Get ready to revolutionize your understanding of VCD 10.5! We've partnered with tech wizards Yves Sanfort, Tobias Paschek, Jörg Lew, Matthias Eisner and Sascha Schwunk to unlock the secrets behind the enhanced features and functionalities of VCD 10.5.
Unlock the power of the unique VM discovery feature, unravel the complexities of NSX Federation, and get up-close with the improved catalog system. Plus, discover how the user experience has been taken to the next level with the introduction of App Launch Pad to the core VCD tenant UI.
But that's not all! The second half of our podcast's journey dives deeper into the benefits of VCD 10.5. We'll explore cutting-edge functionalities like the ability to activate virtual machine import on a per organization basis, the streamlined IP Spaces for effortless IP address consumption, and leveraging shared data stores across V Centers for migration. We also unravel the merits of PVDC and C-POM access for tenants. And guess what? We've got Jörg Lew, a technical product manager at VMware, on board to share his invaluable insights into these features. Prepare to be enlightened on new security troubleshooting features, including the firewall rule ID for syslog. Don't miss out on these exciting revelations!
Hello and welcome. It's been a while. We have been busy doing some Cloud Director news, but we are now back with the VCD Roundtable almost the same group as in the past, a few changes, but we are getting back on track in preparation for VMware Explorer in Las Vegas. I still need to get used to the new name. I still am trying to not say VMworld, but maybe let's see how good we get that to be done today. We are going to shortly do an introductory round in a second, but before we do that, today's episode is going to cover nearly everything around VCD 10.5, except for a good part of the networking features, because it's so much that we will dedicate a separate episode just to the VCD 10.5 network sections. With that being said, my name is Yves Sanford, CEO of the Comm Division Group, one of the lead architects in our service provider division, taking care of not only the technical but more the business advisory services for service providers all around the globe. And, with that being said, I'm allowed to pick who is going to introduce himself next and I'm going to throw it over to Toby, who has already the bridge behind him. But you should actually have Vegas behind you.Speaker 2:
Yeah, it's the wrong bridge. We are not going to San Fran, we are going to Vegas. Yeah, good morning, good afternoon, whatever time zone. You are listening. My name is Tobias Barschek. I'm a solution architect for the whole networking stuff inside Comm Division. I'm a partner at Comm Division and, as already said, focusing on the whole networking story. Yeah, and I would like to hand over to Jörg.Speaker 3:
Hey, yeah, my name is Jörg Lief. I'm a technical product manager at VMware and VMware's cloud provider division and I'm working educating people around cloud director and all the different integrations and extensions that we have. And with that, over to Matthias.Speaker 4:
Yeah, hi, matthias. Partner at Comm Division cloud architect taking care of cloud director NSX and the automation around all those products, sasha.Speaker 5:
Hi, my name is Sasha Schwung, partner and cloud architect at Comm Division, working a lot around of designs, cloud director working with container service extensions and a lot of NSX V2T migrations still.Speaker 1:
Okay, thanks for the introduction. Yeah, 10.5 Cloud Director came out. I think, especially when we look in the next episode on the networking features, quite a lot of very good enhancements. Let me just browse over the list of some of the changes we have ahead of us. Or we got with this release, one of them which I found interesting because we although it's not necessarily a daily feature, but the feature set to utilize the VM discovery is quite an important one for many customers because it's a good way, especially when we migrate or set up new service providers who have never used VCD before, and we kind of solve the whole story on how do we get the existing customers onboarded. I mean, there's always the way to use tools like Cloud Director, availability for it as well, but very often it's hey, how can we onboard customers without having any interruption? And one of the very easy ways is to just actually create the resource pools and move virtual machines in. In the past, one of the challenges was that this was a very, very generic setting you could only turn off, on and turn off, and so I'm definitely looking forward to having a finally feature which allows me to do that on an organizational work VDC level, which also allows me to be a bit more secure that not by mistake things jump into the wrong VCD instance. So I definitely look forward to utilizing that feature in the next few days and in weeks on our next projects. But there are a few other features as well. So, sascha, what do you want to point out from the feature list?Speaker 5:
Yeah, so for me it's very interesting the complete network stuff with NSX Federation, because we talked in the last few months with a lot of cloud providers about NSX Federation and the possibilities in the future. Though, no, we have the first supported way with NSX Federation, so I think that will be a big part for many cloud providers working international and with many locations.Speaker 1:
Okay, but I think that's something we are going to cover in the separate episode. So there are also the changes around the catalogues and catalogues synchronization, which I think are a very interesting storyline overall, because synchronization has always been a big topic for service providers on how we do that, how we can speed things up, and I think that's a very good scenario. Jörg, do you want to throw some more details behind some of those features, maybe?Speaker 3:
Yeah, there have been a lot of improvements on the mechanics of the catalog system. For that that's already going on for the last couple of versions, but now with 10.5, there hasa big change in the user experience as well. So in the past we are working towards revamping the catalog system of Cloud Director, which has been there since the very first Cloud Director release and it's just not up to date anymore in terms of multi-site installations or more global installations where you have multiple VCD installations or different data centers managed by the same Cloud Director. So there are a bunch of mechanical improvements how the catalog system works, and improved support for shared storage, for example, so that VCD recognizes templates or ISO images in the catalog that are available to multiple V centers and managed by the same Cloud Director instance. So it avoids a lot of cloning and data transfer steps that are needed. You share catalogs between different organizations or between different locations in a Cloud Director environment. And then from a user experience perspective, that's likely one of the biggest changes for the tenant end user that we have in VCD 10.5 is that we included a lot of functionality from App Launch Pad into the core VCD yeah tenant UI. So that means that in earlier versions where you installed App Launch Pad as an extension to offer more service catalog style user experience to your tenant users as a provider. With VCD 10.5, you now can do that out of the box. So with the VCD 10.5, Content Hub is a very prominent menu item in the main navigation menu of the VCD UI, the Provider Portal and the Tenant Portal, and it allows you to offer not only the V app templates or ISO images but also new container-based applications, like based on Helm charts, as items for the tenants to use. So this integrated with the catalog systems. You can publish your own V app templates if you want to. So the catalog workflows that you had in past with capturing existing V apps into the catalog that, of course, all still works as it was before, but it's also integrated nicely with the new UI so that you can add additional information about the V app and you can synchronize from external repositories like the VMware Marketplace, Bitnami Helmchart repository or even external repositories like the NVIDIA NGC catalog for AI workloads. So a very good way for US service provider to very quickly offer new content for your tenant users to consume and, of course, with the very easy consume interface, for your tenant user to very quickly deploy new workloads into their organization VDCs or even their Kubernetes clusters, in terms of their container and Helmchart-based applications.Speaker 1:
Good, matthias, anything you want to point out from the long list of VCD enhancements we got with 10.5? Of course I want.Speaker 4:
So first of all, I would like to add a little bit of information in terms of virtual machine import functionality because, to be a bit more precisely, we now have the ability to turn it off globally and enable it on a per organization base. In the past we could enable it globally but turned off, but now we have exactly the other way around, which makes it more flexible, as you have already pointed out. The second I would really love to mention is the improvement in terms of IP spaces. Short summarization what is IP spaces enabling us? It allows the service provider to manage IP addresses and ranges and provide IP address and ranges to their tenants. The tenants are able to consume those IP addresses or ranges as they like and we can just charge for it, because that's what we want to do. The cool thing in 10.5 is we now have the ability to migrate existing assigned IP ranges into IP spaces to enable the automated consumption or the better or easier consumption for the tenants. I think that's a big improvement and will provide a very easy way for service providers to add additional IP addresses, because in the past it was always a manual approach, adding additional IP addresses to educate, raise for their tenants. So I think that's a very good and important enhancement On top BGP and I'm currently looking at Toby and his bridge. Toby, what are you thinking about? The new BGP enhancements having the ability to deal with route maps and stuff from the VCD?Speaker 2:
UI perspective Dealing with the whole BGP story. So we can now create route maps, we can do prefix filtering in the VCD UI, we can utilize as you have mentioned it before already the new IP spaces also on our dedicated BGP configuration. So this is or we need to use it, to be fair, because we can utilize the route maps only if we have the IP spaces already enabled. But, as mentioned before by Eve and by Sasha, we will cover this in our dedicated networks session a little bit deeper. What I would like to add, and what is really, from my perspective, an interesting feature and what was a little bit pain in the ass in the past, is that we now have the ability to leverage shared data stores across V centers for migration and that we now don't need to export the whole VM in an OVF on our VS transfer share and we import it because now we have the ability to leverage shared data stores across multiple V centers and VCD is now capable of discovering hey, there is the same data store map on different V centers. So this is also a nice and then big improvement from my perspective. What else do we have? Sorry, time saver, time saver, yeah.Speaker 1:
I think another important part is that we also now got an yeah, I wouldn't necessarily call it an additional way to manage infrastructure before you had, when you had VCD as the service provider, you always had the choice you can actually either provide a PVDC to a customer or you could actually provide them with a C-POM the ability to directly access a V center. The ability to get now used both on the same infrastructure I think is opening up an interesting door for certain use cases where, in the past, service providers especially when it came also to white label services, but also for other features where you had larger organizations typically as customers and there was the kind of end user basis who used utilize self service they were fine with the VCD interface, but at the same point in time, you also had to deal with their existing IT team, which always came back as like yeah, but VCD is a complete new UI. We can't actually leverage the same as what we have in V center and what we are used to, and now, with the combination that for one tenant, you can basically give them both sides of the story, I think that's a very good addition, especially in those use cases where we have customers who are not running a shared infrastructure. Because when I look at the hundreds of service providers we work with on a regular basis by now, then it's a very clear situation that, yes, you have the shared infrastructure where the customers might have only 5, 10, 15, 20 VMs, but it's also a good chunk of service providers, not only in the US, who really have dedicated V centers and dedicated hosts for a specific customer, and I think giving them now the choice that they don't no longer have to pick between whether we do C-POM or PVDC is a great story. Combining that with the fact that we have more flexibility from an import perspective now makes the whole onboarding story a lot easier, because a lot of the service providers where we onboard them and do a greenfield VCD deployment in the past still have a lot of existing V sphere and V center clusters out there, because for them it's very hard to transition the customers from that behavior into the VCD behavior, because every human being, or most human beings, are very reluctant for any kind of change. So if users are used to the fact that they can just actually go into a system and have V center access, it's very hard to limit them down to VCD. Having now the combination that I can utilize the import feature for organizations via resource pools, et cetera. Combining that with two different access layers for it, I think is going to make that onboarding piece for especially existing service providers a lot of easier.Speaker 4:
And we have a very nice new feature in terms of security troubleshooting. I know we have a dedicated networking recording, I know. But I want to point out one very small detail, because in 10.5 we now have for the firewall rules a logging ID element which contains the NSX firewall rule ID which is used for syslog. So if we now need to troubleshoot firewall rule sets, we can now access the rule ID directly and go to I wouldn't say be realized log inside, but I think it's now called ARIA operations for log For log yes, yeah, I think that's the correct name and use that ID for filtering or creating dashboards. I think that's very interesting for troubleshooting.Speaker 1:
Everybody imagine ahead of behind Mattias screen, a huge wall of all the new product names so that he tries to actually stick with them all the time.Speaker 4:
Yeah, it's challenging.Speaker 1:
So, although I know it's not Mattias topic but I know definitely it's York's topic, we can't get around the Terraform perspective. I know this can could easily lead to an hour-long discussion, but I think it's just important to cover the new features, updates and everything else and don't have a discussion about the use of it or not?Speaker 3:
Yeah, so the Terraform provider. That's an adapter that allows users to use well HashiCop's Terraform tool to automate Cloud Director environments and there are a lot of different use cases for service providers and for tenant users to well create and manage stuff in VCD through that Terraform infrastructure as code strategy. And the provider is an open source provider so you can find the source code on GitHub and can also get directly in touch with our engineers through GitHub issues and the community on GitHub, and it is sponsored and maintained by the Mware engineering team and the Cloud Director team. But there are also a lot of contributions from service providers and sometimes even from end customers who contributes on code or at least some feature requests and bug mentions on the GitHub issues, and that Terraform provider has a release cadence that's independent from VCD, but of course, they try to stick pretty close to the VCD releases when it comes to new features and new API versions. So we do have a new version of the Terraform provider as well that came out a couple of weeks ago and that now will add support for IP spaces so that you can consume IPs that are managed through IP spaces through Terraform, and it has some improvements for container services extension as well. So it's now possible to really create and manage Kubernetes clusters that are managed through container service extension with the Terraform provider as well. In addition to that, there have been a lot of smaller bug fixes and improvements that really came based on the feedback through the GitHub issues on the communities. That's it for Terraform.Speaker 1:
Good, sasha, as I know, you have compiled the whole list. Did we miss anything really on the 10.5 list for features which are not necessarily network related because, as I said, we are going to have a dedicated network session overall?Speaker 5:
Yeah, I think we are good with the New features.Speaker 2:
Yeah, but there is one thing I would like already to add Regarding having a supported environment in the future, because it is already it is now starting, but service providers should now have in mind that they need to have a successful SMDB outbound connectivity configured. It becomes required and all users absolutely independent if they are imported from an active directory or from an IDP need to have configured an email address. In the next versions, starting with 10.5, it is already now the starting point, but from the new, next releases, if the user don't have configured an email address, some features will not be available anymore. So this is really, from a supported perspective, an important part. Please verify that your Cloud Director has an SMDB configuration and that all of your users have an email address configured.Speaker 3:
Yeah, that's a good point. Thanks for before mentioning that that's part of our overall strategy to have yeah, Not VCD taking on local user management anymore in further future, but really rely on external identity management systems and identity providers to authenticate and manage users. And well, all of these technologies be that SAML or OIDC or OOUT or whatever protocol or mechanisms used they all rely on having an email address to identify the user and as part of that, we now require the users to have a configured email address. There are also some tools they are API only that makes it easier to migrate and import users and migrate users between the local user VCD management and pass through external identity providers. So that's something that you should keep in mind for future that eventually we are going to deprecate the support for local users in VCD.Speaker 4:
What I would like to add is we should not only talk about things which are new, the new hotend nice stuff, also things about being deprecated, and VMware is pretty clear in 10.5 that it accelerates the deprecation speed in the API. So a few additional versions are not deprecated on the API, and especially the API version 38, I think, is no longer supporting slash API, slash sessions for authentication. So that's a big change and everybody using API needs to revalidate if the authentication has already been moved to the JWT mechanism.Speaker 3:
Yeah, very important point, because that, of course, will finally break older API clients that are not using this new endpoint anymore for logging in. By the way, that has been deprecated, I think, for the last three versions of VCD or VCD API, so you had some time to change your API clients, but of course we know it's true. But now they're really mentioning yeah, it's accelerating yeah please move Version 38, it really breaks now if you don't log in with the new endpoints.Speaker 4:
Yes, I think more and more stuff is moving towards the Cloud API. Everybody should really start migrating towards the new API instead of using the old stuff, say, as Sasha mentioned at the beginning, still to be to the migration.Speaker 1:
Yeah, I was just about to say who are you looking at, matthias?Speaker 4:
Being honest at my screen. Yeah, the middle.Speaker 3:
Yeah, there's one other feature that's mentioned in the release notes which is likely not that important for providers or end users yet, but rather for ecosystem partners who build integrations with VCD. A couple of versions ago we introduced the new solutions add-on framework to make it easier for ecosystem partners to integrate with VCD and manage their solutions through the provider portal, and there have been some additions and improvements to that solution add-on framework as well in 10.5. So it's now possible for the provider to upgrade solution add-ons through the UI and API. So the version control and the life cycle management of these extensions gets much easier. And of course, you can now publish solutions on the pertinent base. So that allows you to really offer some value add services and monetize these services on the pertinent base that you offer them. I don't know backup solutions or antivirus solutions or what else we have in our ecosystem integrating with VCD.Speaker 1:
Good, then, I think we have mostly everything taken care of for the 10.5 release. I think those people who are going to attend the VMware Explorer in Las Vegas there's definitely something going to be at the VMware booth. There are definitely going to be some sessions around 10.5. So if you haven't added them to your calendar so far, then please make sure to do so. Also, we are happy to announce from the CommDivision team that we have a dedicated room where we can meet, hang out etc. With all our service provider friends. So if you haven't made an appointment yet with us, reach out to us over social media or anything else. We are more than happy to welcome you, have a little drink, a Coke or something else and then actually enjoy the time in our suite together and talk a bit about VCD etc. We might even do some ad hoc session recordings from there for around VCD and for the VCD roundtable. So stay tuned, keep us posted for everything you do during the VMware Explorer 2023 in Las Vegas. So I'm still getting used to it and we are going to cover in our next VCD roundtable episode everything around 10.5, networking and some of the other changes which you just need to be aware of around networking. Hop until then, have a good day and see you soon.