VMworld 2020 is around the corner!

As you may know this year VMworld will be a global online event starting September 29 till October 1..so it´s around the corner.

This is the first time you can attend this awesome event from home so no excuses to register! 

https://www.vmworld.com/myvmworld-login.jspa

Since i came back to VMware, i was focused on VMware Cloud on AWS as an Architect for EMEA and this year i will be sharing the keys from a technical point of view in a roundtable.

The "Expert Roundtable: Cloud Customer Success for VMware Cloud on AWS [VI3117]" will be hosted by Marco Carrubba and also covered with Ruth Power and Claire Hackett as Customer Success Managers.

We will give an overview about Cloud Customer Success for VMConAWS, and how we help our customers on their journey to cloud plus how the team engages with customers of all types to understand and accelerate the realization of business objectives through the successful adoption of VMware Cloud on AWS.

There is a lot of definitions of Customer Success but all of them have something in common: anticipate customer challenges or questions and proactively provide solutions and answers to those issues prior to them arising.

VMware listen and capture what customer needs so we are moving to a subscription model and our team is the key for customers to go forward on this model.

Both roles of this teams cover all the topics that you can imagine: Customer Success Managers (CSM) and Customer Success Architects (CSA) working together solve and help to drive the adoption of VMConAWS.

Do you wanna know more? Join our Expert Roundtable this Wednesday:

https://my.vmworld.com/widget/vmware/vmworld2020/catalog?tab.deliveryfordisplay=1597089771221001YGg0&search=VI3117

Did you ask for a Marketplace? There you go!

As you may know, one of the values of VMware Cloud on AWS (aka VMC on AWS) is to have access to the AWS market place catalog... the biggest in the cloud hyperscale providers (today there are 8277 results)

VMware add new cloud native services now with the VMware Cloud Marketplace:

In this marketplace you will find among third party solutions which will be fully integrated to consume trough your SDDC a catalog from the last VMware acquisition: Bitnami.

If you want to stay informed, you have to register to this link:

https://cloud.vmware.com/cloud-marketplace/resources

How to do VMware exams during the lockdown

There is always a way to improve everything. Even this 2020 lockdown will make that some things like "to do VMware official exams remotely" will be possible.

This is something many people, including me, ask several times as there is no a certification center available everywhere and also its so complex sometimes to find the right schedule time.

So the impossible just happened!!! Starting April 2020 VMware will be proctoring exams delivered by Pearson VUE with same cost and except the VCAP deploy exams (make sense due the technical specifications of this kind of certifications).

You can test if you system is valid for this exams in this link:

https://home.pearsonvue.com/vmware/onvue

This is are some screenshoots of the process of validating you system, piece of cake:

Official announcements: 

https://blogs.vmware.com/education/2020/04/16/remote-exam-testing-is-here/

vSphere 6.5 announced at VMworld 2016 Barcelona

vSphere 6.5 was announced at VMworld 2016 Barcelona.
As you may know, VCSA is the recommended deploy option since vSphere 6 was released in Feb`2015 and most of the new improvements are realted with that, for example, now we have native high availability for VCSA, the VUM (VMware Update Manager) is now integrated (remember that in vSphere 6.0 we need to install it only on Windows) and the new native backup and restore options which cover most of the complaints with the VCSA.

• ·      VMware vCenter Server® Appliance - will deliver a simplified building block for vSphere environments offering an easy to deploy and manage approach that reduces operational complexity by embedding key functionality into a single virtual appliance. The appliance will offer customers simplified patching, upgrading, backup and recovery, high availability and more, including a 2x increase in both scale and performance of their vCenter Server environments.
• ·      REST APIs - will improve both the IT and developer experience by enabling greater control and automation of virtual infrastructure for modern applications via new REST-based APIs.
• ·      VMware vSphere Client - based on HTML5, the new vSphere Client will simplify the administrative experience via a modern, native tool that meets the performance and usability needs and expectations of users for day-to-day operations.
• ·      VM Encryption - new virtual machine-level encryption will protect against unauthorized data access safeguarding data at rest as well as virtual machines that are moved with VMware vMotion®.
• ·      Secure Boot - new feature will prevent the tampering of images as well as the loading of unauthorized components into vSphere environments.
• ·      VMware vSphere Integrated Containers™ - will allow IT operations teams to provide a Docker-compatible interface to their app teams enabling vSphere customers to transform their businesses with containers without re-architecting their existing infrastructure.

Two great features for me right now is to have the option to backup and restore the VCSA removin the dependency with third party backup solutions in one hand, and to have the option  to secure and encriptyon the VMs in other hand, so security is now done with VCSA 6.5

In the next post i´ll cover one by one the new features, meanwhile you can check the official landing page: http://blogs.vmware.com/vsphere/2016/10/introducing-vsphere-6-5.html

vSphere 6 upgrade: repoint replicated embedded SSO or PSC to external PSC

One of the keys of the new vSphere 6 topology is decided which scenario will fits better following the best practices. The main best practice is deploy external PSC as it will help us to get high availability SLA and an easier upgrade path for the future. keep in mind that VCSA is the recommended option to deploy vCenter right now.

First of all, review on this image the upgrade path from the two different platforms: Windows Server and VCSA (vCenter Server Appliance):

Go ahead with a specific and common scenario: SSO embedded replicated between at least 2 vCenters.

First step is to deploy an external SSO replicating with the embedded SSO, second step is repoint vCenters to the external SSO and third uninstall the embedded SSO:

The quid here is the process to "repoint" the SSO, follow this KB and you´ll see it´s a piece of cake:

How to repoint and re-register vCenter Server 5.1 / 5.5 and components (2033620)

If you have PSC embedded instead the SSO embedded just follow this kb:

How to repoint vCenter Server 6.0 between External PSC within a site (2113917)

Once you have the new external SSO working, just upgrade it to PSC:

And last but not least, upgrade the vCenter 5.x to vCenter 6.x

You can use the same steps to upgrade a single vCenter install with embedded (or not) SSO or PSC.

Finally, remember that VMware recomeends:

• Deploy VCSA
• Deploy external(s) PSC
• Select a VMware "recommended" topology

Microsegmentación con Firewall Distribuido de NSX (DFW)

Revisemos primero los tipos de FW que disponemos:

-Fisicos: aunque aun son necesarios, los cortafuego perimetrales tienen limitaciones sobre el ancho de banda que pueden gestionar asi como la carga de analisis que obliga a una escalabilidad horizontal compleja y que aumenta la complejidad del entorno.

-Virtuales, mismo servicio que los fisicos pero en formato virtual, son un buen complemento para los FW fisicos aunque estan limitados a una mdia de 1 y 4 Gb de ancho de banda.

-Distribuidos: son el complemento perfecto para los fw fisicos en un entorno de vSphere. EL FW de NSX esta basado en el rendimiento del kernel del hypervisor (ESXi), permiten una gran escalabilidad horizontal muy agil y que no implica aumentar la complejidad del entorno y que permite un ancho de banda de hasta 20Gbps por host.

Gracias al nuevo paradigma que presentan los servicios distribuidos de NSX, como en este caso el de FW,  es posible plantear otros escenarios a donde las capas de los servicios fisicos tradicionales no estaban llegando, en este caso, el esquema de firewall perimetral se amplia a un esquema de una relacion 1:1 entre VM y FW como vemos en al siguiente imagen:

De la idea anterior nace el concepto de "microsegmentación": el trafico se inspecciona ahora en las tarjetas de las maquinas virtuales a nivel de capa 2, 3 y 4 gracias a NSX.

Ademas permite integración con soluciones de terceros que aumentan la capacidad de analisis de las aplicaciones como de capa 7.

Por ultimo es importante destacar que si la VM se mueve de host hypervisor (ESXi), las reglas de esta VM se van con ella, y no es necesario ningun tipo de reconfiguracion con lo que es 100% compatible con las tecnicas de asignacion dinamica de recursos (DRS) y de caracteristicas como HA de VMware para dotar de alta disponibilidad a las maquinas virtuales. 

La microsegmentacion nos permite aislar y segmentar las aplicaciones de diferentes formas como podemos ver en la siguiente imagen:

VMWORLD 2016 - Breakout Sessions on-demand

The VMworld 2016 breakout sessions are now available on-demand:

http://www.vmworld.com/en/sessions/2016.html

VMware Cross-Cloud Architecture™ announced at VMworld 2016

Today VMware announced at VMworld the VMware Cross-Cloud Architecture™ enabling customers to run, manage, connect, and secure their applications across clouds and devices in a common operating environment.

In support of the company's cloud strategy, VMware also announced the following:

• VMware Cloud Foundation™ is a unified Software-Defined Data Center (SDDC) platform that makes it easy for customers to manage and run their SDDC clouds;
• Technology Preview of Cross-Cloud Services™ to showcase how customers can manage, govern, and secure applications running in private and public clouds, including AWS, Azure and IBM Cloud;
• VMware vCloud® Availability™, a new family of disaster recovery offerings purpose-built for vCloud Air™ Network partners;
• A new release of VMware vCloud Air Hybrid Cloud Manager™ to provide VMware vSphere® users zero downtime application migration to VMware vCloud Air.

For the first time, VMware Cloud Foundation offers a new "as-a-service" option that delivers the full power of the SDDC in a hybrid cloud environment.IBM is the first VMware vCloud Air Network partner delivering new offerings based on VMware Cloud Foundation with its VMware Cloud Foundation™ on IBM Cloud offering. VMware Cloud Foundation will be available on additional public clouds, including vCloud Air, in the future. Read more about VMware Cloud Foundation on IBM Cloud in this announcement.

For private clouds, customers can procure turnkey VxRack Systems integrated solutions from EMC today, or combine Cloud Foundation software with qualified VMware Virtual SAN Ready Nodes from Dell, Hewlett Packard Enterprise and QCT.

More info on the VMware CTO Blog by Raj Yavatkar: 
https://cto.vmware.com/vmware-cloud-foundation/

Rendimiento del Firewall Distribuido (DFW) de NSX

En los siguientes post, desmontaremos algunos de los mitos que existen sobre el rendimiento y la visibilidad de operaciones que existen relacionadas con NSX, en este caso nos centraremos el el rendimiento del cortafuegos implementado por NSX.

Una buena metrica para analizar el rendimiento del DFW de NSX; es medir las conexiones por segundo que puede alcazar un firewall con un numero determinado de reglas.

En el siguiente grafico vemos como incluso con 100 reglas de firewall por host se alcanzan sin problemas las 80.000 conexiones por segundo.

En la siguiente gráfica podemos observar como apenas hay perdida de rendimiento incluso cuando se transmiten 20Gbps a través de un solo host (con dos enlaces de 10 Gbps)

Es importante tener en cuenta que con el DFW (Firewall Distribuido de NSX) la carga que debe soportar y gestionar cada FW es el de las VMs que residen en ese host o del trafico que se envia y/o recibe en un solo host; a diferencia de los FW fisicos tradicionales que tienen que soportar el trafico de todo el entorno tanto fisico como virtual ya que son un punto único de filtrado de trafico. Esto ademas obliga a que el trafico circule por toda la ed hasta llegar la FW fisico, en cambio con el DFW de NSX, se llega al extremo de que si el trafico es entre VMs ubicadas en el mismo no host no tengan ni que salir del host para comunicarse entre ellas.

Ademas, la posibilidad de combinar las vRealize Automation (vRA) con NSX, nos permite implementar las aplicaciones y los servicios de forma muy ágil y flexible:

-implementaciones de aplicaciones multinivel en redes aisladas.

-implementaciones de VMs en redes planas.

-implementaciones de reglas para aplicaciones que se apliquen en el momento de su activación.

-implementar servicios combinados de FW y LB o VPNs