Happy birthday to IBM Cloud for VMware Solutions! Two years ago today VMware Cloud Foundation and VMware vCenter Server on IBM Cloud became generally available. Sixteen releases later, we’ve come a long way! If you’re in Barcelona for VMworld 2018, stop by our booth and say hi!
IBM Cloud for VMware Solutions recently made available IBM Spectrum Protect Plus as part of our family of VMware offerings. Spectrum Protect Plus provides powerful and easy to use backup and restore capabilities for your VMware infrastructure and workload. It is now the default backup offering for VMware on IBM Cloud, complementing our existing offering of Veeam Backup & Replication.
At the same time, the IBM Cloud architecture team just published our Spectrum Protect Plus on IBM Cloud reference architecture. Read it and the associated references for information on how we have deployed Spectrum Protect Plus, how you should plan and size your deployment, and how to manage it.
Recently the IBM Cloud for VMware architecture team posted two new networking related architecture documents related to VMware on the IBM Cloud:
FortiGate Virtual Appliance: IBM Cloud for VMware offers the FortiGate–VM virtual appliance to complement our existing physical FortiGate Security Appliance offering. The physical offering is limited to providing edge services for your VMware workload, while the virtual offering allows you to provide security services across all of your VMware networks.
F5 BIG–IP: IBM Cloud for VMware offers F5 BIG–IP virtual edition, providing load balancing, traffic management, and security services for your applications.
IBM Cloud announced plans to offer VMware HCX included with our IBM Cloud for VMware offerings: Helping simplify cloud migration with updates to VMware HCX on IBM Cloud.
VMware is unifying their networking strategy around the Virtual Cloud Network, and as part of this, HCX (Hybrid Cloud Extension) will now be named NSX Hybrid Connect: VMware Advances Networking for the Digital Era with the Virtual Cloud Network.
One of the key topics we covered as part of our Fast Start education was encryption at rest for VMware on the IBM Cloud. There are many options for encrypting your workloads at rest, including:
- VMware vSAN encryption
- VMware vSphere encryption
- HyTrust Data Control, part of IBM Cloud Secure Virtualization
- Any other existing encryption solution you wish to bring to IBM Cloud
The first three offerings are available today directly from IBM Cloud for VMware Solutions, although some assembly is required in each case. There are important tradeoffs between these options that you need to take into consideration, such as ease of use, interoperability with other solutions like workload migration tooling, and the nature of what is encrypted. The following table that I shared at Fast Start summarizes the differences between these solutions:
|Comparison||vSAN encryption||vSphere encryption||HyTrust Data Control|
|Encryption type||Datastore disks encrypted @ hypervisor
Secures: disk drives
|VM disks encrypted @ hypervisor
Secures: VMDK files, disk traffic en route to datastore
|Agent-based encryption of disks within VM
Secures: VMDK files, disk traffic en route to datastore
|Key management||External KMS must be provided (not included) supporting KMIP 1.1 (e.g., IBM KMIP for VMware, IBM SKLM, or HyTrust Key Control)||External KMS must be provided (not included) supporting KMIP 1.1 (e.g., IBM KMIP for VMware, IBM SKLM, or HyTrust Key Control)||HyTrust Key Control (included)|
|Additional capabilities||Together with HyTrust Cloud Control, provides advanced access control, auditing, approval, and compliance capabilities; and enables Boundary Control for geofencing and hardware trust|
||Key management server||
||Eliminates benefit of vSAN deduplication and compression||Eliminates benefit of vSAN deduplication and compression|
|Migration||Compatible with all migration technologies||
||Compatible with all migration technologies provided that HyTrust key management server availability and host compliance (if applicable) are maintained across sites. Some extra recovery steps are required post migration if the workload IP addressing has changed.|
I just returned from a two–week trip as part of IBM’s Fast Start conference. We visited Madrid and Bangkok; next week the conference travels to Las Vegas. Fast Start is designed to enable IBM’s sales and tech sales teams, as well as our business partners, to more effectively sell and solution IBM’s offerings.
VMware on IBM Cloud was a big part of this conference! We provided training for sellers on IBM Cloud’s VMware portfolio, and deep dives for our technical sellers and partners on VMware solutioning, networking, storage, security, and encryption. By far the most popular sessions were on the new VMware Hybrid Cloud Extension (HCX) offering that we released in January. HCX radically simplifies the VMware workload migration process, and many IBM Cloud VMware engagements around the world are now looking to HCX as their solution for cloud migration. I’m excited to see the momentum of VMware on IBM Cloud building in 2018.
IBM has a significant lineup of activities at VMworld US 2017. I’m particularly excited about Dr. Michio Kaku’s session on Wednesday.
I’ll be speaking on Monday about integration between VMware applications and broader IBM Cloud services, and I’ll also be present at the IBM booth, for both US and Europe conferences. If you’re there, be sure to stop by and say hi!
Be sure to also check out our hands-on labs available at VMworld.