vSphere 7 – What’s New?

      1 Comment on vSphere 7 – What’s New?

vSphere 7Today VMware is announcing the long awaited release of vSphere 7.  There was a lot of talk about it at VMworld 2019.  It was mentioned in various sessions but there were no official announcements.  It only took a few more months of waiting!  The official announcement is today, March 10th, 2020 with a release date sometime in April I’ve been told.  With vSphere 6.0 going End of General Support this week the new version can’t come soon enough.

Due to my recently renewed vExpert status, I was lucky enough to sit on several NDA briefings over the last two weeks.  The first of which I’ll be talking about here, was focused on Compute.  That basically encompasses the base vSphere products of ESXi and vCenter and the new features and capabilities in vSphere 7.  Let’s dig in and see what this is all about!

vSphere 7 – What’s New?

This release is kind of a sleeper.  Initially there’s not anything on the new features list that stands out and just melts your mind.  At first glance you might even be a little underwhelmed.  I know I was at first but let me set this straight right here.  There are actually some big changes and some very big reasons you might want to adopt early.  Let’s look at a high level what’s new and then I’ll detail many of them later in the article.

  • vCenter Server Scalability Enhancements
  • vCenter Server Profiles
  • vCenter Server Multi-Homing
  • vCenter Server CLI Tools
  • vCenter Server PNID Change
  • vCenter Server Improved Backup & Restore, DB Health Check & APIs
  • vCenter Server Dynamic DNS Client (DDNS)
  • Content Library – VM Template Check In/Check Out
  • Content Library – VM Template Versioning
  • Content Library – Advanced Configuration & Optimization
  • Migration & Upgrade – External Platform Services Controller – REMOVED
  • Migration & Upgrade – Windows vCenter to VCSA
  • Migration & Upgrade – Convergence of external PSCs
  • vCenter Server Converge Tool – REMOVED
  • vCenter Server Update Planner
  • vSphere Lifecycle Manager integration
  • vSphere Stats
  • ESXi REST API
  • ESXi System Storage Next
  • NVMe-oF Support for RDMA and Fibre Channel
  • Multipathing for NVMe-oF supports multiple paths with HPP (High Performance Plugin)
  • Shared Virtual Disk support for MSCS
  • PVRDMA Support
  • iSER VVol v1.1 Support
  • New & Improved DRS
  • Assignable Hardware
  • vMotion Improvements
  • Enhanced vMotion Compatibility
  • VM Hardware 17 – Virtual Watchdog Timer
  • VM Hardware 17 – Precision Time Protocol
  • vSGX / Secure Enclaves
  • Simplified Certificate Management
  • Certificate API
  • vSphere Trust Authority
  • Identity Federation
  • VM Encryption Enhancements – Cloning & Migration
  • VM Encryption API
  • IPSec Using VMKCrypto for IPv4 & IPv6 traffic
  • Code Capture Enhancements
  • Instant Clone Guest Customization – Linux Only
  • Selective Latency Sensitivity
  • NSX-T integration with vDS/DVS
  • Single API Gateway

So, that’s a pretty exhaustive list but there’s still a lot of other features and enhancements not even listed.  That said, I’m not going to talk about many of the new things listed above at all.  This article would be way too long for the casual reader and it’s already going to be a long read.  I’m going to stick to the items in bold for now and I know VMware is going to be posting a huge amount of content over the new few weeks to get deep in the weeds on many of these things.

vSphere 7

You may notice something on the slide above that I didn’t list and haven’t talked about.  vSphere with Kubernetes is an entirely new architecture for deploying Kubernetes on vSphere.  It’s integrated with VMware Cloud Foundation and has some big requirements for deployment.  This is not vSphere Integrated Containers. You’re probably going to see a ton of stuff over the next few weeks about VMware Tanzu and Project Pacific.  I’m going to come back to these topics in a later article because frankly I don’t know enough about either yet to speak coherently.  Many of the new updates for Kubernetes I just didn’t register because I haven’t had time to learn enough about it.  I’ll circle back around to this if I can get some time to deploy them in my lab.

Moving on!

vCenter Server Scalability Enhancements

First up for vSphere 7 is the vCenter scalability maximums have increased a bit.  Minor changes to the number of hosts and VM’s but look at the Linked Mode enhancements there!

vSphere 7

vCenter Server Profiles

vCenter Server Profiles are a way to provide a consistent configuration across multiple vCenters across multiple datacenters.  Similar to Host Profiles but without all the difficulty and vCenter Server Profiles are only applicable to the vCenters.vSphere 7For now it looks like this is a REST API only feature.  The first of many in vSphere 7.  You export using the REST API in JSON format and validate other vCenters against the vCenter Server Profile.  It will return a status and you can import the settings on the vCenter to apply consistent configuration as needed.vSphere 7

vCenter Server Multi-Homing

This is one I know people have been asking for.  You can now multi-home the network of a vCenter Server Appliance (VCSA).   You can add up to 4 NIC’s and split them between multiple management or backup networks as needed.  Very cool!

vSphere 7

vCenter Server CLI Tools

Through the vCenter Server CLI (CMSSO-UTIL) tool you now only have two options, unregister and domain-repoint.  You don’t need the register option any more because external PSCs are gone in this release.  It’s going to be so much easier moving forward with just one vCenter VCSA.

vSphere 7

vCenter Server PNID Change

You can change the PNID (Primary Network ID) of the vCenter VCSA now.  Ok you may be saying something about “wait a minute this was available in vSphere 6.7 U3” and you would be right!  This feature was slipped into vSphere 6.7 U3 but because it was originally meant for vSphere 7 and because it’s little known I wanted to bring some attention to it.

vSphere 7

Content Library – VM Template Check In/Check Out

Yet another very good reason I need to start using Content Library.  With vSphere 7 you can now use a Check-In/Check-out process to allow editing of templates right out of the Content Library.

vSphere 7

Content Library – VM Template Versioning

The Content Library now keeps track of the different versions of your templates.  It also allows you to revert to those other versions as needed.  If you’re working with Templates this is a huge reason to use Content Library to manage them.

vSphere 7

Content Library – Advanced Configuration & Optimization

Last up for Content Library, you can now configure Advanced Configuration and Performance Optimization settings to fine tune Content Library for your environment.  You can more easily control how frequently it synchronizes with other Content Libraries and you can govern how much bandwidth it uses.

vSphere 7

Migration & Upgrade – External Platform Services Controller – REMOVED

If you’ve been wishing the Platform Services Controller would go away well guess what!  It’s gone!  You no longer have to figure out a possibly complex architecture or use resources unnecessarily.  vCenter and all services and components now lives in a single VM appliance a.k.a. the VCSA.

vSphere 7

Migration & Upgrade – Windows vCenter to VCSA – Convergence of external PSCs

Oh you thought that the PSC being gone was good?  Well now you don’t have to worry about managing and updating a Windows server anymore or having to deal with licensing or MS SQL databases.  vCenter on Windows OS is done.  It’s no longer supported and it’s not even an option on vSphere 7.  In fact the vSphere 7 deployment will migrate from a Windows based vCenter to the VCSA and it will converge any external PSCs automatically.  They’re really making the upgrade and migration process way more simplified.

vSphere 7

vCenter Server Converge Tool – REMOVED

The vCenter Server Converge Tool is gone too.  It’s all built into and forced through the Migration and Upgrade process on the vSphere 7 VCSA deployment.

vSphere 7

vCenter Server Update Planner

How many times have you upgraded to a new version and during or after the upgrade you realized you should have checked the Interoperability Matrix or the Compatibility Guide?   vCenter Server Update Planner is supposed to help there and take on that work for you by validating you are safe to upgrade.vSphere 7You can run Pre-Update Checks to show if there are any issues in your vCenter infrastructure that would block the uprgade.

vSphere 7

You can also run Interoperability Checks to see how the upgrade may work against different components in your vSphere environment.  The one notable component that’s not on that list and is not currently supported for this is VMware Horizon View and it’s ancillary applications.  Sorry you’ll still have to check their interoperability manually.

vSphere 7

vSphere Lifecycle Manager integration

From what I gathered in the session I was in, it sounds like vSphere Lifecycle Manager is now fully baked into vCenter 7.  This is pretty awesome because you can combine all the firmware, drivers, software and ESXi images for a host into what’s called a Cluster Image.

vSphere 7Then you apply the Cluster Image to all the hosts in your cluster which keeps all of them updated to the same level and identical.

vSphere 7

Not only does this keep ESXi at the same manageable versions but all the drivers as well as firmware on the hosts and it integrates with HPE OneView and Dell OpenManage.  This is powerful stuff to keep things upgraded to supported levels.

vSphere 7

vSphere Stats

vSphere Stats is a new mechanism to redirect statistics and analytic data from your vCenter environment to a separate PostgreSQL database and detaches the data collection from the VPXD.vSphere 7vSphere Stats opens up a whole new avenue of data collection for your vSphere environment through added APIs, counters and your ESXi hosts.

vSphere 7

ESXi System Storage Next

Ok this one is a lot to take in so I’m going to sum it up first and then detail it.  The ESXi System Storage layout is getting greatly simplified.  To understand how let’s look at the existing ESXi System Storage layout.

vSphere 7There are many problems with the existing ESXi System Storage layout.  Because the size is inflexible and hard-coded it limits what is possible from an administrative and troubleshooting or debugging perspective.

vSphere 7The ESXi System Storage Next layout is flexible and dynamic.  It has only four partitions.  The VMFS Datastore is optionally created depending on the size of disk ESXi is installed on.  The system boot contains the bootloader and the boot banks contain the current and possibly previous hypervisor versions.  The ESX-OSData partition is new and split into two parts.  RAM’ish data is frequently written data like logs, VMFS global traces, VSAN traces and live databases.  ROM’ish data is infrequently written data like VMware Tools ISOs, configuration and core dumps.

vSphere 7

It will dynamically size some of the partitions based on the target media size as indicated by the chart below.  Notice the VMFS datastore doesn’t get created at all unless the target media is larger than 128GB in size.

vSphere 7The file system is broken down slightly differently as well on ESXi System Storage Next.

vSphere 7

New & Improved DRS

Distributed Resource Scheduler (DRS) is changing in a big way and for the better.  The original DRS implementation was cluster centric and based the decision to move a workload somewhat arbitrarily by how much resources were being utilized across the cluster.  The vSphere 7 DRS algorithm is workload centric and bases the decision to move a VM by looking at the actual workload inside the VM and validating that the workload would run better on another resource.

vSphere 7The VM DRS Score is calculated by several workload specific factors on a VM and it determines by using the actual VM workload if it would run more efficiently on another host.

vSphere 7

Assignable Hardware

vSphere 7 now allows you to assign hardware that you used to be locked to a specific host for.  NVIDIA vGPU and Dynamic DirectPath I/O devices can now be set on a VM and are fully supported across the cluster with DRS and HA.

vSphere 7It does require VM Hardware version 17 but it will automatically place the VM using available resources in the cluster.
vSphere 7

vMotion Improvements

I can’t tell you how many customers I’ve talked with with large or heavy hitter VM’s that they’re afraid to even vMotion.  Normally the process is painless and without impact but with larger and heavy utilized VM’s the process can trash applications completely.  vMotion requires the VM to be stunned briefly while it finishes moving the VM vCPU and Memory footprint over to another physical host.  Today the vMotion process installs Page Tracers on all vCPUs to monitor changed memory pages.  Leveraging all vCPUs on a monster VM consumes a ton of resources unnecessarily.

vSphere 7vSphere 7 installs the Page Tracer on just one vCPU which reduces the impact and resource utilization.

vSphere 7vSphere 7 also makes changes to the way the memory bitmap is transferred during the switch-over phase.  Previously the entire bitmap was copied, but now it’s only transferring the compacted bitmap which takes significantly less time.

vSphere 7

The combined changes will reduce the load a vMotion causes on a VM and speed up the time it takes to stun a VM during the process which should reduce the impact on larger VM’s and make it actually work as intended again.

vSphere 7

Enhanced vMotion Compatibility

As you would expect they’ve added support for the latest processors to EVC mode for both AMD and Intel’s latest processors.

vSphere 7

VM Hardware 17 – Virtual Watchdog Timer

The new VM Hardware 17 bring some new features like the Watchdog Timer to monitor your VM’s guest OS and have it take action on your VM if it senses that it’s hung or down.  The feature is based on the following Microsoft specifications: Watchdog Resource Table (WDRT) and Watchdog Action Table (WDAT).  It’s supported on Windows Servers and Linux guests.

vSphere 7

VM Hardware 17 – Precision Time Protocol

Another new feature is the capability to use the Precision Time Protocol inside a VM.  You have to enable it on the VM and a service on the host and it will keep sub-millisecond accuracy on the VM based on the host time.  This may initially only be supported on Linux unfortunately.

vSphere 7

vSGX / Secure Enclaves

Intel Software Guard Extensions (SGX) allows applications to create private memory regions called enclaves that can only be accessed by that application.  These enclaves are used to secure data and isolate it from other programs, operating systems, and hypervisors.  Virtual SGX (vSGX) exposes Intel’s SGX to VM’s running in a vSphere 7 environment.

vSphere 7

Simplified Certificate Management

Certificates in vCenter have always been a complete mess.  Hard to work with, hard to change and update.  The below image shows what that looks like in the current vSphere versions.  Many certificates and in some cases one for each individual service.  It’s terrible to manage in it’s current state.

vSphere 7
As you can see below, vSphere 7 greatly reduces the number of certificates in the vCenter environment which will make it much easier to manage.  You can now renew a VMware CA-signed certificate, replace a VMware CA-signed certificate, replace the current certificate with a third-party CA-signed certificate and you can create a new Certificate Signing Request all through the vCenter GUI.  In previous vSphere versions you had to do this all through the CLI.  Totally no fun at all…vSphere 7

Certificate API

In vSphere 7 you can manipulate the certificates through the GUI, CLI or the new Certificate API.  Anything you can do in the GUI or CLI you can now also do through the Certificate API as well.vSphere 7

vSphere Trust Authority

The current trust architecture in vSphere 6.7 is limited and lacking the ability to truly protect the entire infrastructure stack through encryption.  As depicted below there are several problems.

vSphere 7In comes vSphere Trust Authority.  vTA creates a hardware root of trust to secure the environment using a hardware Trusted Platform Module (TPM).  Just like before you must have an external Key Management Server or KMS setup.  You will need some extra hosts to get this working though because you have to create a separate Trust Authority Cluster that becomes the Trusted Key Provider over the attested cluster and in the below case the Workload ESXi hosts.  This approach allows the Trust Authority Cluster to attest the entire workload cluster and the vCenter managing it.
vSphere 7

Identity Federation

vCenter Server in acts as an identity provider (IDP) to manage identity information for users.  It also provides authentication services that can be leveraged by applications.  vCenter 7 supports identity provider federation for Microsoft Active Directory Federation Services (ADFS).

vSphere 7

VM Encryption Enhancements – Cloning & Migration

You can now clone encrypted VM’s, encrypt VM’s during a clone and decrypt VM’s during a clone.  Talk about end to end there.

vSphere 7This is now all easily done by changing the storage policy during the clone process.vSphere 7As expected this does have a few requirements but nothing out of the ordinary.
vSphere 7This slide is a little busy but right there towards the bottom take note.  You can migrate an encrypted VM across vCenter Server instances while it’s powered on or off.  Very cool!
vSphere 7For the Cross-vCenter Server Migrations and Cloning to work you must have a Shared KMS Cluster that both vCenter environments use as their KMS and of course the source and destination hosts must be running vSphere 7.vSphere 7

Code Capture Enhancements

Code Capture has been around for a while but the new enhancements allows you to capture code in two additional languages now including Python or vRO Javascript.

vSphere 7You can also record vAPI calls for the Content Library, vCenter HA and of the creation of users or roles.
vSphere 7

Conclusion

There’s a ton more I just didn’t have time to cover and talk about in any detail.  Like I said before, it doesn’t seem that ground breaking from the outset but this really is a huge release with a ton of new features, functionality and improvements to the market leading virtualization solution.  vSphere just keeps getting better and vSphere 7 is no exception.  VMware has a ton of new updates coming out that you should also look at like the and VMware Cloud Foundation 4 updates as well as VMware with Kubernetes and vSAN.  There’s also new versions and new products in vRealize Operations 8.1, vRealize Log Insight 8.1 and vRealize Automation 8.1 in both on premise and Cloud versions.

Unfortunately, there’s just not enough time in the day for me to address all of it but hopefully this article gets you started on the highlights of vSphere 7.  Thanks for reading!

1 thought on “vSphere 7 – What’s New?

  1. Pingback: Анонс VMware vSphere 7 | vMind.ru

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.