VMware vSphere 6.5 adds improved UIs, stronger security and better support for containerized applications. Let’s look at why these are important for IT.
VMware’s vSphere grew out of the necessity and complexity of an expanding virtualization marketplace. Earlier server products such as VMware’s GSX and ESX server platforms weren’t robust enough to handle IT departments’ increasing demands. As companies invested in virtualization, they needed to simplify and consolidate physical server farms into virtualized ones, which triggered virtual infrastructure requirements.
VMware has since expanded its scope beyond computing virtualization, adding virtualizing storage, networking and endpoint computing. But vSphere remains the company’s flagship product for all things virtual. And with vSphere 6.5, new and updated features deserve a peek.
VMware vCenter Server Appliance
Next to ESXi, the vCenter server is critically important. As the main backend tool that manages VMware’s virtual infrastructure, it gives admins the ability to create, manipulate and control virtual components including VMs, networking, and storage, from a centralized location. New and updated features to VMware vCenter 6.5 include:
- A migration tool for moving to vSphere 6.5 from vSphere 5.5 or 6.0.
- VMware Update Manager (VUM) is now integrated into the vCenter Server appliance. This means no more plug-ins to add or external VUM services to restart.
- A new vCenter Server high-availability feature uses cloned vCenter instances to maximize uptime for the appliance and its services. As a virtualization admin, this feature is a personal favorite since a single vCenter instance has always been a vulnerable single point of failure.
- Built-in backup and restore for streaming critical files to a specific destination for safe keeping and future recoveries.
- The vSphere web client gets several cosmetic changes based on customer feedback, including a reorganized Home screen, renamed and removed tabs, and default views.
VMware vSphere Client
The clunky old front-end client used to access the vCenter Server got an HTML5 makeover. Aside from the expected performance improvements, the change should help make the tool cross-browser/mobile friendlier. Like the vSphere Web Client, the UI is changed around with a more modern feel based on VMware’s Clarity UI, while also making plug-ins a thing of the past.
vSphere VM and vMotion Encryption
With vSphere 6.5, VMware approaches VM encryption by securing at the hypervisor level with the kernel doing most of the work. This keeps the VM from having to run its own encryption processes. It also allows the admin to set policies that works across multiple VMs, rather than case-by-case situations.
vSphere 6.5 addresses recent encryption standards used in modern processors from Intel and AMD. For instance, AES-NI (NI for new instructions) is now a supported standard that helps vSphere take advantage of today’s processors’ hardware-encrypted capabilities.
VMware adds vMotion encryption to vSphere 6.5, which doesn’t require encryption at the network level. Instead, designated VMs get a randomly generated certificate from vCenter, which is packaged up and forwarded to the participating vMotioning hosts for the VM’s transfer, protecting the data-in-motion.
ESXi and VM Secure Boot
To provide physical and virtual server with cryptographically clean boot processes, VMware is adding secure boot to its security toolkit. For servers using UEFI secure boot, all ESXi components need to be digitally signed in to the server’s firmware to boot the host system’s OS. An invalidly signed vSphere Installation Bundle (VIB) will stop the boot process and prompt a purple screen of death (PSOD) from the server, preventing possibly tampered threats from booting up with the host system.
Secure boot extends out to the EFI-enabled VMs running in the vSphere environment. Available for both Linux and Windows VMs, enabling Secure Boot is done by clicking a simple checkbox found in the VMs properties. When enabled, only properly signed VMs will boot in the virtual environment.
VMware VIC Admiral and Harbor
VMWare’s vSphere 6.5 adds two critical components to its vSphere Integrated Containers service, providing a Docker compatible interface to developers. Alongside the vSphere Integrated Container Engine (VIC), VMware officially adds a container management portal (Admiral) and a container registry (Harbor).
Admiral provides an isolated portal that lets developers and administrators manage containers, running on vSphere, independently from the usual vSphere UIs, and enables features such as rule-based resource management, live state updates and container template management for containerized application deployments.
Harbor is an enterprise registry used to store and distribute containers. Based on the fork used to create Docker Hub, VMware added several other features to make the Harbor Enterprise worthy including role-based access control, image replication, AD/LDAP support, and auditing, among others.