VMware Explore Europe 2022 Major Announcements

VMware Explore Europe 2022 Major Announcements

VMware Explore Europe 2022 is history. This year felt different and very special! Rooms were fully booked, and people were queuing up in the hallways. The crowd had a HUGE interest in technical sessions from known speakers like Cormac Hogan, Frank Denneman, Duncan Epping, William Lam, and many more!

Compared to VMware Explore US, there were not that many major announcements, but I thought it might be helpful again to list the major announcements, that seem to be the most interesting and relevant ones.

VMware Aria Hub Free Tier

For me, the biggest and most important announcement was the Aria Hub free tier. I am convinced that Aria Hub will be the next big thing for VMware and I am sure that it will change how the world manages a multi-cloud infrastructure.

VMware Aria Hub is a multi-cloud management platform that unifies the management disciplines of cost, performance, configuration, and delivery automation with a common control plane and data model for any cloud, any platform, any tool, and every persona. It helps you align multiple teams and solutions on a common understanding of resources, relationships, historical changes, applications, and accounts, fundamental to managing a multi-cloud environment.

The new free tier enables customers to inventory, map, filter, and search resources from up to two of their native public cloud accounts, currently from either AWS or Azure. It also helps you understand the relationships of your resources to other resources, policies, and other key components in your public cloud and Kubernetes environments. WOW!

Aria Hub Free Tier Announcement: https://blogs.vmware.com/management/2022/11/announcing-vmware-aria-hub-free-tier.html 

Aria Hub Free Tier Technical Overview: https://blogs.vmware.com/management/2022/11/aria-hub-free-tier-technical-overview 

If you want to sign up for the free tier, please follow this link: https://www.vmware.com/learn/1732750_REG.html 

Tanzu Mission Control On-Premises

Many customers asked for it, it is coming! Tanzu Mission Control (TMC) will become available on-premises for sovereign cloud partners/providers and enterprise customers! 

Bild

There is a private beta coming. Hence, I cannot provide more information for now.

Tanzu Kubernetes Grid 2.1

At VMware Explore US 2022, VMware announced Tanzu Kubernetes Grid (TKG) 2.0, and at Explore Europe 2022, they announced TKG 2.1, which adds support for Oracle Cloud Infrastructure (OCI). Additionally, it will now also have the option of leveraging VMs as the management cluster. Each will be familiar, but now they both support a single, unified way of cluster creation using a new API called ClusterClass.

TKG 2.1 Announcement: https://tanzu.vmware.com/content/blog/tanzu-kubernetes-grid-2-1 

Tanzu Service Mesh Advanced Enhancements

VMware unveiled new enhancements for Tanzu Service Mesh (TSM) as well, which are going to bring new capabilities that would provide VM discovery and integration into the mesh, providing the ability to combine VMs and containers in the same service mesh for secure communications and to apply consistent policy.

VMware Cloud on Equinix Metal (VMC-E)

The last thing I want to highlight is the VMC-E announcement. It is a combination of VMware Cloud IaaS with Equinix Metal hardware as-a-service, which can be deployed in over 30 Equinix global data centers.

VMware Cloud on Equinix Metal is a great option for enterprises that want the flexibility and performance of the Public Cloud, where business requirements prevent moving data or applications to the public cloud. It offers full compatibility and consistency with on-premises and VMware Cloud operational models and policies and zero downtime migration

VMware Cloud on Equinix Metal is a fully managed solution by VMware (delivered, operated, managed, supported).

VMC-E Announcement: https://blogs.vmware.com/cloud/2022/11/07/introducing-vmware-cloud-on-equinix-metal 

VMC-E Technical Preview: https://www.youtube.com/watch?v=-WpGfrxW39Y&feature=youtu.be&ab_channel=VMwareCloud  

Why AWS Developers Love VMware’s Lift and Learn Approach with VMware Cloud on AWS

Why AWS Developers Love VMware’s Lift and Learn Approach with VMware Cloud on AWS

Learn why AWS developers love VMware Cloud on AWS and want to present it to their internal platform team.

I had booth duty at the AWS Swiss Cloud Day 2022 and had the chance to finally talk to people that normally do not talk to VMware folks like me. I believe I had not a single infrastructure or cloud architect talking to me the whole day and I have been approached by Linux administrators and developers only. After I explained to them our partnership and capabilities with AWS, they were mind blown!

Michael, what is VMware’s business with AWS?”

Why are you here at the event, you are only a hypervisor company, right?

Haha, what are you guys doing here?

What is the reason for VMware coming here? You are a competitor of AWS, no?

Developers don’t want to do ops

Look, the developers did not know, that I have no developer background and spent most of my time with data centers. I already built true hybrid clouds almost 10 years ago before we had all the different hyperscalers and providers like Amazon Web Services. After I passed the AWS Solutions Architect Associate and AWS Developer Associate exams a few months ago, I finally understood better how complex software development and cloud migrations must be.

It is said that developers do not want to deal with operational concerns. And other developers want to understand the production environment to make sure that their code work. Additionally, we have the shift-left approach that puts more pressure on the developer’s shoulders, they do not have time for ops.

But after talking to a few developers, I had a light-bulb moment and the following truths came to the surface:

  • Developers had no clue how VMware can ease some of their pain
  • Developers liked my talk about infrastructure and ops
  • I need to bring more business cards to such events!!!

Developers are interested in infrastructure

Remember the questions from above? To answer the questions about VMware’s relevance or relationship with AWS, I used the first 2min to explain VMware Cloud on AWS to them. Yes, I started talking about infrastructure and not about Tanzu, developer experience, our open source projects, and contributions, or Tanzu Labs. The people visiting us at the booth were impressed that VMware and AWS have even specialists only focusing on this solution. Still, they were not convinced yet that VMware can do something good for them.

VMC on AWS Overview

Okay, I got it. So what? What is the value?

How would someone with a VMware background answer such a question? Most of us usually see this situation as the right moment to talk about use cases like:

  • Data center exit or refresh (infrastructure modernization)
  • Burst Capacity
  • Low latency to AWS native services
  • Application modernization
  • Cloud migrations

So, which of these use cases are relevant and important to developers?

The developer’s story

The developers confirmed some statements of mine:

  • Cloud migrations take long and are not easy
  • Lift & shift migrations involve a lot of manual tasks
  • They either have to refactor their app on-premises first and then move to the public cloud or start from scratch on AWS

I say it again, software development is complex. Developers need to modernize existing applications on-premises and then migrate them somehow to AWS because you cannot always start from scratch.

Imagine this: You have an application that was deployed and operated for years in your data centers. Most probably you don’t even understand all the dependencies and configurations anymore since the years have passed. Maybe you are not even the guy who initially developed this application.

Note: The only thing that can be assumed, is, that your infrastructure is most likely running on a VMware-based cloud.

Now you need to start modernizing this application, which takes months or even years. When you are done with your task, you have to figure out how to bring this application over to AWS. Because you had to spend all your time refactoring this application, there was no time to build new AWS skills. At least not during normal office hours.

Lift and shift is easy, right?

Nope. When it would be easy, why does the migration in most cases take longer than expected and cost more than expected? When you have to exit a data center for any reason and need to bring some of your workloads over to a public cloud like AWS, then a lift and shift approach is the best and fastest approach. But somehow organizations do not see much value in using this approach during their cloud adoption. At least not with VMware.

But if a consulting firm or AWS themselves tell the customer, that lift and shift is a good idea, their customers suddenly see the benefit even if they have to add millions to their estimated budget. Consulting firms are not cheap, and neither are lift and shift projects with different underlying technologies like having VMware as the source site on-premises and AWS (or any other public cloud provider) as the destination. But hey, good for your company if they have this extra money.

AWS Lift and Shift

Lift and shift brings no innovation

Different organizations have different agendas and goals. For some, solely running their virtual machines and containers, and using cloud native services is enough for them – no matter the costs. Others expect that economies of scale bring the necessary cost advantages over time while they implement and deliver innovation.

That is why some companies see lift and shift as the approach, which brings no innovation. It is complex, not easy, takes longer, costs more and in the end, you don’t use cloud native services (yet).

It is time now to change the perspective and narrative because I get why you think that lift and shift brings no innovation.

Forget Lift and Shift – Do Lift and Learn

So, our use case here is application modernization. A developer needs to modernize and migrate an application, ideally at the same time. No wonder why some of you may think that lift and shift brings no innovation: because you modernize later. 

Developers struggle. They struggle very much. After I explained VMware Cloud on AWS and mentioned, that a lift and learn approach is the better way that makes their life much easier, they asked me for my business card. It took less than 24h until I received my first two e-mails to organize a meeting.

Give developers more time.

Developers and ops teams need to have enough time to skill up, to learn and understand the new things. You have to break and fix things first in the new world before you can truly understand it. They loved the idea of lift and learn:

  1. Lift and shift your applications first with VMware Cloud on AWS. A true hybrid cloud approach, where the technology format is the same (on-prem and on AWS), will speed up your cloud adoption timeline and therefore save costs. Your workload now runs in the public cloud. Check!
  2. Since the cloud migration didn’t take 12 months, but more something like 3-4 months, your developers can use the additional time to learn and understand how to build things on AWS! The developers are happy because they have less pressure now and can play around with new stuff.
  3. After they have understood the new world, they can start modernizing different parts of the application. What has started with a legacy/traditional application, becomes a hybrid application and eventually a fully modernized app over time.

Figure 4. Connectivity examples for AWS Cloud storage services

The stepping stone to becoming cloud native

Some of you may think now that VMware and its solution with VMC on AWS is just a temporary solution before going completely, cloud native. Let us take a step back again quickly.

When I joined VMware in 2018, they talked about 70mio workloads running on their platform. This year at VMware Explore (formerly VMworld) they showed several 85mio VMware-based workloads. This is proof to me, that:

  • the cloud adoption does not happen as fast as expected,
  • on-premises data centers and VMware is not legacy,
  • VMware is more than only a “hypervisor” company,
  • cloud native and container-based workloads do not always make sense and
  • virtual machines are still going to exist for a while.

These are some pointers to why AWS has this partnership with VMware. As you can see, VMware is very strategic and relevant and should be part of every cloud and application modernization conversation.

Call to action

Just because a lot of people say that developers do not care about ops and are not interested in talking to “infrastructure guys” like me, does not mean that this statement/assumption is true. My conversations from AWS Swiss Cloud Day 2022 clearly showed that developers need to know more about the options and value that companies like VMware can bring to the table.

Do not let developers only talk to developers. Do lift and learn.

What Is Unique About Oracle Cloud VMware Solution?

What Is Unique About Oracle Cloud VMware Solution?

Everyone talks about multi-cloud and in most cases they mean the so-called big 3 that consist of Amazon Web Services (AWS), Microsoft Azure and Google Cloud. If we are looking at the 2021 Gartner Magic Quadrant for Cloud Infrastructure & Platform Services, one can also spot Alibaba Cloud, Oracle, IBM and Tencent Cloud.

VMware has a strategic partnership with 6 of these hyperscalers and all of these 6 public clouds offer VMware’s software-defined data center (SDDC) stack on top of their global infrastructure:

While I mostly have to talk about AWS, AVS and GCVE, I am finally getting the chance to attend a OCVS customer workshop led by Oracle. That is why I wanted to prepare myself accordingly and share my learnings with you.

Amazon Web Services, Microsoft Azure and Google Cloud dominate the cloud market, but Oracle has unique capabilities and characteristics that no one else can deliver. Additionally, Oracle’s Cloud Infrastructure (OCI) has shown an impressive pace of innovation in the past two years, which led to a 16% increase on Gartner’s solution scorecard for OCI (November 2021, from 62% to 78%), which put them into the fourth place behind Alibaba Cloud!

What is Oracle Cloud VMware Solution?

Oracle Cloud VMware Solution or OCVS is a result of the strategic partnership announced by VMware and Oracle in September 2019. Like the other VMware Cloud solutions like VMC on AWS, AVS or GCVE, Oracle Cloud VMware Solution will enable customers to run VMware Cloud Foundation on Oracle’s Generation 2 Cloud Infrastructure.

Meaning, running an on-premises VMware-based infrastructure combined with OCVS should make cloud migrations easier and faster, because it is the same foundation with vSphere, vSAN and NSX.

Oracle Cloud VMware Solution Key Differentiator #1 – Different SDDC Bundles

Customers can choose between a multi-host SDDC (minimum of 3 production hosts) and a single-host SDDC, that is made for test and dev environments. Oracle guarantees a monthly uptime percentage of at least 99.9% for the OCVS service.

OCVS offers three different ESXi software versions and supports the following versions of other components:

  • ESXi 7.0, 6.7 or 6.5
  • vCenter 7.0, 6.7 or 6.5
  • vSAN 7.0, 6.7 or 6.5
  • NSX-T 3.0
  • HCX Advanced 4.0, 3.5 (default option)
  • HCX Enterprise (billed upgrade)

Note: vSphere 6.5 and vSphere 6.7 reach the End of General Support from VMware on October 15, 2022.

Key Differentiator #2 – Customer-Managed & Baremetal Hosts

The VMware Cloud offerings from AWS, Azure or Google are all vendor-controlled and customers get limited access to the VMware hosts and infrastructure components. With Oracle Cloud VMware Solution, customers get baremetal servers and the same operational experience as on-premises. This means full control over VMware infrastructure and its components:

  • SSH access to ESXi
  • Edit vSAN cluster settings
  • Browse datastores; upload and delete files
  • Customer controls the upgrade policy (version, time, defer)
  • Oracle has NO ACCESS after the SDDC provisioning!

Note: According to Oracle it takes about 2 hours to deploy a new SDDC that consists of 3 production hosts.

Customers can choose between Intel- and AMD-based hosts:

  • Two-socket BM.DenseIO2.52 with two CPUs each running 26 cores (Intel)
  • Two-socket BM.DenselO.E4.128 with two CPUs each running 16 cores (AMD)
  • Two-socket BM.DenselO.E4.128 with two CPUs each running 32 cores (AMD)
  • Two-socket BM.DenselO.E4.128 with two CPUs each running 64 cores (AMD)

Details about the compute shapes can be found here.

Key Differentiator #3 – Availability Domains

To provide high throughput and low latency, an OCVS SDDC is deployed by default across a minimum of three fault domains within a single availability domain in a region. But, upon request it is also possible to deploy your SDDC across multiple availability domains (AD), which comes with a few limitations:

  • While OCVS can scale from 3 up to 64 hosts in a single SDDC, Oracle recommends a maximum of 16 ESXi hosts in a multi-AD architecture
  • This architecture can have impacts on vSAN storage synchronization, and rebuild and resync times

Most hyperscaler only let you use two availability zones and fault domains in the same region. With Oracle it is possible to distribute the minimum of 3 hosts to 3 different availability domains.  An availability domain consists of one or more data centers within the same region.

Note: Traffic between ADs within a region is free of charge.

Key Differentiator #4 – Networking

Because OCVS is customer-managed and can be operated like your on-premises environment, you also get “full” control over the network. OCVS is installed within a customers’ tencancy, which gives customer the advantage to run their VMware SDDC workloads in the same subnet as OCI native services. This provides lower latency to the OCI native services, especially for customers that are using Exadata for example.

Another important advantage of this architecture is capability to create VLAN-backed port groups on your vSphere Distributed Switch (VDS).

Key Differentiator #5 – External Storage

Since March 2022 the OCI File Storage service (NFS) is certified as secondary storage for an OCVS cluster. This allows customers to scale the storage layer of the SDDC without adding new compute resources at the same time.

And just announced on 22 August 2022, with Oracle’s summer ’22 release, OCVS customers can now connect to a certified OCI Block Storage through iSCSI as a second external storage option.

Block Storage provides high IOPS to OCI, and data is stored redundantly across storage servers with built-in repair mechanisms with a 99.99% uptime SLA.

Key Differentiator #6 – Billing Options

OCVS is currently only sold and supported by Oracle. Like with other cloud providers and VMware Cloud offerings, customers have different pricing options depending upon their commitment levels:

  • On-demand (hourly)
  • 1 month
  • 1 year
  • 3 years

The rule of thumb for any hyperscaler says, that a 1-year commitment get around 30% discount and the 3-year commitments are around 50% discount.

The unique characteristic here is the monthly commitment option, which is caluclated with a discount of 16-17% depending on the compute shape.

Note: OCVS is not part (yet) of the VMware Cloud Universal subscription (VMCU).

Key Differentiator #7 – Global Reach

Currently, OCI is available in 39 different cloud regions (21 countries) and Oracle announced five more by the end of 2022. On day one of each region, OCVS is available with a consistent and predictable pricing that doesn’t vary from region to region.

To compare: AWS has launched 27 different regions with 19 being able to host the VMware Cloud on AWS service. In Switzerland, AWS just opened their new data center without having the VMware Cloud on AWS service available, while OCVS is already available in Zurich.

Use Cases

While OCVS is a great solution for joint VMware and Oracle customers, it is not necessary for customers to using Oracle Cloud Infrastructure native solutions.

Data Center Expansion

As you just learned before, OCVS is a great fit if you want to maintain the same VMware software versions on-premises and in OCI. The classic use case here is the pure data center expansion scenario, which allows you to stretch your on-premises infrastructure to OCI, without the need to use their native services.

VMware Horizon on OCVS

As I mentioned at the beginning, Oracle Cloud VMware Solution is based on VMware Cloud Foundation and so it is no surprise that Horizon on OCVS is fully supported.

The Horizon deployment on OCVS works a little bit different compared to the on-premises installation and there is no feature parity yet:

  • Horizon on OCVS does not support vGPUs yet.
  • Horizon on OCVS does not support IPv6 yet.
  • Horizon on OCVS does not support vTPM yet. In this situation it is recommended to use shielded OCVS instances.

Note: The support of NSX Advanced Load Balancer (Avi) is still a roadmap item

VMware Tanzu for OCVS

Since April 2022 it is possible for joint VMware and Oracle customers to use Tanzu Standard and its components with Oracle Cloud VMware Solution. Tanzu Standard comes with VMware’s Kubernetes distribution Tanzu Kubernetes Grid (TKG) and Tanzu Mission Control, which is the right solution for multi-cloud, multi-cluster K8s management.

With TMC you can deploy and manage TKG clusters on vSphere on-premises or on Oracle Cloud VMware Solution. You can even attach existing Kubernetes clusters from other vendors like RedHat OpenShift, Amazon EKS or Azure Kubernetes Service (AKS).

OCVS Tanzu Standard 

Oracle Cloud VMware Solution FAQ

VMware’s OCVS FAQ can be found here.

Oracle’s OCVS FAQ can be found here.

Additional Resources

Here is a list of additional resources:

VMware Explore US 2022 – VMware Projects and Day 2 Announcements

VMware Explore US 2022 – VMware Projects and Day 2 Announcements

Last year at VMworld 2021, VMware mentioned and announced a lot of (new) projects they are working on. What happened to them and which new VMware projects have been mentioned this year at VMware Explore so far?

Project Ensemble – VMware Aria Hub

VMware unveiled their unified multi-cloud management portfolio called VMware Aria, which provides a set of end-to-end solutions for managing the cost, performance, configuration, and delivery of infrastructure and cloud native applications.

VMware Aria is anchored by VMware Aria Hub (formerly known as Project Ensemble), which provides centralized views and controls to manage the entire multi-cloud environment, and leverages VMware Aria Graph to provide a common definition of applications, resources, roles, and accounts.

VMware Aria Graph provides a single source of truth that is updated in near-real time. Other solutions on the market were designed in a slower moving era, primarily for change management processes and asset tracking. By contrast, VMware Aria Graph is designed expressly for cloud-native operations.

VMware Explore US 2022 Session: A Unified Cloud Management Control Plane – Update on Project Ensemble [CMB2210US]

Project Monterey – DPU-based Acceleration for NSX

Last year introduced as Project Monterey and in technology preview, VMware announced the GA version of Monterey called DPU-based Acceleration for NSX yesterday.

Project Arctic – vSphere+ and vSAN+

Project Arctic has been introduced last year as a Technology Preview and was described as “the next step in the evolution of vSphere in a multi-cloud world”. What has started with the idea of bringing VMware Cloud services closer to vSphere, has evolved to a even more interesting and enterprise-ready version called vSphere+ and vSAN+. It includes developer services that consist of the Tanzu Kubernetes Grid runtime, Tanzu Mission Control Essentials and NSX Advanced Load Balancer Essentials. VMware is going to add more and more VMware Cloud add-on services in the future. Additionally, VMware even introduced VMware Cloud Foundation+.

Project Iris – Application Transformer for VMware Tanzu

VMware mentioned Project Iris very briefly last year at VMworld. In February 2022, Project Iris became generally available and is since then known as Application Transformer for VMware Tanzu.

Project Northstar

At VMware Explore on day 1, VMware introduced Project Northstar, which will provide customers a centralized cloud console that gives them instant access to networking and security services, such as network and security policy controls, Network Detection and Response (NDR), NSX Intelligence, Advanced Load Balancing (ALB), Web Application Firewall (WAF), and HCX. Project Northstar will be able to apply consistent networking and security policies across private cloud, hybrid cloud, and multi-cloud environments.

Graphical user interface Description automatically generated

VMware Explore US 2022 Session: Multi-Cloud Networking and Security with NSX [NETB2154US]

Project Watch

At VMware Explore on day 1,VMware unveiled Project Watch, a new approach to multi-cloud networking and security that will provide advanced app-to-app policy controls to help with continuous risk and compliance assessment. In technology preview, Project Watch will help network security and compliance teams to continuously observe, assess, and dynamically mitigate risk and compliance problems in composite multi-cloud applications.

Project Trinidad

Also announced at VMware Explore day 1 and further explained at day 2, Project Trinidad extends VMware’s API security and analytics by deploying sensors on Kubernetes clusters and uses machine learning with business logic inference to detect anomalous behavior in east-west traffic between microservices.

Project Narrows

Project Narrows introduces a unique addition to Harbor, allowing end users to assess the security posture of Kubernetes clusters at runtime. Images previously undetected, will be scanned at the time of introduction to a cluster, so vulnerabilities can now be caught, images may be flagged, and workloads quarantined.

Project Narrows adding dynamic scanning to your software supply chain with Harbor is critical. It allows greater awareness and control of your running workloads than the traditional method of simply updating and storing workloads.

VMware is open sourcing the initial capabilities of Project Narrows on GitHub as the Cloud Native Security Inspector (CNSI) Project.

VMware Explore US 2022 Session: Running App Workloads in a Trusted, Secure Kubernetes Platform [VIB1443USD]

Project Keswick

Also introduced on day 2, Project Keswick is about simplifying edge deployments at scale. It comes as an xLabs project coming out of the Advanced Technology Group in VMware’s Office of the CTO.

Bild

A Keswick deployment is entirely automated and uses Git as a single source of truth for a declarative way to manage your infrastructure and applications through desired state configuration enabled by GitOps. This ensures the infrastructure and applications running at the edge are always exactly what they need to be.

VMware Explore US 2022 Session: Edge Computing: What’s Next? [VIB1457USD]

Project Newcastle

At VMworld 2021, VMware talked the first time (I think) about cryptographic agility and even showed a short demo of a Post Quantum Cryptography (PQC) enabled Unified Access Gateway (using a proxy-based approach): 

Diagram of an HAProxy with TLS Termination and Quantum-Safe Cipher Support as a reverse proxy to communicate with a quantum-safe web browser.

At VMware Explore 2022 day 2, VMware demonstrated what they believe to be the world’s first quantum-safe multi-cloud application!

VMware developed and presented Project Newcastle, a policy-based framework enabling and orchestrating cryptographic transition in modern applications.

Integrated with Tanzu Service Mesh, Project Newcastle gives users greater insight into the cryptography in their applications. But that’s not all — as a platform for cryptographic agility, Project Newcastle automates the process of reconfiguring an application’s cryptography to comply with user-defined policies and industry standards.

Closing Comment

Which VMware projects excite you the most? I’m definitely going with Project Ensemble (Aria Hub) and Project Newcastle!

VMware Explore US 2022 – Summary of Day 1 Announcements

VMware Explore US 2022 – Summary of Day 1 Announcements

VMworld is now VMware Explore and is currently happening in San Francisco! This is a consolidated of the announcements from day 1 (August 30th, 2022).

VMware Introduces vSphere 8, vSAN 8 and VMware Cloud Foundation+

VMware today introduced VMware vSphere 8 and VMware vSAN 8—major new releases of VMware’s compute and storage solutions.

vSphere 8 – vSphere 8 introduces vSphere on DPUs, previously known as Project Monterey. In close collaboration with technology partners AMD, Intel and NVIDIA as well as OEM system partners Dell Technologies, Hewlett Packard Enterprise and Lenovo, vSphere on DPUs will unlock hardware innovation helping customers meet the throughput and latency needs of modern distributed workloads. vSphere will enable this by offloading and accelerating network and security infrastructure functions onto DPUs from CPUs.

ESXi on DPU

vSphere 8 will dramatically accelerate AI and machine learning applications by doubling the virtual GPU devices per VM, delivering a 4x increase of passthrough devices, and supporting vendor device groups which enable binding of high-speed networking devices and the GPU.

vSAN 8: vSAN 8 introduces breakthrough performance and hyper-efficiency. Built from the ground up, the new vSAN Express Storage Architecture (ESA) will enhance the performance, storage efficiency, data protection and management of vSAN running on the latest generation storage devices. vSAN 8 will provide customers with a future ready infrastructure that supports modern TLC storage devices and delivers up to a 4x performance boost.

VMware Cloud Foundation+ – VMware introduces a new cloud-connected architecture for managing and operating full stack HCI in data centers. Built on vSphere+ and vSAN+, VMware Cloud Foundation+ will add a new cloud-connected architecture for managing and operating full-stack HCI in our data center or co-location facility.

VMware Cloud Foundation+ will deliver new admin, developer and hybrid cloud services through a simplified subscription model and keyless entitlement. VMware Cloud Foundation 4.5 will enable VMware Cloud Foundation+ by adding vSphere+ and vSAN+, plus a cloud gateway that provides access to the VMware Cloud Console as part of the full stack architecture.

VMware Cloud for Hyperscalers

VMC on AWS – Amazon Elastic Compute Cloud (Amazon EC2) I4i instances for I/O-intensive Workloads: Powered by 3rd generation Intel® Xeon® Scalable processors (Ice Lake), Amazon EC2 instances help deliver better workload support and delivery, lower TCO, and increased scalability and application performance. Compared to I3, the I4i instances provide nearly twice the number of physical cores, twice the memory, three times the storage capacity, and three times the network bandwidth.

Amazon FSx for NetApp ONTAP Integration Availability – as a native AWS cloud storage service that is certified as a supplemental datastore for VMware Cloud on AWS, FSx for ONTAP offers fully managed shared storage built on the familiar NetApp ONTAP file system trusted by VMware customers running on premises today. Customers can now use FSx for ONTAP as a simple and elastic datastore for VMware Cloud on AWS, enabling them to scale storage up or down independently from compute while paying only for the resources they need.

VMware Cloud Flex Storage Availability – A new VMware-managed and natively integrated cloud storage and data management solution that offers supplemental datastore-level access for VMware Cloud on AWS. With just a few clicks in the VMware Cloud Console, customers can scale their storage environment without adding hosts, and elastically adjust storage capacity up or down as needed for every application. Customers also benefit from a simple, pay-as-you-consume pricing model. Together with VMware vSAN, VMware Cloud Flex Storage offers flexibility and customer value in terms of resilience, performance, scale, and cost in the cloud.

VMware Cloud Flex Compute – “Preview” of a new cloud compute model that will help customers get started faster with VMware Cloud on AWS. With this new model, VMware introduces a “resource-defined” cloud compute model in place of “hardware-defined” compute instance model which will provide customers higher flexibility, elasticity, and speed to better meet cost and performance requirements of enterprise applications. It will help customers get started faster with VMware Cloud on AWS by using smaller consumable units.

Azure VMware Solution – Customers will be able to purchase Azure VMware Solution as part of VMware Cloud Universal, a flexible purchasing and consumption program for executing multi-cloud and digital transformation strategies. VMware Cloud Director Service for Azure VMware Solution is also now available in Public Preview.

Google Cloud VMware Engine – VMware announced VMware Tanzu Standard edition on Google Cloud VMware Engine to help simplify Kubernetes adoption and management.

Oracle Cloud VMware Solution – New features and capabilities with VMware Tanzu Standard Edition and introduced support for single host SDDCs for non-production workloads.

VMware Cloud Management – VMware Aria

VMware unveiled a multi-cloud management portfolio called VMware Aria, which provides a set of end-to-end solutions for managing the cost, performance, configuration, and delivery of infrastructure and cloud native applications.

VMware Aria is a new brand for the vRealize components, Tanzu Observability by Wavefront and CloudHealth unified under one umbrella, one name.

The VMware products and services within the VMware Aria portfolio are:

  • VMware Aria Automation (formerly, vRealize Automation)
  • VMware Aria Operations (formerly, vRealize Operations)
  • VMware Aria Operations for Networks (formerly, vRealize Network Insight)
  • VMware Aria Operations for Logs (formerly, vRealize Log Insight)
  • VMware Aria Operations for Secure Clouds (formerly, CloudHealth Secure State)
  • VMware Aria Cost powered by CloudHealth (formerly, CloudHealth)
  • VMware Aria Operations for Applications (formerly VMware Tanzu Observability)
  • VMware Skyline

VMware Aria Products

VMware Aria is anchored by VMware Aria Hub (formerly known as Project Ensemble), which provides centralized views and controls to manage the entire multi-cloud environment, and leverages VMware Aria Graph to provide a common definition of applications, resources, roles, and accounts.

VMware Aria Graph provides a single source of truth that is updated in near-real time. Other solutions on the market were designed in a slower moving era, primarily for change management processes and asset tracking. By contrast, VMware Aria Graph is designed expressly for cloud-native operations.

VMware Aria provides features and functions that span management disciplines and clouds to deliver unique value for multi-cloud governance, cross-cloud migration, and actionable business insights. In addition, there are three new end-to-end management services built on top of VMware Aria Hub and VMware Aria Graph:

  • VMware Aria Guardrails – Automate enforcement of cloud guardrails for networking, security, cost, performance, and configuration at scale for multi-cloud environments with an everything-as-code approach
  • VMware Aria Migration – Accelerate and simplify the multi-cloud migration journey by automating assessment, planning, and execution in conjunction with VMware HCX
  • VMware Aria Business Insights – Discern relevant business insights from full-stack event correlation leveraging AI/ML analytics

Networking and Security

Project Northstar – Project Northstar is a SaaS-based network and security offering that will empower NSX customers with a set of on-demand multi-cloud networking and security services, end-to-end visibility, and controls. Customers will be able to use a centralized cloud console to gain instant access to networking and security services, such as network and security policy controls, Network Detection and Response (NDR), NSX Intelligence, Advanced Load Balancing (ALB), Web Application Firewall (WAF), and HCX. It will support both private cloud and VMware Cloud deployments running on public clouds and enable enterprises to build flexible network infrastructure that they can spin up and down in minutes.

Graphical user interface Description automatically generated

DPU-based Acceleration for NSX – Formerly known as Project Monterey, VMware announced that starting with NSX 4.0 and vSphere 8.0, customers can leverage DPU-based acceleration using SmartNICs. Offloading NSX services to the DPU can accelerate networking and security functions without impacting the host CPUs, addressing the needs of modern applications and other network-intensive and latency-sensitive applications.

Image of a SmartNIC

Project Trinidad – Available as tech preview, Project Trinidad extends VMware’s API security and analytics by deploying sensors on Kubernetes clusters and uses machine learning with business logic inference to detect anomalous behavior in east-west traffic between microservices.

Project Watch – VMware unveiled Project Watch, a new approach to multi-cloud networking and security that will provide advanced app-to-app policy controls to help with continuous risk and compliance assessment. In technology preview, Project Watch will help network security and compliance teams to continuously observe, assess, and dynamically mitigate risk and compliance problems in composite multi-cloud applications.

Additionally, VMware NSX Advanced Load Balancer adds new bot management capabilities to help enterprises address threats quickly and efficiently, providing enhanced multi-layer application protection with existing Web Application Firewall, DDoS protection, and API security.

Edge

VMware Edge Compute Stack 2.0 – VMware announced the VMware Edge Compute Stack v1.0 last year and is now adding more features and functionalities optimized for different use cases at the enterprise edge – shipped with vSphere 8 and Tanzu Kubernetes Grid 2.0. VMware, for the first time, will introduce initial support for non-x86 processor-based specialized small form factor edge platforms to simultaneously run IT/OT workloads and workflows on a single stack.

 

VMware Private Mobile Network (Beta) – Delivered by service providers, this new managed service offering provides enterprises with private 4G/5G mobile connectivity in support of edge-native applications. VMware will empower partners with a single PMN orchestrator to operate multi-tenant private 4G/5G networks with an enterprise-grade solution. 

Modern Applications (VMware Tanzu)

Tanzu Application Platform – VMware pre-announced new Tanzu Application Platform (TAP) 1.3 capabilities like the availability on RedHat OpenShift or the support for air-gapped installations for regulated and disconnected environments.

Tanzu Mission Control – Finally, VMware announced the preview for lifecycle management of Amazon Elastic Kubernetes Service (EKS) clusters, which enables direct provisioning and management of EKS clusters, which is awesome! I suppose we can expect the support for Azure Kubernetes Service (AKS) also coming very soon.

Tanzu Kubernetes Grid – With the release of TKG 2.0, VMware now includes a unified experience for applications running on any cloud. In the near future, Tanzu Kubernetes Grid 2.0 should support both Supervisor-based and VM-based management cluster models. On vSphere 8, both Supervisor-based and VM-based models will be supported, and VM-based management clusters will continue to be available on previous versions of vSphere and public clouds. This means in other words, that VMware continues with their “TKGS” and “TKGm” flavors.

Tanzu Service Mesh – Also pre-announced, VMware is adding several enterprise and application resiliency capabilities into Tanzu Service Mesh:

  • Support for customer-owned enterprise certificate authority through integration with Venafi
  • Improved security with enterprise-approved container image registries, data services support, external services support
  • and a global SLO dashboard that allows developers and site-reliability engineers to view all managed service SLOs, helping with capacity planning, troubleshooting, and understanding the health of their applications.

Read more about all the Tanzu announcements here.

Anywhere Workspace

VMware unveiled how it is advancing self-configuring, self-healing and self-securing outcomes across four key technology areas that are delivered by the Anywhere Workspace platform:

  • VDI and DaaS
  • Digital Employee Experience
  • Unified Endpoint Management
  • Security

VMware is introducing a next generation of VMware Horizon Cloud that will enable multi-cloud agility and flexibility. This new release represents a major update to Horizon Cloud on Microsoft Azure that can dramatically simplify the infrastructure that needs to be deployed inside customer environments, reducing infrastructure costs in some cases by over 70% while increasing scalability and reliability of VMware’s DaaS platform.

20K user infrastructure cost comparison

Workspace ONE UEM’s Freestyle Orchestrator will be expanding to include support for mobile devices.

Workspace ONE support for Windows OS multi-user mode is now available in Tech Preview for Azure Active Directory-based deployments; and it will soon be extended to Active Directory-based deployments.

VMware also announced the coming tech preview of Workspace ONE Cloud Marketplace, which will feature dashboards, widgets, reports, Freestyle Orchestrator workflows, and other resources that can be imported to help customers adopt additional solutions.

Horizon Managed Desktop –  I am very excited about this announcement, because it will provide a managed service offering that takes care of lifecycle services, support, and more, on top of a customer-provided infrastructure. This will help customers that don’t have in-house experts get to value with VDI faster.

Availability

VMware Cloud Foundation+, VMware vSphere 8, VMware vSAN 8 and VMware Edge Compute Stack 2.0 are all expected to be available by October 28, 2022 (the close of VMware’s Q3 FY23). VMware Private Mobile Network is expected to be available in beta in VMware’s Q3 FY23.

Closing Comment

Not bad for the first day, right? Stay tuned for more exciting VMware Explore announcements!

Multi-Cloud and Sovereign Cloud – Deploy the Right Data to the Right Cloud

Multi-Cloud and Sovereign Cloud – Deploy the Right Data to the Right Cloud

According to Gartner, regulated industry customers (such as finance and healthcare) and governments are looking for digital borders. Companies in these sectors are looking to reduce vendor lock-in and single points of failure with their cloud providers, whose data centers sometimes are also outside their country (e.g., Switzerland based customer with an AWS data center in Frankfurt).

The market for cloud technology and services is currently dominated by US and Asian cloud providers and many (European) companies store their data in these regions. There are European regions and data centers, but the geopolitical and legal challenges, concerns about data control, industry compliance and sovereignty are driving the creation of new national clouds.

That is why Gartner sees sovereign clouds as one of the emerging technologies, which is currently at the start of the August 2021 published hype cycle:

Das sind die aufstrebenden Technologien im Hype Cycle 2021 | IT-Markt

Image Source: https://www.it-markt.ch/news/2021-08-27/das-sind-die-aufstrebenden-technologien-im-hype-cycle-2021

Use Case 1 – Swiss Federal Administration

As an example and first use case I would mention the Swiss federal administration, which doesn’t see the need for an independent technical infrastructure under public law.

In June 2021 they published the statement that they notified the following cloud providers to become part of the federal administration’s initial multi-cloud architecture:

  • Amazon Web Services (AWS)
  • IBM
  • Microsoft
  • Oracle
  • Alibaba

There are several reasons (pricing, market share, local data center availability) that led to this decision to build a multi-cloud architecture with these cloud providers. But it was interesting to read that the government did an assessment and concluded that no technical independent infrastructure is needed – no need for a local sovereign cloud.

This means that they want to keep their existing data centers to provide infrastructure and data sovereignty.

Interestingly, the Swiss confederation is exploring initiatives for secure and trustworthy data infrastructure for Europe and is examining participation in GAIA-X.

Use Case 2 – Current Sovereign Cloud Providers

There are other examples where organizations and governments saw the need for a sovereign cloud. Having a public cloud provider’s data center in the same country does not necessarily mean, that it’s a sovereign cloud per se. Hyperscale clouds often rely on non-domestic resources that maintain their data centers or provide customer support.

Governments and regulated industries say that you need domestic resources to provide a true sovereign cloud.

A good example here is the UK government, who has chosen the provider UKCloud, that delivers a consistent experience that spans the edge, private cloud and sovereign cloud.

Another VMware sovereign cloud provider is AUCloud, who provides IaaS to the Australian government, defense, defense industries and Critical National Industry (CNI) communities.

The third example I would like to highlight is Saudi Telecom Company (STC), that brings sovereign cloud services to Saudi Arabia.

What do UKCloud, AUCloud and STC have in common? They all joined the pretty new VMware Sovereign Cloud initiative and built their sovereign clouds based on VMware technology.

Use Case 3 – Cloud Act

Another motivation for a sovereign cloud could be the Cloud Act, which is a U.S. law that gives American authorities unrestricted access to the data of American IT cloud providers. It does not matter where the data is effectively stored. In the event of a criminal prosecution, the authorities have a free hand and do not even have to notify the data owners.

What does this mean for cloud users? Because of the Cloud Act, they cannot be sure whether when and to what extent their data or the data of their customers will be read by foreign authorities.

Use Case 4 – GAIA-X

Let me quote the official explanation of GAIA-X:

The architecture of Gaia-X is based on the principle of decentralization. Gaia-X is the result of many individual data owners (users) and technology players (providers) – all adopting a common standard of rules and control mechanisms – the Gaia-X standard.

Together, we are developing a new concept of data infrastructure ecosystem, based on the values of openness, transparency, sovereignty, and interoperability, to enable trust. What emerges is not a new cloud physical infrastructure, but a software federation system that can connect several cloud service providers and data owners together to ensure data exchange in a trusted environment and boost the creation of new common data spaces to create digital economy.

Gaia-X aims to mitigate Europe’s dependency on non-European providers and there seems to be no pre-defined architecture or preferred vendor when it comes to the underlying cloud platform GAIA-X sits on top.

While one would believe that a sovereign cloud is mandatory for GAIA-X, it looks more like a cloud-agnostic data exchange platform hosted by European providers and customers.

I am curious how providers build, operate and maintain a sovereign cloud stack based on open-source software.

How real is the need for Sovereign Cloud?

If a company or government wants to keep, extend, and maintain their own local data centers, this is still a valid option of course. But the above examples showed that the need for sovereign clouds exists and that the global interest seems to be growing.

What is the VMware Sovereign Cloud Initiative?

In October 2021 VMware announced their VMware Sovereign Cloud initiative where they partnering with cloud service providers to deliver a sovereign cloud infrastructure with cloud services on top to customers in regulated industries.

To become a so-called VMware Sovereign Cloud Provider, partners must go through an assessment and meet specific requirements (framework) to show their capability to provide a sovereign cloud infrastructure.

VMware defines a sovereign cloud as one that:

  • Protects and unlocks the value of critical data (e.g., national data, corporate data, and personal data) for both private and public sector organizations
  • Delivers a national capability for the digital economy
  • Secures data with audited security controls
  • Ensures compliance with data privacy laws
  • Improves control of data by providing both data residency and data sovereignty with full jurisdictional control

VMware aims to help regulated industry and government customers to execute their cloud strategies by connecting them to VMware Sovereign Cloud Providers (like UKCloud, AUcloud, STC, Tietoevry, ThinkOn or OVHcloud).

Sovereign Cloud Providers in Switzerland

Currently, there is no official VMware sovereign cloud provider in Switzerland. We have a few and strong VMware cloud provider partners as part of the VMware Cloud Provider Program (VCPP):

Let us come back to the use case 1 with the Swiss federal administration. They are building a multi-cloud and would have in Switzerland a potential number of at least 10 cloud service providers, which could become an official VMware Sovereign Cloud Provider.

VMware Sovereign Cloud Borders 

Image Source: https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/docs/vmw-sovereign-cloud-solution-brief-customer.pdf

There are other Swiss providers who are building a sovereign cloud based on open-source technologies like OpenStack.

Hyperscalers like Microsoft or Google need to partner with local providers if they want to build a sovereign cloud and deliver services.

VMware already has 4300+ partners with the strategic partnerships and the same technology stack in 120+ countries and some of them are already sovereign cloud providers as mentioned before.

VMware Sovereign Cloud initiative

Image Source: https://blogs.vmware.com/cloud/2021/10/06/vmware-sovereign-cloud/

What are the biggest challenges with a multi-cloud and a sovereign cloud infrastructure?

What do you think are the biggest challenges of an organization that builds a multi-cloud with different public cloud providers and sovereign clouds?

Let me list a few questions here:

  • How can I easily migrate my workloads to the public or sovereign cloud?
  • How long does it take to migrate my applications?
  • Which cloud is the right one for a specific workload?
  • Do I need to refactor some of my applications?
  • How can I consistently manage and operate 5 different public/sovereign cloud providers?
  • What if I one of my cloud providers is not strategic anymore? How can I build a cloud exit strategy?
  • How do I implement and maintain security?
  • What if I want to migrate workloads back from a public cloud to an on-premises (sovereign) cloud?
  • Which Kubernetes am I going to use in all these different clouds?
  • How do I manage and monitor all these different Kubernetes clusters, networking and security policies, create secure application communication between clouds and so on?
  • How do I control costs?

These are just a small number of questions, but I think it would take your organization or your cloud platform team a while to come up with a solution.

What is the VMware approach? Let me list some other articles of mine that help you to better understand the VMware multi-cloud approach:

Conclusion

Public cloud providers build local data centers and provide data residency. Sovereign clouds provide data sovereignty. Resident data may be accessed by a foreign authority while data sovereignty refers to data being subject to privacy laws and governance structures within the nation where that data is collected.

Controlling the location and access of data in the cloud has become an important task for CIOs and CISOs and I personally believe that sovereign clouds are not becoming important in 2 or 3 years, they are already very important and relevant, and we can expect a growth in this area in the next months.

My conclusion here is, that sovereign clouds and the public clouds are not competitors, they complement each other.