VMware Cloud Foundation Home Page

Operations in VMware Cloud Foundation 9.0 : The Modern Way to Build and Manage Your Private Cloud

, ,

An optimal IT infrastructure is characterized by its capacity to support a growing number of workloads over time and to manage real-time fluctuations in resource demands while sustaining peak performance. VMware Cloud Foundation facilitates the implementation of a cloud operating model at scale, thereby accelerating IT agility, increasing infrastructure scalability, improving security, and lowering the total cost of ownership.

Modern Infrastructure requires an effective management and operations layer which encompasses comprehensive lifecycle control across the fleet, ensures cost transparency, and provides clear visibility into the overall security posture.

A key component within the VCF stack is VMware Cloud Foundation Operations which helps organizations build, operate and protect their private cloud infrastructure by deploying and maintaining its fleet level components, providing unified visibility and enhanced performance across the workload and infrastructure stack, and helping stay compliant with regulatory and organizational requirements. Some of the benefits include faster time to value, improved resource utilization, reduced time to issue resolution, cost predictability and a safe and compliant environment. As part of the VCF 9.0 release, some of the key new and enhanced capabilities in VCF Operations include :

  • Building the VCF Stack
  • Fleet Management
  • Integrated Operations
  • Cost Management
  • Enhanced Security  

Figure 1: VCF Operations New Capabilities in VCF 9.0

  • Building the VCF Stack

VMware Cloud Foundation 9.0 changes how customers deploy and build private cloud infrastructure. The VCF Installer allows customers to easily build repeatable sections of VCF infrastructure such as application clusters to build out the fleet to improve operational efficiency and consistency. 

Figure 2: VCF Deployment Options 

A VCF fleet is a new VCF 9.0 term and it is all the infrastructure including VCF Operations, VCF Automation, vCenter, NSX Manager, vSphere Cluster, workload domains, and other components within VCF. Multiple instances of VCF can be deployed, however, there is only one instance of VCF Operations and one instance of VCF Automation.

Figure 3: VCF Installer 

VCF 9.0 introduces a new Install wizard that guides users through the build process in a clear and intuitive sequence. A new fleet can be deployed, or infrastructure can be added to existing VCF infrastructure. There are capabilities to size and apply high availability, as well as use JSON to scale the private cloud infrastructure. The JSON file can be saved for future builds and as a reference. There is the ability to review the build deployment, and then there is an opportunity to validate it before the deployment. After the installer completes, then a user can login to VCF Operations to get started.

  • Fleet Management

Enterprises looking to scale up require consistency in their infrastructure stack. VCF Operations fleet management helps build, manage and scale your private cloud infrastructure while providing that consistency across each of its components. ​It consolidates access to essential administrative tasks for the infrastructure and management components. Some of the key Fleet Management capabilities include:

1. License Management:

VCF Operations is now the License Manager for the entire VCF stack. Using VCF Operations, licensing is simplified and unified using a single license file. Earlier customers had a long 25-hex license key that had to go on each component. Now, there is one license file per each VCF Operations instance which makes licensing easier for allocation, usage tracking, and changes across the infrastructure for both cores and vSAN TiBs. Advanced Services such as VMware Private AI Foundation with NVIDIA, and additional vSAN storage TiB are tracked in the same license file. The other add-ons are still traditional licensing keys.      

2. Single Sign-On and Centralized Identity Management:

VCF Operations allows for Single Sign-On across VCF and fleet of vCenter instances. VCF 9.0  streamlines and modernizes SSO, offering simplified identity source management, which cuts down operational complexity and enhances user control through flexible provisioning. It also allows for single sign-on client settings to be applied from VCF Operations to specific components.The system supports diverse identity solutions, including Active Directory Federation Services, Azure AD, OKTA, Ping, and Open Authorization 2.0.

3. Certificate and Password Management:

VCF 9.0 introduces unified certificate management within VCF Operations, delivering a streamlined experience throughout the VCF environment. This feature facilitates smooth, non-disruptive certificate updates, automatic renewals with multiple Certificate Authorities, and the ability to import externally signed certificates. Consequently, it resolves operational difficulties, enhances security measures, and ensures greater compliance.

Figure 4: Certificate Alerts Tab

A centralized dashboard facilitates streamlined password management through integration and consolidation. This system provides a comprehensive overview of password status and management functionalities, encompassing updates, rotations, and expiration notifications.

Figure 5: Password Status Overview

4. Lifecycle management:

VCF 9.0 enhances Lifecycle Management by unifying Day 2 tasks under a single VCF Operations UI facilitating easier version control and orchestrating upgrades, while also streamlining processes to reduce host reboots and support automated upgrades across multiple clusters.

Figure 6: VCF Lifecycle Management Overview 

  • Integrated Operations

Monitoring the operations across your environment can be challenging for a variety of reasons, including a lack of coherence when it comes to tying the infrastructure data (diagnostics, logs, metrics, flows), alert fatigue, third-party and container monitoring and lack of flexibility in moving workloads across the environment. With the latest release VCF Operations alleviates these challenges by bringing in various capabilities which were spread across different products

1. VCF Health and Diagnostics

A. Diagnostic Findings provides a single-pane-of-glass to correlate issues across the infrastructure by scanning and evaluating available signatures and highlighting current issues on the Active Findings page.

B. VCF Health, provides a view into the overall state of your vCenter instances, complete with insight into connectivity utilization, services, as well as common capabilities such as:

  1. VM operations
  2. vMotion
  3. Snapshot management
  4. vSAN health

Figure 7: Active Diagnostic Findings

2. Storage Operations

Understanding storage usage is crucial, and VCF Operations excels at utilization trend analysis. With the latest release, VCF Operations provides a single pane of glass for all things storage including inventory, configuration and performance in VCF. Storage Distribution insights reveal how storage is allocated across clusters and workloads. This detailed view empowers you to manage resources efficiently and troubleshoot issues, ensuring optimal performance and resource utilization. 

Figure 8: Storage Operations Overview

3. Network Operations

VCF Operations now provides integrated network operations, giving a complete network view with network health monitoring, traffic analysis, and application insights. It can automatically discover business applications and application tiers to curate and start monitoring.

Figure 9: Network Operations Overview

4. Integrated Logs

VCF Operations integrates log analysis across all components, enabling easier event filtering, trend visualization, and faster troubleshooting from a single console. Log based alerts and dashboards allow admins to monitor event trends helping to detect anomalies and diagnose issues quickly.

Log Assist makes it easy to search for and consolidate logs to effectively conduct Root Cause Analysis (RCA) and expedite the remediation of issues. With the latest release, users can generate bundles and attach to support requests for efficient engagement with the support teams.

Figure 10: Log Compare Visualization

5. Extensibility using the native Management Pack Builder

The Management Pack Builder is now available in VCF Operations and this capability offers dashboards, alerts, and metrics for comprehensive monitoring and management of VCF components as well as third-party devices.

6. Supervisor Cluster and vSphere Kubernetes Service Monitoring

VCF Operations now natively supports the monitoring of the Supervisor cluster and VMware Kubernetes Service (VKS). Using a Telegraf agent, inventory and metrics data gets pushed from Supervisor and VKS into VCF Operations. There are several Out of the Box inventory dashboards and different performance KPI metrics for the supervisor like the CPU, memory, disk, the nodes, pods and the container level metrics to troubleshoot Supervisor related performance issues

Figure 11: VCF Supervisor Dashboard

7. Workload Migration Planning

Migration Planning in VCF looks to provide an end-to-end process to plan, schedule and migrate workloads at scale by bringing together powerful capabilities of VCF Operations for Networks and VCF Operations HCX. 

In this release, several key aspects of this capability have been introduced:

  • Users can easily and efficiently define the migration scope based on applications and understand dependencies, ensuring no critical elements are overlooked. The discovery of application and network dependencies reduces the risk of errors during migration, enhancing reliability.
  • With migration waves, the overall migration process into more manageable steps, enabling users to focus on smaller, defined groups of resources at a time and better plan and execute the migration in a phased approach, minimizing risk and complexity.
  • Insights into the usage of memory, cores, and storage, helps users to effectively plan for any resource limitations that could affect the migration, enabling informed decision-making and optimized resource allocation throughout the migration.

As Migration Planning evolves, customers will experience smoother, more efficient migrations with a clear understanding of resource needs and dependencies, allowing for a more streamlined and informed approach to migrating workloads to VCF as well as within and between VCF environments.

  • Cost Management

VCF Operations helps you quantify the returns on your VCF investment. It tracks the total cost of ownership of the entire environment along with potential savings and realized savings from recommendations provided to help you gauge the cost efficiency and cost savings over time. 

Cost Management in VCF Operations empowers users to monitor infrastructure-related costs and associated services or license expenses with greater precision. It also enables showback and chargeback capabilities, helping application teams understand and manage the cost of the infrastructure they consume.

IT admins and providers can leverage a range of features such as Cost Drivers for expense attribution, Pricing Policies for rate card definitions, Showback for distributing costs based on actual usage, and Chargeback for billing tenants or application teams using predefined pricing models.

a. Rate Cards:

To accurately bill tenants, providers can now define pricing policies or rate cards for the services and resources they offer. These configurations allow for setting base rates per unit of consumption, ensuring that costs are calculated consistently according to defined commitments.

Rate cards can be customized across a wide range of parameters, including compute (CPU and memory), storage, network, guest OS, tags, one-time fixed costs, and rate adjustment factors. This flexible model empowers providers to align pricing with both infrastructure usage and business models.

With the rate cards supporting the latest VCF licensing models, users can now accurately attribute expenses based on the latest license metrics such as cores and storage capacity.

b. Chargeback

Providers can now access detailed pricing and chargeback insights through the enhanced chargeback dashboards which offer visibility into costs from multiple management perspectives:

Overview: Presents a high-level summary of chargeback data—including cost and price across organizations, region quotas, and running VMs.

Organizations: Displays chargeback breakdowns for each organization and their corresponding region quotas.

Projects: Offers a comprehensive view of cost and pricing across all projects in VCF Automation, with additional insights into associated namespaces and deployments.

VCF Operations  now supports modern Infrastructure-as-a-Service chargeback models for both service providers and enterprise application teams. With this release, chargeback capabilities align with the latest deployment approach powered by VCF Automation providing greater flexibility and integration.

c. Cost Analysis

Utilizing cost analysis, organizations gain insights into their private cloud spending, pinpoint inefficiencies, and make informed decisions to optimize investments. Users can now easily perform metric comparisons—such as cost to run versus price to chargeback—within a simplified interface, accelerating insights and decision-making. This streamlined experience significantly reduces time to value by enabling quick identification of high-cost areas and optimization opportunities across infrastructure components, all within a few clicks.

  • Enhanced Security

Security management capabilities provide a comprehensive view into infra level as well as user level security reducing overall complexity for the enterprise from a risk standpoint thus maintaining the overall security posture.

1.  SecOps Dashboards

The Security Operations Dashboard provides a comprehensive, real-time view of user authentication, permissions, and infrastructure security, helping organizations proactively manage security across VCF deployments.

It delivers insights into infrastructure security, covering key areas like host encryption, host mode compliance, vSAN cluster encryption, advisories for CVE violations, certificate health, and VM encryption status.

Figure 12: SecOps Dashboard

2. Compliance Reporting

VCF Operations provides alerts, policies, and reports to validate VCF resources against defined benchmarks, delivering continuous compliance checking with alerts and maintaining the infrastructure’s compliance posture, reducing organizational and business risk. 

Defined benchmarks can be one or more of the following:

• Pre-defined VMware benchmarks which monitor the environment against various VMware defined security recommendations

• Build-your-own custom benchmarking policies which check the environment against the custom defined policies

• Out-of-the-box regulatory compliances, specifically: CIS security standard, DISA STIG, FISMA security standard, HIPAA, ISO security standards, and PCI DSS security standard

Organizations can proactively detect compliance misconfigurations and compliance drift across VCF based on the benchmarks of choice and leverage VCF integration capabilities with VMware or third-party configuration management tools to remediate compliance misconfigurations automatically. 

In VCF 9.0, new compliance packs for CIS (vSphere 8.0), NIST SP 800-171, and NIST SP 800-53 R5 and upgraded packs for HIPAA, PCI DSS v4.0 and ISO/IEC 27001:2022 have been added.

We can see how VCF Operations helps customers modernize their infrastructure. It delivers capabilities that enable their VCF infrastructure to function as a single unified and automated system, helping customers achieve their IT and Business Goals. 

This is just an overview of what’s new in VCF 9.0 for VCF Operations.  Stay tuned for more blogs, where we’ll dive into details on all of the new and enhanced features.   

For detailed information on the new features released, please refer to the Release Notes

Ready to get hands-on with VCF 9.0? Test drive the newly released Hands-on Lab. What’s New in VMware Cloud Foundation 9.0 – Operations. Dive into VMware Cloud Foundation 9.0’s newest operational capabilities in a virtual lab environment. You’ll explore enhanced private cloud monitoring and diagnostics, network flow analysis, advanced storage management, security operations improvements, and cost transparency through chargeback implementation.

 Learn More:

***

Ready to get hands-on with VMware Cloud Foundation 9.0?  Dive into the newest features in a virtual lab environment with Hands-on Labs that cover platform fundamentals, automation workflows, operational best practices, and the latest vSphere functionality for VCF 9.0.

Sachin Alex

Sachin is a Product Marketing Engineer at Broadcom working on VMware Cloud Foundation. Previously, Sachin has worked in various Engineering and Account Management roles. Outside work, you will find him…

Sehjung Hah

Sehjung Hah is a Product Marketing Engineer at Broadcom working on VMware Cloud Foundation. Sehjung has worked in various industry roles in product management, technical marketing, sales enablement, technical support,…

Devyani Pisolkar

Devyani Pisolkar drives market leadership for private cloud networking, security, and operations at Broadcom. She has a diverse background in R&D/engineering, product management, marketing, and pricing across a wide range…

Related Articles