vExpert 2020

The list of 2020 vExperts has been announced. All of the new and returning vExperts have demonstrated significant contributions to the community and a willingness to share their expertise with others. Contributing is not always blogging or Twitter as there are many VMUG leaders, public speakers, book authors, script writers, VCDX, VMTN community moderators and internal champions among this group.

“The annual VMware vExpert title is given to individuals who have significantly contributed to the community of VMware users over the past year.

The title is awarded to individuals (not employers) for their commitment to sharing their knowledge and passion for VMware technology above and beyond their job requirements.

You can visit https://vexpert.vmware.com/directory to see the list and profile of each vExpert.

I’m pleased and honoured to be awarded as vExpert this year and for being part of the vExpert program going forward.

It’s valuable to me and will be a great motivation for me to keep up giving back to the community.

Congratulations to all vExperts!

VMware Cloud on AWS is now available with two hosts deployment; starting from 33% cheaper

When VMware Cloud on Amazon AWS was introduced three years ago it required minimum of 4 hosts to be provisioned in production clusters. Then the requirement reduced to three hosts a bit later. They have now dropped one more host and the minimum requirements is two hosts now.

A few days ago VMware and Amazon AWS announced new upgrades in VMCA. Here are the key changes:

  • The minimum requirements for production cluster deployment reduced to 2 hosts. So the entry deployment cost is basically dropped by 33% that will attract small business.
  • Storage optimized AWS EC2 (I3en) instances are now available on VMCA for data-intensive with high random I/O workload such as Rational Database

While talking about VMware Cloud on AWS upgrades, I though it might be good to add basic information about VMware Cloud on Amazon AWS here:

  • VMware Cloud on AWS is basically VMware SDDC solution which is based on VMware Cloud Foundation platform with optimized access to native AWS services. VMCA run on elastic and dedicated hosts on Amazon AWS infrastructure
  • VMCA is currently available in 16 AWS regions. AWS is planning to expand the availability of VMCA to 21 regions by the end of the year
  • VMCA is a cloud choice for easily migrating VMs between on-premise VMware platform and cloud managed VMware SDDC platform that also provides integration to AWS services
  • VMware Cloud on AWS can be purchased either directly from AWS or APN partners
  • You can use your existing Windows Server licenses in VMCA. Consult your Microsoft product terms for any restrictions.
  • Each host is equivalent to an Amazon EC2 I3.metal instance (2 sockets with 18 cores per socket, 512 GiB RAM, and 15.2 TB Raw SSD storage).
  • Productions Clusters can have minimum 2 and maximum 16 ESXi hosts
  • Single host SDDC starter is a 30-days plan that can to reduce costs for proof of concepts
  • VMs can be moved (cold migrate) from on-premise DC with minimum version of vSphere 6.0 to VMCA
  • Hybric Link Mode is supported with vSphere 6.5 or later
  • Live migration can be done using vMotion or leveraging VMware Hyper Cloud Extension (HCX)

Support for NSX-T in VMware Skyline 2.5

A good news for NSX-T users. VMware announced VMware Skyline Collector 2.5 and Advisor releases with support for NSX-T and new Findings & Recommendations.

Skyline now supports NSX-T 2.5 and above that means you can connect your NSX-T endpoints to your collectors and then Skyline will discover your NSX-T proactive Findings and Recommendations within Advisor. Just bear in mind that it may take 24-48 hours for these new findings to appear within Skyline Advisor.

The other handy feature is the ability to automatically upload NSX-T tech support log bundle to VMware technical support for NSX-T using Log Assist that will save a lot of time for operation support teams for dealing with technical support cases for NSX-T.

There are new Findings and Recommendations:

  • NSX-T Findings that picks up deployments issues within your NSX-T
  • VMware Security Advisories has new security advisories added to inform you about potential vulnerabilities to be vigilant about security risks

If you have the Auto Upgrade feature enabled in your Skyline Collector, your Collectors will update automatically. Otherwise you can download the new version from the Collector VAMI. Note, The Skyline Collector must be able to receive update notifications from vapp-updates.vmware.com.

vSphere 6.7 General Support Extended

Previously the general support for vSphere 6.5 and 6.7 was full 5 years since the official release of vSphere 6.5 as 15 November 2021.

Earlier this month VMware has announced extension for General Support of vSphere 6.7. That means the general support for vSphere 6.5 remains as 15 November 20201 while it’s now extended to 15 October 2022 for vSphere 6.7.

This will allow the VMware customers to be able to keep their vSphere platforms in support while preparing for upgrading to vSphere 7.

VMware provides bug and security fixes, patches, upgrades and high priority (P1) technical support for customers on active general support.

Below is the End of General Support (EoGS) availability for vSphere

ProductGeneral AvailabilityEnd of General SupportEnd of Technical Guidance
vSphere 6.012 Mar 201512 Mar 202012 Mar 2022
vSphere 6.515 Nov 201615 Nov 202115 Nov 2023
vSphere 6.717 Apr 201815 Oct 202215 Nov 2023
vSphere 7.002 Apr 202002 Apr 202502 Apr 2027
vSphere Lifecycle Matrix

You might still get technical advice from VMware before EoTG if you have an active VMware support even if your vSphere version is out of general support. However you won’t be able to log high priority P1 tickets with VMware after EoGS.

In terms of licensing, there is no requirement for upgrading license keys if you are upgrading from 6.0 to 6.5 or 6.7 as they are all vSphere version 6.x. But if you are planning to upgrade to vSphere 7.0, the vSphere 6.x licenses won’t work on upgraded products and you will need to assign new Licenses.

I you have an active subscription and support with VMware then you can easily upgrade you vSphere licenses via myVMware portal. Otherwise check out the below link and check your license upgrade eligibility with VMware.

https://www.vmware.com/products/vsphere/upgrade-center.html#licensing

Oracle Linux Virtualization Manager (OLVM)

Oracle Linux Virtualization Manager (OLVM) is replacing OVM Manager and the hypervisor of choice for Oracle is now Kernel based Virtulization (KVM) instead of XEN.

OLVM is a capable virtualization solution especially for super high capacity servers. For instance the current version supports 12TB of memory which is great capability coparing to maximum of 6TB memory support in latest and the greatest ESXi 7.0 flagship hypervisor. Probably the most common use case for OLV would be Oracle DB systems as it provides amazing performance for that kind of workload.

Here are the key features:

  • High performance and scalability: Low-overhead architecture with the KVM hypervisor provides scalable performance under increasing workloads. Supports servers with up to 2048 logical CPUs and 64 TB of memory to accommodate the most demanding enterprise and cloud applications.
  • Broad guest operating system support: Oracle Linux, Red Hat Enterprise Linux, CentOS, and Microsoft Windows.
  • Modern Linux kernel: Oracle Unbreakable Enterprise Kernel (UEK) Release 5 offers high performance and streamlined partner certifications. Server certification includes support for Oracle Linux and Oracle Linux KVM.

All the key functionalities of OVM are available in OLVM including:

  • Live Migration (host and storage)
  • VM High Availability (HA)
  • Policies (DRS, DPM, Anti-Affinity)
  • Rest API
  • Templates (ovf/ova support)
  • Enterprise Manager Integration

And the below functionalities also been added in 4.2.8 release:

  • VM Snapshots
  • RBAC

Below table is a side by side comparison of key features of OVM vs. OLV (KVM) hypervisors:

If you do have Oracle VM virtualization environment in production you will need to plan for migrating to the new Oracle Linux Virtualization as Oracle has extended support for OVM until March 2021.

If you are running OVM version 3.4 then you can use the semi-automatic migration solution for migrating virtual machines from OVM to OLV that requires OVLM 4.3 or higher at the destination platform.

Oracle Documentation for migrating VMs from OVM to OLV

Oracle Linux Virtualization Requirements:

The Oracle Linux Virtualization Manager (OVLM) and Oracle Linux KVM (Hypervisors) have same software (OS) requirements as the below:

Oracle Linux 7 Update 7

Select Minimal Install as the base environment for the installation.

Unbreakable Enterprise Kernel Release 5 Update 1 or later

The following are the minimum system requirements for Oracle Linux Virtualization Manager hosts:
• 64-bit dual-core CPU – Recommended: 64-bit quad core or greater CPU
• 4 GB RAM – Recommended: 16 GB or greater
• 1 network interface card (NIC) – at least 1 Gbps – Recommended: 2 or more NICs
• 25 GB local writable hard disk – Recommended: 50 GB or greater

The following are the minimum system requirements for Oracle Linux KVM hosts.
• 64-bit dual-core with the Intel VT-x or the AMD AMD-V – Recommended: Multiple CPUs
The CPUs must also support the No eXecute flag (NX)
• 2 GB RAM – Maximum Tested: 12 TB
• 1 network interface card (NIC) – 1Gbps – Recommended: 2 or more NICs
• 60 GB of locally accessibly, writable disk space dedicated to Oracle Linux Virtualization Manager

VMware NSX-T 3.0 released

VMware announced NSX-t 3.0 General Availability a few days ago and it’s now available for download in VMware’s portal.

NSX-T 3.0 is a major upgrade from 2.5.1 and has plenty of new features, improvements as well as bug fixes.

I have summarized some of the important features and improvements of the new NSX-T 3.0 in this post and I hope you will find it informative.

Here are the new features:

NSX Federation

  • NSX Federation is the ability to manage, control and synchronize multiple NSX-T deployments over different locations in on-prem, AWS, Azure and Public Clouds.
  • Global Manager is the key component of NSX Federation which provides GUI and REST API endpoint and makes you able to configure consistent security policies across multiple locations and stretched networking objects such as Tier-0 and Tier-1 gateways and segments through a single pane of glass.
  • In the below Youtube video, Dimitri Desmidt explains NSX-T Federation in details as part of Tech Filed day 21VMware Demo and Preview program.
  • Security policies attach to the workload which means the policies move with the workload during failover or migration between environments. This takes care of full network and security fail-over along with SRM VM fail-over which simplifies DR as the network entities would be created once and the segments stretched across between locations. So in event of a disaster the workload can be fully failed-over to the recovery location with all the security policies in place.

Comprehensive Treat protection (Distributed IDS/IPS)

  • NSX Distributed Firewall (DFW) now supports Windows 2016 physical servers in addition to Linux physical servers.
  • New Firewall configuration wizard that simplifies rule creation specially for VLAN backed micro-segmentation
  • Distributed IDS/IPS, Micro-Segmentation for Windows Physical Servers, Time-based Firewall Rules, and a feature preview of URL Analysis for URL Classification and Reputation.
  • The intrusion detection and prevention capabilities can now be enabled within the hypervisor to detect vulnerable network traffic on a per VM or even more granular on per vNIC of a VM basis with granular context based rule inspection which NSX Manager easily downloads and keeps the threat signature pack updated.
  • IDS/IPS can be enabled within Hypervisor to detect vulnerable network traffic on a per VM or even more granlar on per vNIC of a VM
  • Threat detection in NSX IDS is much more efficient comparing to traditional IDS due to its context based inspection mechanism, so you can assign relevant signatures to a VM based on the running serives i.e. Linux or Wondows

NSX-T networking and security for vSphere with Kubernetes

  • Supports full stack netwrking and security for vSphere with Kubernetes including key networking functions: Switching, Distributed routing (T0/T1), Distributed Firewalling, load balancing, Distributed LB, NAT and IPAM and network identity lifecycle.
  • Watch the below Youtube vidoe from Vinay Reddy that explains the networking and security capabilities of NSX-T in vSphere with Kubernetes:
NSX-T for vSphere Kubernetes by Vinay Reddy
  • Integration with VMware Tanzu Kubernetes Grid Service
  • L2-7 container networking services to non-VMware Kubernetes platforms

Telco cloud enhancements

  • Multi tenancy enhancement and support by adding VRF Lite and Overlay EVPN
  • VRF Lite support provides multi-tenant data plane isolation through Virtual Routing Forwarding (VRF) in Tier-0 gateway
  • L3 EVPN support provides northbound connectivity Telco VNFs to the Overlay networks and maintains the isolation on the dataplane by using one VNI per VRF
  • Multicast routing for scalable networking and accelerated data plane performance. Multicast replication is only supported on T0. According to VMware, T1 will be supported in future releases.
  • NAT64 which provides stateful NAT from IPv6 to IPv4
  • East-West service chaining for NFV is the ability to chain multiple services for edge traffic that can now also be extended to redirect edge traffic.
  • IPv6 support for containers

Some other new features

Converged VDS 7.0

  • NSX-T now supports VDS and you can deploy NSX-T on the existing VDS 7.0 with no VM network disruption which makes deployments much easier in brown fields.

Support for vRNI 5.2

  • “In addition to NSX, VMware also rolled out VMware vRealize Network Insight 5.2, the company’s network visibility and analytics software. The new software features machine learning support for Flow Based Application Discovery will automatically group VMs into applications and tiers for a better understanding of what is occurring on the infrastructure,” VMware stated.
  • “vRealize Network Insight 5.2 has new end-to-end visibility of the network path from VM through to VMware Cloud on AWS including the AWS Direct Connect section. For VMware SD-WAN users, there will be additional visibility into SD-WAN application and business policy support,” VMware stated.
  • I review vRNI 5.2 new features and improvements in another post later on.

Automation, OpenStack and other CMP

  • Search API: Exposes NSX-T Search capabilities (already available in UI) through API
  • Terraform Provider for NSX-T – Declarative API support: Provides infrastructure-as-code by covering a wider range of constructs from networking (T0/T1 Gateway, segments), security (centralized and distributed firewall, groups) and services (load balancer, NAT, DHCP).
  • Enhanced Ansible Module for NSX-T support for Upgrade (in addition to install) and Logical object support.
  • OpenStack Integration Improvements: extended IPv6, VPNaaS support and vRF lite support

User interface improvements

  • Brand new Alarms dashboard and Network Topology Visualizations: Provides an interactive network topology diagram of Tier 0 Gateways, Tier 1 Gateways, Segments, and connected workloads (VMs, Containers), with the ability to export to PDF.
  • New Getting Started Wizards: A new getting started wizard is introduced for preparing clusters for VLAN Micro-Segmentation in three easy steps.
  • Quick Access to Actions and Alarms from Search Results: Enhanced search results page to include quick access to relevant actions and alarms. Added more search criteria across Networking, Security, Inventory, and System objects.
  • User Interface Preferences for NSX Policy versus Manager Modes: You can switch between NSX Policy mode and NSX Manager mode within the user interface, as well as control the default display. By default, new installations display the UI in NSX Policy mode, and the UI Mode switcher is hidden. Environments that contain objects created through NSX Manager mode (such as from NSX upgrades or cloud management platforms) by default display the UI Mode switcher in the top right-hand corner of the UI.
  • UI Design Improvements for System Appliances Overview: Improved UI design layout for displaying resource activity and operational status of NSX system appliances.
  • Security Dashboards: NSX-T 3.0 introduces new Security Overview Dashboards for security and firewall admins to see at-a-glance the current operational state of firewall and distributed IDS.
  • Security wizards for VLAN-based Micro-Segmentation: You can configure your data centers to introduce segmentation using NSX-T in very easy steps.
  • Container Inventory & Monitoring in User Interface: Container cluster, Namespace, Network Policy, Pod level inventory can be visualized in the NSX-T User Interface. Visibility is also provided into co-relation of Container/K8 objects to NSX-T logical objects.
  • NCP Component Health Monitoring: The NSX Container Plugin and related component health information like NCP Status, NSX Node Agent Status, NSX Hyperbus Agent Status can be monitored using the NSX Manager UI/API.
  • Physical Servers Listing: NSX-T adds UI support for listing physical servers.

Wrap-up

As I mentioned before this release is a major upgrade for VMware NSX solution and I believe it’s moving in right direction. Combination of NSX-T and SDWAN would be a tempting solution for Telco service providers as Telco is adopting virtualization more than ever and network virtualization plays a key role in that transformation.

Here is the “What’s new at a glance” slide for a quick review of new features but more details can be found in the release notes of the product:

If you are keen to deep dive into NSX-T 3.0 details I would suggest you to check out NSX-T 3.0 release notes and then enroll in the VMware Hands-On-Lab NSX-T sessions and do some practice in a very well built lab environment and then download the product and build your own sandbox and check the new features practically.

Credits

Release notes:
https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/rn/VMware-NSX-T-Data-Center-30-Release-Notes.html

Downlaod

https://my.vmware.com/en/web/vmware/info/slug/networking_security/vmware_nsx_t_data_center/3_x

I hope you find this post useful and thank you for reading!

Disclaimer

The material and information contained on this article and my blog are for general information purposes only. You should not rely upon the information on this article as a basis for making any business, legal or any other decisions. Whilst I try to keep the information up to date and correct, I will not be liable for any false, inaccurate, inappropriate or incomplete information presented in this article. I would advise you to check with VMware as a reference in order to make any decision.