What’s new in VMware vSphere 6.7 Update 1? Let’s look under the hood

Introduction

Some time ago, VMware released VMware vSphere 6.7 U1. You know, I am really happy to, finally, find some time to take a thorough look at it. vSphere 6.7 U1 is the most up-to-date version of this virtualization platform so far, thus it is good to know its new features to predict what to expect of the upcoming versions.

Well, I guess that this article is kinda of a long read. Honestly, I could not make it shorter as I wanted it to provide the entire picture of changes that were brought to vSphere 6.7 platform with U1. I hope you like it.

wp-image-569

What’s new in vSphere 6.7 U1?

wp-image-570

With U1, VMware brought a lot of cool things to vSphere 6.7. Here are some of them that I consider really interesting:

  • vCenter Server Converge Tool
  • Better VMware vSAN and functionality and new capabilities for hyper-converged infrastructures
  • Enhanced Content Library
  • vSphere Platinum Edition
  • At last, a fully-featured HTML 5 interface
  • vMotion for  NVIDIA Quadro Virtual GPU Data Center Workstation (Quadro vDWS) and support of Intel Field-programmable gate array (FPGA).

Now, I guess, it’s time to get more specific.

vCenter Server Convergence Tool

Before, VMware strongly recommended using an external Platform Services Controller (PSC). Though, things have changed with U1. vSphere 6.7 features an embedded PSC that has a much simpler architecture than an external one. Furthermore, VMware has added vCenter Server Convergence Tool to facilitate migrations from an external PSC to an embedded one.

To me, it seems that VMware just tires to encourage users to shift to embedded PSCs. Wait, what was so remarkable about external PSCs? Historically, external PSCs supported Enhanced Linked Mode (ELM) earlier than embedded ones. So, users just kept on using complex infrastructures of external PSCs with replication between the platforms even though embedded PSCs featured ELM starting with vSphere 6.5 U2. People just got used to complex architectures so much that did not want to waste their time migrating to the simpler ones.

Another nice thing about vCenter Server Convergence Tool is its ability to migrate vCenter with embedded PSC from one Single Sign-On (SSO) domain to another allowing flexibly to distribute SSO domains across the infrastructure.

To run vCenter Server Convergence Tool, simply deploy the vcsa-converge-cli command. The utility is supplied together with vCenter Server Appliance Server (vCSA) and can be set up via the JSON file.

C:\c7b5d5f14ec02d61f0bfe0dca804f4b5

Some enhancements for vSAN and HCI on the whole

In vSphere 6.7 U1, VMware has added the Cluster Quickstart feature ,allowing to initialize a cluster, add hosts to it, and set up identical configurations on each of them. This feature comes in handy when you need to provision an ESXi cluster quickly, or just add some extra hosts to it. It is also good for applying identical settings on all hosts and finding any configuration inconsistencies across the environment. Cluster Quickstart involves setting up High Availability and Distributed Resource Scheduler, Enhanced vMotion Compatibility, vSAN datastores, and networking including vSphere Distributed Switch.

Another important improvement is integration of I/O controller firmware update with vSphere Update Manager (VUM). From now on, I/O controller firmware is updated together with host drivers. Looks wonderful!

Content Libraries

Enhanced Content Libraries is another important thing about vSphere 6.7 U1.

Open Virtual Appliance (OVA) templates can now be imported from some HTTPS endpoint or your local storage. You also can just sync the content of OVA templates to other vCenter Servers.

While importing OVAs, Content Library handles and their certificate and manifest files in adherence to security best practices. Unfortunately, you cannot synchronize the templates themselves, but I guess that VMware soon will come up the way of doing that. Additionally, Content Library natively supports VM templates and some operations associated with them (i.e., deploying VM right from Content Library).

Why is it great to see this feature? It comes in handy when you need to adhere to some regulations of virtual infrastructure administration. Let’s say, you are an admin in small data center who has to stick to regulations of the large one. Content Libraries enable to subscribe all those small data centers to the updates released by the main one. Once the updates arrive, admins will apply new VM templates. Looks pretty convenient to me!

vSphere Platinum Edition with AppDefense

VMware vSphere Platinum Edition is a new offering for vSphere 6.7 U1 that effectively combines VMware vSphere Enterprise Plus and VMware AppDefense. The latter is an application whitelisting type technology that works in conjunction with NSX.

AppDefense baselines an operating system and learns which activity can be considered normal. Based on that baseline, AppDefense security mechanisms flag anything suspicious with subsequent isolation of VMs where signs of “malicious activity” were detected.

Full-fledged HTML 5 interface

VMware vSphere features a full-fledged HTML 5 client! Good stuff! For the past several versions of vSphere, VMware has been increasingly adding functionality to the client. Notwithstanding, there had always been some features that were not available in HTML 5 client, so users had to switch to the old Flex/Flash client time and again.

Well, anyone here seems to know why things could not be going like that anymore. While the performance of the Flex client has been improving, and the client itself was just getting better on the whole, major browsers (i.e., Chrome) made it increasingly difficult to use flash. Actually, that is the reason why we have grown to hate the Flash client.

The introduced HTML 5 client includes not only good old functionalities but also some new ones. For instance, setting up vCenter HA and vCenter Update Manager is simpler now. The new client also works with Content Libraries better, allowing to schedule tasks easier and use plots for monitoring utilization of your environment resources.

vMotion for NVIDIA vGPU and support of Intel FPGA

For vSphere 6.7 U1, VMware and NVIDIA have joined their forces to achieve higher flexibility and utilization of virtual infrastructure accelerated with NVIDIA vGPU.

For a better understanding of this innovation, let’s take a quick look at how vGPU works and what, actually, was the root cause of this innovation. Let’s say, you have a bunch of VMs that share a PCI device, which, in its turn, provides access to GPU. To access the resource easier, each VM takes a part of GPU BAR. There’s also a mechanism for BAR virtualization allowing to simplify migration processes; besides, there’s a good risk that your VMs won’t get any BAR space on the destination host. And, if you try to do something with this situation, there’s a risk to destabilize the guest OS or any other tasks involving GPU. Just imagine that your colleagues are doing some CAD modelling, and the application goes down all of a sudden. No fun!

In U1, GRID vPC, GRID vApps, and Quadro vDWS won’t suffer from admin’s interference in GPU-accelerated VDI or compute infrastructure. Things like emergency patching or carrying out some urgent infrastructure operations on a vGPU-accelerated infrastructure become totally painless for end-users. You can also live migrate the VMs that actively use NVIDIA GPUs. So, just feel free to do your job while other guys do theirs!

Another really cool thing about vSphere 6.7 U1 is support for Intel Programmable Acceleration Card with Intel Arria 10 GX FPGA. With that Programmable Acceleration Card, VMs can directly access the bare-metal devices via VMware DirectPath I/O mechanism. In this way, admins can make programmable hardware accelerator available in vSphere VMs providing them the full access to the device through Intel Acceleration Stack for Intel Xenon CPU with FPGA.

What’s new in ESXi 6.7 U1?

Some minor changes in the console

With all those cool features that U1 has brought to vSphere 6.7, many expect changes in the web-console. Well, there are, actually, very few of them. The interface looks pretty the same, but I did find some minor changes. Let’s take a quick look at them.

After opening VMware Host Client (Help->About), you can learn all information about Host Client and ESXi. Nothing really changed here, let’s just look deeper anyway.

C:\262f965139cc9049eeb668c9a9a5f2de

What’s new in VMware Host Client?

VMware Host Client is an HTML 5-based client that has exactly the same interface as vSphere Web Client. VMware claims an embedded Host Client to be the emergency means of the standalone ESXi host management while vCenter Server is not available. I guess that’s why both have a similar interface. Now let’s look if VMware has changed anything here.

First, they removed the Feedback option from the Help menu.

C:\0803ef4a78cc13b10d5b9e57e45ff4e2

In the Actions tab of the Storage menu, VMware added the Refresh button.

C:\8e5890ee3e81bb0434d832b01794f011

Well, that’s only interface differences that I found for VMware Host Client interface. But, if you find anything else, just write it in comments. I really appreciate that.

Now, as we know that interface did not change a lot, let’s look under the hood!

ESXi 6.7 Update 1 – under the hood

  • Microsemi Smart PQI (smartpqi) plugin, allowing to support attached operations on HPE ProLiant Gen10 Smart Array Controller
  • Quick Boot support for Intel i40en and ixgben Enhanced Network Stack (ENS). ESXi 6.7 Update 1 also extends support for HPE ProLiant and Synergy servers.
  • Pre-check when upgrading ESXi hosts with ESXCLI command set to avoid any incompatibility issues
  • Nfnic driver support for CISCO UCS Fibre Channel over Ethernet
  • Support of Namespace Globally Unique Identifier (NGUID) in NVMe driver
  • Ability to enable status LEDs on Intel VMD NVMe SSDs without downloading Intel CLI. Below, find some ESXCLI commands for enabling LEDs:
  • Use this command for pinpointing the specific disk:
    esxcli storage core device set -l locator –d
  • Run this command for lighting the error LED
    esxcli storage core device set -l error –d
  • Disable the LED with this cmdlet
    esxcli storage core device set -l off –d
  • APIs. ESXi 6.7 U1 adds an API preventing ESXi host reboot while configuring ProductLocker. U1 also adds an API for enabling VMware Tools with the CloudAdmin role in a cloud Software-Defined Datacenter without accessing to Host Profiles.
  • EnablePSPLatencyPolicy – the configuration option to claim devices with high latency based on the Round Robin path selection policy. While using that option, you can also enable logging to display paths configuration. Learn more about enhanced Round Robin load balancing here: https://storagehub.vmware.com/t/vsphere-storage/vsphere-6-7-core-storage-1/vsphere-6-7-u1-enhanced-round-robin-load-balancing/.

C:\82cc530d783caf04b4385e45cb1c2d36

  • Extended vSphere vMotion. Now, you can live migrate the VMs that use NVIDIA vGPUs to other hosts compatible with NVIDIA Tesla GPUs.
  • Update Manager Download Service (UMDS) doesn’t require a Database and installation procedure got simpler.

vCenter 6.7 Update 1

First, let’s see if U1 has brought any changes to vCenter interface.

C:\6a0ca6868ab6bcf9c282af77223eb0a3

The homepage

The homepage is typically the first place where users notice any changes. In vCenter 6.7 U1, VMware got rid of the New Search button. However, they added the Auto Deploy button.

C:\088fa845cac505d3bab799f95215d76b

Auto Deploy

Auto Deploy allows using vCenter Server, TFTP Server, and Network Boot to provision a large number of hosts automatically. Here are just a couple of guides on how to install Auto Deploy and add software depots:
https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.esxi.install.doc/GUID-CAB84194-3D8E-45F0-ABF9-0277710C8F98.html
https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.esxi.install.doc/GUID-AEE9B22B-6D97-4875-8593-FBE6992D9E28.html

You can use Auto Deploy for things like stateless caching and stateless installs. Stateless feature allows re-provisioning ESXi on every host. Stateless caching lets cache the host image and present it to another host. Stateful installs allow installing hosts over the network without deploying infrastructure and PXE. On subsequent boots, these hosts boot like any other ESXi host.

Why there’s no New Search?

Because, the search capabilities just have got better! With vCenter 6.7 U1, you can apply filters to find objects based on attributes (i.e., tags, user attributes, and state of specific VM components) or specific lines. What is more, you can save search settings and use them for in the future.

C:\75db5b700ce9e09d01513cefecb631aa

Content Libraries

Above, I’ve shed some light on what Content Libraries are and why it is good to see it in vSphere 6.7 U1. The screenshot below illustrates where you can find them.

C:\124c033c911206e4a478deff9661a742

Extensions

In U1, VMware has also added the Extensions tab allowing to find out which extensions are currently installed on vCenter Server.

C:\3352a2ec9b6b88ce287c84e53e0d4f15

Overview

vSphere 6.7 Update 1 also adds the Overview option to the data center Monitor tab. Now, you can find out the general metrics of how host, cluster, and the entire data center use resources versus time.

C:\d381fc92000533b14038a3ab2e8ae336

Network Protocol Profile

In the Configure tab, you can create the network protocol profile – a pool of IPv4 and IPv6 addresses associated with port groups. vCenter assigns those resources to vApps or VMs with the vApp functionality. Network protocol profiles also contain the settings for the IP subnet, DNS, and HTTP proxy server.

C:\348c7427e4637d3711f60798e8674674

Updates

The Updates tab sheds light on how many ESXi hosts you have in the cluster and their versions. There, you can also learn the remediation pre-check status and hosts’ compliance.

C:\e616148e88b7928ac38bc6c42b30d958

vCenter Server 6.7 U1 – under the hood

Now, as we know about vCenter Server 6.7 interface changes, let’s see what else U1 brings to vCenter 6.7.

  • An ability to migrate vCenter Server with an embedded Platform Services Controller from one vSphere domain to another together with tags and licensing
  • Screening for issues in vSphere environments proactively providing links to relevant VMware KBs
  • Support for VM (.vmtx) templates in Content Library.
  • Command Line Interface for converting vCenter instances with an external PSC into instances with an embedded one connected in Embedded Linked Mode
  • vCenter Server 6.7 U1 enables to restore external PSCs replicating data with other external PSCs including the instances in all topologies in replication mode.
  • Burst Filter: The filter for managing event bursts and preventing the database of vCenter Server from being flooded with identical events over a short period of time.
  • VMware vSphere vMotion between on-premises systems and VMware Cloud on AWS. You can use vServer Client, vSphere Web Client, or API for that purpose. Note that you need to upgrade the source vCenter Server system to vCenter Server U1 and have ESXi 6.7 U1 installed.
  • Added the ability to import OVA files in a Content Library. During the import, OVA templates are unpacked, providing manifest and certificate validations. Next, they create an OVF library item, allowing to deploy the VMs right from the Content Library.
  • Introduced the Create and Extend Hyper-Converged Infrastructure (HCI) feature. It provides a centralized wizard for setting up vSphere and vSAN clusters. The nice about this feature is that it automates repetitive operations.
  • Now, you can use the Appliance Management User Interface to configure and edit vCenter Server Appliance firewall settings.
  • Users with Single Sign-On administrator privileges (if they are part of the SystemConfiguration.BashShellAdministrator group) can access and manage vCenter Server Appliance with the Bash shell.
  • You can add and set monitor vCenter High Availability with vSphere Client.
  • Dark theme for vSphere Client
  • AppDefense vCenter Server Plugin: VMware AppDefense plugin provides the whole picture of security, visibility and health statistics for vSphere workloads
  • AppDefense lifecycle management: Integrated installations and upgrade workflows for AppDefense within vCenter Server
  • AppDefense virtual machine monitoring: Monitors AppDefense behavior monitoring for visibility, troubleshooting, and security assessments

Conclusion

Well, of course, there are some problems with vSphere 6.7 U1. First, vSphere does not work with Veeam Backup & Replication that good once being updated. Fortunately, now there already are certain workarounds on the forum. Other popular backup software (i.e., Nakivo, Acronis, Vembu) works good. Second, ESXi still doesn’t see disks with 4k sector size.

Anyway, VMware vSphere 6.7 U1 brings a lot of cool things like Content Libraries, AppDefense, and just better search options. Working with vSphere becomes easier, and there were almost no interface changes.