This blogpost was under embargo until 28th of September 2021 8:00am (PT) / 17:00 (CEST). The fact that you can read this now means that vSphere 7 Update 3 has (probably) already been released.
[Update 29th Sept 2021]: Download is not yet available. Maybe we need to wait until VMworld2021 next week.
VMware vSphere 7 Update3 comes with a wide range of innovations. They can be categorized into the sections below:
- Tanzu with Kubernetes
- Lifecycle, Upgrade and Patching
- Artificial Intelligence & Machine Learning
- Resource Management
- Availability & Resiliency
- Security & Compliance
- Guest OS and Workloads
- vSphere Management & APIs
Another bunch of features goes into vSAN. But these features will be covered in an extra post.
vSphere with Tanzu & Kubernetes
[Update:] Previous content in this subsection has been withdrawn at VMware’s request and will be republished in a separate blog post on October 5.
Streamlined Network Setup for Kubernetes Clusters
The rollout process for vSphere with Tanzu has become more convenient and streamlined regarding the networking stack. You can now use values retrieved from DHCP or manually entered for both management network and workload network.
Improved Error Messages in Tanzu Health Checks
Clear and concise error messages for Control Plane state. Checks run each time a change is made.
During deployment there will be checks of your vCenter server , NSX-T environment and loadbalancer configuration.
These may be tiny improvements, but can make troubleshooting much easier.
Lifecycle, Upgrading and Patching
Boot media on vSphere7
A new storage layout of the ESXi boot disk increased read and write I/O on the boot medium. Boot media in ESXi 7 does not only keep the ESXi configuration, but also config store. In the future config store will be the location for a centralized configuration for all the solution specific configurations.
The recommendation is not to use USB or SD-Card storage as boot media on ESXi hosts. SATA-DOM is not affected by the way. Use local storage devices like harddisk, NVMe or SSD. The minimum storage requirement is 32 GB. If you migrate USB or SD-Card devices to vSphere7 U3 then you’ll get a warning that it is operating in degraded mode.
More info can be found at the VMware system storage FAQ
Support for patch & update recall, and deleting depot objects. Currently this feature is only available through an API but in a future release it will be editable from the GUI.
Checking drive firmware levels with the vSAN HCL
Manage standalone vSAN witness nodes with vLCM. A standalone vSAN witness node is located outside your vSAN cluster and therefore coud not be handled by lifecyle manager. In vSphere 7U3 now atomatically detects your standalone witnes host as part of your vSAN cluster and is taken care of by vLCM. Shared witness nodes will be covered in a future release.
vCenter Reduced downtime Upgrades
There will be a shorter downtime during VCSA upgrades. While the database and configuratin copy process takes place, vCenter can still do its duty.
- stage new VCSA VM
- Migrate DB and configuration
- switch over. Services start (shorter downtime)
- shutdown old VCSA
AI and ML
Introducing the NVIDIA AI Enterprise Suite (NVAIE)
Nvidia has joined a parnership with VMware and the result is an AI/ML suite which is exclusively supported on vSphere. VMware will provide the vSphere with Tanzu and management stack. Nvidia will provide hardware and applications for AI/ML. The solustion is available from Nvidia and can be added into your datacenter.
Available for vSphere 7 and vSphere with Tanzu
Licensing Bitfusion before version 4 was a bit strange (if you have used it, you know what I mean). It is not a vSphere release, but a seperate solution with a support matrix for all available vSphere releases.
There will be improvements for managing Kubernetes secrets. It’ll be no longer neccessary to copy and paste Bitfusion authorization tokens into containers (yes, that used to be a pain).
Also management has been improved. Bitfusion GPU are pooled and you can filter for the GPU type you need. Also data retention duration policy has been improved. You can now control how long you want to keep detailed or summary Bitfusion usage data.
New API support for CUDA 11.2.2, cuDNN 8.1.1, and NCCL 2.8.4
There will be enhanced performance stats for persistent memory with vSphere Memory Monitoring and Remediation (vMMR). It includes enhanced metrics for DRAM and Persistent Memory in the GUI without the need for a plugin. There will be also statistics for Persistent Memory when in Memory Mode and new alerting capabilities. New host & VM level counters have been added.
There will be improved maintenance mode reliability and workload placement. When a host enters maintenance mode the placement of workloads onto remaining hosts will be more efficient. This change will work under the hood in vSphere7 Update3. You may witness a significantly shorter time when entering maintenance mode compared to previous releases.
Availability and Resiliency
Improvements to vCLS
From the release of vSphere7 there was a movement to decouple services from vCenter into Cluster-Service appliances (vCLS). There have been some usabilty shortcomings with vCSL in the past. Now you can select the datastore for vCLS agent VMs.
There will be a new host affinity rule for agent VMs in order to direct vCLS appliances to certain hosts.
Agent VM names are UUIDs and no longer contain parentheses.
Security and Compliance
A new ransomware resource center as a one-stop-shop has been introduced. A condensed collection of information and best practises regarding ransomware, security and hardening.
Here’s a quick link to the resource.
Guest OS & Workloads
There are a few improvements for the guest OS.
- full support for cloud-init
- Guest data publisher
- UEFI 2.4 support
- AMD support for Microsoft Virtualization Based Security (VBS)
Precision Time Protocol (PTP) in vSphere 7
PTP was introduced with vSphere 7 but you had to choose between NTP and PTP. PTP support now has a NTP fallback option.
NVMe-oF TCP/IP Support
NVMe over fabric extends NVMe from local storage to shared network storage. With the release of vSphere 7, the supported protocols for NVMe-oF were FC and RDMA. With the release of vSphere 7 U3, there’ll be added support for NVMe over TCP. One of the benefits of NVMe over TCP is there is no need for specialized HBAs or RDMA network interface cards (RNICs) for connectivity. Standard Ethernet networks and hardware may be used. Of course, having the necessary bandwidth for the additional overhead is imperative. With the ability to use standard Ethernet hardware, the cost of entry for NVMe over TCP/IP is less than with FC and RDMA.
VMFS6 and NFS scale to 128 nodes
Many larger enterprises, service providers, and cloud deployments often reach the vSphere limit of 64 hosts per VMFS or NFS datastore. With the release of U3 the number of hosts that may connect to VMFS-6 or NFS datastore has increased from 64 to 128. This will also help avoid the need for storage vMotion. Note this is not a hosts per cluster increase; this is a number of hosts that can access a single VMFS or NFS datastore.
Affinity 3.0 Improvements for CNS
In vSphere 7, VMware updated the Affinity Manager, which handles first writes with thin or lazy thick provision. The new Affinity Manager, 2.0, maintains a map of all free storage resource clusters. Resource clusters are available space for new writes, which enables quicker first writes. In U3, there’ll be additional enhancements to Affinity 2.0 which now supports First Class Disks (FCD) and Cloud Native Storage (CNS) volumes as well as a higher number of vSphere hosts per cluster.
Batch Snapshots on vVols
The procedure for processing large numbers of vVols snapshots can be simplified by putting snapshot operations into a batch process. By grouping large amounts of snapshots, the process will be more efficient and the negative impact on VMs and the environment will be reduced. This is done to reduce the number of VASA calls needed to achieve an operation. It is worth noting that batch operations also require support from the VASA Provider (VP) at the target side, and the VP will report how many vVols it can support in one batch operation.
There’ll be a deep NSX-T integration into vSphere 7 Update 3. NSX-T manager will now be integrated into vSphere-Client. It comes with a unified interface and authentication.
The lifecycle of NSX-T will be managed by vLCM.
NSX-T will have a simplified deployment with integrated guided workflows
Distributed firewalling uses Virtual Distributed Switches (vDS): no changes to existing networking.
PowerCLI 12.4 will be released soon. It comes with new SDK modules for direct access to the vSphere Automation API through PowerShell.
There’ll be new PowerShell-based certificate management cmdlets. They will no longer depend on SOAP API. Instead the will utilize REST API.
Datastore provider and copy-datastore Item improvements
Update 3 brings a large number of small, but very useful improvements. Many of them remain hidden from the user at first glance, but unfold their benefits under the hood, or are not noticeable because a previously existing problem is now simply no longer present.