vExpert

Deep Dive in to Virtualization & Cloud


What’s New in vSphere 8 – An Overview

VMware announced vSphere 8 In VMware Explore 2022 and it is officially expected to be available by October last. Also keep in mind vSphere 6.5 and 6.7 is End of general support by 15th October 2022. vSphere 8 is come up with significant improvements and wide variety of new features. In this blog we will be going though these features and updates available.

Distributed Services Engine (DPM)

This was formerly known as Project Monterey; this will work with Data Processing Units (DPUs) also known as SmartNICs that will offload Central Processing Units (CPUs).  Distributed Service Engine unlocks the power of hardware accelerated data processing units and further improves infrastructure performance, simplify DPU lifecycle management and boot infrastructure security.

DPU is a programable device with hardware acceleration as well as having an ARM CPU complex capable of processing data. Today the DPU is available as a SmartNICs (PCIe Form Factor) that can be plugged in to a server and help with several functions

From vSphere 8 an additional instance of ESXi installed directly on Data Processing Unit and this allows ESXi services to be offloaded to hardware and increase the performance. At this stage it supports network offloading with NSX, and vSphere Lifecycle Manager will take care of the ESXi instance lifecycle running on DPU during the parent ESXi lifecycle.

Using a vSphere Distributed Switch version 8.0 and NSX, network services are offloaded to the DPU, allowing for increased network performance with no x86 CPU overhead, enhanced visibility for the network traffic and the security, isolation and protection you would expect from NSX. During the Distributed switch creation, it will show you the supported DPUs to offload the network services and still vSphere HA, DRS and vMotion is supported with his configuration.

vSphere with Tanzu

With vSphere 8 VMware has release Tanzu Kubernetes Grid 2.0 with significant changes and capabilities also it consolidates the Tanzu Kubernetes offerings into a single unified Kubernetes runtime from VMware.

Workload Availability Zones allow Supervisor Clusters and Tanzu Kubernetes Clusters to span across vSphere Clusters for increased availability. Tanzu Kubernetes Grid Service can now be highly available across multiple zones to increase availability, also a Workload zone has a 1:1 relationship with vSphere cluster.

Customize PhotonOS and Ubuntu VMs now can be customized and saved in a content library to use with Tanzu Kubernetes clusters.

Cluster Class is another feature which helps administrators to define the packages like networking, storage, cloud providers and authentication mechanism pre-installed during cluster creation. Cluster Class, at its heart, is a collection of Cluster and Machine templates. You can use it as a “stamp” that can be leveraged to create many clusters of a similar shape.

Package Management is more flexible in vSphere 8, After a Cluster is deployed, it is possible to add additional packages from the Tanzu Standard Package Repository using Tanzu CLI. These packages might include Contour for ingress to the cluster, certificate management, logging, observability with Prometheus or Grafana or external DNS. This will make life easier for Developers and DevOps.

Identity Provider is the interesting change in vSphere 8. As you know till vSphere 7 authentication is performed using vCenter Single Sign On, but from vSphere 8 Supervisor Cluster and Tanzu Kubernetes cluster can have direct integration with Identity Provider using pinned integration. Pinniped pods are automatically deployed in the supervisor cluster and Tanzu Kubernetes clusters to facilitate the integration.

Lifecycle Management

vSphere Lifecycle management is another area where VMware come up with major changes and improvements. Baseline lifecycle management previously known as vSphere Update Manager (VUM) is still supported in vSphere 8 but not supported in upcoming releases.

Cluster Staging is one new feature introduced which helps to stage the hosts in cluster without put them in maintenance mode. Firmware payloads can also be staged with integration from a supported Hardware Support Manager.

Cluster Remediation is faster in vSphere 8, Lifecycle manager can remediate multiple hosts in parallel. A vSphere administrator can choose to remediate all hosts in maintenance mode or define the number of parallel remediations to perform at a given time. Hosts not placed into maintenance mode are not remediated during this lifecycle operation.

vSphere Configuration Profile is another major feature introduced in vSphere 8. Desired configuration is defined at the cluster object and applied to all hosts in the cluster. All hosts in the cluster have a consistent configuration applied. Configuration drift is monitored for and notified about. A vSphere Administrator can remediate the configuration drift.

Enhanced Recovery of vCenter, vCenter reconciles cluster state after a restore from backup. ESXi hosts in a cluster contain a distributed key-value store of cluster state. If vCenter is restored from a backup, it will reconcile the cluster state and configuration with the distributed key-value store.

Artificial Intelligence and Machine Learning

Device Groups the feature allows logically group devices and assign to Virtual Machines. Device groups can be composed of two or more hardware devices that share a common PCIe switch or devices that share a direct interconnect between each other. Device groups are discovered at the hardware layer and presented to vSphere as a single unit that represents the group.

Device Groups are added to virtual machines using the existing Add New PCI Device workflows and also vSphere DRS and vSphere HA supports device groups and will place VMs appropriately to satisfy the device group.

Device Virtualization Extensions is introduced in vSphere 8 which is a new approach of how VM use hardware. introduces a new framework and API for vendors to create hardware-backed virtual devices. Device Virtualization Extensionsallows greater support for virtualization features such as live migration using vSphere vMotion, suspending and resuming a virtual machine and support for disk and memory snapshots.

A compatible driver must be installed on the ESXi hosts and accompanied with a corresponding guest OS driver for the virtual device equivalent. A virtual machine consuming a device virtualization extension virtual device can be migrated using vSphere vMotion to another host that supports that same virtual device.

Guest OS and Workloads

Virtual Machine Hardware version 20 is introduced with vSphere 8 and which supports all new vSphere features introduced which further enhances guest services for applications, and increases performance and scale for certain workloads.

TPM Provision Policy Latest Operating system required a TPM hardware to be present on Physical or virtual machines. Cloning a VM with a vTPM VM can introduce a security risk as TPM secrets are cloned. 

In vSphere 8 Cloning a virtual machine will automatically replaces the vTPM hardware this supports security best practices as each VM will have unique vTPM. vSphere 8.0 also includes the vpxd.clone.tpmProvisionPolicy advanced setting to make the default clone behavior for vTPMs to be replace

Reduce Outages by Preparing Applications for Migration, as you know certain highly sensitive application like VOIP services cannot tolerate the vSphere vMotion and this kind of application can be written to be migration aware to improve their interoperability with vSphere vMotion. Applications can prepare for a migration event. This could be gracefully stopping services or performing a failover in the case of a clustered application. The application can delay the start of the migration up until the configured timeout but cannot decline or prevent the migration from occurring.

Maximize Performance for Latency Sensitive Workloads, Emerging Telco workloads require increased support for latency sensitivity applications. High Latency Sensitivity with Hyper-threading is designed to support these workloads and deliver improved performance. A virtual machine’s vCPU is scheduled on the same hyper-threaded physical CPU core.

High Latency Sensitivity with Hyper-threading requires virtual machine hardware version 20 and is configurable in the Advanced settings for a virtual machine.

Simplified Virtual NUMA Configuration, With vSphere 8 and VM hardware version administrators can configure vNUMA topology from vSphere client.

A new CPU topology tile is visible on the VM summary tab displaying the current topology.

API Driven vSphere and Guest Data Sharing, vSphere DataSets provide an easy method distribute small, infrequently changing data between the vSphere management layer and a guest operating system running in a virtual machine with VMware Tools installed. Uses cases may include Guest deployment status, Guest agent configuration or Guest inventory management. vSphere DataSets live with the VM object, and will move with the VM if migrated, even across vCenter Server instances.

Resource Management

Enhanced DRS Performance, VMware has introduced a new feature with vSphere 7.0U3 called vSphere Memory Monitoring and Remediation (vMMR). vMMR helps bridge the need for monitoring by providing running statistics at both the VM (bandwidth) and Host levels (bandwidth, miss-rates). vMMR also provides default alerts and ability to configure custom alerts based on the workloads that run on VMs. vMMR collects data and provides visibility of performance statistics so you can determine if your application workload is regressed due to Memory Mode.

In vSphere 8, DRS performance can be significantly improved when PMEM is present by leveraging memory statistics, resulting in optimal placement decisions for VMs without affecting performance and resource consumption.

Monitor Energy and Carbon Emissions, vSphere Green Metrics introduces new power consumption metrics for hosts and virtual machines. These metrics allow administrators monitor the energy consumption of the vSphere infrastructure and determine, based on the energy sources used to power the data center, the energy efficiency of the vSphere infrastructure.

The three new metrics track:
power.capacity.usageSystem: Power consumption of a host’s system activities; how much power the host is using not attributed to VMs
power.capacity.usageSystem: Power consumption of a host’s idle activity; how much power the host is using when it’s not doing anything except being on
power.capacity.usageVm: Power consumption of a host due to VM workloads; how much power the host is using to run VM workloads

Security & Compliance

vSphere strives to be secure out of the box. In vSphere 8, further measures are taken to make vSphere secure by default.

Prevent execution of untrusted binaries: ESXi 8.0 will turn on the execInstalledOnly option by default. This prevents the execution of binaries that are not installed via a VIB.

TLS 1.2 only: vSphere 8 will not support TLS 1.0 and TLS 1.1. Both have previously been disabled by default in vSphere 7 and are now removed in vSphere 8.

SSH Automatic Timeout: SSH access is deactivated by default and in vSphere 8 a default timeout is introduced to prevent SSH sessions lingering.

Sandboxed Daemons: ESXi 8.0 daemons and processes run in their own sandboxed domain where only the minimum required permissions are available to the process.

Discontinuation of Trusted Platform Module (TPM) 1.2: ESXi 8.0 displays a warning during installation or upgrade if a TPM 1.2 device is present. The install or upgrade is not prevented.

Configuration Maximum Updates

vSphere 8 will support latest Intel / AMD processors and configuration maximum limits are changed from vSphere 7 Update 3 and some of them are listed below

VMs that can run in one cluster increased from 8000 to 10000
Life cycle Manager supports 1000 VMs in vSphere 8 which was 400 VMs in previous release
VM Direct Path I/O devices per host is increased from 8 to 32
vGPU per VM is increased from 4 to 8

Thanks,

If you have any comments, please drop me a line.
I hope this article was informative, and don’t forget to buy me a coffee if you found this worth reading.



Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.