Hi everyone. Today we bring you the news of SDDC release (v1.15) with huge improvements and new features.

New Features for VMware Cloud on AWS

  • VMware Transit Connect/ SDDC Group connectivity to Transit VPC
    • VMware Transit Connect enhancement to enable Transit VPC connectivity. VMware Transit Connect customers can configure a static route for a VPC attachment in the same AWS region. This capability becomes immediately available to all SDDC Group deployments (compatible with SDDC version 1.12 and above).
  • VMware Transit Connect/ SDDC Group connectivity across regions
    • SDDC Groups can now be expanded across regions. Customers can select SDDCs in more than one region for an SDDC Group. VMware Transit Connect provides automatic provisioning and connectivity for SDDCs Group members across multiple regions. This provides high bandwidth connectivity for SDDC to SDDC communication across regions.
  • VMware NSX® Advanced Firewall for VMware Cloud on AWS
    • VMware Cloud on AWS introduces major security capabilities. NSX Advanced Firewall includes NSX Distributed IDS/ IPS, NSX Identity Firewall and Distributed Firewall Layer7 with Application Identification and FQDN Filtering. Available as an Add-on for SDDC version 1.15. 
    • NSX Distributed IDS/ IPS
      • VMware NSX Distributed IDS/IPS is an intrusion detection and prevention system for SDDC network traffic. Customers can detect and prevent lateral threats to workloads using curated threat signatures and apply rules at the relevant VM level. Distributed IDS/IPS utilizes threat signatures updated by the VMware NSX Threat Intelligence Service.
    • NSX Distributed Firewall Layer7 with Application Identification and FQDN Filtering
      • Customers can apply stateful layer 7 access controls and filtering. The Distributed Firewall is built with L7 application profiles (L7 Application IDs) for common enterprise applications. Customers can also define specific FQDNs that are allowed or denied access to applications in the SDDC. 
    • NSX Identity Firewall
      • Distributed Firewall integrates with Active Directory to provide User Identification rules. Customers can utilize Active Directory Groups to define distributed firewall rules to control access to workloads and applications such as virtual desktops (VDI) in SDDCs.
  • vSphere Distributed Switch (VDS)
    • VMware Cloud on AWS ESXi hosts will use the vSphere Distributed switch (VDS) for networking, replacing the current NSX-T Virtual distributed Switch (NVDS). The VDS switch will be introduced in SDDC version 1.15. Customers can opt-in to use VDS in 1.15. Please chat with the Support team or open an SR to get access to this feature.
    • Future deployments starting with version 1.16 will use VDS. Existing deployments will be converted to VDS prior to 1.18 upgrade.
    • The vSphere Web Services API Opaque Network objects will be converted to NSX DistributedVirtualPortGroup (DVPG) objects. The corresponding API parameters/ return values are changing, therefore customers need to update applications that are using these API calls. vSphere Opaque Network objects will not be supported beyond 1.16.
    • For more details, please refer to the KB https://kb.vmware.com/s/article/82487
  • Local User Management in PCI
    • It provides the ability to add local users to NSX Manager in order to allow users to operate the SDDC in environments that don’t use CSP to authenticate users.
  • Networking performance improvement for i3EN hosts
    • This release incorporates improvements for i3EN.metal (approximately 50% higher packet processing compared to the previous release). Customers can realize higher throughput for their workloads, depending upon the specific application network profile.
  • VMC Networking UI in standalone mode with CSP Authentication
    • Using CSP credentials, VMC users would be able to authenticate to Networking UI in standalone mode. This will enable private access to Networking UI from on-prem over Direct Connect, Transit Connect or VPN. 
  • VMware Cloud on AWS Networking enhancements. 
    • Enhancements to minimize data plane impact due to planned edge failover events. Communication over Transit Connect/ Connect VPC is affected for sub-second duration. Communication over Direct Connect/ VPN is affected for less than 10 seconds due to planned edge failover event.
    • Enable RPF on a per interface Basis. This will allow the customer to enable/disable/change Reverse Path Forwarding (RPF) on the Intranet and Services Interface.  This will enable customers who have asymmetric routing in their environment to control the RPF behavior on these interfaces.
    • This release also optimizes communication from VM to Edge on the same host, which benefits VDI workloads.
  • The VMware Cloud on AWS SLA has been revised:
    • 99.9% availability for any Stretched Cluster with 4-hosts or less. 
    • Clarified the storage policy requirements for SLA eligibility.
    • Removed Elastic vSAN.
  • VMware Cloud Disaster RecoveryTM
    • Inter-AZ DR in VMware Cloud on AWS: Protect your virtual machines running in VMware Cloud on AWS to a designated recovery Availability Zone within the same AWS region, ensuring the data stays in the same region even after recovery. See here for more information.
    • Cloud File System deployment wizard. Deploy the Cloud File System for replication and recovery using a self-service wizard in the VMware Cloud Disaster Recovery UI. See here for more information.
    • SOC 2, Type 1 Compliance:  System & Organization Control (SOC) Reports are independent, third-party examination reports that demonstrate how VMware Cloud DR achieves key compliance controls and objectives to meet SOC 2, Type 1 requirements. The purpose of these reports is to help you and your auditors understand the controls established to support operations and compliance.
    • Avoid full re-sync even when CBT is disabled on the protected site: Fall back to a fingerprint-based method to efficiently calculate the delta when Change Block Tracking (CBT) is disabled on the protected site. This helps to avoid a re-transfer of all the virtual machine data and reduces interruptions to DR protection.
    • Auto-exclude management virtual machines from protection groups: vSphere Cluster Services (vCLS) VMs, DRaaS Connector VMs and VMware Cloud on AWS management VMs are now automatically excluded from protection groups.
    • Capacity limit monitoring: View the currently protected storage capacity relative to the maximum capacity limit of the Cloud File System. This is displayed as a percentage value in the cloud file system information panel. See here for more information.
    • Usability enhancement: The global summary page now shows number of running DR plans.

Closing Notes
I hope it has been useful to you and don’t forget to read the release notes page here. See you next!

Leave a Reply

Your email address will not be published. Required fields are marked *