Yellow Bricks

VMware Converter is back!

Duncan Epping · Sep 16, 2022 ·

William already reported on it a few days ago, and I just noticed it on VMTN that VMware vCenter Converter Standalone is back, or better said in beta! If you are a customer who already has access to the beta community, simply go to this link: vCenter Convert Beta Community to get access to the community and the download/releasenotes. ~~If you don’t have access to the beta community, register for it via the following registration page: https://www.vmware.com/learn/1645300_REG.html, and download vCenter Converter!~~

<update>Available now: https://www.vmware.com/products/converter.html

I just went to the community and looked at the release notes and wanted to share some details with you:

VMware vCenter Converter Standalone 6.3.0 (GA) | 11 October 2022
You cannot upgrade to VMware vCenter Converter Standalone 6.3.0 from previous versions. If you have a previous version of Converter Standalone installed, uninstall it and then install Converter Standalone 6.3.0
You can install Converter on:
- Windows Server 2012 (64-bit
- Windows 8.1 (32-bit and 64-bit)
- Windows Server 2012 R2 (64-bit)
- Windows 10 (32-bit and 64-bit)
- Windows Server 2016 (64-bit)
- Windows Server 2019 (64-bit)
- Windows 11 (64-bit)
- Windows Server 2022 (64-bit)
VMware Converter Standalone can convert offline virtual machines from the following Hyper-V servers:
- Windows Server 2012 (64-bit)
- Windows Server 2012 R2 (64-bit)
- Windows 10 (64-bit)
- Windows Server 2016 (64-bit)
- Windows Server 2019 (64-bit)
- Windows 11 (64-bit)
- Windows Server 2022 (64-bit)
VMware Converter Standalone can convert offline virtual machines from the following VMware products and versions:
- VMware vSphere 6.5 (Update 3)
- VMware vSphere 6.7 (Update 3)
- VMware vSphere 7.0 + Update 1 + Update 2 + Update 3
- VMware Workstation 16.x
- VMware Fusion 12.x

Of course I downloaded the build and installed it on my Windows host, and it is up and running. Time to convert some machines!

As mentioned by William, the focus was very much on getting a new version out which was fully supported and developed using the latest frameworks. Next, the focus will be on adding new functionality and support for other platforms. I can’t wait for the next version!

VMware announces Ransomware Recovery as a Service and Data Protection vision!

Duncan Epping · Sep 13, 2022 ·

At VMware Explore there was a whole session (CEIB1236US) dedicated to the vision for Data Protection and Ransomware Recovery as a Service. Especially the Ransomware Recovery as a Service had my interest as it is something that keeps coming up with customers. How do I protect my data, and when needed how do recover? Probably a year ago or so I had a conversation with VMware CTO for Cloud Storage and Data (Sazzala) on this topic, and we met up with various customers to gather requirements. Those discussions ultimately led to the roadmap for this new service and new features. Below I am going to summarize what was discussed in this session at VMware Explore, but I would urge you to watch the session as it is very valuable, and it is impossible for me to capture everything.

VMware’s Disaster Recovery as a Service solution is a unique offering as it provides the best of both worlds when it comes to Disaster Recovery. With DR you typically have two options:

Fast recovery, relatively high cost.
- Traditionally most customers went for this option, they had a “hot standby” environment that provided full capacity in case of emergency. But as this environment is always up and running and underutilized, it is a significant overhead.
Slower recovery, relatively low cost.
- This is where VMs are replicated to cheap and deep storage and compute resources are limited (if available at all). When a recovery needs to happen, data rehydration is required and as such, it is a relatively slow process.

With VMware’s offering, you now have a 3rd option: Fast recovery, at a relatively low cost! VMware provides the ability to store backups on cheap storage, and then recover (without hydration) directly in a cloud-based SDDC. It provides a lot of flexibility, as you can have a minimum set of hosts constantly running within your prepared SDDC, and scale out when needed during a failure, or you can even create a full SDDC at the time of recovery.

Now, this offering is available in VMware Cloud on AWS in various regions. During the session, the intention was also shared to deliver similar capabilities on Azure VMware Solution, Oracle Cloud VMware Solution, Google Cloud VMware Engine, and/or Alibaba Cloud VMware Service. Basically all global hyper-scalers. Maybe even more important, VMware also discussed additional capabilities that are being worked on. Scaling to tens of thousands of VMs, managing multi-petabytes of storage, providing 1-minute RPO levels, proving multi-VM consistency, having end-to-end SLA observability, providing advanced insights into cost and usage, and probably most important… a full REST API.

All of those enhancements are very useful for those aiming to recover from a disaster, not just natural disasters, but also for Ransomware attacks. Some of you may wonder how common a ransomware attack is, but unfortunately, it is very common. Surveys have revealed that 60% of the surveyed organizations were hit by ransomware in the past 12 months, 92% of those who paid the ransom did not gain full access to the data, and the average downtime was 16 days. Those are some scary numbers in my opinion. Especially the downtime associated with an attack, and the fact that full access was not regained even after paying a ransom.

In general recovery from ransomware is complex as ransomware typically remains undetected for larger periods of time before you are exposed to it. Then when you are exposed you don’t have too many options, you recover to a healthy point in time or you pay the ransom. When you recover, of course, you want to know if the set you are recovering is infected or not. You also want to have some indication of when the environment was infected, as no one wants to go through 3 months of snapshots before you find the right one. That alone would take days, if not weeks, and downtime is extremely expensive. This is where VMware Ransomware Recoveryfor VMware Cloud DR comes in.

The aim for the VMware Ransomware Recoveryfor VMware Cloud DR solution is to provide the ability to recover to an Isolated Recovery Environment (including networking). This first of all prevents reinfection at the time of recovery. During the recovery process, the environment is also analyzed by a next-generation anti-virus scanner for known/current threats. Simply to prevent a situation where you recover a snapshot that was infected. What I am even more impressed by is that the plan is to also include a visual indication of when most likely an environment was infected, this is done by providing an insight into the data change rate and entropy. Now, entropy is not a word most non-native speakers are familiar with, I wasn’t, but it refers to the randomness of the data. Both the change rate and the entropy could indicate abnormal patterns, which then could indicate the time of infection and help identify a healthy snapshot to recover!

As mentioned, during recovery the snapshot is scanned by a Next-Gen AV, and of course, when infections are detected they will be reported in the UI. This then provides you the option to discard the recovery and select a different snapshot. Even if no vulnerabilities are found the environment can be powered on fully isolated, providing you the ability to manually inspect before exposing app owners, or end-users, to the environment again.

Now comes the cool part, when you have curated the environment, when you are absolutely sure this is a healthy point in time that was not infected, you have the choice to fallback to your “source” environment or simply remain running in your VMware Cloud while you clean up your “source” site. Before I forget, I’ve been talking about full environments and VMs so far, but of course, it is also the intention to provide the ability to restore files and folders of course! All in all, a very impressive solution that should be available in the near future.

If you are interested in these capabilities and would like to stay informed, please fill out this form: https://forms.office.com/r/yh69Npq7nY.

Five VMware Explore Recordings worth watching! (Deep Dive’s mainly)

Duncan Epping · Sep 8, 2022 ·

I was going over the content I recommended before the event, and of course, there were a bunch of sessions I did not get to see live. I’ve been catching up on those sessions this week and I figured I would share my five favorite sessions with you that have deep technical content. There are loads of great sessions in the Explore Catalog, so I may have missed a few on this list, but these are the sessions that I felt were deep and useful! I recommend watching these.

CEIB1576US – Project Monterey Behind the Scenes: A Technical Deep Dive
This session goes over what the vSphere Distributed Services Engine is, how it has been implemented, and what the benefits are. It also provides some insights on what to expect in the near future of this feature.
INDB2406USD – Deconstructing vSAN – A Deep Dive into the Internals of vSAN
This session goes over the vSAN internals and shows the data path, the emphasis here is mainly on the new Express Storage Architecture (ESA).
- CEIB2172US – Get to Know the Next-Generation of vSAN Architecture
  This session overlaps with the above, but it has some extra details shared by one of the lead engineers on vSAN ESA. So this isn’t session 3, but more 2b.
CEIB1236US – Vision for Data Protection and Ransomware Recovery as a Service
I attended this session live, and it basically previews an upcoming solution for recovery from a ransomware attack. I loved how it shows you where the attack potentially occurred, and I love that there is a next-gen anti-virus scanner integrated to scan the snapshots on restores so that you don’t go back to an infected “point in time”.
CEIB2325US – VMware Edge Compute Stack Reference Architecture Deep Dive
This session goes over the VMware Edge Compute Stack 2.0 which was mentioned in various keynotes at the event.
CEIB1432-3-4-USD – Tech Deep Dive into Azure VMware Solution / Google Cloud VMware Engine / Oracle Cloud VMware Solution
Yes, I am cheating again, but I can’t just list one when there are sessions on each of the offerings. I feel it is important to understand the details before you decide on which platform works for your multi-cloud implementation.

Podcast episodes: vSphere 8, vSAN 8, and VMware Explore wrap-up…

Duncan Epping · Sep 5, 2022 ·

It was a busy week at VMware Explore last week, but we still managed to record new content to discuss what was happening at VMware Explore. We spoke with folks like Kit Colbert, Chris Wolf, Dave Morera, Sazzala Reddy, and many others. We also recorded episodes to cover the vSAN 8.0 and vSphere 8.0 release. For vSAN 8.0 we asked Pete Koehler to go over all the changes with vSAN Express Storage Architecture. vSphere 8.0 was covered by Feidhlim O’Leary, going into every aspect of the release, and it is a lot.

Introducing vSphere 8!

Duncan Epping · Aug 30, 2022 ·

This is the moment you all have been waiting for, vSphere 8.0 was just announced. There are some great new features and capabilities in this release, and in this blog post I am going to be discussing some of these.

First of all, vSphere Distributed Services Engine. What is this? Well basically it is Project Monterey. For those who have no idea what Project Monterey is, it is VMware’s story around SmartNICs or Data Processing Units (DPUs) as they are typically called. These devices are basically NICs on steroids, NICs with a lot more CPU power, memory capacity, and bandwidth/throughput. These devices not only enable you to push more packets and do it faster, they also provide the ability to run services directly on these cards.

Services? Yes, with these devices you can for instance offload NSX services from the CPU to the DPU. This not only brings NSX to the layer where it belongs, the NIC, it also frees up x86 cycles. Note, that in vSphere 8 it means that an additional instance of ESXi is installed on the DPU itself. This instance is managed by vCenter Server, just like your normal hosts, and it is updated/upgraded using vLCM. In other words, from an operational perspective, most will be familiarized fast. Now having said that, in this first release, the focus very much is on acceleration, not as much on services.

The next major item is Tanzu Kubernetes Grid 2.0. I am not the expert on this, Cormac Hogan is, so I want to point everyone to his blog. What for me probably is the major feature that this version brings is Workload Availability Zones. It is a feature that Frank, Cormac, and I were involved in during the design discussions a while back, and it is great to finally see it being released. Workload Availability Zones basically enable you to deploy a Tanzu Kubernetes Cluster across vSphere Clusters. As you can imagine this enhances resiliency of your deployment, the diagram below demonstrates this.

For Lifecycle Management also various things were introduced. I already mentioned the vLCM now support DPUs, which is great as it will make managing these new entities in your environment so much easier. vLCM now also can manage Stand Alone Host’s via the API, and vLCM can remediate hosts placed into maintenance mode manually now as well. Why is this important? Well this will help customers who want to remediate hosts in parallel to decrease the maintenance window. For vCenter Server lifecycle management, there also was a major improvement. vSphere 8.0 now has the ability to store the vCenter Server cluster state in a distributed key-value store running on the ESXi hosts in the cluster. Why would it do this? Well it basically provides the ability to roll back to the last known state since the last backup. In other words, if you added a host to the cluster after the last backup, this is now stored in the distributed key-value store. When a backup is then restored after a failure, vCenter and the distributed key-value store will then sync so that the last known state is restored.

Last lifecycle management-related feature I want to discuss is vSphere Configuration Profiles. vSphere Configuration Profiles is a feature that is released as Tech Preview and over time will replace Host Profiles. vSphere Configuration Profiles introduces the “desired-state” model to host configuration, just like vLCM did for host updates and upgrades. You define the desired state, you attach it to a cluster and it will be applied. Of course, the current state and desired state will be monitored to prevent configuration drift from occurring. If you ask me, this is long overdue and I hope many of you are willing to test this feature and provide feedback so that it can be officially supported soon.

For AI and ML workload a feature is introduced which enables you to create Device Groups. What does this mean? It basically enables you to logically link two devices (NIC and GPU, or GPU and GPU) together. This is typically done with devices that are either linked (GPUs for instance through something like NVIDIA NVLINK) or a GPU and a NIC which are tightly coupled as they are on the same PCIe Switch connected to the same CPU, bundling these and exposing them as a pair to a VM (through Assignable Hardware) with an AI/ML workload simply optimizes the communication/IO as you avoid the hop across the interconnect as shown in the below diagram.

On top of the above firework, there are also many new smaller enhancements. Virtual Hardware version 20 for instance is introduced, and this enables you to manage your vNUMA configuration via the UI instead of via advanced settings. Also, full support for Windows 11 at scale is introduced by providing the ability to automatically replace the required vTPM device when a Windows 11 VM is cloned, ensuring that each VM has a unique vTPM device.

There’s more, and I would like to encourage you to read the material on core.vmware.com/vsphere, and for TKG read Cormac’s material! I also highly recommend this post about what is new for core storage.