vSphere 7 Update 2 – Tanzu and vSAN Enhancements

I haven’t done one of these VMware Update release posts in a while… Having attended the #vExpert pre-brief a couple weeks back I thought there was enough relevant goodness to share. It’s been such an interesting time in our industry over the past 12-18 months and this vSphere 7 and vSAN 7 Update 2 release continues to be representative of the trend around more power, scalability and flexibility when it comes to a new software release. Features and functionality are great… but if you are not delivering value and efficiency to your customers then you might as well not be in the software game.

The main focus areas for the Update 2 release version 7 follows familiar trends as seen below.

I’m going to focus on a Tanzu and vSAN features and enhancements, but as you can see above, there is a big focus on security, operations and scale in general. For more on what I haven’t talked about below, head here.

Kubernetes and vSphere Tanzu

I have spent a fair bit of time with vSphere Tanzu since the release of Update 1 for vSphere 7 mainly due to the capability in that release to utilize the HAProxy for Kubernetes networking. This meant you could use a Virtual Distributed Switch to deploy Workload Management. With Update 2 vSphere you will be able to leverage NSX Advanced Load Balancer Essentials in vSphere wtih Tanzu… this will work with vSphere with Tanzu, TKG Cluster Control and Ingress for Kubernetes Load Balancer services. This will be orchestrated through Network Service and NSX-T, meaning a highly available and scalable approach with lifecycle support.

Check out my Blog Post Series on configuring a Tanzu Home lab on a Single Host

This will result in a more integrated way of leveraging the load balancing for the Supervisor and TKG Clusters.

In terms of keeping up with Kubernetes releases, Update 2 will be matching upstream Kubernetes versions. There will be Kubernetes 1.19 Support for Supervisor Cluster and TKG. There will also be more flexibility with Container registries meaning the use of registries with self service or internal CA certs. This allows for external registries deployed outside of vSphere and Tanzu. In terms of security, advanced security for container-based workloads on AMD using SEV-ES enabled ESXi host hardware will be available. For the VI admin this helps protect CPU registries and memory from leaking guest information into the hyper-visor and ensure the memory used by each pod is uniquely encrypted and not able to be accessed externally to the POD. This was previously supported for VMs and now extended to containers in Update 2.

vSphere LifeCycle Manager support for Tanzu and NSX-T now handles vSphere with Tanzu Supervisor cluster lifecycle operations with a declarative model for host management and NSX-T lifecycle support means all vSphere with Tanzu deployment models are easier to maintain.

vSAN 7 Update 2

When it comes to vSAN, there will be a lot of tweaks and under the hood enhancements, but the most important new features and enhancements related to Scalability with an extension to HCI Mesh which was part of Update 1. With Update 2 the ability to mount remote vSAN datastore from non-vSAN bases vSphere clusters will be possible with improved scalability up to 128 hosts connected to a remote vSAN datastore. Also added is storage policy integrations with vSAN datastores for DD&C, or compression only, Data-at-rest and all All Flash or Hybrid. As a bonus, there is no license needed for HCI Mesh compute clusters.

vSAN File Services introduces support for vSAN stretched clusters and 2-node topologies with support for data-in-transit encryption and UNMAP. Snapshots for file services via API and ability to do exact differences between two snapshots as well as improved scale, performance and efficiency.

Veeam and other backup vendors will be able to take advantage of this via the API snapshotting to build solutions and features against VSAN File Services.

vSAN over RDMA very efficient in supporting high speed networking, improves CPU utilisation and app performance for certain workloads like sequential reads and random mixed reads/writes. This supports RDMA over converged Ethernet v2… if you don’t know what that is like I wasn’t sure, then click here to find out about RoCEv2… By default, if it is compatible vSAN will use this over TCP/IP ethernet. There is also improved performance under the hood when using RAID 5/6 erasure coding which leads to better large sequential write and reduces CPU usage and also improved CPU efficiency for smaller random I/O with better write to the data cache/buffer tier.

vSAN 7 also supports Proactive HA which responds when a vSAN host detects a possible failure and evacuates VMs and migrates the data. Finally there are improvements to the Skyline Healthcheck for vSAN by adding a visual time based history of certain error conditions that gains insight into potentially transient issue that are otherwise difficult to track and the is also the introduction of relationship tracking with other alerts to try nail down potential relating symptoms and core issues.

Conclusion and Links

It’s easy to loose focus on improvements VMware continues to make to its core hyper-visor and storage platforms, but for those still running vSAN Clusters, or those looking to leverage Tanzu for Kubernetes on vSphere, Update 7 packs a lot of great features and enhancements.

<Links to come>

Posted by Editor