I know many customers were waiting for the next release of VMware vSphere to realize the new capabilities and features. So there you go, Let’s check what’s new in vSphere 8!
VMware vSphere is the base solution on which most private cloud datacenters are running on. As VMware defines, vSphere 8 is the enterprise workload platform that brings the benefits of the cloud to on-premises workloads, supercharges performance through DPUs and GPUs, and accelerates innovation with an enterprise-ready integrated Kubernetes runtime.
In this post, I want to introduce the new and unique features that I found useful and interesting in vSphere 8.0!
I am thrilled to announce that I am starting a new position as a Senior Solution Engineer at VMware!
My name is Sadaf, I am originally Iranian, but I live in Sweden! I am a double VCIX, vExpert, and vSAN specialist with more than ten years of experience in Information Technology!
In this post, I want to share my journey with you, especially for women who want to start their career in IT but are hesitant because they are afraid of not being accepted or judged in this man-dominant field! I just forgot! Heh! I am also an expert at being judged and bullied but never get surrendered, thanks to my non-relevant bachelor’s! But you know what? I could do it, so can you!
I have studied Business Administration, but my path crossed with IT when I was on an internship about 12 years ago!
I was part of the sales engineering team responsible for helping customers get certified in the Information Security Management System(ISMS)/ISO 27001.
On Feb 10th, 2022, VMware released VCF 4.4 with a new set of features and of course new software components in the Bill of Material(BoM). This new release brings a lot of new enhancements around lifecycle management, security, and NVIDIA AI Enterprise suite capabilities for AI/ML workloads. Before going into the details of new features, let’s look at the VCF 4.4 BoM. VMware vSphere 7.0 U3c, vSAN U3c, and NSX-T 220.127.116.11 are included in this software packaging. Besides the base SDDC software base, VCF 4.4 supports vRealize Suite 8.6.2 and Workspace ONE Access 3.3.6. So as you might expect the software releases packaged with VCF 4.4 are pretty up to date and more importantly Apache log4j is updated to 2.16 or 2.17 which addresses Log4j vulnerability.
Now let’s look at the highlights of new features and capabilities on VMware Cloud Foundation 4.4
vSAN Stretched cluster introduced in vSAN 6.1 and it brings high availability in an active-active fashion. In this architecture, ESXi hosts would be placed in two different physical locations and join together with high bandwidth low latency networking. But from a management perspective despite hosts being in two different sites they belong to one single vSAN Cluster and share their resources. So this solution can be used in environments where disaster avoidance is a critical matter. Because it gives you the ability to avoid disaster, or recover from a disaster by having two different physical sites that host your applications. So you need to group the hosts based on their physical locations and put them in two different fault domains.
After a long wait, VMware finally announced NSX-T 3.2 on November 7th, 2021! There was a lot of buzz around this release for the past 2-3 months. In this article, we will look at the new features of this release. The new capabilities are grouped into three major areas; Security, Advanced Networking, and Simplified Operations, which I will list as the most significant enhancements in this article.
When we look at the new features and capabilities list, security enhancements are very bold. So let’s start with the security features and continue with networking and operations enhancements.
VMware vSAN is Software-Defined Storage(SDS) solution from VMware that is fully integrated into vSphere. To enable vSAN, we need to have a minimum of three ESXi hosts, and each host needs at least one cache disk and one capacity disk. The local disks of ESXi hosts should be formatted by VMFS. Since vSAN is a vSphere clustering feature, we should also have Center Server in place before start implementing it.
If you are a System Administrator or even a Solutions Architect, you might a face a challenge to build a vSAN Cluster with minimum ESXi servers without having a vCenter in place. In many green field environments, vCenter has not been installed and you want to keep ESXi’s disks intact and unformatted. In addition, there are some customers that want to build and manage vSAN Cluster in a separate vCenter and they do not have any additional ESXi host for vCenter deployment.
If you are using vRealize Suite’s solutions like vRealize Operation, vRealize Automation, or vRealize Log Insight, then vRealize Suite Lifecycle Manager(vRSLCM) comes in handy into day to day operations. This product automates the deployment, configuration, and upgrade of the vRealize Suite. If you plan to deploy any of vRealize products or even automate the Day 2 operations like certificate replacement, then vRSLCM is a go-to tool for your use case. It is also worth mentioning that some products like vRelaize Automation(vRA) use this solution as a built-in tool for the deployment process. It is recommended to deploy vRSLCM first and then deploy and other vRealize Suite products due to ease of installation and configuration orchestration. But if you already deployed any of the suite’s products, you can also add them into vRealize Suite Lifecycle Manager.
In this blog post and following video tutorial, I show you how to deploy vRealize Suite Lifecycle Manager with Easy Installer and lay the foundation for the rest of vRealize Suite products deployment. The license for this product is included in any edition of the vRealize Suite licensing package.
In the first part of NSX-T Distributed Firewall, I explained the importance of embracing NSX-T DFW. In this post, I review how you can create and apply firewall rules to implement Micro-segmentation. To create firewall rules, first you need to define a Policy section which basically contains one or more firewall rules. A policy in NSX-T DFW can be defined as stateful or stateless. In the case of being stateless, you need to define the rules in both directions. Otherwise, the reverse traffic is not allowed to pass. On the other hand, in the default stateful mode, when you define a rule it will apply bidirectionally.
Then you need to define the rules under the policy section which evaluates the criteria of a traffic flow. DFW rules determine whether the traffic should pass or get dropped based on the protocol and ports.
Before jumping to NSX-T Distributed Firewall (DFW) concept and rule creation, I want to point out why this solution is important and what security issues can be addressed by using this powerful solution. Building a zero trust model security has been the biggest concern of network and security teams. In traditional data centers, high-level segmentation is built, which could help to prevent various types of the workload from communicating. But the main challenge of the legacy security model is data centers facing a lack of lateral prevention communication system between workloads within a tier. In other words, traffic can traverse freely inside a network segment and access the crucial information until it reaches the physical firewall to get dropped. In addition, implementing different layers of security and firewalls would cause complexity and cost.
NSX-T Distributed Firewall (DFW) is a hypervisor kernel-based firewall that monitors all the East-West traffic and could be applied to individual workloads like VM and enforce zero-Trust security model. Micro-segmentation logically divides department or set of applications into security segments and distribute firewalls to each VM.
After upgrading to vCenter 7 Update 1 , when I tried to browse vCenter HTML5 UI, I faced “no healthy upstream” error. I could access to vCenter Management Interface (VAMI) https://vCenter-IPaddress:5480 without any issues. I could also connect to vCenter Server through SSH but I realized couple of vCenter Server services could not start.