In my previous post, I shared about Announcement of VMware vSAN 6.7 U1 and vSAN Beta. In addition, I am sharing and exciting update from VMware on their new Edition Announcement at VMworld.As always VMware Rocks, vSphere Platinum – a new edition of vSphere and vSphere 6.7 Update 1 – the latest release of the industry-leading virtualization and cloud platform announcement on the VMworld.
vSphere Platinum is a new edition releasing by VMware that includes VMware vSphere Enterprise Plus and VMware AppDefense. Here I mentioned two products that doesn’t mean simply a combining two VMware products.vSphere Platinum contains an exclusive vCenter Server plugin creates the tight integration between these two products. This plugin enables the visibility to the application security features of AppDefense to the vSphere Administrators . This will really help to work closely with Security Administrators to create a secure Infrastructure.
VMware vSphere Platinum has the capability to deliver advanced security features fully integrated into the hypervisor. The combination of the latest vSphere and AppDefense enables vSphere administrators to have a simple way to secure virtual machines in their organizations.
vSphere Platinum Core Features
- VMware AppDefense – AppDefence will protect the integrity of sing machine learning to monitor against threats and automate responses. AppDefense locks down the guest operating system for all applications, the VMware application stack and third-party applications. AppDefense collect the required data and applies machine learning to discover the intended state and establish the known good behaviors for the application and machine. Any deviations from this state are detected, prevented and securing the integrity of the applications, infrastructure and guest operating system.
- Secure Data – FIPS 140-2 Validated VM Encryption, and cross-vCenter Encrypted vMotion– Secure against unauthorized data access both at rest and in motion, across the hybrid cloud
- Secure Boot for ESXi – It Helps protect the integrity of ESXi hosts with code signing
- Secure Boot for Virtual Machines – Protects guest virtual machines from tampering from malicious code and other attempted attacks
- Support for TPM 2.0 ESXi – Enables hypervisor integrity and remote host attestation
- Virtual TPM 2.0 – provides the necessary mechanism for securing guest operating systems while retaining operational feature
- Support for Microsoft Virtualization Based Security – Support Microsoft Operating System Security Features top of the Hypervisor.
- Audit Quality Logging – Provides authorized administration and control visibility in the vSphere Environment.
VMware announced their vSphere 6.7 version few months back and with this new Platinum Edition VMware announces vSphere 6.7 Update 1 with new and enhanced capabilities.
vSphere 6.7 Update 1 Key Features
Upgrade path from vSphere 6.5 U2 to vSphere 6.7 U1 is Available
Fully Featured HTML5-based vSphere Client
As promised by VMware fully functional HTML5 client is available with this version and no longer have to use the FLEX client. Earlier we were switching the clients to perform actions from vSphere Update Manager (VUM) setting up a vCenter HA cluster, etc. Now all the administrative functions are available and no more switching between clients to perform any such actions.
Enhanced support for NVIDIA Quadro vDWS powered VMs and Support for Intel FPGA
This will enhance the operational flexibility and utilization of virtual infrastructure that makes use of NVIDIA Quadro. You can perform maintenance operations on the underlying GPU accelerated VDI or Compute infrastructure without disruption to end-users and their applications by the help of VMware vSphere vMotion with NVIDIA Quadro vDWS vGPU powered VMs.
New vCenter Server Convergence Tool
The new vCenter Server Convergence Tool is greater innovative feature from VMware, this tool will allows migrating from an external Platform Services Controller (PSC) architecture to the simpler embedded PSC architecture. This new vCenter architecture no more required any load balancers for HA and no multi-site replication. In addition, there is support for Enhanced Linked Mode (ELM) with embedded PSCs for vSphere 6.7 and vSphere 6.5 U2 available.
vCenter Server Converge Tool works in a way an embedded PSC is installed on the vCenter Server Appliance and a replication agreement is established between the embedded PSC and the external PSC. Once the replication of the PSC configuration completed in all the vCenter Server using the External PSC instance, the external PSC can then be decommissioned. Finally, you have the flexibility to combine, merge, or separate vSphere SSO Domains based on your requirement without rebuilds or migrations.The vCenter Server Converge Tool is located on the VCSA ISO and this utility available via CLI (vcsa-converge-cli) .This utility can be launched from Windows, Linux and Mac OS.
Note :- vCenter Server Converge Tool only supports vSphere 6.7 so you need to upgrade all vCenter instances to vSphere 6.7 to take advantage .
Enhancements for HCI and vSAN
New features and enhancements are available with new vSAN 6.7 U1 version announced in VMworld . With this new version, vSAN has new workflow called Cluster Quickstart which provides one simple, efficient wizard to create a cluster, add hosts, and configure those hosts so they are all identical. This configuration includes HA & DRS, Enhanced vMotion Compatibility (EVC), a vSAN datastore, and networking including a Virtual Distributed Switch (VDS).With Cluster Quickstart you can go from zero to fully functioning cluster in a matter of minutes and it includes cluster validation. This validation will ensure all settings have been properly configured on all hosts and will report any discrepancies.
Another enhancement available is with VUM , now you can do firmware update of the HBA controller from update manager. Now you can do remediation of software and firmware in on maintenance cycle from single VUM UI. vSAN HCL checks are built-in to ensure the host being remediated is compliant to the vSAN HCL before VUM moves to the next host. The I/O controller firmware is updated via an integration with the server vendor’s firmware update utility. Currently Dell HBA330 only supported and soon other controllers will come up with their update on this.
Enhanced vSphere Content Library
Improvements in vSphere 6.7 Update 1 allows to import OVA templates from a HTTPS endpoint and local storage. You can synchronize content from OVA templates to other vCenter Servers also using same method. Content Library handles and verifies the OVA bundle’s certificate and manifest files in adherence to security best practices .Content Library now natively supports VM templates (VMTX), also allowing all operations associated with VM templates directly from the Content Library.
NOTE : This functionality is not yet included in the synchronization between vCenter Servers
To learn more about vSphere Platinum and vSphere 6.7 Update 1, please see the following additional resources.
- Press Release
- vSphere Product Website
- Deep Dive Blog Post – vSphere Platinum
- Deep Dive Blog Post – vSphere 6.7 Update 1
- VMware AppDefense Video Playlist
Thank you for reading this post , Share the knowledge if you feel worth sharing it.