Last month VMware introduced a new subscription-based offering called vSphere+ ( vSAN+ was also announced). According to the vSphere product page, this is a way to deploy cloud services to workloads running on-premises (in other words, vSphere deployed on bare metal). The documentation says vSphere+ is “a workload platform that allows you to shift from license based management to a pay-as-you-expand subscription model”.
So, what’s the scoop with vSphere+?
New management control plane
On a high level here’s how vSphere+ works. A loud gateway (VCGW) will be installed on-premises, and that connects to a new cloud management control in the VMware Cloud. William Lam has a nice installation walk-thru post. Once you’re connected the VCGW, which includes registering your vCenter servers, you are able to consume services that run on the VMware cloud to manage your on-premises vSphere installations.
The only thing you will install on-premises is the VCGW. It will establish the communication between your on-premises vCenter Servers and VMware Cloud and facilitate the monitoring and management of your vSphere environment – from the cloud.
The devil is in the details
Some of the fine print: you must be on vCenter Server 7.0 Update 3f (or greater), and your hosts must be at least ESXi 6.5. vCenter HA, Enhanced Linked Mode, Hybrid Linked Mode, External Platform Controllers, and Management vCenter Clusters are not supported, so take care of that before you try to connect.
Once you convert to a vSphere+ subscription, there is no going back. All your license information will be replaced with subscription information. Also, if your vCenter Server instance manages vSAN clusters, you are going to have to buy a vSAN+ subscription. There’s a subscription to figure out your subscription capacity:
Subscription capacity = number of cores per CPU x number of CPUs per ESXi host x number of ESXI hosts.
So, if you have 2 2-CPU/24 core ESXi hosts your minimum subscription capacity will be 96. All the details are in this kb article. I have no idea about costs, you need to call your salesperson to get that information.
Once you convert a vCenter Server to vSphere+, the server and all connected hosts get enabled for subscription and are billed to vSphere+. From now on, this vCenter Server can only use vSphere+ (not license keys). To do that, you’ll need to deploy a new vCenter Server (remember, no going back).
What services do you get with vSphere+?
You can see the services in the vSphere Product Line Comparison chart and in the chart below.
Global Inventory Service | Visualizes inventory of vSphere resources and capacity to quickly understand resource utilization across vSphere estate. |
Event View Service | Consolidates view of events and alerts to quickly triage areas that need attention across your vSphere estate |
Security Health Check Service | Evaluates the security posture of your entire vSphere infrastructure to identify security weaknesses or exposures |
VM Provisioning Service | Quickly create provision VMs from the VMware Cloud Console within any managed cluster. |
Lifecycle Management Service | Simplifies the lifecycle management of vCenter instances with a single click. Reduces maintenance window making it easier to schedule updates sooner, allowing more rapid access to new features. |
Configuration Management Service | Standardizes and cascades vCenter configurations across vSphere estate. Detects and remediates vCenter configuration drifts automatically |
Tanzu Kubernetes Grid™ Service | Allows developers to manage consistent, compliant, and conformant Kubernetes clusters. |
Tanzu Integrated Services. | Streamlines the deployment and management of local and in-cluster platform services—like logging, monitoring, networking, and storage services—to easily configure and maintain a production-ready Kubernetes environment. |
Tanzu Mission Control™ Essentials
(Expected Q3 FY23) |
Provides global visibility across your entire Kubernetes footprint and automates operational tasks such as lifecycle. |
vSphere Pod Service
(Requires NSX-T) |
Allows developers to run Kubernetes containers directly on the hypervisor for improved security, performance, and manageability. |
Storage Service (Is it Storage or volume service?) |
Allows developers to manage persistent disks for use with containers, Kubernetes, and virtual machines. Deploy existing block and file storage infrastructure for containerized workloads |
Network Service | Allows developers to manage Virtual Routers, Load Balancers and Firewall Rules. Leverage existing networking infrastructure using vSphere Distributed Switch’s (VDS) centralized interface to configure, monitor and administer switching access for VMs and Kubernetes workloads. |
Registry Service | Allows developers to store, manage and secure Docker and OCI container images. |
Network Load Balancing
(Requires NSX-T or NSX Advanced Load Balancer Essentials) |
Network load balancing for Tanzu Kubernetes clusters. |
VM Service | Allows developers to create virtual machines independently from Kubernetes without requiring access to vSphere Client. |
What vSphere+ could mean for you
There are a lot of interesting things that come with converting to vSphere+. First, you can see your entire global distributed vSphere inventory from the VMC console. In addition to seeing VMs, you can find which clusters have capacity and create VMs. And you can monitor events, alerts, and security posture globally.
This will make updating vCenter much easier – the docs say in a single click. You can standardize your vCenter Server configuration, push it out, and detect and remediate drift.
vSphere+ subscriptions also come with Tanzu Standard Runtime Edition, so you can “transform your existing virtual infrastructure into an enterprise-ready, self-service Kubernetes platform”. More on this in a minute.
I think one of the interesting possibilities is using vSphere+ to manage lifecycle. For the time being, this server will only work for vCenter Server. But in the future, will you be able to upgrade ESXi hosts? That has always been something vSphere customers have hated because it’s time consuming and can be fraught with peril. Even if organizations stay on premises, everyone’s workloads are evolving to be elastic and distributed. No one has time to mess with yesterday’s way of updating ESXi!
This is one of the technical blog posts from the vSphere+ launch. It has some great screenshots of the major new features. One thing I found interesting was the screenshot for “infrastructure operations” which seems to be a security overview. Confusing name (where are all the other infrastructure operations?), but nice to get that in a global view. One thing I didn’t see anyplace was if this information can be consumed by other security applications, which would really make this an excellent feature. It would even be cooler if the lifecycle manager could feed information into an IaC tool, and have a hand in managing the physical server lifecycle as well.
Don’t forget, operations is the “ops” in “devops”
Legacy vendors like VMware say some funny things as they try to turn that modernization corner. I really dislike when marketing teams from operations vendors chase developers instead of the audience that will use and buy their products. For instance, in the FAQ page VMware calls out admins as IT operators and developers as devops. What do y’all think the ops part of devops stands for?
Further, I don’t understand why the admin services are separated from developer services. Developers are not going to enable or manage the “developer services”. Operations, most likely an SRE, will do that. The self-service services are “for” developers, not managed by developers (in most cases).
Transforming existing virtual infrastructure into an enterprise-ready, self-service Kubernetes platform is going to take some serious planning and execution by the operations team. The goal is self-service, but the ops part of devops is going to have to do lots of work to convert the old into the new to make that work.
In other words, diss your legacy audience at your peril.
Real talk
This seems like a nice catch-up launch for vSphere. They are taking the first step to having a SaaS management control plane, even if it is mostly for vCenter in this go-round. I really wish I’d had a briefing on this, because one of my big questions is how this will connect with other cloud services customers may already use.
And I really hope VMware can remember to market to the people who will be using these tools to set up self-service for their developers.