VMware vSphere 7.0 Update 2 Announced

by Christian Mohn · Read in about 6 min (1197 words)

VMware has just announced the general availability of the new vSphere 7.0 Update 2 release, which offers a bunch of new features and improvements. This includes both new load balancer options for Tanzu, as well as greatly improved security through encryption, better lifecycle management and improvements on vMotion speeds in high bandwidth networks. Below is a quickfire list of new features and enhancements.

vSphere with Tanzu #

Integrated Load Balancing with NSX Advanced Load Balancer Essentials #

New integrated Load Balancing option in vSphere with Tanzu. This means that there is no longer a requirement for HAProxy in that setup, which was the case in vSphere 7.0 Update 1. New in vSphere 7.0 Update 2 is the NSX Advanced Load Balancer Essentials, which is now included. This does not mean that NSX-T is required, the NSX Advanced Load Balancer Essentials is included in the vSphere for Tanzu license.

vSphere with Tanzu Integrated Load Balancing

vSphere with Tanzu Integrated Load Balancing

  • Works with vSphere with Tanzu, TKG Cluster Control Plane, and Ingress for Kubernetes Load Balancer Services
  • Orchestrated through Network Service & NSX-T
  • Highly available & scalable
  • Upgrades & lifecycle managed automatically
  • Fully supported

Upstream Kubernetes #

  • vSphere with Tanzu continues matching upstream Kubernetes versions
  • Kubernetes 1.19 support for both Supervisor cluster and Tanzu Kubernetes Grid
  • vSphere with Tanzu makes it easy for organizations to deliver and use the latest features supported by the Kubernetes community
Kubernetes 1.19 in vSphere with Tanzu

Kubernetes 1.19 in vSphere with Tanzu

Private Registry Support in vSphere with Tanzu #

More flexibility and choice for container registries, through private registry support.

  • Use registries with self-signed or internal CA certs
  • Useful for organizational registries deployed outside vSphere with Tanzu
  • Adds flexibility for enterprise customers in a variety of environments

Artificial Intelligence & Machine Learning #

  • Support for new NVIDIA Ampere family of GPUs
  • Multi-Instance GPU (MIG) improves physical isolation between VMs & workloads
  • Performance enhancements with GPU direct & Address Translation Service in the hypervisor
  • NVIDIA Multi-Instance (MIG) GPU
    • Supported with NVIDIA Ampere GPUs
    • For AI/ML only (not graphics)
    • Extension to the PCIe vGPU profiles
    • Isolation in the internal hardware paths provides more predictable levels of performance

vSphere Lifecycle Manager #

vSphere Lifecycle Manager now handles vSphere with Tanzu “supervisor” cluster lifecycle operations as well as traditional virtualization. New in Lifecycle Manager is Desired Image Seeding, where an image can be extracted from an existing host.

LCM Extract an image from an existing host

LCM Extract an image from an existing host

NSX-T lifecycle support means all vSphere with Tanzu deployment models are easy to maintain

Extending vLCM compatibility #

  • New vendor plugin for select Hitachi UCP ReadyNode models
  • Update recommendations automatically refreshed after common change events
    • VMware image depot
    • Change in desired image

vSphere Lifecycle Manager CLI Support for vSAN Bootstrap #

  • Configure vSAN and vSphere Lifecycle Manager in scripted deployments
  • Drive cluster lifecycle from the moment it is created, removing the need for remediation later
  • Enables rapid large-scale deployments and automation

ESXi Suspend-to-Memory #

This is an interesting one. While Quick Boot has been available since vSphere 6.7 what’s new is that it can be ised in conjunction with the new Suspend-To-Memory option in vSphere 7 Update 2. This means that ESXI hosts can be upgraded without power cycling AND without vMotioning VMs out of the host. Of course, this means that the VMs will be stunned and suspended during the upgrade process, but in some scenarios that is fine. In large scale VDI/EUC og AI/ML (GPU) clusters for instance, you could then do a rolling upgrade of the cluster without having a boot storm or moving lots of workloads around, and at the same time greatly reduce the time it takes to perform an upgrade. It will be interesting to see how quick an ESXi host can be upgraded using this feature, but rumors has it it might be seconds instead of (many) minutes compared to a non-Quick Boot upgrade.

ESXi Suspend-to-Memory

ESXi Suspend-to-Memory

vMotion Auto Scale #

We have been able to manually tweak vMotion for a while, to ensure maximum performance. Now that vSphere 7 Update 2 is here, it promises to take care of that tuning automatically. This will provide faster vMotions on 25, 40 and 100 GbE links without the need to manually tune it. vMoiton now automatically scales the number of streams, based on the available bandwidth. One vMotion stream is cabable or processing 15 Gbps+, so this will not have an affect on 10 GbE vMotion networks.

vSphere 7 Update 2 vMotion Auto Scale

vSphere 7 Update 2 vMotion Auto Scale

Security #

Quite a few new security features and enhancements are also part of the vSphere 7.0 Update 2 release:

VMware vSphere Native Key Provider #

A new VMware vSphere Native Key Provider makes it easier to enable vSAN Encryption, VM Encryption and vTPM. There is no longer a requirement for an external KMS, but one can still be used if there is one available, making it much easier to get started with encrypting your virtual workloads and storage.

vSphere 7 Update 2 vSphere Native Key Provider

vSphere 7 Update 2 vSphere Native Key Provider

  • Key provider integrated in vCenter Server & clustered ESXi hosts
  • Works with ESXi Key Persistence to eliminate dependencies
  • Adds flexible and easy-to-use options for advanced data-at-rest security

ESXi Configuration Encryption #

ESXi Configuration Encryption is enabled automatically, and protects boot volume secrets during service replacements. Improved by utilizing hardware TPM if there is one available.

Virtual Trusted Platform Module (vTPM) support on Linux & Windows #

New Virtual Trusted Platform Module (vTPM) virtual device can be added to modern versions of Microsoft Windows and select Linux distributions. This enabled in-guest security that requires TPM support, but it does not require a physical TPM in the host itself. vTPM requires that VM Encryption is enabled.

VMware Tools and Guest Content Distribution #

VMware Time Provider Plugin for Precision Time on Windows #

  • VMware Tools plugin to synchronize guest clocks with Windows Time Service
  • Added via custom install option in VMware Tools
  • Precision Clock device available in VM Hardware 18+
  • Supported on Windows 10 and Windows Server 2016+
  • High quality alternative to traditional time sources like NTP or Active Directory

VMware Tools Guest Content Distribution #

“Internal CDN” for guest content, available through VMware Tools. This enables content sharing to VMs from a central repository, with granular control over participation and flexibility to choose the available content. The content can be scripts and other files administrators may want to make available inside the VM, directly through VMware Tools.

There are also other enhancements, that I might have missed, in vSphere 7.0 Update 2, and I am sure that more details will emerge in the following hours and days after the initial announcement. I will try to maintain a list of official vSphere 7.0 Update 2 resources in the list below, as I find them.

Release Notes #

Other Resources #

Post last updated on March 11, 2021: Update vmware-vsphere7u2-announced.md

About the author

Christian Mohn works as a Chief Technologist SDDC for Proact in Norway.

See his About page for more details, or find him on Twitter.

Sponsors