vSphere 7, the latest version of VMware’s server virtualization product, was made generally available April 2, 2020, with an expanded feature set and updated security tools. From Monster VMs that double the number of hosts per cluster to drop-in Kubernetes capabilities, vSphere 7 makes life easier for enterprise IT Admins and developers looking to streamline their infrastructure. These are the new and updated vSphere 7 features and security.
Table of contents
- New Features and Improvements
New Features and Improvements with vSphere 7
vSphere with Tanzu
vSphere with Tanzu has native plugin capabilities for Kubernetes, which gives teams the ability to run containerized applications with their enterprise apps. With this new add-on to the enterprise tools, vSphere claims you can build new Kubernetes containers in an hour.
The addition of Tanzu to vSphere 7 now lets IT Admins take a single view of the entire infrastructure. They can access the vCenter Server for oversight of both Kubernetes clusters and VMs, while developers can access vSphere through the Kubernetes API, keeping their workflow the same while giving them support from IT Admins. This new feature requires a VMware Cloud Foundation Services license and at least three ESXi nodes.
vSphere 7 introduces Monster VMs that support 50 percent more hosts per cluster. These high capacity clusters are designed to support SAP HANA and Epic Cache Operational Database tools. Monster VMs nearly double the industry standard with 24TB of memory and 768 vCPUs, which can scale to 96 hosts per cluster.
This release also improves how vSphere 7 manages large loads by reducing memory overhead and smoothing workloads with an ESXi scheduler and co-scheduling logic.
Also Read: Proxmox vs. VMware Comparison
vMotion now supports the live migration of VMs with a significant reduction in stun time from 1 second to 175ms for a 24TB VM. This change came about in part through the improvement of memory transfer capabilities from 4k pages to 1GB pages. vMotion also now restricts transfers to only new pages rather than the entire bitmap. Because of these improvements, vMotion can handle live migration of significantly larger VMs like the backend databases for SAP HANA or Oracle users.
vSphere 7 comes with an improved distributed resource scheduler (DRS). Previous versions of the DRS prioritized the cluster balance when deciding when to recommend a vMotion. The new DRS prioritizes the VM host state over the cluster balance, which improves the stability of individual VMs.
vSphere 7 Security
Security tools in vSphere 7 help IT Admins keep software and firmware up to date and manage user identity and trust across the infrastructure. This release streamlines these tools and centralizes the work, making it easier to monitor for issues and surface vulnerabilities.
Lifecycle Management Tools
The vSphere Lifecycle Manager is a new set of tools that give vSphere Admins a centralized interface for managing upgrades through automated upgrades and set-and-forget maintenance. Three main tools provide these capabilities within the Lifecycle Manager:
- vCenter Server Profiles let you set a configuration model for all servers that the lifecycle management tool will maintain.
- The Cluster Image Manager speeds upgrades and changes to hosts with the ability to set a single image for an entire cluster for an ESXi release, a vendor add-on, or a firmware add-on. Firmware add-ons currently support Dell EMC and HPE, with more to come in the future.
- The Server Update Planner monitors for upgrades, notifies Admins of upgrade availability, and assesses compatibility before a change is made. This feature is only available in vSphere 7 and later.
vSphere 7 introduces Identity Federation to help organizations manage identity and access. The current version includes support for Active Directory Federation Services (ADFS), with more options on the way.
Identity Federation works by integrating the vCenter Server with an enterprise identity provider, which reduces the duplication of existing enterprise identity providers. The tool uses OAUTH2 and OIDC, and it bypasses vCenter Server and vSphere Admin, streamlining the identification process. This ultimately simplifies adding multi-factor authentication (MFA) to infrastructure and reduces the overall audit scope.
vSphere Trust Authority (vTA)
vSphere 7 taps into the hardware Trusted Platform Module (TPM) to verify the security of the ESXi to VM path, making VMs more secure from the bare metal up. To make this work, a small cluster of separately-managed and highly trusted ESXi hosts manages attestation of several different vTA clusters—each with increased security VMs. Admins can also use key management service (KMS) to keep KMS keys from exposure to untrustworthy hosts. vTA features require hardware with TPM 2.0 support.
vSphere 7 Brings Better Security and Capacity
Back to top ↑
In addition to new features, the release of vSphere 7 simplifies many of the features of previous releases. These upgrades centralize server management within vSphere for containers, VMs, on-premise, and cloud servers. This ultimately increases security for the entire enterprise, as Admins can more closely monitor their infrastructures.