VMware vSphere 8 Update 2 – What’s New
VMware vSphere is a powerful virtualization platform that is regularly updated with improvements and new features. At the end of 2023, VMware released VMware vSphere 8 Update 2, streamlining operations and reducing the admin workload, particularly when it comes to life cycle management.
According to VMware, this latest release improves workload performance by optimizing the utilization of physical hardware and facilitating the integration of new technologies and hardware accelerators. In addition to operational efficiency, the release is focused on driving innovation for DevOps through the seamless integration of Kubernetes offerings, making it easier for DevOps teams to deploy the vSphere Tanzu platform.
VMware vSphere 8.0.2 introduces several new features that are particularly beneficial for administrators managing large virtual infrastructures to:
- Improve operational efficiency
- Enhance workload performance
- Accelerate innovation for DevOps
Let’s look in more detail at what’s new in VMware 8U2 compared to the previous version VMware 8.0.
Enhanced Operational Efficiency
In VMware vSphere 8 Update 2, administrators gain access to improved tools to help them save time. VMware aims to streamline the admin’s work by reducing the time spent on maintenance activities and, in some cases, eliminating the need for specific maintenance tasks altogether.
There are always challenges associated with updating and upgrading vSphere, particularly in large environments with hundreds or even thousands of systems. To address this, VMware has placed a strong emphasis on lifecycle management, making the process of updating vSphere quicker and more efficient. Furthermore, VMware has expanded its support for third-party identity providers, simplifying the central management of authentication for IT administrators.
Reduced Downtime Upgrade
Let’s start with patching and updating. Patching vCenter instances is a common task that often takes a considerable amount of time, with vCenter services being temporarily offline. With update 2, VMware introduced the Reduced Downtime Upgrade method for updating vCenter instances.
The vCenter Reduced Downtime Upgrade is initially designed for single self-managed vCenter instances. It does not support vCenter instances enabled with vCenter HA or those participating in Enhanced Linked Mode (ELM). This method is supported for updating vCenter instances running version 8.0 or 8.0 U1 to 8.0 U2 and will also support updating from 8.0 U2 to future versions.
What makes this method different? The Reduced Downtime Upgrade uses a migration-based approach, transitioning from one vCenter build to a newer one. This process resembles a major vCenter upgrade, such as moving from version 7 to version 8. However, there is a significant distinction.
With the migration-based method, a new vCenter appliance is deployed, and all vCenter data and configuration are copied from the current vCenter to the new one, similar to a major vCenter upgrade. The key distinction is that during this data and configuration copy phase, the current vCenter and its services remain online, ensuring continuous productivity. The only vCenter service downtime occurs for a few minutes when the current vCenter services are stopped, and the new vCenter services are started, typically taking less than 5 minutes.
NOTE: VMware stresses the importance of creating backups before any patching or updating procedure, not just as a recommendation but as a requirement to ensure uninterrupted operations. Read more about vCenter backup and ESXi backup.
To illustrate the benefit of this feature, let’s consider an example. Traditionally, in vSphere, one update is needed for every cluster of ESXi hosts, with a maximum of 32 hosts per cluster. If a user has 32,000 ESXi hosts across 1,000 clusters, updating the entire ESXi fleet requires 1,000 separate update operations. However, with the ESXi lifecycle management service in VMware 8U2, only one update is needed for each standard hardware configuration, regardless of the number of clusters.
Since most IT organizations standardize their hardware configurations, the user might have only around 3 to 5 standard hardware configurations (depending on the number of server vendors they purchase from). This means they could update their entire ESXi fleet in as few as 3 to 5 update operations, a significant reduction from the 1,000 updates required in traditional vSphere.
Non-Disruptive Certificate Management
VMware vSphere 8 Update 2 brings non-disruptive certificate management into the spotlight. This means that vSphere administrators can now renew and replace the vCenter SSL/TLS certificate without the need for service restarts. It’s worth noting that external solutions like VMware NSX may require re-authentication to vCenter when a certificate is modified. As per industry best practices that advocate for shorter TLS certificate validity periods, vSphere administrators can align with these guidelines and carry out annual certificate renewals without causing any disruptions to vCenter’s operational efficiency.
Lifecycle Manager
The VMware vSphere Lifecycle Manager (LCM) has already made a significant impact, and its functionalities continue to evolve. While it currently provides support for vSAN witness nodes and vSAN clusters, VMware vSphere 8 Update 2 introduces a noteworthy enhancement, empowering vLCM to oversee witness nodes that are involved in multiple vSAN clusters.
In particular, for shared vSAN witness nodes, users can now independently manage the image definition, separate from the vSAN clusters to which they belong. This enhancement offers increased flexibility, particularly for shared vSAN witness nodes, enabling the creation of custom builds tailored to specific use cases.
Configuration Profiles
First introduced in VMware vSphere 8 and then fine-tuned in vSphere 8 Update 1, the vSphere Configuration Profiles feature has undergone further improvement in VMware vSphere 8 Update 2. An all-inclusive user interface workflow simplifies the process of creating, modifying, and implementing vSphere Configuration Profiles.
Now, you no longer need to export the JSON document for editing, though this option still exists. A new Draft tab is introduced in the user interface, allowing users to generate, modify, and implement drafts or duplicates of the existing configuration.
Accelerated Innovation for DevOps
For DevOps engineers, developers, and any infrastructure consumers, VMware has consistently worked on enhancing self-service access, introducing Kubernetes integration in 2020. The latest release further improves this aspect, offering faster infrastructure access and simplifying the setup of Kubernetes environments for IT admins and DevOps engineers.
In prior releases, vSphere administrators were solely responsible for publishing new templates to a content library, leaving DevOps users unable to do that. However, VMware vSphere 8 Update 2 introduces the ability for a vSphere administrator to grant writable permissions on a content library assigned to a namespace, allowing more flexibility in publishing VMs to a content library.
A notable addition in VMware vSphere 8 Update 2 is the VM Image Registry Service, designed for DevOps engineers and other users requiring a means to store VM images for reuse or sharing. This service enables consumers to publish, modify, and delete images using Kubernetes APIs, which can then be used for deploying VM Service VMs without relying on IT Admin support.
Virtual Hardware Version 21
In the latest iteration of Virtual Hardware – version 21, there are several enhancements for virtual machines, including:
- Doubling the maximum number of vGPU devices per VM, now allowing up to 16.
- The capacity to connect as many as 256 NVMe drives to a VM.
- Support for the NVMe 1.3 specification, benefiting Windows users, as well as Windows Server cluster failover compatibility with NVMe drives (NVMe support for Windows Server Failover Clustering, WSFC).
- Enhanced compatibility checks for new operating systems, including Linux Red Hat 10, Oracle Linux 10, Linux Debian 13 and FreeBSD 15.
To use these features, you’ll need both VMware vSphere 8 Update 2 and Virtual Hardware 21. An immediate hardware update might not be necessary unless you intend to use these new capabilities.
Additionally, there have been changes in the bundling of VMware Tools in ESXi 8.0 Update 2. There are images for Windows, Linux, and other supported operating system families. The bundled VMware Tools ISO images include:
- windows.iso – VMware Tools 12.3.0, which provides support for Windows 7 SP1 or Windows Server 2008 R2 SP1 and newer versions.
- linux.iso – VMware Tools 10.3.25 ISO image designed for Linux operating systems with glibc 2.11 or later.
You can download older versions of VMware Tools for older guest operating systems manually and install them.
VMware vSAN 8 Update 2
The most recent vSAN update brings a range of improvements. VMware vSAN 8 Update 2 sets the stage for the introduction of a new solution, VMware vSAN Max, which is expected to be available in the second half of 2024.
VMware vSAN Max uses the vSAN Express Storage Architecture to offer an alternative deployment model that provides petabyte-scale disaggregated storage for vSphere. This allows admins to independently scale storage from compute resources, granting them the flexibility to accommodate a wide range of workloads.
Modern organizations rely on an array of applications to drive their operations, each with unique requirements for computing power, storage capacity, and performance. And with the growing prominence of advanced analytics, AI applications, and cloud-native applications as well as the expanding diversity of workloads and the need for scalability, there is a clear need for a flexible infrastructure that allows critical applications to expand.
vSphere Lifecycle Manager has been supporting vSAN witness nodes since VMware vSphere 7 Update 3. With that release, vSphere Lifecycle Manager was able to automatically handle the remediation of vSAN witness nodes alongside the vSAN cluster. With VMware vSphere 8 Update 2, vSphere Lifecycle Manager extends its support for vSAN witness nodes to encompass shared vSAN witness nodes. This enhancement enables the independent management of the image definition for the vSAN witness node, irrespective of the vSAN cluster(s) to which it belongs.
Better Workload Performance for AI
GenAI has emerged as a key strategic focus for numerous enterprise clients. vSphere joined the artificial intelligence (AI) landscape ever since the introduction of the VMware + NVIDIA AI-Ready Enterprise Platform in March 2021. In VMware vSphere 8 Update 2, VMware is further advancing its GPU virtualization technology.
In addition to AI-related enhancements, VMware is broadening the availability of Data Processing Unit (DPU) technology across a wider range of hardware platforms to offer customers enhanced performance benefits. VMware is also expanding its DPU support to include Lenovo and Fujitsu server hardware – their owners now have the opportunity to utilize vSphere DPU integration and its associated performance benefits. However, it’s not limited to AI alone. Introduced a year ago with vSphere 8, DPU support enables customers to offload infrastructure workloads from CPUs to dedicated DPUs, thereby enhancing the performance of business workloads.
In the context of resource-intensive workloads, particularly in the AI domain, VMware virtual hardware version 21 brings a significant boost. The maximum number of vGPU devices that can be allocated to a single VM has now doubled to 16. This substantial increase in performance capacity enables more efficient AI/ML model training and the execution of larger models with extensive datasets.
It’s worth noting that in vSphere 8.0 Update 1, VMware introduced virtual machine storage translation with full backward compatibility. This innovation ensures that virtual machines utilizing a combination of SCSI or vNVMe controllers and targeting SCSI or NVMe devices can translate paths within the storage stack. This allows for seamless transitions between SCSI and NVMe storage without requiring a change in the storage controller for the virtual machine. In VMware vSphere 8 Update 2, it is now possible to connect up to 256 NVMe disks to a VM, satisfying the needs of virtually all VMware enterprise customers.
DRS Improvements
VMware previously introduced the capability to employ vMotion hot migration technology for GPU-intensive workloads. This marked a significant advancement for users relying on virtual machines for artificial intelligence and machine learning tasks, as it facilitated the movement of these workloads to achieve proper hardware resource balancing and equitable resource utilization.
However, there were scenarios in which workloads were not fully utilizing available GPU resources. To tackle this, improvements were made to the load-balancing mechanism in VMware vSphere 8 Update 2. The latest enhancement involves Distributed Resource Scheduler (DRS), which now takes into account the sizes of vGPU profiles and strives to consolidate vGPU workloads of the same profile size on a single host. This optimization extends to the initial placement of VMs with GPU support, minimizing GPU capacity loss due to fragmentation.
In earlier vSphere versions, VMs with specific GPU requirements sometimes encountered placement challenges when the required GPUs were dispersed across different hosts. With the introduction of VMware vSphere 8 Update 2, DRS automatically addresses this issue by defragmenting vGPU-enabled VMs. When a new VM requiring four GPUs isn’t initially available on the same host, DRS intelligently orchestrates the migration of another VM to create space, ensuring that VMs are promptly placed and powered as needed.
When dealing with vGPUs, the “stun time” (the period when a VM is briefly paused) during migrations can be a crucial consideration. VMware vSphere 8 Update 2 introduces a valuable feature for administrators, offering insights into the estimated maximum stun time of a vGPU-enabled VM. This estimation is based on network speed and the size of the vGPU memory, providing administrators with essential information for planning and managing vGPU-enabled VM migrations.
Improved Security
In terms of security, VMware has improved the default settings of the product to closely align with the vSphere security configuration and hardening guidelines. With the release of VMware vSphere 8 Update 2, users can anticipate updated hardening guides that will simplify the process for the user base.
In VMware vSphere 8.0 Update 2, there is an introduction of initial support for TLS 1.3 in ESXi, while vCenter maintains TLS 1.2.
VMware vSphere 8 Update 2 marks an expansion of the Distributed Key-Value Store, encompassing the configuration of vSphere Distributed Switch, including instances utilized by VMware NSX. This enhancement builds upon the host-cluster membership feature introduced in vSphere 8.
Identity management and multi-factor authentication are integral components of contemporary security. VMware is introducing direct support for cloud identity providers. In vSphere 8 Update 1, this support commenced with Okta, and now, in VMware vSphere 8 Update 2, the scope of identity provider support is being expanded to include Azure Active Directory.
Optimized Windows Guest Customization
This enhancement offers a swift and straightforward improvement for Windows VM deployments. You now have the option to designate the Organizational Unit (OU) path within your customization specifications. As a result, when deploying Windows VMs using this specification, these VMs can seamlessly join Active Directory at the specified Organization Unit (OU) path, making the process more efficient and customized.
Descriptive Error Messages
Yet another minor yet valuable enhancement relates to the error message displayed when VM files are locked. For instance, in a situation where a VM cannot be powered on due to a file lock on the current host, the error message now provides specific details about the locked file and identifies the host currently holding the lock. File locks can occur in unexpected disaster scenarios, such as storage outages, although they are relatively rare. This message offers comprehensive information, including the name of the locked file, the hostname of the host attempting access, the IP address of the host with the lock, and the MAC address of the NIC (network interface controller) on the host holding the lock.
NSX Updates in VMware 8U2
Commencing from VMware vSphere 8 Update 2, vSphere with Tanzu extends its support for the use of the NSX Advanced Load Balancer (NSX ALB) in environments that leverage the NSX networking stack, replacing the deprecated NSX Load Balancer (NSX LB). This support was already in place for vSphere with Tanzu deployments utilizing the vSphere Distributed Switch networking stack.
In parallel, NSX-T version 3.2.0 introduces the deprecation of the NSX-T Load Balancer, with plans to completely remove it in future releases. VMware is strongly encouraging its customers to transition to the NSX Advanced Load Balancer (NSX-ALB), which serves as VMware’s flagship load balancing solution, providing a robust alternative to the phased-out NSX-T Load Balancer (NSX-T LB).
Conclusion
VMware vSphere 8 Update 2 brings a set of improvements in multiple categories, such as lifecycle management, effective administration, higher performance, and lower downtime. Consider upgrading to VMware 8U2 if you want to use the latest vSphere features.
Make sure that you’re running backups and protecting your VMs before installing the latest update. Use NAKIVO Backup & Replication for all your backup and disaster recovery needs, including VM data protection and physical machine backup.
