The Software Defined Data Centre & vsphere 6.5 The foundation of the hybrid cloud Barry Coombs
What s New in vsphere 6.5? Dramatically Simplified Experience Comprehensive Built-in Security Universal App Platform Simplified architecture Streamlined Operations Improved User Experience Secure Data Secure Infrastructure Secure Access Scale and performance, and availability to meet the demands of any applications Containerized Workloads Application Automation
What s new in vcenter 6.5 vcenter Server Appliance Integrated Update Manager Native High Availability Active, Passive & Witness cloned from existing vcenter Server 5 Min RTO Improved Management Native Backup and Restore vcenter Server Appliance Migration Tool Migrate Configuration, Events, Tasks and Performance Metrics
VUM Architecture Improvements in vsphere 6.5 vcenter Server 6.0 or 6.5 on Windows Update Manager on Windows VCSA 6.5 with Integrated VUM Additional Windows VM for VUM Extra configuration & DB dependency Sizing and latency considerations No inherent backup or failover Integrated and enabled by default Zero setup; embedded DB Scalable and low impact on resources Leverages VCSA HA and backup
vsphere Management Interfaces vsphere Web Client The primary management UI for vcenter Server which is based on Adobe Flex. vsphere Client The future successor of the vsphere Web Client and based on HTML5. Available as a Fling and partial functionality with the 6.5 release. Appliance Management UI Contains basic health information along with the ability to reboot, shutdown, and collect support bundles. Accessed via port 5480. PSC UI Allows for basic SSO configuration as well as certificate management. Available only on embedded or external PSC nodes. Host Client A robust interface for managing ESXi hosts directly through a web browser. Replaces the C# client for host management.
Comprehensive Security Enhancements
Policy Based VM encryption at rest and in motion Create storage policies to encrypt virtual disks at rest Hypervisor level, no in-guest requirement Encrypt vmotion Traffic on a per VM basis VM doesn t have to be encrypted itself
Enhancement to HA and DRS New Admission Control UI Restart Priority Enhancements Detect Guest or App Hearbeat HA Orchestrated Restart Based on VM Groups Proactive HA Detect HW Failure and act Predictive DRS Utilising VROps Network Aware DRS Configured with Network IO Control Physical NIC Utilisation now considered DRS Profiles VM Distribution Memory Metric Consumed vs Active Memory CPU Over-Commitment
Introducing vsphere Integrated Containers (VIC) Docker compatible interface Full enterprise-grade power of the Software-Defined Data Center
vsphere Integrated Containers Framework ENGINE vsphere
vrealize Operations Manager
vr Ops - New Home Dashboard Easily Choose a Scope and Object Type Condensed Alert Information and Remediation Guidance Quickly Identify Top Problem Objects Filter by Severity
Is it time for you to upgrade? vsphere 5.0 Released in 2011 Now end of general support vsphere 5.1 Released in 2012 Now end of general support vsphere 5.5 Released in 2013 End of general support 2018 vsphere 6.0 Released in 2015 End of general support 2020 vsphere 6.5 Announced Oct 2016 Awaiting GA Date
A quick look at VMware NSX
Start with your physical network infrastructure Without Network Virtualisation, you are hardware defined Internet Network
Add your storage & compute Internet Network, storage, compute
Add your Data Centre Virtualisation Layer Internet Virtualization layer Network, storage, compute
A Network Hypervisor Internet Virtual Data Centers Network hypervisor Virtualization layer Network, storage, compute
Primary NSX Use Cases Driving Immediate Business Value SECURITY Architecting security as an inherent part of the data center infrastructure AUTOMATION Automating IT processes to deliver IT at the speed of business APPLICATION CONTINUITY Enabling applications and data to reside and be accessible anywhere 23
Why are breaches still happening? Unconstrained communication Little or no lateral controls inside perimeter Low priority systems are targeted first. Attackers can move freely around the data center. Internet 10110100110 101001010000010 1001110010100 Attackers then gather and exfiltrate data over weeks or even months. Data Center Perimeter 24
Security is needed everywhere, but we can t have it everywhere Why can t we have individual firewalls for every VM? With traditional technology, this is operationally infeasible. Physical firewalls Expensive and complex Internet Virtual firewalls Slow, costly, and complicated Data Center Perimeter 25
Firewall Everywhere Distributed Firewalling Centrally Managed Internet