Author: Gabi Nunes

On April 18th, 2023, VMware Cloud Director 10.4.2 was released, bringing a range of new features. In this blog post, we will highlight some of the key features of this new release.

One of the most significant additions to VMware Cloud Director 10.4.2 is support for Virtual Trusted Platform Module (vTPM) devices. vTPM devices provide improved security to the guest operating system and can be added to both new and existing virtual machines. However, specific prerequisites must be met by both the VM Guest OS and the underlying vCenter Server infrastructure to use vTPM. vTPM is supported in most VCD workflows for Virtual Machine, vApp, Templates, and Catalog Sync.

Another feature in this release is the IDP Proxy for TMC Local. This feature allows VMware Cloud Director to be configured as an identity provider proxy server. With OAuth 2.0 OpenID Connect compliant Identity Providers registered with VMware Cloud Director, relying parties can utilize the platform for tenant-aware user authentication of those already known to the system.

VMware Cloud Director 10.4.2 also includes an improved provider login experience. When accessing the login page at https://vcloud.example.com/ and entering “system” as the organization name, the platform now understands “system” as an organization and will redirect the user to the Service Provider Admin Portal login page.

In previous versions of VMware Cloud Director, the default vApp lease expiration time for newly created tenant organizations was set to 7 days. However, with version 10.4.2, the default vApp lease expiration time setting is now “unlimited” or “never expires.” This change is sure to be a welcome one for many users.

Finally, VMware Cloud Director 10.4.2 introduces two key use cases for NamedDisk Entities. Named Disk Ownership enhances the behavior associated with NamedDisk Entities, providing more control over virtual disks’ ownership and addressing some limitations with virtual disk ownership in previous versions.

The rise of cloud computing has transformed the way businesses operate, offering an affordable and scalable solution to store and manage data. However, as cloud adoption continues to grow, concerns around data privacy and security have also increased. To address these concerns, the concept of sovereign cloud has emerged as a viable alternative to traditional cloud providers.

The concept of sovereignty is emerging as a necessary component of cloud computing for many entities that process and maintain highly sensitive data, such as national and state governments, and highly regulated industries, such finance and healthcare. National governments are also looking to expand digital economic capability and reduce reliance on multi-national firms for their cloud services.

VMware defines a sovereign cloud as one that:

• Protects and unlocks the value of critical data (e.g., national data, corporate data, and personal data) for both private and public sector organizations.

• Delivers a national capability for the digital economy

• Secures data with audited security controls

• Ensures compliance with data privacy laws

• Improves control of data by providing both data residency and data sovereignty with full jurisdictional control

While keeping data ‘in’ is a key concern for sovereignty, it is also necessary to securely share data outside of its jurisdiction when warranted. For example, cross- border policing activities and collaboration. The secure sharing and monetization of data across borders is very important as we look to the next generation of currency – data.

VMware Sovereign Cloud framework principles

Data Sovereignty and Jurisdictional Control – All data is resident and subject to the exclusive control and authority of the nation state where that data was collected. Operations are fully managed within the jurisdiction.

Data Access and Integrity – Cloud infrastructure is resilient and available in at least two data center locations within the jurisdiction with secure and private connectivity options available.

Data Security and Compliance – Information security management system controls are certified against an industry recognized global (or regional) standard and audited regularly.

Data Independence and Mobility – Support for modern application architectures to prevent vendor cloud lock-in and enable application portability and independence.

In conclusion, sovereign cloud offers several advantages that make it an attractive option for businesses that prioritize data privacy, security, and compliance. With reduced latency, cost-effectiveness, sovereign cloud providers are becoming an increasingly popular alternative to traditional cloud providers. As the demand for secure and compliant cloud solutions continues to grow, sovereign cloud providers are well-positioned to meet the needs of businesses in different industries and geographies.

VMware has announced General Availability of VMware Cloud Director Availability 4.5 last November.

VMware Cloud Director Availability is a powerful solution used by VMware Cloud Providers to offer simple, secure, and cost-effective onboarding, migration, and disaster recovery as a service to or between multi-tenant VMware clouds.

What are the core capabilities of VMware Cloud Director Availability?

• Intuitive disaster recovery as a service protection and wizard-driven workflows to protect virtual machines (VM) or vApps. Replication and recovery of VMs and vApps between VMware Cloud Director (cloud to cloud) or on-premises to VMware Cloud Director and vice versa. The offering is now available for on-premises vSphere to protect and migrate workloads from dedicated on-premises vCenter site to Cloud vCenter.
  
• Single on-premises appliance installation for ease of deployment and simplicity for customers replicating to provider vCenter or VMware Cloud Director cloud endpoints. Supports a migration path and DR functionality from vSphere 7.0.
  
• The capability of each deployment to serve as both source and recovery endpoints (synchronous sites). There are no dedicated source and destination sites; symmetrical replication flow can be started and managed from either the source or the recovery site, meaning the UI can be accessed from anywhere with the correct context.
  
• Migration, protection, and control over retained replications (stored instances) as well as flexible RPO policy controls for providers to apply to one Virtual Data Center (VDC) or individual replications via predefined or flexible SLA policies. This helps to control storage costs and provide tiered services to customers. With the latest release, providers have the option to enable 1-minute RPO for mission-critical applications. Since 4.4, the RPO compliance reporting feature has been introduced to keep cloud providers informed about RPO violations to allow both parties to track, monitor, and audit RPO best practices and aid troubleshooting.
  
• Cold or warm migration to provider VMware Cloud Director-based cloud from on-premises via vSphere plugin or via VMware Cloud Director Availability interface in the provider cloud. Cloud providers and tenants can carry out a fast-track migration with the new 1-click migration feature that automatically replicates using static, basic replication settings.
  
• Warm one-way migration from vSphere plugin or VMware Cloud Director provider cloud to VMware Cloud on AWS SDDC under Cloud Director service management.
  
• Layer 2 stretch networking for simpler migrations (and/or disaster recovery) from on-premises to VMware Cloud Director as well as VMware Cloud on AWS.
  
• Secure tunneling through TCP proxy, between sites with built-in encryption and optional compression availability. Cloud to cloud replicant encryption is also supported using Cloud Director encrypted storage policies at the target.
  
• Multi-tenant support native within the VMware Cloud Director hierarchy and in-context DRaaS providing administrative simple views and actions directly in VMware Cloud Director. In case of vSphere (V2V) DR and migration, multi-tenancy will be offered in the future. For the moment, this is supported for dedicated vCenter endpoints only.

VMware Cloud Director Availabil- Use Cases

• On-premises to cloud migration (and vice versa*), on-premises to cloud DR (and vice versa), cloud to cloud DR, cross-version VMware Cloud Director migration.
  
  *Vice versa not available from/to Cloud Director Org VDC on VMware Cloud on AWS; this is a one-way migration only.
  
• Cloud providers using VMware Cloud Director Availability can protect and migrate dedicated on-premises vCenter workloads to vSphere cloud (and vice versa).

To learn more about the VMware Cloud Provider Program, please visit http:// http://www.vmware.com/partners/service-provider.html.

VMware NSX Migration for VMware Cloud Director 1.4.1 was released with new features:

• External Networks directly connected to NSX-T Tier-1 Gateway: VMware Cloud Director version 10.4.1 or higher allows connecting an NSX-T overlay or VLAN-backed external network to a gateway via service interface connection. VLAN segment-backed external network can be connected to only one edge gateway (a single network can be connected to a single edge node per VLAN Id). The migration tool will create necessary static routes when the default gateway is towards the external network that is directly connected to the edge gateway.
  
• Support for Transparent Load Balancing: You can migrate edge gateways with load balancer service having transparent pools configured with VMware Cloud Director version 10.4.1.
  
• Support for Load Balancer VIP (IPv4) from Org VDC Network Subnet: You can migrate edge gateways with load balancer virtual service VIP and load balancer pools using IPv4 address from Org VDC network subnet with VMware Cloud Director version 10.4.1.
  
• Edge Gateway Assessment Reports: The migration tool in addition to the existing Assessment and Summary reports will also create an Edge Gateway detailed report and a Load Balancer detailed report when they run in V2T assessment mode. These reports contain a detailed analysis of edge gateways and load balancer services enlisting the Objects (Name/ID) causing possible blockage of migration.
  
• NAT service Enhancement: From VMware Cloud Director version 10.4.1  onwards, Org VDC networks on which NAT rules are applied will be migrated as Non-Distributed networks. When such NAT rules are created on the NSX-T edge gateway, they will be applied to their respective Non-Distributed Org VDC network interface as per their NSX-V counterpart. NAT rules will also be applied to segment-backed external network in case of NSX-T edge gateway uplink connected to it via the service interface.
  
• Firewall Service Enhancement: From VMware Cloud Director version 10.4.1 onwards, firewall rules on NSX-T backed edge gateway will be applied to the Org VDC network to which they are scoped. The scope of firewall rules will be determined from the NAT rule using the firewall rule IP address. In case if no NAT rule using the firewall rule IP address, then the firewall rule will be applied to all edge gateway interfaces.
  
• Enhancement to reduce downtime during migration and rollback: Modified the workflow of migration and rollback to reduce downtime during N-S network switchover.
  
• Workaround to fix network connectivity loss issue after NSX-T to NSX-V vMotion: For NSX-T to NSX-V migration, when migrating a workload VM back to NSX-V, the network connectivity might not work because the distributed firewall filter in NSX-T is always higher than in NSX-V. The workaround is to place the workload VM in the NSX-T exclusion list before vMotion

VMware Cloud Director 10.4.1 has an entirely new user interface where providers can create, manage and assign themes for their tenants and the provider portal.

In the past VMware Cloud Director 10.4.1 theming and branding was API based, now with this new release customisation can be done directly from the user interface (UI), which allows making VMware Cloud Director look and feel like Cloud Provider brand and company portal for customers.

Changing the look and feel of the provider and the tenant portal VMware Cloud Director 10.4.1 allows sharing of Cloud Provider branding message.

To enable this new features go to Administrator Tab, Settings, Features Flags and enable Branding API

After Branding API is enable, navigate to the Customize Portal Section (under more tab) and select Themes

By default there are two default theme (Base dark and Light).

For the creation of a new theme select Create Theme

Two options will appear Light or Dark themes. Pick one and Create Theme

In this option you can create the new theme, picking color heather, adding Logo, etc. A preview will be available at any time.

Note: Upgrading to VMware Cloud Director 10.4.1 is recommended from 9.7 to 10.4.1 versions but with stages.

VMware Cloud Director 10.4.1 was announced by VMware last week, new networking features, new branding and theming experience are part of this new release.

All new Features:

• AVI Transparent Load Balancing
• SEG tagging for monitoring
• IP Name Space (Rolling updates)
• Service Accounts Multisite Support
• Solution Add-On Management
• Remap Users between Identity Providers (Deprecation of Local Users) (API only)
• New Branding & Theming Experience
• Support for EFI boot and Secure Boot
• Support for vSphere 8.0
• Support for NSX 4.0.1
• UI Enhancements

Upgrading the VMware Cloud Director Appliance

Upgrade from VMware Cloud Director appliance version 9.7 to version 10.4 is supported.

Starting with VMware Cloud Director 10.0, Microsoft SQL Server databases are unsupported.

When you are upgrading VMware Cloud Director, the new version must be compatible with the following components of your existing installation: 

• The database software you are currently using for the VMware Cloud Director database.
  
• The VMware vSphere ^® release you are currently using. 
  
• The VMware NSX^® release that you are currently using. 
  
• Any third-party components that directly interact with VMware Cloud Director.

For information about the compatibility of VMware Cloud Director with other VMware products and with third-party databases, refer to the VMware Product Interoperability Matrices at https://interopmatrix.vmware.com/Interoperability

Upgrade and Migration Paths and Workflows

Source Environment	Target environment VMware Cloud Director appliance 10.4 with an embedded PostgreSQL database
VMware Cloud Director 9.7 on Linux with an external Microsoft SQL Server database	Migrate to VMware Cloud Director appliance 9.7. See Migrating vCloud Director with an External Microsoft SQL Database to vCloud Director Appliance. Upgrade your environment to VMware Cloud Director appliance 10.4. See Upgrade the VMware Cloud Director Appliance by Using an Update Package.
VMware Cloud Director 9.7 on Linux with an external PostgreSQL database	Migrate to VMware Cloud Director appliance 9.7. See Migrating vCloud Director with an External PostgreSQL Database to vCloud Director Appliance. Upgrade your environment to VMware Cloud Director appliance 10.4. See Upgrade the VMware Cloud Director Appliance by Using an Update Package.
VMware Cloud Director 10.0 on Linux with an external PostgreSQL database	Migrate to VMware Cloud Director appliance 10.0. See Migrating vCloud Director with an External PostgreSQL Database to vCloud Director Appliance. Upgrade your environment to VMware Cloud Director appliance 10.4. See Upgrade the VMware Cloud Director Appliance by Using an Update Package.
VMware Cloud Director 10.1 on Linux with an external PostgreSQL database	Migrate to VMware Cloud Director appliance 10.1. See Migrating VMware Cloud Director with an External PostgreSQL Database to VMware Cloud Director Appliance. Upgrade your environment to VMware Cloud Director appliance 10.4. See Upgrade the VMware Cloud Director Appliance by Using an Update Package.
VMware Cloud Director 10.2 on Linux with an external PostgreSQL database	Migrate to VMware Cloud Director appliance 10.2. See Migrating VMware Cloud Director with an External PostgreSQL Database to VMware Cloud Director Appliance. Upgrade your environment to VMware Cloud Director appliance 10.4. See Upgrade the VMware Cloud Director Appliance by Using an Update Package.
VMware Cloud Director 10.3 on Linux with an external PostgreSQL database	Migrate to VMware Cloud Director appliance 10.3. See Migrating VMware Cloud Director with an External PostgreSQL Database to VMware Cloud Director Appliance. Upgrade your environment to VMware Cloud Director appliance 10.4. See Upgrade the VMware Cloud Director Appliance by Using an Update Package.
VMware Cloud Director appliance 9.7 and later with an embedded PostgreSQL database	Upgrade your environment to VMware Cloud Director appliance 10.4. See Upgrade the VMware Cloud Director Appliance by Using an Update Package.

• Verify the Embedded PostgreSQL Database is Ready for Upgrade to VMware Cloud Director 10.4.1
  Before upgrading to VMware Cloud Director 10.4.1, verify that the embedded PostgreSQL database has the required available disk space.
  
• Upgrade the VMware Cloud Director Appliance by Using an Update Package
  You can upgrade the VMware Cloud Director appliance to the latest version or apply patches to the VMware Cloud Director appliance by using an update package.
  
• Upgrade the VMware Cloud Director Appliance by Using the VMware Update Repository
  You can use the VMware Update Repository to upgrade the VMware Cloud Director appliance from version 9.7 to version 10.0 and later or apply patches.
  
• Roll Back a VMware Cloud Director Appliance When an Upgrade Fails
  If the upgrade of a VMware Cloud Director appliance fails, you can use the snapshot of the appliance that you took before the upgrade and roll back the VMware Cloud Director appliance.
  
• Migrating VMware Cloud Director with an External PostgreSQL Database to VMware Cloud Director Appliance 10.4.1 or Later
  If your current VMware Cloud Director environment uses an external PostgreSQL database, you can migrate to a new VMware Cloud Director environment that consists of VMware Cloud Director appliance deployments. Your current VMware Cloud Director environment can consist of VMware Cloud Director installations on Linux or VMware Cloud Director appliance deployments. The new VMware Cloud Director environment can use the appliance embedded PostgreSQL databases in high availability mode. 
  
• Migrating VMware Cloud Director with an External PostgreSQL Database to VMware Cloud Director Appliance 10.4
  If your current VMware Cloud Director environment uses an external PostgreSQL database, you can migrate to a new VMware Cloud Director environment that consists of VMware Cloud Director appliance deployments. Your current VMware Cloud Director environment can consist of VMware Cloud Director installations on Linux or VMware Cloud Director appliance deployments. The new VMware Cloud Director environment can use the appliance embedded PostgreSQL databases in high availability mode. 

VMware Cloud Director Container Service Extension (CSE) 4.0 was announced by VMware last week, CSE now is delivered as an OVA file.

VMware Cloud Director Container Service Extension is a plug-in for VMware Cloud Director™ extension that helps users create and work with Kubernetes clusters.

VMware Cloud Director Container Service Extension brings Kubernetes as a service to VMware Cloud Director by deploying and managing fully functional VMware Cloud Director provisioned VMware Cloud Director clusters. By using VMware Cloud Director Container Service Extension, development teams can focus on application development, and simplifies infrastructure management.

The following diagram illustrates the architecture of VMware Cloud Director Container Service Extension 4.0, and the workflow of service providers and tenant users.

New features

• You can now perform cluster life cycle management tasks such as create, upgrade, resize, and delete Kubernetes clusters in Kubernetes Container Clusters UI plug-in of VMware Cloud Director.
  
• CSE Management tab: A new service provider persona workflow in the Kubernetes Container Clusters UI plug-in. This workflow guides service providers through the VMware Cloud Director Container Service Extension set up in the UI plug-in, and prepares the environment to allow tenant users to create Kubernetes clusters.
  
• Multi-node control plane UI for Tanzu Kubernetes Grid clusters, allowing high availability of the Kubernetes control plane.
  
• Heterogeneous clusters with custom sized nodes to build clusters that can accommodate memory or CPU intensive containers.
  
• Pre-installation of Tanzu core packages in Tanzu Kubernetes Grid clusters at creation time, that reduces additional configuration by containerized applications.
  
• GPU support for Tanzu Kubernetes Grid clusters to allow for AI / ML applications.
  
• The VMware Cloud Director Container Service Extension UI is localized to the following languages: German (de_DE), French (fr_FR), Italian (it_IT), Spanish (es_ES), Brazilian Portuguese (pt_BR), Japanese (ja_JP), Korean (ko_KR), Simplified Chinese (zh_CN), Traditional Chinese (zh_TW).
  
• VMware Cloud Director Container Service Extension is packaged as an appliance and uses Photon OS 3.0.
  
• VMware Cloud Director Container Service Extension supports HA deployment to allow high availability of cluster management tasks, such as create, upgrade, resize and delete a cluster.
  
• Support for the deployment of VMware RabbitMQ using VMware Data Solutions Extension..
  
• You can select a specific LB VIP and subnet for the control plane to manage additional network security or for business continuity.
  
• Cluster API for VMware Cloud Director, CAPVCD, 1.0.0 is released alongside VMware Cloud Director Container Service Extension 4.0. You can use CAPVCD 1.0.0 independently to lifecycle Kubernetes Clusters.

Prerequisites

A virtual data center (VDC) within the organization

An organization (VCD)

NSX Advanced Load Balancer preconfigure

NSX Cloud preconfigure

Independent Shared Named Disks

Outbound Internet connectivity.

Network connectivity between the machine where VMware Cloud Director Container Service Extension is installed, and the VMware Cloud Director server. VMware Cloud Director Container Service Extension communicates with VMware Cloud Director using VMware Cloud Director public API endpoint.

Deployment Step

1. Download OVAs
   VMware Cloud Director Container Service Extension
   Tanzu Kubernetes Grid Templates
   
2. Create Catalogs and Upload OVAs
   https://via.vmw.com/EzIGV0
   
3. Setting up the Configuration for CSE Server
   https://via.vmw.com/TJrvbR
   
4. Add VM Sizing Policies to Organization VDCs
   https://via.vmw.com/iiqyvD
   
5. Create a User with CSE Admin Role
   https://via.vmw.com/87BqhQ
   
6. Start CSE Server
   https://via.vmw.com/QmFJqp
   
7. Download Tanzu Kubernetes Grid Templates
   https://via.vmw.com/FBERLs
   
8. Sharing Tanzu Kubernetes Grid Templates
   https://via.vmw.com/UzKSRu

VMware Cloud Director 10.4 was launched almost 3 months ago, if you have an older version is a good time to plan and upgrade to the latest version.

Since versions prior to VMware Cloud Director 10.3 reached the end of support it’s a good time to upgrade to version 10.4.

You can check the Lifecycle Matrix here:
https://lifecycle.vmware.com/#/

Platform Services & Operations​ improvements

• Enhanced visibility into catalog synchronization steps and progress​
• Fast cross-VC catalog instantiation with shared storage​
• Service account API tokens​
• Consolidated VM console on VCD API URL​
• High-priority automated test suites run on CDS​
• Support for all VCD workflows through a proxy between VCD and vSphere (including for automated tests)​
• Multi-tenancy service account enhancements​
• CSE / Container enhancements​
• Extensibility enhancements​
• Terraform & vRA enhancements

Networking improvements

• Static Routes​
• New NSX Advanced Load Balancer Basic Features​
• New NSX Advanced Load Balancer licensing model​
• Mitigation for NSX-T vApp fencing limitations (API)

Storage improvements

• Better IOPS reporting
• SDRS enhancements​ to save VM placement time and utilize proper storage space

Compliance updates

• STIG Readiness Guide​
• Photon OS 3.0

If your Cloud Director is the appliance version, you can directly migrate from version 9.7 and up.

In the case of a VMware Cloud Director Linux-Based Upgrade with the external database, you can go to version 10.4 from 10.1.4.1

In all of the cases, please check:

• Check the Interoperability guide for software compatibility
• Check the 3rd Party solutions interoperability
• Check the system requirements and installation
• Check the VMware Cloud director extensibility interoperability (Hyper Plugin, CSE, NSX Migration, VRO Plugin, ALP, OSE, vROPs adapters, etc)
• Check the hardware support
• Backup the appliance before the upgrade
• Backup the VCD database before the upgrade
• Take a snapshot of the VCD appliance before the upgrade

The last time VMware held a massive event was in 2019, after two years and a pandemic in November (From 7 to 10) we will see each other again.

As we already know, the event has changed its name and from this year it will be called “VMware Explore”. The place will continue to be the Fira Gran Via in Barcelona.

With 35+ hours of technology and transformation education, training, and executive insights, I’ll have vast opportunities to gain actionable value through:

• Access to 400+ sessions that will enable me to scale cloud-native platform operations, accelerate cloud transformation, and empower and secure the hybrid workforce.

• Practical insights and best practices from customers who’ve cracked the code on addressing challenges like the ones we face.

• Face time with top experts with tips to improve the use of existing solutions and roadmaps on how to advance our capabilities to conquer new business requirements.

• Opportunities to interact hands-on with the latest multi-cloud solutions; accompanied by product experts right there ready to assist.

• Join with the Cross-Cloud services and open-source communities while engaging with an extensive ecosystem of 90% of the top cloud partners.

Finally, I recommend attending the following session:

Need to Migrate Thousands of Workloads? No problem!
Speakers: Andrea Siviero and Suresh Thirumalapudi

This session got the “VMware Explore People’s Choice Awards” in the US VMware Explore

Registration is still open:
https://event.vmware.com/flow/vmware/explore2022eu/reg/form/contactInfo