Reading Time: 9 minutes

This is an article realized for StarWind blog and focused on the pro and cons of an upgrade to vSphere 6.5. See also the original post.

VMware vSphere 6.5 is the latest version of the enterprise server virtual platform from VMware, but the new beta it’s already there for testers. Actually the next version it’s (in the beta) and you can register at https://secure.vmware.com/43478_vSphere_Beta_Reg.

If you are building a new infrastructure from scratch the latest stable version is probably the best choices (for most cases); but what about if you have an old environment and you plan to upgrade it?

Should it better use the latest version, or just wait for the next one (maybe it can be announced at next VMworld 2018) with new features and an extended support?

https://www.starwindsoftware.com/blog/why-upgrade-to-vmware-vsphere-6-5-or-why-not

Why upgrade?

VMware vSphere 6.5 add a lot of new features and will be difficult summarize all of them in this post. For more information see: https://blogs.vmware.com/vsphere/

This image summarizes some of the new features:

html5-vsphere-client

There can be several reasons to upgrade vSphere to the 6.5 version. VMware has built a list of a top ten reasons (https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/vsphere/vmware-vsphere-top-reasons-to-upgrade-infographic.pdf) from a “manager” perspective.

But in this article, let’s try to build a list from a technical and architect perspective.

Support

Support is one of the keys for each product environment and you cannot rely on an environment without it!

  • VMware vSphere 6.5 actually is the best way to extend the support deadline and the life cycle of your environment:
  • VMware vSphere prior version 5.5 are all out of support.
  • VMware vSphere 5.5 will have an extended support and will go to the end of general support in September, 19th 2018.
  • VMware vSphere 6.0 will be supported until March, 12th 2020
  • VMware vSphere 6.5 will be supported until November 15th, 2021.

The recent Meltdown and Spectre bugs demonstrate how is important having supported product: in this case, the patches are available only for vSphere 5.5 (with some limitations), 6.0 and 6.5 (see also https://vinfrastructure.it/2018/01/meltdown-spectre-vmware-patches/).

For more information on the support deadline for each product, see the official VMware Lifecycle Product Matrix: https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/support/product-lifecycle-matrix.pdf

Manageability

In the new version of vSphere finally, the legacy C# vSphere Client for Windows has been dropped and a new HTML5 web client (still called vSphere Client) has been introduced. Unfortunately this client it’s not yet 100% complete, but it’s very close, at least for operational tasks (for more information see https://vinfrastructure.it/2018/01/html5-based-vsphere-client-replace-vsphere-web-client/).

Note that you can add the new HTML5 client also to the previous version using the version available on Flings software (https://labs.vmware.com/flings).

But the biggest news it the new VCSA: the new virtual appliance for vCenter is definitely the first choice, due to the full capabilities and also for the new functions (and VMware has announced that the Windows version will be dropped in the future: https://blogs.vmware.com/vsphere/2017/08/farewell-vcenter-server-windows.html). The VCSA model is now a better model for vCenter Server deployment and lifecycle management!

Also, the new VCSA has some new native unique features:

new-vcsa-native-unique-features

Security

Some of the new security features of the latest vSphere are really cool and unique. With vSphere 6.5 you can protect both your data at rest and also your data in motion. All at infrastructure level!

For data at rest, there are different possible options to store your data securely:

  • Encryption at storage physical level using Self-encrypting drives (SED): using full disk encryption also known as Hardware-based full-disk encryption (FDE). But those type of disks are quite costly and require also controllers or storage that support this feature.
  • Encryption at storage logic level: for example, using vSAN encryption that uses an AES 256 cypher and eliminates the extra cost, limitations, and complexity associated with purchasing and maintaining self-encrypting drives.
  • Encryption at VM level: this is a new feature of vSphere 6.5 in the Enterprise Plus edition. Previously was only possible with 3rd party products.
  • Encryption inside the VM: For example, using Microsoft BitLocker, or using Linux encrypted filesystem (with losetup or other tools).

For data in motion, actually, vSphere 6.5 can protect vMotion traffic. This was not necessary before version 6.0 because vMotion traffic was mainly local on the data center, but with the new cross-vCenter vMotion traffic encryption become a must.

But vSphere 6.5 has other interesting security-related features, like the secure boot option, both the ESXi and the VMs. With Secure Boot, the UEFI firmware validates the digital signature of the operating system and its bool loader to ensures that only a properly signed system will boot.

For more information about the secure boot on ESXi hosts, see this post: https://blogs.vmware.com/vsphere/2017/05/secure-boot-esxi-6-5-hypervisor-assurance.html.

For VMs, note that the secure boot option has some important requirements:

  • Virtual hardware version 13 or later.
  • EFI firmware in the VM boot options.
  • Guest operating system that supports UEFI secure boot.

You can enable secure boot, using the vSphere Web Client, in the VM options of the selected VM:

vSphere-web-client-options

There are also several other improvements about the security, like better logging and audit. For more information, including the hardening part, read the vSphere Security Configuration Guide https://blogs.vmware.com/vsphere/2017/04/vsphere-6-5-security-configuration-guide-now-available.html.

Availability

VMware HA (now called vSphere Availability) has been improved with conditional restart and more VM restart level in order to manage better VM dependency. This can significantly improve your business continuity, in case of a host failure.

For VMware HA, there is also a new proactive HA feature to prevent downtime: it tries to anticipate hardware failures before they occur and preemptively migrates (with vMotion) workloads before problems happen.

And finally, there is a new feature, exclusively available for the VCSA, called vCenter High Availability (vCenter HA). When vCenter HA is enabled, a three-node vCenter Server cluster (Active, Passive, and Witness nodes) is deployed. vCenter HA provides an RTO of about 5 minutes for vCenter Server greatly reducing the impact of a host, hardware, and application failures with automatic failover between the Active and Passive nodes. vCenter HA is included with the vCenter Server Standard license which means that no additional licensing is required.

 vCenter-high-availability

 

For more information see https://blogs.vmware.com/vsphere/2016/12/new-walkthroughs-vcenter-high-availability.html.

Scalability

A new version of vSphere means new maximums, but honestly, for ESXi and VMs they are not so much bigger compared to version 6.0 (where already they where huge!), but for vCenter Server, there is a great improvement. Including the ability of the Foundation edition to manage now up to four hosts (starting with vSphere 6.5 update 1).

VMware vSphere DRS has now new interesting features and can balance not only based on CPU and memory metrics, but also on VM networks traffic.

And the new predictive DRS feature can maximize data center resources with a better predictive load balancing, leverages system usage patterns and analytics provided by vRealize Operations.

Storage

If you are using Virtual Volumes, you can now have a native replication support (of course, if your storage vendor supports it in vSphere 6.5).

If you are using VSAN, the only way to upgrade it and have new features is to upgrade vSphere.

Also, several new types of hardware are now supported (or better supported), like RDMA NICs, NVMe devices (new virtual hardware 13 also include a virtual NVMe controller!), …

Integration

The new VCSA provide a simple REST-based APIs interface to makes it easy to automate operations or integrate vSphere management inside other portals, programs or interfaces.

But vSphere 6.5 it’s also the foundation for several other products, like for example:

Why don’t upgrade?

Also if there are so much reasons to upgrade your environment to vSphere 6.5, there can still be few reasons to skip this upgrade.

Compatibility

You may have a software or hardware part that does not support this version. Note that from the next version of vSphere, several generations of servers will probably no longer be supported (for example, if you install ESXi 6.5 on a Dell 11g, it reports that the next version of ESXi will no longer support that processor).

Note that vSphere 6.5 drops the support of some old hardware and software. vSphere 6.5 no longer supports the following processors—Intel Xeon 51xx series, Xeon 30xx series, Xeon 32xx series, Xeon 53xx series, Xeon 72xx/73xx series.

Be sure to check the compatibility matrix both for all hardware parts, but also for all software parts.

Learning curve

If you are still working with the legacy C# vSphere Client, you need to learn a new client and unfortunately the new HMTL5 vSphere Client it’s not complete… so probably you need to learn on how to use two new clients (remember that the vSphere Client Client Flash-based will be dropped in the future).

Same for the vCenter, if you have used in the past the Windows version you need to learn (but in this case it’s not mandatory) the new VCSA.

Maturity

We can assume that after more than one year the products it’s now mature enough. Honestly, vSphere 6.5 seems a better code compared to previous version 6.0 (or also 5.1) when it was released in GA. Also, it has already been used in production environments for more than 6 months, with few bugs.

But this does not mean that there aren’t possible bugs and some of them are boring.

For example, there was a possible POSD issue with 10 Gbps NICs, but now has finally been fixed (https://vinfrastructure.it/2017/12/psod-vsphere-6-5-10-gbps-nics-solved/). But there are still some minor issues with other NICs, mostly related to bad drivers (for example, for 1 Gbps cards see https://vinfrastructure.it/2017/12/nic-performance-issues-vsphere-6-5/).

Are new functions useful or usable?

Do you really need the new functions? If you are involved in a digital transformation, you will probably need the new platform (AWS for vSphere or vSphere for integrated containers management require the new version). But for SMBs, most of the new functions are not usable or useful yet.

Can you really use the new functions? Most of the new features are only for the Enterprise Plus edition.

Read the original post. Also, you can see this old post.

Share