With the release of vSphere 8.0 Update 3, VMware has introduced a host of new features and enhancements aimed at improving performance, security, and manageability. Among these, one of the most noteworthy additions is the Live Patch feature. In this blog, we’ll delve into the key updates in vSphere 8.0 U3 and explore how Live Patch can significantly benefit your infrastructure.
vCenter Reduced Downtime
Patch and update vCenter with minimal downtime now includes complete topology support and the ability to automatically perform the switchover phase.
vSphere Lifecycle Manager
Manage the software, driver and firmware stack for vSphere clusters and standalone hosts now including vSphere Live Patch, enhanced image customization and support for dual DPU configurations.
vSphere Configuration Profiles
Manage the configuration of vSphere clusters now including support for clusters using baselines, formerly Update Manager, that have not yet transitioned to cluster images using vSphere Lifecycle Manager. Now supporting baseline-managed clusters in vSphere 8 U3.
Enhanced Image Customization
Enhanced image customization in vSphere 8.0 Update 3 refers to the improved capabilities for creating, managing, and deploying customized ESXi images. These capabilities allow administrators to tailor ESXi installation images to meet specific requirements, ensuring that the deployed hosts have the necessary drivers, patches, and configurations from the outset
Dual DPU Support
vSphere Lifecycle Manager in vSphere 8 Update 3 includes support for dual DPU configurations. Similar to single DPU configurations, vSphere Lifecycle Manager will remediate both DPU ESXi versions and ensure all versions are kept at the same version
CPU C-State Virtualization
Energy efficiency is very important for Telco and VRAN (Virtualized radio access networks) infrastructure. vSphere 8 Update 3 allows physical CPU C-States to be virtualized and managed from within workloads. Workloads can request physical core enter power saving modes, such as C-State 6, when applications and processes are idle
Virtual Machine Disabled Operations
First and third-party solutions disable certain vSphere operations, such as migration operations, during certain activities. For example, a VM backup solution might disable a VMs ability to migrate using vMotion while the backup task is in progress to prevent the task failing.
Customize Virtual Hardware when deploying from Content Library
OVF/OVA templates deployed from a content library can have their hardware customized during the deployment wizard instead of post-deployment.
vSphere Fault Tolerance Metro Cluster Support
Virtual machines configured with vSphere Fault Tolerance support stretched / metro clusters.
Embedded vSphere Cluster Service
vSphere Cluster Service (vCLS) is rearchitected to use fewer resources, remove storage footprint, and eliminate issues associated with vCLS deployment.
vSphere DRS Settings for Passthrough Devices (vGPU)
A virtual GPU (vGPU) allows a physical GPU to be shared among multiple virtual machines (VMs), providing hardware-accelerated graphics and compute capabilities. Passthrough devices, on the other hand, involve direct assignment of physical hardware resources to VMs, bypassing the hypervisor for better performance.
Cluster Level GPU Monitoring
Cluster-level GPU monitoring in vSphere 8.0 U3 allows administrators to track and analyze the utilization and performance of GPU resources across an entire cluster. This feature provides comprehensive insights into how GPU resources are being used, enabling better resource allocation, performance optimization, and capacity planning.
GPU Profiles in vSphere 8
GPU profiles in vSphere 8.0 Update 3 allow administrators to allocate specific GPU resources to VMs in a more granular and efficient manner. This is achieved by defining profiles that specify the amount of GPU memory, cores, and other resources that a VM can use.
Identity Management Choices
The latest addition to the modern authentication collection is support for PingFederate, joining Entra ID, Okta, and ADFS support to make vSphere very flexible in dealing with identity and access control.
vSAN Stretched Cluster support
Supervisor clusters and Kubernetes clusters can now be deployed on vSAN stretched clusters.
Automated Supervisor Certificate Rotation
Supervisor cluster certificates are automatically renewed.
vSphere Live Patch: Minimizing Downtime, Maximizing Security
One of the standout features of vSphere 8.0 U3 is the introduction of Live Patch. This feature is designed to address one of the most critical challenges in IT infrastructure management: applying patches and updates without requiring system reboots or significant downtime.
What is Live Patch?
Live Patch allows administrators to apply security patches and critical updates to the ESXi hypervisor without needing to reboot the host. This is achieved through a sophisticated mechanism that patches the running kernel and related components in-memory, ensuring that updates are applied seamlessly and without interrupting workloads.
Benefits of Live Patch :
Minimized Downtime:
Enhanced Security
Operational Efficiency
How Live Patch Works:
Live Patch works by loading the patch into the ESXi host’s memory and dynamically applying it to the running kernel and related components. This process involves:
Host enters partial maintenance mode
2. New mount revision loaded (existing files processes will not be touch it created new files and process )
3. New mount revision patched ( patch is applied to the new mount )
4. VMs fast-suspend-resume(FSR) to consume patched mount revision.
Note : vSphere Live patch's use of FSR makes it easier for customer to keep their software up to date and avoid security problems.
Some VM are not compatible to FSR(Fast-suspend-resume) :
VMs configured with vSphere Fault Tolerance(FT)
VMs using Direct Path IO
vSphere Pods
These VMs need to be manually remediated. i.e. either migrating the VM or by power cycling it.
What is Partial Maintenance Mode :
Partial Maintenance Mode is a feature in VMware vSphere 8.0U3 that allows an ESXi host to be placed into a state where some, but not all, of its resources are taken offline for maintenance. Unlike full maintenance mode, where all virtual machines (VMs) are either powered off or migrated to other hosts, Partial Maintenance Mode allows certain critical VMs to continue running on the host while maintenance tasks are performed on the remaining resources.
vSphere 8.0 Update 3 brings significant enhancements to VMware's virtualization platform, focusing on performance, security, and manageability. The introduction of Live Patch is a game-changer, offering a seamless way to apply critical updates without the need for disruptive reboots. Happy learning!!!
Comments