Save to My DOJO
VMware vSphere 7 is finally upon us! But does it manage to hit expectations or is it just a marginal step from previous versions? In this blog post, we run down the key features of vSphere 7 and give our verdict on the latest core release of vSphere. Let’s do this!
vSphere 7 Key Features
vSphere 7 is marketed as the biggest update in over a decade. We run through the core features here but if you want to skip ahead use these links
Next-Gen Infrastructure Image Management – This is one feature we’ve all been waiting for. Desired State Configuration for ESXi hosts. Now we can create a standardized configuration for our hosts and enforce that configuration to newly provisioned hosts. We can also manage patches for ESXi hosts in this manner, which makes compliance monitoring for ESXi much more simplified.
vCenter Server Profiles – We also get Desired State Configuration for our vCenter servers to ensure they are all standardized and patched.
vCenter Server Update Planner – We no longer have to manage VCenter server updates with an excel spreadsheet. vCenter Server Update Planner lets us automate VCenter server updates, track versioning, as well as test and recommend update plans.
Content Library – Now we have the capability to store ISOs, templates, and scripts in a centralized location. We no longer have to attach an NFS share to our hosts containing all our administrative tools.
With the increase in remote workers and mobile apps, identity is starting to play a significant role in the way we manage IT. vSphere 7 now provides reduced risk and flexible options for MFA by allowing vCenter Servers to federate with ADFS. vSphere can now participate in corporate identity management procedures.
vTA enables us to take VMs workloads that require increased security and utilize the hardware TPM on the host to ensure that the path from the ESXi host to the VM is secure. We can build a separate ESXi cluster for this and have multiple vTA clusters with high-security VMs. vTA requires hardware with TPM 2.0 support. Additionally, we can also utilize KMS with vTA clusters so that KMS keys are not exposed to ESXi hosts not verified as “trusted,” giving us additional fine-grained security.
vSphere 7 allows for more portability with VMs assigned to a particular PCIe instance. So VMs currently using dedicated GPUs, network cards, or even fax cards cannot take advantage of features like HA and DRS. With the new improvements in vSphere 7, an additional “capabilities” layer is added to each host decoupling the hardware address from the VM and allowing it to migrate to other hosts that have the same assigned PCIe hardware type. However, one constraint that is still present; we cannot do live migration with vMotion. With NVidia vGPU, we can also use the same capability mapping for vGPU’s assigned to VMs.
DRS was given an overhaul. The old DRS would create calculations based on the ESXi host memory and CPU. It would then balance out the ESXi cluster as best it could, and the default schedule for DRS was every 5 minutes. In vSphere 7, DRS utilizes a VM DRS score. Instead of focusing on the utilization of the ESXi host, DRS is looking at the workload of the VM. Now, every VM gets a DRS score based on several metrics:
- VM Performance – VM metrics like CPU ready time, memory swap, CPU Cache behavior, etc.
- Capacity on the ESXi Host – DRS now calculates the ability for the application to burst performance on the host.
- VMotion Cost – The cost of moving the VM to another host, is now taken into account.
The new DRS also runs every 1 minute instead of 5, so we are now getting a more fine-grained calculation of our workloads with DRS.
VM sizes are starting to become larger and larger. VMs configured with 128GB of memory are no longer considered “rare.” VMotion needed an overhaul to keep up with this demand. So, in vSphere 7, live migration capabilities are now compatible with large VMs.
With the vMotion process, a page tracer is installed to track all changed memory pages during the migration. The problem is, the page tracer is installed on all the vCPUs in a VM, which caused a workload performance blip during the vMotion live migration. Now in vSphere 7, vMotion only installs the page tracer on one vCPU, which gives much better performance on large VMs during live migrations.
During the final cutover phase of a live vMotion, there is a “stun time.” During this “stun time,” the source ESXi host sends over the memory bit map that contains the remaining memory pages used by the virtual machine as well as information on all of the pages that were sent over. For a 24TB VM, this can be a 768MB bitmap and can cause lengthened stun times during the cutover phase. In vSphere 7, the source host only transmits a compacted version of the bitmap, which has been greatly reduced in size. This causes a 24TB VM to have a 175ms stun time and significantly decreases the 1-second pause we see when we live migrate VMs.
Last but not least, vSphere 7 now comes with native Kubernetes, which is one of the most popular platforms for modern applications. VMware Administrators will now have the ability to host Kubernetes workloads on native VMware. This is a massive step as vSphere 7 is now one of the few applications that allow for hosting VM and Kubernetes workloads in the same application suite. It also decreases the skills gap with running Kubernetes as VMware Administrators will now be able to manage Kubernetes workloads as a part of the vSphere product sweet. This is an excellent move for VMware and is an exciting addition that will most likely increase the adoption rate of Kubernetes among companies. However, one of the downsides currently with Kubernetes on vSphere is that it requires additional VMware Cloud Foundation Services licensing as well as a minimum of 3 ESXi nodes to host the Kubernetes workloads. Other products out there like Rancher or Nomad can do this on one bare-metal server and require no licensing costs.
If you want a full overview of the features in vSphere 7, here’s the official announcement video from VMware:
It’s also worth watching the vCenter Server 7 introduction video which explains everything from lifecycle all the way through to security features like Identity Federation:
VMware vSphere 7 is called by VMware as “the biggest release of vSphere in over a decade, and it doesn’t disappoint. The new update contains many important security and quality of life improvements that VMware Administrators have needed for a while now these are more incremental updates but other features have evolved more considerably. However, the introduction of Kubernetes on vSphere is definitely a revolution and a massive step towards the future of application modernization. It will be interesting to see where VMware go from here. Whether there will be an explosion of Kubernetes adoption now that vSphere, the world’s most popular hypervisor, supports it, or if the licensing and hardware constraints will deter users from adopting the newly touted feature.
What do you think? Does vSphere 7 deliver on your expectations? Let us know in the comments below!
Not a DOJO Member yet?
Join thousands of other IT pros and receive a weekly roundup email with the latest content & updates!