ESXi Archives - cloud13.ch

VMware Cloud Foundation Spotlight – February 2024

Feb 16, 2024 | ESXi, NSX, VMware Aria, VMware Cloud Foundation, vSAN, vSphere

I remember during all those years when I told customers that “VMware Cloud Foundation is the new vSphere”, and in my opinion, Broadcom is preparing the way that VMware Cloud Foundation (VCF) becomes long-term the new de facto standard in data centers (and public clouds). With this first spotlight, I would like to highlight some of the new information from VMware by Broadcom.

End of General Availability of the Free vSphere Hypervisor

In case you missed the information in the blog VMware End Of Availability of Perpetual Licensing and SaaS Services:

There is no “replacement product” for the “VMware vSphere Hypervisor free edition”. The recently published KB2107518 confirms it:

As part of the transition of perpetual licensing to new subscription offerings, the VMware vSphere Hypervisor (Free Edition) has been marked as EOGA (End of General Availability). At this time, there is not an equivalent replacement product available.

VMware Data Services Strategy

VMware announced at VMware Explore 2023 that Data Services Manager 2.0 (DSM 2.0) is going to be a key component of their strategy and that it will be tightly integrated with VMware Cloud Foundation. Back in November, VMware expected the next generation of DSM to be available in Q4 FY24 (aka Q1 calendar year 2024 for us), which would be soon.

In response to a growing need from customers to deliver and support next-gen cloud native and AI-powered applications in their private cloud, we are now including Data Services Manager in VMware Cloud Foundation to deliver a native infrastructure automation and management experience for data services.

Learn more about DSM 2.0 on Cormac Hogan’s blog: https://cormachogan.com/dsm/

Important: Data Services Manager is available for VCF customers only.

VCF – vSAN Capacity

The script and license calculator from VMware show no more 8 TiB minimum requirement per CPU socket. Have not seen any official announcement yet.

Any news about the VMware Firewall and VMware Firewall with ATP add-ons?

No. It is still the case that customers, who need NSX’s distributed firewall or ATP (advanced threat prevention) capabilities, need to purchase these add-ons to VCF. In other words, you need to have VMware Cloud Foundation and you cannot get these add-ons as standalone products independently from VCF.

ROBO and Edge Compute Stack

VMware announced last week two new Edge Compute Stack (ECS) editions:

ECS Advanced Edition: VMware Edge Cloud Orchestrator (VECO), VMware vSphere Foundation (VVF)
ECS Enterprise Edition: VECO, VMware Cloud Foundation (VCF)

This is not a replacement for ROBO customers and use cases, but the new ECS offerings are specially made for edge use cases and hence might be the right solution for your needs.

Important: Not all VVF and VCF products and features are included in the ECS Editions. Example: With ECS Enterprise customers will manage their environments with VECEO instead of using SDDC Manager.

What happens if my VVF or VCF subscriptions expire?

The new subscription licenses customers get, have no expiration date. An expiring license should have no impact on your infrastructure, deployed VMware products continue to run as expected. After expiration, customers will not be able to receive support.

VMware Cloud Foundation – What is a Workload Domain?

https://www.youtube.com/watch?v=kwn1fqb3lts&ab_channel=VMwareCloudFoundation

Updated VMware Cloud Foundation Datasheet

We finally can find an updated VCF datasheet here.

What happened to the Avi Basic Edition?

It looks like the NSX Advanced Load Balancer (ALB) Basic Edition is not available anymore.

VMware is announcing the End of Availability of NSX Advanced Load Balancer (ALB) Basic Edition for new deployments and End of General Support (EoGS) for existing deployments.

Note: NSX ALB is now referred to as VMware Avi Load Balancer.

What about the future of Tanzu Kubernetes Grid (TKG)?

Please ask your VMware contact to organize a meeting with Timmy Carr, who can share more information about the TKG roadmap.

Hint: The roadmap for this year looks VERY promising!

Is VMware by Broadcom working on a VCF roadmap?

Yes, definitely. While I am not allowed to share any detailed information, here are some items my customers have on their wishlist:

Easier deployment and lifecycle management
Brownfield support (import existing vSphere, vSAN, NSX and Aria deployments)
Improvement of authentication and single sign-on
Decouple TKG and Kubernetes releases from vCenter
Include AI and cybersecurity capabilities
Reduce the number of needed VMware appliances
Single license and same version numbers for all VCF components
Improve certification management in all products

Note: In case you are looking for more technical information about VMware Cloud Foundation, have a look at my most recent technical overview.

VMware Cloud on AWS – Advanced Security Features

Let us talk about VMware Cloud now since we have not heard that much about it during the past months.

Today, we are happy to announce that to address these challenges, we are providing some advanced security features out of the box as part of VMware Cloud on AWS core service. Now customers can strengthen the security posture of their hybrid cloud infrastructure with advanced security capabilities such as Layer 7 Application ID, FQDN Filtering, and User Identity-based Firewall (IDFW). Starting Feb 1, 2024, these features are available at no extra cost in all the SDDCs (new and existing SDDCs). These features are available via VMware Direct as well as AWS Resell routes to market.

All customers will be automatically entitled to the advanced security features on Feb 1, 2024. To avail these features, customers simply need to activate the ‘NSX Advanced Firewall’ service from the Integrated Services Tab under the NSX Advanced Firewall tile on VMware Cloud Console.

Google Cloud VMware Engine License Portability

VMware by Broadcom announced in December 2023 that they are working on license portability and a bring-your-own-license model for VMware Cloud.

From now on customers will be able to purchase subscriptions of the new VMware Cloud Foundation software from Broadcom and flexibly use those subscriptions in Google Cloud VMware Engine, as well as their on-premises data centers. Customers will retain the rights to the software subscription when deploying VMware Cloud Foundation on Google Cloud VMware Engine and have the ability to move their subscription between supported environments as desired.

Google Cloud is the first partner that is going to support VMware Cloud Foundation license portability!

Note: Broadcom and Google Cloud expect VMware Cloud Foundation license portability to Google Cloud VMware Engine to be available publicly in the second quarter of the calendar year 2024.

Azure VMware Solution

The partnership with Microsoft continues under VMware by Broadcom: https://azure.microsoft.com/en-us/blog/continued-innovation-with-azure-vmware-solution/

VMware Private AI Foundation with NVIDIA

VMware Private AI Foundation will become available this quarter. In the meanwhile, have a look at this IDC whitepaper about “For Generative AI, Private Data Is the Differentiator But Poses Security Concerns“.

VMware vSphere Foundation and VMware Cloud Foundation Overview

Dec 22, 2023 | Edge Computing, ESXi, Kubernetes, NSX, Tanzu, VMware Aria, VMware Cloud Foundation, vSAN, vSphere

As some of you already know, VMware by Broadcom is moving forward to primary offers only: VMware vSphere Foundation (VVF) and VMware Cloud Foundation (VCF). If you have missed this announcement, have a look at my blog A New Era: Broadcom’s Streamlined Approach to VMware’s Product Lineup and Licensing.

Since a lot of solutions and different editions from before are included, I thought it might be helpful to summarize in a little bit more detail what is known to partners, analysts, and some customers already. I am also adding some screenshots from VMware websites and presentations, which should help everyone get a better understanding of VVF and VCF.

vSphere Foundation and VMware Cloud Foundation

I have included the vSphere editions for smaller use cases and projects as well.

Please note that ROBO licenses are not available anymore and I expect the edge division at VMware by Broadcom to come up with additional bundles in the future.

VVF and VCF Products

More details about the different products and the features included in the Aria suites can be found here: VMware Aria Suite Editions and Products

If you are looking for more information about the Aria Operations management packs (formerly known as True Visibility Suite or Aria Operations for Integrations), have a look here: VMware Aria Operations for Integrations Documentation

Add-ons for VVF and VCF

The table below gives you an overview of which add-ons are available at the time of writing this blog.

Make sure to contact your VMware representative to understand which add-ons are available for VVF and VCF.

Note: Available add-ons are the text in bold.

VVF and VCF Add-ons

Tanzu Guardrails (formerly VMware Aria Guardrails)

Looking at the official Tanzu Guardrails product website we can learn the following:

Note: It seems that Tanzu Hub is part of Tanzu Guardrails Advanced and Enterprise

SRE Services for VMware Cloud Foundation

VMware Site Reliability Engineering (SRE) Services for VMware Cloud Foundation provide VMware expertise to create highly reliable and scalable cloud environments. The services provide a range of capabilities from patching and upgrades to security hardening to automated management and operations.

The SRE Services for VCF datasheet can be found here.

How to count cores for VVF/VCF and TiBs for vSAN add-on?

Please have a look at this updated knowledgebase article: KB95927

What about VMwara Aria SaaS?

Customers have no more option to buy VMware Aria products as standalone products or as SaaS: https://blogs.vmware.com/management/2024/01/dramatic-simplification-of-vmware-aria-as-part-of-vmware-cloud-foundation.html

The Aria cloud management capabilities are available only as components of VMware vSphere Foundation and VMware Cloud Foundation, which are sold for deployment on-premises or on certain public cloud providers including VMware Cloud on AWS. Existing Aria SaaS subscriptions will continue through the end of their term. At time of renewal, customers should purchase VMware vSphere Foundation and VMware Cloud Foundation.

Use this KB96168 to understand which products are impacted by this new policy.

What about Tanzu products?

For some of us, it seems that the Tanzu products are only available as VVF/VCF add-ons, which is not true.

Based on the different comments on various social media platforms and the interviews we have seen from VMware by Broadcom executives, we can say the following:

vSphere with Tanzu (aka TKGs) with its Supervisor architecture is going to be the long-term strategy (part of VVF and VCF)
Heavy focus on Tanzu Application Platform (TAP) and Tanzu For Kubernetes Operations (TKO)
We can expect continued support for TKGm and TKGi

Tanzu Portofolio and Strategy Recap

At VMware Explore 2023, VMware presented the “develop, operate, optimize” approach when they talk about platform engineering:

Develop – Secure paths to production
Operate – Deploy, managed and scale applications seamlessly
Optimize – Continuously tune cost, performance and security of applications at runtime

We learned that VMware (by Broadcom) is going to invest in TAP, Spring, TKO and data services. What’s the difference between TAS and TAP again?

Tanzu Application Service – Opinionated platform built on Cloud Foundry
Tanzu Application Platform – Modular and portable PaaS for any conformant Kubernetes

Tanzu Portfolio Jan 2024

Tanzu for Kubernetes Operations Refresher

TKO comes in two different editions:

Tanzu for Kubernetes Operations Foundation (TKO-F)
- Tanzu Mission Control (includes TMC self-managed)
- Tanzu Service Mesh
Tanzu for Kubernetes Operations (TKO)
- Tanzu Mission Control (includes TMC self-managed)
- Tanzu Service Mesh
- Tanzu Observability (aka Aria Operations for Apps, formerly Wavefront)
- Antrea (CNI)
- TKGm
- Harbor, HA Proxy, Calico, FluentBit, Contour, Prometheus, Grafana
- Avi Essentials (NSX ALB)

Note: NSX Advanced Load Balancer (aka NSX ALB) is no longer part of TKO since NSX ALB can be purchased as an add-on

Last Comments

While I was waiting to publish this blog, William Lam wrote a more detailed blog about VMware vSphere Foundation and VMware Cloud Foundation as well.

It is still early days and we can expect more updates from VMware by Broadcom soon. 🙂

A New Era: Broadcom’s Streamlined Approach to VMware’s Product Lineup and Licensing

Dec 12, 2023 | Edge Computing, ESXi, Kubernetes, NSX, Tanzu, VMware Cloud, VMware Cloud Foundation, vSAN, vSphere

Krish Prasad, VMware Cloud Foundation division General Manager, published this blog a few hours ago: https://news.vmware.com/company/vmware-by-broadcom-business-transformation

He announced a massive simplification of the VCF division’s product portfolio, which should help customers get more value for their investment in VMware solutions. To summarize Krish’s announcement:

There are going to be two primary standardized offers only from now on: vSphere Foundation and VMware Cloud Foundation (VCF)
End of sale of perpetual licenses and Support and Subscription (SnS) renewals
Bring-your-own-subscription license (BYOL) option, which provides portability to VMware-validated hybrid clouds running VMware Cloud Foundation

Disclaimer: This blog should provide customers and partners with a summary and some additional information from Krish’s announcement. There is also a chance that some of my understanding is incomplete or wrong. This article reflects my personal opinion and understanding, not Broadcom’s.

I will update the blog over the next few days and weeks.

vSphere Editions

The primary vSphere edition moving forward is called “vSphere Foundation”:

The new VMware vSphere Foundation delivers a more simplified enterprise-grade workload platform for our mid-sized to smaller customers. This solution integrates vSphere with our intelligent operations management to provide the best performance, availability, and efficiency with greater visibility and insights.

In other words, from now on vSphere customers get Aria Operations Advanced (formerly known as vRealize Operations) and Aria Operations for Logs (formerly known as vRealize Log Insight) together with vSphere (which has vCenter and Tanzu Kubernetes Grid included).

vSphere Essentials Plus Kit

Components:

vSphere Essentials Plus
vCenter Essentials
Per 96-core Kit (3 host max. / 6 CPU limit / 192-core limit; a host can have either 1x 64 cores or 2x 32 cores max.)
Includes Production Support

vSphere Standard

Components:

vSphere Standard
vCenter Standard
Includes Production Support

vSphere Foundation (VVF)

Components:

vSphere Enterprise Plus
vCenter Standard
Tanzu Kubernetes Grid (TKG)
vSAN Enterprise 100 GiB free (see FAQ below)
Aria Suite Term Standard
- Includes Aria Operations Advanced and Aria Operations for Logs
Includes Production Support
Plus Available Add-ons

Add-on Offerings

VMware vSAN Enterprise (add-on for VCF and vSphere Foundation only)

VMware Cloud Disaster Recovery / Ransomware Recovery (add-on for VCF and vSphere Foundation only)

Site Recovery Manager Enterprise

VMware Advanced Load Balancer (aka Avi)

VMware Firewall (add-on for VCF only), aka NSX Distributed Firewall

VMware Firewall with Advanced Threat Protection (ATP) (add-on for VCF only)

Tanzu Intelligence (details not clear yet)

Tanzu Mission Control (SaaS and self-managed)

Tanzu Application Platform / Spring Runtime (details not clear yet)

More add-ons coming in future (for example Private AI Foundation)

VMware Cloud Customer Journey

Existing VCF or future vSphere Foundation customers would go for the new VMware Cloud Foundation now, which can now be considered a true full-stack private and hybrid cloud stack:

VMware Cloud Foundation, our flagship enterprise-class hybrid cloud solution for customers to run their business critical and modern applications – in a secure, resilient and cost efficient manner. To allow more customers to benefit from this solution, we’ve reduced the previous subscription list price by half and added higher support service levels including enhanced support for activating the solution and lifecycle management.

Very important in case you missed that from the vSphere Foundation section above: Moving forward, VMware Cloud Foundation only includes NSX for network virtualization (overlay), with no more micro-segmentation or distributed firewalling (DFW) capabilities.

In other words, customers who need NSX’s DFW (VMware Firewall add-on) capabilities, need a VCF subscription first, which includes NSX.

Note: Currently, all new licensing bundles are coming in a “disconnected” fashion (no VMware Cloud connectivity)

While Krish mentioned BYOL and license portability in the future, there seem to be no immediate changes about the VMware Cloud and other hyperscaler offerings.

VMware Cloud Foundation (VCF)

Components:

vSphere Enterprise Plus
- Includes TKG and vCenter Standard
vSAN Enterprise per TiB per X amount of cores
Aria Suite Enterprise
- Aria Operations Enterprise (includes Aria Operations for Logs)
- Aria Automation
NSX Networking for VCF
HCX Enterprise
Aria Operations for Networks Enterprise (formerly known as vRealize Network Insight)
SDDC Manager
Includes Select Support
- Includes SRE (customers must deploy SDDC Manager to be entitled to SRE)
Add-ons: See above

Note: Going forward, standalone offerings are being EOA-ed (end of availability) – no more VCF components “a la carte”

VMware Cloud on X

We can expect that long-term these VMC or hyperscaler subscription offerings will converge to VCF.

Final Comments

Look, I do not have all the answers and information yet, because it is a lot to unpack. That is all I can share with you right now. Be patient. 🙂

But, this announcement from Broadcom (Krish) was an unexpected surprise since almost everyone was expecting price increases after the acquisition. Instead, Broadcom is cutting the subscription pricing in half!

An update of the above content can be found here: VMware vSphere Foundation and VMware Cloud Foundation Overview

Additional Resources

Unofficial Licensing FAQ

Q: What if I am a vSphere Essentials customer?
- A: I would recommend the vSphere Essentials Plus Kit
Q: What if I only need vSphere Enterprise Plus?
- A: Your best option is vSphere Foundation. There are no more standalone products.
Q: Do I need VCF if I want NSX distributed firewall?
- A: Yes, at the moment this seems to be the case that the “VMware Firewall” (distributed firewall aka micro-segmentation) add-on cannot be subscribed as a vSphere Foundation customer. The same is true of other features like security or gateway firewall.
Q: What if have/need vSphere for Desktop?
- A: The recommended solution is vSphere Foundation
Q: What if I am a vCloud Suite customer?
- A: VMware Cloud Foundation makes sense for vCloud Suite Enterprise and Advanced editions. If you have vCloud Suite Standard I recommend vSphere Foundation going forward.
Q: How many vCenters are included?
- A: To my knowledge, it is one vCenter per core. So, one could say that this means “unlimited”.
Q: What happens to the Avi (NSX ALB) Basic edition?
- A: It seems there will be no Avi Basic anymore. Customers need to go for the add-on.
Q: Do customers from now on need to deploy SDDC Manager as part of VMware Cloud Foundation?
- A: No, they do not. But to be entitled to SRE, you need to deploy the full stack.
Q: How is Site Recovery Manager (SRM) Enterprise licensed?
- A: Per protected 25-VMs
Q: What about the True Visibility Suite (TVS)?
- A: These management packs will be enabled as part of the Aria Suites which are included in vSphere Foundation and VMware Cloud Foundation.
Q: What about (vSAN) ROBO licenses?
- A: ROBO licenses are EOA as well, but all vSphere Foundation customers will receive vSAN Enterprise 100 GiB (for free) for every core purchased.
Q: What is included in the Tanzu Intelligence add-on?
- A: Tanzu Guardrails (Advanced or Enterprise), Aria Operations for Apps (formerly known as Tanzu Observability (aka Wavefront)), Tanzu Application Catalog, Tanzu CloudHealth Enterprise, Tanzu Insights
Q: What happened to SaltStack Cionfig and SecOps?
- A: Both are part of the Tanzu Guardrails Enterprise add-on
Q: Can customers mix perpetual and new offerings?
- A: In general yes.
Q: Can you tell me more about the vSAN free tier included with vSphere Foundation?
- A: It seems you are going to be entitled to a maximum of 100GiB per core in the vSAN storage cluster. Example: 4 hosts with 32 cores each * 100GiB = 12.8TiB (without paying for any vSAN add-on!).
  - Important: This feature will be available in one of the upcoming releases. Hopefully in vSphere 8.0U3 🙂

VMware Cloud Foundation 5.1 – Technical Overview

Nov 9, 2023 | Edge Computing, ESXi, HCX, homelab, Kubernetes, NSX, Tanzu, VMware Cloud, VMware Cloud Foundation, VMware Data, vSAN, vSphere

This technical overview supersedes this version, which was based on VMware Cloud Foundation 5.0, and now covers all capabilities and enhancements that were delivered with VCF 5.1.

What is VMware Cloud Foundation (VCF)?

VMware Cloud Foundation is a multi-cloud platform that provides a full-stack hyperconverged infrastructure (HCI) that is made for modernizing data centers and deploying modern container-based applications. VCF is based on different components like vSphere (compute), vSAN (storage), NSX (networking), and some parts of the Aria Suite (formerly vRealize Suite). The idea of VCF follows a standardized, automated, and validated approach that simplifies the management of all the needed software-defined infrastructure resources.

This stack provides customers with consistent infrastructure and operations in a cloud operating model that can be deployed on-premises, at the edge, or in the public cloud.

What software is being delivered in VMware Cloud Foundation?

Update February 16th, 2024: Please have a look at this article to understand the current VCF licensing. I will publish an updated version of this blog as soon as VMware Cloud Foundation 5.2 has been released.

The BoM (bill of materials) is changing with each VCF release. With VCF 5.1 the following components and software versions are included:

Software Component	Version	Date	Build Number
Cloud Builder VM	5.1	07 NOV 2023	22688368
SDDC Manager	5.1	07 NOV 2023	22688368
VMware vCenter Server Appliance	8.0 Update 2a	26 OCT 2023	22617221
VMware ESXi	8.0 Update 2	21 SEP 2023	22380479
VMware vSAN Witness Appliance	8.0 Update 2	21 SEP 2023	22385739
VMware NSX	4.1.2.1	7 NOV 2023	22667789
VMware Aria Suite Lifecycle	8.14	19 OCT 2023	22630473

VMware vSAN is included in the VMware ESXi bundle.
You can use VMware Aria Suite Lifecycle to deploy VMware Aria Automation, VMware Aria Operations, VMware Aria Operations for Logs, and Workspace ONE Access. VMware Aria Suite Lifecycle determines which versions of these products are compatible and only allows you to install/upgrade to supported versions.
VMware Aria Operations for Logs content packs are installed when you deploy VMware Aria Operations for Logs.
The VMware Aria Operations management pack is installed when you deploy VMware Aria Operations.
You can access the latest versions of the content packs for VMware Aria Operations for Logs from the VMware Solution Exchange and the VMware Aria Operations for Logs in-product marketplace store.

What’s new with VCF 5.1?

Important changes mentioned in the release notes:

Support for vSAN ESA.vSAN ESA is an alternative, single-tier architecture designed ground-up for NVMe-based platforms to deliver higher performance with more predictable I/O latencies, higher space efficiency, per-object based data services, and native, high-performant snapshots.
vSphere Distributed Services engine for Ready nodes. AMD-Pensando and NVIDIA BlueField-2 DPUs are now supported. Offloading the Virtual Distributed Switch (VDS) and NSX network and security functions to the hardware provides significant performance improvements for low latency and high bandwidth applications. NSX distributed firewall processing is also offloaded from the server CPUs to the network silicon.
Mixed-mode Support for Workload Domains. A VCF instance can exist in a mixed BOM state where the workload domains are on different VCF 5.x versions. Note: The management domain should be on the highest version in the instance.
Support for mixed license deployment. A combination of keyed and keyless licenses can be used within the same VCF instance.
VMware vRealize rebranding. VMware recently renamed vRealize Suite of products to VMware Aria Suite. See the Aria Naming Updates blog post for more details.
Increased GPU scale. VMware Cloud Foundation 5.1 provides increased support for VMs to be configured with up to 16 GPU devices.

What are the VMware Cloud Foundation components?

To manage the logical infrastructure in the private cloud, VMware Cloud Foundation augments the VMware virtualization and management components with VMware Cloud Builder and VMware Cloud Foundation SDDC Manager.

VMware Cloud Foundation Component	Description
VMware Cloud Builder	VMware Cloud Builder automates the deployment of the software-defined stack, creating the first software-defined unit known as the management domain.
SDDC Manager	SDDC Manager automates the entire system life cycle, that is, from configuration and provisioning to upgrades and patching including host firmware, and simplifies day-to-day management and operations. From this interface, the virtual infrastructure administrator or cloud administrator can provision new private cloud resources, monitor changes to the logical infrastructure, and manage life cycle and other operational activities.
vSphere	vSphere uses virtualization to transform individual data centers into aggregated computing infrastructures that include CPU, storage, and networking resources. VMware vSphere manages these infrastructures as a unified operating environment and provides you with the tools to administer the data centers that participate in that environment. The two core components of vSphere are ESXi and vCenter Server. ESXi is the virtualization platform where you create and run virtual machines and virtual appliances. vCenter Server is the service through which you manage multiple hosts connected in a network and pool host resources.
vSAN	vSAN aggregates local or direct-attached data storage devices to create a single storage pool that is shared across all hosts in the vSAN cluster. Using vSAN removes the need for external shared storage, and simplifies storage configuration and virtual machine provisioning. Built-in policies allow for flexibility in data availability.
NSX	NSX is focused on providing networking, security, automation, and operational simplicity for emerging application frameworks and architectures that have heterogeneous endpoint environments and technology stacks. NSX supports cloud-native applications, bare-metal workloads, multi-hypervisor environments, public clouds, and multiple clouds.
vSphere with Tanzu	By using the integration between VMware Tanzu and VMware Cloud Foundation, you can deploy and operate the compute, networking, and storage infrastructure for vSphere with Tanzu, also called Workload Management. vSphere with Tanzu transforms vSphere to a platform for running Kubernetes workloads natively on the hypervisor layer. When enabled on a vSphere cluster, vSphere with Tanzu provides the capability to run Kubernetes workloads directly on ESXi hosts and to create upstream Kubernetes clusters within dedicated resource pools.
VMware Aria Suite	VMware Cloud Foundation supports automated deployment of VMware Aria Suite Lifecycle. You can then deploy and manage the life cycle of Workspace ONE Access and the VMware Aria Suite products (VMware Aria Operations for Logs, VMware Aria Automation, and VMware Aria Operations) by using VMware Aria Suite Lifecycle. VMware Aria Suite is a purpose-built management solution for the heterogeneous data center and the hybrid cloud. It is designed to deliver and manage infrastructure and applications to increase business agility while maintaining IT control. It provides the most comprehensive management stack for private and public clouds, multiple hypervisors, and physical infrastructure.

VMware Cloud Foundation Architecture

VCF is made for greenfield deployments (brownfield not supported) and supports two different architecture models:

Standard Architecture
Consolidated Architecture

VMware Cloud Foundation Deployment Options

The standard architecture separates management workloads and lets them run on a dedicated management workload domain. Customer workloads are deployed on a separate virtual infrastructure workload domain (VI workload domain). Each workload domain is managed by a separate vCenter Server instance, which allows autonomous licensing and lifecycle management.

VMware Cloud Foundation Single Site Deployment

Note: The standard architecture is the recommended model because it separates management workloads from customer workloads.

Customers with a small environment (or a PoC) can start with a consolidated architecture. This allows you to run customer and management workloads together on the same workload domain (WLD).

Management Domain

The management domain is created during the bring-up process by VMware Cloud Builder and contains the VMware Cloud Foundation management components as follows:

Minimum four ESXi hosts
An instance of vCenter Server
A three-node NSX Manager cluster
SDDC Manager
vSAN datastore
One or more vSphere clusters each of which can scale up to the vSphere maximum of 64

VI Workload Domains

You create VI workload domains to run customer workloads. For each VI workload domain, you can choose the storage option – vSAN, NFS, vVols, or VMFS on FC.

VMware Cloud Foundation Storage Options

A VI workload domain consists of one or more vSphere clusters. Each cluster starts with a minimum of three hosts and can scale up to the vSphere maximum of 64 hosts. SDDC Manager automates the creation of the VI workload domain and the underlying vSphere clusters.

For the first VI workload domain in your environment, SDDC Manager deploys a vCenter Server instance and a three-node NSX Manager cluster in the management domain. For each subsequent VI workload domain, SDDC Manager deploys an additional vCenter Server instance. New VI workload domains can share the same NSX Manager cluster with an existing VI workload domain or you can deploy a new NSX Manager cluster. VI workload domains cannot use the NSX Manager cluster for the management domain.

What is a vSAN Stretched Cluster?

vSAN stretched clusters extend a vSAN cluster from a single site to two sites for a higher level of availability and inter-site load balancing.

VMware Cloud Foundation Stretched Cluster

Does VCF provide flexible workload domain sizing?

Yes, that’s possible. You can license the WLDs based on your needs and use the editions that make the most sense depending on your use cases.

VMware Cloud Foundation Flexible Licensing

How many physical nodes are required to deploy VMware Cloud Foundation?

A minimum of four physical nodes is required to start in a consolidated architecture or to build your management workload domain. Four nodes are required to ensure that the environment can tolerate a failure while another node is being updated.

VI workload domains require a minimum of three nodes.

Can I mix vSAN ReadyNodes and Dell EMC VxRail deployments?

No. This is not possible.

What about edge/remote use cases?

When you would like to deploy VMware Cloud Foundation workload domains at a remote site, you can deploy so-called “VCF Remote Clusters”. Those remote workload domains are managed by the VCF instance at the central site and you can perform the same full-stack lifecycle management for the remote sites from the central SDDC Manager.

VMware Cloud Foundation Remote Cluster

Prerequisites to deploy remote clusters can be found here.

Note: If vSAN is used, VCF only supports a minimum of 3 nodes and a maximum of 4 nodes per VCF Remote Cluster. If NFS, vVOLs or Fiber Channel is used as principal storage, then VCF supports a minimum of 2 and a maximum of 4 nodes.

Important: Remote clusters and remote workload domains are not supported when VCF+ is enabled.

How many resources does the VCF management WLD need during the bring-up process?

We know that VCF includes vSphere (ESXi and vCenter), vSAN, SDDC Manager, NSX and eventually some components of the vRealize Suite. The following table should give you an idea what the resource requirements look like to get VCF up and running:

VMware Cloud Foundation Resource Requirements

If you are interested to know how many resources the Aria Suite (formerly vRealize Suite) will consume of the management workload domain, have a look at this table:

VMware Cloud Foundation Resource Requirements vRealize

Does VCF support HCI Mesh?

Yes. VMware Cloud Foundation 4.2 and later supports sharing remote datastores with HCI Mesh for VI workload domains.

HCI Mesh is a software-based approach for disaggregation of compute and storage resources in vSAN. HCI Mesh brings together multiple independent vSAN clusters by enabling cross-cluster utilization of remote datastore capacity within vCenter Server. HCI Mesh enables you to efficiently utilize and consume data center resources, which provides simple storage management at scale.

Note: At this time, HCI Mesh is not supported with VCF ROBO.

Important: HCI Mesh can be configured with vSAN OSA or ESA. HCI Mesh is not supported between a mix of
vSAN OSA and ESA clusters.

Does VMware Cloud Foundation support vSAN Max?

At the time of writing, no.

How is VMware Cloud Foundation licensed?

Currently, VCF is sold as part of VMware Cloud editions.

How can I migrate my workloads from a non-VCF environment to a new VCF deployment?

VMware HCX provides a path to modernize from a legacy data center architecture by migrating to VMware Cloud Foundation.

VMware Cloud Foundation HCX

Can I install VCF in my home lab?

Yes, you can. With the VLC Lab Constructor, you can deploy an automated VCF instance in a nested configuration. There is also a Slack VLC community for support.

VCF Lab Constructor

Note: Please have a look at “VCF Holodeck” if you would like to create a smaller “sandbox” for testing or training purposes

VCF Holodeck Toolkit

Where can I find more information about VCF?

Please consult the VMware Cloud Foundation FAQ for more information.

VMware Tanzu Licensing – What’s New?

May 9, 2023 | AWS, Azure, Cloud Native Apps, CNCF, Edge Computing, ESXi, Kubernetes, NSX, Observability, Tanzu, Tanzu Application Platform, VMware Cloud, VMware Cloud Foundation, VMware Data, vSphere

Last year, VMware gave the Tanzu portfolio a fairly good facelift with all the announcements from VMware Explore 2022. It is clear to me that VMware focuses on multi-cluster and multi-cloud Kubernetes management capabilities (Tanzu for Kubernetes Operations) and a superior developer experience with any Kubernetes on any cloud (Tanzu Application Platform). VMware embraces native public clouds and so it was very exciting for many customers when they announced the lifecycle management of Amazon Elastic Kubernetes Service (EKS) clusters – the direct provisioning and management of EKS clusters with Tanzu Mission Control. But what happened in the last 6 to 9 months since VMware Explore US and Europe? And how do I get parts of the VMware Tanzu portfolio nowadays?

Tanzu Licensing

Let us start with licensing first. in October 2022, VMware made it clear that they do not want to move forward anymore with the Tanzu Basic and Advanced editions, only Tanzu Standard was left. VMware replaced Tanzu Basic with “Tanzu Kubernetes Grid” (TKG), which comes with the following components:

vSphere capabilities / K8s Runtime
K8s Cluster Lifecycle Management – Cluster API
Image Registry – Harbor
Container Networking – Antrea/Calico
Load Balancing – NSX Advanced Load Balancer
Ingress Controller – Contour
Observability – Fluent Bit, Prometheus, Grafana
Operating System – Photon OS, Ubuntu, bring-your-own node image
Data Protection – Velero

Note: Nothing is official yet, but according to this article intended for partners, VMware is going to announce the Tanzu Standard EOA (End of Availability) soon:

…containing updated information on Tanzu Standard entering end of availability (EOA) and the new Tanzu Kubernetes Operations and Tanzu Application Platform partner resources.

Looking at the “Tanzu Explainer” and its changelog from the 5th of May, one can find the following: “Updated to reflect new Tanzu for Kubernetes Operations SKUs“.

Tanzu for Kubernetes Operations Bundles

The Tanzu Explainer on Tech Zone lists the following new bundles/packages for Tanzu for Kubernetes Operations (TKO):

Tanzu for Kubernetes Operations Foundation includes Tanzu Mission Control Advanced and Tanzu Service Mesh Advanced. Two add-on SKUs are available—one adds Antrea Advanced and Aria Operations for Applications, the other adds these plus NSX Advanced Load Balancer Enterprise. Tanzu Kubernetes Grid is not included in this bundle.
Tanzu for Kubernetes Operations includes Tanzu Kubernetes Grid, Tanzu Mission Control Advanced, Tanzu Service Mesh Advanced, Antrea Advanced, and Aria Operations for Applications.
Tanzu for Kubernetes Operations with NSX Advanced Load Balancer includes Tanzu Kubernetes Grid, Tanzu Mission Control Advanced, Tanzu Service Mesh Advanced, Antrea Advanced, Aria Operations for Applications, and NSX Advanced Load Balancer Enterprise.

Note: Since Tanzu Mission Control Standard (TMC) was only sold as part of the Tanzu Standard Edition, we see VMware moving forward with TMC Advanced only. Which is good! But TMC Essentials still comes with vSphere+ and VMC on AWS.

Tanzu Entitlements with vSphere and VMware Cloud Foundation Editions

What about vSphere and VMware Cloud Foundation (VCF)? Let me give you an overview here as well:

vSphere+ Standard – No Tanzu entitlements included
vSphere+ – Includes TKG and TMC Essentials
vSphere Enterprise+ with TKG – Includes TKG
VMware Cloud Foundation – All VCF editions have Tanzu Standard included

Note: We do not know yet what the Tanzu Standard EOA means for the Tanzu entitlements with VCF. Need to wait for guidance.

VMware Cloud Packs

In April 2023, VMware introduced new bundles called VMware Cloud Packs and they come in four different flavours:

Compute with Advanced Automation. vSphere+ and Aria Universal Suite Advanced
HCI. vSphere+, vSAN+ Advanced and Aria Universal Suite Standard
HCI with Advanced Automation. vSphere+, vSAN+ Advanced and Aria Universal Suite Advanced
VMware Cloud Foundation. vSphere+, vSAN+ Enterprise, NSX Enterprise Plus, SDDC Manager, Aria Universal Suite Enterprise, Aria Operations for Networks Enterprise add-on

In addition to these four Cloud Packs offerings, customers can get the following add-ons:

Data Protection & Disaster Recovery
Network Detection and Response
Tanzu Mission Control
Ransomware Recovery
Advanced Load Balancer
Workload and Endpoint Security
Intrusion Detection and Prevention
VDI/Desktops

Note: As you can see, all new cloud packs have TKG included and TMC is an add-on. vCenter Standard is with connected and disconnected subscriptions.

Important: Please note as well that the individual components of the bundles cannot be upgraded independently. Example – Aria Universal Suite Standard as part of the HCI Cloud Pack cannot be upgraded to Aria Universal Suite Enterprise.

Conclusion

VMware is clearly moving in the right direction: They want to simplify their portfolio and improve how customers can consume/subscribe services. As always, it is going to take a while until they have figured out which bundles and product versions make sense for most of the customers. Be patient. 🙂

What does VMware Cloud Disaster Recovery have in common with Dell PowerProtect?

May 4, 2023 | AWS, Azure, Cloud Native Apps, Data Protection, ESXi, Kubernetes, Security, VCPP, VMware Cloud, VMware Cloud Foundation, vSphere

It was at VMware Explore Europe 2022 when I ran into a colleague from Dell who told me about “transparent snapshots” and mentioned that their solution has something in common VMware Cloud Disaster Recovery (VCDR). After doing some research, I figured out that he was talking about the Light Weight Delta (LWD) protocol.

Snapshots

Snapshots are states of a system or virtual machine (VM) at a particular point in time and should not be considered a backup. The data of a snapshot include all files that form a virtual machine – this includes disks, memory, and other devices like network interface cards (vNIC). To create or delete a snapshot of a VM, the VM needs to be “stunned” (quiesce I/Os).

I would say it is common knowledge that a higher number of snapshots negatively impact the I/O performance of a virtual machine. Creating snapshots results in the creation of a snapshot hierarchy with parent-to-child relationships. Every snapshot creates a delta .vmdk file and redirects all inputs/writes to this delta disk file.

VMware vSphere Storage APIs for Data Protection

Currently, a lot of backup solutions use “VMware vSphere Storage APIs for Data Protection” (VADP), which has been introduced in vSphere 4.0 released in 2009. A backup product using VADP can backup VMs from a central backup server or virtual machine without requiring any backup agents. Meaning, backup solutions using VADP create snapshots that are used to create backups based on the changed blocks of a disk (Changed Block Tracking aka CBT). These changes or this delta is then written to a secondary site or storage and the snapshot is removed after.

Deleting a snapshot consolidates the changes between snapshots and previous disk states. Then it writes all the data from the delta disk that contains the information about the deleted snapshot to the parent disk. When you delete the base parent snapshot, all changes merge with the base virtual machine disk.

To delete a snapshot, a large amount of information must be read and written to a disk. This process can reduce the virtual machine performance until the consolidation is complete.

VMware Cloud Disaster Recovery (VCDR)

In 2020, VMware announced the general availability of VMware Cloud Disaster Recovery based on technology from their Datrium acquisition. This new solution extended the current VMware disaster recovery (DR) solutions like VMware Site Recovery, Site Recovery Manager, and Cloud Provider DR solutions.

VMware Cloud Disaster Recovery is a VMware-delivered disaster recovery as a service (DRaaS) offering that protects on-premises vSphere and VMware Cloud on AWS workloads to VMware Cloud on AWS from both disasters and ransomware attacks. It efficiently replicates VMs to a Scale-out Cloud File System (SCFS) that can store hundreds of recovery points with recovery point objectives (RPOs) as low as 30 minutes. This enables recovery for a wide variety of disasters including ransomware. Virtual machines are recovered to a software-defined data center (SDDC) running in VMware Cloud on AWS. VMware Cloud Disaster Recovery also offers fail-back capabilities to bring your workloads back to their original location after the disaster is remediated.

VMware Cloud DR Architecture

Note: Currently, VCDR is only available as an add-on feature to VMware Cloud on AWS. The support for Azure VMware Solution is expected to come next.

To me, VCDR is one of the best solutions from the whole VMware portfolio.

High-Frequency Snapshots (HFS)

One of the differentiators and game-changers are these so-called high-frequency snapshots, which are based on the Light Weight Delta (LWD) technology that VMware developed. Using HFS allows customers to schedule recurring snapshots for every 30 minutes, meaning, that customers can get an Recovery Point Objective (RPO) of 30min!

To enable and use high-frequency snapshots, your environment must be running on vSphere 7.0 U3 or higher.

With HFS and LWD, there is no Changed Block Tracking (CBT), no VADP, and no VM stun. This results in better performance when maintaining these deltas.

Transparent Snapshots by Dell EMC PowerProtect Data Manager (PPDM)

At VMworld 2021, Dell Technologies presented a session called “Protect Your Virtual Infrastructure with Drastically Less Disruption [SEC2764S]” which was about “transparent snapshots” – image backups with near-zero impact on virtual machines, without the need to pause the VM during the backup process. No more backup proxies, no more agents.

Dell Transparent Snapshot Architecture

As with HFS and VCDR, your environment needs to run on vSphere 7.0 U3 and higher.

How does it work?

PowerProtect Data Manager transparent snapshots use the vSphere API for I/O (VAI/O) Filtering framework. The transparent snapshots data mover (TSDM) is deployed in the VMware ESXi infrastructure through a PowerProtect Data Manager VIB. This deployment creates consistent VM backup copies and writes the copies to the protection storage (PowerProtect appliance).

After, this VIB (Data Protection Daemon (DPD) which is part of the VMware ESXi >7.0 U3 image has been installed on the ESXi host) tracks the delta changes in memory and then transfers the delta changes directly to the protection storage.

VMware Data Protection Daemon

Note: PPDM also provides image backup and restore support for VMware Cloud on AWS and Azure VMware Solution, but requires VADP.

Light Weight Delta (LWD)

It seems that LWD has been developed by VMware but there is no publicly available information out there yet. I only found this screenshot as part of this Dell article:

VMware Light Weight Delta

It also seems that Dell is/was the first who could leverage the LWD protocol exclusively but I am sure it will be made available to other VMware partners as well.