vSphere 8.0 – what’s new?
If you have not tuned in to VMware Explore, you may miss this announcement! VMware is introducing vSphere 8. Many of us (not me, I am on vSphere 7.0) are still working on 6.x versions, however, please remember that October 15, 2022, is the date of The End of General Support for vSphere 6.5 and vSphere 6.7.
I need to be honest that the dust has not settled after going from vSphere 6.5 to vSphere 7.0, especially with all the hiccups along the way with update 3.
Therefore I am surprised to hear about the brand new release called vSphere 8. Let’s have a look into what VMware is promising to us with the latest version:
- vGPUs per VM changes from 4 to 8
- Lifecycle Manager can now manage 1000 hosts (up from 400)
- You can now manage 10000 VMs per cluster (was previously 8000)
- Each ESXi host can now have up to 32 VMDirectPath IO devices each
vSphere Distributed Services Engine
vSphere Distributed Services Engine unlocks the power of Data Processing Units (DPUs) for hardware accelerated data processing to improve infrastructure performance, boost infrastructure security and simplify DPU lifecycle management. vSphere 8 makes using DPUs easy for workloads to take advantage of these benefits.
In vSphere 8, an additional instance of ESXi is installed directly on the Data Processing Unit. This allows ESXi services to be offloaded to the DPU for increased performance.
Using a vSphere Distributed Switch version 8.0 and NSX, network services are offloaded to the DPU, allowing for increased network performance with no x86 CPU overhead, enhanced visibility for the network traffic, and the security, isolation, and protection you would expect from NSX.
vSphere with Tanzu
vSphere 8 is offering PhotonOS and Ubuntu base image customization, Workload Availability Zones to isolate workloads between clusters, support for LDAP and OIDC federated authentication, and single unified Kubernetes runtime.
To benefit from Workload Availability Zones we need to deploy three zones. In the first release of vSphere 8, Workload Availability Zones will have a 1:1 relationship with the vSphere cluster.
The feature allows it to span across vSphere clusters for Supervisor Clusters and Tanzu Kubernetes Clusters in order to increase availability.
The new way to manage packages comes with ClusterClass, which provides a declarative way to define a Tanzu Kubernetes cluster configuration as well as the default installed packages. The platform team can decide the infrastructure packages installed at cluster creation. This might include the networking, storage, or cloud providers, as well as the authentication mechanism and metrics collection. The cluster specification references the ClusterClass.
With vSphere 8 we are not bound only to vCenter Single Sign-On, but the supervisor cluster and Tanzu Kubernetes clusters can have direct access to OIDC or LDAP to an Identity Provider (IDP). The feature is called Pinniped integration. Pinniped pods are automatically deployed in the supervisor cluster and Tanzu Kubernetes clusters to facilitate the integration.
- DevOps user uses Tanzu CLI login to authenticate to the Supervisor and/or TKC
- Pinniped integration federates to an IDP
- IDP returns a login link or window
- DevOps user provides IDP credentials
- Successful authentication to the IDP is returned to Pinniped
- Tanzu CLI builds the kubeconfig file needed to access the Supervisor and/or TKC
Whoever is not using IMAGE but baseline, it’s time to convert your clusters to vLCM. Baseline lifecycle management, previously known as vSphere Update Manager, is deprecated in vSphere 8. This means that baseline lifecycle management is still supported in vSphere 8, but that vSphere 8 will be the last release that supports baseline lifecycle management.
vSphere Lifecycle Manager received a booster. Now, vLCM can stage update payload to the hosts prior to remediation. Furthermore, staging can be done with hosts going into Maintenance Mode. Additionally, firmware payloads can be also staged, however, you need to have a supported Hardware Support Manager set up like OMIVV for Dell servers.
One thing I am not happy about is coming back to remediate multiple hosts in parallel. In the past, this feature cost me some trouble once DRS thought it is ok to put in Maintenance Mode more than half hosts in the cluster causing congestion. Since then I always remediate host by hosts.
Simplified Hardware Consumption with Device Groups
Device Groups make Virtual Machines consuming complementary hardware devices simpler in vSphere 8. NIC and GPU devices are supported in vSphere 8 GA. Compatible vendor device drivers are required and subject to vendor release. NVIDIA® will be the first partner supporting Device Groups with upcoming compatible drivers.
Device Groups are added to virtual machines using the existing Add New PCI Device workflows. vSphere DRS and vSphere HA are aware of device groups and will place VMs appropriately to satisfy the device group.
Device Virtualization Extensions builds on Dynamic DirectPath I/O and introduces a new framework and API for vendors to create hardware-backed virtual devices. Device Virtualization Extensions allow greater support for virtualization features such as live migration using vSphere vMotion, suspending and resuming a virtual machine, and support for disk and memory snapshots.
Introducing TPM Provision Policy
As we know Windows 11 requires vTMP (Virtual Trusted Platform Module) to be present in Virtual Machines. You can add vTMP to the new VMware Workstation!
vSphere 8 allows cloning Virtual Machines with an option for vTMP to be automatically replaced. This allows best practices that each VM contains a unique TPM device to be followed and improves vSphere support for Windows 11 deployment at scale. vSphere 8.0 also includes the vpxd.clone.tpmProvisionPolicy advanced setting to make the default clone behavior for vTPMs to be replaced.
vMotion for application!
You may come across applications sensitive to changing compute or storage places. vSphere 8 has a mechanism that can prepare the sensitive application for vMotion. This could be gracefully stopping services or performing a failover in the case of a clustered application. The application can delay the start of the migration up until the configured timeout but cannot decline or prevent the migration from occurring.
- Time-sensitive applications
- VoIP applications
- Clustered applications
- Data Warehouse applications
Enhanced DRS Performance
VMware has introduced a new feature with vSphere 7.0U3 called vSphere Memory Monitoring and Remediation (vMMR). vMMR helps bridge the need for monitoring by providing running statistics at both the VM (bandwidth) and Host levels (bandwidth, miss-rates). vMMR also provides default alerts and the ability to configure custom alerts based on the workloads that run on VMs. vMMR collects data and provides visibility of performance statistics so you can determine if your application workload is regressed due to Memory Mode.
In vSphere 8, DRS performance can be significantly improved when PMEM is present by leveraging memory statistics, resulting in optimal placement decisions for VMs without affecting performance and resource consumption.
vSphere 8 will only support TLS 1.2
SSH access will automatically be switched off, no need for scripting this thing out anymore. The default timeout is introduced to prevent SSH sessions from lingering.
Sandboxed Daemons: ESXi 8.0 daemons and processes run in their own sandboxed domain where only the minimum required permissions are available to the process.
Installation of binaries that are not VIB will be blocked by default. This is achieved by turning on the execInstalledOnly option. This is called Prevent execution of untrusted binaries.
Discontinuation of Trusted Platform Module (TPM) 1.2: ESXi 8.0 displays a warning during installation or upgrade if a TPM 1.2 device is present. The installation or upgrade is not prevented.
This host has TPM1.2 hardware which is no longer supported. For full use of vSphere features, use TPM 2.0.
As you can read, there are many changes and improvements as expected with a major release of vSphere. As soon as I will know the release date, I will share this information with you. Please subscribe to my blog, and YouTube channel to keep up to date on VMware updates.
Please like and share to spread the knowledge in the community.
If you want to chat with me please use Twitter: @AngrySysOps
Join my VMware Knowledge Base Group: https://bit.ly/3w54tbc
Visit my FB page: https://www.facebook.com/AngrySysOps
Subscribe to my channel: https://bit.ly/3vY16CT