Updates to VMware HCX on IBM Cloud

Updates to VMware HCX on IBM Cloud

IBM Cloud announced plans to offer VMware HCX included with our IBM Cloud for VMware offerings: Helping simplify cloud migration with updates to VMware HCX on IBM Cloud.

VMware is unifying their networking strategy around the Virtual Cloud Network, and as part of this, HCX (Hybrid Cloud Extension) will now be named NSX Hybrid Connect: VMware Advances Networking for the Digital Era with the Virtual Cloud Network.

Test drive IBM Cloud for VMware Solutions

A full–fledged VMware virtualization environment is powerful but not cheap. So getting a first–hand picture of the IBM Cloud for VMware Solutions experience, as simple and streamlined as it is, hasn’t been easy until now.

Recently, IBM’s Digital Technical Engagement team addressed this by building a guided demo. Their tutorial allows you to experience VMware on the IBM Cloud without having to purchase a VMware instance.

Try the VMware on IBM Cloud demo now!

Encryption at rest for VMware on IBM Cloud

Encryption at rest for VMware on IBM Cloud

One of the key topics we covered as part of our Fast Start education was encryption at rest for VMware on the IBM Cloud. There are many options for encrypting your workloads at rest, including:

  • VMware vSAN encryption
  • VMware vSphere encryption
  • HyTrust Data Control, part of IBM Cloud Secure Virtualization
  • Any other existing encryption solution you wish to bring to IBM Cloud

The first three offerings are available today directly from IBM Cloud for VMware Solutions, although some assembly is required in each case. There are important tradeoffs between these options that you need to take into consideration, such as ease of use, interoperability with other solutions like workload migration tooling, and the nature of what is encrypted. The following table that I shared at Fast Start summarizes the differences between these solutions:

Comparison vSAN encryption vSphere encryption HyTrust Data Control
Encryption type Datastore disks encrypted @ hypervisor

Secures: disk drives

VM disks encrypted @ hypervisor

Secures: VMDK files, disk traffic en route to datastore

Agent-based encryption of disks within VM

Secures: VMDK files, disk traffic en route to datastore

Key management External KMS must be provided (not included) supporting KMIP 1.1 (e.g., IBM KMIP for VMware, IBM SKLM, or HyTrust Key Control) External KMS must be provided (not included) supporting KMIP 1.1 (e.g., IBM KMIP for VMware, IBM SKLM, or HyTrust Key Control) HyTrust Key Control (included)
Additional capabilities Together with HyTrust Cloud Control, provides advanced access control, auditing, approval, and compliance capabilities; and enables Boundary Control for geofencing and hardware trust
Cost
  • vSAN Enterprise is required (per socket)
  • Key management server
Key management server
  • HyTrust Data Control (per socket)
  • HyTrust Cloud Control (optional, per socket)
Limitations
  • Not compatible with other storage types (e.g., IBM Cloud Endurance storage, NetApp ONTAP Select)
  • Does not encrypt storage traffic in flight between hosts
Eliminates benefit of vSAN deduplication and compression Eliminates benefit of vSAN deduplication and compression
Migration Compatible with all migration technologies
  • Compatible with Veeam
  • Compatible with VMware SRM when using array based replication
  • Not currently compatible with VMware HCX
  • Not currently compatible with Zerto
  • Not currently compatible with vSphere replication
  • Not currently compatible with cross-vCenter vMotion
Compatible with all migration technologies provided that HyTrust key management server availability and host compliance (if applicable) are maintained across sites. Some extra recovery steps are required post migration if the workload IP addressing has changed.

VMware around the world

VMware around the world

I just returned from a two–week trip as part of IBM’s Fast Start conference. We visited Madrid and Bangkok; next week the conference travels to Las Vegas. Fast Start is designed to enable IBM’s sales and tech sales teams, as well as our business partners, to more effectively sell and solution IBM’s offerings.

VMware on IBM Cloud was a big part of this conference! We provided training for sellers on IBM Cloud’s VMware portfolio, and deep dives for our technical sellers and partners on VMware solutioning, networking, storage, security, and encryption. By far the most popular sessions were on the new VMware Hybrid Cloud Extension (HCX) offering that we released in January. HCX radically simplifies the VMware workload migration process, and many IBM Cloud VMware engagements around the world are now looking to HCX as their solution for cloud migration. I’m excited to see the momentum of VMware on IBM Cloud building in 2018.

VMware Hybrid Cloud Extension (HCX) on IBM Cloud

HCXToday IBM Cloud made generally available VMware Hybrid Cloud Extension for our VMware vCenter Server and VMware Cloud Foundation instances! I’m excited about this development: it is the culmination of lots of work and collaboration on the part of IBM and VMware, and it brings powerful network extension (what VMware calls hybridity) and workload migration (what VMware calls mobility) capabilities to your VMware instances in the IBM cloud.

For more information, see the following:

VMware on IBM Cloud architecture updates

VMware on IBM Cloud architecture updates

Recently the IBM Cloud for VMware architecture team posted several new and updated architecture documents related to VMware on the IBM Cloud.

VMware: We’ve updated our base VMware on IBM Cloud virtualization architecture to converge the VMware Cloud Foundation and VMware vCenter Server architecture specifications. This reflects important points of convergence such as the recent availability of vSAN on VMware vCenter Server, and also our move to vSphere 6.5 and all–flash storage with vSAN 6.6.

NetApp ONTAP Select: We’ve published our architecture specification for the automated deployment of NetApp ONTAP Select on IBM Cloud, a software–defined storage offering that brings all the capabilities of NetApp ONTAP, including the ability to integrate with your on–premises NetApp storage.

Veeam: While Veeam has been available for some time as an integrated part of IBM Cloud for VMware Solutions, we’ve now published our architecture overview for Veeam Backup & Replication on IBM Cloud, including important considerations for sizing and scaling your Veeam deployment.

FortiGate Security Appliance: IBM Cloud infrastructure has offered the FortiGate Security Appliance (FSA) for quite some time as a means of protecting your public VLAN. IBM Cloud for VMware Solutions recently integrated the automated deployment of a FortiGate appliance as an add–on service for your VMware instance. Our FortiGate Security Appliance on IBM Cloud architecture includes important considerations about how to configure the appliance to ensure the proper functioning of the IBM automation and other add–on services such as Zerto and F5 BIG–IP.

The best introduction to the mountains

It’s a day late for Tolkien’s birthday, but is it ever too late for Tolkien or Wolfe? Thanks to John Barach for sharing this tribute to Tolkien by Wolfe.

You are not likely to believe me when I say that I still remember vividly, almost 50 years later, how strictly I disciplined myself with that book, forcing myself to read no more than a single chapter each evening. The catch, my out, the stratagem by which I escaped the bonds of my own law, was that I could read that chapter as many times as I wished; and that I could also return to the chapter I had read the night before, if I chose. There were evenings on which I reread the entire book up the point—The Council of Elrond, let us say—at which I had forced myself to stop.

Read more