VMware vSphere 7.0 has been announced and released by VMware. We have details on what's has been improved and added since vSphere 6.7 U3. This is a major release that VMware will roll out in Q1 and vSphere 7.0 shall be adopted fast as soon as all the backup and DR vendors update their software. In this post, you'll be able to read about vCenter Server 7 Details.
VMware vSphere 7 brings new security features which we'll talk about in this post briefly but will create a separate post for important vSphere features update. vCenter server continues its improvements by reducing memory utilization and improving operations speed, especially in Linked mode.
vCenter Server on Windows is no more. RIP. The only possibility to deploy a fresh copy of the vCenter server is to deploy vCenter server appliance (VCSA) based on PhotonOS Linux v 3.0 and maintained by VMware who owns this stack. The knowledge of Linux is not necessary at all as the deployment and maintenance are done via a web-based interface. This hasn't changed since vSphere 6.0 or 6.5. The flash-based client is no more (RIP). Only HTML 5 web-based UI without any necessity to install any additional plug-ins. (It took a few years to VMware achieve that).
vCenter Server supports upgrades from vCenter Server 6.5 and 6.7 however clean deployment of the vCenter Server appliance is supported on an ESXi host version 6.5 or later only. You won't be able to deploy vCenter server 7.0 on ESXi 6.0.
As of upgrades from the previous release of vCenter server (6.5 or 6.7) VMware affirms that vCenter Server architectures with an external Platform Services Controller (PSC) are no longer supported and will automatically be converged to an embedded PSC deployment. This can be done during the upgrade process workflow.
One of the new interesting features is VMware vSphere Lifecycle manager (VLM) which is a replacement for vSphere Update Manager (VUM). It is a built-in vCenter server function/feature allowing you to use a desired state model that allows you to plan ahead, upgrade and configure your virtual infrastructure by using RESTful APIs for automating lifecycle management. It uses imaging to maintain the environment to secure state with the latest security patches and updates. We'll have a closer look when the final RTM code will become available as all we know right now is that there is no more VUM and the VLM took its place.
Overview of the UI shows the Lifecycle Manager instead of vSphere Update Manager. As you can imagine, there will be more than just the management of patches and updates for your vSphere infrastructure using baselines. The new functionality is adding a possibility to use images that can be applied to the entire infrastructure and in this image, you'll be able to specify which software, drivers and firmware can run on the host(s). Like this, the homogeneity can be assured.
Lifecycle manager as such will perform all previous tasks that you were able to do via vSphere Update Manager (VUM), such as Install and update third-party software on your hosts or Upgrade and patch hosts to the latest release.
Additionally, VLM will allow you to to do the following operations:
- Install the desired ESXi version on all hosts in a cluster.
- Install and update third-party software and firmware on all ESXi hosts.
- Update and upgrade all ESXi hosts in a cluster collectively.
VMware Lifecycle Manager (VLM) and “Image” – What is Image anyway?
The image is made of several separate elements. They are three of them:
- ESXi version
- Vendor Add-Ons – patches, drivers, OEM
- Components – set of payloads, bulletins, VIBs (What is a VMware VIB?)
So basically you can prepare an image for a new cluster with those elements, and this image is a complete software “template” which is applied to a cluster. It's kind of a “desired state” of your cluster which maintains the homogeneity of your infrastructure.
This feature will be especially useful for maintaining vSAN clusters where you're usually running identical hardware so maintaining firmware/driver versions and their combination will be much easier.
Where is my Platform service controller?
Well, it's been consolidated into the vCenter server. There are no more external PSCs available for new deployments. vSphere 6.7 has already had a migration tool that allows you to consolidate external PSCs to embedded ones. However, in vCenter 7.0 deployments this migration tool is no more and has been incorporated directly into the upgrade workflow (so you won't find the utility in a subfolder when browsing the VCSA ISO).
We still have the warning saying that external PSCs are deprecated. (Screenshot from VMware.)
vCenter server has merged with PSC which maintains All its functions. The new vCenter Server 7.0 has all Platform Services Controller (PSC) services, keeping the functionality and workflows, including authentication, certificate management, tags, and licensing.
During upgrades and migrations from Windows vCenter servers, the workflow will automatically migrate and consolidate external platform service controllers (PSCs) into the vCenter server 7.0. The vSphere converge utility is now part of the migration process.
The message is there …. (Screenshot from VMware.)
vSphere 7.0 Federated Authentication
This is a new feature added in vSphere 7. While the previous release of the vCenter server was able to recognize Microsoft AD or external LDAPs, users could use their AD accounts to connect to vSphere.
When a user logs in to vCenter Server, vCenter Server redirects the user login to the external identity provider. The user credentials are no longer provided to vCenter Server directly. Instead, the user provides credentials to the external identity provider. vCenter Server trusts the external identity provider to perform the authentication. In the federation model, users never provide credentials directly to any service or application but only to the identity provider. As a result, you “federate” your applications and services, such as vCenter Server, with your identity provider.
As you can see, vCenter can pass the tasks of verification of the user to the external LDAP or Microsoft AD, so no longer relying on vSphere, but rather on central LDAP or AD. vCenter Server uses an OIDC protocol to authenticate the user, and the OAuth2 protocol to authorize the user, via a set of tokens. OAuth2 is an industry-standard for authorization.
In order to activate Federated authentication, you'll need identity provider services active on your vCenter, Microsoft AD Federation Services (ADFS) role and Microsoft AD environment. Also, you'll need n AD FS application group including AD groups and users which are mapped to vCenter server groups and users.
We'll set up vSphere 7 Federated Authentication in one of our future blog posts after the vSphere 7.0 release.
Lastly, the vCenter server is more robust, can handle more VMs and can manage more hosts.
vCenter Server 7.0 Configuration maximums
- vCenter Server (Standalone)
- Hosts per vCenter Server: 2500
- Powered-ON VMs: 30,000
- Linked mode vCenter Servers:
- 15 per SSO domain
- 15,000 hosts
- Powered-on VMs: 150,000
- vCenter server Latency:
- vCenter Server to vCenter server: 150 ms
- vCenter Server to ESXi host: 150 ms
- vSphere client to vCenter Server: 100 ms
We have just scratched a surface of what's coming in vSphere 7. Expect much more content in the coming days and weeks. We update the blog on a daily basis. ESX Virtualization blog is one of the largest virtualization blogs which since over 12 years.
Keep coming back to learn about VMware vSphere technology, virtualization, and DR. We're serving thousands of pages daily and using hoster which runs VMware vSphere as their virtualization solution.
Don't forget to visit our partners/sponsors because, without them, there would not be much up-to-date content. Also, users with adblockers see a message for some time to whitelist our site. This is one of the requirements for this blog to stay free, without any paid content. It's because we feel that this is less pain for the end-user to whitelist their adblocker software (Yes we need to remind that for those who use that, with a small pop-up) rather than pay monthly for surfing our content.
More about vSphere 7.0
- vSphere 7.0 WordPress page
- VMware vCenter Server 7.0 Profiles
- VMware vSphere 7.0 Announced – vCenter Server Details – [This Post]
- What is vCenter Server Multi-Homing?
- VMware vSphere 7.0 – VM Template Check-in and Check-out and versioning
- What is vCenter Server Update Planner? – vSphere 7.0
- VMware vSphere 7.0 DRS Improvements – What's New?
You might want to check our Free Tools page where you can find VMware utilities, but also utilities for Microsoft systems or other “Swiss Knife” software there.
More from ESX Virtualization
- What are Open VM Tools and How to use them?
- VMware API Explorer Is a Free Built-in Utility in VCSA
- V2V Migration with VMware – 5 Top Tips
- ESXi Free Version – 3 Ways to Clone a VM
- What is ESXi Compatibility Checker?
- How To SlipStream Latest VMware ESXi patches into an Installation ESXi ISO File
Stay tuned through RSS, and social media channels (Twitter, FB, YouTube)
Thanks for the recap. But can you cover bit more about passthrought ? Was it still ok.. or can we now pass the onboard video gfx ?
Thank you, Vladan, for your valuable contents!
bibin bharathan says
type error ,Hosts per vCenter Server: 250
actual number is 2500
Vladan SEGET says