instance to vCenter Server Appliance 7.0
•  Migrate a Windows vCenter Server instance to vCenter Server Appliance 7.0
•  Identify enhancements to vCenter Server Appliance
•  Upgrade an ESXi host to version 7.0

  Management Enhancements
•  Recognize how to create and apply vCenter Server profiles
•  Identify the scaling and performance improvements for vCenter Server Appliance
•  Describe the support provided for dynamic DNS
•  Recognize how to change the IP address or FQDN of vCenter Server
•  Identify enhancements to the vCenter Server file-based backup
•  Identify enhancements to tools provided by the vSphere Client Developer Center
•  Describe prefix-based MAC address allocation
•  Identify VMware NSX-T™ logical switches and their properties in the vSphere Client
•  Use virtual distributed port groups to connect to NSX-T Data Center logical switches
•  Use vSphere Bitfusion to support artificial intelligence and machine learning based workloads
•  Describe version control and management of VM templates in Content Library
•  Perform a VM template in-place update in Content Library
•  Describe identity federation and recognize its use cases
•  Configure identity federation
•  Manage certificates using the vSphere Client
•  Explain the benefits and capabilities of VMware Skyline™

 ESXi Enhancements
•  Recognize the enhancements made to ESXi security
•  Identify hardware support updates in ESXi 7.0
•  Describe the support for AMD SEV-ES in vSphere 7
•  Recognize layout changes in the ESXi 7.0 system storage partitions
•  Describe the enhancements made to ESXi timekeeping options in vSphere 7
•  Describe the enhancement to vSphere vMotion in vSphere 7

  VM Enhancements
•  Identify the characteristics of VM compatibility level for ESXi 7.0
•  Describe the support provided for new virtual devices in vSphere 7
•  Recognize improvements to guest customization
•  Migrate VMs with attached devices

  Storage Enhancements
•  Describe the enhancements to NVMe support
•  Describe the enhancements to VMware Pluggable Storage Architecture
•  Describe the purpose of the High-Performance Plug-in
•  Describe the support for iSER in vSphere 7
•  Describe support for iSER in vSphere 7
•  Identify VMware vSAN™ enhancements for vSphere 7

  Security Enhancements
•  Describe the enhancements to cloning, migration, and encryption operations
•  Identify the enhancements to the VM encryption architecture in vSphere 7
•  Recognize new VM encryption events and alarms
•  Describe the benefits and use cases of VMware vSphere® Trust Authority™
•  Explain the general architecture of vSphere Trust Authority
•  Configure vSphere Trust Authority

 Cluster Enhancements
•  Recognize how to configure clusters using the vSphere Cluster Quickstart workflow
•  Recognize improvements to vSphere DRS
•  Identify improvements to vSphere ESX Agent Manager
•  Describe scalable shares
•  Configure VMware vSphere® DirectPath I/O™

 vSphere Lifecycle Management
•  Describe features of vCenter Server Update Planner
•  Run vCenter Server upgrade prechecks and interoperability reports
•  Describe vSphere Lifecycle Manager
•  Compare vSphere Lifecycle Manager to vSphere Update Manager
•  Identify the components of an ESXi image
•  Describe vSphere Lifecycle Manager and NSX-T Data Center integration
•  Define a cluster image and update ESXi hosts using vSphere Lifecycle Manager

  Introduction to VMware vSphere® with Tanzu
•  Differentiate between containers and virtual machines
•  Identify the parts of a container system
•  Recognize the steps in a basic Docker workflow
•  Explain the importance of Kubernetes
•  Recognize the basic architecture of Kubernetes
•  Describe a basic Kubernetes workflow
•  Identify the capabilities and benefits of vSphere with Tanzu
•  Describe the Tanzu Kubernetes Grid Service

 

VMware vSphere 7 Released: What’s New?

Kubernetes Support and Integration

Docker containers are popular among developers who create applications using the microservice architecture. Kubernetes can run containers in a cluster and provides load balancing, high availability and scalability. VMware vSphere 7 is fully integrated with Kubernetes. Now administrators can provision, run, and manage Kubernetes clusters on top of vSphere via the Kubernetes interface. Supporting both containers and virtual machines on a single platform allows vSphere 7 to run Kubernetes pods on virtual machines by using the vSphere POD Service. VMware vSphere PODs can be managed like existing VMs.

Improved Clustering features

VMware DRS cluster (Distributed Resource Scheduler) has been improved in vSphere 7. Now DRS can ensure load balancing for both VMs and containers. In vSphere 6.7, the DRS checks a load of each ESXi host in a cluster. If one host is overloaded and another host has a lot of free resources, a recommendation to migrate a VM (or VMs) from the overloaded host to the host that has free computing resources is provided in the automatic or manual mode.

Unlike the DRS in the previous versions of vSphere, in vSphere 7 the DRS isn’t aimed at balancing ESXi host load. This is the biggest difference. The main priority of the DRS is no longer caring about ESXi host utilization but rather the virtual machine “happiness”. This means that provisioning enough resources for a VM is the objective. The redesigned DRS provides a more workload-centric approach.

The VM DRS score metric is used to quantify VM happiness by evaluating execution efficiency of a virtual machine. The VM DRS score values range from 0% to 100% and are divided to buckets (0-20%, 20-40%, 40-60%, 60-80%, and 80-100%): the higher the score, the less the resource contention for a VM.

The Distributed Resource Scheduler in vSphere 7 can calculate utilization of resources every minute. In previous vSphere versions, the minimum checking interval was 5 minutes. Optimization of resources has become more granular.

VMware vMotion

VMware vMotion is used to provide VM migration between ESXi hosts without interrupting VM operation. VMware vSphere 7 vMotion enhancements lead to consuming less resources for live VM migration and reduce stun time. Using vMotion for large VM workloads such as VMs running Oracle databases becomes more convenient. Memory pre-copy optimizations with Loose Page Trace Install and Stop-based Page Trace Install methods improve the overall migration process. Page table granularity makes page tracing more efficient. Now there is almost no performance degrading for the workloads of VMs during live migrations.

Updated vCenter

The new vCenter can simplify management and operations with new VMware features. Now vCenter 7 cannot be installed on a Windows machine. VMware vCenter 7 can be deployed only as a virtual appliance (VCSA – vCenter Server Appliance) based on a Photon OS (a Linux-based operating system maintained by VMware). There is no more Flash-based vSphere Web Client. Only HTML5 vSphere Client that supports all features now can be used for vCenter management. You don’t need to install any additional plugins or add-ons in your web browser for using HTML5 vSphere Client. vCenter 7 can be deployed on an ESXi host 6.5 or 6.7. It is not possible to deploy vCenter 7 on ESXi 6.0. VMware vCenter 7 can manage the following versions of ESXi: ESXi 6.5, ESXi 6.7, and ESXi 7.0. Hosts running ESXi 6.0 cannot be managed by vCenter 7.

The Platform Service Controller is consolidated into vCenter Server 7.

Configuration maximums for vCenter 7 have been increased. vCenter 7 supports a higher number of VMs and ESXi hosts than vCenter 6.7:

  • In the standalone mode, vCenter 7 supports up to 2,500 ESXi hosts and 40,000 powered-on VMs (45,000 registered VMs).
  • In the linked mode, vCenter 7 supports 15 vCenters per SSO domain, 15,000 ESXi hosts and 150,000 powered-on VMs.

vCenter Server Profiles allows you to apply configuration for multiple vCenter servers and standardize configuration of vCenter servers.

vCenter Server Upgrade Planner is part of vCenter. It uses vSphere Lifecycle Manager to notify a system administrator about potential problems with updates.

Image-based backups of vCenter are not supported in vSphere 7.

VMware vSphere Lifecycle Manager

In vSphere 7, VMware Update Manager has been deprecated. vSphere Lifecycle Manager (VLCM) is provided as part of vCenter for managing lifecycle operations and configuration management in vSphere, such as installing updates, patches and upgrades, and applying ESXi host profiles. VLCM can also manage firmware updates for your platform. The update process can be automated. The Lifecycle Manager operates with images for installing or updating software for vSphere components. The image can contain elements such as versions of ESXi, vendor add-ons (patches, drivers), and components (sets of VIBs, payloads, bulletins).

ESXi Compatibility

The latest versions of guest operating systems are supported now in vSphere 7 including Windows Server 2019, Ubuntu 19, SUSE Linux 11.x, CentOS 8.x, Red Hat Enterprise Linux 8.x and others.

Virtual machines that have hardware version 4 (ESXi 3.x) and later can run on ESXi 7. VMs that have older hardware versions are not supported. The virtual machine hardware version 17 is available for ESXi 7 and is not available for older versions of ESXi.

Features of the VM hardware version 17:

  • A Virtual Watchdog Timer allows you to monitor a guest OS of VMs in a cluster and receive a notification if a guest OS or applications crash and are not responding.
  • Precision Time Protocol (PTP) provides a higher time accuracy and a precision clock device for VMs. Precise time is important for applications working with Active Directory, secure connections, scientific and financial applications, and so on. An ESXi host and a guest OS on a VM must be configured to use PTP.

Unlike vSphere 6.7, the following processor generations are not supported in vSphere 7:

  • Intel Family 6, Model = 2C (Westmere-EP)
  • Intel Family 6, Model = 2F (Westmere-EX)

You can check the VMware compatibility matrix to check whether your hardware is supported.

High Security Levels

Multifactor authentication. Password policies are good but multifactor authentication can increase the level of security. VMware vSphere 7 supports multifactor authentication (MFA) by using Identity Federation. vCenter can communicate with the enterprise identity provider to simplify the job for administrators. For example, you can use Active Directory Federation Services provided by Microsoft.

vSphere Trust Authority (vTA) is a new technology that creates its own management cluster. It works separately from other clusters and serve as the hardware root of trust. The vTA management cluster distributes encryption keys for the Key Management Servers (KMS). Virtual machines and virtual disks can be encrypted using trusted key providers.

VM Template Versioning and the Content Library

Template management has become more flexible with vSphere 7. You don’t need to perform manual operations such as convert a VM template to a VM or convert a VM to a VM template for editing as is the case in previous versions. Check-in and Check-out operations allow you to update VM templates when the templates are stored in the Content Library. Template versioning allows administrators to make changes quickly and to track template versions and history. You can check out to edit a template and then check in to create a new version of the template. Versioning also allows you to revert a VM template to a previous version if something goes wrong with a new VM template version.

Updated vSAN

VMware vSAN, which is used as an element to build a hyper-converged environment, was also updated in vSphere 7. The following are the improvements introduced in the latest version:

  • Simplified provisioning. Both block and file storage can be used.
  • NFS v.3 and v.4.1 are supported.
  • Native file services now can be used as persistent volumes for Kubernetes clusters.
  • A vSphere add-on for Kubernetes is enabled for vSAN and allows you to deploy containerized workloads on vSAN datastores.
  • Larger capacity devices are supported.
  • The requirement to use a thick provisioned disk for a shared disk with multi-writer flags was eliminated in vSAN 7.
  • Repair operations are started immediately after replacement of a vSAN Witness host.
  • In case of site failure, resilience of a VM and data is provided by redirecting Stretched Cluster I/O.
  • Improved reporting for memory optimization and VM storage usage.

No VNC Server

Some users prefer to use a VNC server to manage running VMs. A built-in VNC server is not available any more if you use vSphere 7. You can use VM Console or VMware Remote Console to manage VMs. You can connect to vCenter servers and ESXi hosts where your VMs are residing by using VMware Workstation for VM management. If you need to use VNC, you can install the VNC server on a guest OS of a virtual machine manually. TSL 1.0 and TSL 1.1 are disabled by default.

Licensing and Editions

Compared with vSphere 6.7, vSphere 7 has a different licensing model. VMware vSphere 7 is licensed on a per-processor basis. Each CPU installed on an ESXi server must have at least one license. One license can cover 32 physical cores of a processor. If a processor on your server has more than 32 cores, you need to assign an additional license. The number of virtual machines is not limited by a license.

There are two main editions of vSphere 7 available for customers – vSphere 7 Standard and vSphere 7 Enterprise Plus.

The main differences between these two editions are:

  • vSphere 7 Standard doesn’t support Kubernetes, distributed virtual switch, host profiles, limited clustering features, support of multiple vGPU per VM or accelerated graphics.
  • vSphere 7 Enterprise Plus provides the complete set of vSphere features.

VMware vSphere Hypervisor can be used for free just as for previous versions of ESXi (applicable for standalone ESXi hosts). Read the blog post about free ESXi to learn more.

When you install VMware ESXi 7 or vCenter 7, a 60-day free trial period is started and all features of the Enterprise Plus edition are available for 60 days.

VMware Essential Kits can be bought additionally to extend the functionality.

Kubernetes support is available in ESXi and vCenter, but you need to deploy VMware NSX to ensure networking capabilities for Kubernetes and SDDC Manager to orchestrate the software defined datacenter (SDDC). A combination of vSphere, NSX, and SDDC Manager is known as VMware Cloud Foundation.

VMware vSphere add-on for Kubernetes must be bought in addition to the vSphere Enterprise Plus license if you need to deploy Kubernetes in vSphere 7. This add-on is available as part of the VMware Cloud Foundation.

VMware vCenter Server editions for vSphere 7:

  • vCenter Server for Essentials – can manage up to 3 ESXi hosts
  • vCenter Server Foundation – can manage up to 4 ESXi hosts
  • vCenter Server Standard – can manage an unlimited number of ESXi hosts