I am really not sure how to start this blog. This one is different from all my previous blogs about technology. To be honest, I’m feeling a little scared, but I feel like this will be cathartic for me and maybe, in some way, reach someone going through what I did. So, with a deep breath, here I go.
Let me start with a bit of background. Before covid hit, I was very active in different tech communities. You see, I love what I do, and I love technology. I love to learn and share new ideas with others. I love to teach and mentor. I love seeing the impact on someone’s career that I may have played a small part in shaping. I love interacting with other peers within the industry and learning from them. I have made many friends through these communities.
One in particular that I am passionate about is the VMware User Group or VMUG. I have had the honor of being a leader in this community for ten-plus years now. VMware reshaped my career path, and I’ll never forget the first time I was able to dive into their virtualization platform back around 3.x. Now, don’t get me wrong, this isn’t meant to be a VMware kiss-butt blog, but the impact they had on my career drove a deep excitement to share what I was learning with others in this community, and the same can be said today. This passion was felt within the community, and we grew. At one point, I led multiple VMUGs within Central New York and blogged at every chance I could.
Others noticed this passion, and I took on a new role as a pre-sales architect. I could now speak to customers about this passion and so many others. At one point, I even took on the role of Citrix User Group Leader and Veeam User Group Leader. I was onsite with customers almost daily and planning the subsequent community events with my peers.
While at Sirius, now CDW, I took on the VMware Technology Brand Owner role. I traveled all over the country, teaching pre-sales engineers, post-sales delivery, and client executives about our strategy and how to grow their VMware business. I loved every minute of it. I felt alive and passionate, and I felt valued.
My family at home supported me, and when I was home, I made the most of my time with them to ensure they felt valued. I have some of the most amazing children. My oldest loves horses: my middle son lives, eats, and breathes hockey. My youngest daughter lives on Jesus and sugar. She never walks but dances her way through life. My Wife is a literal saint. I couldn’t do what I do without her tremendous support and encouragement. You must be wondering what in the world my point is. Brandon, it sounds like life is peachy, and everything sounds great. You have a successful career and a healthy family.
It's that time again, to begin the process, that probably should have been started a while ago, which is upgrading your virtual infrastructure to vSphere 6.7.
The end of general support for vSphere 6.0 is March 12, 2020, and if you are on an earlier version of vSphere, then you are currently running an unsupported version of vSphere and may also need to purchase to new hardware to support the latest version.
I would like to begin this blog with some of the stated benefits to upgrading your environment.
The new vSphere 6.7, vCenter appliance delivers major performance improvements from previous versions. First, vCenter Server has 2x faster performance in operations per second. This means better response times for the daily tasks you perform.
There is a 3x reduction in memory usage and also 3x faster operations relating to VMware vSphere Distributed Resource Scheduler. If you would like more detail on these improvements, you can find the details in this blog by VMware.
New Features and Enhancements
There are a lot of great new features and enhancements in the latest version of vSphere and if you are still on and older version than vSphere 6, then there are even more that came with vSphere 6.7. Below is a list of new features relating to vSphere 6.7.
vSphere Quick Boot
vSphere Quick Boot innovation restarts the ESXi hypervisor without rebooting the physical host, skipping time-consuming hardware initialization.
Trusted Platform Module (TPM) 2.0
vSphere 6.7 adds support for Trusted Platform Module (TPM) 2.0 hardware devices for ESXi hosts and also introduces virtual TPM (vTPM) 2.0 for VMs, significantly enhancing protection and ensuring integrity for both the hypervisor and the guest operating system (OS). This capability helps prevent VMs and hosts from being tampered with. For virtual machines, vTPM 2.0 gives VMs the ability to use enhanced guest OS security features sought by security teams.
vSphere 6.7 also improves protection for data in motion by enabling Encrypted vMotion across various vCenter Server instances as well as versions. This makes it easy to securely conduct data center migrations or to move data across a hybrid cloud environment—that is, between on-premises and public cloud—or across geographically distributed data centers.
Microsoft Virtualization-Based Security (VBS)
vSphere 6.7 introduces support for the entire range of Microsoft virtualization-based security technologies introduced in Windows 10 and Windows Server 2016. In 2015, Microsoft introduced virtualization-based security (VBS). We have worked very closely with Microsoft to provide support for these features in vSphere 6.7.
vSphere Persistent Memory
vSphere Persistent Memory, administrators using supported hardware modules such as those available from Dell EMC and Hewlett Packard Enterprise can leverage them either as super-fast storage with high IOPS or expose them to the guest OS as nonvolatile memory (NVM).
vCenter Server Hybrid Linked Mode
vSphere 6.7 introduces vCenter Server Hybrid Linked Mode, which enables users to have unified visibility and manageability across an on-premises vSphere environment running on one version and a public cloud environment based on the vSphere platform, such as VMware Cloud on AWS, running on a different vSphere version.
Per-VM Enhanced vMotion Compatibility (EVC)
vSphere 6.7 introduces per-VM Enhanced vMotion Compatibility (EVC), a key capability for the hybrid cloud that enables the EVC mode to become an attribute of the VM rather than of the specific processor generation it is booted on in the cluster.
Simplification of the architecture
One significant change to vCenter Server Appliance 6.7 is a simplification of the architecture and a reversion to running all vCenter Server services on a single instance. With the introduction of vCenter Server with embedded Platform Services Controller instance with Enhanced Linked Mode.
This blog is an exploration of the Ansible Tower interface, but before I dive in, let's begin with an overview of what Ansible is.
Ansible is a software provisioning, configuration management, and application deployment tool that is also open-source from Red Hat. Ansible assists IT with the major challenge of enabling continuous deployment (CI/CD) with no downtime.
With Ansible IT organizations can automate the provisioning of applications, manage systems, and reduce the complexities that come with trying to automate IT. With Ansible we can break down silos and create a culture around automation. My thought has always been that if you need to preform a task more than once then it should be automated.
Ansible integrates with the technologies you have already made investments within your organization, from infrastructure, to networks, security, cloud, containers, and applications. We all have infrastructure whether it be physical bare metal environments like networking with Cisco, Juniper, and Arista, to storage with products like Net App, and Pure Storage.
Virtual infrastructure with VMware is also supported along with Red Hat Virtualization(RHV), and Xenserver. Through Ansible organization can easily provision, destroy, take inventory, and manage across all virtual environments.
Regardless of of platform, Ansible can help organizations with managing the installation of software, system updates, configuration, and managing system features.
Ansible Tower brings a web-based UI to Ansible which makes it a little easier for IT to perform the above mentioned tasks. Ansible Tower is the hub, of sorts, that gives IT a role-based access control, including control over the use of securely stored credentials for SSH and other services.
Let's take a few minutes to look at the Ansible Tower interface.
Ansible Tower Interface
On the left hand side of the Dashboard, you can see the resources menu and the objects that you can create.
Let us dive a little more into each section beginning with Credentials. In this section, you create a credential that Ansible can use to authenticate to the target hosts.
I wrote a blog about this subject before, which can be found here. The information contained in that blog is still relevant to this conversation and walks you through the challenges for traditional three-tier architecture and how the industry, specifically VMware, has addressed those challenges.
In this blog, I will be updating the vision that VMware has laid out for the hybrid-cloud, which is comprised of VMware Cloud on AWS and VMware Cloud Foundations.
To better understand this journey and how we have arrived at this vision of Any Device, Any Application, and Any Cloud, take a look back at the previous blog.
Let's begin with an overview of VMware Cloud on AWS.
Quick Overview of VMware Cloud on AWS
VMware Cloud on AWS is a jointly engineered and integrated cloud offering developed by VMware and AWS. Through this hybrid-cloud service, organizations can deliver a stable and secure solution to migrate and extend their on-premises VMware vSphere-based environments to the AWS cloud running on bare metal Amazon Elastic Compute Cloud (EC2) infrastructure.
VMware Cloud on AWS has several use case buckets that most customers find themselves falling into some overlap. The first of these use cases is for organizations looking to migrate their on-premises vSphere-based workloads and to extend their capacities to the cloud with the data center extension use case.
The next, is for organizations looking to modernize their recovery options, new disaster recovery implementations, or organizations looking to replace existing DR infrastructure.
The last one that I will mention, is for organizations looking to evacuate their data centers or consolidate data centers through cloud-migrations. This is great for organizations looking at data center refreshes.
VMware Cloud on AWS is delivered, sold, and supported by VMware and its partners like Sirius Computer Solutions, a Managed Service Partner. Available in many AWS Regions which can be found here and growing.
Through this offering organizations can build their hybrid solutions based on the same underlying infrastructure that runs on VMware Cloud on AWS, VMware Cloud Foundations.
Day 1 began with the general session, which was a lot different than the previous year where the VMware Executives laid out their vision for the partner community. This general session was focused more correctly on the audience in attendance.
Back in October of 2016, VMware announced vSphere 6.5. This introduced a lot of changes to their flagship hyper-visor; you can see an earlier blog I wrote about that here. Now it is that time again for a new vSphere to be announced. The announcement of vSphere 6.7 came with a lot of new features and I will go over each of them in this blog. Let's take a look at these new features:
Let's quickly discuss migration paths. The new version supports upgrades and migrations from vSphere 6.0 or 6.5 only and the current supported migration paths to version 6.7 are as follows:
Day 1 began with the general session, where VMware Executives presented to the partner community and reinforced the importance of the partner as the unsung heroes helping to drive the VMware business and most importantly driving value for their customers.
The movement toward a hybrid cloud, software defined data center, has been on-going for years now. We have seen the virtualization of compute, storage, and now networking. In this blog, I will be discussing this journey: where we started, where we are going, and why you want to be on this journey.
Traditional data center models are still very prevalent and accepted by organizations as the defacto model for their data center(s). If you have ever managed a traditional data center model, then you know the surmounting challenges we face within this model.
What comprises the traditional data center model? A traditional data center model can be described as heterogeneous compute, physical storage, and networking managed by disperse teams all with a very unique set of skills. Applications are typically hosted in their own physical storage, networking, and compute. All these entities-physical storage, networking, and compute- increase with the growth in size and number of applications. With growth, complexity increases, agility decreases, security complexities increase, and assurance of a predictable and repeatable production environment, decrease.
Characterizations of a Traditional Data Center:
Challenges around supporting these complex infrastructures can include things like slow time to resolution when an issue arises due to the complexities of a multi-vendor solution. Think about the last time you had to troubleshoot a production issue. In a typical scenario, you are opening multiple tickets with multiple vendors. A ticket with the network vendor, a ticket with the hyper-visor vendor, a ticket with the compute vendor, a ticket with the storage vendor, and so on and so on. Typically, all pointing fingers at each other when we all know that fault always lies with the database admins.
The challenges aren't just around the complexities of design, day to day support, or administration, but also include challenges around lifecycle management. When it comes to lifecycle management, we are looking at the complexities around publishing updates and patches. If you are doing your due diligence, then you are gathering and documenting all the firmware, bios, and software from all the hardware involved for the update/patch and comparing that information against Hardware Compatibility Lists and Interoperability Lists to ensure that they are in a supported matrix. If not, then you have to update before going any further. This can be extremely time consuming and we are typically tasked with testing in a lab that doesn't match our production environment(s) ensuring we don't bring any production systems down during the maintenance window.
It's that time again and I highly suggest joining in. Not only will you be a part of a great community learning new products but you'll get the chance to offer your input into the direction.
This beta program is different from the past programs in that it is not tied to a specific version or release. This is a new beta program that includes a new beta community. The beta program will continue through multiple releases of vSphere. Participants can expect to see new functionalities and capabilities added on as the program continues on. Participant are expect to:
This program enables participants to help define the direction of the most widely adopted industry-leading virtualization platform. The vSphere team will grant access to the program to selected candidates in stages. This vSphere Beta Program leverages a private Beta community to download software and share information. VMware will provide discussion forums, webinars, and service requests to enable you to share your feedback.
You can expect to download, install, and test vSphere Beta software in your environment or get invited to try new features in a VMware hosted environment. All testing is free-form and you are encouraged to use the software in ways that interest you. This will provide VMware with valuable insight into how you use vSphere in real-world conditions and with real-world test cases, enabling them to better align with your business needs.
Some of the many reasons to participate in this beta opportunity:
You can register for the Beta Program Here!
Security these days can be more of that traditional, needle in a haystack approach, than a true centric security approach to include analytics and alerting. VMware is again shifting to a new paradigm, and that was evident from all the products and messaging that came out of VMworld 2017.
Security is on the forefront of all of our minds and VMware, as the leader in data center technologies, wants to lead the conversation and be the foundation that you are laying down to protect your data, along with adding significant value to you with their partnerships in the security space, like the new partnership announced with IBM around their security products like QRadar.
With increasing attacks on our data centers, take Equifax for example, we must first look at one of our most significant portions of our security foundation, ESXi and work to secure that. We typically start with securing the physical and the edge, throw in some anti-virus and call it secure, but are we secure?
When it comes to data center security, we must start with our foundation, ensure that we have designed it to follow recommended best practices, then evaluate the gaps, and add in products to get us the rest of the way there. This also includes following best practices for end-user access of the environments and not being "lazy" admins just to skip a few steps. We have to lean on trusted partners like Sirius that have developed a security practice that can help us navigate the waters of security because the landscape of security products is immense, as you can see from the picture below.