All articles

VMware Cloud Foundation: 5.2 Release Review

Author:

Rob Sims

Hybrid Platforms

•  Jun 25, 2024

Following Broadcom's acquisition of VMware last year, we have been waiting to see the innovation and features that the R&D investments would bring. These things will always take time, as no one wants poor-quality code, so there will be a balance between speed and stability.  

VMware by Broadcom has been clear that Cloud Foundation is the strategic future of the software platform, and this 5.2 release is the first major update since the acquisition. It is a very significant update with far more features and enhancements than we can cover in one article. We will pick out some highlights and summarise the rest.  

VCF Strategy Update 

For those who have not seen, VMware Cloud Foundation's (VCF) three core deliverables are Modern Infrastructure, Cloud Experience for Developers, both of which are wrapped in Security and Resilience. The concept is to provide a set of products and capabilities that are engineered, validated and delivered as a bundle with automated deployment and lifecycle management. The goal is to remove the complexity and effort of managing your private cloud deployments.  

VCF comprises of the core components, vSphere, vSAN, Tanzu and Aria Suite, the realigned VCF division has a single strategy to integrate these components into a cloud platform that meets the four key pillars shown below. 

The new VCF division is bringing Broadcom's focus, execution, and investment to life with a shift in culture around people, process, and go-to-market. This new operating model is designed to allow customers leveraging VCF to access value faster and more easily. 

VCF 5.2 brings a lot of updates and improvements to the core components (vSphere, vSAN, Tanzu and Aria Suite), which are summarised into the four core areas of Operational Effectiveness, Innovation, Security and Performance. 

 

The number of updates under these eight core topics required a three-hour briefing from VMware. This is a serious enhancement to VCF, and we won’t be able to cover every single nuance in this article. We are going to cover five core areas: 

  • vSphere 
  • vSAN 
  • Aria Automation 
  • HCX 
  • SDDC Manager 

In each section, we will list out the major announcements and then dig into the details of one or two. If you would like a full briefing on all the VCF 5.2 announcements, please reach out and we can arrange one of our experts to deliver a briefing.  

vSphere 8 Update 3 

VCF 5.2 brings update 3 of the core vSphere hypervisor to market with a list of updates and enhancements in the following areas: 

  • vSphere IaaS Control Plane  
  • Lifecycle Management  
  • Hardware Support  
  • vSphere with GPUs  
  • Security and Compliance  
  • vSphere Storage  

vSphere IaaS Control Plane  

vSphere IaaS Control Plane is the new name for vSphere with Tanzu, so you may see references to both names as you review the documentation and the product. The main advantage here is the decoupling of the TKG service from the underlying vSphere versions (something of a theme in VCF 5.2, decoupling of services to allow easier updating). This will allow for faster updates without having to drag the entire stack along on the journey; giving developers access to new upstream Kubernetes releases more quickly and more easily.  

The IaaS control plane has undergone a significant number of updates, most aimed at improving the quality of life for administrators, through things like autoscaling and other automated processes. Here is the list of announcements for the IaaS control plane: 

  • Autoscaling for Kubernetes clusters 
  • vSAN Stretched cluster support  
  • VM Service – VM Backup and Restore 
  • Automated Supervisor certificate rotation 
  • VM Service – VM Class Expanded Configuration 
  • Local Consumption Interface (LCI) 

Security & Compliance  

Security is at the forefront of every organisation’s mind at the moment, so the more we can remove the burden and complexities it presents, the better. Bringing more choice in how we authenticate to the platform is always welcome; allowing customers to integrate and enable strong authentication to critical infrastructure.  

Leveraging either CLI (think automation) or configuration profiles to define best practices in areas such as TLS is a great way to ensure we don’t let weak cryptography exist in our environments. Ensuring that new deployments conform to the latest best practice and don’t drift from defined standards will be much easier.  

The new security configuration and baseline guides are also welcomed, allowing organisations to adopt secure best practices based on practice advice. Alignment to standards like PCI, it should make life much easier for admins.  

Summary of the remaining updates 

The list of updates in the vSphere 8 world is extensive, so I have summarised each category below: 

  • Lifecycle Management  
  • vSphere Live Patch 
  • Enhanced Image Customization  
  • Dual DPU Support  
  • Complete Topology Support  
  • Automatic Switchover  
  • Cluster Baselines Support  
  • Embedded vSphere Cluster Service  
  • Hardware Support  
  • High Availability DPU Configuration 
  • Intel Xeon CPU Max Series Support 
  • vSphere with GPUs  
  • Host Different Types of Workloads on a Single GPU 
  • Cluster Level GPU Monitoring 
  • vSphere DRS Settings for vGPU VMs 
  • vSphere Storage  
  • Support for vVols Stretched Storage Cluster 
  • UNMAP support for vVols on NVMe volumes 
  • vVols Microsoft WSFC Clustering Support on NVMeoF 
  • Limit Number of Hosts Sending UNMAP at Once 
  • PSA Support for Multi Pathing: Fabric Notifications 
  • Reduce Time to Inflate Thin -> EZT Disks on VMFS 
  • CNS CSI Storage Enhancements 

vSAN 

vSAN 8 Update 3 brings enhancements to three core categories, each of which we will dig into here. 

  • Flexible Topologies  
  • Agile Data Protection  
  • Enhanced Management  

Flexible Topologies  

‘Unbound scalability and flexibility’ is the strapline used by VMware by Broadcom for the flexible topologies updates, bringing features to VCF that will enhance use case as well as resilience: 

  • Support of stretched clusters using ESA  
  • Support of vSAN Max as principal storage  
  • Support of up to 250 file shares per cluster in vSAN File Services  

Bringing ESA-stretched cluster support (more info on ESA here) in VCF allows customers to take advantage of the ESA performance boosts, without losing the resilience that an ‘active/active’ deployment can bring.  

Adding vSAN Max capability to VCF gives customers the choice of traditional HCI deployment or modern disaggregated capabilities, all with the simple management that software definition brings, and now with the validation and lifecycle management of VCF. This will allow the choice to provision storage that meets the needs of the applications. 

I have always been a fan of unified storage, which allows for simpler management, resource utilisation, and cost reduction (power, cooling, hardware, etc.). With the maturing of the file services on vSAN, we will unlock more use cases and opportunities to consolidate technical debt.  

Agile Data Protection  

Easily protect and recover VMs locally using vSAN Data Protection, bringing capabilities to revert, clone and restore VM’s running on vSAN ESA storage. With these features, we are seeing the gap closing between enterprise storage arrays and vSAN capabilities. These new capabilities are summarised into the following four features. 

  • Protect and Recover VMs against Accidental and Malicious Activities 
  • Local snapshots that are simple to configure and manage 
  • Centralised visibility and management in vCenter Server 
  • Policy-based Outcome Oriented Protection 

Bringing the ability for enterprise-grade snapshots that can be used for restoration, instant cloning, immutable protection, and integration to VMware live recovery is game-changing. Being able to support rapid recovery either locally or in the cloud means better protection against malicious and accidental outages. 

Accessing all this new technology is good but making it operationally effective is key. The new administration, automation and monitoring capabilities added to vCenter will mean this won’t be a problem. They will allow for the creation of automated protection groups, defined retention policies and deep monitoring, as well as manual controls when needed.  

The use cases for this new feature are far reach, but two I wanted to highlight are the ability to revert a single VM in a protection group to a specific point in time and the ability to create linked clones to support the operational processes.  

All these features bring four key benefits for customer adoption VCF: 

  • Comprehensive Ransomware Protection 
  • Roll Back VMs to Predetermined State 
  • Restore VMs no longer registered in vCenter Server using local protection 
  • Clone VMs to support operational workflows 

Understanding how these new features compare to existing functions like vSphere replication will be critical. The image below is a great starting point. 

Enhanced Management  

Making vSAN Easier to deploy, operate, and optimise is the theme for Enhanced Management. My takeaway here is how VMware is helping the admins pinpoint performance or configuration issues that may impact service quality or resilience.  

  • Proactive hardware management for storage devices in vSAN ESA 
  • Customisable alarm thresholds for NVMe storage devices in vSAN ESA 
  • vSAN VM I/O Trip Analyser Cluster Level View 
  • Improved Troubleshooting when using RDMA with vSAN 
  • Enhanced Visibility for vSAN Max-powered Clusters 

The I/O Trip analyser is a nice example of this. It allows performance issues to be tracked down to specific components or elements of the solution, meaning faster time to resolution.  

Aria Automation 

VCF Automation is the core of the self-service Private Cloud Experience that VMware has built with VCF. The updates for this architect will focus on the following three areas. 

  • Unified Cloud Operations  
  • Improved Cloud Security & Compliance  
  • Simplified Diagnostics  

As with the other components, the full list of updates is extensive. 

Unified Cloud Operations  

Bringing rich visual insights that cover a global multi-site VCF deployment was a key theme for these updates; new dashboard, improved workflows, and deeper insights. These are contextual and focused. This is a hard section to put into words but is worth a demo if you get chance. 

Improved Cloud Security & Compliance  

Visibility is sometimes the key baseline that can help an organisation improve security and compliance. VCF 5.2 brings clear licence usage reporting and trends to ensure optimal compliance with usage and costs.  

Certificates are another critical component of secure deployments. I am sure we have all experienced an outage caused by an unexpected certification expiry. Hopefully, that will now be a thing of the past. 

Simplified Diagnostics  

VCF Diagnostics provides a product experience for discovering, troubleshooting, and remediating issues, allowing admins to find and remediate issues easily. The new capabilities will provide curated Skyline Advisor findings and offer admins guided remediation. This extends to both the core components like ESXi or vSAN as well as the functional capabilities like vMotion or snapshots.  

HCX 

HCX is the engine for moving workloads from one location to another, providing network optimisation, orchestration, and security. It is mainly used for large-scale, site-to-site migrations or cloud relocations. As a mature product, the focus in this release has been on performance and simplicity.  

  • HCX Migration Orchestration + ESXi vSphere vMotion  
  • HCX Traffic Engineering - Configurable Transport Encryption  
  • OS Assisted Migration - Simplified Architecture  

HCX can now enhance traditional vMotion capabilities to aid in cross-centre migrations with line rate performance up to 100GB. 

Improved throughput on private networks means fast migrations, less impact and easier scheduling of projects and work packages.  

Operating System-Assisted Migrations (OSAM) used to be a complex web of appliances and configurations. The new SRG appliance does not significantly simplify this. 

SDDC Manager 

SDDC Manager is the heart of the VCF system, orchestrating the lifecycle and operational functions of the entire ecosystem. Given its central roles, it's no surprise the list of enhancements is extensive: 

  • Import vSphere Infrastructure into Cloud Foundation  
  • Flexible Edges to Satisfy Multiple Use Cases  
  • Lifecycle Management  
  • Independently Upgrade SDDC Manager  
  • Upgrade or Patch Domains from SDDC Manager  
  • VCF Upgrade Flexibility  
  • Patch Individual Components using SDDC Manager  
  • Deploy New Async Patched Domains  
  • Offline Depot Local Patch Repository  
  • vSphere Live Patching  
  • Identity Federation Support with Microsoft Entra ID  
  • Configure a Proxy Server with Authentication  

Three areas I wanted to touch on here are Edge Deployment, Offline repositories and Async Patched Domains. 

VCF 5.2 introduces additional deployment modes for edge architectures. You now have a choice of VCF components you deploy at the edge and a new licence model that will reduce overall costs. If you only need compute power at the edge, you can start with a single 16-core node and scale as required. You are no longer required to deploy vSAN and the minimum node counts that it needs. These new options should make deployments to large numbers of smaller sites easier to manage and commercially more compelling. 

For our secure customers that are running in offline configuration or those that want to streamline the downloads of large updates, the new offline depot will be of great interest.  

The ability to update the SDDC manager separately allows you to take advantage of new management capabilities and fixes without needing to upgrade the full management domain. Another benefit this brings is the ability for granular control of async patching.  

One final note is to define the specific product versions that makeup VCF 5.2. If you want to arrange a more in-depth briefing on any of the topics in this article, please contact us or speak to your CDW account manager. 

Contributors
  • Rob Sims

    Chief Technologist - Hybrid Platforms

Share
Subscribe to email updates

Related insights

OFFICE OF THE CTO ROUND UP VMWARE EXPLORE 2023, LAS VEGAS
  • OCTO Round-Up

Office of the CTO Round-Up: VMware Explore 2023, Las Vegas

VMware took to the big stage over in Las Vegas, Nevada at their Explore event. Read about the major announcements, initial thoughts, and follow up with more detail between now and November's event.

Read article
OFFICE OF THE CTO ROUND UP VMWARE EXPLORE 2023, LAS VEGAS
  • Hybrid Platforms

Hybrid Platform Trends Series: What Are Hybrid Platforms?

Every organisation is operated with a selection of applications and various repositories of data. The types of applications (legacy, traditional, web or modern) will vary, along with the performance and location requirements of each.

Read article
Dell Technologies World 2024 AI Edition Summary
  • Hybrid Platforms

Dell Technologies World 2024: AI Edition

Rob Sims analyses Dell’s new offerings from the Dell Technologies World 2024 event, and addresses why AI is a central part of Dell’s future strategy

Read article