Continued Enhancements in vSphere 6.7

vSphere 6.7 is finally upon us. It should not be a surprise that vSphere is focused on more efficient manageability, especially at scale, and increased security. These design qualities have become paramount as VMware continues to partner with public cloud vendors (AWS, Microsoft Azure) to deliver “hybrid” offerings and as more edge sites are added into the data center’s purview.

Nearly everything in the vSphere suite has gotten a minor facelift for this new release. The one upgrade consideration that caught my eye:

It is not supported to upgrade from vSphere 5.5 to vSphere 6.7. This introduces a multi-step upgrade path.

Additionally, upgrading from 6.5u2 is not currently support but will be added in future releases of 6.7.x so watch for that if it affects you. Refer to my previous blog post about architecting upgrades.

vCenter Server Appliance (vCSA)

I have long been a fan of the vCSA since its initial announcement in 5.0. I thought that combining the app and OS, putting it in VMware’s control could increase security and lead to quicker updates and innovations. Unfortunately, while consulting I found that many customers misunderstood the architecture introduced in 6.x (PSC and vCSA), which led to more confusion than upgrades.

Therefore, the road led has led to 6.7 where VMware has simplified the vCenter Server topology by now supporting vCenter Server with an embedded platform services controller running in enhanced linked mode (ELM). ELM allows customers to link multiple vCenter Servers together for increased visibility aka ‘single pane of glass’ (drink!). This change allows this architectural design decision without the complexity of external PSCs or load balancers.

vCSA

For the rest of the vCenter goodness, check out Emad Younis’ post about the rest of the vCSA enhancements.

Increased Security

In a world where cybersecurity is allocated billions of dollars of the Federal budget and ransomware attacks are commonplace, it only makes sense for companies like VMware to invest in increasing security capabilities. The heart of the vSphere platform is ESXi, therefore it makes sense to start there.

Support for Trusted Platform Module (TPM) 2.0 and the introduction of Virtual TPM 2.0 has been added with vSphere 6.7. If you are unfamiliar with TPM, it enables ESXi to verify drivers/boot components, effectively validating its image during the boot process. It measures the VMkernel with its Platform Configuration Modules to make sure the image is still authentic and hasn’t been changed.

Additionally, VM Encryption has been enhanced to make assignment of this policy a simple right-click. Moreover, encrypted vMotion for cross-vCenter migrations (including versions) addresses the age old security concern about data being migrated in clear-text.

Lastly, VMware has announced support for the entire Microsoft Virtualization Based Security portfolio. I am very interested to see how this plays out, especially as it pertains to NSX.

vSAN 6.7

It is no secret that I find storage enhancement announcements to be jejune. However, I concede that it is important to consistently improve performance, consistency, and usability.

These days, I am more interested in using APIs to interact with software. But I do believe that a simple and performant user interface is necessary in 2018. I am happy to see that vSAN has a new HTML5 UI built on the same “Clarity” framework used by other VMware products.

When vSAN iSCSI services were previously announced, I wondered when Windows Server Failover Clusters (WSFC) would be supported. That day is today. This adds to the already existing support for SQL AAG, Exchange DAG, and Oracle RAC. For organizations with WSFC servers in a physical or virtual configuration, vSAN 6.7 supports shared target storage locations when storage targets are exposed using the vSAN iSCSI service.

You can find more information about vSAN 6.7 by checking out Anthony Spiteri’s blog post.

macOS VCSA Installer “ovftool” Error

I recently ran into an issue with the vCenter Server Appliance (VCSA) 6.5 installer. When I proceeded to Step 5, “Set up appliance VM” I received the error:

“A problem occurred while reading the OVF file…Error: ovftool is not available.”

Screen Shot 2016-12-19 at 5.00.22 PM.png

After some research, it turns out that macOS Sierra (10.12.x) is not supported and, of course, that is the operating system of my laptop. I found a blog post from Emad Younis that outlines two possible options for working around this error.

I tried both options. Option 1 did not work for me, but Option 2 did. I’d like to take a minute and demonstrate step-by-step what I did to proceed with the VCSA deployment.

On the deployment wizard error, I selected Installer log.

Screen Shot 2016-12-19 at 5.00.22 PM copy.png

Quickly read through the log and find the error regarding the ovftoolCmd, it will state the directory that the installer is searching for the tool set. Copy that directory, sans /vcsa/ovftool/mac/ovftool.

Screen Shot 2016-12-19 at 5.01.03 PM.png

Launch the Terminal utility and type the open command for Finder to open that directory.

asdfasdf.png

For example:

open /private/var/folders/j8/ttwss5yx6cqf0flb5lrj_hww0000gn/T/AppTranslocation/

As mentioned before, leave off everything from /vcsa/ and on.

When that directory opens in Finder, you’ll notice that is it empty…therein lies the problem!

empty.png

Copy the vcsa folder into this directory.

vcsa.png

Once the vcsa folder has successfully copied, you should be able to go back to the macOS installer, press Back, and then hit Next to go back to Step 5.

Screen Shot 2016-12-19 at 5.04.47 PM.png

You should now be able to select the deployment size options and successfully proceed with the VCSA deployment.