VMwarevSphere

VMware vSphere 7 Update 2 – What’s new? (Hint: Lots!)

vSphere 7.0 was released in 2020, less than a year later we have had vSphere 7 Update 1, and now vSphere 7 Update 2 is coming soon!

Get your beverage of choice and snacks ready because this is a big update!

So what’s in vSphere 7 Update 2?

vSphere 7 Update 2 Lifecycle Improvements

vLCM improvements

You’ll recall that in 7, VMware released vSphere Lifecycle Manager (vLCM). This was expanded in 7 Update 1 for improved vSAN and NSX-T support

In vSphere 7 Update 2 can now manage vSphere with Tanzu supervisor cluster lifecycle operations.

In update 2, vSphere Lifecycle Manager CLI support is included for vSAN bootstrap operations. When you have a new environment to deploy, you can now deploy vSAN and vCenter together in an automated way without having storage space to build the vCenter server onto first.

vLCM now also lets us import an image from an existing host for the creation of new clusters with the same configuration.

ESXi Suspend to Memory

During cluster remediation, it is now possible to suspend a VM’s state to memory.

Combining this feature with ESXi quick boot, means that VMs can be suspended to memory, a host remediated and VMs resumed all within a few minutes.

This feature adds some flexibility if you prefer not to vMotion 100’s VMs in order to speed up host patching, provided that it’s acceptable for those VMs to be suspended for those few minutes.




Availability and Efficiency

vSphere HA Support for persistent memory VMs

vSphere HA now supports PMEM enabled VMs.

PMEM is basically storage within memory, which allows super-fast virtual machines to be built.

As well as Ha, Admission control is fully supported, ensuring that when these VMs are powered on, enough failover capacity is available should there be a host failure within the cluster.

Keep in mind that, VM hardware version 19 is required to make use of this new functionality so you’ll need to automatically schedule this at the next reboot or manually upgrade the hardware version when possible.

VMware vMotion Auto Scale

In 7 and 7 Update 1, vMotion had significant improvements to stun times.

In vSphere 7 Update 2, live migrations can be enabled on 25, 40 and 100GbE.

A single vMotion stream is now capable of up to 15Gbps, speeding up migrations dramatically.

vMotion will now automatically scale to the maximum number of streams based on available bandwidth on the host’s physical NICs, reducing the need to make any manual advanced configuration changes.

vSphere 7 Update 2 Auto Scale vMotion

AMD Updates

With this release, VMware has optimised the CPU scheduler for AMD EPYC CPUs to improve performance.

Load balancing and cache locality for the AMD EPYC CPU architecture has also been improved.

These updates should translate into large performance gains for vSphere hosts with these CPUs.

Sensitive Workload Support

I/O and jitter have been tuned for latency-sensitive workloads, making latency as close to zero as possible to bare-metal equivalents.

NIC passthrough interrupts have been reduced to improve latency and performance.

 

Security

ESXi Key Persistence

Security is a big topic of concern nowadays and VMware has a few interesting updates here.

ESXi keys can now be enabled via a hardware TPM, a low-cost chip on the host.

This eliminates the requirement for other key storage solutions and failure points.

VMware vSphere Native Key Provider

This is one of my favourite changes in vSphere 7 Update 2.

VMware now provides the option to use a new native key provider for encryption.

vSAN encryption, VM encryption and vTPM are all supported with this update. This eliminates costly 3rd party solutions and additional dependencies, essentially it enabled encryption for VMs without any additional costs or management.

This new feature also adds flexibility to data at rest security options.

vSphere 7 Update 2 Native Key Provider
vSphere 7 Update 2 Native Key Provider

ESXi Configuration Encryption

This feature protects everything on the ESXi boot volume.

Using a TPM module, this feature is automatically enabled and protects the boot volume secrets during hardware replacements.

 

VMware Tools and Guest updates

vTPM support on Linux and Windows

A Virtual TPM module is now available to use within modern Linux and Windows guest operating systems.

No physical TPM is required for this to work.

VM encryption needs to be enabled, but this is easily done with the new native key provider at no additional cost.

I can see admins being able to enable OS encryption features such as Bitlocker with this new feature.

VMware Tools Content Distribution

In vSphere 7 Update 2, you can now distribute content to virtual machines much like an internal CDN.

This allows for utilities and scripts to be delivered to the guest OS via granular assess policies.

This will enable a whole bunch of possibilities for administrators. Such as sharing scripts, .exe and .iso files between Virtual Machines without having to RDP or use file shares.

VMware Time Provider

Via a new version of VMware tools and hardware version 18+, it’s now possible to sync guest clocks with hosts over a low latency channel.

This new precision clock device in hardware version 18+ is a new high-quality alternative to older time sources such as NTP or Active Directory options.

You’ll need to set up the new precision clock which was launched in vSphere 7 for this to work.

This option is supported in both Windows 10 and Windows Server 2016+. It also removed dependency and firewall rules between domain controllers or other time servers on the network, easing the management overhead for virtual machines.



vSphere 7 Update 2 With Tanzu

For those interested or with Tanzu deployed, there are some interesting updates here too:

Load Balancer improvements

Historically HA proxy has had to be used for the Tanzu load balancer, now the NSX Advanced Load Balancer (Essentials) is included in vSphere with Tanzu.

This option is an improvement because it can be orchestrated through Network Service & NSX-T.

It’s highly available and upgrades and lifecycle management are all handled automatically.

Certificate Flexibility

Registries can now be used with self-signed or internally signed CA certs.

This can help with managing registries deployed outside of vSphere with Tanzu.

Advanced security for container workloads

vSphere 7 Update 2 introduces SEV-ES security to protect CPU registers and memory from guest leaks into ESXi.

SEV-ES will ensure that memory in each pod is encrypted and undecipherable by ESXi or any other system.

This is available for ESXi hosts running supported AMD processors


Artificial Intelligence and Machine Learning in vSphere 7 Update 2

Al and ML are becoming big topics in the industry and VMware are leading the way in terms of virtualising GPUs and easing management headaches with ML and AI deployment.

vSphere 7 Update 2 introduces support for:

  • New NVIDIA Ampere GPUs
  • Multi-Instance GPU enhances isolation between Virtual Machines and workloads (more on this later)
  • Performance improvements with GPUdirect within ESXi

NVIDIA Multi-Instance (MIG) GPU

This feature is supported with new NVIDIA Ampere GPUs.

MIG is useful for AI & ML, but not for graphical purposes.

This extends vGPU profiles, which also isolates the complete hardware path.

VMware vSphere BitFusion 3.0

In this update, new updates are included to allow for easier remote access to GPUs for fast and flexible dynamic GPU virtualization and sharing.

This update, in turn, allows for higher GPU utilization, maximising investment much like traditional vSphere did at first release and as it continues to today.

CUDA 11,2, NCCL, NVML and nvidia-smi (for GRP metric management) are all supported with this update.

When will vSphere 7 Update 2 be available for download?

vSphere 7 Update 2 is available to download now via my.vmware.com

There will also be a few other changes in vSphere 7 Update 2, so be sure to read through the release notes.

To be notified about further updates, feel free to subscribe to the mailing list

 

 

2 Comments

Leave a Response

This site uses Akismet to reduce spam. Learn how your comment data is processed.