One for vSphere veterans, one for hybrid hipsters, plus a security surprise
The significance first: this release is a signal of just how much VMware believes in hybrid clouds. Evidence of this can be found in the new “vCenter Hybrid Linked Mode” which lets one version of vCenter, running on-prem or in the cloud, run other versions of vCenter – even different versions. Doing so means that VMware users don’t need to keep their deployments in synch, thereby avoiding big-bang upgrades to build hybrid clouds.
Late last week VMware also added its Hybrid Cloud Extension to the Core VMware Cloud on AWS Service. The Extension used to have its own price, now it is free. The effect is to make VMware-on-AWS friendlier to hybrid clouds, which in turn gives users a fine reason to keep running vSphere on-premises.
Another reason the release is significant is that it reflects the faster release cadence that VMware is working on for vSphere-on-AWS. That speed doesn’t necessarily mean you’ll see more 0.2 incremental vSphere releases from VMware. But it is a reflection of VMware finding ways to keep up with what it does in AWS.
Now for the confusion: VMware has spent the last few months reminding users of vSphere 5.5 that support expires in September and hustling them to vSphere 6.5.
And now along comes 6.7! What gives?
VMware’s explanation is that an awful lot of users will appreciate all the new stuff in 6.5, especially those upgrading from 5.5. The company expects that the extras in 6.7 – principally the hybrid cloud bits – will entice some.
If hybrid cloud alone doesn’t excite, there’s other stuff too. The ability to suspend workloads on virtualized Nvidia GRID GPUs is designed to let users deploy the pricey cards for user-centric apps like VDI during the day and then flip them to analytics or other workloads as users slumber.
Support for non-volatile memory will also be welcome for those who fancy Optane-packing hosts. 6.7 also halves the number of reboots required for VMs after a patch or upgrade. It now takes just one virtual CTRL-ALT-DEL to get up and running again.
Support for Trusted Platform Module (TPM) 2.0 and its virtual variants is an uncomplicated asset, as are more tweaks to the vSphere HTML 5 client that let it manage vSphere, VSAN and NSX.
VMware has also popped in a security surprise by cutting a new version of its AppDefense product that runs outside the hypervisor.
It’s a surprise because the product was code-named “Project Goldilocks” to reflect VMware’s belief that the hypervisor is the perfect place to observe workloads and enforce a least-privilege security enforcement service.
The new cut of AppDefense gains the ability to enforce least-privilege policies on containers. To do so it runs in a least-privilege container, initially only those delivered by Aqua Security, but VMware is already working to make this happen with other container vendors too.
VMware told The Register it knows the result is less well-isolated than a VM – that pesky shared OS doesn’t help – but that the chance to apply policies to two types of abstraction will win friends and influence customers. ®