Secure Cloud: Check! Flexible Cloud Networking: Check! Powerful Cloud Hardware: Check!
Wed, 25 Aug 2021 15:22:26 -0000|
Read Time: 0 minutes
Dell Technologies and VMware are happy to announce the availability of VMware Cloud Foundation 4.3.0 on VxRail 7.0.202. This new release provides several security-related enhancements, including FIPS 140-2 support, password auto-rotation support, SDDC Manager secure API authentication, data protection enhancements, and more. VxRail-specific enhancements include support for the more powerful, 3rd Gen AMD EYPC™ CPUs and NVIDIA A100 GPUs (check this blog for more information about the corresponding VxRail release), and more flexible network configuration options with the support for multiple System Virtual Distributed Switches (vDS).
Let’s quickly discuss the comprehensive list of the new enhancements and features:
VCF and VxRail Software BOM Updates
These include the updated version of vSphere, vSAN, NSX-T, and VxRail Manager. Please refer to the VCF on VxRail Release Notes for comprehensive, up-to-date information about the release and supported software versions.
VCF on VxRail Networking Enhancements
Day 2 AVN deployment using SDDC Manager workflows
The configuration of an NSX-T Edge cluster and AVN networks are now a post-deployment process that is automated through SDDC Manager. This approach simplifies and accelerates the VCF on VxRail Bring-up and provides more flexibility for the network configuration after the initial deployment of the platform.
Figure 1: Cloud Foundation Initial Deployment – Day 2 NSX-T Edge and AVN
Shrink and expand operations of NSX-T Edge Clusters using SDDC Manager workflows
NSX-T Edge Clusters can now be expanded and shrunk using in-built-in automation from within SDDC Manager. This allows VCF operators to scale the right level of resources on-demand without having to size for demand up-front, which results in more flexibility and better use of infrastructure resources in the platform.
VxRail Multiple System VDS support
Two System Virtual Distributed Switch (vDS) configuration support was introduced in VxRail 7.0.13x. VCF 4.3 on VxRail 7.0.202 now supports a VxRail deployed with two system vDS, offering more flexibility and choice for the network configuration of the platform. This is relevant for customers with strict requirements for separating the network traffic (for instance, some customers might be willing to use a dedicated network fabric and vDS for vSAN). See the Figure 2 below for a sample diagram of the new network topology supported:
Figure 2: Multiple System VDS Configuration Example
VCF on VxRail Data Protection Enhancements
Expanded SDDC Manager backup and restore capabilities for improved VCF platform recovery
This new release introduces new abilities to define a periodic backup schedule, retention policies of backups, and disable or enable these schedules in the SDDC Manager UI, resulting in simplified backup and recovery of the platform (see the screenshot below in Figure 3).
Figure 3: Backup Schedule
VCF on VxRail Security Enhancements
SDDC Manager certificate management operations – expanded support for using SAN attributes
The built-in automated workflow for generating certificate signing requests (CSRs) within SDDC Manager has been further enhanced to include the option to input a Subject Alternate Name (SAN) when generating a certificate signing request. This improves security and prevents vulnerability scanners from flagging invalid certificates.
SDDC Manager Password Management auto-rotation support
Many customers need to rotate and update passwords regularly across their infrastructure, and this can be a tedious task if not automated. VCF 4.3 provides automation to update individual supported platform component passwords or rotate all supported platform component passwords (including integrated VxRail Manager passwords) in a single workflow. This feature enhances the security and improves the productivity of the platform admins.
FIPS 140-2 Support for SDDC Manager, vCenter, and Cloud Builder
This new support increases the number of VCF on VxRail components that are FIPS 140-2 compliant in addition to VxRail Manager, which is already compliant with this security standard. It improves platform security and regulatory compliance with FIPS 140-2.
Improved VCF API security
Token based Auth API access is now enabled within VCF 4.3 for secure authentication to SDDC Manager by default. Access to private APIs that use Basic Auth has been restricted. This change improves platform security when interacting with the VCF API.
VxRail Hardware Platform Enhancements
VCF 4.3 on VxRail 7.0.202 brings new hardware features including support for AMD 3rd Generation EPYC CPU Platform Support and Nvidia A100 GPUs.
These new hardware options provide better performance and more configuration choices. Check this blog for more information about the corresponding VxRail release.
VCF on VxRail Multi-Site Architecture Enhancements
NSX-T Federation guidance - upgrade and password management Day 2 operations
New manual guidance for password and certificate management and backup & restore of Global Managers.
As you can see, most of the new enhancements in this release are focused on improving platform security and providing more flexibility of the network configurations. Dell Technologies and VMware continue to deliver the optimized, turnkey platform experience for customers adopting the hybrid cloud operating model. If you’d like to learn more, please check the additional resources linked below.
Related Blog Posts
Learn more about the latest major VxRail software update: VxRail 7.0.240
Wed, 15 Sep 2021 16:27:30 -0000|
Read Time: 0 minutes
In a blink of an eye, September is already here. All those well-deserved August holidays have come and gone. As those summer memories with colorful umbrella drinks in hand fade into the background, your focus now turns to finishing this year strong. With the recent announcement on the latest VxRail software release, VxRail is providing the juice to get you well on your way.
VxRail HCI System Software version 7.0.240 has arrived with much anticipation as it includes the expansion of the VxRail product portfolio in the form of VxRail dynamic nodes and significant lifecycle management (LCM) enhancements that our VxRail customers will surely appreciate. Dynamic nodes extend the spectrum of use cases for VxRail by addressing more workload types. The LCM enhancements in the latest software release add to the operational simplicity that VxRail users truly value by increasing the level of automation and flexibility to ensure cluster integrity throughout the life of their cluster.
VxRail dynamic nodes
As VxRail dynamic nodes were described in the external launch event, they benefit customers who are committed to continue running their mission-critical data-centric workloads on Dell EMC storage arrays because of the enterprise-level resiliency and data protection capabilities but value the operational certainty that VxRail offers to their IT teams. This use case can be particularly relevant for customers who have standardized on VCF on VxRail as their infrastructural building block for their cloud operating model. These scenarios can apply to financial and medical industries among many others. For some customers, scaling of storage and compute independently in their HCI environments can better suit some of their application workloads, whether it is a better use of resources or potential reduction in license costs for compute-intensive workloads like Oracle.
Piqued your interest? Let’s move deeper into the technical details so you can better understand how VxRail dynamic nodes address these use cases.
Figure 1: VxRail dynamic node offering
- VxRail dynamic nodes are compute-only nodes running vSphere. Dynamic nodes run VMware ESXi with vSphere Enterprise Plus licenses but do not have vSAN licenses.
- They do not have any internal drives. As a result, the VxRail Manager VM runs on an external datastore that can come from either Dell EMC storage arrays (PowerStore-T, PowerMax, and Unity XT) or VMware vSAN HCI Mesh. Customers can now scale their compute and storage independently while some customers can continue to leverage their Dell EMC storage arrays for enterprise-level resiliency options.
- Dynamic nodes run on the same VxRail HCI System Software as any other VxRail cluster. The same intelligent LCM experience backed by VxRail’s Continuously Validated States exists in dynamic nodes.
Figure 2: VxRail dynamic node platforms
Like the three-flavor Neapolitan ice cream tub, there’s a flavor of dynamic nodes to match each application requirement. While there are not any cache and capacity drives on dynamic nodes, all other hardware configurations on these models are available. The E-series is the space-efficient 1U platform. The P-series is the performance-focused platform. The V-series is optimized for GPU-acceleration with up to six GPUs per node.
For those wanting to use their Dell EMC storage arrays with these brand-new VxRail dynamic nodes, here are some important pieces of information to consider.
- With VxRail 7.0.240, Dell EMC PowerStore-T, PowerMax, and UnityXT are the supported external arrays for this use case. Third-party storage arrays are not supported.
- Storage connectivity is through Fibre-Channel, either 16Gb or 32Gb Dell EMC Connectrix Brocade or Cisco MDS FC switches.
- Management of the storage array and Fibre-Channel switch is done separately including lifecycle management, zoning, and provisioning of storage. VxRail HCI System Software is responsible for the LCM of the dynamic nodes themselves.
- When deploying a dynamic node cluster, the datastores need to be already provisioned and zoned to the dynamic nodes.
- The storage array and dynamic nodes are sold separately and supported discretely by Dell Technologies.
Now let’s move onto the LCM enhancements in VxRail 7.0.240. There are three notable enhancements that VxRail users will notice – unless their thoughts have drifted away into those summertime memories.
Figure 3: Update advisor
First, update advisor is a new tool to help you plan for their next cluster update. From the Updates > Internet Updates tab, you can now see a list of available update paths for their specific cluster. This feature does not replace your responsibility to review the release notes and decide on to which version to update their cluster but, it does generate an advisory report with critical information to let you know what needs to be updated based on your cluster’s current Continuously Validated State. Update advisor is a helpful tool to plan your maintenance window.
Figure 4: Sample compliance drift report
Second, VxRail Manager now has a compliance checker that will detect any unforeseen version drift from the current Continuously Validated State running on your VxRail cluster. As shown on the image above, it provides a component-by-component report as part of the compliance check. It is run daily by default and can be initiated on-demand.
The third LCM enhancement is VxRail LCM compatibility with VMware vSphere Lifecycle Manager (vLCM).
Figure 5: VMware vSphere Lifecycle Manager vLCM framework
As a refresher, VMware vLCM was introduced in vSphere 7.0 as a framework to allow for software (ESXi) and hardware (firmware and drivers) to be updated together as a single system. VMware supplies the base image which is the ESXi image, and then it is up to the hardware vendors, like Dell Technologies, to provide the hardware support manager that plugs into that framework to supply the necessary firmware and drivers and to update them. Together, they form the baseline image which is used for the compliance checker. When updating the cluster, a desired state image is built from a combination of VMware-provided ESXi image and vendor(s)-provided firmware and drivers. Based on the drift detection analysis between the baseline and desired state images, vLCM will remediate the hosts on the cluster to complete the update.
VxRail’s newly introduced vLCM compatibility enables the VxRail Manager VM to plug into the framework to perform cluster updates using VxRail-provided desired state images in the form of Continuously Validated States. Essentially, VxRail has automated the hardware support manager plugin setup and exporting the depot of firmware and drivers to vCenter, which is a very manual process for other HCI solutions. While other hardware support manager plugins to vLCM require a multiple-step procedure to establish a baseline image and desired state image and interaction with multiple interfaces, VxRail’s implementation leverages the vLCM APIs to truly obfuscate those complexities into a streamlined experience all within VxRail Manager. Because VxRail Manager already stores the Continuously Validated State on its VM, the process of identification and exporting of the hardware firmware and drivers on the VxRail stack can easily be automated. The simplicity of VxRail’s support for vLCM cannot be understated.
Figure 6: VxRail’s vLCM implementation automates and simplifies the user’s cluster update experience
Similarly, performing cluster updates is a streamlined process once the LCM bundle is downloaded onto the VxRail Manager VM. From VxRail Manager, via the vLCM APIs, the bundle is loaded onto the vLCM framework as the desired state image. In short, vLCM compatibility is mostly transparent to the user as the LCM experience still runs through VxRail Manager.
The next likely question is why offer this enhancement? The explanation can be conveyed in two points both related to cutting down the time to update the cluster.
- Consolidate VMware software updates – for users that already run NSX-T or vSphere with Tanzu, vLCM allows for those VIBs to be included into the desired state image. Instead of updating each VMware software separately, they can be done together in a single boot cycle.
- Consolidate non-VxRail managed components – there are a few components such as the FC HBA that are not part of Continuously Validated State. Those components would then need to be updated separately which may require additional host reboots. The vendor addon feature in vLCM, as shown in the image above, provides the capability to include component firmware/drivers into the cluster image for a consolidated update cycle. Using vLCM APIs, VxRail has incorporated the vendor addon feature into its vLCM implementation in VxRail Manager.
By introducing vLCM compatibility into VxRail LCM, users can benefit from these cool capabilities. With VxRail 7.0.240, the use of vLCM is disabled by default. Users can choose to enable vLCM immediately or enable it later. Developing vLCM compatibility is also a strategic decision to put VxRail in a position to enhance more vLCM capabilities as they come.
VxRail 7.0.240 is a monumental software release that expands the breadth of the VxRail portfolio’s reach in addressing workload types with VxRail dynamic nodes and its depth by enhancing is differentiated LCM experience by providing more ways to ensure cluster integrity and to improve cluster maintenance times. Though the summer is drawing to a close, VxRail is providing you the boost to stay dynamic and finish 2021 strong. Keep an eye out for more content about the latest VxRail release.
For more information about VxRail dynamic nodes, you can check out the VxRail launch page: https://www.delltechnologies.com/en-us/events/vxrail-launch.htm.
If you want to learn more about how VxRail LCM differentiates itself from other HCI vendors using VMware vLCM, you can read these previously posted blogs:
Daniel Chiu, Senior Technical Marketing Manager at Dell Technologies
Announcing General Availability of VCF 22.214.171.124 on VxRail 4.7.511
Thu, 18 Jun 2020 14:57:10 -0000|
Read Time: 0 minutes
Improved automated lifecycle management and new hardware options
Today (7/2), Dell Technologies is announcing General Availability of VMware Cloud Foundation 126.96.36.199 on VxRail 4.7.511.
Why we are releasing 188.8.131.52?
Because we’ve been notified about an upcoming important patch for the Cloud Foundation version 3.10 from VMware, and we wanted to incorporate it in a GA version on VxRail for the best experience for our customers.
This new release introduces VCF enhancements and VxRail enhancements.
VMware Cloud Foundation 184.108.40.206 enhancements:
- ESXi Cluster-Level and Parallel Upgrades - Enables customers to update the ESXi software on multiple clusters in the management domain or in a workload domain in parallel. Parallel upgrades reduce the overall time required to upgrade the VCF environment.
Figure 1. ESXi Cluster-Level and Parallel Upgrades
- NSX-T Data Center Cluster-Level and Parallel Upgrades - Enables customers to upgrade all edge clusters in parallel, and then all host clusters in parallel. Again, parallel upgrades reduce the overall time required to upgrade the VCF environment. There’s also a possibility to select specific clusters to upgrade, using multiple upgrade windows, so that there’s no requirement for all clusters to be available at a given time.
- Skip Level Upgrades - Enables customers to upgrade to VMware Cloud Foundation on Dell EMC VxRail 3.10 from versions 3.7 and later. Note: in case of VCF on VxRail, this must be performed by Dell EMC Customer Support at this time – customer enabled skip level upgrades will be supported when the feature is available in the GUI. Customers with active support contracts should open a Service Request with Dell EMC Customer Support to schedule the skip level upgrade activity.
Option to disable Application Virtual Networks (AVNs) during Bring-up - AVNs deploy vRealize Suite components on NSX overlay networks. We recommend using this option during bring-up. Customers can now disable this feature, for instance, if they are not planning to use vRealize Suite components.
- Support for multiple NSX-T Transport Zones - Some customers require this option due to their architecture/security standards, for even better separation of the network traffic. It’s now available as a Day 2 configuration option that can be enabled by customers or VMware Professional Services.
- BOM Updates - Updated Bill of Materials with new product versions. For an updated BOM, please consult the release notes.
VxRail 4.7.511 enhancements:
- VCF on VxRail login using RSA SecurID two-factor authentication - Allows customers to implement more secure, two-factor authentication for VCF on VxRail using the RSA SecurID solution.
- Support for new hardware options - Please check this blog post and the press release for more details on VxRail 4.7.510 platform features:
- Intel Optane Persistent Memory
- VxRail D560 / D560F – ruggedized VxRail nodes
- VxRail E665/F/N – AMD-based VxRail nodes
VMware Cloud Foundation 220.127.116.11 on VxRail 4.7.511 provides several features that allow existing customers to upgrade their platform more efficiently than ever before. The updated LCM capabilities offer not only more efficiency (with parallelism), but more flexibility in terms of handling the maintenance windows. With skip level upgrade, available in this version as a professional service, it’s also possible to get to this latest release much faster. This increases security, and allows customers to get the most benefit from their existing investments in the platform. New customers will benefit from the broader spectrum of hardware options, including ruggedized (D-series) and AMD-based nodes.
Blog post about VCF 4.0 on VxRail 7.0: The Dell Technologies Cloud Platform – Smaller in Size, Big on Features
Blog post about new features in VxRail 4.7.510: VxRail brings key features with the release of 4.7.510
Blog post about VCF 3.10 from VMware: Introducing VMware Cloud Foundation 3.10
Author: Karol Boguniewicz, Senior Principal Engineer, VxRail Technical Marketing