Blog

As we delve into the new Broadcom Advantage Partner Program with multiple cloud services offerings, VMware by Broadcom is thrilled to announce that VMware Cloud Director 10.6 is now available as part of the VCF (VMware Cloud Foundation) offering, starting June 27th, 2024. This major release brings new features and enhancements that will revolutionize your managed private and public cloud offerings.

Our relentless focus on multi-tier tenancy has led to the introduction of innovative capabilities and enhancements to existing ones, providing you with unparalleled flexibility, scalability, and control. Whether you’re looking to streamline your cloud operations or expand your reach, VMware Cloud Director 10.6 has got you covered.

In this latest update, you’ll find significant improvements and new features in the following areas:

Three-Tier Tenancy

VMware Cloud Director allows cloud providers to establish a multi-layered organizational structure through the UI, known as the three-tier tenancy model, to create sub-provider organizations with limited administrative privileges over a specific set of tenants.

With this capability, cloud providers can grant restricted access to specific resources and services within their infrastructure, ensuring that each tenant has controlled access to only the resources they need. This enhanced tenancy model also enables greater scalability, flexibility, and security, as cloud providers can easily manage and provision resources across multiple levels of administration.

This innovative approach enables cloud providers to adopt various business models, such as:

1. Create sub-provider organizations which facilitate nested multi-tenancy within large enterprise organizations, allowing them to create separate administrative hierarchies for different departments or subsidiaries.
2. Resell cloud services through partners or managed service providers.

This release brings the three-tier tenancy capability to all aspects of resources and services available through VMware Cloud Director, making it an ideal solution for cloud providers looking to offer flexible and scalable cloud services to their customers.

Scale Limits

This release brings significant maximum scale increase in several areas of the platform such as:

• The maximum number of VMs per VMware Cloud Director instance has been increased to 55,000, regardless of power state.
• The number of concurrent remote consoles supported has been increased to 22,000.
• The maximum number of users supported by the platform has been increased to 300,000.
• The organizational model for grouping Virtual Data Center Collections (Org VDCs) has been revamped to adopt a three-tier structure. Under this new design, the Sub-Provider can now manage Data Center Groups, which can accommodate up to 2000 members (previously 16) and share networks and uplinks among them.

Multiple VM and vApp Snapshots

VMware Cloud Director now offers enhanced flexibility for your virtual machines and vApps with the ability to take multiple snapshots per VM or per vApp, up to a maximum number set by your cloud provider.

By supporting multiple snapshots, VMware Cloud Director provides a more efficient and flexible way to manage your virtual machines, giving you greater control and confidence in your cloud infrastructure.

Content Hub

Now, effortlessly manage and orchestrate your containerized applications and resources across the cluster with the enhancements made to the Content Hub.

• Kubernetes cluster administrators can now define precise access controls, granting individual users or groups tailored permissions to access specific clusters, namespaces, or applications. This feature enables a multi-tenant architecture, allowing multiple organizations to securely coexist within the same Kubernetes environment, each with their own isolated namespace to deploy, manage, and govern their containerized workloads.

• A new version of the Content Hub Operator has been released, which runs natively within the Kubernetes cluster and utilizes WebSocket Protocol, for high-performance communication with VMware Cloud Director. The operator also provides real-time compatibility reporting to the Tenant Portal, enabling cluster owners to make informed decisions about when to upgrade to ensure seamless integration with VMware Cloud Director.

Distributed Global Catalog

Allow for a global, multi-site cloud architecture by enabling seamless access to catalogs across multiple VMware Cloud Director (VCD) sites, providing a unified catalog experience for tenants regardless of the vCenter instance or SDDC infrastructure. Leverage vendor-agnostic shared storage solutions (such as NetApp, Dell, vSAN, etc.) to replicate data and ensure global consistency across the catalog.

Multiple IDP Protocols and Local users

VMware Cloud Director allows organizations to utilize multiple identity provider protocols (IDP), including LDAP, SAML, and OpenId Connect (OIDC), for a more comprehensive authentication approach. By leveraging external identity providers, you can benefit from the latest advancements in authentication technology. It’s worth noting that while local users are still supported for evaluation purposes in the current release, their use in production is being deprecated, and will continue to be fully supported until the next major release of VMware Cloud Director.

Improved VM Template instantiation performance

When provisioning a VM template on a different vCenter using VMware Cloud Director, the system takes a two-pronged approach to ensure efficient deployment. Initially, it attempts to accelerate the process by cloning the VM template directly, leveraging the speed and efficiency of this method. This approach allows the system to rapidly create a new VM instance without the overhead of exporting and importing the VM as an OVF file. However, if the cloning operation encounters any issues or errors, the system will automatically switch to a more traditional method, utilizing OVF export/import to deploy the VM. This fallback approach ensures that the provisioning process is completed successfully, even in cases where cloning may not be possible.

Enhanced Encryption Management

VMware Cloud Director 10.6 introduces several enhancements to the encryption management feature:

• Multiple Key Providers can be registered simultaneously, providing greater flexibility and scalability.
• The cluster name can be edited during key provider publishing, allowing service providers to easily identify which key provider belongs to which tenant.
• When authenticating a Key Provider or registering a new key, users can now opt for generating a new key for each encryption operation, ensuring added security.
• A new key rotation feature has been introduced, enabling automatic key rotation based on configuration settings. This process is non-disruptive and ensures seamless encryption.
• VMware Cloud Director 10.6 introduces a new feature that allows users to apply different encryption policies to different storage policies, providing greater flexibility and customization in their encryption strategies.
• When deleting an encryption policy, VMware Cloud Director 10.6 now provides the option to ‘Do not re-encrypt’ previously encrypted data.

vSAN 4.1 NFS Support

VMware Cloud Director 10.6 now includes support for vSAN 4.1 NFS, enabling secure file sharing with Kerberos authentication. This integration allows for the use of vSAN 4.1 as a reliable and secure storage solution, providing an additional option for file sharing within your organization.

Resolving CVE-2024-22272 Vulnerability

For more information on this vulnerability and its impact on VMware by Broadcom products, see VMSA-2024-0014.

IPv6 Support for VMware Cloud Director appliance nodes

VMware Cloud Director supports the deployment of appliance cells in IPv6 networks, enabling customers to leverage the benefits of this modern networking protocol while maintaining compatibility with existing infrastructure.

Custom Health Monitor

As part of our ongoing efforts to enhance the user experience, we are introducing Custom Health Monitors as a complement to our existing HTTP policies. With this feature, tenants can now monitor and troubleshoot various health characteristics of their load-balanced services, including metrics such as response time, packet loss, and connection errors. This allows them to take proactive measures to maintain service reliability and responsiveness.

Avi Load Balancer Logging

With the new tenant-level Avi LB logging capability, tenants and cloud providers can now gain a deeper understanding of their Avi LB usage. This feature provides granular visibility into Avi LB activity, enabling them to track usage patterns, triage events, and export logs for auditing, compliance, and regulatory purposes.

Avi LB WAF

The Avi LB and Cloud Director integration opens up new opportunities for our customers to deliver value-added services to their end customers. By integrating WAF security features into their service portfolio, they can provide enhanced protection against web-based attacks, improve customer satisfaction, and strengthen their market position.

With the introduction of WAF, here are some of the advantages:

• Improved security: WAF helps protect against web-based attacks, such as SQL injection and cross-site scripting (XSS), by filtering incoming traffic and blocking malicious requests.
• Enhanced compliance: WAF can help organizations meet regulatory requirements by providing visibility into web traffic and allowing them to block specific types of traffic or requests.
• Increased customer trust: By offering WAF as a value-added service, organizations can demonstrate their commitment to security and build trust with their customers.
• Competitive differentiation: WAF can be a key differentiator for organizations looking to stand out in a crowded market, as it provides an additional layer of security and protection.

IP Address Management

Significant upgrades have been made to IP Address Management, with a focus on simplifying IP reservations for workloads and allocating IP addresses to long-lived services, such as load balancer virtual IPs. These enhancements are designed to align with a three-tier permission structure, providing a user-friendly experience for managing IP address lifecycles, which are derived from IP pools for tenants, sub-providers, and provider personas.

IPsec VPN on Provider Gateways and Edge Gateways

VMware Cloud Director has extended its IPsec VPN capabilities to include tunnel establishment on dedicated provider gateways. The updated VPN management framework is now structured into a three-tier model, allowing tenants, sub-providers, and providers to set up and manage VPNs. With this enhanced capability, providers can use Border Gateway Protocol (BGP) to control which IP prefixes utilize the VPN. Furthermore, providers and sub-providers can automate BGP configuration for their tenants when using IP Spaces to manage network assignments for public and private addressing. Moreover, providers and sub-providers can delegate specific BGP configurations to their tenants, providing greater flexibility and control.

New UX for deploying Avi Controllers and NSX Cloud Connectors

VMware Cloud Director 10.6 introduces significant enhancements to the provisioning of Avi Controllers and NSX Cloud Connectors, thereby boosting Avi LB scalability. The new user experience (UX) enables administrators to easily add more Cloud Controllers to existing Avi Controllers, allowing for increased capacity and performance. Additionally, the UX provides valuable insights into consumption metrics for Avi controllers, NSX cloud, and edge gateways, empowering administrators to make informed decisions about resource allocation and optimization.

Security Log Ingestion

VMware Cloud Director has enabled log ingestion, seamlessly connecting to VMware Aria Operations for Logs. NSX Gateway Firewall and Distributed Firewall logs are now automatically processed by VMware Aria Operations for Logs, providing easy access to these logs through the tenant portal. This integration empowers tenants to quickly find specific events using filters and time ranges, and export logs to CSV files for further analysis and reporting.

Call To Action:

• Get started with VMware Cloud Director 10.6 by downloading the latest version from here.
• For detailed information on how to use and configure VCD 10.6, please refer to the official documentation here.
• For more resources and information about VCD, visit the dedicated VMware Cloud Director page on vmware.com here.
• To view the API guide read the legacy API guide here and the OpenAPI guide here.

Object Storage Extension 3.1

VMware Cloud Director Object Storage Extension version 3.1 introduces new features, including:

• MinIO support for external Kubernetes clusters.
• Client IP forwarding for customized bucket access control.
• Enhanced Kubernetes Backup and Restore UI for better visibility and management.
• OSIS (Object Storage Interoperability Service) updates for S3-compliant storage vendors and asynchronous tenant onboarding.

Call To Action: Download OSE 3.1 from here and read the OSE 3.1 documentation here.

To share this blog with your peers and colleagues, please use this link: https://bit.ly/45mY62F

Source