Building on VxRail HCI System Software: the advantages of multi-cluster active management capabilities
Tue, 29 Sep 2020 19:03:05 -0000|
Read Time: 0 minutes
The signs of autumn are all around us, from the total takeover of pumpkin-spiced everything to the beautiful fall foliage worthy of Bob Ross’s inspiration. Like the amount of change autumn brings forth, so too does the latest release of VxRail ACE, or should I preface that with ‘formerly known as’? I’ll get to that explanation shortly.
This release introduces multi-cluster update functionality that will further streamline the lifecycle management (LCM) of your VxRail clusters at scale. With this active management feature comes a new licensing structure and role-based access control to enable the active management of your clusters.
Formerly known as VxRail ACE
The colors of the leaves are changing and so is the VxRail ACE name. The brand name VxRail ACE (Analytical Consulting Engine), will no longer be used as of this release. While it had a catchy name and was easy to say, there are two reasons for this change. First, Analytical Consulting Engine no longer describes the full value or how we intend to expand the features in the future. It has grown beyond the analytics and monitoring capabilities of what was originally introduced in VxRail ACE a year ago and now includes several valuable LCM operations that greatly expand its scope. Secondly, VxRail ACE has always been part of the VxRail HCI System Software offering. Describing the functionality as part of the overall value of VxRail HCI System Software, instead of having its own name, simplifies the message of VxRail’s value differentiation.
Going forward, the capability set (that is, analytics, monitoring, and LCM operations) will be referred to as SaaS multi-cluster management -- a more accurate description. The web portal is now referred to as MyVxRail.
Cluster updates is the first active management feature offered by SaaS multi-cluster management. It builds on the existing LCM operational tools for planning cluster updates: on-demand pre-update health checks (LCM pre-check) and update bundle downloads and staging. Now you can initiate updates of your VxRail clusters at scale from MyVxRail. The benefits of cluster updates on MyVxRail tie closely with existing LCM operations. During the planning phase, you can run LCM pre-checks of the clusters you want to update. This informs you if a cluster is ready for an update and pinpoints areas for remediation for clusters that are not ready. From there, you can schedule your maintenance window to perform a cluster update and, from MyVxRail, initiate the download and staging of the VxRail update bundle onto those clusters. With this release, you can now execute cluster updates for those clusters. Now that’s operational efficiency!
When setting a cluster update operation, you have the benefit of two pieces of information – a time estimate for the update and the change data. The update time estimate will help you determine the length of the maintenance window. The estimate is generated by telemetry gathered about the install base to provide more accurate information. The change data is the list of the components that require an update to reach the target VxRail version.
Figure 1 MyVxRail Updates tab
Role-based access control
Active management requires role-based access control so that you can provide permissions to the appropriate individuals to perform configuration changes to your VxRail clusters. You don’t want anyone with access to MyVxRail to perform cluster updates on the clusters. SaaS multi-cluster management leverages vCenter Access Control for role-based access. From MyVxRail, you will be able to register MyVxRail with the vCenter Servers that are managing your VxRail clusters. The registration process will give VxRail privileges to vCenter Server to build roles with specific SaaS multi-cluster management capabilities.
MyVxRail registers the following privileges on vCenter:
- Download software bundle: downloads and stages the VxRail software bundle onto the cluster
- Execute health check: performs an on-demand pre-update health check on the cluster
- Execute cluster update: initiates the cluster update operation on the clusters
- Manage update credentials: modifies the VxRail infrastructure credentials used for active management
Figure 2 VxRail privileges for vCenter access control
VxRail Infrastructure Credentials
We’ve done more to make it easier to perform cluster updates at scale. Typically, when you’re performing a single cluster update, you have to enter the root account credentials for vCenter Server, Platform Services Controller, and VxRail Manager. That’s the same process when performing it from VxRail Manager. But that process can get tedious when you have multiple clusters to update.
VxRail Infrastructure Credentials can store those credentials so you can enter them once, at the initial setup of active management, and not have to do it again as you perform a multi-cluster update. MyVxRail can read the stored credentials that are saved on each individual cluster for security.
Big time saver! But how secure is it? More secure than hiding Halloween candy from children. For a user to perform cluster update, the administrator needs to add the ‘execute cluster update’ privilege to the role assigned to that user. Root credentials can only be managed by users assigned with a role that has the ‘manage update credentials’ privilege.
Figure 3 MyVxRail credentials manager
The last topic is licensing. While all the capabilities you have been using on MyVxRail come with the purchase of the VxRail HCI System Software license, multi-cluster update is different. This feature requires a fee-based add-on software license called ‘SaaS active multi-cluster management for VxRail HCI System Software’. All VxRail nodes come with VxRail HCI System Software and you have access to MyVxRail and SaaS multi-cluster management features, except for cluster update. For you to perform an update of a cluster on MyVxRail, all nodes in the clusters must have the add-on software license.
That is a lot to consume for one release. Hopefully, unlike your Thanksgiving meal, you can stay awake for the ending. While the brand name VxRail ACE is no more, we’re continuing to deliver value-adding capabilities. Multi-cluster update is a great feature to further your use of MyVxRail for LCM of your VxRail clusters. With role-based access and VxRail infrastructure credentials, rest assured you’re benefitting from multi-cluster update without sacrificing security.
Daniel Chiu, VxRail Technical Marketing
Related Blog Posts
VxRail brings key features with the release of 4.7.510
Thu, 18 Jun 2020 14:24:47 -0000|
Read Time: 0 minutes
VxRail recently released a new version of our software, 4.7.510, which brings key feature functionality and product offerings
At a high level, this release further solidifies VxRail’s synchronous release commitment with vSphere of 30 days or less. VxRail and the 4.7.510 release integrates and aligns with VMware by including the vSphere 6.7U3 patch release. More importantly, vSphere 6.7U3 provides the underlying support for Intel Optane persistent memory (or PMem), also offered in this release.
Intel Optane persistent memory is non-volatile storage medium with RAM-like performance characteristics. Intel Optane PMem in a hyperconverged VxRail environment accelerates IT transformation with faster analytics (think in-memory DBMS), and cloud services.
Intel Optane PMem (in App Direct mode) provides added memory options for the E560/F/N and P570/F and is supported on version 4.7.410. Additionally, PMem will be supported on the P580N beginning with version 4.7.510 on July 14.
This technology is ideal for many use cases including in-memory databases and block storage devices, and it’s flexible and scalable allowing you to start small with a single PMem module (card) and scale as needed. Other use cases include real-time analytics and transaction processing, journaling, massive parallel query functions, checkpoint acceleration, recovery time reduction, paging reduction and overall application performance improvements.
New functionality enables customers to schedule and run "on demand” health checks in advance, and in lieu of the LCM upgrade. Not only does this give customers the flexibility to pro-actively troubleshoot issues, but it ensures that clusters are in a ready state for the next upgrade or patch. This is extremely valuable for customers that have stringent upgrade schedules, as they can rest assured that clusters will seamlessly upgrade within a specified window. Of course, running health checks on a regular basis provides sanity in knowing that your clusters are always ready for unscheduled patches and security updates.
Finally, the VxRail 4.7.510 release introduces optimized security functionality with two-factor authentication (or 2FA) with SecurID for VxRail. 2FA allows users to login to VxRail via the vCenter plugin when the vCenter is configured for RSA 2FA. Prior to this version, the user would be required to enter username and password. The RSA authentication manager automatically verifies multiple prerequisites and system components to identify and authenticate users. This new functionality saves time by alleviating the username/password entry process for VxRail access. Two-factor authentication methods are often required by government agencies or large enterprises. VxRail has already incorporated enhanced security offerings including security hardening, VxRail ACLs and RBAC, KMIP compliant key management, secure logging, and DARE, and now with the release of 4.7.510, the inclusion of 2FA further distinguishes VxRail as a market leader.
Please check out these resources for more VxRail 4.7.510 information:
By: KJ Bedard - VxRail Technical Marketing Engineer
Adding to the VxRail summer party with the release of VxRail 7.0.010
Wed, 29 Jul 2020 20:15:50 -0000|
Read Time: 0 minutes
After releasing multiple VxRail 4.7 software versions in the early summer, the VxRail 7.0 software train has just now joined the party. Like any considerate guest, VxRail 7.0.010 does not come empty handed. This new software release brings new waves of cluster deployment flexibility so you can run a wider range of application workloads on VxRail, as well as new lifecycle management enhancements for you to sit back and enjoy the party during their next cluster update.
The following capabilities expand the workload possibilities that can run on VxRail clusters:
- More network flexibility with support for customer-supplied virtual distributed switch (VDS) – Often times, customers with a large deployment of VxRail clusters prefer to standardize their VDS so they can re-use the same configuration on multiple clusters. Standardization simplifies cluster deployment operations and VDS management and reduces errors. This is sure to be a hit for our party guests with grand plans to expand their VxRail footprint.
- Network redundancy – the support for customer-supplied VDS also enables support for network card level redundancy and link aggregation. Now you can create a NIC teaming policy that can tolerate a network card failure for VxRail system traffic. For example, the policy would include a port on the NDC and another port on the PCIe network card. If one network card becomes unavailable, the traffic can still run through the remaining network card. With link aggregation, you can increase the network bandwidth by utilizing multiple ports in an active/active network connection. You can select the load balancing option when configuring the NIC teaming policy.
Network card level redundancy with active/active network connections
- FIPS 140-2 Level 1 validated cryptography – Industry sectors such as the federal sector require this level of security for any applications that access sensitive data. Now the VxRail software meets this standard by using cryptographic libraries and encrypting data in-transit and storage of keys and credentials. Combine that with existing vSAN encryption that already meets this standard for data at rest, VxRail clusters can be a fit for even more environments in various industry sectors with higher security standards. The guest list for this party is only getting bigger.
Along with these features that increase the market opportunity for VxRail clusters, lifecycle management enhancements also come along with VxRail 7.0.010’s entrance to the party. VxRail has strengthened in LCM pre-upgrade health check to include more ecosystem components in the VxRail stack. Already providing checks against the HCI hardware and software, VxRail is extending to ancillary components such as the vCenter Server, Secure Remote Services gateway, RecoverPoint for VMs software, and the witness host used for 2-node and stretched clusters. The LCM pre-upgrade health check performs a version compatibility against these components before upgrading the VxRail cluster. With a stronger LCM pre-upgrade health check, you’ll have more time for summer fun.
VxRail 7.0.010 is here to keep the VxRail summer party going. These new capabilities will help our customers accelerate innovation by providing an HCI platform that delivers the infrastructure flexibility their applications require, while giving the administrators the operational freedom and simplicity to fearlessly update their clusters freely.
Interested in learning more about VxRail 7.0.010? You can find more details in the release notes.
Daniel Chiu, VxRail Technical Marketing