What’s New in vSphere 7
By Michael Westerfield, Enterprise Architect
Last month, with as much fanfare as possible considering the pandemic, VMware released the latest version of its flagship virtualization suite, vSphere 7.
As an aside, VMware dropped support of 6.0 on Mar 12th of this year. So, if you are still running vSphere 6.0 in your environment then you should upgrade as soon as possible. Support for vSphere 6.5 will not end until late in 2021 so if you’re environment is currently on 6.5 you’ve got some time to plan and upgrade your environment.
So what’s new?
Unlike versions past, there’s been very few increases in the configuration maximums in vSphere. You can now have 2500 hosts per vCenter as opposed to 2000 in 6.7, 40K powered on VMs vs. 25K in 6.7, and 45K registered VMs vs. 35K in 6.7. There’s a few more minor maximums increases, but for the most part environments haven’t been constrained by the configuration maximums in quite some time. This release is more about new features and capabilities. This article intends to provide the TLDR (Too Long Didn’t Read) synopsis of a lot of the different blog articles out there, allowing you to delve deeper into the features/improvements that interest you the most.
Kubernetes in vSphere
The biggest new feature is the adoption of “Project Pacific” into the main product. Project Pacific was VMware’s project to integrate the Kubernetes platform with vSphere. This will allow you to run your containerized workloads directly on vSphere without having to maintain separate hosts. It also includes a new interface for managing containerized workloads.
This integration provides a more application-centric focus for vSphere. Below is a screen shot of the interface showing one of the demo containerized apps.
You can find more info here and here.
Improved DRS (Distributed Resource Scheduling)
VMware has completely rewritten the logic behind how DRS (Distributed Resource Scheduling) works. The old DRS took a cluster wide approach to determining if the cluster was balanced. This led to workloads being moved for no other reason than to keep workloads “even” across the cluster. This caused a lot of vMotion tasks which provided very little gain. The new DRS looks at what each workload needs to keep it “happy” and moves a VM if it finds a host that will make it “happier.”
What makes a workload happier? Mostly happiness is decided by things surrounding resource contention (i.e. memory, I/O, CPU, etc.). If vSphere can reduce contention by moving a workload to a host, then it will go ahead move that workload.
One of the new features within DRS is “Assignable Hardware.” Assignable Hardware allows VMs configured with DirectPath I/O to take advantage of HA and DRS. (Oh, and DirectPath I/O has been renamed Dynamic DirectPath I/O.) While this new feature doesn’t provide full vMotion capability, it does allow for flexible initial placement of VMs on powerup.
Another new feature is scalable shares. Scalable shares allow administrators to assign dynamic and relative entitlements to resource pools which can prevent past issues where resource pools did not get their intended priority.
You can find more info here.
vSphere Lifecycle Manager (new/improved Update Manager and Host profiles)
vSphere Lifecycle Manager replaces vSphere Update Manager (VUM) and combines host profile management and update management into one interface. The ultimate goals are reducing variability between hosts and providing a better/easier upgrade experience.
You can find more info here.
Improved vMotion
Improvements in vMotion with vSphere 7 have reduced the performance impact and the stun time. VMware has made a lot of changes and improvements into the underlying mechanism of vMotion operations, while retaining the same level of data integrity.
You can find more info here.
Improved Security brings MFA to vSphere
With the industry-wide focus on security, VMware now has MFA and 2FA baked in with support for MS Active Directory Federation Services (ADFS) and other identity providers are supported as well. If you enable vSphere’s Identity Federation, it takes the place of the traditional AD, LDAP, and Integrated Windows Auth we’ve used in the past. However, it does not take the place of vSphere SSO.
You can find more info here.
Improved Certificate Management
Solution certificates have been deprecated and replaced by a less complex method of connecting other products.
There are now 4 modes for managing certificates in vSphere
- Fully Managed Mode
- Hybrid Mode
- Subordinate VA Mode
- Full Custom Mode
Also, REST APIs now exist for handling vCenter Server Certificates
You can find more info here.
Improved Content Library
Improves the template management system allowing for the checking-in/checking-out of templates preventing administrator from attempting to use a template while it is undergoing maintenance/updates. There are also capabilities for versioning and for some advanced settings which were not present in earlier versions.
You can find more info here.
New VM Hardware version (17)
There are lots of changes with VM hardware version 17. We’ll cover some of the major ones in more detail below.
Precision Clock for PTP support
Time Keeping and Synchronization has always been a critical and sometimes tricky thing within vSphere environments. With the CPU scheduler constantly pausing VMs, time clocks will skew. vSphere 7 introduces a precision clock device to improve time synch in a virtualized environment which supports the PTP protocol. The PTP protocol is able to keep time sync’d to the sub microsecond range, suitable for even measurement and control systems
You can find more info here.
vSGX
vSphere implements Intel’s SGX (Software Guard Extension) that allows an application to coordinate with the CPU to keep secrets from the Guest OS and Hypervisor. Currently there aren’t a lot of Intel CPU’s supporting this, and the ones that do are only single socket. AMD has a different feature called SEV (Secured Encrypted Virtualization) that does the same thing but hasn’t been adopted by VMware yet.
Note however, when SGX is enabled, virtual machines cannot take benefits of the below features:
- vMotion
- Fault Tolerance
- Suspending
- Snapshot
- Guest Integrity
You can find more info here.
Virtual Watchdog to Monitor Clustered Applications
The Virtual Watchdog Timer helps vSphere know if the app or OS within a VM has crashed. It does this by creating a timer within the OS that must be reset. If that timer does not get reset within the stated time, then vSphere will reboot the VM. This is especially helpful for databases and for clustered applications.
You can find more info here.
Some Other Things to Note
In addition to the improvements listed above, vSphere 7 also:
- Drops support of external PSCs or vCenter for Windows
- Provides easier migrations from External PSCs and vCenter for Windows
- Adds support for multiple NICs in VCSA
- Updates CLI tools
- Delivers an improved developer Center
How Can Dasher Help?
With vSphere 6.0 already reaching end of support, many clients are moving to vSphere 6.5, 6.7, or 7.0. Deciding which version is best for your organization and planning a non-disruptive upgrade can be a daunting task. For example, upgrading vSphere may require new hardware, upgrades to backup software, updates to data replication and business continuity plans, etc. In addition, some existing software tools (like backup software) may not yet support vSphere 7. Dasher helps clients to identify these requirements and limitations and to plan and implement these upgrades.
Please email [email protected] if you would like to learn more.
This post is powered by Mix Digital Marketing