krishnacreations - Fotolia
Now that VMware vSphere 6.5 is generally available, customers have started digging in and testing out its full range of capabilities. We've already discussed how the latest version of vSphere has simplified the users experience; let's get a better idea of how vSphere 6.5 improves on security and discuss its new universal application platform.
VMware vSphere 6.5 focuses on better security
VMware vSphere 6.5 has three new built-in security features: VM Encryption to secure data, Secure Boot to secure infrastructure and audit-quality logging to secure access.
The VM Encryption feature will integrate with Key Management Interoperability Protocol compliant key management servers and can leverage CPU-level encryption -- Advanced Encryption Standard-New Instructions -- to assist with VM encryption. Encryption occurs at the ESXi kernel and is enabled by applying a storage policy for VM encryption; you will be able to encrypt VM disk files and VM files. Note that encryption is on the VM, not inside the guest OS. In addition, you can now encrypt vMotion traffic where all vMotion data is encrypted before transmitting between hosts.
Secure Boot uses the Unified Extensible Firmware Interface and authenticates the digital signature of the ESXi kernel to ensure it has not been tampered with by verifying every vSphere Installation Bundle (VIB) at boot time. This ensures that only a properly signed kernel boots, and that you can't install any unsigned code or VIBs. You can also enable Secure Boot on individual VMs so long as each VM has been configured to use Extensible Firmware Interface firmware -- if you turn on Secure Boot for a VM, you can only load signed drivers into that VM.
Multifactor authentication is another new security option, allowing you to use Smartcard authentication or RSA SecurID.
Finally, audit-quality logs help with debugging and troubleshooting, and also include rich information for auditing purposes: Who did what, when and where?
Building a universal platform
VMware vSphere 6.5 also offers users the ability to run any application, be it test, dev, production, virtual desktop infrastructure, business critical apps, big data or cloud-native apps, on the same vSphere host.
VSphere Integrated Containers are now embedded in vSphere 6.5, giving users the ability to deploy Docker-compatible applications on the same hardware as traditional server apps.
The new vCenter Server Appliance (vCSA) is the first VMware appliance to run on Photon OS, which gives it a smaller footprint and enables vCSA to boot a lot faster. This comes with an added bonus: vCSA is no longer reliant on other Linux distributions -- vCSA used to run solely on SUSE Linux Enterprise Server -- because VMware will own the whole stack, from OS to application. This should make patching and upgrading much easier.
There's still some confusion
While everyone seems very excited with the new vSphere Client and vCenter High Availability, I can't quite figure out why VMware vSphere 6.5 requires so many management user interfaces. Despite there being a new vSphere HTML5 Web Client, VMware is still shipping the old Adobe Flex vSphere Web Client for reasons unknown to me. You still need to manage vCSA via the vCenter Server Application Management Interface (VAMI), and VMware Platform Services Controller needs to be managed with its own VAMI. And let's not forget, you can also use the new HTML5 Host Client to manage an ESXi host.
If that weren't confusing enough, the new vSphere HTML5 Web Client URL will be https://<vCSA IP or FQDN>/UI/, whereas the old Adobe Flex Web Client will still be accessible via https://<vCSA IP or FQDN>/vsphere-client/.
VMware hones hybrid strategy at VMworld 2016 Europe
Did VMworld 2016 Europe live up to expectations?
VMware focuses on the cloud at VMworld 2016 Europe