VMworld 2018 - Day 2
VMworld 2018 – Day 2
Day 2 was a very full day. Grab a very large coffee and read on…
General Session – Pioneers of the Possible
About 15 minutes before start time, VMware played videos from partners. I liked the HPE video with Taming the IT Monster the best.
Sanjay started by one-upping Pat’s VMware tattoo with his own two tattoos. – VMware on one arm & I 💗VMware 20 Years on the other arm.
Innovation and customers are the engines that fuel VMware
History of Innovation
History of Customer Satisfaction
Fearless Innovators
Using 100 PowerPoints means that you have no power and no point
VMware measures its business impact for customers with three Cs: Cost, Complexity, Carbon
Cost: ESX reduced data center costs
VMware has returned $10 in economic value for every $1 spent.
VSAN has reduced data center costs.
NSX reduces cost of networking 50%
Complexity: VMware cloud management reduces complexity. Deployment options: traditional, VMware private, public, hybrid.
Carbon: Pat shared on day 1 the reduction of carbon footprint due to virtualization.
Customer Roundtable
Brinks, Sky, NCB Roundtable
Brinks
Extending digital network to the edges of their network
Brinks wants to receive events and be proactive to changes in their devices. VMware is at the heart of this journey.
Started the journey with VSAN to get ready for the move to the public cloud
The vision was always to bridge to the public cloud. D/R in public is just one goal.
Past D/R was always a cold site.
NSX allowed moving D/R to VMC-AWS
Brinks will no longer have a physical D/R center
Looking into what role blockchain and IOT play in the future of Brinks
NCB Jamaica
NCB has an innovation culture
Caribbean’s first digital bank
NCB wants their customers to have an “Amazon experience”
Agile apps, always on. At the heart is the PKS platform (Chad Sakac screams again)
Why PKS for Kubernetes?
The security and automation of PKS. NSX integration and security.
All agile apps on PKS moving forward
Sky
Sky representative is named Dave Matthews (His favorite song is Crash)
NSX has been key to their transformation
They are a media organization, fast moving.
Traditional network architectures are slow to change
This doesn’t work for agile teams. Need to move in seconds not days.
GDPR in EU. VRNI + NSX were able to micro-segment for GDPR compliance
SDN everywhere. vSphere, OpenStack.
Sky IT wants to make networks boring.
Bake in compliance and security
Sanjay question to all: How big are your NSX teams?
Sky: 6 people
NCB: 7 people
Brinks: 7 people
DXC & Adobe Roundtable About Mobility
Maria Pardee, DXC
John Mockett, Adobe
DXC
The merger of HPE Service and CSC
Why success? Customers
D for Digital, C for Customers, X for infinity
DXC is taking customers to a new way of working through mobile. The Next Gen worker will be more engaged in the Gig Economy. Work for multiple companies as 1099 employees.
Less dependent on email
More dependant on real-time messaging: Skype for Business, Yammer, Slack
Maria’s passionate cause: Women in tech, diversity, inclusion. How should women shape their careers? Mentoring. Advice for the men: You have women in your life. There is an unconscious bias. Celebrate diversity in different actions and thoughts.
Adobe
Adobe has written the playbook for moving to the cloud. Adobe SaaS.
Adobe IT is focused on customer experience and that includes cloud.
One of the first companies to roll out Unified Endpoint Management
20,000 Employees
50/50 Windows/Mac
80/20 iOS/Android phones
Primarily iOS tablets
60,000 total devices
VMware provides a consistent experience to manage and use all devices
Adobe wants an employee to self-provision desktop within 15 minutes just like they self-provision mobile.
New employees want to contribute right away.
Malala
Malala’s interview was very moving and she is a gifted and humble speaker. I do not believe that her interview is available for replay on the VMworld On-Demand website. You could listen to the video of Malala accepting the Nobel Peace Prize if you would like to see her speak.
Before Malala was introduced to the stage, a short video about her is shown.
Here are my quickly typed notes from her powerful interview by Sanjay Poonen:
Be silent or stand up
Malala was shot in the head for suggesting girls should go to school
Our voices are our most powerful weapon
Her father believed in education
The place in Pakistan where she grew up is very beautiful and called the Switzerland of Pakistan
Never expected the Taliban to come to power
Her father is introduced in the audience
She feels lucky to have a great father. He is a feminist without the label. Her father’s sisters could not go to school;
Malala was named after the Pakistani hero named Malala who raised her voice in the battle against the British
That Malala is the only female name known in the history of Pakistan
Grateful to her father for believing in her and sending her to school
Her Grandfather was a very fiery speaker.
Her father inherited this skill for speaking
Cricket is her favorite sport and this is something that brings people from India and Pakistan together.
Malala believes that India & Pakistan should have good relationships, but it is OK to root for one’s home cricket team😀
There was an order from the Taliban not to allow girls in school
A mindset was rising in her valley against women. No music, then no going to the market, then no leaving the house, then no going to school. Men with guns started implementing their own type of Islam. They knew education brought power to women.
January 15th, 2009 10 AM. Malala was sitting in bed thinking this is not the life she had imagined. She wanted to be a doctor. Education leads to freedom and independence. Speaking out was important to her and her future.
(The October 2012 incident of her shooting is well documented and not covered during the interview.)
After the shooting, the Sheik of Dubai brought in an air hospital to take care of her. The entire world saw what the Taliban had done as an injustice and supported her. She was in the hospital for 2-1/2 months and did not know what was going on outside. When she woke up in a Birmingham, UK hospital she did not know where she was. A nurse brought a box of hundreds of cards and letters from all over the world. There were thousands more cards at the hospital.
The Taliban made a mistake and the entire world took notice.
The attacker was a young boy who was told to kill her. He thought he was doing something good. Malala hopes that he learns the true message of Islam which is peace.
Being kind and loving keeps you healthy and growing.
The best thing she can do is to continue to educate girls.
(A short clip from her Nobel Prize speech is shown. She was only 17.)
Her mission is to give children a chance. No more child factory work, no more forced child marriage, no more girls left out of school.
She was sitting in Chemistry class when the headmistress came in and asked for her. This made her nervous. Then the headmistress told her she won the Nobel Peace Prize. She was relieved.
The Malala Fund
Raise awareness for education for girls
130M girls do not have access to education
Poverty, early marriage, political conflict are holding girls back
Have to invest in girls and women
Educating girls reduces extremism
Educating girls could add $30T to the world economy
Sanjay announced that 100 students were sitting in the front rows from Las Vegas Clark County high schools.
A copy of Malala’s book for each of them
Malala took questions from one of the students
That student’s question was about self-confidence: Realize that you are lucky to have access to education and technology. You do not have to wait to be an adult to make a difference
Sanjay announced that Dell is donating computers to the labs at their high schools in Las Vegas
(Back to the Malala Fund)
Malala is now back at school at Oxford in England studying philosophy, politics and economics (PPE).
Sanjay: How do you balance your work and your education?
Oxford is full of talented people. They make Malala feel just like a student, not someone famous
Financing for education is crucial. One example is in refugee camps. In Lebanon, the Malala Fund is using technology to help refugee girls. The Fund has found a way to connect up to 30 computers even when there is no electricity.
Sanjay commits VMware to the Malala Fund in three ways:
- Fund a technologist out of Sanjay’s budget focused on the Malala Fund
- The Malala Fund will be one location for “Good Gigs” at VMware where employees volunteer talent, treasure, time
- The Malala Fund will be put in the VMware matching charity portal
NSX Meet the Experts – Performance Considerations Samuel Kommu
The Meet the Experts sessions are small tables where about 6 people can ask questions directly of a VMware expert. Samuel Kommu is a Technical Product Manager for NSX. Some of the interesting conversations from this roundtable were:
High performance: NSX-V is tightly integrated with vSphere
Portability: Perform the same network constructs and security anywhere
Tomorrow starting at 8:30 a bunch of sessions
Installation: NSX-T is simpler in architecture than NSX-V
Automation: Pivotal PaaS enables developers to automate application infrastructure. The future of NSX-T is to provide this level of automation for the network, firewall, load balancer.
Visibility: NSX-T gives better visibility from the NAT IP all the way down to the container to learn what is creating the traffic.
VMware Log Insight discovers the network flows.
Trace Flow is built into NSX-T
East-West performance happens on the NIC card and performance is dictated by the intelligence of the NIC. UCS VICs are the only NIC cards that don’t support TCP offload yet. Intel 710s are good. With TCP offload, the Intel CPU is used less. The network lod on the Intel NIC is reduced 40X when the NIC performs TCP offload. Offload NICs can handle multiple queues at once. NICs can assign a single queue per MAC address tied to a specific VM when using offload.
NSX CPU overhead: In a server with 80 cores, NSX uses 4 cores.
Are ASICs/FPGAs needed for NSX performance? No. East-West can drive 36 Gb at a 1500 byte MTU and 100 Gb with a 9K MTU on NICs with TCP offload. NICs will continue to increase in intelligence and will drive performance.
Meetup: vBeards
Session: The power of storage policy based management
2010-2010 the industry has seen 50x data growth
SANs are difficult
Storage evolution to flash started the infrastructure revolution
If you are not using VSAN yet but would like to add some data services to existing arrays.
Place these capabilities into a policy, assign that policy to a VM and that VM will take advantage of those capabilities as a filter driver. For instance, a policy could include Dell EMC RecoverPoint replication and VSAN together.
Virtual Volumes (VVols) (Cormac)
VVOls available for 6 years. Requires 6.0 or later. 5.5 EOS, so VVol usage should increase.
SRM on roadmap for VVolsWhat is the purpose of VVols?
Make life simpler.
Not necessary to present a bunch of LUNs form an array.
Per VM data services offloaded to the array.
A VVol is still a datastore.
Storage container is capabilities and storage.
The power of SPBM
A protection group has a snapshot schedule. Just by placing a VM into that protection group, array-based snapshots happen automagically.
Manage protection from vSphere policies without having to visit the array management console.
Automation
PowerCLI can automate storage policies
vRealize Automation & vRealize Orchestration
vRA 8.0 Storage Policies via Cloud Assembly
Build a policy on the fly as you build the VM
Docker for Stateful Applications
7 out of top 10 docker applications require persistent storage
Project Hatchway – Persistent storage for containers
You can dedicate a VMDK to an application in a container.
Docker application YAML includes storage mount point
VMDKs are placed in kubevols folder in vSphere
Session: Horizon Cloud on Azure
Who provides what for Horizon Cloud on Azure. The end-user company just needs to create desktops and provide Microsoft licenses. Base desktop images are included in the Azure Marketplace. There is a 45-day trial.
Setup Flow
End users connect to a Unified Access Gateway through their local Azure Region.
The environment can be upgraded in 5 minutes using blue-green upgrade process.
Can manage all Horizon nodes from one UI. 2,000 users per node.
User Environment Manager is included
Workspace ONE is supported as an option.
If you use GPU VMs for RDS, Nvidia licenses are included
Cloud Monitoring service
Can create FW policies for desktops
Deep Dive into NSX Data Center Security for Clouds, Containers, and More
Ganapathi Bhat, VMware
With thousands of VMs and Containers, you need a simple way to implement policy for microsegmentation. NSX Manager does that.
NSX security policy is carried with vMotion.
ESX Data Plane
KVM Data Plane
Distributed FW
East West
Management, Control, and Data Planes
DFW Policy Lookup
Edge Firewall
North South
Tier-0 connect to physical
Tier-1 connects to tenants in a multi-tenancy environment
Traffic within a tenant does not go through the Edge firewall
NSX-T has transport nodes and edge nodes. Edge FW is enforced in an edge node
Workload & Policy Grouping Methodology & Consumption
Tagging workloads/logical switches
Up to 30 tags per VM allowed
Security Group
Wildcards that include VM name or VM tag or logical switch name
Can be a mix of static and expression based members
and/or criteria can be used
Firewall Rule Types
Precedence of Policies
Best Practices for Micro-Segmentation
Group rules to reduce CPU overhead
Container Security
NCP=NSX Container Plug-In
Network, Security, LB & IPAM
There is a Kubernete OVS that connects to the NSX Virtual Distributed Switch
Native Public Cloud Security & Bare Metal Security
Azure & AWS today. More to come
Native Public Cloud Security
Single NSX Manager to manage policies in on-premises and public cloud.
Bare Metal Security
NSX agent on bare metal. RHEL supported today. WIndows coming.
Closing
I hope you have enjoyed this long post. Feel free to provide feedback.