+38 (044) 277-23-23Business center «Panorama Na Pechersʹku», 2 floor, office 4-5 Yevhena Konovaltsia St, 44-b, Kyiv, Ukraine

Võru tn 165, RopkaTartu, Estonia

Bulevardul Corneliu Coposu 6-8 București, Romania

We use cookies for our website. By continuing to browse the site, you agree to our use of cookies.

Read more
I agree
Home Blog News VMware vSphere 8 virtualization platform announced

VMware vSphere 8 virtualization platform announced

Get a consultation

As part of the events on the first day of the VMware Explore 2022 conference, the VMware vSphere 8 virtualization platform was announced. Many data center administrators and managers were looking forward to this event, because two and a half years have passed since the release of the last major version of the VMware vSphere 7 platform.

Let’s see what’s new in VMware vSphere 8. The innovations are concentrated in 4 main areas:

  • Taking advantage of cloud workloads for on-premises infrastructure
  • Significant improvement in productivity
  • Improvement of operational tools
  • New functionality for DevOps staff that accelerates application deployment and maintenance

So, let’s look at all the new features in order:

1. vSphere Distributed Services Engine

For quite a long time now, hardware vendors have been trying to free up some CPU functions by handing them over to the appropriate server components (vGPU module, network card with offload functions, etc.), isolating them as much as possible. But all this new hardware architecture won’t work well without changes in the software platform.

vSphere 8 introduces a new feature called the vSphere Distributed Services Engine, previously called Project Monterey. Project Monterey is a redesign of the vSphere Cloud Foundation architecture in such a way that native integration of new hardware capabilities and software components appears. For example, the new SmartNIC hardware technology enables high performance, zero-trust security, and easy operation in a VCF environment. Due to the SmartNIC technology, the VCF infrastructure will support operating systems and applications running on “bare hardware” (without a hypervisor and separately from it).

With the help of Data Processing Units (DPU) modules that already exist today in PCIe devices, such as NICs or GPUs, it is possible to implement this technology for managing hosts and storage at the ESXi hypervisor level.

In vSphere 8, the ESXi hypervisor is installed directly in the Data Processing Unit, which allows you to operate the functions of the devices, using their resources directly and ensuring maximum performance.

During the release of vSphere 8, clean installations on DPUs that provide offload of NSX functionality to network devices will be supported. The lifecycle of the vSphere Distributed Services Engine is managed by the vSphere Lifecycle Manager. Hosts with an ESXi hypervisor installed in the DPU will always maintain the current version.

Using vSphere Distributed Switch 8.0 and the NSX solution, network services will be executed directly on the DPU without using x86 processor resources, improving the direct visibility of network traffic, system security and their isolation – everything you expect from NSX.

2. Improving vSphere with Tanzu

Here are some basic concepts to help you understand the new vSphere 8 functionality for working with Kubernetes clusters:

  • Tanzu Kubernetes Grid on vSphere 8 is a means of consolidating Tanzu Kubernetes solutions in one executable environment from VMware.
  • Workload Availability Zones are tools for isolating workloads within vSphere clusters. Supervisor clusters and Tanzu Kubernetes clusters can be located in different zones to increase cluster availability where nodes are not used in the same vSphere clusters.
  • ClusterClass is a way to define a cluster configuration via the ClusterAPI specification.
  • PhotonOS and Ubuntu are base images that can be customized and saved in the content library for use in the Tanzu Kubernetes environment.
  • Pinniped Integration – an authentication solution for Tanzu Kubernetes clusters that supports LDAP and OIDC protocols. You can define identity providers to be used for supervisor clusters and Tanzu Kubernetes clusters.

Stability and availability within Workload Availability Zones for Supervisor clusters and Tanzu Kubernetes clusters is ensured by stretching workloads between vSphere clusters, while fully supporting the mechanics of vSphere Namespaces.

Three Workload Availability Zones are required to provide high availability. When activating Workload Management, you can choose to deploy between Workload Availability Zones or within the same cluster. In the first version of this mechanism, the vSphere cluster <> Availability Zone relationship is built as 1:1.

ClusterClass allows you to declaratively define the Tanzu Kubernetes cluster configuration and packages to be installed by default. These decisions are made by the DevOps team. They may include packages for network communication, storage, cloud providers, authentication mechanisms, and metrics collection. That is, ClusterClass is a specification of a Tanzu Kubernetes cluster based on the ClusterAPI, which is managed by the cluster supervisor.

After the cluster is deployed, developers and DevOps professionals can add optional packages through the Tanzu Standard Package Repository. These packages may include Contour tools, certificate management utilities, logging, traffic monitoring (such as Prometheus), Grafana visualization, and external DNS services. All of this is managed through the Tanzu CLI.

In vSphere 7, authentication worked through the integration mechanism with vCenter Single Sign-On. Now you can continue to use it, but another method has appeared – Pinniped integration. Tanzu Kubernetes clusters and the supervisor cluster now have direct access via OIDC or LDAP to the Identity Provider (IDP) without using vCenter Single Sign-On. Pinniped containers are automatically deployed in clusters for complete integration readiness.

  • DevOps use Tanzu CLI login to authenticate to Supervisor and TKC clusters
  • Pinniped integration federates access via IDP
  • IDP returns a login link or shows an authentication window
  • DevOps user enters IDP account settings
  • After authentication in IDP, there is a redirection to Pinniped
  • The Tanzu CLI builds the kubeconfig file that is required to access the Supervisor and TKC clusters

3. Life cycle management tools

As mentioned above, vSphere 8 has DPU support in vSphere Lifecycle Manager to automatically update ESXi hypervisors on these devices. At the same time, staging of updates and upgrades, parallel rolling of updates and work with standalone hosts are supported to ensure complete identity of functions of vLCM and the legacy Update Manager. Standalone hosts can be managed via API.

vSphere Configuration Profiles Technical Preview is a new generation of cluster configuration management tools and will replace the existing Host Profiles functionality in the future.

The Baseline lifecycle management mechanism, formerly known as the vSphere Update Manager product, is already deprecated in vSphere 8. It is still supported, but this is the last release of vSphere where it is present.

vSphere Lifecycle Manager can send updates to staging in advance for subsequent rolling into the production environment. Staging of updates can be done without putting hosts in maintenance mode. Firmware updates can also be sent to staging thanks to the integration with Hardware Support Manager.

vSphere Lifecycle Manager can upgrade ESXi hosts in parallel, reducing the total time required to upgrade a cluster. The administrator can specify whether to update all hosts currently in maintenance mode or specify a maximum number of concurrent update tasks.

Also in vSphere 8, a preview of the vSphere Configuration Profiles technology is available, which will replace Host Profiles:

The desired configuration is defined at the level of the cluster object and is applied to all its hosts. All hosts must have a single, consistent configuration. Deviations from the configuration level are monitored and reported to the administrator, who can eliminate these differences with a click.

While this functionality is in Tech Preview status, users can use the standard Host Profiles mechanism.

Also, vCenter now saves the state of the cluster after restoring itself from a backup. This is possible because ESXi hosts store a distributed key-value store that defines the state of the cluster.

4. Improvements for AI and ML loads

Unified management tools for AI/ML Hardware Accelerators are now available. Device Groups allow virtual machines to organize simpler and more convenient consumption of hardware resources such as NICs and GPUs that interact with each other. NVIDIA will be the first VMware partner to support Device Groups with all necessary compatible drivers.

A group consists of two or more devices on the same PCIe switch or connected directly to each other. For the vSphere 8 platform, these devices are represented as a single module group.

Device Groups are added to virtual machines through the Add New PCI Device workflow. The vSphere DRS and vSphere HA mechanisms support these device groups and will ensure that VMs are found so that they can access their group.

Device Virtualization Extensions, built on Dynamic DirectPath I/O technology, provide a new framework and API for third-party vendors to build virtual devices that communicate with the hardware. This enables better support for vSphere vMotion, Suspend/Resume, and memory and disk snapshot mechanics.

5. Guest OS and virtual machines

The version of virtual hardware has been updated – Version 20 is available for virtual machines. The main innovations of the next generation are shown in the image:

Here we see much of what was discussed above.

The TPM Provision Policy has also now appeared. As many know, Windows 11 requires vTPM devices to be present in virtual machines. Cloning a machine with vTPM can be a threat because the TPM settings are also cloned.

To fix this problem, you can replace the vTPM device on the VM being created:

There is also a vpxd.clone.tpmProvisionPolicy policy that defines the default behavior when cloning machines from vTPM.

Some applications cannot survive even micro-latencies during vSphere vMotion. In this case, VMware provides a mechanism for writing migration aware applications that can integrate with vMotion. That is, the application can prepare for the migration event by stopping some services or switching to a backup copy of the clustered application. In this case, the application can use the configured timeout to delay the vMotion migration until it completes its migration preparation processes (but cannot reject it).

Telecom workloads require improved support for latency-demanding applications. High Latency Sensitivity with Hyper-threading features are designed to support these tasks and provide improved performance. In this case, the machine’s vCPU runs on the same physical CPU core in hyper-threading mode, particularly after migration.

High Latency Sensitivity with Hyper-threading settings require hardware version 20 and are available in the Advanced settings section for VMs:

In vSphere 8 + hardware version 20, a simple vNUMA topology configuration for virtual machines is now available:

Also, the CPU Topology dashboard with vNUMA configuration is now available for the virtual machine:

The vSphere DataSets feature enables the exchange of small volumes of data that rarely change between vSphere management tools and the guest operating system where VMware Tools are installed. For example, the status of the guest OS and its agent, information about the inventory, etc. can be stored there. The vSphere DataSets object moves with the VM, even when it changes the vCenter Server instance.

6. Management of virtual environment resources

VMware vSphere 7.0 Update 3 features vSphere Memory Monitoring and Remediation (vMMR). With vMMR, you can monitor memory performance in Intel PMem Memory Mode and receive alerts when ESXi runs out of DRAM, which can cause server performance to drop.

In vSphere 8, DRS performance has been significantly improved when the host has PMEM memory by using memory statistics to make better VM placement decisions and avoid situations where performance loss due to by memory.

Green Metrics also appeared in vSphere 8, which reflect the energy consumption of virtual machines from the point of view of the energy efficiency of the virtual data center.

They include:

  • power.capacity.usageSystem — how much energy the host spends on system activities that do not belong to virtual machines.
  • power.capacity.usageSystem — energy consumption in idle mode (the host does nothing, it’s just turned on).
  • power.capacity.usageVm — how much energy the host spends directly on running virtual machines.

7. Security and Compliance

The following innovations appeared here:

  • Prevent untrusted binaries from running by default if they are not installed as VIBs (execInstalledOnly setting).
  • vSphere 8 does not support TLS 1.0 and TLS 1.1 protocols. Previously, in vSphere 7, they were simply disabled, but now they simply do not exist – everything is transferred to TLS 1.2.
  • SSH Automatic Timeout – by default, the SSH session is terminated after a timeout.
  • Sandboxed Daemons – daemons and processes now work in a sandbox, where they have the minimum privileges, they need to perform their tasks.

When trying to install Trusted Platform Module (TPM) 1.2, the ESXi 8.0 server displays a warning during the installation or upgrade but does not prevent them.

You can read more about VMware vSphere 8 at this link. The VMware vSphere Distributed Services Engine Overview Hands-on Lab is also available right now. The official press release from VMware.

VMware Cloud Foundation+, VMware vSphere 8, VMware vSAN 8, and VMware Edge Compute Stack 2 are expected to be available for download by October 28, 2022.

VMware Cloud Foundation+, VMware vSphere 8, VMware vSAN 8, and VMware Edge Compute Stack 2 are expected to be available for download by October 28, 2022.

Do you want to use innovative and modern technologies? Contact our experts today. Call us at +38 (044) 277-23-23 or send us a letter at info@wiseit.com.ua, and we will tell you more about VMware solutions and their advantages.