VMware Cloud Foundation

At a Glance – VMware Cloud Foundation 5.0 Technical Highlights

VMware Cloud Foundation adoption continues to grow in the market, delivering significant value to organizations of all sizes. Cloud Foundation has been successfully deployed across the most demanding enterprise IT environments, a testament to the scale, flexibility and robustness of this full stack private cloud platform.

With each new VMware Cloud Foundation release, new features and capabilities are added to further streamline operations.  VMware Cloud Foundation 5.0 is now available and includes some impressive new features and improved workflows to further enhance private cloud operations. 

A highlighted set of new features and enhancements since VMware Cloud Foundation 4.0

Major SDDC Stack Upgrades

To begin, the core building blocks of the SDDC stack have been upgraded to include the latest major releases of vSphere 8.0 U1 and NSX 4.1 as well as the latest available versions to vSAN, vCenter Server, vRealize/Aria components and SDDC Manager.

VMware Cloud Foundation 5.0 is an in-place upgrade for VCF 4.3.x, 4.4.x and 4.5.x deployments.  Existing instances are self-upgradable; no migration effort or additional hardware is required.

Example: An in-place upgrade from VCF 4.3.x to 5.0 on existing infrastructure

Cloud Foundation 5.0 – Lifecycle Management Enhancements

Skip-level upgrade support allows customers running VCF 4.3.x or VCF 4.4.x to streamline their upgrade path to VCF 5.0 by skipping intermediary VCF 4.4.x and 4.5.x versions. SDDC Manager workflows guide the administrator through the upgrade process ensuring that all core components (NSX, vCenter Server, ESXi and vRealize/Aria products) are first checked for health and interoperability before they are upgraded in the correct sequence. Components of a workload domain or cluster can be upgraded sequentially (one after another) or in parallel which helps administrators to best schedule an upgrade to around day-to-day business.

Some of the biggest changes that benefit both new and upgraded VCF 5.0 instances are most evident with lifecycle management. In fact, existing customers can benefit from these enhancements before their environments are even fully upgraded.

The first component to be upgraded is SDDC Manager, which contains new features which can further assist with an in-place upgrade to VCF 5.0.  New greenfield VCF 5.0 instances will also benefit.  Administrators have the option to run upgrade prechecks for a domain against a newer “Target Version” which can be selected from a drop-down menu. 

A second option which can be chosen is a “General Upgrade Readiness” precheck which can be run at any time for a specific SDDC component or cluster within a workload domain.  A General Update Readiness precheck is best described as a pre-upgrade health check.

SDDC Manager Target Version and General Update Readiness Prechecks.

Configuration drift is a measure of change between one release and another.  Having visibility of these changes is key to maintaining a compliant environment.  An example of a configuration drift could be the introduction of a new component feature that may not have existed in a previous release, such as a new vSphere service account or new NSX security feature.  From VCF 5.0, SDDC Manager provides Config Drift Awareness as part of the precheck process when performing an upgrade of a component.  Config drifts can be applied at a component level for each workload domain after a component update bundle is applied.

Introducing Isolated SSO Workload Domains

Historically, all workload domains have been configured to support a shared single sign-on architecture. This architecture has allowed new workload domains to join the SSO instance configured for the Management domain. Following this model, all workload domain vCenter server platform services controllers (PSCs) are configured in enhanced linked mode, which provides seamless access to all the products in the stack without challenging a user to re-authenticate.

The introduction of Isolated Workload domains is one of the most significant changes to VMware Cloud Foundation 5.0 architecture and introduces several new exciting deployment use cases.

VMware Cloud Foundation 5.0 allows administrators to now configure workload domains using either a single shared SSO domain or a separate isolated SSO domain.  Workload domains that are created using a separate SSO instance are called Isolated workload domains and are useful for Service Providers who can allocate workload domains to different tenants. 

Configure a workload domain to share the Management SSO or create a new SSO instance

Configuring an isolated workload domain provides separation at the vCenter Single Sign-On domain layer for increased security separation.

The vCenter server instance of each isolated workload domain is managed through its own pane of glass leveraging a different set of administrative credentials and vCenter server access can be allocated to a different set of tenant users. 

Scaling and lifecycle management operations for each isolated workload domain are performed separately by an administrative user of the management domain SSO using SDDC Manager.  Scaling and Lifecycle management operations include updating, patching, password management and certificate management.

Isolated SSO domains are each configured with their own NSX instance. Each Isolated workload domain and NSX instance have a 1:1 relationship.

The ability to configure new SSO instances for a workload domain also allows Cloud Foundation architecture to scale beyond a maximum of 15 domains*.  When Isolated Workload domains are used, VMware Cloud Foundation can scale to a maximum of 25 domains*

Additional SDDC Manager Enhancements 

In addition to scaling workload domains, SDDC Manager also includes enhanced workflows to minimize error handling during scaling operations

When enabled, any hosts which fail during cluster creation will be skipped allowing the operation to continue using the remaining hosts (assuming FTT conditions are met).  This helps administrators to further strengthen the resilience of their private cloud infrastructure during scaling operations.

Over the past several releases, VMware has introduced several parallelization enhancements to Cloud Foundation lifecycle management, provisioning and scaling operations, allowing administrators to perform multiple operations on separate sets of infrastructure at the same time.  VMware Cloud Foundation 5.0 adds the ability to provision multiple workload domains in parallel.

When combining these capabilities administrators now have a very powerful platform that caters to commissioning and decommissioning multiple sets of hosts, creating multiple workload domains, creating multiple clusters and expanding and shrinking multiple clusters in parallel.  Scaling operations can be completed over a shorter duration of time which is akin to scaling operations in the public cloud.

Performing multiple parallel operations saves allows organizations to scale like a cloud provider

Despite many other new enhancements, such as NVMe-TCP support for supplemental storage, another technical feature to highlight in are the new and improved certificate management workflows.

Improved certificate management workflows further simplify the process of generating certificate signing requests.  New workflows allow certificate content to be easily copied and edited.  Server certificates and certificate authorities can now also be validated prior to installation which helps to minimize configuration errors and time spent testing and troubleshooting.

Enhanced certificate management workflows within SDDC Manager

Updated End of Global Support Policies

VMware offers maintenance updates and upgrades, bug and security fixes, and technical assistance for all VCF instances as part of a customer’s VMware support agreement.  

  • VMware have updated the VMware Cloud Foundation End of Global Support (EOGS) policy for the VCF 5.0 release.
  • vSphere, vSAN, NSX and SDDC Manager within a VCF 5.0 instance no longer follows a N-2 support policy.
  • VMware Cloud Foundation 5.0 is now supported for a fixed-length of four (4) years.  This aligns support for VMware Cloud Foundation releases with its component products.  
  • This change allows customers which are running the latest major version of Cloud Foundation 5.0 up to 4 years of support. 
  • Separate extensions have also been made to End of Global Support (EOGS) dates for VCF 4.3.x and above.

Summary

VMware Cloud Foundation allows IT teams to deliver a flexible modern platform to run all application types, from traditional VMs, enterprise grade databases and virtual desktop infrastructure with true cloud-like automation and scale.  More recently, many of our customers are also extending these use cases further by configuring their Cloud Foundation infrastructure as a fully functioning developer platform for running Kubernetes containerized services and high performance AI and ML workloads.  Cloud Foundation allows IT teams to break away from dedicated silos of bespoke infrastructure by utilizing standardized infrastructure which simplifies operations and lowers cost. 

The release of VMware Cloud Foundation 5.0 is an evolution of these capabilities allowing IT teams to deliver and operate like a cloud provider. The end-result is a private cloud platform which is even more resilient, quicker to scale and easier to operate and lifecycle manage. 

For further information on VMware Cloud Foundation 5.0 features and capabilities please refer to the release notes.

If you are looking to quickly familiarize yourself further with VMware Cloud Foundation concepts, please take a look at the demos and short videos on TechZone

VMware Cloud Foundation 5.0 Resources: 

[BLOG] Announcing VMware Cloud Foundation 5.0

[BLOG] What’s New with vSphere and vSAN in VCF 5.0

[BLOG] What’s New with NSX in VMware Cloud Foundation 5.0

[BLOG] What’s New with vRealize Suite in VMware Cloud Foundation 5.0

VMware Cloud Foundation Product Page

VMware Cloud Foundation Technical Resources