Learn About the Latest VMware Cloud Foundation 5.2 on Dell VxRail 8.0.300 Release
Thu, 29 Aug 2024 12:23:21 -0000
|Read Time: 0 minutes
“Even more progress” sums up this latest Cloud Foundation on VxRail release—more progress in LCM enhancements, more progress with new hardware platform options, and more progress toward driving a simpler cloud operations experience for VCF on VxRail customers. This new release is based on the latest software bill of materials (BOM) featuring vSphere 8.0 U3, vCenter 8.0 U3a, vSAN 8.0 U3, and NSX 4.2.0. Read on for more on the new hardware platforms, significant lifecycle management enhancements, and networking & security updates in this release.
Hardware platform updates
The latest release brings forth support for new VxRail hardware platforms and enhancements to existing ones. The AMD-based VxRail 16G VE-6615 and VP-7625 hardware platforms are among the newly introduced platforms, featuring the powerful AMD EPYC Gen 4 processor. The VE-6615, a compact 1U platform, is tailored for general-purpose workloads, while the VP-7625, a scalable 2U platform, is designed for optimized performance. Additionally, the release includes the introduction of the Intel®-based storage-optimized platform VS-760.
Furthermore, VCF 5.2 on VxRail 8.0.300 unveils the much-anticipated support for the VD-4000 hardware platform. The VD-4000 offers a cutting-edge VxRail node option specifically crafted for edge use cases. This ruggedized platform features a purpose-built smaller form factor, extending the advantages of VxRail to previously inaccessible locations due to challenging conditions, limited bandwidth, and space constraints. Supported in 3+ node cluster configurations within the workload domain, the VD-4000 integrates seamlessly with both vSAN OSA and ESA, providing a robust edge computing solution.
LCM updates
VCF 5.2 introduces several lifecycle management enhancements. It offers more flexible updates, better scale for operations, and faster deployment and patching.
Notably, all upgrade and patch bundles are now conveniently accessible within the SDDC Manager interface, eliminating the necessity for manual patching via the CLI. Moreover, patches can now be seamlessly applied during upgrade workflows, and newly deployed workload domains and clusters deploy with the latest patches already applied, streamlining administrative tasks and reducing operational overhead.
Let’s expand on these enhancements in more detail.
Skip-level upgrade
The skip-level upgrade feature enables customers running older versions of VCF to transition directly to the latest VCF 5.x release, bypassing intermediate VCF versions. Users on version VCF 4.5.1 and above can seamlessly upgrade to the VCF 5.2 release without migrating workloads or hardware swaps. This streamlined upgrade process simplifies the transition to the latest VCF version, enhancing operational efficiency and minimizing disruptions.
VCF upgrade flexibility
In VCF 5.2, the upgrade process for a workload domain now offers the flexibility to customize the Bill of Materials (BOM) to accommodate any newly released asynchronous patches. This enhancement streamlines the upgrade workflow, as only one single run is needed to align the domain with the preferred component versions. Previously, users had to conduct the upgrade and subsequently apply async patches separately. Workload domains can now feature distinct combinations of component versions tailored to specific workload requirements, with SDDC Manager conducting compatibility validations to verify that the customized BOM remains within supported configurations.
Independently upgrade SDDC Manager
With the introduction of VCF 5.2, customers now have the option to incrementally upgrade the SDDC Manager component independently over time without updating the remaining infrastructure components within the management domain. This approach facilitates quicker adoption of new functionalities and fixes without necessitating extensive updates to NSX, vCenter Server, and ESXi hosts.
Patch individual VCF on VxRail components using SDDC Manager
After a particular VCF BOM has been released, updating one or more of the individual components may be necessary to address reliability or security issues. These individual component updates (referred to as "async patches") are delivered separately from the VCF release BOM. Previously, customers looking to update their workload domains had to utilize the Async Patch Tool, a separate command-line interface utility. However, with VCF 5.2, the deployment of async patches can now be seamlessly applied within the familiar SDDC Manager UI. Users can conveniently select from available patches in a dropdown menu, which dynamically updates as the SDDC Manager receives the latest bundle data from online repositories or offline sources.
Built-in Inventory Version Synchronization
This feature is related to patching individual VCF on VxRail components using SDDC Manager. When applying async patches, it’s crucial to follow specific instructions for updating the VCF inventory using the Async Patch Tool’s sync command. Lack of synchronization could cause issues during upgrades. Before VCF 5.2, users had to manually sync the inventory using the CLI and the Async Patch Tool. Now, with VCF 5.2, there’s an automatic mechanism to make this process easier and improve the user experience.
Create an Offline Depot local patch repository
In scenarios where VCF deployments are unable to connect to the Internet's online depot due to technical constraints or policy restrictions (referred to as "dark sites"), the downloading of essential software bundles for infrastructure updates and deployments becomes challenging. To address this limitation, customers traditionally relied on the Offline Bundle Transfer Utility (OBTU) CLI tool to download bundles to a separate system and then transfer and import them into SDDC Manager to then perform LCM operations. This method would need to be repeated, potentially requiring separate downloaded copies of update bundles and bundle transfers for each VCF instance deployed within a customer environment.
However, with the introduction of VCF 5.2, a new configuration option within SDDC Manager offers a solution by allowing downloads from a local web server instead of the online depot. This local server, referred to as an "offline depot," involves the utilization of a customer-managed web server equipped with an enhanced version of OBTU. This approach effectively establishes a local mirror of the online depot, enabling seamless centralized access to single copies of necessary software bundles within dark site environments.
Deploy new async patched domains
In the past, every new workload domain and cluster was deployed with component versions matching those of the management domain BOM. Subsequently, async patches had to be manually applied to each new domain after deployment.
With the introduction of VCF 5.2, administrators can deploy new domains and clusters that match the patch levels implemented in the management domain. This advancement eliminates the need to patch a newly deployed domain, enhancing operational efficiency and scalability.
Independent TKG Service
In VMware Cloud Foundation 5.2, the TKG Service in vSphere 8.0 U3 has been decoupled from vCenter Server, allowing it to be implemented independently as a core Supervisor Service. This architectural change empowers Administrators to introduce asynchronous updates to the service, ensuring alignment with upstream Kubernetes and facilitating the rapid delivery of new Kubernetes versions. This decoupling enhances agility and enables faster adoption of Kubernetes advancements within the VMware ecosystem.
Networking updates
Configure an Isolated Domain with a Shared NSX instance
In previous VMware Cloud Foundation versions, each individual Isolated Workload Domain required a dedicated NSX instance. However, with the introduction of VCF 5.2, Administrators now have the flexibility to configure multiple isolated domains utilizing a shared NSX instance. Each isolated workload domain utilizing a shared NSX instance is independently set up with its own SSO instance and Identity Provider.
Utilizing a shared NSX instance across domains offers the advantage of a unified management interface through the NSX Manager console for all NSX network components within a given topology. Additionally, a single transport zone is shared across all clusters present in either all VI workload domains or all isolated workload domains linked to the shared NSX Manager instance. This shared NSX instance also reduces the number of NSX controllers needed to manage the NSX environment effectively.
To learn more, please check the following demo of this feature:
TEP performance enhancements with NSX Edges
In scenarios where NSX Edges handle traffic across multiple TEPs per NSX segment, in many cases, a single segment is involved when routing traffic through an Edge, leading to the utilization of a single TEP. Customers with significant throughput demands have observed limitations in the processing capacity of individual edges under such circumstances. To address this challenge and enhance traffic handling capabilities, implementing a more granular per-flow load sharing mechanism across the Edge TEPs is recommended and now possible.
NSX Advanced Load Balancer integration with SDDC Manager
VCF 5.2 now integrates with the NSX Advanced load balancer (formerly AVI). This integration allows VCF Administrators to leverage the SDDC Manager to deploy an NSX Advanced Load Balancer controller cluster within deployed workload domains. It's important to highlight that utilizing the NSX Advanced Load Balancer requires an add-on license. This integration streamlines the deployment of the AVI Load Balancer Controller Cluster. The AVI controller configuration and Service Engines' deployment are managed through the AVI Admin Console.
Storage updates
Protect and recover VMs against accidental and malicious activities
vSAN 8 U3 leverages the robust snapshotting capabilities of ESA to enhance data protection and operational flexibility. With the Data Protection for vSAN ESA, VCF administrators now have the capability to safeguard and restore VMs in the event of accidental deletions or malicious activities like ransomware attacks. This functionality simplifies the setup by enabling the configuration of protection groups to specify which VMs require protection, the frequency of snapshots, and the retention period. Moreover, the option to make snapshots immutable provides an additional layer of defense, particularly for scenarios requiring robust ransomware protection. Furthermore, seamless integration with VMware Live Cyber Recovery (VLCR) enhances the overall ransomware protection strategy by offering comprehensive cloud-based solutions.
Support for vSAN Witness Traffic Separation (WTS) as a VCF on VxRail standard feature
VCF on VxRail now supports vSAN Witness Traffic Separation (WTS) configurations as a standard feature, eliminating the need to pursue Dell exception support. The VMware and Dell Technologies documentation will be revised to align with this updated standard feature.
Security updates
Identity Federation Support with Microsoft Entra ID
VMware Cloud Foundation offers support for Identity Federation through various third-party providers. The VMware Identity Service allows configuration for federation utilizing Okta and Microsoft Entra ID (introduced in VCF 5.2) with plans for additional third-party identity providers in upcoming releases. When users initiate login requests to VCF, these requests are directed to the chosen authentication service. Following authentication validation based on specified criteria, the third-party authentication service provides an access token/claim for the user's login request, enabling VCF to authorize access to its dashboards. Authenticated users can seamlessly navigate between SDDC Manager, vCenter Server, and NSX Manager, enhancing operational efficiency and user experience within the VCF environment.
Configure a Proxy Server with Authentication
In previous releases of VMware Cloud Foundation, the capability to set up a proxy server within SDDC Manager was available but lacked the option to configure authentication. The latest version of VCF now enables administrators to configure a proxy server with authentication for the download and installation of update bundles. The SDDC Manager interface can be used to establish proxy server authentication, supporting basic or NTML authentication methods. Additionally, if your proxy server operates on secure HTTPS protocols, the SDDC Manager now includes support for configuring this flexible security protocol level.
SDDC Manager Compliance APIs
New SDDC Manager compliance APIs have been introduced. While current support is limited to PCI compliance, VMware intends to expand this support to include additional compliance standards in upcoming releases. This enhancement enables users and third-party reporting software to programmatically access configuration audit results for SDDC Manager, facilitating streamlined compliance monitoring and reporting processes.
Operations and serviceability user experience updates
Aria Operations enhancements
The Aria Operations console in VMware Cloud Foundation (VCF) offers a centralized interface for managing the VCF stack, streamlining application and infrastructure management. It serves as a control plane for global inventory, lifecycle operations, and administrative tasks, enhancing operational efficiency. Integrating diagnostic functionalities from Skyline Health Diagnostics and Skyline Advisor into Aria Operations provides administrators with a unified platform to identify issues, access automated recommendations, and ensure efficient troubleshooting. Additionally, the console simplifies license key management and enhances certificate visibility, allowing IT admins to monitor certificate health, receive expiration alerts, and generate compliance reports for audit purposes.
Aria Automation enhancements
The enhanced VCF integration with Aria Suite boosts cloud resource visibility and streamlines cloud setup with Quick Start workflows. The Dashboard and Launchpad on the Home Page simplify access to crucial information. Through guided workflows, users can efficiently establish cloud services, create cloud accounts, and align resources with business needs. Admins can customize Supervisor Namespace classes for self-service provisioning, allowing developers to deploy workloads quickly via the Cloud Consumption Interface or curated catalog items. Governance is ensured through policies like leasing and approvals as well as maintaining operational compliance and control.
HCX Updates
HCX 4.10 enhances performance and scalability and is fully compatible with VCF 5.2. Migration capacity increased from 600 to 1,000 VMs, optimizing efficiency and reducing costs. HCX Assisted vMotion (HAV) accelerates Cross vCenter vMotion for faster migration times. Enhanced encryption options are introduced for migration and network extension services. Finally, OS-Assisted Migration deployment is streamlined, reducing solution footprint.
VCF Private AI Foundation updates
New VMware Private AI Foundation with NVIDIA Aria Automation catalog options
The VMware Private AI Foundation with NVIDIA was initially introduced as a post-GA feature in version 5.1.1, however it has been validated and officially supported in VCF on VxRail. Within VMware Aria Automation—a part of the solution—users can access expanded catalog items, including AI Workstation, AI RAG Workstation, and Triton Inferencing Server. These new catalog items empower users to provision TKG clusters and leverage vGPU and RAG operators for deploying AI RAG applications on the TKG cluster. Additionally, Deep Learning VM catalog items now support the execution of custom cloud-init configurations for better customization.
Summary
The latest release is packed with new features, including support for multiple new hardware platforms, notable lifecycle management enhancements, networking and security updates, and substantial improvements in integration with Aria Suite. VCF 5.2 on VxRail 8.0.300 delivers a more robust, secure, integrated, and streamlined user operations experience. If you want more information beyond what was discussed here, please check out the following resources. Until next time!
Resources
- VxRail product page
- VxRail Info hub page
- VMware Cloud Foundation on Dell VxRail Release Notes
- VCF on VxRail Interactive Demo
Author: Karol Boguniewicz, ISG Cloud Platforms Technical Marketing
Twitter: @cl0udguide