Senior Member of Technical Staff Melina McLarty presents some quick tips and tricks for being more productive with the vSphere Web Client.
During this session, we will be challenging modern security practices; covering how data-centers are typically built and how security is often bolted-on afterwards. With this knowledge, we will investigate how VMware NSX is drastically changing the security landscape. By giving the proper context to our data-center elements, organizations can automatically re-act to modern threats.
NOTE: This video is roughly 50 minutes in length so it would be worth blocking out some time to watch it!
is the market leader in HCI. One of the many driving forces that has helped solidify this position, is the rapid and continuous pace of innovation. VMware has always given customers the power of choice, and this continues into the hybrid cloud era. VMware’s digital foundation gives customers the ability, and flexibility to build true hybrid cloud environments to best suite their use cases. VMware offers a full stack SDDC, and HCI is the starting point for those transitioning to a software-defined infrastructure.
VMware HCI, the Best Building Block for a Digital Foundation
Data centers powered by VMware vSAN offer scalability, flexibility, and manageability to meet nearly any demand, and is the cornerstone for customers looking to build private clouds and extend their multi-cloud capabilities.
VMware vSAN is the only storage software natively integrated with the market-leading hypervisor, vSphere. This unique integration delivers optimal resource utilization for the most critical of applications.
VMware vSAN provides industry-leading deployment flexibility with the largest HCI ecosystem. Over 15,000 private clouds, running on over 500+ ReadyNodes™, jointly certified servers, VxRail – a jointly engineered turnkey appliance, as well as two of the largest public cloud providers, Amazon and IBM. Run HCI on the hardware you prefer.
VMware uniquely provides centralized management of all your HCI deployments from edge to core to cloud from the same tools you use today, vCenter and vRealize . These can optimize your operational efficiency with a single toolset across the hybrid cloud, without having to learn any new skills.
All of these features are available today. Not tomorrow, not next quarter, not next year, today. Only VMware can deliver a true hybrid cloud to your data center now.
vSAN 6.7 U1 Makes it Easy to Adopt HCI
VMware vSAN 6.7 U1 makes it even easier to adopt HCI and build a Digital Foundation. Key areas where vSAN 6.7 U1 provides additional benefits include the simplification of day one and two operations, lowering the total cost of ownership with more efficient infrastructure, and even more rapid support and resolution with ReadyCare.
First, we are simplifying operations day one and two operations by streamlining the deployment process, improving lifecycle management, reducing disruptions during maintenance operations, and improving capacity reporting. These updates help administrators more quickly and easily deploy and extend infrastructure while minimizing disruptions while keeping the environment up to date.
Simplified Operations – Cluster Quickstart
Speed to market and configuration consistency are paramount to reduce risk, maintain uniformity, and achieve better stability and efficiency. A new “Quickstart” guided cluster creation wizard gives administrators a streamlined mechanism for deploying vSAN, and non-vSAN, clusters.
An easy to use, step-by-step configuration wizard makes creating a production-ready vSAN cluster effortless. Cluster Quickstart handles initial deployment, as well as the process of expanding the cluster as needs change.
The Cluster Quickstart wizard workflow includes these tasks and more to ease the deployment process:
- Cluster services including vSphere HA, vSphere DRS, and vSAN
- Adding hosts – Add multiple hosts simultaneously
- vSAN deployment type
- Network configuration including vSphere Distributed Switching
- Disk Group configuration
- Data Services like Deduplication & Compression / Encryption
The Cluster Quickstart wizard works great for configuring vSAN clusters added to an existing vCenter 6.7 U1 deployment, as well as a great next step after using vSAN Easy Install to bootstrap a new vCenter onto the first host in a new vSAN cluster.
The Cluster Quickstart wizard can be seen in action on StorageHub.
Driver & Firmware Updates using Update Manager
Updated in vSAN 6.7 U1, all ESXi, driver, and firmware update functions previously handled by the Configuration Assist workflow have been moved to vSphere Update Manager.
Specific OEM builds can be supported in vSphere Update Manager for 6.7 U1 because it will support the use of OEM vendor ISOs. For those needing to update environments that do not have Internet connectivity, new workflows provide guidance for adding updates to the network isolated environment.
Decommissioning and Maintenance Mode Safeguards in vSAN 6.7 U1
Since each vSAN host in a cluster contributes to the cluster storage capacity, entering a host into maintenance mode takes on an additional set of tasks when compared to a traditional architecture.
vSAN 6.7 U1 has improved the safeguards when performing maintenance and decommissioning activities on vSAN hosts. vSAN will now perform a full simulation of data movement to determine if the process of entering maintenance mode will succeed or fail before it even starts. This will prevent unnecessary data movement and provide a result more quickly to the administrator.
New warnings have been added to entering maintenance mode activities to ensure that there are no other hosts already in maintenance mode or resync activity current performing.
For cases where an administrator needs to adjust the time vSAN waits before it begins to rebuild data to reestablish compliance with storage policies, a new “object repair timer delay” setting is now in the UI.
All of these improvements are added to enhance the overall experience and predictability of host decommissioning activities like entering a host into maintenance mode.
More vRealize Operations Intelligence
In vSAN 6.7, “vRealize Operations within vCenter” provided an easy way for customers to see basic vRealize intelligence with vCenter.
New in vSAN 6.7 U1, vRealize Operations dashboards have the ability to differentiate between normal and stretched vSAN clusters, displaying appropriate intelligence for each.
An incredible number of metrics are exposed to assist with monitoring and issue remediation. vRealize Operations makes it easier to correlate data from multiple sources to speed troubleshooting and root cause analysis.
Improved Capacity Reporting
vSAN 6.7 U1 enhances capacity reporting in a few different ways. Having a better understanding of past, present, and future capacity utilization is a top-of-mind concern for administrators.
In vSAN 6.7, Administrators can easily:
- Estimate the amount of usable capacity based on a desired storage policy
- Determine the capacity required if deduplication & compression were disabled
- See the amount of capacity used historically in vSAN 6.7 U1, including changes in deduplication & compression ratios over time.
Next, vSAN is an even more efficient infrastructure choice. More efficient infrastructure helps in lowering the total cost of ownership. Space reclamation, enhanced networking support for some architectures, as well as better sizing tools lead to even more efficiencies with vSAN.
Popular workloads can use less storage through the process of automatic space reclamation. The addition of TRIM/UNMAP support can automatically reclaim capacity that is no longer used, reduces the capacity needed for popular workloads without administrator interaction.
TRIM/UNMAP will be supported in a variety of Guest Operating Systems, virtual hardware configurations, and virtual machine configurations.
Mixed MTU Support for 2 Node and Stretched Clusters
In a stretched cluster environment, the ability to isolate witness traffic using dedicated uplinks was a powerful enhancement made to vSAN 6.7. vSAN 6.7 U1 introduces additional levels of flexibility to this feature with the support of mixed MTU sizes configured for witness traffic, and the Inter-site link used for vSAN data traffic.
This allows for a user to configure vSAN to use perhaps larger frame sizes on the vSAN data network while keeping the witness uplinks going to the more affordable witness site to a more common standard MTU size. This enhancement will give additional flexibility in accommodating a wider variety of customer topology conditions and reduce potential network issues.
Updated Sizing Tools
We’re also introducing new capabilities that simplify planning to help customers size the most efficient deployment for their environment.
Updates to the HCI Assessment and vSAN Sizer tools work even better together to provide a more streamlined and flexible sizing and infrastructure selection process to ensure the most efficient configuration for new deployments.
Rapid Support Resolution
Faster resolution, quicker diagnosis, and simplified self-help make vSAN Supportability even better. vSAN ReadyCare has simplified the support process by reducing requirements of customers, and speeding time to resolution through faster insight and integrated self-help in vSAN.
Improved Health Check Guidance
The health check feature of vSAN continues to play a prominent role in its ability to ensure that an environment meets hardware and software configuration requirements.vSAN 6.7 U1 extends this feature even more, with a more robust way of handling multiple approved firmware levels for storage controllers.
A new Unicast network performance health check and test ensures that proper continuity is achieved between vSAN hosts and will report network bandwidth results for the tests.vSAN 6.7 U1 also introduces functionality that is now accessible in the UI. Health checks can be silenced granularity, directly in the UI, as well as being able to purge inaccessible swap objects that are no longer needed.These improvements improve the effectiveness of vSAN’s ability to not only recognize issues but remediate them more quickly.
Enhanced Support Diagnostics
vSAN 6.6.1 introduced “vSAN Support Insight,” VMware’s method of automatically collecting vital infrastructure telemetry data about an environment for the VMware technical support engineers in our global support services group.
vSAN 6.7 U1 continues with these improvements, introducing fine-grained, deep level performance graphs for the explicit purpose of issue resolution. GSS engineers will have new tools for capturing critical network diagnostic data. These advances help reduce the need to request log support bundles from the hosts, and when they are absolutely necessary, will contain even more critical data for better root cause analysis.
Native health checks, more self-help tools, better reactive support with vSAN Support Insight, and participation in the VMware Customer Experience Improvement program, provide for an overall enhanced support experience. VMware can rapidly understand a customer’s environment, perform root cause analysis to identify the cause of the problem, and deliver proactive support based on trends and analytics.
VMware vSAN continues to innovate at a rapid pace, making it even easier to adopt HCI and build a Digital Foundation. Simplified operations, a lower cost of ownership, and even more rapid support and resolution are just a few of the key areas that help make VMware HCI with vSAN the industry-leading HCI provider. Whether on-premises or in the cloud, only VMware can deliver a true hybrid cloud to your data center now.
Jase McCarty has a diverse career in technology over the past 25 years. As an IT pro, he has worked in academics, health insurance, & financials in positions ranging from administration, architecture, web development, curriculum development, to training. Before coming to VMware, he was a vSpecialist at EMC, supporting the Federal Government. He is a retired USAF MSgt, where he spent most of his military career in Communications. He is Co-Author of two virtualization books, is regularly designated as a vExpert, and is active on Twitter as @jasemccarty.
In this video, Kyle Ruddy shows you examples of creating a vSphere Distributed Switch, adding hosts to the switch, creating distributed port groups, creating VMKernel network adapters, backing up a vSphere Distributed Switch and then restoring it.
Join Cody from VMware’s Cloud Management Business Unit as he takes us on a spotlight tour of the key features in vRealize Automation 7.5. A brand new user interface, NSX-T integration, Ansible Integration, and PKS Integration are showcased, as well as highlights of many more features
Trying something different…the VMware software-defined datacenter story in a whiteboard. The whiteboard walks you through the evolution of datacenters…from basic virtualization (vSphere) to an optimized, application-centric, ultra efficient, highly automated and governed SDDC.
This short demonstration shows how VMware NSX, in coordination with an Orchestration Solution, can help drive network provisioning and automation for a multi-tier application without any dependencies on the underlying physical network infrastructure.
This session will focus on how VMware NSX Data Center helps to answer the question, “How do you secure applications that are widely distributed and constantly changing?” By making network security an intrinsic part of the environment on top of which applications and data live, NSX Data Center delivers security policies and controls that are as ubiquitous and agile as applications themselves, no matter where they live. Find out about context-aware micro-segmentation and other key capabilities of NSX Data Center that shrink the application attack surface and improve your overall security posture.
Speakers Alex Berger, Product Marketing, Networking and Security, VMware: Alex Berger is a Product Marketer with VMware’s Networking and Security business unit. His focus is on security products and their use cases, including VMware NSX and VMware AppDefense. Prior to joining VMware, Alex worked on enterprise security products addressing a range of security issues including data access governance, identity and access management, privileged identity management, and threat detection and response. Christopher Frenz, AVP of Information Security, Interfaith Medical Center:
Christopher Frenz is the Director of IT Infrastructure at Interfaith Medical Center and is an expert on healthcare security and privacy. He the author of the books “Visual Basic and Visual Basic .NET for Scientists and Engineers” and “Pro Perl Parsing”, as well as the author of numerous articles. Frenz holds many industry standard certifications, including CISSP, HCISPP, CISM, CISA, FIP, CIPP, CIPM, CIPT, and CCSK.
VMware NSX is the network virtualization technology that decouples the networking services from the underlying physical infrastructure. VMware NSX allows for a new software based approach to networking that provides the same operational model as a virtual machines (VM). Virtual networks can easily be created, modified, backed-up and deleted within minutes.
By providing the physical networking constructs in software, VMware NSX provides similar benefits as server virtualization did with VMs. Businesses can see the impact in terms of increased efficiency, effective resources utilization, productivity, flexibility, agility and cost savings.
This document will present the audience with the NSX introduction, business use-cases and overview of design in Large and Medium data centers. The beginning of the document serves as a refresher to those who are already familiar with the NSX design and deployment aspects.
The document goes on to present a NSX for small data center, its relevance, and what are the main building blocks of designing NSX in small data centers.
The document talks about popular NSX deployment models in small data centers, gives details around protecting and designing based on the individual NSX components, like NSX ESG and DLR Control VM etc.
Towards the end of the document, it talks about the growth option to take NSX even further and grow it into the medium and large scale deployment.
NSX has emerged as the leading software platform to virtualize network and networking services. Many customers have deployed NSX to run their production and non-production workload to get the benefits that
comes with virtual networks and software defined network approaches. NSX has been deployed from small to medium to large sizes of data centers to enable a wide-range of use-cases.
There are situations where large enterprises have also deployed NSX in their small data centers islands within the overall large environment. There are also situations where small and medium businesses (SMBs) are deploying NSX with small number of hosts to take advantage of network virtualization. Regardless of the size of the enterprise, small data center is a viable option and relevant for all type of customers, enterprises and businesses.
The NSX Reference Design Guide discusses design aspects to deploy NSX in all data center sizes. This document uses the NSX Reference Design Guide as a baseline and provides additional and/or supportive guidance to successfully run NSX in SMB Data Centers. It is assumed that readers have gone through the concepts and design options discussed in NSX reference design guide.
In addition, readers are highly encouraged to take a look at Software Defined Data Center (SDDC) VMware
Validated Design Guide (VVD) that provides most comprehensive and extensively tested blueprint to build and operated SDDC.
NSX Customer Use Cases
NSX has been widely accepted and deployed in production by many customers. Figure 1 lists some of the most important use cases that customers are deploying NSX for.
NSX can be used to create a secure infrastructure, which can create a zero-trust security model. Every virtualized workload can be protected with a full stateful firewall engine at a very granular level. Security can be based on constructs such as MAC, IP, ports, vCenter objects, security tags, active directory groups, etc. Intelligent dynamic security grouping can drive the self-adaptive security posture within the infrastructure.
VMware NSX provides a full RESTful API to consume networking, security and services, which can be used to drive automation within the infrastructure. In small data centers, automation tools like REST API and PowerNSX can be useful to programmatically configure network and security services, or to pull the information from VMware NSX deployments for simple operations tasks.
NSX provides a way to easily extend networking and security up to eight vCenters either within or across data centers. NSX can extend or stretch L2 and L3 networks across data centers in distributed fashion. NSX also ensure that the security policies are consistent across those stretched networks and hence provide a seamless, distributed and available Network and Security overlay. All of it is done using software based technologies, without requiring expensive hardware.
NSX for vSphere Components
vSphere is the foundation for NSX for vSphere (referred to as NSX throughout this document) deployment. It is important to have good understanding of what vSphere and NSX components are involved into the design. For a successful NSX deployment, it is imperative to have a good vSphere deployment in place with proper vSphere clustering, compute, network and storage. For detailed discussions on these topics, the reader can refer to the NSX Reference Design Guide.
Figure 2 shows various layers of NSX for vSphere architecture based on the role being performed by each NSX components. From a very high level, the NSX solution architecture can be seen as divided between management, control and data planes. In the traditional networking model, the control and data plane is combined together.
NSX and other software defined networking architectures follow an approach where the data plane is separated from the control plane. This approach provides the advantage of decoupling from hardware dependencies, and allows all networking services to be virtualized following the same operational model that compute and storage virtualization has been providing for years.
NSX in Small Data Center Use-Cases
One must understand that Small Data Center (DC) does not mean that it is only relevant for small customers. Many large enterprises deploy NSX with small footprint or small number of ESXi resources in the beginning and then they expand to larger footprint. This could be due to number of different reasons for example budget, staffing or simply because of small scale deployment that they would have in the beginning. The advantage is that even if NSX is deployed in small footprint, it can easily grow into a medium or large size deployment.
On a broad scale, Small Data Center use-cases can be divided based on business function and application that are being deployed.
Functional Level Use Cases
Organizations deploy NSX with small footprint in specific functional areas or groups that they have. For instance
- Disaster recovery and/or avoidance
- Pre-Prod vs Test environments
- Compliance / DMZ
- Business units with their own operational model
Application Level Use Cases
Many customers deploy NSX in small DCs to tackle one or more application level use-cases that they have. For instance
- Load Balancer
- Agentless Antivirus (AV)
NSX Advantage for Small Data Centers
Organizations adopt NSX not just because of its technical strength and advantages that they gain while deploying networking services in software. They also get the advantage in terms of its simplicity, ease of use and operational flexibility. Some of these advantages are highlighted here.
Simplicity and Modularity
Small customers like the idea of its simplicity and modularity, where they have peace of mind to grow and add more features as they increase the capacity or user base. They do not need to purchase all the networking hardware upfront with lots of unknown down the road. NSX provides those customers software based networking services that they can spin up anytime they want without incurring additional hardware cost.
Customer are also thrilled because all the networking and security services are bundled within the same product and platform, so they do not need to worry about contacting multiple vendors not just for purchase but also for support agreement and licenses procurement and cost. Customer are getting everything with the NSX under one roof.
Ease of Operations
Majority of the customers are already familiar with the operational model vSphere has provided them for years. NSX is seamlessly integrated within the same model. It enhances their operational model and sits nicely on top of it. Hence the learning curve to adopt the new technology is minimal.
Download NSX Design Guide for Small Data Centers.
VMware CEO Pat Gelsinger, CTO Ray O’Farrell, and their featured guests share how to push past the boundaries of what’s possible during the VMworld US Day 1 general session.
NOTE: This video is roughly 1 hour 45 minutes in length so it would be worth blocking out some time to watch it!