Data center upgrades and patch management are typically manual, repetitive tasks prone to configuration and implementation errors. Validation testing of software and hardware firmware to ensure interoperability among components when one component is patched or upgraded requires extensive quality assurance testing in staging environments. Strapped for time, IT must sometimes make the difficult decision to deploy new patches before they are fully vetted or to defer new patches, which slows down the roll-out of new features, security and bug fixes. Both situations increase risk for the customer environment.
To help understand lifecycle operations details, it is helpful to better understand the VMware Cloud Foundation concept of a Workload Domain. A Workload Domain is a policy-based resource container with specific availability and performance attributes that combines compute (vSphere), storage (vSAN), and networking (NSX) into a single consumable entity. In the case of running VMware Cloud Foundation on VxRail, these workload domains are built using VxRail clusters and leverage the native VxRail operations experience for tasks such as automated cluster builds and cluster expansions as examples.
Infrastructure building blocks can be created based on native VxRail clusters that can scale up and out incrementally. Customers can scale up leveraging the flexible hardware configurations available within a VxRail node to increase storage capacity or memory. Customers can similarly scale out by adding nodes in single node increments to a cluster. The physical compute, storage and network infrastructure becomes part of a single shared pool of virtual resources that is managed as one cloud infrastructure ecosystem using the SDDC Manager.
From this shared pool, customers can organize separate pools of capacity into what are defined as Workload Domains, each with its own set of specified CPU, memory and storage requirements to support various workloads types such as cloud native, VDI or business critical apps like databases, etc. As new VxRail physical capacity is added, it will be recognized by the SDDC Manager and be made available for consumption as part of a workload domain. Scaling workload domains beyond a single cluster gets even easier with the ability to add multiple VxRail clusters within a workload domain.
Workload Domains can be created, expanded, and deleted. They can also be patched/upgraded independently, providing customers with the flexibility to align workload domain infrastructure requirements to the applications running on them. And it is in this concept that we come back to our lifecycle management discussion. With VMware Cloud Foundation, all lifecycle management occurs at the workload domain level. Note, that with the enhancements introduced in VMware Cloud Foundation 4.0.1, if needed customers may manage upgrades on a more granular, cluster level, including VMware Tanzu enabled clusters.
VMware Cloud Foundation on VxRail leverages both the native Cloud Foundation and VxRail HCI System Software update bundles for its updates. This means that there is no proprietary package that needs to be generated specifically for running VMware Cloud Foundation on VxRail that would delay the availability of these updates from being published for customer consumption when the updates are available. This allows both VMware and Dell EMC to innovate faster within their respective layers asynchronously, bringing about newer features/changes without affecting the other layers of the platform stack. It also means that VMware and Dell EMC can continue to leverage their respective streamlined development and release processes for both VxRail and Cloud Foundation independently. All this means that new versions of VMware Cloud Foundation on VxRail allow customers to take advantage of new platform features faster.
VxRail LCM is built on Ecosystem Connectors to integrate vSAN cluster software and PowerEdge server hardware so that the ESXi host can be managed as a single system. This system integration enables automation and orchestration necessary to deliver non-disruptive, streamlined HCI stack upgrades. Where VxRail LCM delivers differentiated value is the ability to deliver pre-validated set of software and firmware that ensures compatibility and compliance of the entire configuration on HCI stack while maintaining the performance and availability required of the virtualized workloads running on the clusters.
The ability to test, validate, and produce a VxRail software bundle to support every vSphere release, any-to-any version upgrade path, and the millions of VxRail configurations is termed as Continuously Validated States. These Continuously Validated States are recorded on the Electronic Compatibility Matrix. The VxRail team’s $60 million in equipment investment with 100+ team members dedicated to testing and quality makes this possible.
All VMware Cloud Foundation on VxRail lifecycle patching and upgrade operations are orchestrated using SDDC Manager. It is responsible for monitoring the respective VMware and Dell EMC support repositories where the VMware Cloud Foundation and VxRail update bundles get published. The VMware Cloud Foundation update bundle contains updates for vCenter, Platform Services Controller, NSX, SDDC Manager and vRealize Suite components (vRealize Automation, vRealize Operations and vRealize Log Insight). vRealize Suite is fully integrated into Cloud Foundation since VCF version 4.1. The SDDC Manager deploys the vRealize Suite Lifecycle Manager (vRSLCM) and establishes a two-way communication channel between these two products. vRSLCM is now “VCF-aware” and reports back to the SDDC Manager what vRealize components are installed. Software bundles for the vRealize Suite are all downloaded and managed through the SDDC Manager. When patches or updates become available for vRealize Suite, lifecycle management of the vRealize Suite components is controlled from the SDDC Manager.
The native VxRail update bundle includes ESXi, vSAN, VxRail Manager, hardware firmware and drivers. As a part of this monitoring, SDDC Manager would automatically discover when new VxRail and VMware Cloud Foundation updates are available for download and proactively notify the administrator accordingly within the user interface.
SDDC Manager will also ensure that all update bundles are automatically curated, guaranteeing visibility and access to only the updates that have been qualified and supported for the system configuration it is managing. For example, an update cannot be accessed for a workload domain until first applied to the management domain. SDDC Manager even controls the ordering of LCM updates to ensure that a bundle version cannot be applied without first verifying that all update pre-requisites are met first. This helps mitigate risk so that the system is always at a known good state from one version to the next. This removes any need for the administrator to guess about valid releases or to cross reference support matrices to ensure update bundle compatibility across the system.
All updates are scheduled, executed, and orchestrated by SDDC Manager but may be executed by SDDC Manager or VxRail Manager using integrated APIs as shown in Figure 17.
Once a set of updates has been downloaded, SDDC Manager is used to schedule the updates to be applied to each of the workload domains in the environment independently.
Lifecycle management in SDDC Manager can be applied to the Management Domain, which contains SDDC software stack or to individual workload domains and does not disrupt tenant virtual machines (VMs). Using live VM migration together with vSphere Dynamic Resource Scheduler (DRS), SDDC Manager can patch software to improve infrastructure security and reliability. VMware and Dell EMC do extensive validation testing of the software stack prior to releasing software updates, which reduces risk and helps to instill confidence.
The SDDC Manager Lifecycle Management view provides notification of update availability and download of the update bundle. The SDDC Manager interface also provides for selecting update targets and scheduling the update. It is highly recommended to schedule updates at a time when SDDC Manager is not in heavy use and avoid any changes to the domains being upgraded until after the upgrade completes.
Before starting the update, there are prerequisite tasks that ensure the system is in a healthy state. The pre-check utility can be manually triggered in the SDDC Manager Update/Patches screen as shown in Figure 18.
For native VMware Cloud Foundation software updates, SDDC Manager will execute the automated workflows needed to apply those updates to the clusters within a workload domain.
For native VxRail updates, SDDC Manager will orchestrate the LCM process for a given workload domain, but will leverage the native VxRail Manager that runs on each VxRail cluster in that workload domain to apply the VxRail update using integrated VxRail Manager REST API calls in the background. As VxRail Manager performs the cluster update, SDDC Manager will monitor its progress, and when completed will be notified by VxRail Manager of completion. In a multi-cluster workload domain example, this process of SDDC Manager automatically calling out a VxRail cluster’s VxRail Manager API’s occurs automatically without any administrator input until all clusters in the workload domain have been updated.
All of these co-engineered features are what drives the full stack integration lifecycle management experience only available with VMware Cloud Foundation on VxRail. A true better together experience to help Dell EMC customers simplify and accelerate their IT Transformation.
It's worth noting that VMware and Dell Technologies constantly improve the automated LCM experience built into the platform. Starting with VMware Cloud Foundation 4.0.1 on VxRail 7.0, customers can upgrade specific host clusters within a workload domain, which provides more flexibility in planning maintenance windows. Version 4.1 introduced NSX-T cluster-level and parallel upgrades that offer more flexibility and efficiency in patching this critical component of the platform and better alignment with maintenance windows. Version 4.2 introduced the integration of the skip level upgrades into the SDDC Manager web-based UI. This capability provides additional efficiency, as it eliminates the need to install intermediate stepwise upgrades for customers who are performing LCM operations of the platform less often. Additionally, the updated SDDC Manager LCM Manifest architecture allows VMware and customers to respond more quickly to potential changes introduced in upgrade sequencing to provide more agility and further reduce risks related to software and hardware firmware upgrades.