It was November 2022 when VMware and Equinix announced an expanded partnership to deliver new infrastructure and multi-cloud services. Called VMware Cloud on Equinix, this solution combines VMware Cloud Infrastructure-as-a-Service (IaaS) with Equinix Metal Hardware-as-a-Services (HWaaS) independently. In other words, the SDDC (software-defined data center) stack is sold by VMware, and HWaaS is sold by Equinix. Looking at this partnership and solution, one could say that Equinix might become “the” intercloud in this multi-cloud era.
What is VMware Cloud on Equinix Metal (VMC-E)?
VMC-E combines VMware’s managed and supported cloud IaaS with Equinix’s baremetal-as-a-service (BMaaS) offering. This gives enterprises the advantage to run this cloud offering almost everywhere globally. Another benefit is that VMC-E will be available in over 30 of the most interconnected global Equinix locations, connected to all the major public clouds and networks (Equinix Fabric).
What is Equinix Fabric?
This service allows organizations to connect to other Equinix customers and other internet resources like service providers:
A lot of enterprises are not “cloud-first” anymore, they became “cloud-smart”. They put the right apps in the right cloud based on the right reasons.
VMC-E has the potential to become a true multi-cloud enabler by letting VMware and Equinix customers move their applications to an ideal place. Imagine lifting and shifting a legacy application to VMC-E. This application then sits in the middle of all major clouds and customers can use different services and components for the same application. This is my definition of a multi-cloud app.
What are the use cases?
VMware and Equinix mention distributed environments and mission-critical applications that rely on high-performance network bandwidth and low latency, such as smart cities, video analytics, game development, VDI, real-time financial market trading, retail POS, IoT, and machine learning.
Which hosts are available?
VMware Cloud on Equinix Metal comes with multiple host configs that can be found here. It is not clear yet which host type(s) will be available during the initial lunch. But the tech preview on YouTube shows the “n3.xlarge.x86” instance type.
How can I get VMC-E?
VMC-E is currently in an early access phase for selected customers in H1 2023.
Tech Preview VMware Cloud on Equinix Metal
Where can I get more information?
To learn more and to participate in the early access program for VMware Cloud on Equinix Metal, please email your interest to vmc-equinix@vmware.com.
A customer of mine asked me a few days ago: “Is it not possible to get NSX Security features without the network virtualization capabilities?”. I wrote it already in my blog “VMware is Becoming a Leading Cybersecurity Vendor” that you do not NSX’s network virtualization editions or capabilities if you are only interested in “firewalling” or NSX security features.
If you google “nsx security”, you will not find much. But there is a knowledge base article that describes the NSX Security capabilities from the “Distributed Firewall” product line: Product offerings for NSX-T 3.2 Security (87077).
Believe it or not, there are customers that haven’t started their zero-trust or “micro-segmentation” journey yet. Segmentation is about preventing lateral (east-west) movement. The idea is to divide the data center infrastructure into smaller security zones and that the traffic between the zones (and between workloads) is inspected based on the organization’s defined policies.
If you are one of them and want to deliver east-west traffic introspection using distributed firewalls, then these NSX Security editions are relevant for you:
VMware NSX Distributed Firewall
NSX Distributed Firewall (DFW)
NSX DFW with Threat Prevention
NSX DFW with Advanced Threat Prevention
VMware NSX Gateway Firewall
NSX Gateway Firewall (GFW)
NSX Gateway Firewall with Threat Prevention
NSX Gateway Firewall with Advanced Threat Prevention
Network Detection and Response
Network Detection and Response (standalone on-premises offering)
The NSX Distributed Firewall is a hypervisor kernel-embedded stateful firewall that lets you create access control policies based on vCenter objects like datacenters and clusters, virtual machine names and tags, IP/VLAN/VXLAN addresses, as well as user group identity from Active Directory.
If a VM gets vMotioned to another physical host, you do not need to rewrite any firewall rules.
The distributed nature of the firewall provides a scale-out architecture that automatically extends firewall capacity when additional hosts are added to a data center.
Should you be interested in “firewalling” only, want to implement access controls for east-west traffic (micro-segmentation) only, but do not need threat prevention (TP) capabilities, then “NSX Distributed Firewall Edition” is perfect for you.
So, which features does the NSX DFW edition include?
The NSX DFW edition comes with these capabilities:
L2 – L4 firewalling
L7 Application Identity-based firewalling
User Identity-based firewalling
NSX Intelligence (flow visualization and policy recommendation)
Aria Operations for Logs (formerly known as vRealize Log Insight)
What is the difference between NSX DFW and NSX DFW with TP?
With “NSX DFW with TP”, you would get the following additional features:
Distributed Intrusion Detection Services (IDS)
Distributed Behavioral IDS
Distributed Intrusion Prevention Service (IPS)
Distributed IDS Event Forwarding to NDR
Where does the NSX Distributed Firewall sit?
This question comes up a lot because customers understand that this is not an agent-based solution but something that is built into the VMware ESXi hypervisor.
The NSX DFW sits in the virtual patch cable, between the VM and the virtual distributed switch (VDS):
Note: Prior to NSX-T Data Center 3.2, VMs must have their vNIC connected to an NSX overlay or VLAN segment to be DFW-protected. In NSX-T Data Center 3.2, distributed firewall protects workloads that are natively connected to a VDS distributed port group (DVPG).
VMware NSX Gateway Firewall
The NSX Gateway Firewall extends the advanced threat prevention (ATP) capabilities of the NSX Distributed Firewall to physical workloads in your private cloud. It is a software-only, L2 – L7 firewall that includes capabilities such as IDS and IPS, URL filtering and malware detection as well as routing and VPN functionality.
If you are not interested in ATP capabilities yet, you can start with the “NSX Gateway Firewall” edition. What is the difference between all NSX GFW editions?
The NSX GFW can be deployed as a virtual machine or with an ISO image that can run on a physical server and it shares the same management console as the NSX Distributed Firewall.
Update: Please follow this link to get to the updated version with VCF 5.0.
This technical overview supersedes this version, which was based on VMware Cloud Foundation 4.3, and now covers all capabilities and enhancements that were delivered with VCF 4.5.
What is VMware Cloud Foundation (VCF)?
VMware Cloud Foundation is a multi-cloud platform that provides a full-stack hyperconverged infrastructure (HCI) that is made for modernizing data centers and deploying modern container-based applications. VCF is based on different components like vSphere (compute), vSAN (storage), NSX (networking), and some parts of the Aria Suite (formerly vRealize Suite). The idea of VCF follows a standardized, automated, and validated approach that simplifies the management of all the needed software-defined infrastructure resources.
This stack provides customers with consistent infrastructure and operations in a cloud operating model that can be deployed on-premises, at the edge, or in the public cloud.
Tanzu Standard Edition is included in VMware Cloud Foundation with Tanzu Standard, Advanced, and Enterprise editions.
Note: The VMware Cloud Foundation Starter, Standard, Advanced and Enterprise editions do NOT include Tanzu Standard.
What software is being delivered in VMware Cloud Foundation?
The BoM (bill of materials) is changing with each VCF release. With VCF 4.5 the following components and software versions are included:
VMware SDDC Manager 4.5
vSphere 7.0 Update 3g
vCenter Server 7.0 Update 3h
vSAN 7.0 Update 3g
NSX-T 3.2.1.2
VMware Workspace ONE Access 3.3.6
vRealize Log Insight 8.8.2
vRealize Operations 8.8.2
vRealize Automation 8.8.2
(vRealize Network Insight)
Note: Only one vCenter Server license is required for all vCenter Servers deployed in a VMware Cloud Foundation system.
What is VMware Cloud Foundation+ (VCF+)?
With the launch of VMware Cloud Foundation (VCF) 4.5 in early October 2022, VCF introduced new consumption and licensing models.
VCF+ is the next cloud-connected SaaS product offering, which builds on vSphere+ and vSAN+. VCF+ delivers cloud connectivity to centralize management and a new consumption-based OPEX model to consume VMware Cloud services.
VCF+ components are cloud entitled, metered, and billed. There are no license keys in VCF+. Once the customer is onboarded to VCF+, the components are entitled from the cloud and periodically metered and billed.
Note: In a given VCF+ instance, you can only have VCF+ licensing, you cannot mix VCF-S (term) and VCF perpetual licenses with VCF+.
What are other VCF subscription offerings?
VMware Cloud Foundation Subscription (VCF-S) is an on-premises (disconnected) term subscription offer that is available as a standalone VCF-S offer using physical core metrics and term subscription license keys.
You can also purchase VCF+ and VCF-S licenses as part of the VMware Cloud Universal program.
Note: You can mix VCF-S with perpetual license keys as long as you use the same key (either or) for a workload domain.
Which VMware Cloud Foundation editions are available?
VCF is made for greenfield deployments (brownfield not supported) and supports two different architecture models:
Standard Architecture
Consolidated Architecture
The standard architecture separates management workloads and lets them run on a dedicated management workload domain. Customer workloads are deployed on a separate virtual infrastructure workload domain (VI workload domain). Each workload domain is managed by a separate vCenter Server instance, which allows autonomous licensing and lifecycle management.
Note: The standard architecture is the recommended model because it separates management workloads from customer workloads.
Customers with a small environment (or a PoC) can start with a consolidated architecture. This allows you to run customer and management workloads together on the same workload domain (WLD).
Note: The management workload domain’s default cluster datastore must use vSAN. Other WLDs can use vSAN, NFS, FC, and vVols for the principal storage.
What is a vSAN Stretched Cluster?
vSAN stretched clusters extend a vSAN cluster from a single site to two sites for a higher level of availability and inter-site load balancing.
Does VCF provide flexible workload domain sizing?
Yes, that’s possible. You can license the WLDs based on your needs and use the editions that make the most sense depending on your use cases.
How many physical nodes are required to deploy VMware Cloud Foundation?
A minimum of four physical nodes is required to start in a consolidated architecture or to build your management workload domain. Four nodes are required to ensure that the environment can tolerate a failure while another node is being updated.
VI workload domains require a minimum of three nodes.
This means, to start with a standard architecture, you need to have the requirements (and money) to start with at least sevenphysicalnodes.
What are the minimum hardware requirements?
These minimum specs have been listed for the management WLD since VCF 4.0 (September 2020):
Can I mix vSAN ReadyNodes and Dell EMC VxRail deployments?
No. This is not possible.
What about edge/remote use cases?
When you would like to deploy VMware Cloud Foundation workload domains at a remote site, you can deploy so-called “VCF Remote Clusters”. Those remote workload domains are managed by the VCF instance at the central site and you can perform the same full-stack lifecycle management for the remote sites from the central SDDC Manager.
Prerequisites to deploy remote clusters can be found here.
Note: If vSAN is used, VCF only supports a minimum of 3 nodes and a maximum of 4 nodes per VCF Remote Cluster. If NFS, vVOLs or Fiber Channel is used as principal storage, then VCF supports a minimum of 2 and a maximum of 4 nodes.
Important: Remote clusters and remote workload domains are not supported when VCF+ is enabled.
Does VCF support HCI Mesh?
Yes. VMware Cloud Foundation 4.2 and later supports sharing remote datastores with HCI Mesh for VI workload domains.
HCI Mesh is a software-based approach for disaggregation of compute and storage resources in vSAN. HCI Mesh brings together multiple independent vSAN clusters by enabling cross-cluster utilization of remote datastore capacity within vCenter Server. HCI Mesh enables you to efficiently utilize and consume data center resources, which provides simple storage management at scale.
Note: At this time, HCI Mesh is not supported with VCF ROBO.
What is SDDC Manager?
SDDC Manager is a preconfigured virtual appliance that is deployed in the management workload domain for creating workload domains, provisioning additional virtual infrastructure and lifecycle management of all the software-defined data center (SDDC) management components.
You use SDDC Manager in VMware Cloud Foundation to perform the following operations:
Commissioning or decommissioning ESXi hosts
Deployment of workload domains
Extension of clusters in the management and workload domains with ESXi hosts
Adding clusters to the management domain and workload domains
Support for network pools for host configuration in a workload domain
Product licenses storage
Deployment of vRealize Suite components.
Lifecycle management of the virtual infrastructure components in all workload domains, and of vRealize Suite Lifecycle Manager components.
Certificate management
Password management and rotation
NSX-T Edge cluster deployment in the management domain and workload domains
Backup configuration
How many resources does the VCF management WLD need during the bring-up process?
We know that VCF includes vSphere (ESXi and vCenter), vSAN, SDDC Manager, NSX-T and eventually some components of the vRealize Suite. The following table should give you an idea what the resource requirements look like to get VCF up and running:
If you are interested to know how many resources the Aria Suite (formerly vRealize Suite) will consume of the management workload domain, have a look at this table:
How can I migrate my workloads from a non-VCF environment to a new VCF deployment?
VMware HCX provides a path to modernize from a legacy data center architecture by migrating to VMware Cloud Foundation.
What is NSX Advanced Load Balancer?
NSX Advanced Load Balancer (NSX ALB) formerly known as Avi is a solution that provides advanced load balancing capabilities for VMware Cloud Foundation.
Which security add-ons are available with VMware Cloud Foundation?
VMware has different workload and network security offerings to complement VCF:
Yes, you can. With the VLC Lab Constructor, you can deploy an automated VCF instance in a nested configuration. There is also a Slack VLC community for support.
Learn why AWS developers love VMware Cloud on AWS and want to present it to their internal platform team.
I had booth duty at the AWS Swiss Cloud Day 2022 and had the chance to finally talk to people that normally do not talk to VMware folks like me. I believe I had not a single infrastructure or cloud architect talking to me the whole day and I have been approached by Linux administrators and developers only. After I explained to them our partnership and capabilities with AWS, they were mind blown!
“Michael, what is VMware’s business with AWS?”
“Why are you here at the event, you are only a hypervisor company, right?“
“Haha, what are you guys doing here?“
“What is the reason for VMware coming here? You are a competitor of AWS, no?“
Developers don’t want to do ops
Look, the developers did not know, that I have no developer background and spent most of my time with data centers. I already built true hybrid clouds almost 10 years ago before we had all the different hyperscalers and providers like Amazon Web Services. After I passed the AWS Solutions Architect Associate and AWS Developer Associate exams a few months ago, I finally understood better how complex software development and cloud migrations must be.
It is said that developers do not want to deal with operational concerns. And other developers want to understand the production environment to make sure that their code work. Additionally, we have the shift-left approach that puts more pressure on the developer’s shoulders, they do not have time for ops.
But after talking to a few developers, I had a light-bulb moment and the following truths came to the surface:
Developers had no clue how VMware can ease some of their pain
Developers liked my talk about infrastructure and ops
I need to bring more business cards to such events!!!
Developers are interested in infrastructure
Remember the questions from above? To answer the questions about VMware’s relevance or relationship with AWS, I used the first 2min to explain VMware Cloud on AWS to them. Yes, I started talking about infrastructure and not about Tanzu, developer experience, our open source projects, and contributions, or Tanzu Labs. The people visiting us at the booth were impressed that VMware and AWS have even specialists only focusing on this solution. Still, they were not convinced yet that VMware can do something good for them.
Okay, I got it. So what? What is the value?
How would someone with a VMware background answer such a question? Most of us usually see this situation as the right moment to talk about use cases like:
Data center exit or refresh (infrastructure modernization)
Burst Capacity
Low latency to AWS native services
Application modernization
Cloud migrations
So, which of these use cases are relevant and important to developers?
The developer’s story
The developers confirmed some statements of mine:
Cloud migrations take long and are not easy
Lift & shift migrations involve a lot of manual tasks
They either have to refactor their app on-premises first and then move to the public cloud or start from scratch on AWS
I say it again, software development is complex. Developers need to modernize existing applications on-premises and then migrate them somehow to AWS because you cannot always start from scratch.
Imagine this: You have an application that was deployed and operated for years in your data centers. Most probably you don’t even understand all the dependencies and configurations anymore since the years have passed. Maybe you are not even the guy who initially developed this application.
Note: The only thing that can be assumed, is, that your infrastructure is most likely running on a VMware-based cloud.
Now you need to start modernizing this application, which takes months or even years. When you are done with your task, you have to figure out how to bring this application over to AWS. Because you had to spend all your time refactoring this application, there was no time to build new AWS skills. At least not during normal office hours.
Lift and shift is easy, right?
Nope. When it would be easy, why does the migration in most cases take longer than expected and cost more than expected? When you have to exit a data center for any reason and need to bring some of your workloads over to a public cloud like AWS, then a lift and shift approach is the best and fastest approach. But somehow organizations do not see much value in using this approach during their cloud adoption. At least not with VMware.
But if a consulting firm or AWS themselves tell the customer, that lift and shift is a good idea, their customers suddenly see the benefit even if they have to add millions to their estimated budget. Consulting firms are not cheap, and neither are lift and shift projects with different underlying technologies like having VMware as the source site on-premises and AWS (or any other public cloud provider) as the destination. But hey, good for your company if they have this extra money.
Lift and shift brings no innovation
Different organizations have different agendas and goals. For some, solely running their virtual machines and containers, and using cloud native services is enough for them – no matter the costs. Others expect that economies of scale bring the necessary cost advantages over time while they implement and deliver innovation.
That is why some companies see lift and shift as the approach, which brings no innovation. It is complex, not easy, takes longer, costs more and in the end, you don’t use cloud native services (yet).
It is time now to change the perspective and narrative because I get why you think that lift and shift brings no innovation.
Forget Lift and Shift – Do Lift and Learn
So, our use case here is application modernization. A developer needs to modernize and migrate an application, ideally at the same time. No wonder why some of you may think that lift and shift brings no innovation: because you modernize later.
Developers struggle. They struggle very much. After I explained VMware Cloud on AWS and mentioned, that a lift and learn approach is the better way that makes their life much easier, they asked me for my business card. It took less than 24h until I received my first two e-mails to organize a meeting.
Give developers more time.
Developers and ops teams need to have enough time to skill up, to learn and understand the new things. You have to break and fix things first in the new world before you can truly understand it. They loved the idea of lift and learn:
Lift and shift your applications first with VMware Cloud on AWS. A true hybrid cloud approach, where the technology format is the same (on-prem and on AWS), will speed up your cloud adoption timeline and therefore save costs. Your workload now runs in the public cloud. Check!
Since the cloud migration didn’t take 12 months, but more something like 3-4 months, your developers can use the additional time to learn and understand how to build things on AWS! The developers are happy because they have less pressure now and can play around with new stuff.
After they have understood the new world, they can start modernizing different parts of the application. What has started with a legacy/traditional application, becomes a hybrid application and eventually a fully modernized app over time.
The stepping stone to becoming cloud native
Some of you may think now that VMware and its solution with VMC on AWS is just a temporary solution before going completely, cloud native. Let us take a step back again quickly.
When I joined VMware in 2018, they talked about 70mio workloads running on their platform. This year at VMware Explore (formerly VMworld) they showed several 85mio VMware-based workloads. This is proof to me, that:
the cloud adoption does not happen as fast as expected,
on-premises data centers and VMware is not legacy,
VMware is more than only a “hypervisor” company,
cloud native and container-based workloads do not always make sense and
virtual machines are still going to exist for a while.
These are some pointers to why AWS has this partnership with VMware. As you can see, VMware is very strategic and relevant and should be part of every cloud and application modernization conversation.
Call to action
Just because a lot of people say that developers do not care about ops and are not interested in talking to “infrastructure guys” like me, does not mean that this statement/assumption is true. My conversations from AWS Swiss Cloud Day 2022 clearly showed that developers need to know more about the options and value that companies like VMware can bring to the table.
Do not let developers only talk to developers. Do lift and learn.
Everyone talks about multi-cloud and in most cases they mean the so-called big 3 that consist of Amazon Web Services (AWS), Microsoft Azure and Google Cloud. If we are looking at the 2021 Gartner Magic Quadrant for Cloud Infrastructure & Platform Services, one can also spot Alibaba Cloud, Oracle, IBM and Tencent Cloud.
VMware has a strategic partnership with 6 of these hyperscalers and all of these 6 public clouds offer VMware’s software-defined data center (SDDC) stack on top of their global infrastructure:
While I mostly have to talk about AWS, AVS and GCVE, I am finally getting the chance to attend a OCVS customer workshop led by Oracle. That is why I wanted to prepare myself accordingly and share my learnings with you.
Amazon Web Services, Microsoft Azure and Google Cloud dominate the cloud market, but Oracle has unique capabilities and characteristics that no one else can deliver. Additionally, Oracle’s Cloud Infrastructure (OCI) has shown an impressive pace of innovation in the past two years, which led to a 16% increase on Gartner’s solution scorecard for OCI (November 2021, from 62% to 78%), which put them into the fourth place behind Alibaba Cloud!
What is Oracle Cloud VMware Solution?
Oracle Cloud VMware Solution or OCVS is a result of the strategic partnership announced by VMware and Oracle in September 2019. Like the other VMware Cloud solutions like VMC on AWS, AVS or GCVE, Oracle Cloud VMware Solution will enable customers to run VMware Cloud Foundation on Oracle’s Generation 2 Cloud Infrastructure.
Meaning, running an on-premises VMware-based infrastructure combined with OCVS should make cloud migrations easier and faster, because it is the same foundation with vSphere, vSAN and NSX.
Key Differentiator #1 – Different SDDC Bundles
Customers can choose between a multi-host SDDC (minimum of 3 production hosts) and a single-host SDDC, that is made for test and dev environments. Oracle guarantees a monthly uptime percentage of at least 99.9% for the OCVS service.
OCVS offers three different ESXi software versions and supports the following versions of other components:
The VMware Cloud offerings from AWS, Azure or Google are all vendor-controlled and customers get limited access to the VMware hosts and infrastructure components. With Oracle Cloud VMware Solution, customers get baremetal servers and the same operational experience as on-premises. This means full control over VMware infrastructure and its components:
SSH access to ESXi
Edit vSAN cluster settings
Browse datastores; upload and delete files
Customer controls the upgrade policy (version, time, defer)
Oracle has NO ACCESS after the SDDC provisioning!
Note: According to Oracle it takes about 2 hours to deploy a new SDDC that consists of 3 production hosts.
Customers can choose between Intel- and AMD-based hosts:
Two-socket BM.DenseIO2.52 with two CPUs each running 26 cores (Intel)
Two-socket BM.DenselO.E4.128 with two CPUs each running 16 cores (AMD)
Two-socket BM.DenselO.E4.128 with two CPUs each running 32 cores (AMD)
Two-socket BM.DenselO.E4.128 with two CPUs each running 64 cores (AMD)
Details about the compute shapes can be found here.
Key Differentiator #3 – Availability Domains
To provide high throughput and low latency, an OCVS SDDC is deployed by default across a minimum of three fault domains within a single availability domain in a region. But, upon request it is also possible to deploy your SDDC across multiple availability domains (AD), which comes with a few limitations:
While OCVS can scale from 3 up to 64 hosts in a single SDDC, Oracle recommends a maximum of 16 ESXi hosts in a multi-AD architecture
This architecture can have impacts on vSAN storage synchronization, and rebuild and resync times
Most hyperscaler only let you use two availability zones and fault domains in the same region. With Oracle it is possible to distribute the minimum of 3 hosts to 3 different availability domains. An availability domain consists of one or more data centers within the same region.
Note: Traffic between ADs within a region is free of charge.
Key Differentiator #4 – Networking
Because OCVS is customer-managed and can be operated like your on-premises environment, you also get “full” control over the network. OCVS is installed within a customers’ tencancy, which gives customer the advantage to run their VMware SDDC workloads in the same subnet as OCI native services. This provides lower latency to the OCI native services, especially for customers that are using Exadata for example.
Another important advantage of this architecture is capability to create VLAN-backed port groups on your vSphere Distributed Switch (VDS).
Key Differentiator #5 – External Storage
Since March 2022 the OCI File Storage service (NFS) is certified as secondary storage for an OCVS cluster. This allows customers to scale the storage layer of the SDDC without adding new compute resources at the same time.
And just announced on 22 August 2022, with Oracle’s summer ’22 release, OCVS customers can now connect to a certified OCI Block Storage through iSCSI as a second external storage option.
Block Storage provides high IOPS to OCI, and data is stored redundantly across storage servers with built-in repair mechanisms with a 99.99% uptime SLA.
Key Differentiator #6 – Billing Options
OCVS is currently only sold and supported by Oracle. Like with other cloud providers and VMware Cloud offerings, customers have different pricing options depending upon their commitment levels:
On-demand (hourly)
1 month
1 year
3 years
The rule of thumb for any hyperscaler says, that a 1-year commitment get around 30% discount and the 3-year commitments are around 50% discount.
The unique characteristic here is the monthly commitment option, which is caluclated with a discount of 16-17% depending on the compute shape.
Currently, OCI is available in 39 different cloud regions (21 countries) and Oracle announced five more by the end of 2022. On day one of each region, OCVS is available with a consistent and predictable pricing that doesn’t vary from region to region.
To compare: AWS has launched 27 different regions with 19 being able to host the VMware Cloud on AWS service. In Switzerland, AWS just opened their new data center without having the VMware Cloud on AWS service available, while OCVS is already available in Zurich.
Use Cases
While OCVS is a great solution for joint VMware and Oracle customers, it is not necessary for customers to using Oracle Cloud Infrastructure native solutions.
Data Center Expansion
As you just learned before, OCVS is a great fit if you want to maintain the same VMware software versions on-premises and in OCI. The classic use case here is the pure data center expansion scenario, which allows you to stretch your on-premises infrastructure to OCI, without the need to use their native services.
VMware Horizon on OCVS
As I mentioned at the beginning, Oracle Cloud VMware Solution is based on VMware Cloud Foundation and so it is no surprise that Horizon on OCVS is fully supported.
The Horizon deployment on OCVS works a little bit different compared to the on-premises installation and there is no feature parity yet:
Horizon on OCVS does not support vGPUs yet.
Horizon on OCVS does not support IPv6 yet.
Horizon on OCVS does not support vTPM yet. In this situation it is recommended to use shielded OCVS instances.
Note: The support of NSX Advanced Load Balancer (Avi) is still a roadmap item
VMware Tanzu for OCVS
Since April 2022 it is possible for joint VMware and Oracle customers to use Tanzu Standard and its components with Oracle Cloud VMware Solution. Tanzu Standard comes with VMware’s Kubernetes distribution Tanzu Kubernetes Grid (TKG) and Tanzu Mission Control, which is the right solution for multi-cloud, multi-cluster K8s management.
With TMC you can deploy and manage TKG clusters on vSphere on-premises or on Oracle Cloud VMware Solution. You can even attach existing Kubernetes clusters from other vendors like RedHat OpenShift, Amazon EKS or Azure Kubernetes Service (AKS).
Last year at VMworld 2021, VMware mentioned and announced a lot of (new) projects they are working on. What happened to them and which new VMware projects have been mentioned this year at VMware Explore so far?
Project Ensemble – VMware Aria Hub
VMware unveiled their unified multi-cloud management portfolio called VMware Aria, which provides a set of end-to-end solutions for managing the cost, performance, configuration, and delivery of infrastructure and cloud native applications.
VMware Aria is anchored by VMware Aria Hub (formerly known as Project Ensemble), which provides centralized views and controls to manage the entire multi-cloud environment, and leverages VMware Aria Graph to provide a common definition of applications, resources, roles, and accounts.
VMware Aria Graph provides a single source of truth that is updated in near-real time. Other solutions on the market were designed in a slower moving era, primarily for change management processes and asset tracking. By contrast, VMware Aria Graph is designed expressly for cloud-native operations.
Project Arctic has been introduced last year as a Technology Preview and was described as “the next step in the evolution of vSphere in a multi-cloud world”. What has started with the idea of bringing VMware Cloud services closer to vSphere, has evolved to a even more interesting and enterprise-ready version called vSphere+ and vSAN+. It includes developer services that consist of the Tanzu Kubernetes Grid runtime, Tanzu Mission Control Essentials and NSX Advanced Load Balancer Essentials. VMware is going to add more and more VMware Cloud add-on services in the future. Additionally, VMware even introduced VMware Cloud Foundation+.
Project Iris – Application Transformer for VMware Tanzu
VMware mentioned Project Iris very briefly last year at VMworld. In February 2022, Project Iris became generally available and is since then known as Application Transformer for VMware Tanzu.
Project Northstar
At VMware Explore on day 1, VMware introduced Project Northstar, which will provide customers a centralized cloud console that gives them instant access to networking and security services, such as network and security policy controls, Network Detection and Response (NDR), NSX Intelligence, Advanced Load Balancing (ALB), Web Application Firewall (WAF), and HCX. Project Northstar will be able to apply consistent networking and security policies across private cloud, hybrid cloud, and multi-cloud environments.
At VMware Explore on day 1,VMware unveiled Project Watch, a new approach to multi-cloud networking and security that will provide advanced app-to-app policy controls to help with continuous risk and compliance assessment. In technology preview, Project Watch will help network security and compliance teams to continuously observe, assess, and dynamically mitigate risk and compliance problems in composite multi-cloud applications.
Project Trinidad
Also announced at VMware Explore day 1 and further explained at day 2, Project Trinidad extends VMware’s API security and analytics by deploying sensors on Kubernetes clusters and uses machine learning with business logic inference to detect anomalous behavior in east-west traffic between microservices.
Project Trinidad just dropped from @vmwocto xLabs! This project is near and dear to my heart! (Happy Independence Day 🇹🇹!!! 😉)
Project Narrows introduces a unique addition to Harbor, allowing end users to assess the security posture of Kubernetes clusters at runtime. Images previously undetected, will be scanned at the time of introduction to a cluster, so vulnerabilities can now be caught, images may be flagged, and workloads quarantined.
Project Narrows adding dynamic scanning to your software supply chain with Harbor is critical. It allows greater awareness and control of your running workloads than the traditional method of simply updating and storing workloads.
VMware is open sourcing the initial capabilities of Project Narrows on GitHub as the Cloud Native Security Inspector (CNSI) Project.
Also introduced on day 2, Project Keswick is about simplifying edge deployments at scale. It comes as an xLabs project coming out of the Advanced Technology Group in VMware’s Office of the CTO.
A Keswick deployment is entirely automated and uses Git as a single source of truth for a declarative way to manage your infrastructure and applications through desired state configuration enabled by GitOps. This ensures the infrastructure and applications running at the edge are always exactly what they need to be.
At VMware Explore 2022 day 2, VMware demonstrated what they believe to be the world’s first quantum-safe multi-cloud application!
VMware developed and presented Project Newcastle, a policy-based framework enabling and orchestrating cryptographic transition in modern applications.
Integrated with Tanzu Service Mesh, Project Newcastle gives users greater insight into the cryptography in their applications. But that’s not all — as a platform for cryptographic agility, Project Newcastle automates the process of reconfiguring an application’s cryptography to comply with user-defined policies and industry standards.
Closing Comment
Which VMware projects excite you the most? I’m definitely going with Project Ensemble (Aria Hub) and Project Newcastle!
Michael Rebmann is currently working as a Lead Solution Architect for VMware by Broadcom in Switzerland and focuses on some of the largest and most strategic customers. Michael engages with the community as a co-leader of the Swiss German VMUG and became a VMware vExpert PRO in 2022. Opinions are his own.
VMware CMTY Podcast #607 – VMware Cloud Foundation
VMware CMTY Podcast #546 – VMware Carbon Black Cloud Workload
Key Differentiator #1 – Different SDDC Bundles
