VMworld 2017 Roundup: Day 2

VMworld’s first full day of sessions and such delivered. Here we go.

General Session

For general session commentary, check out the Live Blog. To sum it up quick:

• VMware Cloud on AWS was officially released,
• VMware’s betting big on NSX by pushing it beyond on site and cloud data centres, extending it to containers, app platforms, and more, and
• VMware introduced AppDefense, which is their new security play.

Meet the vCenter Server Experts Panel [SER1440PU]

The first session of the week for me was a Q&A panel, featuring Mike Foley, Adam Eckerle, Kyle Ruddy, Dilpreet Bindra, and Emad Younis. They started things off by mentioning that the vSphere web client is going away, with a sun setting announcement that was delivered last week. vCenter Server on Windows is also going to follow the same path, with the VCSA standing as the successor. There hasn’t been an official date set yet, however it’s expected that these products will be retired as of the next major release of vSphere. If you’re still on vCenter Server for Windows, be sure to look at the migration tool as it will help you seamlessly replace it with VCSA.

There was a big of panel discussion among themselves, highlighting some vSphere 6.5 benefits (such as VM encryption, secure boot), the ongoing transition from SOAP-based to RESTful APIs, and that PowerCLI modules are being evaluated and re-written to make them better and faster (case in point, Get-Vm). It’s recommended to run the latest PowerCLI version and not stick with the version of PowerCLI that matches your vSphere deployment, as these kinds of improvements can often be “retroactively” available to older vSphere environments, since it’s the PowerCLI code itself being improved. Also, check out the VMware API Explorer to browse, search and inspect the various VMware APIs.

The audience was then invited to pose questions to the panel:

• Q: Will UUIDs be accessible via APIs?
• A: That’s coming in the future; VMware is interested to know what use cases customers have for the UUID attribute so they can better understand the need and deliver.
• Q: Will vCenter be able to be upgraded via VUM?
• A: That functionality’s being worked on.
• Q: VAMI can manually backup but not be scheduled at the moment, is that coming?
• A: Scheduling can be handled externally (ex. via PowerShell) at the moment, but it is being worked on.
• Q: Is VMware getting rid of the PSC? Certificates are especially difficult to manage.
• A: The number one use case for external PSC deployment is the need for vCenter Enhanced Linked Mode. VMware is working on making Enhanced Linked Mode available with embedded PSCs. In the meantime, if customer’s don’t need Enhanced Linked Mode they should stick with embedded PSC.
• Q: Is high availability (HA) being brought to PSC?
• A: For external PSC the official guidance is to use an external load balancer. If you use the embedded PSC it can be covered by vCenter HA.
• Q: Can vCenter warn is the PSC isn’t at the right version before vCenter itself is updated?
• A: This exists in 6.5 already.
• Q: Can SSO domains be merged (for those customers who have made mistakes, for instance)?
• A: It’s being worked on for 6.x. If you’re still on 5.x then vCenter can consolidate SSO domains before the upgrade to 6.x. Once a vCenter component is upgraded to 6.x, however, the SSO domains are “locked in”.
• Q: Why is FT limited to 4 CPUs? Can it be increased?
• A: The limit is based on engineering considerations, however increasing the FT maximums is being worked on. No dates can be provided at this time.
• Q: When will the new vSphere Client be feature complete?
• A: It’s now about 95% feature complete with the 6.5u1 release, and VMware is working on reaching 100% feature parity with the vSphere Web Client.
• Q: Are there any plans to increase the maximum cluster nodes for DRS (currently at 64)?
• A: It’s in the works.
• Q: Some Auto Deploy features are still PowerCLI only, will they be added to the vSphere Client?
• A: It’s on the road map.
• Q: Is certificate installation & management being improved? Not all companies can make vCenter an intermediate CA.
• A: That limitation is understood. A hybrid approach is recommended where the certs are replaced on the PSC and VCSA, and then those components are allowed to mange the certificates installed on the hosts. This secures access to vCenter itself, which would be needed to attempt to get to the host interfaces anyway.

The panel ended with a quick note that vCenter HA is not the same as vCenter DR, so plan for both.