VMworld 2021 Updates and Announcements

VMworld 2021 Updates and Announcements

Introduction

VMware CEO Raghu Raghuram opened VMworld 2021 by highlighting that “it’s no longer about a ‘cloud first’ approach—it’s about being ‘cloud smart’. Organisations should have the freedom to choose the ’right’ cloud, based on their strategic business goals.” To this end, “Multi-cloud is the digital business model for the next 20 years, as entire industries reinvent themselves.”

Multi-cloud doesn’t just mean deploying applications across 2 or 3 of the major hyperscalers. It’s about building a more diverse set of applications, and selecting the cloud for that application based on the needs of the business. The challenge is that each cloud has its own siloed tooling, making it difficult to manage, connect, and secure applications. With data centres being transformed into private clouds, public cloud services, and applications being pushed out to the edge, a consistent approach to infrastructure with secure connectivity and access is needed.

Raghu set out the power of ‘and‘, promising customers freedom and control, by prioritising developer autonomy and DevSecOps efficiency, enterprise apps on any cloud and full control with cost savings, anywhere access for employees and world-class security. This vision is delivered through VMware Cross-Cloud Services; a family of multi-cloud services to build, run, and secure applications across any cloud. VMware Cross-Cloud Services enables innovation through 5 core building blocks:

  • VMware Tanzu: a state of the art platform for building and deploying cloud-native applications
  • VMware Cloud: cloud infrastructure for operating, running, and modernising enterprise applications
  • VMware vRealize Cloud: cloud based management for monitoring and managing the performance and cost of applications across different clouds
  • VMware Carbon Black Cloud and VMware NSX Cloud: security and networking spanning multi-cloud operations to connect and secure all applications
  • VMware Workspace ONE and VMware Edge Compute Stack: an anywhere workspace to empower the distributed workforce, along with edge solutions to deploy and manage edge-native applications

The key benefits of VMware Cross-Cloud Services are speed; accelerating the journey to cloud, spend; making big gains in cost efficiency, and freedom; cross-cloud choices for maximum flexibility.

Continuing with the theme of and, VMware President Sumit Dhawan introduces VMware Tanzu Application Platform as being built for developers, and operations, and Cloud Centres of Excellence. VMware Tanzu Application Platform is a complete system for building and managing applications on Kubernetes, and was actually announced in September. You can find out more from the VMware Tanzu Application Platform blog. Sumit then announces VMware Tanzu Community Edition (more on this below), along with Project Dawn Patrol, which will provide full visibility for each cloud asset and its dependencies, across cloud providers. Review the high level messaging in more detail at the VMworld 2021 Day 1 Highlights: Accelerate Innovation blog, watch the VMworld General Session, or check out The Best of VMworld 2021 – On Demand blog.

My colleague James recorded this great summary which will get you up to speed on all the latest VMworld 2021 news in under 30 minutes!
VMworld Summary in under 30 minutes

Key Announcements

Announcing general availability of VMware Tanzu Community Edition. A free, open source, and community supported deployment that’s full-featured and easy to manage. Tanzu Community Edition can be installed in minutes and used to learn and evaluate with small-scale or preproduction environments. You can find out more from the Introducing VMware Tanzu Community Edition blog, the VMware Tanzu Community home page, and VMworld demo session Get up and Running with VMware Tanzu in 10 mins on Your Local Workstation with Tanzu Community Edition! [DEM2811]. Also coming soon, Tanzu Mission Control Starter, centralising management of Kubernetes clusters from multiple providers, for free. You can sign up at the VMware Tanzu Mission Control Starter page.

Announcing general availability of Dell APEX Cloud Services with VMware Cloud. Dell’s APEX Services have partnered with VMware Cloud Services to provide on-premises Infrastructure-as-a-Service (IaaS), a fully managed Dell hardware and VMware software stack physically located at the customers site. All aspects of the service and underlying infrastructure are supported and maintained by Dell. The service is available with a 99.99% availability guarantee in 1 or 3 year terms, and can be ordered through the APEX portal which also allows customers to subscribe, operate, and optimise their local cloud. For more information see the Announcing Dell Technologies APEX Cloud Services with VMware Cloud blog and VMworld sessions The Future of Local and Distributed Cloud with VMware and Dell Technologies [MCL2735] and Cloud or On-Prem? BOTH – APEX Cloud Services with VMware Cloud Brings the Cloud to the Data Center [MCL2152].

Announcing technology preview of Project Arctic and Project Cascade. Project Arctic is a really exciting development, aimed at bringing hybrid cloud to customers existing vSphere deployment model. Project Arctic will make vSphere cloud-aware, by integrating VMware Cross-Cloud Services featuring scale out capacity to any cloud, and disaster recovery capabilities. Furthermore, customers on-premises environments can transition to as-a-service; with hands off maintenance and pay-as-you-grow consumption. Project Cascade builds on VMware’s Kubernetes investments, providing a unified interface for on-demand infrastructure and containers across VMware Cloud platforms from a single API or GUI. Project Cascade will enable true open multi-cloud powered by Kubernetes. For more information on Projects Arctic and Cascade see the vSphere Innovation blog.

Announcing technology preview of Project Capitola. Last year VMware announced Project Monterey; boosting performance by offloading infrastructure service functions to DPUs, as well as strengthening security by isolating workload and infrastructure domains. Building on these hardware innovation and next gen workload themes, Project Capitola provides applications with a transparent, unified, and scalable software defined memory tier. Memory types across PMEM, DRAM, NVMe, and future technologies are aggregated, creating a unified consumption model of memory resources. This solves the upcoming problem of building silos of memory tiers for different business and budget needs. You can find out more on in the Introducing Project Capitola blog, and VMworld sessions Introducing VMware Project Capitola: Unbounding the ‘Memory Bound’ [MCL1453] and Prepared for the New Memory Technology in Next Year’s Enterprise Servers? [VI2334].

Announcing the VMware Sovereign Cloud initiative. In an era where data is king, technologists and decision makers rely more and more on dominant hyperscalers like AWS, Microsoft, and Google. Whilst organisations can retain a level of control through building, generally complex, security architectures; handing the keys to the kingdom to US-based entities should be treated with caution. Joe Baguley, VP & CTO EMEA, VMware, explains more in the blog post Sovereign Clouds: Cloud-first to cloud-smart. With this in mind, VMware have announced the Sovereign Cloud initiative, providing cloud services for data sovereignty and local mandates through VMware Cloud Providers that have met the requirements of the Sovereign Cloud Framework. You can read more in the blog Sovereign Cloud is here, and it’s delivered by VMware Cloud Providers.

If you’re confused by all the ‘projects’ announced as technology previews by VMware you can review them all in one place from the VMworld 2021 – Summary of VMware Projects blog by Michael Rebmann.

VMware Cloud on AWS

  • Announcing general availability of Tanzu Services with VMware Cloud on AWS. Tanzu Kubernetes Grid (TKG) provides a Kubernetes runtime directly inside the hypervisor, compliant with upstream Kubernetes, and enabling management of both virtual machines and containers from within the vSphere Client. Tanzu Mission Control (TMC) centralises lifecycle and policy management, with global visibility and diagnostics, across all Kubernetes clusters from a single pane of glass. There is no extra cost for TKG and TMC Essentials, this is built into the existing VMware Cloud on AWS pricing which is fantastic news for existing customers.
  • Announcing general availability of VMware Cloud on AWS Outposts. VMware Cloud on AWS Outposts brings all the goodness of the VMware Software-Defined Data Centre, with the cloud operating model of AWS, directly into the customers on-premises location. Network teams can plumb in local connections, while the service retains its integration with native AWS services and hybrid linked mode connectivity with other vSphere-based environments.
Announcing VMware Cloud on AWS Outposts
  • Limited time price promotion: 1-year or 3-year subscriptions for i3.metal hosts, purchased between 15 October 2021 and 26 January 2021, are eligible for a 15% discount.
  • Support for 2-host Stretched Cluster. Allowing highly available deployments across 2 Availability Zones with a host in each with a 99.9% availability guarantee.
  • Integration and support for VMware Carbon Black Workload and VMware NSX Advanced Firewall add-on. The NSX Advanced Firewall add-on provides Distributed Intrusion Detection/Prevention System (IDS/IPS), and Distributed Firewall with FQDN filtering, layer 7 app ID, and Active Directory based user Identity Firewall (IDFW).
  • SDDC v1.16, upgrading to major releases of all core products; vSphere 7.0 U3, vSAN 7.0 U3, NSX-T v3.1.3, and VM hardware v17.
  • VMware Cloud Disaster Recovery (VCDR) introduction of the 30-minute Recovery Point Objective (RPO) for mission critical on-premises workloads. File and folder-level recovery for accelerated ransomware recovery.

You can find out more about these VMware Cloud on AWS announcements from the following resources:

SASE and Edge

Earlier in the year VMware released the blueprint for their Secure Access Service Edge (SASE). This started with VMware Secure Access; enabling zero trust remote access for the distributed workforce, shrinking the attack surface, and routing traffic optimally. VMware SASE is now being enhanced with 2 new services announced at VMworld 2021. Both are hosted at VMware’s SASE Points of Presence (PoP) and integrate seamlessly with VMware Secure Access:

  • Announcing Cloud Access Security Broker (CASB). VMware’s CASB solution helps IT gain more visibility into shadow IT, and control trusted or untrusted applications based on the users role within the organisation.
  • Announcing Data Loss Prevention (DLP). VMware’s DLP solution protects against data leaks and helps comply with data privacy laws, improving security and compliance postures.

The next key announcement in anywhere workspace features new capabilities built into the Workspace One platform. The Workspace One device health engine proactively ensures endpoints are fully secured, and blocks access to resources for devices that don’t meet security posture requirements. Secondly, a new AI-driven capability will identify user experience and security anomalies, then finds the root cause and makes fix recommendations. You can review the full list of end user computing announcements in the blog All our VMworld 2021 Anywhere Workspace, Workspace ONE and Horizon Announcements.

VMware SASE enhancements at VMworld 2021

Announcing VMware Edge Compute Stack. VMware Edge Compute Stack builds vSphere, Tanzu, and SD-WAN services into edge Hyper-Converged Infrastructure to run VM or container based edge-native applications at the far and near edge. SASE architecture with on-demand cloud services provides SD-WAN and Secure Access services with high performance close to users, from edge appliances. Building on both these concepts is Project Santa Cruz; consolidated edge applications with deployment capabilities for network services, SD-WAN, and application services. These capabilities require only a single hardware investment, with functionality then pushed out through software updates.

Another innovative and relevant announcement was the technical preview of SD-WAN for First Responders. SD-WAN for First Responders enables SD-WAN connectivity with L2 redundancy across LTE/5G carriers in a compact, mobile, ruggedized form factor. Packets are steered across links in real time, and then reassembled at the edge gateways. Testing has proven carrier changing at high speeds without packet loss, with additional Wi-Fi hotspot capabilities for temporary sites or emergency scenes.

Check out the great Edge Computing in the VMware Office of the CTO: Innovations on the Horizon [VI2484] VMworld 2021 session for more information, as well as the VMware Edge Compute Stack product page.

vRealize Cloud Management

Announcing tech preview of Project Ensemble. Although vRealize Operations has been intended as the central operational view for VMware and cloud based infrastructure, there is work to do to fully integrate and switch between solutions and platforms. Enter Project Ensemble. Project Ensemble allows users to track an entity consistently across all VMware solutions, from a unified control plane. Metrics and insights from the breadth of the vRealize Suite are used to deliver a public cloud consumption experience, with in-context switching for deep dives, global search, and unified configuration history. App-centric management enhances application discovery across the portfolio, including deep analysis of app behaviour, with the context of the underlying infrastructure or service. Machine Learning (ML) digests and understands unique environmental behaviours, predicts app and infrastructure behaviour, and creates a unified analytics approach to operational information.

Announcing changes to vRealize True Visibility Suite (TVS). All compute and storage management packs are now included in all editions of vRealize Operations at no extra cost. This gives existing and new consumers monitoring and insights out of the box for hardware such as Dell, EMC, HPE, Nimble, IBM, Lenovo, NetApp, Pure Storage, and Cohesity. TVS Advanced and Enterprise are still available as an uplift covering additional modules for things like application, database, and network. vRealize Operations now includes some nice in-app guides and customer journey maps to improve time-to-value with day 0 guided onboarding, configurations, dashboards, and notifications. Additionally, vROps looks to have benefited from a nice UI upgrade, along with some new sustainability dashboards.

You can find out more about these vRealize Cloud Management announcements from the following resources:

A closing point of note, is that Skyline Advisor Pro is available free of charge to Production, Premier, vRealize Cloud Universal, and Success 360 customers. Skyline Advisor Pro is faster, bringing in new data within 4 hours, features smarter insights and historical data, including end of support information, and simpler to use. Not technically a VMworld release but a recent announcement that can provide value at no extra cost. For more information take a look at the Announcing Skyline Advisor Pro: The Next Level of Proactive Intelligence blog.

As with last year, William Lam has now compiled a list of direct URLs for all on-demand sessions, available on GitHub.

Finally, huge shout out to the Virtually Speaking Podcast, where you can find 15 minute episodes on many of the topics above which I used to recap VMworld while out on the road

Securing Enterprise Mailboxes with Hornetsecurity

Introduction

In 2020 Microsoft reported over 258 million monthly commercial users of its Office 365 productivity suite. For decades Microsoft has been powering business with software like Outlook, Word, and Excel. As technology and connectivity have improved, so has functionality and user requirements. Now, over 75 million people use Microsoft Teams every month for virtual meeting experiences. Consumers of Microsoft technology have moved away from self-managed instances of services like Microsoft Exchange for email communication, and instead shifted to Software-as-a-Service (SaaS) hosted directly through Microsoft’s cloud services.

Acceleration of such services has been increased through a shift to remote working and migration to the cloud. As such, data centre and network architectures have changed to accommodate both distributed users and systems. Cyber criminals are more advanced than ever, and organisations security posture is now a priority at every board level. Financial and reputational damage from security breaches can be a huge uphill task to recover from, and in-depth security defence systems are often built-in layers to protect digital corporate assets like data. The challenge with security has always been that despite an abundance of technical solutions and investment, there are often weaknesses in the chain disguised as legitimate day to day work requirements. Email is one such example.

Email is perhaps the most widely used tool across companies, both internally and externally. It’s also the easiest and most common penetration point for multiple attack vectors. A quick internet search demonstrates eye watering statistics around the number of companies suffering security breaches, email breaches, and Office or Microsoft 365 breaches. Microsoft recorded an increase of cyber-attacks of 250% on Microsoft 365 users in the last two years, with 57% of SMBs falling victim to phishing emails in the last year. Sometimes excessive security hardening and configuration can be completely bypassed by the actions of a user acting upon what they believe to be a genuine email.

365 Threat Monitor

Hornetsecurity has released a brand new free mobile app, available from the iOS and Android store. In just a few steps, 365 Threat Monitor can be enabled on Office or Microsoft 365 enterprise mailboxes, adding monitoring, and alerting for malicious or suspicious emails that have made it through the built-in standard defences. Further email security helps provide protection against malware (ransomware, viruses, spyware), phishing, spoofed senders and content, targeted attacks on specific data or people, and spam or unwanted advertisements.

The 365 Threat Monitor app is based on key areas of Hornetsecurity’s proprietary technologies. Threat Defense and Forensic Analyses detect attacks through real-time scanning for harmful content, heuristic filtering, and authenticity and integrity verification. In Threat Monitor customer administrators gain transparency through a detailed UI about the types of threats their users and whole organisation are facing including statistics. From within the app itself administrators can immediately delete malicious emails upon detection, deflecting or containing harmful content.

To setup 365 Threat Monitor, sign up to receive a link to the free app, or download the app from the app store and sign up during the process. Once the app is installed, follow the steps on-screen to connect your Microsoft 365 administrator account. Now you’re up and running, when 365 Threat Monitor detects a suspicious email, an alert is sent directly to your phone. Information is provided on the mailbox and the context of the threat detected, with the option to delete in just 1 click. The great thing about this process is that 365 administrators can try out the functionality, examine the number of threats detected and the need for a solution, carry out end to end testing, and then scale out the product if required.

The mobile app presents information in a clear and concise format, with a clean and colourful interface. IT administrators are generally part of an on-call team to protect the organisation from security threats and outages 24/7. Providing advanced email security functionality through a mobile app is another option in the IT team’s toolkit to respond quickly and easily, without needing to open a laptop or log into a company VPN.

Customers may decide after successfully implementing 365 Threat Monitor across their enterprise mailboxes to upgrade or activate the 14-day free trial for 365 Total Protection Enterprise. 365 Total Protection Enterprise can block threats even before they reach end user mailboxes, and wraps around additional features like attachment content control, allow and deny lists, compliance filter rule engine, and email archiving with up to 10-year retention. Equally, customers may decide that the 365 Threat Monitor app, which stays completely free forever with manual and limited deletions, offers sufficient protection and visibility into their Microsoft 365 mailboxes. Either way, whether it’s a pre-cursor to a wider security rollout, or an enhancement on the default Exchange Online security, the 365 Threat Monitor app is worth running to improve potential blind-spots in security within your user mailboxes and behaviours.

Summary

In summary, the 365 Threat Monitor mobile app is a welcome addition for Microsoft 365 administrators concerned with protecting valuable company assets like data and information, much of which either resides in, or is accessible from, corporate mailboxes. Common threats we see day to day in the news, like ransomware, and targeted phishing attacks on high-risk roles such as C-level, HR, or finance, all keep security professionals up at night. 365 Threat Monitor delivers validation that the person in the email is who they say they are, and the content or links you click on are not incorporating underhand tactics to divert you elsewhere. The ease and speed of initial setup means that even just trying this software out is time well spent. Straight away you’re protected with real-time scanning, and will see your overall and individual threat levels, delivering some welcome peace of mind for many! The 365 Threat Monitor can be downloaded directly from Hornetsecurity here.

Multi-Cloud Management with vRealize Operations

This post will take a look at how vRealize Operations (vROps) can provide a single monitoring and visibility tool into your on-premises data centre, native public cloud services, and hybrid cloud platforms like VMware Cloud on AWS, or Azure VMware Solution. vRealize Operations provides VMware customers with monitoring and alerting, troubleshooting and remediation, dashboards and reporting, performance and capacity management, cost visibility and comparison, and security compliance.

vROps for Cloud-First

The vRealize Operations Manager instance itself can either be self-hosted (on-premises) where the customer is responsible for lifecycle management, hosting and availability, or Software-as-a-Service (SaaS). When using SaaS, vRealize Operations Cloud is hosted and maintained by VMware, and consumed as a service by the customer. Whilst the self-managed vRealize Operations is packaged into Standard, Advanced, and Enterprise editions, vROps Cloud comes in one edition only which has feature parity with enterprise, plus some additional capabilities like near-real-time 20 second monitoring. You can compare features between Standard, Advanced, Enterprise, and Cloud editions in the vRealize Operations Solution Brief.

In the UK, the closest locality for vROps Cloud is currently Frankfurt, you can review compliance and data processing information in the VMware Cloud Trust Centre. When looking at public cloud or hybrid cloud, including SaaS options, you may also want to review VMware’s award winning sustainability initiatives including a commitment to net zero carbon emissions by 2030 across VMware global operations, all VMware Cloud solutions and VMware Cloud Provider Partners.

vROps also now integrates with CloudHealth, providing advanced financial management and optimisation recommendations for native cloud resources in Azure, AWS, Google Cloud Platform, and Oracle Cloud Platform. As well as overall cost savings, finance teams can use cloud health with resource tagging to bill individual departments for the exact capacity they have used. This empowers service or application owners to look after their digital assets and only use resources or hold data that they really need. The power of CloudHealth can be brought into vROps using the new management pack.

Hybrid Cloud Examples

The example below shows a customer with a hybrid cloud setup. In this scenario they may choose to host big data services in the Microsoft Azure cloud, and VMware workloads across on-premises and Azure VMware Solution. The hyperscaler is interchangeable and could be AWS, Google Cloud, Oracle Cloud, or a combination of cloud providers. Using vRealize Operations we are able to provide a consistent operating model across platforms from a single SaaS based UI.

When onboarding with vRealize Operations Cloud, the primary contact on the account will receive an activation email to enable the subscription. A Cloud Customer Success Manager will carry out the activation steps with you. Once onboarded rolling updates are carried out automatically for new features. You can also take a look at the vRealize Operations Cloud Solution Overview.

vRealize Operations with Azure

The cloud proxy is an OVF appliance deployed to the vCenter Server. This proxy forms a tunnel using HTTPS to send data to the SaaS based control plane. The OVA requires HTTPS access outbound to a set of URLs, which can be found in the vRealize Operations Cloud Documentation.

The same cloud proxy model can be used for Azure VMware Solution. There are some points to be aware of with Azure VMware Solution, such as limited visibility into management VMs (as this is part of a managed service). Nothing problematic but these are listed in the Known Limitations section of the documentation. If you are running an ‘on-premises’ or self-managed version of vRealize Operations, instead of the SaaS version, then at this time the vRealize Operations Manager appliance cannot run directly on Azure VMware Solution.

Native Azure services can be added using an Azure AD app registration with service principal/client secret. Instructions can be found in the Configuring Microsoft Azure section of the documentation, you can also find a list of Supported Azure Services for vROps. Again, this doesn’t have to be Microsoft Azure, it could be AWS.

AWS works slightly different in that, when configuring VMware Cloud on AWS for use with vRealize Operations Cloud, the integration happens through an API token, since both solutions are native to the VMware Cloud Services Portal (CSP), see Configuring VMC on AWS in vROps Cloud.

Native AWS services can be added using an IAM generated access key and secret. Instructions can be found in the VMware documentation under Add a Cloud Account for AWS, you can also find a list of Supported AWS Services for vROps.

vRealize Operations with AWS

Additional Resources

VMware Hands-on-Labs are a fantastic free resource giving access to sandpit environments with step by step instructions for nearly all VMware solutions. Some example Hands-on-Labs for vROps are listed below, along with further video and written documentation.

  • HOL-2101-91-CMP – Getting Started with vRealize Operations – Lightning Lab
  • HOL-2101-06-CMP – vRealize Operations Advanced Topics
  • HOL-2101-04-CMP – vRealize Operations – Optimize and Plan vSphere Capacity and Costs
vRealize Operations Troubleshooting Workbench

The following sessions are available at VMworld 2021, and if you’re reading this after the event the sessions will also be made available on-demand.

  • A Big Update on vRealize Operations [MCL1277] Technical level 100
  • vROps Dashboarding 101 and Beyond [VMTN2843] Technical level 200
  • Manage Public Cloud with CloudHealth and vRealize [MCL1247] Technical level 100
  • An End-to-End Demo of Taming Public Clouds with CloudHealth and vRealize [MCL1439] Technical level 300 (Tech+ pass)
  • Track Sustainability Goals in Datacenter with vRealize Operations [VMTN2802] Technial level 200
  • Accelerate Your VDI Management with vRealize Operations [MCL1899] Business level 100
  • Next-Gen Infra and Apps Operations Management with vROps – Design Studio [UX2539]
  • Consistent Cloud Operations with vCenter and vRealize Operations [MCL2611] Technical level 100
  • An End-to-End Demo – Operationalizing VMware Cloud Foundation with vRealize [MCL1442] Technical level 300 (Tech+ pass)
  • A Cloud Management Journey from Monolith to Modern Apps with vRealize Suite [GWS-HOL-2201-08-CMP] Technical level 200 (Tech+ pass)
  • Design Principles: Cloud Architecture Design and Operations [MCL2151] Technical level 200
  • Get Close to 100% Automation to Get to True Cloud Operations at Scale [MCL2023] Technical level 300 (Tech+ pass)
vRealize Operations ESXi Configuration Dashboard