Benefits of the VMware ESXi Hypervisor Architecture
The hypervisor architecture of VMware vSphere plays a critical role in the management of the virtual infrastructure. The introduction of the bare-metal ESX architecture in 2001 significantly enhanced performance and reliability, which in turn allowed customers to extend the benefits of virtualization to their mission-critical applications. The removal of the Linux based console operating system (COS or 'service console") with the new ESXi architecture represents a similar leap forward in reliability and virtualization management. Less than 5% of the size of ESX, the new vSphere ESXi architecture improves hypervisor management in the areas of security, deployment and configuration, and ongoing administration.
Improve Reliability and Security. The ESX architecture available in releases prior to vSphere 5.0 relied on a Linux-based COS for serviceability and agent-based partner integration. In the new, operating-system independent ESXi architecture, the approximately 2 GB COS has been removed and the necessary management functionality has been implemented directly in the core VMkernel. Eliminating the COS drastically reduces the install footprint of the vSphere ESXi hypervisor to approximately 150 MB improving security and reliability by removing the security vulnerabilities associated with a general purpose operating system.
Streamline Deployment and Configuration. The new ESXi architecture has far fewer configuration items greatly simplifying deployment and configuration and making it easier to maintain consistency.
Reduce Management Overhead. The API-based partner integration model of the ESXi architecture eliminates the need to install and manage third party management agents. You can automate routine tasks by leveraging remote command line scripting environments such as vCLI or PowerCLI.
Simplify Hypervisor Patching and Updating. Due to its small size and limited components, the ESXi architecture requires far fewer patches than early versions, shortening service windows and reducing security vulnerabilities. Over its lifetime, the ESXi architecture requires approximately 10 times fewer patches than the ESX hypervisor running with the COS.
What’s New in vSphere 5.1
In the vSphere 5.1 release VMware has added several significant enhancements to ESXi.
NEW Improved Security. There is no longer a dependency on a shared root account when working from the ESXi Shell. Local users assigned administrative privileges automatically get full shell access. With full shell access local users no longer need to “su” to root in order to run privileged commands.
NEW Improved Logging and Auditing. In vSphere 5.1 all host activity, from both the Shell and the Direct Console User Interface (DCUI), are now logged under the account of the logged in user. This ensures user accountability making it easy to monitor and audit activity on the host.
NEW Enhanced SNMPv3 support. VSphere 5.1 adds support for SNMP v.3 to include both SNMP authentication and SSL encryption.
NEW Enhanced vMotion. vSphere 5.1 provide a new level of ease and flexibility for live virtual machine migrations. vSphere 5.1 now allows combining vMotion and Storage vMotion into one operation. The combined migration copies both the virtual machine memory and its disk over the network to the destination host. In smaller environments the ability to simultaneously migrate both memory and storage allows virtual machines to be migrated between hosts that do not have shared storage. In larger environments this capability allows virtual machines to be migrated between clusters that do not have a common set of datastores.
NEW vShield Endpoint bundling. Now included in vSphere 5.1, vShield Endpoint offloads antivirus and anti-malware agent processing inside guest VMs to a dedicated secure virtual appliance delivered by VMware partners.
New virtual hardware. New virtual hardware. VSphere 5.1 introduces a new generation of virtual hardware with virtual machine hardware version 9, which includes the following new features:
- 64-way virtual SMP. vSphere 5.1 supports virtual machines with up to 64 virtual CPUs, which lets you run larger CPU-intensive workloads on the VMware vSphere platform.
- 1TB virtual machine RAM. You can assign up to 1TB of RAM to VSphere 5.1 virtual machines.
- Hardware accelerated 3D graphics support for Windows Aero support. vSphere 5.1 supports 3D graphics to run Windows Aero and Basic 3D applications in virtual machines.
- Guest OS Storage Reclamation. With Guest OS Storage Reclamation, when files are removed from inside the guest OS the size of the VMDK file can be reduced and the de-allocated storage space returned to the storage array’s free pool. Guest OS Storage Reclamation utilizes a new SE Sparse VMDK format available with Horizon View.
- Improved CPU virtualization. In vSphere 5.1 the vSphere host is better able to virtualize the physical CPU and thus expose more information about the CPU architecture to the virtual machine. vSphere 5.1 also adds the ability to exposes additional low-level CPU counters to the guest OS. Exposing the low-level CPU counter information allows for improved debugging, tuning and troubleshooting of operating systems and applications running inside the virtual machine.
Other significant capabilities available with vSphere since the 4.1 release:
AD Integration. Ability to configure the host to join an Active Directory domain. Once added to the AD domain users accessing vSphere hosts will be authenticated against the centralized user directory.
Scripted Installation. Ability to do a scripted installation of the vSphere software to the local disk of a server. Various deployment methods are supported, including booting the vSphere installer off a CD or over PXE, and accessing the configuration file over the network using a variety of protocols, such as secure HTTP. The configuration file can also specify the following scripts to be executed during the installation:
These scripts run locally on the vSphere host, and can perform various tasks such as configuring the host’s virtual networking and joining it to vCenter Server.
Boot from SAN support for vSphere. This support includes Fibre Channel SAN, as well as iSCSI and FCoE for certain storage adapters that have been qualified for this capability.
NEW Image Builder. A new set of command line utilities allows administrators to create custom ESXi images that include 3rd party components required for specialized hardware, such as drivers and CIM providers. Image Builder can be used to create images suitable for different types of deployment, such as ISO-based installation, PXE-based installation, and Auto Deploy. It is designed as a Power Shell snap-in component and is bundled with PowerCLI.
NEW vSphere Firewall. The vSphere host management interface is protected by a service-oriented and stateless firewall, which you can configure using the vSphere Client or at the command line with ESXCLI command line interfaces. A new firewall engine eliminates the use of iptables and allows the administrator to define port rules for each service. For remote hosts, you can specify the IP addresses or range of IP addresses that are allowed to access each service.
NEW Secure Syslog. All log messages are handled by syslog, and messages can now be logged on either local and/or one or more remote log servers. Log messages can be remotely logged using either the Secure Sockets Layer (SSL) or TCP connections.
NEW Central management of host image and configuration via Auto Deploy. Combining the features of host profiles, Image Builder, and PXE, vSphere Auto Deploy simplifies the task of managing vSphere host installation and upgrade for hundreds of machines. vSphere host images are centrally stored in the Auto Deploy library. New hosts are automatically provisioned based on rules defined by the user. Rebuilding a server to a clean slate is as simple as a reboot.
NEW Enhanced Unified CLI Framework. An expanded and enhanced ESXCLI command line framework offers a rich set of consistent and extensible commands, including new commands to facilitate on-host troubleshooting and maintenance. The framework allows consistency of authentication, roles, and auditing, using the same methods as other management frameworks such as vCenter Server and PowerCLI. You can use the ESXCLI framework both remotely as part of vSphere CLI and locally on the ESXi Shell (formerly Tech Support Mode).