VMware Project Arctic Graduates to vSphere+

Introduction

Today, June 28 2022, VMware announced vSphere+ and vSAN+; subscription based offerings of their enterprise compute and storage virtualisation solutions.

First mooted during VMworld 2021, Project Arctic promised to deliver a cloud operating model to customer’s data centre and edge locations. At a high level, that means hands-off maintenance, proactive monitoring, pay-as-you-grow consumption, subscription billing, and a shift to opex funding.

Furthermore, vSphere subscriptions allow VMware to integrate products and services as features. VMware Cross-Cloud Services will enable on-demand scale out capacity and disaster recovery capabilities. We know from the general industry shift towards Software-as-a-Service (SaaS), that the frequency of development cycles and feature delivery are increased, resulting in faster and greater value to the end customer.

The release of vSphere+ and vSAN+ is VMware’s first iteration of the Project Arctic feature set, with more capabilities and products to be added. In this release, customers can expect to benefit from simplified operations, faster time to value, and future investment in IT strategy. Find out more at the vSphere+ microsite.

What is vSphere+?

The launch of vSphere+ and vSAN+ provides customers with a subscription to compute and storage virtualisation solutions. It is aimed at organisations wanting to retain an on-premises footprint, either data centre or edge, with a consistent operating experience to their cloud infrastructure.

This means it is easy for brownfield environments to adopt, and improve their operational processes and security posture. vSphere+ is more than just a subscription to an existing product, it also offers administrators the following benefits:

  • Aggregate vCenter Servers and global infrastructure into a single view
  • VMware assisted lifecycle management, initially for vCenter Server
  • Significantly lower maintenance touch, and reduced down time with vCenter Server Reduced Downtime Upgrades
  • Faster access to new features, fixes, and security patches
  • Check for configuration drift, security issues, consistent errors, and update status across all vCenters and clusters
  • Enable access to the embedded Tanzu services for build, run, and manage, of modern container based applications
  • Global monitoring of VMware environments, see examples in this vSphere+ Tech Zone blog
  • Deploy virtual machines to multiple platforms from anywhere with the new cloud admin interface
  • Co-term licensing and support across VMware environments with flexible scaling options
  • Removes the need for individual vCenter Server licenses (see the licensing section below)

vSphere+ introduces a new cloud admin portal, this is an additional SaaS control plane, which interacts with a gateway server on-premises. The sections below go into more technical detail, but the vCenter Servers do not talk directly out to the Internet, and no workloads or components are moved to the cloud as part of this operating model.

The term cloud-like operating model relates to features like the one-click vCenter updates, one-click Kubernetes cluster enablement (a cloud native container orchestration tool), and flexible subscription, or operating expenditure, nature of the service.

Many customers want the benefits of cloud, namely flexible consumption, minimal maintenance, built-in resilience, developer agility, and anywhere management. They may also need to retain some on-premises infrastructure, for data privacy, security, or sovereignty reasons, and for high-performance or low-latency requirements. The introduction of vSphere+ aims to provide these cloud benefits in the remaining data centre or edge locations.

You can read more about the admin services and developer services available through the new cloud portal, as well as the full range of benefits introduced by vSphere+, in the blog VMware vSphere+ Introducing The Multi-Cloud Workload Platform.

vSphere+ Benefits

How Does vSphere+ Work?

Beyond the licensing information in the section below, there are some further technical considerations and clarifications.

Since the vSphere infrastructure on-premises are already deployed, there is no impact to those existing vSphere, vCenter, or vSAN environments. The vCenter Server needs to be running a minimum of version 7.0.3, so there may be a vCenter upgrade, but there is no vSphere/ESXi update required. vCenter 7.0.3 is backwards compatible with vSphere 6.5 onwards, although note that vSphere 6.x reaches end of support on 15 October 2022.

A Cloud Gateway appliance is used to connect the on-premises vSphere estate with the VMware Cloud control plane. The appliance is a standard OVA, here is some additional information:

  • The appliance needs 8 CPU, ~24 GB RAM, 190 GB disk, and a secondary IP address
  • The appliance does not need backing up or HA deployment
  • The appliance is stateless and can easily be deleted and re-deployed in the event of any issues
  • There is an admin interface for setting minimal configuration such as Internet proxy
  • Lifecycle management of the appliance is automated from the cloud control plane
  • There is a maximum latency requirement of 100ms from the vCenter to the gateway appliance, and from the gateway to the cloud portal
  • The gateway appliance has limited access to the customer environment
  • Communication between the gateway appliance and cloud portal is fully encrypted and there is no VPN requirement
  • The gateway appliance needs outbound HTTPS connectivity only, and there are no network charges
  • The gateway appliance also uploads logs to VMware support, accelerating troubleshooting during incidents
  • The gateway appliance is the point of authentication, and no usernames and passwords are transmitted to the cloud
  • Data is not shared with third parties or used for marketing purposes
  • You can have multiple gateway appliances, with up to 4 vCenter Servers per gateway (note that there is no change in vCenter and vSphere configuration maximums)
vSphere+ Cloud Gateway Appliance High Level Architecture

Subscription services for vSphere+ and vSAN+ can be activated from the cloud portal. Host billing and licensing is also managed here, with no need to install license keys. Outside of vCenter lifecycle management, and subtle differences like the removal of license keys, there is no day-to-day change in how you manage and operate the vSphere environment.

If the gateway appliance, or Internet connection, is lost the vSphere environment continues to work as normal. If the gateway has not connected to the cloud control plane after 24 hours then vSphere administrators will see advisory messages bringing this to their attention, on the login page.

For vCenter updates, VMware do not apply updates automatically without informing the customer. The customer has complete control over the planning and scheduling of updates across vCenter Servers. When a new update is available a notification is generated, and the customer chooses when to have the update applied. The inventory will apply a traffic light system for vCenter instances depending on how many versions behind the latest release they might be.

How Does vSphere+ Licensing Work?

Previously, virtualisation customers would shell out a large upfront cost for perpetual licenses they would own outright. To deliver full value the perpetual license was supplemented with SnS (Support and Subscription), adding technical support, and access to the latest updates and security patches.

With perpetual licenses and SnS renewals, the vCenter Server license (per instance) and vSphere license (per CPU) were purchased separately. The vCenter Server provides overarching management capabilities, including enterprise features like resource balancing and High Availability (HA). The hypervisor vSphere, or ESXi, is installed on physical servers and facilitates compute virtualisation.

From July 2022, customers can upgrade to subscription based offerings of vSphere+ and vSAN+ rather than the traditional SnS renewal. You may have seen a similar early access program, branded vSphere Advantage. Both vSphere Advantage and Project Arctic are officially named vSphere+ at launch.

The vSphere+ license will include vSphere (for the core count stipulated), vCenter Server (for unlimited instances), the new vSphere admin service (SaaS Based), the Tanzu Standard runtime, and Tanzu Mission Control Essentials. Tanzu services enable build, run, and manage for modern applications through the use of containers and Kubernetes orchestration, directly within the hypervisor.

The version of vSphere included with vSphere+ has feature parity with vSphere Enterprise Plus, and production support. You can view the full vSphere Enterprise Plus feature set here.

Once a vCenter Server is registered with the cloud control plane all connected hosts and associated CPUs will be counted as licensed physical cores. Note that 16 cores make up 1 CPU, which is a change to the existing perpetual limit where 1 CPU is currently valid for up to 32 cores. As physical servers are added or removed, the corresponding core count is increased or decreased.

Core commits can be made for 1, 3, or 5 year periods, with additional cores billed as overage (or the commit level increased). Any overage is calculated per hour and billed in arrears at the end of the month. A customer can run a combination of vSphere+ and perpetual vSphere, however they need to be registered with different vCenter Servers.

How Does vSAN+ Licensing Work?

The vSAN+ license is available as an add-on to vSphere+, it cannot be purchased separately. As the license is an add-on it automatically co-terms with the vSphere+ duration. Commit and overage terms are the same as vSphere+.

Using vSAN+, customers benefit from centralised management, global inventory monitoring, and global alert status from the cloud console. Existing vSAN datastores are integrated into the cloud portal virtual machine provisioning workflow, to allow deployment of workloads to a vSAN cluster from anywhere. You can read more in the Introducing vSAN+ blog.

The vSAN+ license has feature parity with vSAN Enterprise, you can view the full vSAN feature list here. At initial release, lifecycle management only covers vCenter Server. It is likely that in the future vSphere/vSAN lifecycle management may also be added to Project Arctic.

Hornetsecurity Cyber Threat Report

Introduction and Chapter 1

Hornetsecurity recently published their Cyber Threat Report Edition 2021/22. This post will examine why cybersecurity, and the Cyber Threat Report, are relevant in today’s digital world.

Cybercrime ranks amongst the highest of threats worldwide. In the UK, we have experienced cyberattacks on public services such as healthcare and local authorities. Just looking up cyberattacks in the news confirms recent attacks on a wide range of industries, such as retail providers, snack companies, news corporations, research centres, political parties, and airlines.

The impact of these attacks is far and wide reaching. Individuals can be impacted by data breaches, fraud, and loss of products and services. On a national scale, society can be impacted by the loss of critical national infrastructure, underpinning things like financial services and emergency response services.

Chapter 1 of the Cyber Threat Report starts by examining the monetary cost of cybercrime on a global scale, which has increased by 345 billion US dollars in just 2 years. The author moves on to more thought provoking subjects: world affairs like a pandemic, global espionage, and even war, can all be accelerated by cyberattacks.

Public sector and private sector industries of all kinds have multiple attack vectors in common. The report makes the case that email is typically one such example. This can be as an ingress point for ransomware attacks, or as a means of hijacking business or official email addresses. The news search I mentioned earlier highlights the breach of an official email address within one of the world’s largest intelligence and security services. Clearly anything we use in day-to-day life with a digital footprint carries a risk of being compromised, and that’s why this report is so important.

Chapter 2

The second chapter starts to lift the lid on the risk of email; starting out by stating that around 300 billion emails are sent every day. This number is expected to rise by a further 61.6 billion over the next 2 years, leading to an exponential rise in threats.

By analysing the email traffic of the first half of 2021, the Hornetsecurity Security Lab concluded that 40% of emails sent were classified as undesired emails. That’s potentially 120 billion unsolicited emails sent every day.

Most of these emails will already be blocked in advance, using known spam filters, known bad sender’s lists, and identifying common traits. It’s obvious that executables will be rejected, and individuals are now savvier to opening links or Excel files from unknown senders. However, as education and cybersecurity protection improves, attackers themselves are becoming more sophisticated.

Embedding web pages, downloads, and links in HTML files or PDFs is now a common attack format. The Cyber Threat Report goes into the detail behind the most-used file types in malicious emails, really showing the wide range of tools attackers have adopted.

This same trend is echoed when it comes to both the industries affected, and the type of attacks carried out by cybercriminals. Examples include phishing, spearphishing, malicious attachments, blackmail, ransom leaks, and brand impersonation.

The global covid-19 pandemic accelerated a shift towards online services, for public services like healthcare, as well as private services like shopping and banking. Although digital enablement is a good thing, it does have potential to increase the attack surface. Brand impersonation is a great example, and it’s good to see the report call out the impact of the pandemic on this type of attack vector. As expected, impersonation of brands like Amazon, DHL, and Fedex are commonly used with malicious URLs.

The final section of the second chapter talks to the rise of as-a-service offerings on the dark web, which is something I was hoping would be called out. There is a growing market for Ransomware-as-a-Service, as well as for attackers to penetrate networks or systems, and then sell that access to the highest bidder. There are several use cases for this type of transaction, it could be selling secrets to competitors, opposing governments or nation states, for criminal or monetary extortion, and so on.

Chapter 3

The third chapter in the Cyber Threat Report breaks down Malware-as-a-Service (MaaS) further, with a compelling example. Emotet evolved from a banking trojan to a widely distributed MaaS operation, forming a network of cybercriminals. Before being disabled in early 2021, Emotet could infect a system and hijack email conversations, spreading amongst email contacts and mailbox recipients.

Emotet was eventually taken down by an international operation of law enforcement. In the aftermath, many other botnets have emerged, but none yet have the same scale. That said, the landscape is ever changing and as the report highlights, the existing customer base of Emotet’s MaaS operation still exists.

The final note for the ‘threat-highlights’ of 2021 is the Microsoft Exchange hack. Microsoft Exchange is perhaps one of the worlds widest used technologies, and an estimated 250,000 email servers were hit by attacks in March 2021.

The vulnerabilities were made up of 4 separate types, impacting multiple versions of Microsoft Exchange Server. Although an unscheduled security update was released, breaches were widespread before the patch could be fully rolled out.

It is believed the attack was carried out by a Chines state-sponsored hacker group, and in the clean-up that followed even the FBI were involved in removing traces from corporate networks to take out the risk of further attacks.

Chapter 4 and Summary

The report closes by highlighting the increase in digitalisation, as well as the number of devices and accounts, all providing opportunities for cybercrime to continue across borders and continents. As predicted, a huge increase in ransomware attacks is already starting to materialise. We’ve read throughout the report of the many and evolving attack options for cybercriminals, and the role in which email plays.

Microsoft 365 is an Office 365 suite with over 258 million active users, it provides Microsoft Exchange and other Microsoft products as Software-as-a-Service (SaaS). Whilst SaaS in general can help reduce the manual overhead of securing IT infrastructure, it doesn’t in any way rule out cyberattacks.

According to Hornetsecurity, every fourth business that uses Microsoft 365 has been affected by an email security vulnerability. Reading the Cyber Threat Report is really an eye opener for both individuals and business as to the risks we encounter, and often don’t even see, every time we carry out any form of digital interaction.

The Cyber Threat Report Edition 2021/22 from Hornetsecurity is available to download and read now.

April 2022 VMware Multi-Cloud Briefing

The VMware Multi-Cloud Briefing is an online quarterly series, in its fifth iteration, that brings vision, technology, and customer stories to the table. The briefing series has evolved through cloud platform, operations, and application development since its introduction in the summer of 2020. Both cloud technology and cloud adoption is advancing at a fast pace, and this April briefing provides an opportunity to see what’s new directly from VMware engineering, independent industry experts, and customers.

The latest session is opened with Joel Neeb, VP Execution and Transformation, VMware, and former F-15 pilot. Joel will talk through the history of aviation and the advancements in the cockpit, from having limited technology to running over 300 different instruments. With so many new features and capabilities, there comes a tipping point where it cannot be practically managed by a single operator, or it takes more time than it offers value. These instruments are now streamlined into a handful of features, displayed on screens instead of through switches and dials, with the computer systems surfacing what’s important to the operator at a given time.

We can learn from this approach, and apply similar models to be able to abstract and simplify multi-cloud complexity across different environments and locations. VMware Cross-Cloud Services can remove complexity, whilst enabling the agility of different cloud providers and the freedom to choose the right target environment for each application. Offering standardisation and consistency at the infrastructure layer allows scale and flexibility. Then, as requirements change and new use cases are uncovered, IT teams and developers can move quickly to accelerate overall business transformation.

VMware Cross-Cloud Services

The session continues with quick fire customer stories around streamlining operations with VMware technology, and a customer interview with S&P Global covering their approach to solving multi-cloud complexity. Later, we’ll also hear a partner perspective from DXC Technology, on how they work with customers to deliver multi-cloud outcomes, and what trends they are seeing across the market.

Next is a technology deep dive, starting out with examining how we’ve arrived at the complexity of running environments across public cloud, private cloud, and the edge. You can then expect to see:

  • How easy it is to add a new VMware environment to a hyperscaler, using vRealize Automation. In this demo we’ll start with an on-premises hosted environment, and scale out by spinning up new environments in the cloud, with the same management tooling and policies.
  • How to manage multiple cloud environments from a single tool, using vRealize Operations. In this demo we’ll look at a consistent way of managing and optimising resources, performance, capacity, and costs, with a unified troubleshooting interface.
  • How to add Kubernetes clusters in different hyperscalers to a common management plane, using Tanzu Mission Control. In this demo we’ll see how you can standardise the management of Kubernetes services, which will likely compliment your existing virtual machine infrastructure. Furthermore, we’ll find out how Tanzu Service Mesh can secure the communication of micro-services between environments and across clouds. Tanazu Service Mesh is able to bring micro-services under the same security umbrella, and automate features like mutual TLS encryption across all services.

The final segment is an industry interview with IDC and VMware, talking about what it means for customers to standardise their infrastructure and cloud platforms. There are multiple layers of abstraction and standardisation, covering the likes of management, optimisation, and security. IDC will detail where you can start, and what they see as good first steps.

The April 2022 VMware Multi-Cloud Briefing, and associated launch blog, is now live and available on YouTube. The video is embedded below. You can watch the current and previous briefings on the VMware Multi-Cloud Briefing page, each video is between 30-40 minutes long.

VMware Multi-Cloud Briefing April 2022