Senior Member of Technical Staff Melina McLarty presents some quick tips and tricks for being more productive with the vSphere Web Client.
During this session, we will be challenging modern security practices; covering how data-centers are typically built and how security is often bolted-on afterwards. With this knowledge, we will investigate how VMware NSX is drastically changing the security landscape. By giving the proper context to our data-center elements, organizations can automatically re-act to modern threats.
NOTE: This video is roughly 50 minutes in length so it would be worth blocking out some time to watch it!
This session will focus on how VMware NSX Data Center helps to answer the question, “How do you secure applications that are widely distributed and constantly changing?” By making network security an intrinsic part of the environment on top of which applications and data live, NSX Data Center delivers security policies and controls that are as ubiquitous and agile as applications themselves, no matter where they live. Find out about context-aware micro-segmentation and other key capabilities of NSX Data Center that shrink the application attack surface and improve your overall security posture.
Speakers Alex Berger, Product Marketing, Networking and Security, VMware: Alex Berger is a Product Marketer with VMware’s Networking and Security business unit. His focus is on security products and their use cases, including VMware NSX and VMware AppDefense. Prior to joining VMware, Alex worked on enterprise security products addressing a range of security issues including data access governance, identity and access management, privileged identity management, and threat detection and response. Christopher Frenz, AVP of Information Security, Interfaith Medical Center:
Christopher Frenz is the Director of IT Infrastructure at Interfaith Medical Center and is an expert on healthcare security and privacy. He the author of the books “Visual Basic and Visual Basic .NET for Scientists and Engineers” and “Pro Perl Parsing”, as well as the author of numerous articles. Frenz holds many industry standard certifications, including CISSP, HCISPP, CISM, CISA, FIP, CIPP, CIPM, CIPT, and CCSK.
VMware NSX is the network virtualization technology that decouples the networking services from the underlying physical infrastructure. VMware NSX allows for a new software based approach to networking that provides the same operational model as a virtual machines (VM). Virtual networks can easily be created, modified, backed-up and deleted within minutes.
By providing the physical networking constructs in software, VMware NSX provides similar benefits as server virtualization did with VMs. Businesses can see the impact in terms of increased efficiency, effective resources utilization, productivity, flexibility, agility and cost savings.
This document will present the audience with the NSX introduction, business use-cases and overview of design in Large and Medium data centers. The beginning of the document serves as a refresher to those who are already familiar with the NSX design and deployment aspects.
The document goes on to present a NSX for small data center, its relevance, and what are the main building blocks of designing NSX in small data centers.
The document talks about popular NSX deployment models in small data centers, gives details around protecting and designing based on the individual NSX components, like NSX ESG and DLR Control VM etc.
Towards the end of the document, it talks about the growth option to take NSX even further and grow it into the medium and large scale deployment.
NSX has emerged as the leading software platform to virtualize network and networking services. Many customers have deployed NSX to run their production and non-production workload to get the benefits that
comes with virtual networks and software defined network approaches. NSX has been deployed from small to medium to large sizes of data centers to enable a wide-range of use-cases.
There are situations where large enterprises have also deployed NSX in their small data centers islands within the overall large environment. There are also situations where small and medium businesses (SMBs) are deploying NSX with small number of hosts to take advantage of network virtualization. Regardless of the size of the enterprise, small data center is a viable option and relevant for all type of customers, enterprises and businesses.
The NSX Reference Design Guide discusses design aspects to deploy NSX in all data center sizes. This document uses the NSX Reference Design Guide as a baseline and provides additional and/or supportive guidance to successfully run NSX in SMB Data Centers. It is assumed that readers have gone through the concepts and design options discussed in NSX reference design guide.
In addition, readers are highly encouraged to take a look at Software Defined Data Center (SDDC) VMware
Validated Design Guide (VVD) that provides most comprehensive and extensively tested blueprint to build and operated SDDC.
NSX Customer Use Cases
NSX has been widely accepted and deployed in production by many customers. Figure 1 lists some of the most important use cases that customers are deploying NSX for.
NSX can be used to create a secure infrastructure, which can create a zero-trust security model. Every virtualized workload can be protected with a full stateful firewall engine at a very granular level. Security can be based on constructs such as MAC, IP, ports, vCenter objects, security tags, active directory groups, etc. Intelligent dynamic security grouping can drive the self-adaptive security posture within the infrastructure.
VMware NSX provides a full RESTful API to consume networking, security and services, which can be used to drive automation within the infrastructure. In small data centers, automation tools like REST API and PowerNSX can be useful to programmatically configure network and security services, or to pull the information from VMware NSX deployments for simple operations tasks.
NSX provides a way to easily extend networking and security up to eight vCenters either within or across data centers. NSX can extend or stretch L2 and L3 networks across data centers in distributed fashion. NSX also ensure that the security policies are consistent across those stretched networks and hence provide a seamless, distributed and available Network and Security overlay. All of it is done using software based technologies, without requiring expensive hardware.
NSX for vSphere Components
vSphere is the foundation for NSX for vSphere (referred to as NSX throughout this document) deployment. It is important to have good understanding of what vSphere and NSX components are involved into the design. For a successful NSX deployment, it is imperative to have a good vSphere deployment in place with proper vSphere clustering, compute, network and storage. For detailed discussions on these topics, the reader can refer to the NSX Reference Design Guide.
Figure 2 shows various layers of NSX for vSphere architecture based on the role being performed by each NSX components. From a very high level, the NSX solution architecture can be seen as divided between management, control and data planes. In the traditional networking model, the control and data plane is combined together.
NSX and other software defined networking architectures follow an approach where the data plane is separated from the control plane. This approach provides the advantage of decoupling from hardware dependencies, and allows all networking services to be virtualized following the same operational model that compute and storage virtualization has been providing for years.
NSX in Small Data Center Use-Cases
One must understand that Small Data Center (DC) does not mean that it is only relevant for small customers. Many large enterprises deploy NSX with small footprint or small number of ESXi resources in the beginning and then they expand to larger footprint. This could be due to number of different reasons for example budget, staffing or simply because of small scale deployment that they would have in the beginning. The advantage is that even if NSX is deployed in small footprint, it can easily grow into a medium or large size deployment.
On a broad scale, Small Data Center use-cases can be divided based on business function and application that are being deployed.
Functional Level Use Cases
Organizations deploy NSX with small footprint in specific functional areas or groups that they have. For instance
- Disaster recovery and/or avoidance
- Pre-Prod vs Test environments
- Compliance / DMZ
- Business units with their own operational model
Application Level Use Cases
Many customers deploy NSX in small DCs to tackle one or more application level use-cases that they have. For instance
- Load Balancer
- Agentless Antivirus (AV)
NSX Advantage for Small Data Centers
Organizations adopt NSX not just because of its technical strength and advantages that they gain while deploying networking services in software. They also get the advantage in terms of its simplicity, ease of use and operational flexibility. Some of these advantages are highlighted here.
Simplicity and Modularity
Small customers like the idea of its simplicity and modularity, where they have peace of mind to grow and add more features as they increase the capacity or user base. They do not need to purchase all the networking hardware upfront with lots of unknown down the road. NSX provides those customers software based networking services that they can spin up anytime they want without incurring additional hardware cost.
Customer are also thrilled because all the networking and security services are bundled within the same product and platform, so they do not need to worry about contacting multiple vendors not just for purchase but also for support agreement and licenses procurement and cost. Customer are getting everything with the NSX under one roof.
Ease of Operations
Majority of the customers are already familiar with the operational model vSphere has provided them for years. NSX is seamlessly integrated within the same model. It enhances their operational model and sits nicely on top of it. Hence the learning curve to adopt the new technology is minimal.
Download NSX Design Guide for Small Data Centers.
VMware CEO Pat Gelsinger, CTO Ray O’Farrell, and their featured guests share how to push past the boundaries of what’s possible during the VMworld US Day 1 general session.
NOTE: This video is roughly 1 hour 45 minutes in length so it would be worth blocking out some time to watch it!
vSphere 6.5 release no longer requires that you install the Client Integration Plug-In. In certain cases, workflows have changed slightly, this video covers those changes.
With the recent announcement and general availability of vSphere 6.7 we’ve seen an immense amount of interest. With each new version of vSphere we continue to see customers start their testing of new releases earlier and earlier in the release cycle. vSphere 6.7 brings a number of important new features that vSphere Administrators as well architects and business leaders are excited about.
vSphere 6.7 focuses on simplifying management at scale, securing both infrastructure and workloads, being the universal platform for applications, and providing a seamless hybrid cloud experience. Features such as Enhanced Linked Mode with embedded Platform Services Controllers bring simplicity back to vCenter Server architecture. Support for TPM 2.0 and Virtualization Based Security provide organizations with a secure platform for both infrastructure and workloads. The addition of support for RDMA over Converged Ethernet v2 (RoCE v2), huge pages, suspend/resume for vGPU workloads, persistent memory, and native 4k disks makes shows that the hypervisor is not a commodity and vSphere 6.7 enables more functionality and better performance for more applications.
For those wanting a deep dive into the new features and functionality, I’m happy to announce the availability of the What’s New in vSphere 6.7 whitepaper. This paper is a consolidated resource that discusses and illustrates the key new features of vSphere 6.7 and their value to vSphere customers. The What’s New with vSphere 6.7 whitepaper can be found on the vSphere product page in the Resources section or can be downloaded directly here. After reading through this paper you should have a very good grasp on the key new features and how they will help your infrastructure and business.
Finally, we have a new collection of vSphere 6.7 resources on vSphere Central to make setting up and using these new features even easier. There are also some walkthroughs on upgrading. You can see all of the currently available resources on the vSphere 6.7 Technical Assets page.
Download What’s New in vSphere 6.7 Whitepaper.
About the Author
Adam Eckerle manages the vSphere Technical Marketing team in the Cloud Platform Business Unit at VMware. This team is responsible for vSphere launch, enablement, and ongoing content generation for the VMware field, Partners, and Customers. In addition, Adam’s team is also focused on preparing Customers and Partners for vSphere upgrades through workshops, VMUGs, and other events.
vSAN 6.7 introduces a number of key features that help us provide an HCI solution for customers that want to evolve without risk, lower their TCO, and accommodate the demands of IT environments for today, tomorrow, and beyond. To help customers evolve their data center with HCI, the improvements of vSAN 6.7 focused on enabling customers to improve their experience in three key areas: Intuitive Operations Experience, Consistent Application Experience, and Enhanced Support Experience.
This video introduces VMware’s Software Designed Enterprise Class Storage Solution vSAN. vSAN powers industry-leading Hyper-Converged Infrastructure solutions with a vSphere-native, high-performance architecture.
NOTE: This video is roughly 30 minutes in length so it would be worth blocking out some time to watch it!
Announced today, vSphere 6.7, and several new features and enhancements to further the advancement of storage functionality are included. Centralized, shared storage remains the most common storage architecture used with VMware installations despite the incredible adoption rate of HCI and vSAN. As such, VMware remains committed to the continued development of core storage and Virtual Volumes, and with the release of vSphere 6.7, this truly shows. The 6.7 version marks a major vSphere release, with many new capabilities to enhance the customer experience. From space reclamation to supporting Microsoft WSFC on VVols, this release is definitely feature rich! Below are summaries of what is included in vSphere 6.7, and you can find more detail on each feature on the VMware storage and availability technical document repository: StorageHub.
Configurable Automatic UNMAP
Automatic UNMAP was released with vSphere 6.5 with a selectable priority of none or low. Storage vendors and customers have requested higher, configurable rates rather than a fixed 25MBps. With vSphere 6.7 we’ve added a new method, “fixed” which allows you to configure an automatic UNMAP rate between 100MBps and 2000MBps, configurable both in the UI and CLI.
UNMAP for SESparse
SESparse is a sparse virtual disk format used for snapshots in vSphere as a default for VMFS-6. In this release, we are providing automatic space reclamation for VM’s with SESparse snapshots on VMFS-6. This only works when the VM is powered on and only affect the top-most snapshot.
Support for 4K native HDD
Customers may now deploy ESXi on servers with 4Kn HDDs used for local storage (SSD and NVMe drives are currently not supported). We are providing a software read-modify-write layer within the storage stack allowing the emulation of 512B sector drives. ESXi continues to expose 512B sector VMDKs to the guest OS. Servers having UEFI BIOS can boot from 4Kn drives.
XCOPY is used to offload storage-intensive operations such as copying, cloning, and zeroing to the storage array instead of the ESXi host. With the release of vSphere 6.7, XCOPY will now work with specific vendor VAAI primitives and any vendor supporting the SCSI T10 standard. Additionally, XCOPY segments and transfer sizes are now configurable.
As VMware continues the development of Virtual Volumes, in this release we have added support for IPv6 and SCSI-3 persistent reservations. With end to end support of IPv6, this enables organizations, including government, to implement VVols using IPv6. With SCSI-3 reservations, this substantial feature allows shared disks/volumes between virtual machines across nodes/hosts. Often used for Microsoft WSFC clusters, with this new enhancement it allows for the removal of RDMs!
Increased maximum number of LUNs/Paths (1K/4K LUN/Path)
The maximum number of LUNs per host is now 1024 instead of 512 and the maximum number of paths per host is 4096 instead of 2048. Customers may now deploy virtual machines with up to 256 disks using PVSCSI adapters. Each PVSCSI adapter can support up to 64 devices. Devices can be virtual disks or RDMs. A major change in 6.7 is the increased number of LUNs supported for Microsoft WSFC clusters. The number increased from 15 disks to 64 disks per adapter, PVSCSI only. This changes the number of LUNs available for a VM running MICROSOFT WSFC from 45 to 192 LUNs.
Starting with vSphere 6.7, VMFS-3 will no longer be supported. Any volume/datastore still using VMFS-3 will automatically be upgraded to VMFS-5 during the installation or upgrade to vSphere 6.7. Any new volume/datastore created going forward will use VMFS-6 as the default.
Support for PMEM /NVDIMMs
Persistent Memory or PMem is a type of non-volatile DRAM (NVDIMM) that has the speed of DRAM but retains contents through power cycles. It’s a new layer that sits between NAND flash and DRAM providing faster performance and it’s non-volatile unlink DRAM.
Intel VMD (Volume Management Device)
With vSphere 6.7, there is now native support for Intel VMD technology to enable the management of NMVe drives. This technology was introduced as an installable option in vSphere 6.5. Intel VMD currently enables hot-swap management, as well as NVMe drive, LED control allowing similar control used for SAS and SATA drives.
RDMA (Remote Direct Memory Access) over Converged Ethernet (RoCE)
This release introduces RDMA using RoCE v2 support for ESXi hosts. RDMA provides low latency, and higher-throughput interconnects with CPU offloads between the end-points. If a host has RoCE capable network adaptor(s), this feature is automatically enabled.
Para-virtualized RDMA (PV-RDMA)
In this release, ESXi introduces the PV-RDMA for Linux guest OS with RoCE v2 support. PV-RDMA enables customers to run RDMA capable applications in the virtualized environments. PV-RDMA enabled VMs can also be live migrated.
iSER (iSCSI Extension for RDMA)
Customers may now deploy ESXi with external storage systems supporting iSER targets. iSER takes advantage of faster interconnects and CPU offload using RDMA over Converged Ethernet (RoCE). We are providing iSER initiator function, which allows ESXi storage stack to connect with iSER capable target storage systems.
SW-FCoE (Software Fiber Channel over Ethernet)
In this release, ESXi introduces software-based FCoE (SW-FCoE) initiator than can create FCoE connection over Ethernet controllers. The VMware FCoE initiator works on lossless Ethernet fabric using Priority-based Flow Control (PFC). It can work in Fabric and VN2VN modes. Please check VMware Compatibility Guide (VCG) for supported NICs.
It is plain to see why vSphere 6.7 is such a major release with so many new storage-related improvements and features. These are just highlights, more detail may be found by heading over to StorageHub and review the vSphere 6.7 Core Storage section.
Download vSphere 6.7 Core Storage.
About the Author
Jason is the Core Storage Technical Marketing Architect for the Storage and Availability Business Unit at VMware. Before joining VMware, he came from one of the largest flash and memory manufactures in the world. There he architected and lead global teams in virtualization strategies for IT. Also working with the storage business unit, he helped test and validate SSDs for VMware and vSAN. Now his primary focus is core storage for vSphere and vSAN.