Skip to Content

Why These Are My Favorite vSphere 7 Features

Another VMware vSphere release is here!  On March 10, 2020 VMware vSphere 7 was released.  

In the spirit of this new VMware vSphere version, I want to focus on a couple of my favorite vSphere 7 features.  We will take a look my favorite five features of vSphere 7, and why they matter to your VMware vSphere environment.

vSphere Lifecycle Manager

Cluster Image Management for Consistent ESXi Hosts.

Everyone knows I’m a big fan of a consistent vSphere environment, and that includes consistent ESXi hosts.  Everything just works better when it matches, and you are less likely to run into issues.

Cluster Image Management goes way beyond the ESXi build you have installed, and also incorporates vendor specific drivers and firmware.

vmware vsphere lifecycle management

The best part?  The recommendation engine will do VMware Compatibility Guide and HCL checks and remove the risk from the upgrade process.  No more reading the matrix wrong, no more unsupported configurations when it comes to drivers and firmware.

Beyond the GUI, there is also a full REST API available.

Along with this, is a wonderful feature coming to vCenter server called, VMware vCenter Server Update Planner.  Don’t miss my dedicated post to that!

Why This Matters

This is by far one of the most exciting vSphere 7 features to me, and I can’t wait to get my hands on it!  It matters to me, and should matter to everyone else since it will make ESXi software management much, much easier.

It also removes the risk associated with ESXi software changes, making them easier to both performed and get them approved from a change management perspective in your environment.

VMware vSphere 7 Security Features

There are a boat load of new security features contained in VMware vSphere 7.

Don’t scroll past this!  For some reason, security features get the label of boring, when they should have the label of important!

vSGX/Secure Enclaves

vSphere 7 features an implementation of Intel Software Guard extensions.  This allows applications and hardware to work together to create something called a Secure Enclave.  This secure enclave cannot be viewed by the virtual machine’s operating system or by the hypervisor, and can hold about 128 MB.

This allows applications to access this Secure Enclave and place sensitive items into it.  Since the hypervisor cannot access it, it does come with some caveats like the lack of vMotion or snapshot support, so it should be used strategically when security of the utmost important.

This is an Intel chip level feature, which will be supported in more and more Intel chips as time goes on.

Simplified Certificate Management

Certificates are a vital part of a vSphere infrastructure, but can be difficult to manage.  With the introduction of the vCenter Server Appliance, certificates made a huge leap forward in manageability.

This is the next step forward, and look at how simple and streamlined the new interface is.vSphere 7 certificates

There is also a vCenter Certificate API for further increased manageability.

vSphere Trust Authority 

This is a new feature that looks at driving trust down into the infrastructure.  It is all about being able to encrypt keys, but vCenter was a bit of a problem since it was running in the infrastructure we were trying to prove is trusted!

In this new model, vSphere Trust Authority uses a separate vSphere cluster to provide a trusted computing base.  The notion of these trusted hosts really changes the game.vsphere 7 trust authority

The key manger doesn’t talk to vCenter, but talks to the trusted host.

A workload won’t be able to move to a host that isn’t trusted, which means vCenter servers can also be encrypted.

This requires the TPM 2.0 module in the servers.

Identity Federation

With vSphere 7, identity federation with enterprise AD deployments is now supported by vCenter Server.

This means we can get the vSphere administrators out of the user management game, and gain important  features like MFA which is becoming increasingly widely adopted.

When logging into vCenter, you will simply be brought to your corporate identity provider to authenticate before you carry on to vCenter

No big impact to end users, but a huge gain in terms of security and audit scope.

Why All of This Matters

There’s a new something every day nearly, whether it be a 0 day, ransomware, etc.  Keeping on top of security is one of the most important things any IT organization can do.  New to the world of vSphere and Security?  Don’t worry, I have you covered with this Introduction to vSphere Security guide.

VM Hardware v17

With a new version of VMware vSphere comes a new version of virtual hardware.  VM hardware 17 comes with vSphere 7, and two very important features: Watchdog Timer and Precision Clock.

Watchdog Timer helps a VM to realize it has crashed.  It will reset the virtual machine when the guest OS stops responding.  Think applications like clusters and databases.

Precision Clock creates sub millisecond time accuracy for the virtual machine.  This is important for some financial and scientific applications, and requires an ESXi service to be enabled.

vsphere 7 vm hardware 17

Both of these new features can be added to virtual machines as shown above.

Why This Matters

For some reason, everyone loves to forget about virtual machine hardware.  VM hardware is a critical component of your vSphere environment, since it is what keeps each and every one of your virtual machines running!

Because your virtual hardware is really software, VMware can add new features like these that make a big difference for some applications.  It is always important to see what new features come with each version of virtual hardware, since you never know what you might find to help your organization!

vSphere 7 with Kubernetes

vSphere 7 has added extremely tight integration with Kubernetes.  This feature is so groundbreaking that I dedicated a whole post to it, which you can read here:

vSphere 7 with Kubernetes Changes the Game

Why This Matters

Has your organization been hesitant to even look at Kubernetes because it is too much of a science experiment to deploy and manage?  VMware has fixed that with their very tight vSphere and Kubernetes integration.

VMware vCenter Server Update Planner

VMware vCenter Server Updates just became a breeze.  With vCenter Server Update Planner, the VCSA will check compatibility between your Vmware products among other things.  I dedicated a post to it since it has such a high impact to each and ever vSphere environment which you can read here:

Introducing VMware vCenter Server Update Planner

Why This Matters

Every vSphere environment runs vCenter, and if we can reduce the risk associated with an upgrade, it is win for everyone.

vSphere 7 Solves Problems

There are even more features in vSphere 7, like major DRS and vMotion enhancements.  

The fact of the matter is there are too many fantastic new vSphere 7 features to even begin to cover in a single blog post.

Each and every one of these features has something in common.

They all solve problems faced by organizations across the board, no matter their size, no matter their industry.

vSphere 7 is one of the biggest, and most interesting releases in VMware’s history.  Stay tuned for more in-depth feature coverage and how to guides right here!  For now, be sure to read more about all of the new vSphere 7 with Kubernetes features on the vSphere 7 website.