Episode 21 - vCF Product Packaging Overview
Hello, and welcome. We are live, for the VCD roundtable episode 21. Today, we are going to cover the VCF packaging and, yeah, product combinations for service provider explicitly. With that being said, before we get into the details, quick round of introduction. With me is Sascha Spruch, and then we hand over to.
Speaker 1:This is Matthias.
Speaker 2:Hi. And this is Tobias.
Speaker 1:Good. So, Matthias, you did spend some time to actually bring, the, VCF packaging a bit together so that we can cover a bit about what does it mean for service providers. Because as we all know, service providers will not have much of a choice in the new world anymore. They actually have to utilize the VCF enterprise, package, which is, coming as a per core license for everybody, and we will come to some of the details later on. There are a few add ons you can buy.
Speaker 1:But as a service provider, at least according to all information up until now, you cannot have easier foundation or anything else. So that is basically the only product packaging you can use. As much as we get all complain about that we potentially do not like all the products being packaged, I think as a service provider, we, need to think about what is the best we can do out of it. And that's why we said it's like we are going to dedicate a few sessions of the VCD roundtable to go step by step into individual products and actually talk about what are actually use cases for our service providers and where you can utilize the new enterprise functionality. Because in the past, many service providers just use standard and advanced feature sets.
Speaker 1:So that is going to be coming, in the next few episodes. And for today, we are going to start with an overview of what's all included, and we will look into the first few products. And then as we move along, we will go into further details. Matthias has the master of the slide deck. I'm going to give you the ball to do the intro on all of this.
Speaker 3:Oh, thank you so much. Yeah. As you guys see today, we actually have a few slides, just to make our life easier and to not skip any anything. So, the the VCF basically contains, the SDDC manager. We have vSphere including, TKG and the vCenter.
Speaker 3:We just use the official naming for all the bullets. We have, vSAN Enterprise with 1 TB byte per core included. If you need more capacity than 1 TB byte per core, it needs to be licensed. But, the the minimum licensable capacity is 8 terabyte. So per socket.
Speaker 3:So that's already a lot. We have NSX networking including HCX. We've refer we we, we refer to it with NSX networking because it's a bit different compared to the previous licensing model. And those 4 bullets are marked in green because these are the ones we're diving into today. For furthermore, we have AON, which is, ARIA operations for network, and the whole ARIA Suite Enterprises, including the base VCF licensing, which consists of the operations manager, operations for log, Aria Automation, my beloved orchestrator, now with the new name again, and the ARIA Suite life cycle manager.
Speaker 3:So the ARIA Suite enterprise will be covered in VCD roundtable 22, 23, 24, whichever, so it will be one of the next episodes. So let's dive into the first one, in a in a bit. So on top for service providers, we have the CSP entitlement, and that's, as far as we now today, is unique for partners entitled in the service provider program, and the CSP entitlement contains Cloud Director, Cloud Director plug ins and extensions, the VCDA, but change to prior is we have both licensed, which is disaster recovery on the one hand and migration for VCDA on the other hand. So previously, only migration was part of the license or kind of free of charge, and the disaster recovery has to be, paid extra. Now it's part of the bundle, and we have chargeback and usage meter.
Speaker 3:So these are the products from the CSP entitlement. I think we are all familiar with those products. Let's start with the SDDC manager. And speaking of, I I have a bit of an idea what the SDDC manager does, like manage, resend it, and host, but it's a great pleasure to pass on to Toby.
Speaker 2:Thanks, Matias. Yeah. The, the basic management instance of the whole VCF story is always our SDDC manager. So the SDDC manager is part of the initial deployment process. And after the initial deployment has been done, we start to bring on our new workload domains, our additional workload domains, whatever we would like to achieve from the SDDC manager.
Speaker 2:So the SDDC manager is the central management point, where we can manage the whole, virtual infrastructure world where we, can also do the whole life cycle stuff related to, certificate management, related to password rotation, and stuff like this. So this is all part of the SDDC manager. So here, the biggest change from what we have done in the past maybe is that we now have really a single point of component where we can manage, all of our vCenters, where we can, ramp up additional clusters, where we can bring in, new host to our clusters, ramp up a whole new virtual domain. And let's see what the future is bringing, how the whole, multi tenancy, stuff is going on. Because what we know so far as today is that in the long run, maybe it will be planned that we will have as a service provider the ability to provide a single workload domain to a single customer.
Speaker 2:So this is part of the whole SDC manager story in the vcf part.
Speaker 3:Sasha, every single time I see t k something on this slide, it's your turn.
Speaker 4:Yeah. So, it's t k g is included in the, VCF package. So that means, we have a few different options and, there are still a lot of open questions currently. So with vcf, we have, the option to say we sell a complete cluster to customers, so dedicated for customers. And then maybe it makes sense to say, hey, we will, deploy this year with Tanzu.
Speaker 4:So for these customers, on the other part, we have, or many of the service providers currently using CSE. Though CSE also deploy TKG, Tansu Kubernetes Grid clusters. And here, there are a few open questions. What happens in the future with the NSX at once load balancer and so on? And we try to figure it out for you.
Speaker 4:But there are currently open questions. How what about the licenses? Because currently, NSX advanced load balancer is required for, CSE deployments of TKG cluster. And, yeah, currently, it's counted or is written down in the informations as an add on. And, yeah, we need to figure out, what is the way to license it.
Speaker 4:But, yeah, tons of Kubernetes creators included. That's a good point. So we can go on with the Kubernetes stuff.
Speaker 3:Yeah. And and I think also the vCenter service and the 6i host because as Toby mentioned, if if a service provider plans to deploy a dedicated workload domain for a single customer, it needs to be licensed as well. Yeah. Sure. What's next?
Speaker 3:Oh, vSAN. Who's volunteering for VSAN Enterprise?
Speaker 1:Well, I can take everything except for the also and also ease of peace.
Speaker 3:Go for it, Dave.
Speaker 1:So, I mean, again, I'm I'm leaving the OSA, OSA, OSA piece for someone else to cover that because there are more competent people on that area in this call than me. So the good part for the service providers is in the past, we had lengthy discussions always about consumption of ease in for the service provider and how are we going to deal with that. And, that's going to completely go away because you now have one tip, per core, which is automatically included. That basically, considering that you have 16 cores per socket minimum so that if we think about 2 socket systems. So that already gives you 32 tip, per physical host normally.
Speaker 1:In many cases, that will be pretty much what you have in the system anyway. And as it currently looks like, the Aviso and add ons are, per tip and not per core as Matthew Matthew said. So you can just actually buy tips on top of it. So let's say in total, you're gonna you have 10 hosts. Each one of that is 32 gigabyte terabytes included, but you have in total 400, then you just actually buy the additional 80 tips and, purchase them, and that's it.
Speaker 1:The good part is also from all I heard so far is it's going to be allocated. So let's imagine you have one cluster running on Visa and the other one on Pure. You can actually take the core's Visa, capacity from 1 cluster and utilize it in a different cluster. So it's basically accumulated across your complete, as far as I understand so far, vcf instance. But, let's see where they where they end up, from that perspective in the long run.
Speaker 1:So that is good for service providers. You have now all the features, so you can use erasure coding. You can do use DDAB and compression. Many people actually enable DDAB and compression in the past, not necessarily from performance perspective, but primarily to really, reduce the amount of used capacity as used capacity doesn't matter anymore. It's always a question whether you wanna keep it on because it have also had its other challenges with it.
Speaker 1:Beside that, you're gonna also now utilize stretch clusters data address. And when we look at these specific scenarios, that give us the advantage that as service providers in the past, try to avoid stretch clusters due to cost, perspectives, This allows them now to really run management clusters if they aren't near enough to each other in a stretch cluster scenario. However, there are some limitations when that is why I'm handing over the OSA and ISA piece back to Sasha because he figured those limitations out for 1 customer already. Or Toby if he wants to. It's like, it's up to you guys who's actually taking the ball from here.
Speaker 1:Toby?
Speaker 2:Yeah. So also is there. Also, it's the old storage architecture. Now, to be honest, it is the original, storage architecture. And this is the enterprise storage architecture.
Speaker 2:So this is from a naming perspective, the difference. What is the difference technically behind? Technically behind is, Ozone was capable of using, all flash in an, SSD only behavior or maybe also in hybrid, scenario where you have utilized SSD as a, cache disk and magnetic disk as an capacity tier. AZA is an, NVMe only, based, solution. So, we only have the capability of using either, supported NVMe devices, which also has changed the whole, disk management because in the, original, storage architecture and the also part, there was always the need of having disk groups and stuff like this, in ISA.
Speaker 2:The whole disc group management and all and and so on has come. But as Yves already mentioned, there are some limitation at the moment from a VCF perspective. So at the moment, for example, AESA, is not capable of being utilized in a stretch cluster, behavior. So we cannot utilize ease of at the current, time in a stretch cluster. To be honest, it is already there in v in pure vSphere or in in pure Visa.
Speaker 2:So it is just a limitation from DCF at the moment. So I would say in the next couple of weeks, maybe months, also this limitation is gone. But, yeah, it is something we should have in mind. Currently, that is, in stretched cluster in a VCF, portion is not working.
Speaker 4:And as I got the information, so there will be a migration pass from OSA to ESA. So that means if you start now with planning new hardware, you can prepare that your hardware is ready for OSA. Deploy this also if you want to go with a stretch cluster, and then later on, do the migration to ISA.
Speaker 2:Yeah. As always. And one one last add on, because if you mentioned that you can have maybe a stretched management domain or an in stretched, virtual domain, but also there's also some pitfall in VCF at the moment. If you would like to utilize, a stretched workload domain, also your management domain needs to be stretched currently. So also let's see here what, the future is bringing.
Speaker 1:That is so true.
Speaker 3:N a 6. I think, one of the most important parts within the whole call director stack or call stack. So NSX networking and and and that's a big change compared to previous licensing. So, NSX networking consists of the NSX manager to manage the whole infrastructure. We have host and edge transport nodes, and NSX networking contains of lot contains logical switching and logical routing.
Speaker 3:But it's it's routing is based on the service router component of an edge transport node as well or in gateway and as well as the distributed router component. This listing does not contain any security features that will be covered on the next slides because that's something we really want to point out, a change in terms of licensing compared to the old model or the old program we have. On top of NSX, we now have HCX. To be honest, I have no idea if it was part of the old license model. Yes or no.
Speaker 2:It it it it was It was, to be honest, to you, you had HCX also in NSX, I guess at least at enterprise, but maybe also part of advanced licensing, HCX HCX was there. But, it is now fully included in VCF.
Speaker 3:Okay. Cool. So this is just a movement, kind of a movement. HDX is just not part of VCF, but what's there? So we have the features like workload migration, layer 2 scratching, and bulk migration, live migration of workloads from a to b.
Speaker 3:So that's all part of of that product. But one of the most or one of the biggest change, at least from my point of view, is the whole security, approach or the the licensing for security. With the VCF model, none of the NSX firewalls are part of the base or the VCF licensing. So previously, the gateway firewall of NSX was part of the base license. So the flex bundle, we know which is the base, contained the gateway firewall.
Speaker 3:If you wanted to use the distributed firewall in the past, you had to buy at least, at least the professional licensing, right, which is the, next or the one larger license model that contained the distributed firewall. And then you we had, like, advanced and enterprise for enterprise for EVPN and stuff, and then all that kind of stuff. So with the new VCF approach for service providers, or actually the VCF approach by Broadcom, the whole firewall is a single add on package, which can be, licensed on a per CPU core base. That contains the gateway firewall, the distributed firewall, and then top security intelligence and container security with Andrea. So these are the packages or the the the product bundles within the add on package VMware firewall.
Speaker 3:Any other, anyone else want to add something around that? Just just a little package.
Speaker 2:Just a little bit to you because you're fully right, Matias. At the other hand, I would say also from a costing perspective because, yeah, it is a dramatic change in the whole, licensing model. But as you mentioned before, advanced networking stuff like EVPN and so on, in the in the in the old model, always required the highest amount of points. Now it is already part of the base license. So if you have if you switch to the VCF, license model, so, it is mandatory in the future, You get really huge improvement of the of the networking side.
Speaker 2:But, yes, from a security perspective, we will lose here some some stuff.
Speaker 3:I think it's just important to to make everyone aware what the the change in in licensing is, Because as far as I or the most search providers I work with, they are using the gateway firewall extensively, basically speaking for each single tenant, with the edge gateway. Distributed firewall, it's like yeah. A few use distributed firewall, others doesn't. It really contains on the the the model they use to run their tenants. But the gateway firewall is a big part in terms of of licensing change.
Speaker 3:So there is a a second add on package for security. So on top of the VMware firewall, we can add ATP, advanced threat protection. Before we dive into those 3 marked additional products or solutions, I would like just to add one statement. So the bullets and stuff we add over here, they're not saying that each of those areas of NSX can be consumed in self-service. So we're today, we're just talking licensing, what's included, what needs to be, licensed on top.
Speaker 3:We're not covering which is self-service avail available and which features need to be consumed as a managed service just to add that statement on top. So, Toby, you wanna cover some IDS, IPS stuff?
Speaker 2:Yeah. For sure. So IDSIS IPS, is there. Can be utilized can be utilized in 2 different manners nowadays. So we can utilize it on the north south side, so, directly on our e six i's.
Speaker 2:And also we can east west side. Sorry. And we can utilize it also on the north south side. But also here there is a little, limitation at the moment. So talking today, IDS is only available on the edge services.
Speaker 2:IPS is not available, but, as far as I am aware at the moment, IPS on the edge nodes or on the north south side will be available in with the next release, which should be roughly around March. But let's see what's really happening here. Mailware prevention and, network traffic analysis and, NDR. Also here, some, important stuff around. You need the whole network application platform of NSX, which is, deployed as an Kubernetes Helm Chart.
Speaker 2:So to utilize the whole malware prevention, the whole network traffic analyzer stuff, and the NDR stuff, so the network detection and response stuff, you need to provide a Kubernetes environment and deploy there the network application platform as part of your NSX setup, then we can utilize it. But as Matias already mentioned, please be aware at the moment from the whole advanced features, only IDS, IPS is part of the of the cloud director environment and self-service manner. All of the other stuff like malware prevention and the NDR and network traffic analysis is currently not part of the self-service. But for you as a service provider, we can or you can already consume it. And we get a question.
Speaker 3:Well, I think it's more a statement, and it's exactly what what we've already said. Deployment, consume gateway firewall, made in self-service. That's cool. And, because it's base model, some allowed for DFW. But if oh, interesting.
Speaker 3:So roughly, thanks, Tom, for mentioning this one. Roughly 90%. 90% edge oh, pyramid. Firewall. No diff tone and stuff.
Speaker 3:Mhmm. So covering IDS, IPS. And I think as far as I understand the new model, and that's what we're we're we're talking here, there is a change in licensing, not just because it's not per CPU core base, but if I remember correctly, please correct me if I'm wrong, previously, you had the ability to license IDS, IPS, gateway IDSIPS on a per tenant base. So it wasn't licensed on a per tenant base, but in the past, only the VRAM of the virtual machines running behind the configured edge gateway were considered to, we need to be licensed for IDS, IPS. And that's a huge change because in the past, if you have configured it correctly, you were kind of able to enable or license it on a per tenant oh, I'm sorry for this squirm.
Speaker 3:On a on a per tenant base, and and from now, I can do fireworks. Oh, I can't. No. That's firework. So in the past, I was able to license it on a on a per tenant base, and now it's more on a per CPU core.
Speaker 3:So I would currently assume it's more on a per cluster, per workload domain ish approach?
Speaker 2:I would say at least pair cluster.
Speaker 1:Mhmm.
Speaker 2:But also and as as we mentioned it already before, in the long run, we have already heard some rumors. We always say we don't talk about rumors, but we clearly heard some rumors that the law in the long run, the plan is to have pair, tenant, VCF, and and virtual domain deployment. And then, okay, I need
Speaker 3:And it makes perfect sense.
Speaker 2:Then it makes perfect sense. So but let's see what the future is really bringing here.
Speaker 3:But today, we're we're just, running the session just to talk about differences between the old licensing model and what we think changes with the new model and what, colleagues of service providers should take care of. Eve, you're you're so quiet. I I'm not used to Eve not talking.
Speaker 1:You explained everything perfectly well. Why should I interrupt you? You you are a liar. It might just be that I'm talking so much in the last couple of days that I'm actually finding it pretty relaxing to not talk for 50 yards. So again and and now we we can just, do
Speaker 3:a bit of of chatting about the topics we covered because we were we're not aiming to, read or to change that format to to slide deck, overwhelmed, format. That's not our goal. We just use a few slides to support our thoughts and then what? What what?
Speaker 2:At at least for the next sessions, we may be still with you to live Slack. Yes.
Speaker 3:For a few. But I think that's okay if you're not
Speaker 2:It's
Speaker 1:Yeah. I think yeah. So
Speaker 3:so these are at at least from from a see, that's fireworks.
Speaker 1:So we need to explain that to those who are just listening. We are just making fun in the video recording by making all kinds of interesting signs. So to get the FaceTime mechanism to bring up all kinds of weird things.
Speaker 3:That's all, basically speaking,
Speaker 1:for licensing. Because Matthias look like a cat now.
Speaker 3:I I I'm not doing that. Next time, maybe maybe so from a licensing perspective, but back to the topic, even for service providers, even if you're not using BCF, like, the stack, like SDDC manager or whatever, as a service provider, you need to pay for it. So it doesn't matter. You you you're not getting out of the game like, oh, I'm not using it. Yeah.
Speaker 3:Doesn't matter. You're not using, and that will be part of, the next episode. I'm not using the Aria Suite Enterprise. Yep. No one cares.
Speaker 3:Just being honest. So maybe start thinking about how can I use how can I gain advantage? How can I provide better services to my own tenants using additional products like operations for log, operations manager? Yep. And, yes, if I say orchestrator.
Speaker 3:Right?
Speaker 1:They left something in for the old guys.
Speaker 2:And and and still, it's at least since Matias just mentioned the whole, Arias, we just and we will cover operations manager in in one of our next sessions. But also here I would say our, especially the operations manager really can support, our service providers for rightsizing their environment. And rightsizing, as we already covered it, will become more and more important since the whole, VRAM story is gone. So and I would say it will never come back. So we we really need to have now a look at the whole core story.
Speaker 2:And now rightsizing really becomes an interesting part of, the environment.
Speaker 1:But do you think
Speaker 3:There must be another 2 things I wanna add. Firstly, Yves speaking of cats, here he is. Right? And and secondly, Yves, you mentioned something about hosts which are installed but not actively used, but there was more a disaster recovery scenario.
Speaker 1:Okay. So here's the point. One of the complaints in the last couple of months, or weeks was that the core licensing model is a bit, putting the disaster recovery customers at risk because for service providers, licensing a lot of cores for unused systems is going to be, a very bad scenario. The idea which we at least heard, and we heard that several times in the past, and then it was gone and now it seems to come back again. The idea sounds like that in the future, you can actually or the the license count for Cors seems to be only based on hosts which have active running VMs.
Speaker 1:So from that perspective, you could, in theory, deploy a cluster which does not have any actively running VMs. However, that would still mean there are potentially NSX, appliances and other things on it. At that point in time, you would need to pay for it. The other thing is if that house has storage capacity attached, that would mark that host as active as well as far as I understood from from some of the discussions I heard. So, there seems to be at least something coming, but reality is those service providers running, DCVR from that perspective typically would not use Visa and, all flash to store the capacity of the customers.
Speaker 1:So they would have, let's say, more decent capacity storage behind it. And in that specific scenario, you could have a workload cluster with a, let's say, low cost storage behind it, and then just, pay for VCF on demand, which is according to the latest documents hourly. So if a customer wants to run a test run and is going to utilize a handful of hosts only, then they could do that. Again, this is, at the moment, for pure speculation and based on rumors. So this is not in the con I mean, the hourly is in the contract, but that it will only count hosts which are going to be full which are going to host VMs.
Speaker 1:But, again, that's just that would solve the BCDR scenario, at least for a good part of service providers. And, so again, as you can see, not everything is yet finalized. But it seems like we are slowly getting there.
Speaker 3:Yeah. So it's still a moving target, but it moves a lot slower.
Speaker 1:Yeah. The ship is more or less now assembled. They are just actually attaching the the the the the rescue boats to it.
Speaker 3:Yeah. And so
Speaker 1:Let's hope it doesn't become a Titanic and there are enough of them.
Speaker 3:Well, Yves, thanks for sharing that that additional information with, with the crowd. Yeah. So, I think that covers the licensing stuff, for episode 21.
Speaker 1:Well, that is something ask you one more question.
Speaker 3:Yes. It just popped up.
Speaker 1:Yes. Have you guys heard about any price indications for the add on licenses, especially n six? So the information we have is that the pricing for all products is going to be identical, whether it's resell or service providers. So if you grab, the just released price lists playbooks as of this week, you will see what the add ons are going to be charged for, and then you can apply the discount which has been, provided to you as a service provider about what the discount is going to be, and then you know what the add on is actually going to cost you. We don't have that in writing, but, according to all these simplicity rules by Broadcom, which basically say only 1 SKU, very simplistic model.
Speaker 1:I'm pretty sure that that's going to be exactly the way it is. Good. Now, Matthias, you can start the closing mode.
Speaker 3:Now you could start it. But yeah. So,
Speaker 1:you were so far away.
Speaker 3:So we carved the the base of VCF packaging for service providers today in episode 21. I don't know the exact plan. Will episode 22 cover the Avia suite enterprise or 23?
Speaker 1:I would I would say currently current plan is, that 22 would be another packaging, if episode that's going to come out in 2 weeks. We might, as always, keep you posted with some of our short term videos, If anything in between, urgently happens, I don't currently foresee that there is anything, from that perspective. Oh, we got a final message. Oh, no. The worst is ever.
Speaker 2:News ever. Yeah. Just plug it.
Speaker 1:I'm not sure what that is. But Okay.
Speaker 3:Yeah. So so famous last words.
Speaker 1:Yeah. Next episode, episode 22 will be, another BCF packaging series. Feel free to drop in any any questions beforehand to any one of us so that we can prepare them. We are going to move the VCF roundtable to a a No.
Speaker 3:It it it's VCT round table, not VCF round table.
Speaker 1:The Broadcom VCF round table for service providers is going to be who was talking here? The VCD roundtable, is going to be at least the current plan is going to be bweekly moving forward. Plan is that somewhere early in the week, we will let you know when the live session is going to be because there is still a lot of traveling going on for some of us. And, so but that's going to be the plan, and we are going to post on the web page most likely on the BCB roundtable web page. A bit of the topics for the upcoming weeks in the next few days so that you can plan for it.
Speaker 1:We're also working on a few more formats to get you a bit more training and get to know, perspective for certain products, but that's still in the baking. That, as finish the cooking and the baking for those and expect that there will be more content and more formats coming from us pretty, pretty soon, not only for service providers, but that's still going to be all for us. With that being said, it's an interesting week. Those of you who have not actually finished the RFIs, for the new Broadcom program, make sure that you do that. Next Thursday is, the cutoff date.
Speaker 1:You need to submit them. If you have any questions around that, feel free to always ping us, and have a discussion with us also if you are worried that you are not hitting the mark. As we said, it's like, there's always a free line so that you can reach us and then we figure something out. Again, emoticons or something. Such a closing week.
Speaker 1:This one.
Speaker 4:Yes. And if you, yeah, joining the channel conference, channel partner conference in Las Vegas next, months or the MSP submit, just ping us. We will stay in Vegas at that time, join the conference, and let's have a
Speaker 3:meeting. Alright. Best of luck with the new licensing. Keep the changes in mind and license accordingly.
Speaker 2:Everything's set, I would say. Yep. Thanks. See you.
Speaker 1:I'm waiting for Toby to change the color again. See you all. Have a good day. Bye bye. Bye bye.
Speaker 1:Toby.