VMware Explore US 2022 – VMware Projects and Day 2 Announcements

VMware Explore US 2022 – VMware Projects and Day 2 Announcements

Last year at VMworld 2021, VMware mentioned and announced a lot of (new) projects they are working on. What happened to them and which new VMware projects have been mentioned this year at VMware Explore so far?

Project Ensemble – VMware Aria Hub

VMware unveiled their unified multi-cloud management portfolio called VMware Aria, which provides a set of end-to-end solutions for managing the cost, performance, configuration, and delivery of infrastructure and cloud native applications.

VMware Aria is anchored by VMware Aria Hub (formerly known as Project Ensemble), which provides centralized views and controls to manage the entire multi-cloud environment, and leverages VMware Aria Graph to provide a common definition of applications, resources, roles, and accounts.

VMware Aria Graph provides a single source of truth that is updated in near-real time. Other solutions on the market were designed in a slower moving era, primarily for change management processes and asset tracking. By contrast, VMware Aria Graph is designed expressly for cloud-native operations.

VMware Explore US 2022 Session: A Unified Cloud Management Control Plane – Update on Project Ensemble [CMB2210US]

Project Monterey – DPU-based Acceleration for NSX

Last year introduced as Project Monterey and in technology preview, VMware announced the GA version of Monterey called DPU-based Acceleration for NSX yesterday.

Project Arctic – vSphere+ and vSAN+

Project Arctic has been introduced last year as a Technology Preview and was described as “the next step in the evolution of vSphere in a multi-cloud world”. What has started with the idea of bringing VMware Cloud services closer to vSphere, has evolved to a even more interesting and enterprise-ready version called vSphere+ and vSAN+. It includes developer services that consist of the Tanzu Kubernetes Grid runtime, Tanzu Mission Control Essentials and NSX Advanced Load Balancer Essentials. VMware is going to add more and more VMware Cloud add-on services in the future. Additionally, VMware even introduced VMware Cloud Foundation+.

Project Iris – Application Transformer for VMware Tanzu

VMware mentioned Project Iris very briefly last year at VMworld. In February 2022, Project Iris became generally available and is since then known as Application Transformer for VMware Tanzu.

Project Northstar

At VMware Explore on day 1, VMware introduced Project Northstar, which will provide customers a centralized cloud console that gives them instant access to networking and security services, such as network and security policy controls, Network Detection and Response (NDR), NSX Intelligence, Advanced Load Balancing (ALB), Web Application Firewall (WAF), and HCX. Project Northstar will be able to apply consistent networking and security policies across private cloud, hybrid cloud, and multi-cloud environments.

Graphical user interface Description automatically generated

VMware Explore US 2022 Session: Multi-Cloud Networking and Security with NSX [NETB2154US]

Project Watch

At VMware Explore on day 1,VMware unveiled Project Watch, a new approach to multi-cloud networking and security that will provide advanced app-to-app policy controls to help with continuous risk and compliance assessment. In technology preview, Project Watch will help network security and compliance teams to continuously observe, assess, and dynamically mitigate risk and compliance problems in composite multi-cloud applications.

Project Trinidad

Also announced at VMware Explore day 1 and further explained at day 2, Project Trinidad extends VMware’s API security and analytics by deploying sensors on Kubernetes clusters and uses machine learning with business logic inference to detect anomalous behavior in east-west traffic between microservices.

Project Narrows

Project Narrows introduces a unique addition to Harbor, allowing end users to assess the security posture of Kubernetes clusters at runtime. Images previously undetected, will be scanned at the time of introduction to a cluster, so vulnerabilities can now be caught, images may be flagged, and workloads quarantined.

Project Narrows adding dynamic scanning to your software supply chain with Harbor is critical. It allows greater awareness and control of your running workloads than the traditional method of simply updating and storing workloads.

VMware is open sourcing the initial capabilities of Project Narrows on GitHub as the Cloud Native Security Inspector (CNSI) Project.

VMware Explore US 2022 Session: Running App Workloads in a Trusted, Secure Kubernetes Platform [VIB1443USD]

Project Keswick

Also introduced on day 2, Project Keswick is about simplifying edge deployments at scale. It comes as an xLabs project coming out of the Advanced Technology Group in VMware’s Office of the CTO.

Bild

A Keswick deployment is entirely automated and uses Git as a single source of truth for a declarative way to manage your infrastructure and applications through desired state configuration enabled by GitOps. This ensures the infrastructure and applications running at the edge are always exactly what they need to be.

VMware Explore US 2022 Session: Edge Computing: What’s Next? [VIB1457USD]

Project Newcastle

At VMworld 2021, VMware talked the first time (I think) about cryptographic agility and even showed a short demo of a Post Quantum Cryptography (PQC) enabled Unified Access Gateway (using a proxy-based approach): 

Diagram of an HAProxy with TLS Termination and Quantum-Safe Cipher Support as a reverse proxy to communicate with a quantum-safe web browser.

At VMware Explore 2022 day 2, VMware demonstrated what they believe to be the world’s first quantum-safe multi-cloud application!

VMware developed and presented Project Newcastle, a policy-based framework enabling and orchestrating cryptographic transition in modern applications.

Integrated with Tanzu Service Mesh, Project Newcastle gives users greater insight into the cryptography in their applications. But that’s not all — as a platform for cryptographic agility, Project Newcastle automates the process of reconfiguring an application’s cryptography to comply with user-defined policies and industry standards.

Closing Comment

Which VMware projects excite you the most? I’m definitely going with Project Ensemble (Aria Hub) and Project Newcastle!

VMware Explore US 2022 – Summary of Day 1 Announcements

VMware Explore US 2022 – Summary of Day 1 Announcements

VMworld is now VMware Explore and is currently happening in San Francisco! This is a consolidated of the announcements from day 1 (August 30th, 2022).

VMware Introduces vSphere 8, vSAN 8 and VMware Cloud Foundation+

VMware today introduced VMware vSphere 8 and VMware vSAN 8—major new releases of VMware’s compute and storage solutions.

vSphere 8 – vSphere 8 introduces vSphere on DPUs, previously known as Project Monterey. In close collaboration with technology partners AMD, Intel and NVIDIA as well as OEM system partners Dell Technologies, Hewlett Packard Enterprise and Lenovo, vSphere on DPUs will unlock hardware innovation helping customers meet the throughput and latency needs of modern distributed workloads. vSphere will enable this by offloading and accelerating network and security infrastructure functions onto DPUs from CPUs.

ESXi on DPU

vSphere 8 will dramatically accelerate AI and machine learning applications by doubling the virtual GPU devices per VM, delivering a 4x increase of passthrough devices, and supporting vendor device groups which enable binding of high-speed networking devices and the GPU.

vSAN 8: vSAN 8 introduces breakthrough performance and hyper-efficiency. Built from the ground up, the new vSAN Express Storage Architecture (ESA) will enhance the performance, storage efficiency, data protection and management of vSAN running on the latest generation storage devices. vSAN 8 will provide customers with a future ready infrastructure that supports modern TLC storage devices and delivers up to a 4x performance boost.

VMware Cloud Foundation+ – VMware introduces a new cloud-connected architecture for managing and operating full stack HCI in data centers. Built on vSphere+ and vSAN+, VMware Cloud Foundation+ will add a new cloud-connected architecture for managing and operating full-stack HCI in our data center or co-location facility.

VMware Cloud Foundation+ will deliver new admin, developer and hybrid cloud services through a simplified subscription model and keyless entitlement. VMware Cloud Foundation 4.5 will enable VMware Cloud Foundation+ by adding vSphere+ and vSAN+, plus a cloud gateway that provides access to the VMware Cloud Console as part of the full stack architecture.

VMware Cloud for Hyperscalers

VMC on AWS – Amazon Elastic Compute Cloud (Amazon EC2) I4i instances for I/O-intensive Workloads: Powered by 3rd generation Intel® Xeon® Scalable processors (Ice Lake), Amazon EC2 instances help deliver better workload support and delivery, lower TCO, and increased scalability and application performance. Compared to I3, the I4i instances provide nearly twice the number of physical cores, twice the memory, three times the storage capacity, and three times the network bandwidth.

Amazon FSx for NetApp ONTAP Integration Availability – as a native AWS cloud storage service that is certified as a supplemental datastore for VMware Cloud on AWS, FSx for ONTAP offers fully managed shared storage built on the familiar NetApp ONTAP file system trusted by VMware customers running on premises today. Customers can now use FSx for ONTAP as a simple and elastic datastore for VMware Cloud on AWS, enabling them to scale storage up or down independently from compute while paying only for the resources they need.

VMware Cloud Flex Storage Availability – A new VMware-managed and natively integrated cloud storage and data management solution that offers supplemental datastore-level access for VMware Cloud on AWS. With just a few clicks in the VMware Cloud Console, customers can scale their storage environment without adding hosts, and elastically adjust storage capacity up or down as needed for every application. Customers also benefit from a simple, pay-as-you-consume pricing model. Together with VMware vSAN, VMware Cloud Flex Storage offers flexibility and customer value in terms of resilience, performance, scale, and cost in the cloud.

VMware Cloud Flex Compute – “Preview” of a new cloud compute model that will help customers get started faster with VMware Cloud on AWS. With this new model, VMware introduces a “resource-defined” cloud compute model in place of “hardware-defined” compute instance model which will provide customers higher flexibility, elasticity, and speed to better meet cost and performance requirements of enterprise applications. It will help customers get started faster with VMware Cloud on AWS by using smaller consumable units.

Azure VMware Solution – Customers will be able to purchase Azure VMware Solution as part of VMware Cloud Universal, a flexible purchasing and consumption program for executing multi-cloud and digital transformation strategies. VMware Cloud Director Service for Azure VMware Solution is also now available in Public Preview.

Google Cloud VMware Engine – VMware announced VMware Tanzu Standard edition on Google Cloud VMware Engine to help simplify Kubernetes adoption and management.

Oracle Cloud VMware Solution – New features and capabilities with VMware Tanzu Standard Edition and introduced support for single host SDDCs for non-production workloads.

VMware Cloud Management – VMware Aria

VMware unveiled a multi-cloud management portfolio called VMware Aria, which provides a set of end-to-end solutions for managing the cost, performance, configuration, and delivery of infrastructure and cloud native applications.

VMware Aria is a new brand for the vRealize components, Tanzu Observability by Wavefront and CloudHealth unified under one umbrella, one name.

The VMware products and services within the VMware Aria portfolio are:

  • VMware Aria Automation (formerly, vRealize Automation)
  • VMware Aria Operations (formerly, vRealize Operations)
  • VMware Aria Operations for Networks (formerly, vRealize Network Insight)
  • VMware Aria Operations for Logs (formerly, vRealize Log Insight)
  • VMware Aria Operations for Secure Clouds (formerly, CloudHealth Secure State)
  • VMware Aria Cost powered by CloudHealth (formerly, CloudHealth)
  • VMware Aria Operations for Applications (formerly VMware Tanzu Observability)
  • VMware Skyline

VMware Aria Products

VMware Aria is anchored by VMware Aria Hub (formerly known as Project Ensemble), which provides centralized views and controls to manage the entire multi-cloud environment, and leverages VMware Aria Graph to provide a common definition of applications, resources, roles, and accounts.

VMware Aria Graph provides a single source of truth that is updated in near-real time. Other solutions on the market were designed in a slower moving era, primarily for change management processes and asset tracking. By contrast, VMware Aria Graph is designed expressly for cloud-native operations.

VMware Aria provides features and functions that span management disciplines and clouds to deliver unique value for multi-cloud governance, cross-cloud migration, and actionable business insights. In addition, there are three new end-to-end management services built on top of VMware Aria Hub and VMware Aria Graph:

  • VMware Aria Guardrails – Automate enforcement of cloud guardrails for networking, security, cost, performance, and configuration at scale for multi-cloud environments with an everything-as-code approach
  • VMware Aria Migration – Accelerate and simplify the multi-cloud migration journey by automating assessment, planning, and execution in conjunction with VMware HCX
  • VMware Aria Business Insights – Discern relevant business insights from full-stack event correlation leveraging AI/ML analytics

Networking and Security

Project Northstar – Project Northstar is a SaaS-based network and security offering that will empower NSX customers with a set of on-demand multi-cloud networking and security services, end-to-end visibility, and controls. Customers will be able to use a centralized cloud console to gain instant access to networking and security services, such as network and security policy controls, Network Detection and Response (NDR), NSX Intelligence, Advanced Load Balancing (ALB), Web Application Firewall (WAF), and HCX. It will support both private cloud and VMware Cloud deployments running on public clouds and enable enterprises to build flexible network infrastructure that they can spin up and down in minutes.

Graphical user interface Description automatically generated

DPU-based Acceleration for NSX – Formerly known as Project Monterey, VMware announced that starting with NSX 4.0 and vSphere 8.0, customers can leverage DPU-based acceleration using SmartNICs. Offloading NSX services to the DPU can accelerate networking and security functions without impacting the host CPUs, addressing the needs of modern applications and other network-intensive and latency-sensitive applications.

Image of a SmartNIC

Project Trinidad – Available as tech preview, Project Trinidad extends VMware’s API security and analytics by deploying sensors on Kubernetes clusters and uses machine learning with business logic inference to detect anomalous behavior in east-west traffic between microservices.

Project Watch – VMware unveiled Project Watch, a new approach to multi-cloud networking and security that will provide advanced app-to-app policy controls to help with continuous risk and compliance assessment. In technology preview, Project Watch will help network security and compliance teams to continuously observe, assess, and dynamically mitigate risk and compliance problems in composite multi-cloud applications.

Additionally, VMware NSX Advanced Load Balancer adds new bot management capabilities to help enterprises address threats quickly and efficiently, providing enhanced multi-layer application protection with existing Web Application Firewall, DDoS protection, and API security.

Edge

VMware Edge Compute Stack 2.0 – VMware announced the VMware Edge Compute Stack v1.0 last year and is now adding more features and functionalities optimized for different use cases at the enterprise edge – shipped with vSphere 8 and Tanzu Kubernetes Grid 2.0. VMware, for the first time, will introduce initial support for non-x86 processor-based specialized small form factor edge platforms to simultaneously run IT/OT workloads and workflows on a single stack.

 

VMware Private Mobile Network (Beta) – Delivered by service providers, this new managed service offering provides enterprises with private 4G/5G mobile connectivity in support of edge-native applications. VMware will empower partners with a single PMN orchestrator to operate multi-tenant private 4G/5G networks with an enterprise-grade solution. 

Modern Applications (VMware Tanzu)

Tanzu Application Platform – VMware pre-announced new Tanzu Application Platform (TAP) 1.3 capabilities like the availability on RedHat OpenShift or the support for air-gapped installations for regulated and disconnected environments.

Tanzu Mission Control – Finally, VMware announced the preview for lifecycle management of Amazon Elastic Kubernetes Service (EKS) clusters, which enables direct provisioning and management of EKS clusters, which is awesome! I suppose we can expect the support for Azure Kubernetes Service (AKS) also coming very soon.

Tanzu Kubernetes Grid – With the release of TKG 2.0, VMware now includes a unified experience for applications running on any cloud. In the near future, Tanzu Kubernetes Grid 2.0 should support both Supervisor-based and VM-based management cluster models. On vSphere 8, both Supervisor-based and VM-based models will be supported, and VM-based management clusters will continue to be available on previous versions of vSphere and public clouds. This means in other words, that VMware continues with their “TKGS” and “TKGm” flavors.

Tanzu Service Mesh – Also pre-announced, VMware is adding several enterprise and application resiliency capabilities into Tanzu Service Mesh:

  • Support for customer-owned enterprise certificate authority through integration with Venafi
  • Improved security with enterprise-approved container image registries, data services support, external services support
  • and a global SLO dashboard that allows developers and site-reliability engineers to view all managed service SLOs, helping with capacity planning, troubleshooting, and understanding the health of their applications.

Read more about all the Tanzu announcements here.

Anywhere Workspace

VMware unveiled how it is advancing self-configuring, self-healing and self-securing outcomes across four key technology areas that are delivered by the Anywhere Workspace platform:

  • VDI and DaaS
  • Digital Employee Experience
  • Unified Endpoint Management
  • Security

VMware is introducing a next generation of VMware Horizon Cloud that will enable multi-cloud agility and flexibility. This new release represents a major update to Horizon Cloud on Microsoft Azure that can dramatically simplify the infrastructure that needs to be deployed inside customer environments, reducing infrastructure costs in some cases by over 70% while increasing scalability and reliability of VMware’s DaaS platform.

20K user infrastructure cost comparison

Workspace ONE UEM’s Freestyle Orchestrator will be expanding to include support for mobile devices.

Workspace ONE support for Windows OS multi-user mode is now available in Tech Preview for Azure Active Directory-based deployments; and it will soon be extended to Active Directory-based deployments.

VMware also announced the coming tech preview of Workspace ONE Cloud Marketplace, which will feature dashboards, widgets, reports, Freestyle Orchestrator workflows, and other resources that can be imported to help customers adopt additional solutions.

Horizon Managed Desktop –  I am very excited about this announcement, because it will provide a managed service offering that takes care of lifecycle services, support, and more, on top of a customer-provided infrastructure. This will help customers that don’t have in-house experts get to value with VDI faster.

Availability

VMware Cloud Foundation+, VMware vSphere 8, VMware vSAN 8 and VMware Edge Compute Stack 2.0 are all expected to be available by October 28, 2022 (the close of VMware’s Q3 FY23). VMware Private Mobile Network is expected to be available in beta in VMware’s Q3 FY23.

Closing Comment

Not bad for the first day, right? Stay tuned for more exciting VMware Explore announcements!

VMware vSphere+ and vSAN+ – The Multi-Cloud Workload Platform

VMware vSphere+ and vSAN+ – The Multi-Cloud Workload Platform

Everyone knows VMware made it possible with vSphere to virtualize the compute resources in your data centers. Then they moved to the software-defined data center (SDDC) approach that allows you to virtualize storage and network as well. And since a few years now, VMware is moving towards what I call a hybrid multi-cloud platform, which enables customers to unify multiple public clouds, private clouds and edge locations with the same underlying technology stack complemented by cross-cloud services. The industry analysts and vendors like VMware are even talking about the term “Supercloud“. But let us focus on the vSphere+ and vSAN+ announcement for now. 🙂

VMware is moving their customers to a subscription-based consumption model and has already various technologies and licenses that help customers with that on their (multi-cloud) journey:

But a subscription model and managed service offering was missing for customers that cannot or do not want to go down the VMware Cloud Foundation or VMware Cloud path, which includes vSphere, vSAN and NSX.

So, here is the next evolution of vSphere and vSAN.

vSphere+ and vSAN+

vSphere+ and vSAN+ are hybrid cloud solutions, which include a subscription license for your greenfield or brownfield deployments of vSphere and vSAN combined with a connection to VMware Cloud services (centralized management) that allows an easier and keyless management of your vSphere and vSAN infrastructure. You do not need to buy vCenter separately anymore and can deploy as many vCenter instances as needed for no additional cost! Finally, no more tracking and splitting of licenses!

How does it work?

It is very easy. To make it short, customers can connect their existing environment to a cloud management portal and at the same time migrate their perpetual licenses to subscription. There is no need to purchase anything else or move workloads to the cloud. You just need to follow four steps:

  1. Procure Subscription
  2. Deploy a new Cloud Gateway Appliance
  3. Connect and register Cloud Gateway with VMware Cloud
  4. Register on-premises vCenter(s)

vSphere+ Migration

Requirements

Your vSphere deployment must meet different software and hardware criteria for vSphere+.

ESXi and vCenter

Even tough vSphere 6.7 is reaching EoGS (End of General Support) on 15th October 2022, you can still use this version to start a free trial of vSphere+. The minimum required version for production environments is vCenter Server 7.0 Update 3g, which allows you to convert your vCenter to subscription and use the full vSphere+ feature set.

Note: vCenter Server HA (VCHA) mode configuration and Enhanced Linked Mode (ELM) are not supported.

Important: Your vCenter Server can only be used with vSphere+. Non-vSphere+ licensed hosts must be managed with a different vCenter Server.

vCenter Cloud Gateway

You can connect up to four vCenter Server instances to a vCenter Cloud Gateway, that needs to be deployed on-premises.

The vCenter Cloud Gateway uses 8 vCPUs, 28GB memory and 190GB of storage.

vCenter Cloud Gateway Appliance

Required Subscription Licenses

You can either purchase new subscriptions or convert your existing licenses to subscription. vSphere+ is licensed per core and requires a minimum of 16 cores per CPU for a predefined period of one, three or five years. This means, that a customer with a 12-core CPU count will be required to purchase a 16-core commitment for that CPU.

Note: VMware provides a small script (KB89116) that helps you to identify the number of cores

vCenter Cloud Gateway Appliance

Customers with vSphere Enterprise and Enterprise Plus are eligible for an upgrade to vSphere+

vSAN+ is configured as an add-on to vSphere+ (co-term) and is licensed in the same way based on the same metrics (minimum of 16 cores per CPU). vSAN Enterprise is the only edition available for a subscription upgrade to vSAN+.

Note: vSAN+ is currently not compatible with vSphere perpetual, NSX-V, Tanzu Basic, Site Recovery Manager (SRM). Customers wanting to use vSAN with these products should continue to use vSAN perpetual.

vSphere and vSphere+ Feature Comparison

What else is included with vSphere+ compared to a regular vSphere deployment? You will not see virtual machines without containers anymore. So, it is not a surprise that vSphere+ includes so-called developer services as well:

  • Tanzu Kubernetes Grid Service – Run your containerized applications on a certified Kubernetes distribution, integrated with vSphere, using your existing tooling and workflows to give developers on-demand access to conformant Kubernetes clusters on-premises.
  • Tanzu integrated services – Streamlines the deployment and management of local and in-cluster platform services, such as logging, registry, monitoring, and ingress, to easily configure and maintain a production-ready Kubernetes environment. This includes open-source packages like Harbor, Fluentbit, Prometheus, Grafana, Contour, Sonobuoy and Pinniped.
  • Tanzu Mission Control Essentials – This will enable developers and DevOps teams to centralize platform operations and manage multiple Kubernetes clusters with observability, troubleshooting, and resiliency. The Tanzu Mission Control Essentials feature set can be found here.
  • NSX Advanced Load Balancer Essentials – Feature set can be found here.

Here the list of admin services:

  • Cloud Console – Consolidate management of all vSphere deployments through a centralized cloud console (VMware Cloud Console).
  • Global inventory service – Visualize your inventory of vSphere resources and capacity to quickly understand your resource utilization across your vSphere estate.
  • Event view service – Get a consolidated view of events and alerts to quickly triage areas that need attention across your vSphere estate.
  • Security health check service – Evaluate the security posture of your entire vSphere infrastructure to identify security weaknesses or exposures.
  • Provision VM service – Quickly provision VMs from the VMware Cloud Console within any managed cluster.
  • Lifecycle management service – Simplify the lifecycle management of your vCenter instances – make updates with a single click and reduce the maintenance window so it is easier to schedule updates sooner. This gives you more rapid access to new features and address security vulnerabilities quickly. If there is a problem, you can easily roll back the update.
  • Configuration management service – Standardize and cascade vCenter configurations across your vSphere estate to quickly detect and remediate vCenter configuration drift.

Optional Add-On Services

There are a lot of VMware Cloud services that could add value, but the first optional add-on available for customers is VMware Cloud Disaster Recovery (VCDR).

With this add-on service, you will be able to reliably protect and recover mission-critical applications. Customers will benefit from integrated protection workflows directly within the vSphere+ cloud console that will streamline IT operations and reduce risk of downtime in the event of regional outages or ransomware attacks.

Walkthrough

William Lam wrote a nice blog about the onboarding and configuration of vSphere+: A first look at the new vSphere+ & vSAN+ Cloud Service

Start your free vSphere+ and vSAN+ Trial

VMware offers free vSphere+ and vSAN+ trials that allows you to explore these new capabilities except upgrading the vCenter Server from the VMware Cloud Console. Customers just need to deploy a vCenter Cloud Gateway and connect their vCenter Server instance(s) to VMware Cloud. No need to purchase any new licenses.

Please follow this link to try vSphere+ for free: https://vmc.vmware.com/infrastructure/vsphere/overview

vSphere+ Hands-on Lab

You do not have a lab environment? No problem! Check out this new hands-on lab (HOL): https://pathfinder.vmware.com/v3/path/vsphere_plus/section/step2/activity/vsphere_plus_hol

Where can I find more resources?

Please find below a list with additional information:

Stay tuned for more vSphere and vSAN announcements from VMware Explore next week! 

Current vSphere Subscription Licensing Options

Current vSphere Subscription Licensing Options

Update June 27, 2022: VMware announced vSphere+ and vSAN+

VMware is giving their customers more and more the option to move towards a subscription-based licensing model. In general, companies are moving away from the large pay-up-front deals and replace them with recurring subscriptions. Vendors like VMware are making a lot of investments to provide the structures, processes and capabilities to offer subscription licenses (and SaaS services). Organizations see the benefits of subscription licenses and this blog describes the current options if you want to move your vSphere perpetual licenses towards vSphere subscription.

vSphere+ Advantage – vSphere Subscription Service

Since December 2021, VMware offers vSphere Advantage in limited regions (aka Initial Availability).

vSphere Advantage gives you the flexibility to manage and operate your on-premises vSphere infrastructure while leveraging several VMware Cloud capabilities:

  • Transition from vSphere perpetual to vSphere subscription-based consumption for your vSphere deployments
  • Complete view of the globally distributed on-premises vSphere inventory
  • VMware-managed vCenter Servers (aka Project Arctic, not GA yet)

From a centralized VMware Cloud Console you can monitor events, alerts, capacity utilization, and the security posture of your vSphere infrastructure.

It is also possible now for you to plan and upgrade your existing vSphere licensing keys and replace them with vSphere Advantage, which enables you to make use of keyless entitlements. This keyless entitlement makes it very easy for customers to stay compliant all the time and to understand the current subscription usage.

vSphere+ Operations

To start using vSphere Advantage, you must enable communication between your on-premises vCenter Server and VMware Cloud by using a vCenter Cloud Gateway. This requires an outbound connection (443, HTTPS) only, no VPN is needed.

 

Current vCenter Server Requirements:

  • The vCenter Server version must be 7.0 Update 3a and later
  • Configure the vCenter Server with a backup and restore mechanism
  • Dedicate at least three ESXi hosts for the vCenter Server. (Recommended)
  • The vCenter Server must be self-managed. It must manage its own ESXi hosts and virtual machines

Unsupported vCenter Configurations:

  • Ensure that the vCenter Server is not configured in High Availability mode
  • If the vCenter Server is configured in Enhanced Linked Mode (ELM), unlink it from ELM. See Repoint a vCenter Server Node to a New Domain. ELM is no longer required because with vSphere Advantage you can monitor your entire vSphere inventory in a single pane of glass.
  • Ensure that the vCenter Server is not configured with NSX for vSphere, vRealize Operations Manager, Site Recovery Manager, vCloud Suite, or vSAN.

Project Arctic – VMware-Managed vCenter (Roadmap)

VMware introduced Project Arctic at VMworld 2021. Now it’s called vSphere Advantage. While a hybrid cloud operating model for vSphere becomes default now, it’s not yet possible to let VMware manage your vCenter Servers. We can expect that this capability will be shipped and made generally available somewhen in 2022.

VMware Edge Compute Stack

Edge Compute Stack (ECS) is a purpose-built stack that is available in three different editions (information based on initial availability from VMworld 2021):

VMware Edge Comput Stack Editions

As you can see, each VMware Edge Compute Stack edition has the vSphere Enterprise+ (hypervisor) included. Software-defined storage with vSAN is optional, but Tanzu for running containers is always part of each edition.

Note: The Edge Compute Stack includes vSphere subscription licenses.

Other Options

If you are running the VMware Cloud Foundation (VCF) stack and look for a managed service offering, which includes subscription-based licensing, have a look at the following alternatives:

As you can see, you can start small with vSphere Advantage and grow big with VMware Cloud Universal as the final destination.

Build a Digital Manufacturing Platform with the VMware Edge Compute Stack

Build a Digital Manufacturing Platform with the VMware Edge Compute Stack

VMware revealed their edge computing vision at VMworld 2021. In VMware’s view the multi-cloud extends from the public clouds to private clouds to edge. Edge is about bringing apps and services closer to where they are needed, especially in sectors like retail, transportation, energy and manufacturing.

In verticals like manufacturing the edge was always important. It’s about producing things than you can sell. If you cannot produce, you lose time and money. Reliability, stability and factory uptime are not new requirements. But why is edge becoming so important now?

Without looking at any analyst report and only providing experience from the field, it is clear why. Almost all of the large enterprises are migrating workloads from their global (central) data centers to the public cloud. At the same time, customers are looking at new innovations and technologies to connect their machines, processes, people and data in a much more efficient way.

Which requirement did all my customers have in common? They didn’t want to move their dozens or hundreds of edge infrastructures to the public cloud, because the factories should work independently and autonomously in case of a WAN outage for example. Additionally, some VMware technologies were already deployed at the edge.

VMware Edge Compute Stack

This is why VMware introduced the so-called “Edge Compute Stack” (ECS) in October 2021, which is provides a unified platform to run VMs alongside containerized applications at the far edge (aka enterprise edge). ECS is a purpose-built stack that is available in three different editions (information based on initial availability from VMworld 2021):

VMware Edge Comput Stack Editions

As you can see, each VMware Edge Compute Stack edition has the vSphere Enterprise+ (hypervisor) included, software-defined storage with vSAN is optional, but Tanzu for running containers is always included.

While ECS is great, the purpose of this article is about highlighting different solutions and technologies that help you to build the foundation for a digital manufacturing platform.

IT/OT Convergence

You most probably have a mix of home-grown and COTS (commercial off-the-shelf) software, that need to be deployed in your edge locations (e.g., factories, markets, shops etc.). In manufacturing, OT (operational technology) vendors have just started the adoption of container technologies due to unique technology requirements and the business model that relies on proprietary systems.

The OT world is typically very hardware-centric and uses proprietary architectures. These systems and architectures, which were put into production 15-20 years ago, are still functional. It just worked.

While these methods and architectures have been very good, the manufacturing industry realized that this static and inflexible approach resulted in a technology debt, that didn’t allow any innovation for a long period of time.

Manufacturing companies are moving to a cloud-native architecture that should provide more flexibility and vendor interoperability with the same focus in mind: To provide a reliable, scalable and flexible infrastructure.

This is when VMware becomes relevant again with their (edge) compute stack. VMware vSphere allows you to run VMs and containers on the same platform. This is true for IT and OT workloads, that’s IT partial IT/OT covergence.

You may ask yourself how you then would  design the network. I’ll answer this topic in a minute.

Kubernetes Operations

IT platform teams, who design and manage the edge have to expand their (VMware) platform capabilities that allow them to deploy and host containers. Like I said before, this is why Tanzu is included in all the VMware Edge Compute Stack editions. Kubernetes is the new Infrastructure-as-a-Service (IaaS) and so it makes only sense that the container deployment and management capability is included.

How do you provide centralized or regional Kubernetes management and operations if you don’t have a global (regional) data center anymore?

With a hybrid approach, by using Tanzu for Kubernetes Operations (TKO), a set of SaaS services that allow you to run, manage, connect and secure your container infrastructure across clouds and edge locations.

IT/OT Security

Now you have the right platform to run your IT and OT workloads on the same hypervisor or compute platform. You also have a SaaS-based control plane to deploy and manage your Kubernetes clusters. 

As soon as you are dealing with a very dynamic environment where containers exist, you are having discussions about software-defined networking or virtualized networks. Apart from that, every organization and manufacturer are transforming their network and security at the edge and talk about network segmentation (and cybersecurity!).

Traditionally, you’ll find the Purdue Model implemented, a concept model for industrial control systems (ICS) that breaks the network in two zones:

  • Information Technology (IT)
  • Operational Technology (OT)

The Purdue Model of Computer Integrated Manufacturing

Source: https://www.automationworld.com/factory/iiot/article/21132891/is-the-purdue-model-still-relevant 

In these IT and OT zones you’ll find subzones that describe different layers and the ICS components. As you can see as well, each level is secured by a dedicated physical firewall appliance. From this drawing one could say that the IT and OT world converge in the DMZ layer, because of the bidirectional traffic flow.

VMware is one of the pioneers when it comes to network segmentation that helps you driving IT/OT convergence. This is made possible by using network virtualization. As soon as you are using the VMware hypervisor and its integrated virtual switch, you are already using a virtualized network.

To bring IT and OT closer together and to provide a virtualized network design based on the Purdue Model including a zero-trust network architecture, you would start looking at VMware NSX to implement that.

In case you are looking for a software-defined load balancer or application delivery controller, have a look at NSX Advanced Load Balancer (formerly known as Avi).

PLC Virtualization

In level 2 of the Purdue Model, which hosts the systems for supervising, monitoring and controlling the physical process, you will find components like human-machine interfaces (HMI) and supervisory control and data acquisition (SCADA) software.

In level 3, manufacturing execution systems (MES) can be found.

Nowadays, most companies already run their HMIs, SCADAs and MES software in virtual machines on the VMware vSphere hypervisor.

The next big thing is the virtualization of PLCs (programmable logic controller), which is an industrial computer that controls manufacturing processes, such as machines, assembly lines and robotic devices. Traditional PLC implementations in hardware are costly and lack scalability.

That is why the company SDA was looking for a less hardware-centric but more software-centric approach and developed the SDA vPLC that is able to meet sub 10ms performance.

This vPLC solution is based on a hybrid architecture between a cloud system and the industrial workload at the edge, which has been tested on VMware’s Edge Compute Stack.

Monitoring & Troubleshooting

One area, which we haven’t highlighted yet, is the monitoring and troubleshooting of virtual machines (VMs). The majority of your workloads are still VM-based. How do you monitor these workloads and applications, deal with resource and capacity planning/management, and troubleshoot, if you don’t have a central data center anymore?

With the same approach as before – just with a cloud-based service. Most organizations rely on vRealize Operations (vROps) and vRealize Log Insight (vRLI) for their IT operations and platform teams gain visibility in all the main and edge data centers.

You can still use vROps and vRLI (on-premises) in your factories, but VMware recommends using the vRealize Cloud Universal (vRCU) SaaS management suite, that gives you the flexibility to deploy your vRealize products on-premises or as SaaS. In an edge use case the SaaS-based control plane just makes sense.

In addition to vRealize Operations Cloud you can make use of the vRealize True Visibility Suite (TVS), that extends your vRealize Operations platform with management packs and connectors to monitor different compute, storage, network, application and database vendors and solutions.

Factory VDI

Some of your factories may need virtual apps or desktops and for edge use cases there are different possible architectures available. Where a factory has a few hundred of concurrent users, a dedicated standalone VDI/RDSH deployment might make sense. What if you have hundreds of smaller factories and don’t want to maintain a complete VDI/RDSH infrastructure?

VMware is currently working on a new architecture for VMware Horizon (aka VMware Horizon Next-Generation) and their goal is to provide a single, unified platform across on-premises and cloud environments.  They also plan to do that by introducing a pod-less architecture that moves key components to the VMware-hosted Horizon (Cloud) Control Plane.

This architecture is perfectly made for edge use cases and with this approach customers can reduce costs, expect increased scalability, improve troubleshooting and provide a seamless experience for any edge or cloud location.

VMware Horizon Next-Generation 

Management for Enterprise Wearables

If your innovation and tech team are exploring new possibilities with wearable technologies like augmented reality (AR), mixed reality (MR) and virtual reality (VR) head-mounted displays (HMDs), then VMware Workspace ONE Unified Endpoint Management (UEM) can help you to securely manage these devices!

Workspace ONE UEM is very strong when it comes to the modern management of Windows Desktop and macOS operating systems, and device management (Android/iOS).

Conclusion

As you can see, VMware has a lot to offer for the enterprise edge. Organizations that are multi-cloud and keep their edge locations on-premises, have a lot of new technologies and possibilities nowadays.

VMware’s strengths are unfolded as soon as you combine different solutions. And these solutions help you to work on your priorities and requirements to build the right foundation for a digital manufacturing platform.

VMware Cloud on AWS – The Power of VMware and AWS

VMware Cloud on AWS – The Power of VMware and AWS

VMware Cloud on AWS (VMC on AWS) brings VMware’s software-defined data center (SDDC) stack to the AWS cloud. By using the same vSphere-based virtualization/cloud technology on-premises and in the public cloud, you can create a true hybrid cloud architecture, that enables you to get consistent operations by using consistent infrastructure.

VMC on AWS Overview

This solution comes with optimized access to the AWS services and is delivered, sold and supported by VMware, AWS and their partner networks.

As you can see above, VMC on AWS comes with the same VMware tools and integrates the VMware Cloud Foundation stack (vSphere for compute, vSAN for storage, NSX for networking) along with vCenter for management.

VMware Cloud on AWS runs on dedicated Amazon EC2 bare-metal infrastructure.

Instance Types

VMware Cloud on AWS comes with two different host configurations, which both require a minimum of two hosts per cluster.

VMC on AWS Instances

For identifying the right host types for specific use cases, check out the VMware Cloud on AWS sizer.

Note: 99.9% SLA for non-stretched clusters, 99.99% for stretched clusters

Single Host Starter Configuration

VMC on AWS allows you to deploy a starter configuration with a single host only (not available with i3en.metal hosts).

This small SDDC configuration allows customers to get their first experiences with this hybrid cloud offering during a 60-day time period. Such a setup is only appropriate for test and development or proof of concept use cases. You can run production workloads on this small VMC on AWS environment if you scale up to the minimum of two hosts before the 60-day period ends, otherwise your evaluation ends with you losing data.

Note: Not all features of the standard VMC service offering are available in this limited setting. The VMC on AWS service level offering also does not apply to this one-node offering.

Included VMware Software

The following software is included in single host and production configurations:

Single Hosts (non-production environments) Production (minimum 2 hosts)

Includes

  • VMware SDDC software: vSphere, vSAN, NSX-T, vCenter Server
  • VMware HCX
  • Dedicated Amazon EC2 Bare Metal Instances
  • VMware Global Support

Purchase separately

  • VMware Site Recovery
  • VMware Cloud Disaster Recovery
  • VMware vRealize Automation Cloud
  • VMware vRealize Operations Cloud
  • VMware vRealize Log Insight Cloud
  • VMware vRealize Network Insight Cloud
  • VMware Tanzu Standard

Not supported

  • Lifecycle management by VMware (updates, patches and upgrades)
  • High Availability (HA) and Stretched Clusters
  • Service Level Agreement (SLA)

Includes

  • VMware SDDC software: vSphere, vSAN, NSX-T, vCenter Server
  • VMware HCX
  • VMware Tanzu Services: TKG Service + TMC Essentials
  • Dedicated Amazon EC2 Bare Metal Instances
  • VMware Global Support
  • Lifecycle management by VMware (updates, patches and upgrades)
  • Support for High Availability (HA) and Stretched Clusters
  • Service Level Agreement (SLA)

Purchase separately

  • VMware Site Recovery
  • VMware Cloud Disaster Recovery
  • VMware NSX Advanced Firewall
  • VMware vRealize Automation Cloud
  • VMware vRealize Operations Cloud
  • VMware vRealize Log Insight Cloud
  • VMware vRealize Network Insight Cloud
  • VMware Tanzu Standard

VMware Cloud on AWS Outposts

If you want to get the agility and innovation of (VMware) Cloud in your own data center, delivered as a service, then VMC on AWS Outposts is for you.

VMC on AWS Outposts is a fully managed on-premises as-a-service offering, that stretches VMC on AWS to your data center or edge location. You’ll get dedicated Amazon Nitro-based EC2 bare-metal instances delivered on-premises with VMware Cloud Foundation running on top.

VMC on AWS Outposts

What’s included in the offering?

  • AWS Outposts 42u rack (we can also expect a half-rack offering in the future)
    • 3-8 hosts configurations based on i3en.metal
    • Dark host capacity included (for remediation, EDRS, scale-out and lifecycle management purposes)
    • Installed by AWS
  • AWS managed dedicated Nitro-based i3en.metal EC2 instance with local SSD storage
  • VMware managed SDDC software – vSphere, vSAN, NSX-T, vCenter Server
  • VMware HCX
  • VMware Cloud Console
  • Support by VMware SREs
  • Supply chain, shipment logistics and onsite installation by AWS
  • Ongoing hardware monitoring with break/fix support.

Use Cases

VMware Cloud on AWS Outposts is made for multiple use cases:

  • Data/App Locality
  • Low latency
  • Local data processing
  • Data sovereignty/compliance
  • Infrastructure modernization
  • Branche Office or large edge modernization

But this offering and VMC on AWS in general come with multiple other use cases which help orgnaizations to fulfill their cloud strategy.

App Modernization

VMware Cloud on AWS provides an infrastructure platform option for customers to modernize their existing enterprise applications on and enables them to run their enterprise workloads of today and tomorrow. With VMware Cloud on AWS, customers can run, monitor, and manage their Kubernetes clusters and virtual machines – all on the same infrastructure. VMware Tanzu Kubernetes Grid provides a consistent, upstream-compatible distribution of Kubernetes, that is tested, signed, and supported by VMware. Tanzu Kubernetes Grid is central to many of the offerings in the VMware Tanzu portfolio.

Solution Brief

Cloud Migration / Data Center Extension

VMC on AWS can help customers to expand to new locations. Maybe it’s an unplanned project or there are temporary or seasonal capacity needs. Some customers are also using such an offering to build a flexible test, lab or training environment in the public cloud.

Solution Brief

Cloud VDI

Adopt a robust, feature-rich cloud platform for virtual desktops and applications that can be used to deliver complete VDI infrastructure from the cloud. Or you can extend an existing on-premises VDI environment for desktop bursting, protection or proximity to applications running in AWS. Optimize infrastructure costs with flexible, consumption-based billing while paying only for what you use.

Solution Brief

Disaster Recovery

Another typical use case is disaster recovery. Customers are looking for an offsite approach with which they can prepare themselves for different kind of scenarios with “warm standby” or “active/active” configurations. There are different architectural options and also different solutions from VMware available, e.g.:

Hybrid Cloud Extension (HCX)

How can you bridge the gap between on-premises data centers and VMC on AWS to enable application migrations or workload mobility? HCX creates an encrypted, high-throughput, WAN-optimized, load-balanced, traffic-engineered hybrid interconnect automates the creation of network extensions.

In short: VMware HCX can interconnect different vSphere-based clouds and with that you achieve a fabric for workload mobility by using vMotion over different clouds. It even preserves existing network connections!

Imagine how much easier and faster application migrations can be done now.

Let’s see if there is a future, that customers need full workload mobility where regular migrations from and to different clouds can be done. Maybe there is a customer, who migrates workloads today from on-prem to VMC on AWS, tomorrow to Azure VMware Solution, the next week to Google Cloud VMware Engine, and in the end back to an on-premises data center where another fully managed service like VMC on Dell EMC is deployed. 😀

VMware Cloud on AWS with Tanzu Services

It was mentioned above already, VMware Cloud on AWS includes “Tanzu Kubernetes Service” and “Tanzu Mission Control Essentials”.

VMware Cloud with Tanzu Services has been introduced at VMworld 2021 as the “Easy path to enterprise-grade Kubernetes on a fully managed, multi-cloud ready IaaS and CaaS platform”:

VMware Cloud with Tanzu Services

 

This was also when Tanzu Services became available for VMC on AWS with the following capabilities:

  • Managed Tanzu Kubernetes Grid Service: Provision Tanzu Kubernetes clusters within a few minutes using a simple, fast, and self-service experience in the VMware Cloud console. The underlying SDDC infrastructure and capacity required for Kubernetes workloads is fully managed by VMware. Use vCenter Server for managing Kubernetes workloads by deploying Kubernetes clusters, provisioning role-based access and allocating capacity for Developer teams. Manage multiple TKG clusters as namespaces with observability, troubleshooting and resiliency in vCenter Server.
  • Built in support for Tanzu Mission Control Essentials: Attach upstream compliant Kubernetes clusters including Amazon EKS and Tanzu Kubernetes Grid clusters. Manage lifecycle for Tanzu Kubernetes Grid clusters and centralize platform operations for Kubernetes clusters using the Kubernetes management plane offered by Tanzu Mission Control. Tanzu Mission Control provides a global visibility across clusters and clouds and increases security and governance by automating operational tasks such as access and security management at scale.

VMware Cloud with Tanzu Services

Take a look at the VMware Tanzu Mission Control Feature Comparison Chart to better understand the feature set of TMC Essentials.

Did you know that the Tanzu Mission Control Standard Package is included with TMC Essentials?

As of November 2021, new clusters registered with TMC will have the Carvel package manager (the kapp-controller), deployed within the cluster. The “Catalog” page in the Tanzu Mission Control console allows you to view packages available from the Tanzu Standard repository (and your own custom Carvel package repositories) and install them in your Kubernetes clusters.

Tanzu Mission Control Packages

Application Transformer for VMware Tanzu for VMC on AWS

VMware announced the tech preview for Application Transformer for VMware Tanzu for VMware Cloud on AWS in September 2021.

Application Transformer for VMware Tanzu is a tool that aids organizations in discovering application types, visualizing application topology, choosing a modernization approach based on scores, and containerizing and migrating suitable legacy applications to enhance business outcomes. As an agentless tool, Application Transformer for Tanzu utilizes the VMware vCenter API to introspect VMs across an entire vSphere or VMware Cloud on AWS-based data center.

Application Transformer can help you to convert virtual machines and application components to OCI-compliant container images, that then can be deployed into the Tanzu Kubernetes stack.

There are several ways how customers get access to Application Transformer for VMware Tanzu:

Good news for everyone is that Application Transformer for VMware Tanzu became generally available in February 2022. With this, VMware Cloud on AWS customers also have limited access to this offering from now on. The access is through integration with VMware Cloud console. If customers desire full access to Application Transformer, they need to buy Tanzu Standard, Tanzu Advanced, Tanzu for Kubernetes Operations, or App Navigator.

Features & Roadmap

VMware provides a lot of information about the features and roadmap of VMware Cloud on AWS.

VMC on AWS FAQ

There is a large collection of FAQs available that can be found here.