VMworld 2018 - Day 2

VMworld 2018 - Day 2

(From this blog post forward, I will try to use clear screenshots from the recorded session videos of the recorded sessions rather than my cell phone photos)

Day 2 was a very full day. Grab a very large coffee and read on...

General Session - Pioneers of the Possible


An excellent 7-piece rock band played as the crowd was filling the auditorium. "The Jazz Mafia" from Oakland, CA. Sanjay Poonen, COO, was on piano. 😎

About 15 minutes before start time, VMware played videos from partners. I liked the HPE video with Taming the IT Monster the best.

Sanjay started by one-upping Pat's VMware tattoo with his own two tattoos. - VMware on one arm & I 💗VMware 20 Years on the other arm.




Innovation and customers are the engines that fuel VMware


History of Innovation


History of Customer Satisfaction



Fearless Innovators


Using 100 PowerPoints means that you have no power and no point


VMware measures its business impact for customers with three Cs: Cost, Complexity, Carbon


Cost: ESX reduced data center costs


VMware has returned $10 in economic value for every $1 spent.

VSAN has reduced data center costs.


NSX reduces cost of networking 50%


Complexity: VMware cloud management reduces complexity. Deployment options:  traditional, VMware private, public, hybrid.


Carbon: Pat shared on day 1 the reduction of carbon footprint due to virtualization.

Customer Roundtable

Brinks, Sky, NCB Roundtable




Brinks

Extending digital network to the edges of their network
Brinks wants to receive events and be proactive to changes in their devices. VMware is at the heart of this journey.
Started the journey with VSAN to get ready for the move to the public cloud
The vision was always to bridge to the public cloud. D/R in public is just one goal.
Past D/R was always a cold site.
NSX allowed moving D/R to VMC-AWS
Brinks will no longer have a physical D/R center
Looking into what role blockchain and IOT play in the future of Brinks


NCB Jamaica


NCB has an innovation culture
Caribbean’s first digital bank
NCB wants their customers to have an "Amazon experience"
Agile apps, always on. At the heart is the PKS platform (Chad Sakac screams again)
Why PKS for Kubernetes? 
The security and automation of PKS. NSX integration and security. 
All agile apps on PKS moving forward


Sky


Sky representative is named Dave Matthews (His favorite song is Crash)

NSX has been key to their transformation
They are a media organization, fast moving.
Traditional network architectures are slow to change
This doesn’t work for agile teams. Need to move in seconds not days.
GDPR in EU. VRNI + NSX were able to micro-segment for GDPR compliance
SDN everywhere. vSphere, OpenStack. 
Sky IT wants to make networks boring.
Bake in compliance and security

Sanjay question to all: How big are your NSX teams?
Sky: 6 people
NCB: 7 people
Brinks: 7 people

DXC & Adobe Roundtable About Mobility

Maria Pardee, DXC
John Mockett, Adobe



DXC


The merger of HPE Service and CSC
Why success? Customers
D for Digital, C for Customers, X for infinity
DXC is taking customers to a new way of working through mobile. The Next Gen worker will be more engaged in the Gig Economy. Work for multiple companies as 1099 employees. 
Less dependent on email
More dependant on real-time messaging: Skype for Business, Yammer, Slack
Maria's passionate cause: Women in tech, diversity, inclusion. How should women shape their careers? Mentoring. Advice for the men: You have women in your life. There is an unconscious bias. Celebrate diversity in different actions and thoughts. 


Adobe


Adobe has written the playbook for moving to the cloud. Adobe SaaS. 
Adobe IT is focused on customer experience and that includes cloud.
One of the first companies to roll out Unified Endpoint Management

20,000 Employees
50/50 Windows/Mac
80/20 iOS/Android phones
Primarily iOS tablets
60,000 total devices

VMware provides a consistent experience to manage and use all devices
Adobe wants an employee to self-provision desktop within 15 minutes just like they self-provision mobile.
New employees want to contribute right away.

Malala


Malala's interview was very moving and she is a gifted and humble speaker. I do not believe that her interview is available for replay on the VMworld On-Demand website. You could listen to the video of Malala accepting the Nobel Peace Prize if you would like to see her speak.

Before Malala was introduced to the stage, a short video about her is shown.


Here are my quickly typed notes from her powerful interview by Sanjay Poonen:

Be silent or stand up
Malala was shot in the head for suggesting girls should go to school
Our voices are our most powerful weapon
Her father believed in education
The place in Pakistan where she grew up is very beautiful and called the Switzerland of Pakistan



Never expected the Taliban to come to power
Her father is introduced in the audience
She feels lucky to have a great father. He is a feminist without the label. Her father's sisters could not go to school;
Malala was named after the Pakistani hero named Malala who raised her voice in the battle against the British
That Malala is the only female name known in the history of Pakistan
Grateful to her father for believing in her and sending her to school
Her Grandfather was a very fiery speaker.
Her father inherited this skill for speaking
Cricket is her favorite sport and this is something that brings people from India and Pakistan together.
Malala believes that India & Pakistan should have good relationships, but it is OK to root for one's home cricket team😀

There was an order from the Taliban not to allow girls in school
A mindset was rising in her valley against women. No music, then no going to the market, then no leaving the house, then no going to school. Men with guns started implementing their own type of Islam. They knew education brought power to women.
January 15th, 2009 10 AM. Malala was sitting in bed thinking this is not the life she had imagined. She wanted to be a doctor.  Education leads to freedom and independence. Speaking out was important to her and her future.
(The October 2012 incident of her shooting is well documented and not covered during the interview.)
After the shooting, the Sheik of Dubai brought in an air hospital to take care of her. The entire world saw what the Taliban had done as an injustice and supported her. She was in the hospital for 2-1/2 months and did not know what was going on outside. When she woke up in a Birmingham, UK hospital she did not know where she was. A nurse brought a box of hundreds of cards and letters from all over the world. There were thousands more cards at the hospital.
The Taliban made a mistake and the entire world took notice.
The attacker was a young boy who was told to kill her. He thought he was doing something good. Malala hopes that he learns the true message of Islam which is peace.
Being kind and loving keeps you healthy and growing.
The best thing she can do is to continue to educate girls.

(A short clip from her Nobel Prize speech is shown. She was only 17.)


Her mission is to give children a chance. No more child factory work, no more forced child marriage, no more girls left out of school.


She was sitting in Chemistry class when the headmistress came in and asked for her. This made her nervous. Then the headmistress told her she won the Nobel Peace Prize. She was relieved.

The Malala Fund


Raise awareness for education for girls
130M girls do not have access to education
Poverty, early marriage, political conflict are holding girls back
Have to invest in girls and women
Educating girls reduces extremism
Educating girls could add $30T to the world economy

Sanjay announced that 100 students were sitting in the front rows from Las Vegas Clark County high schools.
A copy of Malala’s book for each of them
Malala took questions from one of the students
That student's question was about self-confidence: Realize that you are lucky to have access to education and technology. You do not have to wait to be an adult to make a difference
Sanjay announced that Dell is donating computers to the labs at their high schools in Las Vegas

(Back to the Malala Fund)

Malala is now back at school at Oxford in England studying philosophy, politics and economics (PPE).
Sanjay: How do you balance your work and your education?
Oxford is full of talented people. They make Malala feel just like a student, not someone famous

Financing for education is crucial. One example is in refugee camps. In Lebanon, the Malala Fund is using technology to help refugee girls. The Fund has found a way to connect up to 30 computers even when there is no electricity.

Sanjay commits VMware to the Malala Fund in three ways:


  1. Fund a technologist out of Sanjay’s budget focused on the Malala Fund
  2. The Malala Fund will be one location for "Good Gigs" at VMware where employees  volunteer talent, treasure, time
  3. The Malala Fund will be put in the VMware matching charity portal


NSX Meet the Experts - Performance Considerations Samuel Kommu

The Meet the Experts sessions are small tables where about 6 people can ask questions directly of a VMware expert. Samuel Kommu is a Technical Product Manager for NSX. Some of the interesting conversations from this roundtable were:

High performance: NSX-V is tightly integrated with vSphere
Portability: Perform the same network constructs and security anywhere
Tomorrow starting at 8:30 a bunch of sessions
Installation: NSX-T is simpler in architecture than NSX-V
Automation: Pivotal PaaS enables developers to automate application infrastructure. The future of NSX-T is to provide this level of automation for the network, firewall, load balancer.
Visibility: NSX-T gives better visibility from the NAT IP all the way down to the container to learn what is creating the traffic.
VMware Log Insight discovers the network flows.
Trace Flow is built into NSX-T
East-West performance happens on the NIC card and performance is dictated by the intelligence of the NIC. UCS VICs are the only NIC cards that don't support TCP offload yet. Intel 710s are good. With TCP offload, the Intel CPU is used less. The network lod on the Intel NIC is reduced 40X when the NIC performs TCP offload.  Offload NICs can handle multiple queues at once. NICs can assign a single queue per MAC address tied to a specific VM when using offload.
NSX CPU overhead: In a server with 80 cores, NSX uses 4 cores. 
Are ASICs/FPGAs needed for NSX performance? No. East-West can drive 36 Gb at a 1500 byte MTU and 100 Gb with a 9K MTU on NICs with TCP offload. NICs will continue to increase in intelligence and will drive performance.

Meetup: vBeards

So, I only go to VMworld once in a while and wanted to make the most of this one. I finally organized a charity #v0dgeball team for the first time and when I saw the beautiful #vBeard sticker design this year, I knew I needed to participate. 

No, I do not typically have a beard. What is great about this friendly, welcoming, multi-gender, group is that all are welcome. The motto is "Grow it, faux it, just don't spray it on." I hedged my bets by not shaving for two weeks and also bringing a fake beard. Check the #vBeards hashtag on Twitter for some great conversation and photos including this excellent multi-gender photo.



Session: The power of storage policy based management




2010-2010 the industry has seen 50x data growth

SANs are difficult

Storage evolution to flash started the infrastructure revolution
Now new devices like persistent memory
Latency measured in ms is moving to being measured in ns
Storage is not just about performance but also management
Shift of storage-related settings from hardware to software



VASA/SPBM can be critical. This is the handoff from storage folks to VMware folks

VSAN (Duncan)

VSAN policy defines the availability and performance
Multiple racks can be defined as availability zones
Can also do this for a campus cluster
When you create a VM on VSAN, you can choose stretch location policy or rack redundancy policy. This can be set up in about 15 minutes versus the equivalent physical array technologies that would take days or weeks to set up.



VSAN API for IO Filters (VAIO)

If you are not using VSAN yet but would like to add some data services to existing arrays.



Place these capabilities into a policy, assign that policy to a VM and that VM will take advantage of those capabilities as a filter driver. For instance, a policy could include Dell EMC RecoverPoint replication and VSAN together.


Virtual Volumes (VVols) (Cormac)

VVOls available for 6 years. Requires 6.0 or later. 5.5 EOS, so VVol usage should increase.

SRM on roadmap for VVolsWhat is the purpose of VVols? 
Make life simpler.
Not necessary to present a bunch of LUNs form an array.
Per VM data services offloaded to the array.
A VVol is still a datastore. 
Storage container is capabilities and storage.



The power of SPBM
A protection group has a snapshot schedule. Just by placing a VM into that protection group, array-based snapshots happen automagically.
Manage protection from vSphere policies without having to visit the array management console.

Automation
PowerCLI can automate storage policies
vRealize Automation & vRealize Orchestration



vRA 8.0 Storage Policies via Cloud Assembly 
Build a policy on the fly as you build the VM

Docker for Stateful Applications
7 out of top 10 docker applications require persistent storage



Project Hatchway - Persistent storage for containers


You can dedicate a VMDK to an application in a container.
Docker application YAML includes storage mount point
VMDKs are placed in kubevols folder in vSphere


Session: Horizon Cloud on Azure

This was a very intersting session for me. I did not know that Horizin was supported on Azure before this session. Great option for customers who have standardized on Horizon as well as Azure.



Microsoft provides the hardware, VM the software. Horizon 7 requires vSphere, Horizon Cloud Service does not. 


Who provides what for Horizon Cloud on Azure. The end-user company just needs to create desktops and provide Microsoft licenses. Base desktop images are included in the Azure Marketplace. There is a 45-day trial. 


30-45 minutes to deploy the first Horizon environment. Preparing Azure networking and AD before deployment takes the longest.



Setup Flow






End users connect to a Unified Access Gateway through their local Azure Region.


The environment can be upgraded in 5 minutes using blue-green upgrade process.

Can manage all Horizon nodes from one UI. 2,000 users per node.

User Environment Manager is included


Workspace ONE is supported as an option.

If you use GPU VMs for RDS, Nvidia licenses are included
GPU desktops are coming.

Cloud Monitoring service

New Features



NSX-T Cloud for Azure is in Preview
Can create FW policies for desktops
Control access to other desktops or external applications



Deep Dive into NSX Data Center Security for Clouds, Containers, and More

Ganapathi Bhat, VMware


With thousands of VMs and Containers, you need a simple way to implement policy for microsegmentation. NSX Manager does that.




NSX security policy is carried with vMotion.

ESX Data Plane


KVM Data Plane





Distributed FW




East West
Management, Control, and Data Planes

DFW Policy Lookup

Edge Firewall



North South
Tier-0 connect to physical
Tier-1 connects to tenants in a multi-tenancy environment
Traffic within a tenant does not go through the Edge firewall
NSX-T has transport nodes and edge nodes. Edge FW is enforced in an edge node

Workload & Policy Grouping Methodology & Consumption




Tagging workloads/logical switches





Up to 30 tags per VM allowed

Security Group



Wildcards that include VM name or VM tag or logical switch name
Can be a mix of static and expression based members
and/or criteria can be used

Firewall Rule Types




Precedence of Policies



Best Practices for Micro-Segmentation


Group rules to reduce CPU overhead




Container Security


NCP=NSX Container Plug-In
Network, Security, LB & IPAM






There is a Kubernete OVS that connects to the NSX Virtual Distributed Switch


Native Public Cloud Security & Bare Metal Security


Azure & AWS today. More to come

Native Public Cloud Security


Single NSX Manager to manage policies in on-premises and public cloud.



Bare Metal Security

NSX agent on bare metal. RHEL supported today. WIndows coming.



Closing

I hope you have enjoyed this long post. Feel free to provide feedback.

Comments