VMware has just announced the general availability of the new vSphere 7.0 Update 2 release, which offers a bunch of new features and improvements. This includes both new load balancer options for Tanzu, as well as greatly improved security through encryption, better lifecycle management and improvements on vMotion speeds in high bandwidth networks. Below is a quickfire list of new features and enhancements.
vSphere with Tanzu #
Integrated Load Balancing with NSX Advanced Load Balancer Essentials #
New integrated Load Balancing option in vSphere with Tanzu. This means that there is no longer a requirement for HAProxy in that setup, which was the case in vSphere 7.0 Update 1. New in vSphere 7.0 Update 2 is the NSX Advanced Load Balancer Essentials, which is now included. This does not mean that NSX-T is required, the NSX Advanced Load Balancer Essentials is included in the vSphere for Tanzu license.
- Works with vSphere with Tanzu, TKG Cluster Control Plane, and Ingress for Kubernetes Load Balancer Services
- Orchestrated through Network Service & NSX-T
- Highly available & scalable
- Upgrades & lifecycle managed automatically
- Fully supported
Upstream Kubernetes #
- vSphere with Tanzu continues matching upstream Kubernetes versions
- Kubernetes 1.19 support for both Supervisor cluster and Tanzu Kubernetes Grid
- vSphere with Tanzu makes it easy for organizations to deliver and use the latest features supported by the Kubernetes community
Private Registry Support in vSphere with Tanzu #
More flexibility and choice for container registries, through private registry support.
- Use registries with self-signed or internal CA certs
- Useful for organizational registries deployed outside vSphere with Tanzu
- Adds flexibility for enterprise customers in a variety of environments
Artificial Intelligence & Machine Learning #
- Support for new NVIDIA Ampere family of GPUs
- Multi-Instance GPU (MIG) improves physical isolation between VMs & workloads
- Performance enhancements with GPU direct & Address Translation Service in the hypervisor
- NVIDIA Multi-Instance (MIG) GPU
- Supported with NVIDIA Ampere GPUs
- For AI/ML only (not graphics)
- Extension to the PCIe vGPU profiles
- Isolation in the internal hardware paths provides more predictable levels of performance
vSphere Lifecycle Manager #
vSphere Lifecycle Manager now handles vSphere with Tanzu “supervisor” cluster lifecycle operations as well as traditional virtualization. New in Lifecycle Manager is Desired Image Seeding, where an image can be extracted from an existing host.
NSX-T lifecycle support means all vSphere with Tanzu deployment models are easy to maintain
Extending vLCM compatibility #
- New vendor plugin for select Hitachi UCP ReadyNode models
- Update recommendations automatically refreshed after common change events
- VMware image depot
- Change in desired image
vSphere Lifecycle Manager CLI Support for vSAN Bootstrap #
- Configure vSAN and vSphere Lifecycle Manager in scripted deployments
- Drive cluster lifecycle from the moment it is created, removing the need for remediation later
- Enables rapid large-scale deployments and automation
ESXi Suspend-to-Memory #
This is an interesting one. While Quick Boot has been available since vSphere 6.7 what’s new is that it can be ised in conjunction with the new Suspend-To-Memory option in vSphere 7 Update 2. This means that ESXI hosts can be upgraded without power cycling AND without vMotioning VMs out of the host. Of course, this means that the VMs will be stunned and suspended during the upgrade process, but in some scenarios that is fine. In large scale VDI/EUC og AI/ML (GPU) clusters for instance, you could then do a rolling upgrade of the cluster without having a boot storm or moving lots of workloads around, and at the same time greatly reduce the time it takes to perform an upgrade. It will be interesting to see how quick an ESXi host can be upgraded using this feature, but rumors has it it might be seconds instead of (many) minutes compared to a non-Quick Boot upgrade.
vMotion Auto Scale #
We have been able to manually tweak vMotion for a while, to ensure maximum performance. Now that vSphere 7 Update 2 is here, it promises to take care of that tuning automatically. This will provide faster vMotions on 25, 40 and 100 GbE links without the need to manually tune it. vMoiton now automatically scales the number of streams, based on the available bandwidth. One vMotion stream is cabable or processing 15 Gbps+, so this will not have an affect on 10 GbE vMotion networks.
Quite a few new security features and enhancements are also part of the vSphere 7.0 Update 2 release:
VMware vSphere Native Key Provider #
A new VMware vSphere Native Key Provider makes it easier to enable vSAN Encryption, VM Encryption and vTPM. There is no longer a requirement for an external KMS, but one can still be used if there is one available, making it much easier to get started with encrypting your virtual workloads and storage.
- Key provider integrated in vCenter Server & clustered ESXi hosts
- Works with ESXi Key Persistence to eliminate dependencies
- Adds flexible and easy-to-use options for advanced data-at-rest security
ESXi Configuration Encryption #
ESXi Configuration Encryption is enabled automatically, and protects boot volume secrets during service replacements. Improved by utilizing hardware TPM if there is one available.
Virtual Trusted Platform Module (vTPM) support on Linux & Windows #
New Virtual Trusted Platform Module (vTPM) virtual device can be added to modern versions of Microsoft Windows and select Linux distributions. This enabled in-guest security that requires TPM support, but it does not require a physical TPM in the host itself. vTPM requires that VM Encryption is enabled.
VMware Tools and Guest Content Distribution #
VMware Time Provider Plugin for Precision Time on Windows #
- VMware Tools plugin to synchronize guest clocks with Windows Time Service
- Added via custom install option in VMware Tools
- Precision Clock device available in VM Hardware 18+
- Supported on Windows 10 and Windows Server 2016+
- High quality alternative to traditional time sources like NTP or Active Directory
VMware Tools Guest Content Distribution #
“Internal CDN” for guest content, available through VMware Tools. This enables content sharing to VMs from a central repository, with granular control over participation and flexibility to choose the available content. The content can be scripts and other files administrators may want to make available inside the VM, directly through VMware Tools.
There are also other enhancements, that I might have missed, in vSphere 7.0 Update 2, and I am sure that more details will emerge in the following hours and days after the initial announcement. I will try to maintain a list of official vSphere 7.0 Update 2 resources in the list below, as I find them.
Release Notes #
- VMware vCenter Server 7.0 Update 2 Release Notes
- VMware ESXi 7.0 Update 2 Release Notes
- VMware vSphere with Tanzu Release Notes
Other Resources #
- What’s New in SRM and vSphere Replication 8.4
- vSphere 7.0 Update 2 Videos
- vSphere 7 Update 2 - REST API Modernization
- Introducing the vSphere Native Key Provider
- vSphere With Tanzu - NSX Advanced Load Balancer Essentials
- Multiple Machine Learning Workloads Using GPUs: New Features in vSphere 7 Update 2
- Faster vMotion Makes Balancing Workloads Invisible
- Load Balancers, Private Registries, and More: What’s New in vSphere with Tanzu U2
- VMware vSAN 7.0 Update 2 Announced —
- VMware vSAN 7.0 Update 2 Videos —
- VMware vSphere 7.0 Update 2 Videos —
- vSAN 8 ESA VMware Compatibility Guidance —
- VMware vSAN 8 ESA in my Homelab —