VMware announces Cloud Infrastructure for the Modern Applications – It’s a game changer!

Every year people anxiously wait for that shiny new phone, tablet, laptop or car and in most cases they end up being disappointed with a new expensive product that are not visually pleasing or provides very few advantages over the one they already have. (Pixel 4 wink wink)

Well every year some of us get just as excited about software releases, and in most cases we experience the same ups and downs with new releases.  But lately VMware with all their amazing strategic acquisitions, has been hitting it out of the park, and this year is no different and in my opinion a game changer with VMware expanding their portfolio to accelerate their strategy for any cloud, any app, any device as well as making Kubernetes available for enterprise adoption in vSphere, Public clouds an edge locations.

Annotation 2020-03-08 093509.png

The IT industry is changing at a fast pace and so has the definition of an application.  Apps used to be some monolith that consisted of a VM for the app and maybe another VM for the database and VMware provides a mature platform for these need, however now we are starting to see distributed systems where parts your application might be running in a VM, other parts running in containers that leverage Kubernetes as its control plane, and even consuming capabilities from other micro services like databases and serverless functions.

Challenges for modern app

These modern applications create challenges for Developers, Line-of-business leaders, as well as creates complexities for the VI admin around provisioning, logging, monitoring, troubleshooting, backup/restore, networking and security. Not just on-prem, but in the cloud as well.  VMware is looking to provide value across 3 different pillars.

vSphere 7 - Essential services for the modern hybrid cloud
These will be delivered through vSphere 7 capabilities as well as what VMware is referring to as “VMware with Kubernetes”.

key capabilities vsphere 7.png

Let’s first do a deep dive into the non-Kubernetes side and of course where everything always starts, our beloved vSphere:

vSphere 7 - cloud infrastructure modern applications.png

The primary focus in vSphere 7 is all about simplified Lifecycle Management, enhancing all the intrinsic security capabilities and the application accelerations deliveries capabilities.  The capabilities and enhances that we will be discussing will be available with Enterprise Plus.

key capabilities vsphere 7.png

Since we have so much to cover, I have broken up the detailed review of each products new features and enhancements into different blog posts:

vSphere 7: What’s new

vSAN 7: What’s new

vRealize Management 8.1 (vROPS, vRLI, vRA): What’s new

VMware Cloud Foundation 4: What’s new

The announcements above are great, but the star of the show is VMware’s entry into the container world with worthy products that will help customers navigate with ease around the complexities of Kubernetes. You can read about it in more detail on my blog post below.

VMware new product announcements: vSphere with Kubernetes (Project Pacific) & Tanzu App Portfolio

 

(All images on this page courtesy VMware)

VMware new product announcements: vSphere with Kubernetes (Project Pacific) & Tanzu App Portfolio

From my experience Kubernetes is complex and not just from an architecture perspective in getting clusters deployed and managed, but also for day 2.

From the onset you need to decide if you want to create separate clusters or make use of namespaces. If you choose namespaces then you need to think about Pod Security Policies and Network Policies to isolate the namespaces properly and the list goes on and on.

Kubernetes provides a platform to seamlessly run containers on your laptop, across on-premise data centers and on public cloud providers.  But to create an enterprise ready environment you need to tap into different OSS solutions, adding to the complexity, for IAM, Config, Policies, backup/recovery, ingress etc. 

VMware is looking to solve these day-1 and day-2 problems with their new product launches.  To better understand these new products and how they will be used, let’s break down K8s into different areas:

  • Provisioning K8s clusters

    • Tanzu Kubernetes Grid can create K8s clusters in different infrastructures like AWS, Azure, GCP, Edge or VMC on AWS.
    • Tanzu Kubernetes Grid is also embedded in vSphere so VI admins can deploy K8s clusters from vCenter Server natively on ESXi hosts!
      • This requires VCF 4
  • Running K8s clusters

    • This consists of vSphere with Kubernetes (aka Project Pacific), which transforms vSphere into a Kubernetes native platform.
  • Managing K8s clusters.

  • Provisioning and managing/monitoring containers

Continue reading

vRealize Management 8.1 (vROPS, vRLI, vRA): What’s new 

The big takeaway with the release of vRealize Management 8.1 is the support for vSphere 7 with Kubernetes.

These updates now provides automated delivery, monitoring, troubleshooting and capacity management for both container and VM workloads!  This is a big deal and will allow VI admins to easy provision and manage VMs and containers on products they already know and not having to deal with the complexities around container orchestration with Kubernetes.

Here are some of the key updates VMware mentions for each product as well as the some use cases, but we will dig into each of these in more detail below.

Annotation 2020-03-08 095336.png

Annotation 2020-03-08 095634.png

Before I get started I do just want to mention something that mostly everyone already knows but it is important to reiterate that all these products are available on-premises as well as SaaS based.  This provides lots of flexibility for wherever you workload will run for instance in a hybrid cloud environment or perhaps in the public cloud only.Annotation 2020-03-08 100324.png

Continue reading

VMware Cloud Foundation 4: What’s new

Annotation 2020-03-07 160829.png

Updated Software Bill of Materials

  • Annotation 2020-03-08 180918.png
  • VCF 4 will provides the latest versions for the VMware SDDC products.

Workload domains

Architecture changes

  • Annotation 2020-03-08 182940.png
  • Everything in VCF starts with Management Workload Domain construct, which consists of a management domain with 4 x ESXi hosts.
  • The management domain consists of only NSX-T (no more NSX-V) and has Private NSX Managers and Edge Clusters.
  • You can also optionally deploy NSX Edge Cluster as a day 2 action

Continue reading

vSAN 7: What’s new

In this post we will focus on 3 key product enhancements around vSAN.

Annotation 2020-03-07 132243.png

Simpler Lifecycle Management

Increase reliability and reduce number of tools

In vSphere 6.x hosts are individually managed with VMware Update Manager (VUM), but vSAN is a cluster based solution which is not ideal and can create inconsistencies.

vSphere 7 is introducing an entirely new solution at the cluster level to unify software and firmware management.

  • Annotation 2020-03-07 132501.png
  • This new approach is focused around this desired-state model for all lifecycle operations
    • Monitors compliance “drift” in real time
    • Provides then the ability to remediate back to the desired state
  • Built to manage server stack in cluster
    • Hypervisor
    • Drivers
    • Firmware
  • Modular framework supports vendor firmware plugins which allows their own firmware and respective drivers to be integrated with an image that is applied to hosts.
    • Dell
    • HPE

Native File Services

Now we talking! vSAN 7 introduces a fully integrated file service that is built right into the Hypervisor and managed through vCenter Server.

  • Annotation 2020-03-07 133517.png
  • Provision vSAN cluster capacity for file shares Supports NFS v4.1 & v3
  • Supports quotas for file shares
  • Suited for Cloud Native & traditional workloads on vSAN
    • I don’t think this capability is looking to replace large scale filers, but more looking to solve the specific use cases within that particular cluster.
  • Works with common vSAN/vSphere features

There are many use cases for both traditional VMs as well for cloud native applications. Let’s look at the latter.

Extension and integration K8s running on vSphere and vSAN

  • Annotation 2020-03-07 151352.png
  • Native files services will offer file-based persistent storage
  • vSAN also provides persistent block storage through SPBM for vSAN and vVols which is associated to a Storage class in Kubernetes
  • Persistent volume encryption and snapshot support
  • Volume resizing support
  • Support for some different tooling options
    • Wavefront
    • Prometheus
    • vROps

Continue reading

vSphere 7: What’s new

Lifecycle Management and Scaling

vCenter Server Profiles:

  • vc profiles

This should not be confused with host profiles.  Think of it as a way to provide a desired state across all of your vCenter Servers in your organization for instance configuring authentication or backups, as well reverting back to a last known good configuration.

 

  • Annotation 2020-03-07 104937

This capability is based off of just the REST API. There is no UI for this.  You capture the state of an existing vCenter Server by exporting the config in JSON format.

  • Annotation 2020-03-07 105348.png

You can then make changes to this config, think about this along the lines of mostly anything you can change in the VAMI interfaces.  You can also easily find API’s for vCenter Server configuration by executing GET or POST commands directly from in the vSphere Client! (Behind the scenes, the vCenter Server profiles is also known as infrastructure profiles. So you’ll see infra profiles in the name of the API)Annotation 2020-03-07 105226.png

Finally you then validate and import the config to other vCenter Servers.

Continue reading

VMware Cloud Native Master Specialist

Yesterday I passed my VMware Cloud Native Master Specialist exam.

vmware_SP_CloudNative20

It was a tough one and I really enjoyed the thought out questions based on real world scenarios, so kudos to the team that put the exam together.

Here is the easier to read format of the sections with the accompanied links from the guide. Please review the exam guide for accuracy since my list might get outdated.

Exam Sections

Section 1 – Application Deployment to a Cluster

Objective 1.1 Identify the situation that would require a secret.

https://kubernetes.io/docs/concepts/configuration/secret/

Objective 1.2 Identify the situation that would require a config map.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap

Objective 1.3 Given a scenario, identify proper logging for the application.

https://kubernetes.io/docs/concepts/cluster-administration/logging/

Objective 1.4 Given a scenario, identify proper metrics for the application.

https://prometheus.io/docs/

Objective 1.5 Given a scenario, identify proper probes for the application.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/

Objective 1.6 Given a scenario, identify the proper way to expose an application to outside users.

https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/ – Ingress / Ingress

Controllers / Service of Type LoadBalancer – all available in this section of the kubernetes.io doc

Objective 1.7 Given a scenario, identify the proper way to expose a container.

https://kubernetes.io/docs/concepts/workloads/pods/pod-overview/

Objective 1.8 Given a scenario, identify helm best practice.

https://helm.sh/docs/chart_best_practices/

Objective 1.9 Given a common complex error, identify appropriate next steps or identify what the error implies.

Objective 1.10 Given a scenario, identify how to influence scheduling in a cluster.

https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container

https://kubernetes.io/docs/concepts/configuration/assign-pod-node/

Objective 1.11 Given an application architecture scenario, identify the changes that should be made to the application to make it suitable for Cloud Native platforms.

https://12factor.net

Objective 1.12 Given a Dockerfile, identify changes that best suit container best practices.

https://cloud.google.com/blog/products/gcp/7-best-practices-for-building-containers

Section 2 – Cluster Security

Objective 2.1 Given a scenario, identify proper RBAC to implement.

https://kubernetes.io/docs/reference/access-authn-authz/rbac/

Objective 2.2 Given a scenario, identify proper audit capabilities to implement.

https://kubernetes.io/docs/tasks/debug-application-cluster/audit/

Objective 2.3 Given a scenario, identify the Proper Pod Security Policy to implement.

https://octetz.com/posts/setting-up-psps

Objective 2.4 Given a scenario, identify appropriate admission control options to implement on a cluster.

https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/

Objective 2.5 Given a scenario, identify appropriate open policy agent configuration to implement.

https://www.openpolicyagent.org/docs/latest/

Objective 2.6 Given a scenario, identify appropriate network policy to implement.

https://kubernetes.io/docs/concepts/services-networking/network-policies/

Section 3 – Cluster Operations

Objective 3.1 Given a scenario, identify an appropriate option for configuring backup on a cluster.

https://github.com/heptio/velero

Objective 3.2 Given a scenario, identify appropriate options for cluster.

https://kubernetes.io/docs/tasks/debug-application-cluster/resource-usage-monitoring/

Objective 3.3 Given a scenario, identify the appropriate options for logging configuration.

https://kubernetes.io/docs/concepts/cluster-administration/logging/

Objective 3.4 Given a scenario, identify an appropriate option for configuring cluster conformance tests.

https://sonobuoy.io/

Objective 3.5 Given a scenario, identify an appropriate option for configuring an ingress controller to satisfy ingress options on cluster.

https://www.youtube.com/watch?v=BSKU6QHOvVE

Objective 3.6 Given a scenario, identify the appropriate option for separation of application teams.

https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

Objective 3.7 Given a scenario, identify why to use one networking plugin over another.

https://kubernetes.io/docs/concepts/cluster-administration/networking/

Objective 3.8 Given a scenario, configure authentication

https://kubernetes.io/docs/reference/access-authn-authz/authentication/

https://github.com/dexidp/dex

 

Exam details can be found here.

Remember that CKA certification is a prerequisite for this exam and in order to schedule this exam you first need to upload your CKA certification for verification which can take up to 24 hours so plan accordingly.