Episode 12 - Cloud Director 10.5 - What's new, VMware Explore outlook

Get ready to revolutionize your understanding of VCD 10.5! We've partnered with tech wizards Yves Sanfort, Tobias Paschek, Jörg Lew, Matthias Eisner and Sascha Schwunk to unlock the secrets behind the enhanced features and functionalities of VCD 10.5. Unlock the power of the unique VM discovery feature, unravel the complexities of NSX Federation, and get up-close with the improved catalog system. Plus, discover how the user experience has been taken to the next level with the introduction of App Launch Pad to the core VCD tenant UI. But that's not all! The second half of our podcast's journey dives deeper into the benefits of VCD 10.5. We'll explore cutting-edge functionalities like the ability to activate virtual machine import on a per organization basis, the streamlined IP Spaces for effortless IP address consumption, and leveraging shared data stores across V Centers for migration. We also unravel the merits of PVDC and C-POM access for tenants. And guess what? We've got Jörg Lew, a technical product manager at VMware, on board to share his invaluable insights into these features. Prepare to be enlightened on new security troubleshooting features, including the firewall rule ID for syslog. Don't miss out on these exciting revelations!

Speaker 1: Hello and welcome.
It's been a while. We have been

busy doing some Cloud Director
news, but we are now back with

the VCD Roundtable almost the
same group as in the past, a few

changes, but we are getting
back on track in preparation for

VMware Explorer in Las Vegas. I
still need to get used to the

new name. I still am trying to
not say VMworld, but maybe let's

see how good we get that to be
done today. We are going to

shortly do an introductory round
in a second, but before we do

that, today's episode is going
to cover nearly everything

around VCD 10.5, except for a
good part of the networking

features, because it's so much
that we will dedicate a separate

episode just to the VCD 10.5
network sections. With that

being said, my name is Yves
Sanford, CEO of the Comm

Division Group, one of the lead
architects in our service

provider division, taking care
of not only the technical but

more the business advisory
services for service providers

all around the globe. And, with
that being said, I'm allowed to

pick who is going to introduce
himself next and I'm going to

throw it over to Toby, who has
already the bridge behind him.

But you should actually have
Vegas behind you.

Speaker 2: Yeah, it's the wrong
bridge. We are not going to San

Fran, we are going to Vegas.
Yeah, good morning, good

afternoon, whatever time zone.
You are listening. My name is

Tobias Barschek. I'm a solution
architect for the whole

networking stuff inside Comm
Division. I'm a partner at Comm

Division and, as already said,
focusing on the whole networking

story. Yeah, and I would like
to hand over to Jörg.

Speaker 3: Hey, yeah, my name is
Jörg Lief. I'm a technical

product manager at VMware and
VMware's cloud provider division

and I'm working educating
people around cloud director and

all the different integrations
and extensions that we have. And

with that, over to Matthias.

Speaker 4: Yeah, hi, matthias.
Partner at Comm Division cloud

architect taking care of cloud
director NSX and the automation

around all those products, sasha

Speaker 5: Hi, my name is Sasha
Schwung, partner and cloud

architect at Comm Division,
working a lot around of designs,

cloud director working with
container service extensions and

a lot of NSX V2T migrations

Speaker 1: Okay, thanks for the
introduction. Yeah, 10.5 Cloud

Director came out. I think,
especially when we look in the

next episode on the networking
features, quite a lot of very

good enhancements. Let me just
browse over the list of some of

the changes we have ahead of us.
Or we got with this release,

one of them which I found
interesting because we although

it's not necessarily a daily
feature, but the feature set to

utilize the VM discovery is
quite an important one for many

customers because it's a good
way, especially when we migrate

or set up new service providers
who have never used VCD before,

and we kind of solve the whole
story on how do we get the

existing customers onboarded. I
mean, there's always the way to

use tools like Cloud Director,
availability for it as well, but

very often it's hey, how can we
onboard customers without

having any interruption? And one
of the very easy ways is to

just actually create the
resource pools and move virtual

machines in. In the past, one of
the challenges was that this

was a very, very generic setting
you could only turn off, on and

turn off, and so I'm definitely
looking forward to having a

finally feature which allows me
to do that on an organizational

work VDC level, which also
allows me to be a bit more

secure that not by mistake
things jump into the wrong VCD

instance. So I definitely look
forward to utilizing that

feature in the next few days and
in weeks on our next projects.

But there are a few other
features as well. So, sascha,

what do you want to point out
from the feature list?

Speaker 5: Yeah, so for me it's
very interesting the complete

network stuff with NSX
Federation, because we talked in

the last few months with a lot
of cloud providers about NSX

Federation and the possibilities
in the future. Though, no, we

have the first supported way
with NSX Federation, so I think

that will be a big part for many
cloud providers working

international and with many

Speaker 1: Okay, but I think
that's something we are going to

cover in the separate episode.
So there are also the changes

around the catalogues and
catalogues synchronization,

which I think are a very
interesting storyline overall,

because synchronization has
always been a big topic for

service providers on how we do
that, how we can speed things up

, and I think that's a very good
scenario. Jörg, do you want to

throw some more details behind
some of those features, maybe?

Speaker 3: Yeah, there have been
a lot of improvements on the

mechanics of the catalog system.
For that that's already going

on for the last couple of
versions, but now with 10.5,

there hasa big change in the
user experience as well. So in

the past we are working towards
revamping the catalog system of

Cloud Director, which has been
there since the very first Cloud

Director release and it's just
not up to date anymore in terms

of multi-site installations or
more global installations where

you have multiple VCD
installations or different data

centers managed by the same
Cloud Director. So there are a

bunch of mechanical improvements
how the catalog system works,

and improved support for shared
storage, for example, so that

VCD recognizes templates or ISO
images in the catalog that are

available to multiple V centers
and managed by the same Cloud

Director instance. So it avoids
a lot of cloning and data

transfer steps that are needed.
You share catalogs between

different organizations or
between different locations in a

Cloud Director environment. And
then from a user experience

perspective, that's likely one
of the biggest changes for the

tenant end user that we have in
VCD 10.5 is that we included a

lot of functionality from App
Launch Pad into the core VCD

yeah tenant UI. So that means
that in earlier versions where

you installed App Launch Pad as
an extension to offer more

service catalog style user
experience to your tenant users

as a provider. With VCD 10.5,
you now can do that out of the

box. So with the VCD 10.5,
Content Hub is a very prominent

menu item in the main navigation
menu of the VCD UI, the

Provider Portal and the Tenant
Portal, and it allows you to

offer not only the V app
templates or ISO images but also

new container-based
applications, like based on Helm

charts, as items for the
tenants to use. So this

integrated with the catalog
systems. You can publish your

own V app templates if you want
to. So the catalog workflows

that you had in past with
capturing existing V apps into

the catalog that, of course, all
still works as it was before,

but it's also integrated nicely
with the new UI so that you can

add additional information about
the V app and you can

synchronize from external
repositories like the VMware

Marketplace, Bitnami Helmchart
repository or even external

repositories like the NVIDIA NGC
catalog for AI workloads. So a

very good way for US service
provider to very quickly offer

new content for your tenant
users to consume and, of course,

with the very easy consume
interface, for your tenant user

to very quickly deploy new
workloads into their

organization VDCs or even their
Kubernetes clusters, in terms of

their container and
Helmchart-based applications.

Speaker 1: Good, matthias,
anything you want to point out

from the long list of VCD
enhancements we got with 10.5?

Of course I want.

Speaker 4: So first of all, I
would like to add a little bit

of information in terms of
virtual machine import

functionality because, to be a
bit more precisely, we now have

the ability to turn it off
globally and enable it on a per

organization base. In the past
we could enable it globally but

turned off, but now we have
exactly the other way around,

which makes it more flexible, as
you have already pointed out.

The second I would really love
to mention is the improvement in

terms of IP spaces. Short
summarization what is IP spaces

enabling us? It allows the
service provider to manage IP

addresses and ranges and provide
IP address and ranges to their

tenants. The tenants are able to
consume those IP addresses or

ranges as they like and we can
just charge for it, because

that's what we want to do. The
cool thing in 10.5 is we now

have the ability to migrate
existing assigned IP ranges into

IP spaces to enable the
automated consumption or the

better or easier consumption for
the tenants. I think that's a

big improvement and will provide
a very easy way for service

providers to add additional IP
addresses, because in the past

it was always a manual approach,
adding additional IP addresses

to educate, raise for their
tenants. So I think that's a

very good and important
enhancement On top BGP and I'm

currently looking at Toby and
his bridge. Toby, what are you

thinking about? The new BGP
enhancements having the ability

to deal with route maps and
stuff from the VCD?

Speaker 2: UI perspective
Dealing with the whole BGP story

. So we can now create route
maps, we can do prefix filtering

in the VCD UI, we can utilize
as you have mentioned it before

already the new IP spaces also
on our dedicated BGP

configuration. So this is or we
need to use it, to be fair,

because we can utilize the route
maps only if we have the IP

spaces already enabled. But, as
mentioned before by Eve and by

Sasha, we will cover this in our
dedicated networks session a

little bit deeper. What I would
like to add, and what is really,

from my perspective, an
interesting feature and what was

a little bit pain in the ass in
the past, is that we now have

the ability to leverage shared
data stores across V centers for

migration and that we now don't
need to export the whole VM in

an OVF on our VS transfer share
and we import it because now we

have the ability to leverage
shared data stores across

multiple V centers and VCD is
now capable of discovering hey,

there is the same data store map
on different V centers. So this

is also a nice and then big
improvement from my perspective.

What else do we have? Sorry,
time saver, time saver, yeah.

Speaker 1: I think another
important part is that we also

now got an yeah, I wouldn't
necessarily call it an

additional way to manage
infrastructure before you had,

when you had VCD as the service
provider, you always had the

choice you can actually either
provide a PVDC to a customer or

you could actually provide them
with a C-POM the ability to

directly access a V center. The
ability to get now used both on

the same infrastructure I think
is opening up an interesting

door for certain use cases where
, in the past, service providers

especially when it came also to
white label services, but also

for other features where you had
larger organizations typically

as customers and there was the
kind of end user basis who used

utilize self service they were
fine with the VCD interface, but

at the same point in time, you
also had to deal with their

existing IT team, which always
came back as like yeah, but VCD

is a complete new UI. We can't
actually leverage the same as

what we have in V center and
what we are used to, and now,

with the combination that for
one tenant, you can basically

give them both sides of the
story, I think that's a very

good addition, especially in
those use cases where we have

customers who are not running a
shared infrastructure. Because

when I look at the hundreds of
service providers we work with

on a regular basis by now, then
it's a very clear situation that

, yes, you have the shared
infrastructure where the

customers might have only 5, 10,
15, 20 VMs, but it's also a

good chunk of service providers,
not only in the US, who really

have dedicated V centers and
dedicated hosts for a specific

customer, and I think giving
them now the choice that they

don't no longer have to pick
between whether we do C-POM or

PVDC is a great story. Combining
that with the fact that we have

more flexibility from an import
perspective now makes the whole

onboarding story a lot easier,
because a lot of the service

providers where we onboard them
and do a greenfield VCD

deployment in the past still
have a lot of existing V sphere

and V center clusters out there,
because for them it's very hard

to transition the customers
from that behavior into the VCD

behavior, because every human
being, or most human beings, are

very reluctant for any kind of
change. So if users are used to

the fact that they can just
actually go into a system and

have V center access, it's very
hard to limit them down to VCD.

Having now the combination that
I can utilize the import feature

for organizations via resource
pools, et cetera. Combining that

with two different access
layers for it, I think is going

to make that onboarding piece
for especially existing service

providers a lot of easier.

Speaker 4: And we have a very
nice new feature in terms of

security troubleshooting. I know
we have a dedicated networking

recording, I know. But I want to
point out one very small detail

, because in 10.5 we now have
for the firewall rules a logging

ID element which contains the
NSX firewall rule ID which is

used for syslog. So if we now
need to troubleshoot firewall

rule sets, we can now access the
rule ID directly and go to I

wouldn't say be realized log
inside, but I think it's now

called ARIA operations for log
For log yes, yeah, I think

that's the correct name and use
that ID for filtering or

creating dashboards. I think
that's very interesting for


Speaker 1: Everybody imagine
ahead of behind Mattias screen,

a huge wall of all the new
product names so that he tries

to actually stick with them all
the time.

Speaker 4: Yeah, it's

Speaker 1: So, although I know
it's not Mattias topic but I

know definitely it's York's
topic, we can't get around the

Terraform perspective. I know
this can could easily lead to an

hour-long discussion, but I
think it's just important to

cover the new features, updates
and everything else and don't

have a discussion about the use
of it or not?

Speaker 3: Yeah, so the
Terraform provider. That's an

adapter that allows users to use
well HashiCop's Terraform tool

to automate Cloud Director
environments and there are a lot

of different use cases for
service providers and for tenant

users to well create and manage
stuff in VCD through that

Terraform infrastructure as code
strategy. And the provider is

an open source provider so you
can find the source code on

GitHub and can also get directly
in touch with our engineers

through GitHub issues and the
community on GitHub, and it is

sponsored and maintained by the
Mware engineering team and the

Cloud Director team. But there
are also a lot of contributions

from service providers and
sometimes even from end

customers who contributes on
code or at least some feature

requests and bug mentions on the
GitHub issues, and that

Terraform provider has a release
cadence that's independent from

VCD, but of course, they try to
stick pretty close to the VCD

releases when it comes to new
features and new API versions.

So we do have a new version of
the Terraform provider as well

that came out a couple of weeks
ago and that now will add

support for IP spaces so that
you can consume IPs that are

managed through IP spaces
through Terraform, and it has

some improvements for container
services extension as well. So

it's now possible to really
create and manage Kubernetes

clusters that are managed
through container service

extension with the Terraform
provider as well. In addition to

that, there have been a lot of
smaller bug fixes and

improvements that really came
based on the feedback through

the GitHub issues on the
communities. That's it for


Speaker 1: Good, sasha, as I
know, you have compiled the

whole list. Did we miss anything
really on the 10.5 list for

features which are not
necessarily network related

because, as I said, we are going
to have a dedicated network

session overall?

Speaker 5: Yeah, I think we are
good with the New features.

Speaker 2: Yeah, but there is
one thing I would like already

to add Regarding having a
supported environment in the

future, because it is already it
is now starting, but service

providers should now have in
mind that they need to have a

successful SMDB outbound
connectivity configured. It

becomes required and all users
absolutely independent if they

are imported from an active
directory or from an IDP need to

have configured an email
address. In the next versions,

starting with 10.5, it is
already now the starting point,

but from the new, next releases,
if the user don't have

configured an email address,
some features will not be

available anymore. So this is
really, from a supported

perspective, an important part.
Please verify that your Cloud

Director has an SMDB
configuration and that all of

your users have an email address

Speaker 3: Yeah, that's a good
point. Thanks for before

mentioning that that's part of
our overall strategy to have

yeah, Not VCD taking on local
user management anymore in

further future, but really rely
on external identity management

systems and identity providers
to authenticate and manage users

. And well, all of these
technologies be that SAML or

OIDC or OOUT or whatever
protocol or mechanisms used they

all rely on having an email
address to identify the user and

as part of that, we now require
the users to have a configured

email address. There are also
some tools they are API only

that makes it easier to migrate
and import users and migrate

users between the local user VCD
management and pass through

external identity providers. So
that's something that you should

keep in mind for future that
eventually we are going to

deprecate the support for local
users in VCD.

Speaker 4: What I would like to
add is we should not only talk

about things which are new, the
new hotend nice stuff, also

things about being deprecated,
and VMware is pretty clear in

10.5 that it accelerates the
deprecation speed in the API. So

a few additional versions are
not deprecated on the API, and

especially the API version 38, I
think, is no longer supporting

slash API, slash sessions for
authentication. So that's a big

change and everybody using API
needs to revalidate if the

authentication has already been
moved to the JWT mechanism.

Speaker 3: Yeah, very important
point, because that, of course,

will finally break older API
clients that are not using this

new endpoint anymore for logging
in. By the way, that has been

deprecated, I think, for the
last three versions of VCD or

VCD API, so you had some time to
change your API clients, but of

course we know it's true. But
now they're really mentioning

yeah, it's accelerating yeah
please move Version 38, it

really breaks now if you don't
log in with the new endpoints.

Speaker 4: Yes, I think more and
more stuff is moving towards

the Cloud API. Everybody should
really start migrating towards

the new API instead of using the
old stuff, say, as Sasha

mentioned at the beginning,
still to be to the migration.

Speaker 1: Yeah, I was just
about to say who are you looking

at, matthias?

Speaker 4: Being honest at my
screen. Yeah, the middle.

Speaker 3: Yeah, there's one
other feature that's mentioned

in the release notes which is
likely not that important for

providers or end users yet, but
rather for ecosystem partners

who build integrations with VCD.
A couple of versions ago we

introduced the new solutions
add-on framework to make it

easier for ecosystem partners to
integrate with VCD and manage

their solutions through the
provider portal, and there have

been some additions and
improvements to that solution

add-on framework as well in 10.5
. So it's now possible for the

provider to upgrade solution
add-ons through the UI and API.

So the version control and the
life cycle management of these

extensions gets much easier. And
of course, you can now publish

solutions on the pertinent base.
So that allows you to really

offer some value add services
and monetize these services on

the pertinent base that you
offer them. I don't know backup

solutions or antivirus solutions
or what else we have in our

ecosystem integrating with VCD.

Speaker 1: Good, then, I think
we have mostly everything taken

care of for the 10.5 release. I
think those people who are going

to attend the VMware Explorer
in Las Vegas there's definitely

something going to be at the
VMware booth. There are

definitely going to be some
sessions around 10.5. So if you

haven't added them to your
calendar so far, then please

make sure to do so. Also, we are
happy to announce from the

CommDivision team that we have a
dedicated room where we can

meet, hang out etc. With all our
service provider friends. So if

you haven't made an appointment
yet with us, reach out to us

over social media or anything
else. We are more than happy to

welcome you, have a little drink
, a Coke or something else and

then actually enjoy the time in
our suite together and talk a

bit about VCD etc. We might even
do some ad hoc session

recordings from there for around
VCD and for the VCD roundtable.

So stay tuned, keep us posted
for everything you do during the

VMware Explorer 2023 in Las
Vegas. So I'm still getting used

to it and we are going to cover
in our next VCD roundtable

episode everything around 10.5,
networking and some of the other

changes which you just need to
be aware of around networking.

Hop until then, have a good day
and see you soon.

Creators and Guests

Matthias Eisner
Matthias Eisner
VCI, VCP 3-6, VCP6-Cloud, VCP-NV, VCAP4-6-DCA, VCAP4-6-DCD, VCIX-NV, VMware Enthusiast, I love vRA, vCD, vRO, NSX and vR Ops; vExpert DCV, NSX & Cloud
Yves Sandfort
Yves Sandfort
Yves Sandfort - VMware cloud and infrastructure architect and evangelist, CEO comdivision group. VCDX-CMA,VCIX-CMA, VCIX-DCV, vExpert, Nutanix NTC, pilot
Episode 12 - Cloud Director 10.5 - What's new, VMware Explore outlook
Broadcast by