The big virtualization news from the past week or so was definitely the release and General Availability of VMware vSphere version 6.5, available for download now.
New features include:
- Improvements to vCenter Server 6.5
- Transition to Web Client-only
- Improved host management
- Enhancements to VMware Tools
- vRealize Operations Manager updated to 6.4
- Enhancements to the API, specifically for developers and automation
- Security enhancements (including VM-level encryption)
- Improvements to VMware HA and DRS
- Storage-related enhancements (including automated UNMAP)
- Networking enhancements
I’ll review each of these areas and also go through some caveats — especially around compatibility with other VMware products.
Improvements to vCenter 6.5
vCenter Server 6.5 has several new features not available in previous releases, including support for more operating systems. vCenter Server 6.5 is now supported on Microsoft Windows, macOS, and Linux without the need for any plugins.
VMware is clearly favoring use of the vCenter Server Appliance over the Windows-installable version. There are some new features that are only available on the vCenter Server Appliance. These include:
- Addition of a Migration Tool — The vCenter Server 6.5 Installer has a built-in Migration Tool. This tool not only makes it easier to migrate from vCenter Server 5.5 or 6.0 to 6.5, but also makes it easier to migrate to the vCenter Server Appliance 6.5 without the need to manage a separate Windows server for vSphere Update Manager. During a migration, the tool will migrate vCenter Server configuration, inventory, and alarm data by default.
- Improved Appliance Management — vCenter Server Appliance 6.5 exposes additional configuration data for CPU, memory, network, database statistics, disk space usage, and health data, reducing reliance on the command-line interface for simple monitoring and operational tasks.
- vCenter Native High Availability — vCenter Server Appliance 6.5 provides a built-in ability to cluster itself for high availability. It does this by creating active, passive, and witness nodes that are cloned from the existing vCenter Server Appliance instance. A vCenter HA cluster can be enabled, disabled, or destroyed at any time. A vCenter HA cluster keeps the active and passive nodes in sync using native Postgres SQL synchronous replication for the vCenter Server database and a separate asynchronous file system replication mechanism for data outside of the database.
A screenshot of the vCenter HA configuration page is provided below.
- Native Backup and Restore Functionality — This out-of-the-box feature allows users to back up vCenter Server and Platform Services Controller appliances directly. This feature supports vCenter Server Appliance instances with either embedded or external Platform Services Controller instances.
A restore is launched from the same ISO from which the appliance was originally created or upgraded. A new vCenter Server Appliance instance is deployed and then ingests the backup files. The vCenter Server UUID and all configuration settings are retained.
vSphere Web Client Only
Back in May of this year, VMware announced that the vSphere Client application (many of us called it the “fat client”) would be phased out in favor of the HTML5 web client (what, in the past, many called the “thin client”). vSphere 6.5 makes the next step in this transition — no vSphere client ships with version 6.5.
While development is still continuing on the HTML5 web client, administrators will need to use the Adobe Flash-based web client for now.
A number of changes have been made to the web client, mostly to the locations of some settings and workflows. Theses changes bring the client more into line with the expectations of administrators, and make the UI more intuitive while reducing the number of clicks required to complete common administrative tasks.
Improved Host Management
vSphere 6.5 adds more capabilities to make it easier to patch, upgrade, and manage the configuration of ESXi hosts. Theses features include:
- vSphere Update Manager — Generally viewed as the best way to keep ESXi hosts up to date, the vSphere Update Manager has been fully integrated into the vCenter Server appliance in 6.5. This integration eliminates the need for additional resources required for an additional virtual machine, and the database dependencies of previous versions. The new Update Manager information is managed by the vCenter vPostgress installation, although it is stored using a separate schema.
In addition to patching and upgrading ESXi hosts, the vSphere Update Manager functionality in 6.5 can be used to update VMware Tools and VM compatibility (virtual hardware versions). Linux VMs are no longer needlessly rebooted after updating VMware Tools.
Customers not ready to move off of the Windows version of vCenter server can still install Update Manager 6.5 in a separate Windows VM. This Update Manager VM can be connected to a vCenter Server instance on Windows, but not to a vCenter Server Appliance instance.
- Host Profiles — This feature was first introduced in vSphere 4, and has matured with each successive version. 6.5 adds improvements that make it easier to manage and verify profiles and offer more informative compliance checks.
- Auto Deploy — Auto Deploy allows ESXi hosts to use industry-standard PXE technology to boot from the network rather than from local disks. Auto Deploy enables quick patching and upgrading of hosts, as well as the rapid provisioning of new hosts in a cluster. Auto Deploy has been made easier to manage in 6.5 with the addition of a full-featured graphical user interface — in the past, administrators were required to use VMware PowerCLI to create and manage deploy rules, or to customize ESXi images. Additionally, several enhancements improve both the performance and resiliency of Auto Deploy in 6.5.
VMware Tools Enhancements
Several enhancements have been made to VMware Tools (a collection of in-guest drivers and agents that help optimize VM performance and increase manageability). These include:
- Signed ISO Images — VMware Tools installers are distributed as ISO images that can be mounted to individual VMs to install or upgrade. ESXi 6.5 automatically verifies these OS images via their cryptographic signatures each time they’re read.
- Tools Split for Current and Legacy OSes — VMware Tools 10.1 and future versions will be available for OEM-supported guest operating systems only. Guest OSes no longer supported by their vendors will be “frozen” at VMware Tools version 10.0.12. This frozen VMware Tools version will not receive future feature enhancements.
- Improved Detection of Availability of Update Installers — vSphere 6.5 performs automatic checks for newer VMware Tools installation images. When found, VMs display an alert that an update is available.
vRealize Operations Manager updated to 6.4
With vSphere 6.5, vRealize Operations Manager has also been updated — to version 6.4. (I wish VMware would stick to the policy they said they would and keep version numbers in sync so as to make things less confusing…)
vRealize Operations Manager 6.4 adds three new dashboards:
- Operations Overview — This shows environment-based information such as inventory summary, cluster update, overall alert volume, and widgets displaying the top 15 VMs experiencing CPU contention, memory contention, and disk latency.
- Capacity Overview — This shows capacity totals, capacity in use for the CPU count, and storage-based metrics.
- Troubleshoot a VM — This enables a view of individual VM-based information such as its alerts, relationships, and metrics based on demand, contentions, parent cluster contention, and parent datastore latency.
Developer and Automation Interfaces
Key enhancements have been made across the application program interfaces (APIs) and command-line interfaces (CLIs) in vSphere 6.5 to simplify interactions for developers and automation, giving customers choice of access with language bindings and automation tools.
The vCenter Server REST-based API has received new extensions that provide the ability to manage and configure the vCenter Server Appliance and enable basic VM management.
The 6.5 vCenter Server also adds an API Explorer, which provides a new way to discover which APIs are available for use. It also enables users to expand each API call, look at the required fields, understand the request body, and see the available filter information, as well as a list of response messages.
VMware PowerCLI has been updated to be completely module based in 6.5. The following new features have also been added:
- The Move-VM cmdlet in the core vSphere module now supports Cross-vCenter vMotion.
- The Open-VMConsoleWindow cmdlet now uses the latest version of the VMware Remote Client.
- The storage module has been updated to include the ability to perform management tasks for VMware Virtual SAN (vSAN).
- Additional cmdlets have been added to the storage module to interact with and manage vSphere Virtual Volumes (vVol) replication.
- The VMware Horizon module has received the largest update, namely a complete rewrite. The module can now be run from anywhere, not just on the Horizon View connection server.
vSphere 6.5 adds a number of enhancements for increased security. These include:
- Virtual Machine Encryption — vSphere 6.5 allows for the encryption of VMs. Because the encryption occurs at the hypervisor level (as opposed to being a function of the guest OS running on the VM or a feature of the storage), VM encryption will work with any guest OS and datastore type. VM encryption is managed via policy. The policy framework being used integrates with vSphere Storage Policy Based Management (SPBM). Key management is based on industry-standard Key Management Interoperability Protocol (KMIP), offering customers choice and flexibility around key management. VM Encryption takes advantage of the latest CPU hardware advances in AES-NI encryption. The Advanced Encryption Standard Instruction Set is an extension of the x86 instruction set, and provides accelerated encryption and decryption functions.
- Encrypted vMotion — Encrypted vMotion is enabled on a per-VM basis. It works by encrypting the data traveling over the network, rather than encrypting the network itself. This implements easier and is more flexible. Every packet is uniquely encrypted on the source host and is decrypted on the destination host.
- Secure Boot Support — vSphere 6.5 introduces Secure Boot Support for both VMs and for the ESXi hypervisor. UEFI Secure Boot is a mechanism that only allows trusted code to be loaded by EFI firmware prior to OS handoff. This trust is determined by keys and certificates managed by the firmware. Implementing this feature for a VM enables secure boot of an EFI-aware OS in that VM.
- Enhanced Logging — vSphere 6.5 added audit-quality logging. In prior versions, vSphere logs were more focused on troubleshooting rather than on IT operations or security use cases. Logs coming from vCenter Server 6.5 via syslog are now enriched with data from vCenter Server events. These logs clearly show “before” and “after” settings changes. allowing IT and security administrators an enhanced ability to track and troubleshoot issues. These changes do not require increasing the logging level beyond the standard “info” level. They also don’t add any noticeable load to the vCenter Service instance or add to the vCenter Server database, because this info has already been recorded as part of the existing vCenter Server event. The Enhanced Logging feature simply causes this information to be passed along to Syslog. Standard troubleshooting and support logs will be unaffected.
- Security Automation — The VM Encryption, Encrypted vMotion, and Secure Boot features are all fully automatable via VMware PowerCLI and the vSphere API.
Improvements to VMware HA and DRS
Both VMware High Availability (HA) and Distributed Resource Scheduler (DRS) have been enhanced in vSphere 6.5. These enhancements include:
- Proactive HA — Proactive HA integrates with select hardware partners to detect degraded components and evacuate VMs from affected hosts before an incident can cause an interruption of service. vCenter Server plug-ins from the hardware vendors provide the health status of hosts’ system memory, local storage, power supplies, cooling fans, and network adapters. If components become degraded, Proactive HA determines which hosts are at risk and places them into a new-to-6.5 state called “Quarantine Mode”. While in Quarantine Mode, VMs are migrated off of the host onto healthy hosts (as long as affinity and anti-affinity rules are not violated, and the performance of the VM will not be negatively affected). New VMs will not be added to hosts that are in Quarantine Mode.
- HA Orchestrated Restart — Orchestrated Restart improves the recoverability of applications that run across more than one VM. This is done by creating dependency chains for VMs and using those to create VM restart rules. These rules enforce the restart order for VMs within the dependency chain, increasing the chances that an affected application will properly recover when vSphere HA restarts the VMs.
- vSphere Fault Tolerance Improvements — In vSphere 6.5, Fault Tolerance (FT) integration with DRS has been improved to enable better placement decisions by ranking the hosts based on available network bandwidth and by recommending the datastore in which to to place the secondary VMDK files. Additionally, network latency between the primary and secondary VMs has been greatly decreased.
- Improved DRS Load Balancing Algorithm — The load-balancing algorithm has worked well in most cases. However, with clusters becoming larger, distribution patterns become normalized, causing “outliers”. An outlier is a host whose utilization is greater than the average utilization of the cluster, but not far enough above that average to have a negative affect. The DRS algorithm has been improved to detect these outliers (by performing pairwise calculations between the most-utilized and least-utilized hosts) and make additional migration recommendations to reduce the variance, resulting in a better overall balance of cluster resources and individual VM performance.
- Network-Aware DRS — In addition to the 25 metrics already used when making migration recommendations, vSphere DRS in 6.5 also takes network utilization into account. It monitors the Tx and Rx rates of the connected physical uplinks and will avoid placing VMs on hosts it considers to be network saturated (above 80% network utilization).
vSphere 6.5 offers a number of enhancements in its handling of storage. These include:
- Support for Advanced Format Drives — The standard sector size for disk drives has been 512 bytes. In order to provide larger-capacity drives, the storage industry has been moving towards Advanced Format (AF) drives that use a larger physical sector size of 4,096 bytes (this is also referred to as “4K AF format”).
vSphere 6.5 provides 512 emulation (512e) mode for VMFS datastores and RDMS. This allows it to work with legacy OSes and applications while still supporting the larger-capacity drives.
Because it includes major changes that make VMFS metadata 4K-aligned, the 512e mode requires use of the new VMFS version 6 provided with vSphere 6.5.
- Automated UNMAP — UNMAP is a VMware vSphere APIs for Array Integration (VAAI) primitive that enables the reclamation of dead or stranded space on thinly-provisioned VMFS volumes. In vSphere 6.0, this can be initiated manually by running an ESX CLI command. vSphere 6.5 automates the process by tracking the deleted VMFS blocks and reclaiming that space from the storage array in the background, ensuring a minimal affect on storage I/O. UNMAP will work at a Guest OS level with newer versions of Windows and Linux.
- LUN Scalability — vSphere 6.5 supports a maximum of 512 LUNs (up from 256 in 6.0) and 2,000 storage paths (up from 1,024 in 6.0).
- NFS v4.1 Support — While NFS v4.1 has been supported since vSphere 6.0, 6.5 adds a Kerberos integrity check (SEC_KRB5i) along with Kerberos authentication. NFS v4.1 with Kerberos is also supported with IPv6 in 6.5.
- Support for Software iSCSI Static Routing — In previous versions, using the software iSCSI initiator required that the initiator and the target be on the same subnet. vSphere 6.5 allows for configuring statics routes between initiator and target subnets, and configuring multipathing without requiring use of the same network.
vSphere 6.5 also adds several enhancements to its network handling. These include:
- Enhancements for Nested ESXi — Prior to vSphere 6.5, running nested ESXi instances (installing ESXi as the Guest OS on a VM) required enabling promiscuous mode on virtual switches, sending all traffic on the “outer” virtual switch to the nested ESXi instance, resulting in unnecessary packet deliveries, high CPU usage, and low network throughput. vSphere 6.5 includes a MAC address learning capability to the outer switch that enables forwarding only the required packets to the nested instance, resulting in significant performance improvements in nested ESXi environments.
- Dedicated Gateways for VMkernel Network Adapter – Prior to vSphere 6.5, DRS, vMotion, iSCSI, and provisioning have all used a single gateway, which has required adding static routes to all hosts. In vSphere 6.5 different VMkernel (vmk) services can use different default gateways, eliminating the need for static routes, making things more efficient and more scalable.
- ERSPAN Support — vSphere 6.5 adds support for the ERSPAN protocol. ERSPAN mirrors traffic from one or more source ports and delivers the mirrored traffic to one or more destination ports on another switch.
VMware Product Compatibility Caveats
When I first started working on this post, I thought I’d include a list of which other VMware products are not currently supported for use with vSphere 6.5. As it turns out, it will take surprisingly less time to list only those VMware products that are currently supported with vSphere 6.5.
As of the date of this writing, only the following versions of the below-listed products:
- Horizon 7, version 7.0.2
- Site Recovery Manager 6.5
- Identity Manager 2.8 and 2.71
- VMware PowerCLI 6.5.0
- VMware Remote Console 9.0.0
- VMware Tools 10.1.0, 10.0,12, 10.0.9, 10.0.8, 10.0.6, 10.0.5, 10.0.0
- vRealize Operations Manager 6.4
- vRealize Automation 7.2.0, 6.2.5
- vRealize Log Insight 4.0.0, 3.3.2, 3.3.1, 3.3.0, 3.0.0
- vSAN 6.5
- vSphere Big Data Extensions 2.3.1
- vSphere Data Protection 6.1.3
- vSphere Replication 6.5
It’s worth noting that the VMware Product Interoperability Matrix lists three different status options:
- Not supported
As of the time of this writing, the following VMware products are explicitly called out as being incompatible with vSphere 6.5:
- VMware NSX, all versions
- vRealize Configuration Manager
- vCloud Director for Service Providers
Bottom line: If you’re running any VMware products that are not on the Compatible list above, you’ll want to hold off on upgrading to vSphere 6.5 until those products have been updated to be Compatible (supported) with it.
To check for the current compatibility with vSphere 6.5 status of a particular VMware product, go to the VMware Product Interoperability Matrix.
Another note — previous versions of vSphere will not work with VMFS6-formatted datastores. vSphere 6.5 can work with either VMFS5- or VMFS6-formatted datastores. There is no “in-place” conversion mechanism for updating a VMFS5 datastore to VMFS6. To migrate from VMFS5 to VMFS6, customers will need to create a new VMFS6 datastore and use Storage vMotion to move VMs to it from the VMFS5 datastore.
One Final Caveat
Before considering an upgrade to vSphere 6.5, make sure you read this VMware KnowledgeBase article titled Update sequence for vSphere 6.5 and its compatible VMware products. It provides details on which VMware products will need to be upgraded to which version and in which order.