Q2 Sirius Lunch & Learn - vSphere 6 & Windows 2003 EoL

Sirius Computer Solutions
Lunch and Learn
Q2 2015

What’s New in vSphere 6

3Sirius Computer Solutions
Platform Features
vSphere 5.5 vSphere 6.0
32 Hosts / Cluster 64 Hosts / Cluster
4000 Virtual Machines / Cluster 8000 Virtual Machines / Cluster
320 CPUs / Host 480 Logical CPUs / Host
4 TB RAM / Host 12 TB RAM / Host
512 Virtual Machines / Host 1024 Virtual Machines / Host

Virtual Machine Compatibility w/ ESXi 6.0
128 vCPUs / 4TB of RAM
Server Compatibility
Support for Windows Server 2012 R2 and SQL 2012
Failover clustering and AlwaysOn Availability Group
support
IPv6 Support Enhancements
Platform Features

Platform Features
Metric Windows Appliance
Hosts / vCenter 1,000 1,000
Powered on VMs / vCenter 10,000 10,000
Hosts / Cluster 64 64
VMs / Cluster 6,000 6,000
Linked Mode Support? Yes Yes
vCenter Features
Windows install now supports Postgres and External SQL/Oracle DBs
vCSA supports embedded Postgres and external Oracle DBs

6
Platform Services Controller
Platform Services Controller (PSC) provides the
following services
vCenter Single Sign-in (SSO)
License Service
Lookup Service
VMware Directory Service
VMware Certificate Authority (VMCA)

7
Platform Services Controller (continued)
Deployment Options
Internal and External
External has built in replication
(N) vCenters => (1) PSC
(1) vCenter => (N) PSCs
(N) vCenters => (N) PSCs
Enables highly resilient configurations:

8
Certificates
VMware Certificate Authority (VMCA)
Will provision ESXi hosts and vCenter Server/Services
with certificates that are signed by the VMCA
Not Required – you may use your own CA
Can be used in the following modes:
Default – self signed CA, default certs installed,
certs easily regenerated
Enterprise – replace default certs with an
enterprise CA
Custom – disable VMCA, adds complexity

9
Certificates (continued)
VMware Endpoint Certificate Store (VECS)
Stores all certificates and keys used for vCenter and
services – not optional
ESXi certificates are stored locally
Use vecs-cli to manage certificates and keys

Linked Mode
vSphere 5.5 vSphere 6.0
Windows Yes Yes
Appliance No Yes
Single Inventory View Yes Yes
Single Inventory Search Yes Yes
Replication Mechanism Microsoft ADAM Native
Roles and Permissions Yes Yes
Licenses Yes Yes
Policies No Yes
Tags No Yes

11
vMotion
Cross vSwitch vMotion
Does not change the IP of the VM, switches must have
L2 adjacency
Supported Functionality:
vSS => vSS
vSS => vDS
vDS => vDS
no vDS => vSS

12
vMotion (continued)
Cross vCenter vMotion
Changes compute, storage, network, and vCenter
simultaneously
Does not require shared storage
250Mbps per vMotion required
Same SSO domain only from GUI, different SSO domain
possible via API

13
vMotion (continued)
Misc Notes
vMotion network will cross L3 boundaries and can use
it’s own TCP/IP stack
Can define provisioning network for virtual machine cold
migration, cloning, and snaps as well as network file
copy traffic during long distant vMotions.
Up to 150ms RTTs for long distance vMotion
vMotion MSCS cluster-across-box (CAB) with physical
mode RDMs

14
Content Library
Provides content management and
synchronization. One central location to
manage all content.
ISO IMAGES SCRIPTS
VM
TEMPLATES
vApps

15
Content Library
Uses publisher / subscriber model
vCenter => vCenter
vCloud Director => vCenter
Max of 256 content items per library and 10
simultaneous copies
Syncs every 24 hours

16
Network I/O Control (NIOC) v3
Applied at the vNIC level
Bandwidth is guaranteed to the virtual interface
Reservation set on the vNIC in the VM properties
Applied at the Distributed Port Group level
Bandwidth is guaranteed to a distributed port group
Reservation set on the VDS port group

17
Virtual Volumes
Per-VM granularity for data services and policy
instead of per-LUN granularity.
Every VMDK is an object that you can apply policies and settings to and is
stored in a non partitioned storage pool.
Requires array support, some native to the array some as an appliance
vCenter communicates with.
VMFS is not used, instead the objects the VM is comprised of are stored
directly on the array, thus no need for constructs like VAAI UNMAP

18
Virtual Volumes (continued)
VASA Provider – Provides out of band communication between vCenter and the
storage system. Again, can be native or an appliance. Think control plane.
Protocol Endpoint – I/O proxy that directs IO from the host to the appropriate Virtual
Volumes stored on a storage container. Takes the form of a LUN or mount point but
not used for actual data storage. No NFS 4.
Storage Container – a pool of raw storage used to store virtual volumes, not a LUN,
managed by the array.
Storage Policy Based Management – allows for VMs to be placed on storage that
meets the requirements of that particular VM.
Virtual Volume Datastore – Logical representation of a storage container in vSphere.

19
Virtual Volumes (continued)

20
VSAN 6.0
All flash configuration
100K IOPs/Host
Up to 64 Nodes
Max VMDK of 62TB
Ability to evacuate a single disk
(in 5.5 you had to evacuate an entire disk group)

21
VSAN 6.0 (continued)
Fault domains now available
Allows for controlled placement of replicas and witnesses
Can align with racks boundaries to account for rack failures
Direct-attached JBOD is now supported for
certain blade systems
Check HCL – Just UCS at last glance
Controller-based D@RE and Hardware
Checksum
Check HCL for both

22
High Availability
VM Component Protection
VM restart during APD / PDL situations
Prior versions had PDL support via CLI but no support for APD as related to
VM restart
64 hosts now supported in a HA cluster
8000 VMs / cluster

Fault Tolerance
Feature vSphere 5.5 vSphere 6.0
Max vCPUs 1 4
RAM 64 GB 64 GB
Virtual Disk Type Eager Zeroed Thick Thin, Thick, Eager Zeroed Thick
Snapshots/VADP No Yes
Storage Redundancy No (shared VMDKs) Yes (individual VMDKs)
Paravirtual Device Supportx No Yes
Max FT VMs Per Host 4 4 VMs or 8 vCPUs Total
Network Requirement 1Gbps 10Gbps

24
vSphere Replication
End-to-end network compression
Network traffic isolation
Separate replication traffic on to dedicated vmkernel port
Linux filesystem quiescing now supported

25
vSphere Replication (continued)
Full sync is now faster as it is based upon
actual allocation rather than configured value
Storage vMotion of replica is supported without
full sync
vSphere replication virtual appliance now runs
on SLES 11 SP3 w/ IPv6 support

26
vSphere 6.0 Gotchas
NFS 4.1
Many issues highlighted in the release notes, review before utilizing.
Interoperability concerns with VVols
vSphere Plugins
Plugins and anything interacting with the API (VDI, Failover software) must
be 6.0 compatible prior to upgrade
Tags
Domain users with full privileges cannot assign tags, must use SSO admin

27
vSphere 6.0 Gotchas (continued)
SSO
Changing the Administrator password after SSO is deployed causes the
Component Manager service to hang, no workaround.
ESXi Hosts
ESXi hosts randomly fail or disconnect when running >300 VMs in a cluster.
Third Party Components
1000v is not fully certified, AVS mode will not be supported. Host based
flash caching plugins like PernixData not currently supported.

28
vCenter Installation
The FQDN/IP used when configuring the vCenter server MUST be match
what is utilized for the PSC.
vCenter Service Account
Do not use or @ in the password for the service account used to run
vCenter, installation may fail.
Active Directory
ESXi hosts may drop off of the domain following upgrade to 6.0.

29
IPv6
Still not 100% supported, check official docs or
https://www.edge-cloud.net/2015/03/ipv6-in-vsphere-6/
vCenter External Database
Oracle 11g and 12c are deprecated. Will work for 6.0 but continuing support
is not guaranteed.
.

Windows Server 2003 End-of-Life

31
What’s it all about?
• July 14th 2015 – Windows Server 2003 is
officially End of Life
• Similar to WinXP EOL last year
• Only a couple months remaining before
extended support is required

32
Impacts
• Operations
• Security
• Compliance

33
Operational Impact
• No technical support
• Migrations required
» Application compatibility concerns
• Exceptions have to be managed
• Custom support is available
» Expensive
» Negotiated with Microsoft

34
Security Impact
• No security patches henceforth
» 37 critical updates were released in 2013 under
extended support. None following EOL.
• Ripe target for attacks
• Exceptions must be mitigated

35
Compliance Impact
• Nearly all regulations require a patched,
supported OS.
• Ex. PCI DSS Req 6.2
» Ensure that all system components and software are protected from known
vulnerabilities by installing applicable vendor-supplied security patches. Install critical
security patches within one month of release.
• Compensating controls for any exceptions

36
What can we do?
• Migrate to a supported OS
» Best option
• Alternatives
» Segment off behind separate firewall
» Harden OS

37
How can Sirius help?
• Microsoft Services
• Virtual Infrastructure
• Compensating Controls
» Cisco Security (ASA w/ Firepower)
» Palo Alto Networks
» Bit 9 / Carbon Black

Any Questions?
Thank You!

Q2 Sirius Lunch & Learn - vSphere 6 & Windows 2003 EoL

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (18)

Similaire à Q2 Sirius Lunch & Learn - vSphere 6 & Windows 2003 EoL

Similaire à Q2 Sirius Lunch & Learn - vSphere 6 & Windows 2003 EoL (20)

Plus de Andrew Miller

Plus de Andrew Miller (9)

Dernier

Dernier (20)

Q2 Sirius Lunch & Learn - vSphere 6 & Windows 2003 EoL

Notes de l'éditeur