Today, VMware is releasing vSphere 7 Update 1 and along with fixes and enhancements, there are some notable additions related to Tanzu. For that reason, VMware’s tagline for this update is “Developer-Ready Infrastructure”. In this post, I will cover the important bits that you should be paying closer attention to.
vSphere with Tanzu
When vSphere 7 was released, many were surprised to see that availability of Tanzu was dependent on deployment via VMware Cloud Foundation. Many organizations run the “classic” vSphere implementation and for them, Tanzu was still not an option.
vSphere 7 Update 1 changes that with the release of “vSphere with Tanzu”, which is an implementation of Tanzu on a classic VMware deployment i.e. without any dependence on NSX or vSAN.
It utilises the vSphere Distributed Switch of networking and for load-balancing, HA Proxy is used – provided as an OVA. In the picture above, you’ll recognise the familiar port group mechanism to communicate between the various segments. The Kubernetes Control Plane runs on ESXi and connects to both the management and HA proxy, the latter of which is connected to the Frontend port group, from where the workloads are accessed.
I am quite excited about this because it allows all VMware organisations to reap the benefits of Tanzu, without any dependence on NSX or vSAN and I am confident that it will help promote the ease of Kubernetes deployment and operations that Tanzu brings.
NSX-T Integration with VMware Lifecycle Manager
Lifecycle Management is the key to managing a large vSphere environment consistently as deployments within an organisation grow. Lifecycle Manager maintains the environment using desired state configurations and is the mechanism replacing VMware Update Manager going forward.
This release brings integration of NSX-T into vLCM as well which is welcome news to all admins. NSX is a foundational service for vSphere deployments and just by the nature of its function, quite tedious to update manually. Note that it will also require an NSX-T update to be supported fully.
The integration allows not only to install NSX components but also to update and/or remove them when required. An NSX-T deployment controlled via vLCM also has the benefit of keeping the desired state configuration, so any drifts are also detected and fixed automatically.
Scalability Improvements
If you were impressed with the improvements that vSphere brought in terms of the scale of infrastructure components, consider the numbers vSphere 7 Update 1.
There’s a 3x jump in the number of vCPUs that can be allocated to a VM and a 4x jump to Memory per VM as compared to vSphere 7! In addition, the amount of memory per host and the number of hosts per cluster has also been increased. The latter is a significant and welcome increase for large-scale deployments.
I know that not all organisations require this kind of scale but for those who do, this is important. Also, while not everyone will be keen to jump and increase their cluster sizes, it’s good to know that the capability is there now.
Other Improvements
In addition to the above, there are a few other notable additions & improvements as well:
EVC for Graphics: Remember EVC i.e. the feature that picks the common instruction set between different processor architectures and makes transitioning between them (vMotion) possible? Well, it’s now possible for graphics too! While still subject to compatibility list and checks, it allows for a “Baseline Graphics” mode (for now) and enables vMotioning of VMs having the capability enabled. The setting can be applied at the cluster and per VM level.
AMD SEV-ES: This is functionality that allows enhanced isolation, in addition to the pre-existing ESXi workload isolation mechanisms. As the name suggests, it does rely on AMD EPYC 7xx2 Server Processors for DCs and requires guest OS support. In addition, it comes with some restrictions like vMotion, memory snapshots, and some other features not supported. However, for some organisations that have security as their primary concern, this is a nice addition to further enhance the security of such deployments.
VDDK SDK Improvements: Backup traffic gets its own NIOC resource pool so it can be prioritised now! Also, backup jobs are made more resilient through switching them to alternate hosts when the original host goes into maintenance mode.
Historically, “Update 1” is always a substantial update as some features that get released, alongside many fixes and this one is no different. But this is not all – there are many more updates for vSAN too which I’ll talk about in the next post.
Leave A Comment