Scribd
Upload
81 views71 pages

Event - Vsphere 7.0 Day

Uploaded by

rico deviza
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
81 views71 pages

Event - Vsphere 7.0 Day

Uploaded by

rico deviza
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 71

vSphere 7.

0 Day
Lets know more about vSphere 7

Taufan Sangga Utama


Presales
PT Virtus Technology Indonesia

Confidential │ ©2020 VMware, Inc.


Agenda VMware Introduction
VMware ESXi™ and vCenter Server™
VMware vSphere® 7
VMware vSphere Licensing and Packaging

Confidential │ ©2020 VMware, Inc. 2


VMware Introduction

Confidential │ ©2020 VMware, Inc. 3


Modern Business will run on

Modern
Applications

Confidential │ ©2020 VMware, Inc. 4


Challenges for Modern Applications

Line-of-Business
Leader
Monolithic apps fail to meet modern
IT Admin requirements Developer
Infrastructure silos make it challenging Cannot quickly respond to changing market More complicated to get
to provision resources demands modern apps into production

Security isolation of modern apps Weak customer experiences sacrifice Ticket-based infrastructure
and databases is difficult market share slows development cycles

Inconsistent operations and Difficulties updating apps


cross-functional workflows can impact resiliency

Confidential │ ©2020 VMware, Inc. 5


What would an ideal solution look like?

Expanding market share


Faster time to revenue
Leverage skills I have Loyal customers Self-service through
Kubernetes API
Manage multiple containers as
a unit Sandbox to host multiple
containers
Govern SLAs for security,
availability, and QoS Open source conformant
Fewer infrastructure Interact with services, not
stacks to maintain infrastructure

Confidential │ ©2020 VMware, Inc. 6


The Definition of an Application Has Changed

An application used Modern apps are like distributed


to consist of a few VMs systems
Kubernetes Cluster VM App

App Database k8s Native


Applications VM

Control Plane

Node Node Node Database

VM

Native Pods
Node VM

Function 1
Function Function 2
Function
VM

Confidential │ ©2019 VMware, Inc. 7


Fundamentally Change the Game
Empower the developer, Assure the admin

Performance IT Admin Developers


Code
Security Collaboration
Test
Availability
Deploy
Cost
Support
Diagnostics
Manage Deploy

Platform

Infrastructure
Confidential │ ©2020 VMware, Inc. 8
VMware Delivers the Digital Foundation
Build, Run, Manage, Connect and Protect Any App on Any Cloud on Any Device

Any Device

Intrinsic Security
Any Application Traditional Cloud Native SaaS

Edge
Any Cloud Private Public
Hybrid Hybrid

Telco
VMware Delivers the Digital Foundation
Build, Run, Manage, Connect and Protect Any App on Any Cloud on Any Device

Any Device Digital Workspace

In

Intrinsic Security
tr
Any Application Traditional App Modernization
Cloud Native SaaS in
si
cS
e
c
u
Multi- Cloud ri
Edge ty
Any Cloud Private Hybrid Public
Hybrid
Virtual Cloud Network
Telco
FY21 Framework: IT Initiatives

STRATEGIC
PRIORITIES

App Multi- Virtual Cloud Digital Intrinsic


Modernization Cloud Network Workspace Security

IT Cloud Native Apps Data Center Data Center Networking Employee Experience Workspace Security
INITIATIVES Multi-Cloud Kubernetes Modernization Edge Networking Modern Management Workload Security
Enterprise Observability Hybrid Cloud Telco/5G Hybrid Virtual Desktop Network Security
Cloud Migration Infrastructure Cloud Security
Multi-Cloud Operations
Telco Cloud
Edge
FY21 Framework: Key Offerings

STRATEGIC
PRIORITIES

App Multi- Virtual Cloud Digital Intrinsic


Modernization Cloud Network Workspace Security

KEY Tanzu VMware Cloud NSX Workspace ONE Carbon Black


OFFERINGS PKS Foundation SD-WAN by VeloCloud Horizon Service Defined Firewall
Bitnami vSphere NSX Advanced Workspace Security
Wavefront vSAN Load Balancer Secure State
Pivotal Labs SRM vRealize Network Insight
vRealize Service Defined Firewall
VMware Cloud on Uhana by VMware
AWS
CloudHealth
Cloud Provider Platform
vCloud NFV
Digital
Workspace
App Workspace ONE
Simplifying Our Modernization
Tanzu
Value Proposition

Selling the Intrinsic


Full VMware Security
Carbon Black

Portfolio
Multi-Cloud
VMware Cloud Foundation
Virtual Cloud
Network
NSX
Elevating
Customer
Relationships Digital
Transformation

Our Impact and Your


Influence

Data Center Virtualization

Server Virtualization

2010 2020
VMware ESXi and vCenter Server

Confidential │ ©2020 VMware, Inc. 15


High-Level VMware vSphere Architectural Overview
VMware vSphere

VMware vCenter Server

Availability Scalability
• VMware vSphere
Manage vMotion
Application • DRS and DPM
• VMware vSphere
Services • Hot Add
Storage vMotion
• Over Commitment
• VMware vSphere High
• Content Library
Availability
• VMware vSphere FT

Cluster
Storage Network
• vSphere VMFS • Standard vSwitch
• VMware Virtual • Distributed
Infrastructure ESXi ESXi ESXi Volumes vSwitch
Services • VMware vSAN • VMware NSX
• Thin Provisioning • VMware vSphere
• vSphere Storage I/O Network I/O
Control Control

16
Physical Resources
ESXi

ESXi is bare metal VMware vSphere Hypervisor


ESXi installs directly onto the physical server enabling
direct access to all server resources
• ESXi is in control of all CPU, memory, network and
storage resources
• Allows for virtual machines to be run at near native
performance, unlike hosted hypervisors

17
vSphere ESXi Best Practices
Ensure the management network is isolated from the general network (VLAN) to decrease the attack
surface of the hosts
Ensure the management network has redundancy through NIC Teaming or by having multiple
management interfaces
Do not mix versions of ESXi in the same cluster
ESXi host hardware should be as similar as possible to avoid failures
VMware Virtual Machine Hardware compatibility is important to avoid failures as newer hardware
revisions cannot be run on older ESXi hosts
10 Gb networking will improve vSphere vMotion performance
vSphere vMotion networking should be segregated form other traffic to prevent saturation of network
links
The same virtual network configuration

18
VMware vCenter™
vCenter is the management platform for vSphere environments.

Platform Services Controllers


• VMware vCenter Single Sign-On™
• License service
• Lookup service
• VMware Directory Services
• VMware Certificate Authority
vCenter Server Service
• vCenter Server
• VMware vSphere Web Client (HTML5)
• VMware vSphere Auto Deploy™
• VMware vSphere ESXi Dump Collector
• vSphere Syslog Service for VMware vCenter Server Appliance™
• vSphere Update Manager
19
vCenter Architecture – vCenter Server Components

Platform Services
Controller

Core and User VMware HTML5


Distributed Access vSphere Client Microsoft Active
Database VMware
Services Control Directory Domain
Server vSphere
Third-Party
API Applications

ESXi Management Plug-Ins

ESXi hosts

20
vCenter Appliance Deployment
•Installer support for Windows, Mac, and Linux
•Updated menu: Install, Upgrade, Migrate, Restore
•No longer supports external databases!
•VMware vSphere Update Manager included
•vCenter Appliance (incl. PSC Install) is a two stage process
• Stage 1 – Deploy OVF
• Stage 2 - Configuration

Benefits to 2-Stage Deployment


• Improved validations and checks
• Manual snapshot between stages for rollback
• Create a template for additional deployments

21
Robust Backup
Native vCenter Server Appliance Backup

Backup Management
• Scheduled Backup
• Retention option
• Backup activity

Verifies VCSA state

Supported Protocols
include:
• HTTP/S
• SCP
• FTP/S

22
Simple Restore

Restore directly from VCSA ISO

Browse Restore Files

Retains VCSA identity

23
vCenter Best Practices
Verify that the proper inventory size is configured during the installation
Verify that DNS is configured and functional for all components
Verify that time is correct on vCenter and all other components in the environment
Distributed vSwitches should be used whenever possible because they offer greater granularity on traffic
flow than standard vSwitches
vSphere Network and Storage I/O Control can dramatically help with contention on systems. This should
be used whenever possible
VMware Tools, and subsequently VMXNET3 drivers, should be used in all virtual machines to allow for
enhanced network capabilities

25
VMware vSphere 7

Confidential │ ©2020 VMware, Inc. 26


Containers are the Future

Container use is skyrocketing


and is projected to grow at 64% By 2022, organizations will
64% CAGR through 2022. 77% deploy containers primarily in
the data center.

The big stones we have to overcome are day two operations. It is not a big deal to deploy
Kubernetes clusters. The trouble starts when you want to start
updating, upgrading, adding nodes, all that kind of stuff.”
Stephan Massalt​, VP of Cloud Labs​, Swisscom​

Confidential │ ©2019 VMware, Inc. 27


Virtual Machine vs Container

Confidential │ ©2019 VMware, Inc. 28


Virtual Machine vs Container

Confidential │ ©2019 VMware, Inc. 29


Docker makes Container Simple
Containers are Portable

~# docker pull my app


~# docker build my_app
~# docker push my_app
~#

DEV TEST PROD

Confidential │ ©2019 VMware, Inc. 30


Challenges with Containers
CONTAINERS IN CONTAINERS IN
DEVELOPMENT PRODUCTION

Load Balancing

Security

High Availability

Application Updates

Scaling up/down

Repeatable Deployments
Replication

Scheduling

Containers Containers
Confidential │ ©2019 VMware, Inc. 31
Kubernetes: Production-Grade Container Orchestration

• Kubernetes, is an open-source platform for managing, automating deployment, scaling, and


operating containerized applications across a cluster of worker nodes.

Capabilities:
• Deploy your applications quickly and
predictably
• Scale your applications on the fly
• Seamlessly roll out new features
• Optimize use of your hardware by using only
the resources you need
Role:
• K8s sits in the Container as a Service (CaaS)
or Container orchestration layer

Confidential │ ©2019 VMware, Inc. 32


Kubernetes Cluster
K8s Cluster
• Consists of a master and a group of
worker nodes Pod Pod

Worker node 1
• Namespaces is a mechanism to
partition resources into logically
named groups
Pod Pod
• A pod is a group of one or more Master
Worker node 2
containers

• Containers within a pod share an IP


address and port space, and can Pod Pod
find each other via localhost
Worker node 3

• Containers in a Pod also share the


same data volumes

Confidential │ ©2019 VMware, Inc. 33


VMware Cloud Foundation 4 with Kubernetes
App-focused Management | Dev & IT Ops Collaboration

VMware Cloud Foundation


Namespaces

DB & Analytics AI/ML Business Critical Time-critical

Developer VMware Cloud Foundation Services


KUBERNETES & RESTful APIs
Tanzu Runtime Services Hybrid Infrastructure Services vCenter
vSphere Pod Service Network Service
Server
Tanzu Kubernetes Grid
Service Registry Service Storage Service

vRealize
vSphere NSX-T vSAN
Intrinsic Security & Lifecycle Automation
IT Operator
Data Center Edge Service Provider Public Cloud

Confidential │ ©2020 VMware, Inc. 34


Introducing vSphere with Kubernetes
Transform your infrastructure to build, run, manage modern applications anywhere

VMware Cloud Foundation Services


Developer

TKG vSphere Pod Code Deploy


service service
Test Support

Streamline Development

Network
Collaboration Storage service Registry service
service

Performance Availability
Application
focused Security Lifecycle
management
Agile Operations
vSphere
VI Admin

Accelerate Innovation

Confidential │ ©2019 VMware, Inc. 35


Agile Operations
Application-focused management with lifecycle management and intrinsic security
vSphere
vSphere Cloud Foundation Services
Developer

TKG vSphere Pod Code Deploy


service service
Test Support

Self-service Development

Network
Storage service Registry service
service

Application
Performance Availability
focused
management Security Lifecycle

Agile Operations

IT Operator

Confidential │ ©2019 VMware, Inc. 36


Application-focused Management
Namespace D
Namespace C
Namespace B
Namespace A
K8s Native
Kubernetes Cluster VM App
Applications VM VI Admin
K8s Native Application D
Applications
Control Plane VM

Node Plane
Control Node Node Application C

Database
Node Node Node

Application B
Native Pods VM

Native Pods Application A


Function 1 Function 2 VM
Function Function

Function 1 Function 2
Function Function
VM

Confidential │ ©2019 VMware, Inc. 37


Application-focused Management

Application
Kubernetes Virtual
Clusters Machines Pods

• App level control for applying policies, quota and role-based access to Developers
• Apply vSphere features (HA, vMotion, DRS) at the app level and to the containers
• Unified visibility in vCenter for Kubernetes clusters, containers and existing VMs
Confidential │ ©2019 VMware, Inc. 38
Confidential │ ©2019 VMware, Inc. 39
Streamline Development
Self-service access via infrastructure services

VMware Cloud Foundation Services


Developer

TKG vSphere Pod Code Deploy


service service
Test Support

Streamline Development

Network
Storage service Registry service
service

Performance Availability
Application
focused Security Lifecycle
management
Agile Operations
vSphere
VI Admin

Confidential │ ©2019 VMware, Inc. 40


Tanzu Kubernetes Grid Service
Self-service access to Kubernetes clusters

Manage consistent, compliant, and DevOps


DevOps
conformant Kubernetes clusters.
3
Deploy Apps Full control of Kubernetes cluster
via Kubernetes API

kubectl create Flexible lifecycle management


TKG Cluster

2 IT Ops Upstream conformant

Tanzu Kubernetes
Define template, IT Operator
versions, etc.
Grid Service
1 Define template and Kubernetes
TKG &
version
VM Operator Supervisor Cluster Cluster API
Establish resource quotas
SDDC

Confidential │ ©2019 VMware, Inc. 41


vSphere Pod Service
Advanced security and performance, without managing clusters

Run containers directly on the


DevOps hypervisor for improved security, DevOps
performance, and manageability.
Control via Kubernetes API
Enhanced security and resource
isolation
Kubectl create
deployment
Performance advantage
2 IT Ops Serverless experience
Application
vSphere Pod Focused IT Operator
Service Management

1
Application focused management
VM Operator Supervisor Cluster
Workload visibility within pods and
SDDC containers

Confidential │ ©2019 VMware, Inc. 42


vSphere Pod Service
Advanced security and performance, without managing clusters

Run containers directly on the Native Pod


DevOps hypervisor for improved security, DevOps
performance, and manageability.
Control via Kubernetes API
Container Container
Enhanced security and resource
isolation
Kubectl create
deployment
Container advantage
Performance Engine
2 IT Ops Linuxexperience
Serverless Kernel
Application
vSphere Pod Focused
Management
IT OperatorCRX
Service
1
Application focused management
VM Operator Supervisor Cluster
Workload visibility within pods and
SDDC containers

Confidential │ ©2019 VMware, Inc. 43


Network Service
Self-service provisioning of network resources

Manage virtual routers, load


DevOps balancers and firewall rules for DevOps
container workloads.
Kubernetes API

Provision network resources and


Kubectl create define ingress paths
Ingress

2 IT Ops
Define network
security rules
IT Operator
Network Service and etc.

1 Define admin policies for security


NCP Supervisor Cluster

SDDC

Confidential │ ©2019 VMware, Inc. 44


Storage Service
Self-service provisioning of storage resources

Manage persistent disks for use


DevOps with containers, Kubernetes DevOps
clusters, and virtual machines.
Kubernetes API

Provision storage and Persistent


Kubectl create Volume Claims
pvc

2 IT Ops
Define storage
policy and quota
IT Operator
Storage Service

1 Establish resource quotas


CNS Supervisor Cluster Visibility
SDDC

Confidential │ ©2019 VMware, Inc. 45


Registry Service
Manage container images within an embedded container registry

Store, manage, and secure Docker


DevOps and OCI images within an Embedded image registry
embedded registry using Harbor.
Push/pull
images Sync project lifecycle
Deploy apps
2 Sync user permissions

IT Ops
Create Registry
Instance
Registry Service

Supervisor Cluster

SDDC

Confidential │ ©2019 VMware, Inc. 46


Multi-tenancy with Supervisor Cluster Namespaces

Each Namespace has its own


Resource Pool

Resource Isolation with Quota for


Namespace Namespace Namespace Namespace CPU/Memory/Storage

Supervisor Cluster Supervisor Cluster


All Workloads in a Namespace are
bounded by Namespace Quota
• Tanzu Kubernetes Clusters
SDDC
• Native Pods
• Virtual Machines

Confidential │ ©2020 VMware, Inc. 47


Enable vSphere with Kubernetes Supervisor Clusters

VI Admin

vCenter Server

vSphere Cluster

ESXi ESXi ESXi

Spherelet hostd Spherelet hostd Spherelet hostd DevOps

Pod Pod K8s Control Plane


VM

CRX Pod Pod


VM VM

Confidential │ ©2020 VMware, Inc. 48


Integrated Harbor Registry
Docker Hub VIC Registry

Public Registry Private Registry

Integrated Harbor

▪ Enable Harbor on Cluster


▪ Deployed as set of Native Pods
▪ Harbor Project Automatically Created For Each Namespace
▪ Authorized Namespace Users Automatically Added to Harbor

▪ 1.0 Limitations
• No Admin Access
• No Vulnerability Scanning
• No Signed Images

Confidential │ ©2020 VMware, Inc.


VMware Tanzu Kubernetes Grid Service for vSphere
Developer Self Service

CSI CNI Auth

Tanzu Kubernetes Cluster

Pod Pod Pod Pod

Give me a cluster:
3 Nodes
Kubernetes 1.16
Machine Class:
Ctrl VM Ctrl VM Ctrl VM
Guaranteed-Small VM Pod VM Pod VM Pod
Node VM Node VM Node VM

Namespace Namespace

Supervisor Cluster

ESXi ESXi ESXi ESXi vCenter Server

Confidential │ ©2020 VMware, Inc. 50


Confidential │ ©2020 VMware, Inc. 51
Confidential │ ©2020 VMware, Inc. 52
Confidential │ ©2020 VMware, Inc. 53
Confidential │ ©2020 VMware, Inc. 54
Confidential │ ©2020 VMware, Inc. 55
Confidential │ ©2020 VMware, Inc. 56
Confidential │ ©2020 VMware, Inc. 57
Confidential │ ©2020 VMware, Inc. 58
Security in vSphere with Kubernetes
The Best of Enterprise Security Brought To The DevOps World

Isolation of Pod Namespaces as a Authentication & Management & Automated


VM Security Group Authorization for Workload Certificate
Developers Separation Management

Confidential │ ©2020 VMware, Inc. 59


VMware vSphere Licensing and Packaging

Confidential │ ©2020 VMware, Inc. 60


The New NEW NEW

vSphere
The Biggest
+
Innovation Since
vSphere 7 vSphere 7 with Kubernetes
the Launch of
The new generation of vSphere The new generation of vSphere
ESXi
for existing enterprise apps for containerized apps
Available in two editions Available through VMware Cloud Foundation

Data Center | Edge | Service Provider | Public Cloud

Confidential │ ©2020 VMware, Inc. 61


vSphere 7 Editions
Enterprise Plus

Enhanced App
Performance,
Availability, and Intrinsic
Security
Standard

Basic Server Basic Server


Consolidation and Consolidation and
Resilience Resilience

vSphere 7 licensing: Per processor


vSphere 7 is licensed on a per-processor basis. Each physical processor (CPU) in a server needs to have at least one
processor license key assigned to be able to run vSphere. Each per-processor license will cover CPUs with up to 32
physical cores. If the CPU has more than 32 cores, additional CPU licenses are required
A support and subscription (SnS) contract is required for every edition purchased.
Confidential │ ©2019 VMware, Inc. 62
VMware vSphere Features

Confidential │ ©2019 VMware, Inc. 63


Confidential │ ©2019 VMware, Inc. 64
Confidential │ ©2019 VMware, Inc. 65
Confidential │ ©2019 VMware, Inc. 66
Confidential │ ©2019 VMware, Inc. 67
VMware vCenter Features

Confidential │ ©2019 VMware, Inc. 68


VMware Cloud Foundation 4 Full-Stack Editions
VCF with Tanzu VCF w/o Tanzu

with vSAN without vSAN

ADV ENT ADV ENT Starter


vRS ENT vRS ENT vRS ENT vRS ENT vRS STD

vRNI ENT add-on to vRNI ENT add-on to


STD vRNI ADV NSX ENT+ STD vRNI ADV NSX ENT+ vRNI ADV

SDDC Mgr SDDC Mgr for


SDDC Mgr SDDC Mgr SDDC Mgr SDDC Mgr SDDC Mgr
vSAN

VCF vSAN ADV vSAN ADV vSAN ENT vSAN ADV


1 Full Stack
NSX DC ADV NSX DC ADV NSX DC ENT+ NSX DC ADV NSX DC ADV NSX DC ENT+ NSX DC ADV

vSphere ENT+ vSphere ENT+ vSphere ENT+ vSphere ENT+ vSphere ENT+ vSphere ENT+ vSphere ENT+

2 vSphere Upgrade vSphere Upgrade vSphere Upgrade vSphere Upgrade vSphere Upgrade vSphere Upgrade vSphere Upgrade

Tanzu Kubernetes Tanzu Kubernetes Tanzu Kubernetes Tanzu Kubernetes Tanzu Kubernetes Tanzu Kubernetes
vSphere Add- Grid Grid Grid Grid Grid Grid
3 On for K8s Hybrid Infrastructure Hybrid Infrastructure Hybrid Infrastructure Hybrid Infrastructure
Hybrid Infrastructure Hybrid Infrastructure
Services Services Services Services Services Services

License Metric Per CPU License Metric Per CPU


License Type Perpetual License Type 1-year or 3-year term
Bundle Structure Soft Bundle Bundle Structure Hard Bundle

Confidential │ ©2019 VMware, Inc.


VMware Cloud Foundation 4 Add-On Editions

Add-on to VCF for Add-on to VCF for Add-on to VCF for Add-on to VCF for
Add-on to VCF Add-on to VCF Add-on to VCF Add-on to VCF External Storage
External Storage External Storage External Storage

vRNI vRNI vRNI vRNI vRNI vRNI vRNI vRNI


2 vRS vRS vRS vRS NSX NSX NSX NSX

Customer buys SDDC Mgr. SDDC Mgr. SDDC Mgr. SDDC Mgr. SDDC Mgr. SDDC Mgr. SDDC Mgr. SDDC Mgr.
corresponding add-on
SKU NSX NSX NSX NSX NSX NSX NSX NSX

vSAN NSX vSAN NSX vSAN NSX vSAN NSX

1
vSphere ENT+
Customer has existing vSphere ENT+ vSphere ENT+
licenses for these vSphere ENT+ NSX
components: NSX vRealize Suite
vRealize Suite

VCF Add-on SKUs and vSphere Add-on for Kubernetes are NOT enforced to be quoted together
You can optionally purchase vSphere Add-on for Kubernetes; it’s only available in ELA (direct & channel)

Confidential │ ©2019 VMware, Inc.


Discussion Time
QnA

Confidential │ ©2020 VMware, Inc. 71


Thank You

Confidential │ ©2020 VMware, Inc.

You might also like