VMware announces vSphere 8 — The Enterprise Workload Platform at VMware Explore US. The new release comes with a number of new features and enhancements. At the time of writing, no set General Availability date has been published, but look for it being available some time this fall.
Here’s a quick summary:
vSphere Distributed Services Engine #
Remember Project Monterey that was announced as a Tech Preview at VMworld 20201. Parts of that has now found its way into the core vSphere 8 offering.
Called the vSphere Distributed Services Engine, this enables the offloading of network servies to Data Processing Units (DPU).
This first version of enables offloading of NSX Services to a SmartNIC (DPU) using a new vSphere Distributed Switch version 8.0:
By offloading the processing of network traffic to a DPU instead of using the CPU, frees up resources that hosts and VMs can take advantage of, as well as help increase network performance. It will also enhance visibility and observability of the network traffic and provide better encryption, isolation and protection. See DPU-based Acceleration for NSX: Deep Dive (Youtube) for more details.
VMware vSphere with Tanzu #
vSphere now runs Tanzu Kubernetes Grid (TKG) 2.0, with the following enhancements:
- Unified Tanzu Kubernetes Grid
- Increased availability with Workload Availability Zones
- Declarative cluster lifecycle with ClusterClass
- Define It Once, Use It Many Times — This is an Upstream Kubernetes conformant ClusterAPI. Defines configuration and default installed packages for Tanzu Kubernetes clusters. ClusterClass is defined in the cluster deployment specification.
- Customize PhotonOS or Ubuntu images
- Pinniped Integration
- Bring Your Own Identity Provider, you can now decouple Kubernetes identities from the vCenter Single Sign-on Domain.
- Pinniped Federates identity from many identity providers (IDPs)
- OIDC and LDAP support
- Supervisor and TKG Clusters support Pinniped based authentication
- Login Integration through Tanzu CLI
Lifecycle Management #
Lifecycle Manager Images is the default option going forward.2
Warning
vSphere 8 is the last release where Lifeycle Manager baselines (vSphere Update Manager) is supported, only vSphere Lifecycle Manager (vLCM) images will be supported going forward.
- Enhanced Recovery of vCenter
- Recover vCenter without data loss.
- Cluster state persists in ESXi hosts as a Distributed Key-Value Store (DKVS)
- Distributed key-value store becomes the cluster source-of-truth
- vCenter cluster state reconciles with the vSphere cluster during backup recovery
- Recover vCenter without data loss.
In short, this means that in a scenario where a host was added to a cluster after a vCenter backup was taken, and the vCenter is restored to that earlier backup the vCenter reconciles the cluster state with the state from the Distributed Key-Value Store (DKVS).
Other enhancements and news:
- Staging Support
- Stage update payloads in advance of remediation, without the need for maintenance mode
- Reduces overall remediation time and time spent in maintenance mode per host
- Less risk of remediation failure from live image transfer
- Firmware payloads staged with Hardware Support Manager integration
- Parallel Remediation
- Remediate multiple hosts in parallel
- Reduce the lifecycle operation time of a cluster
- vSphere Administrator decides how many hosts will be remediated in parallel by placing the desired hosts into maintenance mode
- It is my understanding that in vSAN enabled clusters, only one host will be allowed to remediate at a time to ensure that all data in a cluster remains available at all times.
vSphere Configuration Profiles
- Configuration Management at scale — Future replacement for Host Profiles available as a Tech Preview in vSphere 8
- A new desired-state model for all configuration options, with compliance drift monitoring. Remediates hosts back to desired state.
- Configuration Management at scale — Future replacement for Host Profiles available as a Tech Preview in vSphere 8
Standalone Host Support (API only)
VCG Listings for Hardware Security Modules feature support
DPU Support
Unified Management for AI/ML Hardware Accelerators #
- Combine NIC and GPU devices
- Share a common PCIe switch or a direct interconnect
- Discovered at the hardware layer and presented to vSphere
- Added to a virtual machine as a single unit
- NVIDIA® support launching shortly after vSphere 8 GA
Next-Generation of Virtual Hardware Devices — Device Virtualization Extensions (DVX) #
- New API for vendors to create hardware-backed virtual devices
- Supports vSphere DRS and vSphere HA
- Can support live migration using vSphere vMotion
- Can support VM suspend and resume
- Can support disk and memory snapshots
Guest OS & Workloads #
- Virtual Hardware version 20
- Latest Intel and AMD CPU support
- Device Virtualization Extensions
- Up to 32 DirectPath I/O devices
- Guest Services for Application
- vSphere Datasets
- Application aware migrations
- Latest guest operating system support
- Performance and Scale
- Up to 8 vGPU devices
- Device Groups
- High Latency Sensitivity with Hyperthreading
- Virtual TPM Provisioning Policy
- Choose between Copy or Replace when deploying VMs configured with vTPM devices
- Copy will clone TPM secrets Replace will reset the vTPM device as new
- ovftool support for vTPM device placeholder
Migration aware applications
- Notify supported applications about migration taks, and let the application ackownledge that the migration can proceed
- Use-cases
- Time-sensitive applications
- VoIP applications
- Clustered applications
- Use-cases
- Notify supported applications about migration taks, and let the application ackownledge that the migration can proceed
High latency sensitivity with hyper-threading
- Virtual Machine vCPUs are scheduled on the same hyperthreaded physical CPU core
- Simplified vNUMA configuration
- Virtual NUMA topology and configuration is exposed to the vSphere Client
- Configure virtual NUMA configuration during new VM creation
- Edit CPU Topology settings of existing VM
- vSphere DataSets
- Share data between vSphere and a Guest OS
- Data is stored and moves with the VM
- Use-cases
- Guest deployment status
- Guest agent configuration
- Perfect for things like SaltStack or similar.
- Guest inventory management
vSphere Scalability #
Not much has changed as far as maximum configurations go, check the table below for details.
Tip
Always check configmax.vmware.com for updated information.
| Compute Resource | vSphere 7 U3 | vSphere 8 |
|---|---|---|
| vCPU per VM | 768 | 768 |
| Memory per VM | 24 TB | 24TB |
| vGPU per VM | 4 | 8 |
| CPU per host | 896 | 896 |
| Memory per host | 24 TB | 24TB |
| Hosts managed by vLCM | 400 | 1000 |
| Hosts per cluster | 96 | 96 |
| VMs per cluster | 8000 | 10000 |
| VMDirectPath I/O devices per host | 8 | 32 |
Enhanced DRS Performance #
Some updates has been done to the to Dynamic Resource Scheduling (DRS)
vSphere Memory Monitoring and Remediation v2 (vMMR2)
- Supports Intel® Optane PMem
- Better distribution of L3 cache prefetch data on DRAM and Pmem
- Uses Memory Stats for better VM placement
Security #
There has also been some improvements when it comes to security in vSphere 8.
- Improvements to Intel® Software Guard Extensions (SGX) 3
- TLS 1.2 & Better Cipher suites are now default
- Prevent Untrusted Binaries
- Basically
VMkernel.Boot.execInstalledOnlyis now default, preventing untrusted binaries from running on an ESXi host without this setting being explicitly changed. As this is one of the most common ransomware attack vectors, this is a welcome change to the deaults.
- Basically
Tip
Always check VMware vSphere 8 Security Configuration Guide for updated security information.
Closing Comments #
All in all vSphere 8 looks like a good incremental release, with a bunch of useful enhancements and new features.
There are no really huge game-changing features in the release, perhaps with the exception of the vSphere Distributed Services Engine. It is clear that we are moving more and more towards specialized silicon for specific tasks. GPU’s and DPU’s are gaining momentum! Truthfully we have had things like iSCSI and TCP Offloading (TOE) for a long time, but this goes beyond that. DSE enables software on the host to actively use the processing power of a DPU, much like what is done wth GPUs. Going forward I expect seeing more services move over to such a model, perhaps things like vSAN can use this technology as well, For now DSE does not support VMkernel ports, so at the time of writing this is not possible, but I’m sure that is something that is being actively worked on. Once we have VMkernel support on DPU’s, we might also see vCenter Management of non-ESXi hosts as well, for bare-metal (sic) workloads.
Specialized silicon for specialized workloads really makes sense to me, not everything needs to be x86 after all.
Other than that, this release feels like an evolutionary release — which makes a lot of sense. vSphere is still the defacto on-premises datacenter standard, and this continues to build on that. In my opinion the real news in vSphere 8 is really vSAN 8 and it’s new architecture model!.
Tip
Check core.vmware.com/vsphere for all the details, there should be info about vSphere 8 there already — if not, it’s right around the corner.
Resources #
Last updated 01. september 2022.
- VMware: vSphere 8 Sneak Peak with Raghu Raghuram (YouTube)
- VMware: Introducing vSphere 8: The Enterprise Workload Platform
- VMware: What’s New with vSphere 8 Core Storage
- VMware: What’s New in vSphere 8?
- VMware: DPU-based Acceleration for NSX: Deep Dive
- Duncan Epping: Introducing vSphere 8!
- Frank Denneman: New vSphere 8 Features for Consistent ML Workload Performance
- The Register: VMware reckons 20% of server cores can come back to work thanks to vSphere 8 and SmartNICs
Footnotes #
Related Posts
- vSAN 8 ESA VMware Compatibility Guidance — Published
- VMware vSAN 8 ESA in my Homelab — Published
- VMware vSAN 8 Announced — New Architecture Model! — Published
- Patching Dell Optiplex 7090 UFF — Published
- The Home Lab: 2022 Edition — Published
