In every VMware vSphere edition, there are a lot of new features available, and version 6.7 is no different. VMware vSphere 6.7 was released on April 17 2018, and by the end of 2018 there should be an upcoming U1 release.

At a high level, the new version focuses on the following four main areas of innovation:

• Simplified and efficient management at scale: There are several improvements in scaling and managing large deployments.
• Comprehensive built-in security: You should be able to run your workloads anywhere while still offering unmatched security features to your virtual machines.
• Universal app platform: Following the VMware vision, vSphere 6.7 could be a single platform to support any application on any cloud, as discussed previously.
• Seamless hybrid cloud experience: This is all about integration with cloud environments, especially, with VMware Cloud on AWS.

Let's dive a little bit deeper. At a technical level, the different improvements are as follows:

There is not much to say about the new HTML-5 client. Everyone has been waiting for this, and at this stage, more than 95% of the features are fully integrated into the new HTML-5 client.

The HTML-5 interface is much faster than the old Flex client, and from my perspective, it is more intuitive than the old client:

The management of the vCSA has been redesigned (you can access it through a web browser through https://IP or FQDN of VCSA:5480) and there are a whole bunch of improvements.

The overall health of all services is visible in the VAMI interface, and you can restart individual services directly from the UI as well as seeing when a particular disk is running out of space:

Until version 6.7, you had the option to create a manual backup only, but everybody was missing an option to define the backup schedule as well. Of course, it was possible to do that through the CLI and with a bit of scripting, but that was not convenient. However, this is no longer the case. In VMware vSphere 6.7, you can easily define a backup schedule directly from vCSA management interface:

A lot of improvements were made regarding an upgrade procedure between major vSphere versions. In the past, there were two reboots. However, since vSphere 6.7, only one reboot has been required during the upgrade. That does not seem like a big thing, but when working with complex infrastructures, this can save a lot of time. Also, please note that when upgrading from VMware vSphere 6.5 to 6.7, you will experience this feature as well. 

To keep things simple, Quick Boot is a way of restarting ESXi without going through the physical hardware reboot process. This is the first implementation of this feature, so only a limited subset of physical hardware is supported. So, how does it work? A second ESXi image is created and updated and, when rebooting new ESXi, the image is booted directly instead of doing a full reboot. Again, the purpose here is to save time.

Currently, the following hardware platforms are supported:

• HPE ProLiant DL360 Gen10 Server
• HPE ProLiant DL360 Gen9 Server
• HPE ProLiant DL380 Gen10 Server
• HPE ProLiant DL380 Gen9 Server
• Dell R640
• Dell R630
• Dell R740
• Dell R740xd
• Dell R730
• Dell R730xd

vSphere 6.7 introduces new protocol support for  RDMA over Converged Ethernet (RoCE) (pronounced rocky) v2, a new software Fiber Channel over Ethernet (FCoE) adapter, and iSCSI Extension for RDMA (iSER). This feature is particularly useful for applications that require extremely low latency and high bandwidth. Please note that when RDMA is used, most of the ESXi network stack is bypassed, and when used in pass-through mode, this also means that vMotion is not available, so this will be useful specifically for scale-out applications with their high-availability mechanisms:

Persistent memory is a new storage class used for extremely demanding workloads. Persistent memory, also called non-violated DIMM (NVDIMM), provides much higher performance compared to SSDs at lower costs than DRAM. Furthermore, latency is minimal—around 1 microsecond compared to low milliseconds with SSDs. To use vSphere persistent memory, you must use the latest hardware version, 14. The virtual machines can be configured with one NVDIMM controller and a maximum of 64 NVDIMM devices:

In physical systems, TPM is a chip that securely stores secrets which are used to authenticate the physical platform (PC, server). The secrets can be passwords, private keys, or certificates. The use of TPM is particularly useful for securing a system and ensuring that the data held in it is safe in case of theft, for example.

A vTPM is similar to a physical TPM device, except the cryptographic operations are performed in the vSphere layer. Instead of storing the secrets in a hardware component, they are stored in the .nvram file which is encrypted using VM encryption. vTPM is not dependent on the physical TPM at all so you can leverage this feature even if you do not have a physical TPM device.

Since vSphere 5.x, there has been support for TPM 1.2. In vSphere 6.7, VMware introduced support for TPM 2.0. Please note that TPM 2.0 and TPM 1.2 are two entirely different implementations and there is no backward compatibility with these.

The TPM module is used to store the fingerprint of the ESXi image securely. If there is any manipulation of the image, or if it is not correctly signed, the digitally signed fingerprint will not match.

By enabling TPM, you can then ensure that ESXi has booted using only digitally signed code.

Microsoft VBS is a Windows 10 and Windows Server 2016 security feature that enhances security by creating an isolated region of memory called a memory enclave, using the hypervisor capabilities of Windows. This is used to protect critical systems or security assets such as authenticated user credentials with a credential guard.

To leverage VBS in a VM, the virtual machine must be presented with the same hardware as a bare-metal server. The only difference is that the hardware is virtualized. The following requirements must be met:

• Virtual hardware version 14
• Nested virtualization enabled
• Secure boot enabled
• EFI firmware

Here is an overview of Microsoft virtualization-based security:

EVC is a cluster-level feature which makes it possible to vMotion virtual machines across different generations of a CPU within the cluster by masking CPU features based on your baseline. vSphere 6.7 has taken EVC to the next level. In VMware vSphere 6.7, you can even configure EVC on a per-VM basis so every single virtual machine can have its own EVC configured. The idea here is to be able to freely move your VMs across different environments, particularly to VMware Cloud on AWS:

This feature allows you to link your on-premises vCenter Single Sign-On (SSO) domain with a vCenter Server located in VMware Cloud on AWS.

The idea here is to be able to access both on-premises and cloud environments from the single vCenter web client as well as to be able to vMotion your workloads between those two environments. You will also have the option to share tags and categories across vCenter Servers as well as finally sharing unified users and groups management:

One of the new features in vSphere 6.7 is Instant Clone. This is not exactly a new feature, however. In the past, the technology was referred to as a VMFork; since vSphere 6.7, it has been fully integrated into vSphere itself as the Instant Clone feature. So, what is it? Imagine a situation in which you need to instantly create and customize (new IP addresses, DNS names, and so on) dozens or even hundreds of VMs from a source VM, and you need to customize them as well.

The way that it works internally is similar to snapshot technology, in which the new changes are written to a delta disk, so all the VMs have a similar base disk at the beginning of their life cycle, but individual changes in those VMs are not affecting each other. You can now add memory as well, so you have new VMs running from the same point in time as the source VM. This feature might be particularly useful in CI/CD workflows where you need to test your application on a large number of nodes:

In every version of VMware vSphere, there is an increase in configuration maximums. VMware released a new website on which you can compare different versions with each other. Please note that only versions 6.0 and newer are supported here since version 5.5 is no longer officially supported (general support ended September 19, 2018).

Let us explore the most interesting configuration maximums and the comparison between VMware vSphere 6.7 and previous versions.

Every new version of VMware vSphere brings a new version of the virtual machine virtual hardware. Currently, the most recent version of VM virtual hardware is 14. Some features, like NVDIMM devices, a virtual TPM, or a Microsoft VBS are available only with the newest virtual hardware version.

A complete feature list and corresponding configuration maximums can be found in hardware features, available with virtual machine Compatibility settings.

The following table summarizes some of the maximum numbers for each VM virtual hardware in the different version of vSphere:

A few other changes exist in version 14:

• The maximum number of virtual disks per Paravirtual SCSI (PVSCSI) adapter raised to 64 for a total maximum of 256 disks per VM (60 before)
• Support for per-VM EVC

As usual, it is always recommended to upgrade to the newest version of VM virtual hardware, but as always, this is not required. There are some reasons not to upgrade, for example, backward ESXi compatibility. It is not recommended to run a mixed environment without having all hosts or clusters on the same version. However, if you want to use any of the new features mentioned here (such as persistent memory or Microsoft VBS) you will have no choice but to upgrade.

Upgrading the VM virtual hardware does require a reboot of the virtual machine, so take this into consideration and plan such a task during the maintenance window.

In vSphere 6.7, the ESXi host limits increased only slightly compared to version 6.5, and new hardware and new devices are now supported. New 50 GbE and 100 GbE network interface cards were also made available in version 6.7.

The following table summarizes the configuration maximums for an ESXi host:

There is no change in configuration maximums for the vCenter Server compared to version 6.5. Please keep in mind that vCSA should be your default choice when installing a new vCenter Server and VMware vSphere 6.7 is the last supported version for vCenter Server on Windows. Furthermore, only vCSA will be available:

Different license levels are available from VMware, covering everything from small business to remote office and branch office, all the way up to a standard enterprise license. In each license type, there are usually multiple options available, each covering a different subset of VMware vSphere functionality.

VMware vSphere Editions are the key licensing options available. These focus on standard enterprise companies, and the license is assigned to each physical CPU installed. Please note that you always need to buy a license for the vCenter server itself as well.

There are two vCenter Server licenses available:

vCenter Foundation is a vCenter server that has a limited functionality (although it provides all cluster services, such as VMware HA an Distributed Resource Scheduling (DRS)) as well as the maximum number of supported hosts. vCenter Standard has no limitations at all.

Once you have your vCenter Server, then you need to assign a proper license to your ESXi host, and again, multiple options are available.

In VMware vSphere 6.7 U1 (which was announced during the writing of this book but has not been released yet), the new edition will be available as VMware vSphere Platinum.

VMware vSphere Platinum edition has the same capabilities as Enterprise Plus but with one big advantage—AppDefense.

Let's focus on features you can find in different vSphere editions:

• Business Continuity and Security: Features focusing on improved availability, enhanced uptime, and advanced security features are as follows:

• Resource prioritization and enhanced application performance: Features aimed for improved performance, workload optimization, and application control:

• Automated administration and provisioning: Features enabling streamlined operations and automation of the environment:

VMware vSphere Essentials Kits are for small businesses and combine virtualization for up to three physical servers with centralized management using VMware vCenter Server® for Essentials. vCenter Server for Essentials has a similar capability to vCenter Foundation, but the limit is only three ESXi hosts. Also, Essentials Kits are bundled in a single SKU which contains ESXi licenses as well as the vCenter Server license. There are two different Essentials Kits available:

VMware vSphere ROBO is designed for IT infrastructure located in remote, distributed sites. This delivers improved service levels, standardization, availability, and compliance.

The idea of ROBO edition is that you have one vCenter Server in your HQ and then different ROBO sites that you centrally manage. You can, of course, deploy vCenter Server Foundation as a local management platform in each ROBO site as well.

You can run up to 25 VMs in a single ROBO site, but you can't assign multiple license packs in the single site. However, you can distribute the single license among multiple sites (ROBO site 1 contains 5 VMs, ROBO site 2 contains 10 VMs, and ROBO site 3 contains 10 VMs):