• Elastic DRS Storage Scale-up threshold update 

  Due to enhancements in vSAN, the vSAN Slack Space requirement has been decreased from 30% to 20%. To accommodate this improvement, the Storage Scale-up threshold for all Elastic DRS policies has been increased to 80%. You can now consume up to 79% of vSAN capacity regardless of the Elastic DRS policy.

• 2-Host Stretched Clusters (1-1) 
  • You can now deploy a 2-host stretched cluster. With a single host in each AZ and a managed witness in the third, the cluster can survive the loss of an entire AZ. This powerful capability enables business-critical applications within VMware Cloud without rearchitecting for AWS availability.  
  • With one host per AZ, vSAN depends on the Dual Site Mirror for resiliency and therefore, it comes with a 99.9% availability guarantee. This can be increased to 99.99% at any time by scaling up to a 6-host cluster.  
  • Elastic DRS storage-only scale-out is enabled by default. If a 2-host stretched cluster is scaled up to a 4-host, the cluster can not be scaled back down. For more information, see the 2-Host release and or Stretched Cluster design considerations. 

• Stretched Cluster resiliency improvements
  • Elastic DRS has been improved to increase the resiliency of any Stretched Cluster. This enhancement is provided free of charge and works in conjunction with the existing Auto-Remediation capabilities found in Auto-Scaler. For more information, see Scaling Multiple Availability Zone Clusters. 
  • The VMware Cloud service will automatically Scale-Out any Stretched Cluster on AZ failure. With this latest enhancement, the cluster will automatically Scale-In as soon as the failed AZ has been restored and the burst capacity is no longer needed.  
  • If an instance fails on a Stretched Cluster and Auto-Remediation is unable to recover or replace the host, the service will add the instance to the other AZ until a new host can be recovered in the original AZ. This capability is added free of charge and will attempt to maintain the Compute resources in the event of a partial AZ failure by adding non-billable hosts to the surviving AZ until the cluster has returned to its original host count. This functionality is dependent on free capacity and therefore carries no guarantee.

• Networking and Security - Operational Improvements
  • You can view network traffic stats per external interface to the SDDC. The Global Configuration tab provides user visibility in terms of bytes/packets received and transmitted per uplink. You can also control interface settings on the Global Configuration tab.
• vSphere Distributed Switch (VDS)
  • The vSphere Distributed Switch (VDS) enables you to manage NSX network segments as vCenter DVPG objects. New deployments in 1.16 will use VDS. Existing deployments will be converted to VDS prior to 1.18 upgrade. The vSphere Web Services API Opaque Network objects will be converted to NSX DistributedVirtualPortGroup (DVPG) objects. The corresponding API parameters/return values are changing, therefore users need to update applications that are using these API calls. vSphere Opaque Network objects will not be supported beyond 1.16. For more details, including the latest VMware and partner application versions that are compatible with VDS, see KB 82487.
• Compute Policy Scale Increase
  • The limit for VM-VM anti-affinity compute policies has been increased to 1500 (total of all compute policies combined). The limit for all other compute policies remains at 100. Using the card view is recommended when working with a large number of policies in the UI. See the VMware Configuration Maximums page for limit details.

• Regional Expansion to AWS GovCloud US-East region

  Since the launch of VMware Cloud on AWS GovCloud (US), the hybrid cloud service has been helping Federal, state and local government agencies in their digital transformation initiatives. VMware now announces the regional expansion of VMware Cloud on AWS GovCloud (US) service to the AWS GovCloud US-East region. This will bring the availability of the service to both AWS GovCloud regions – GovCloud (US-West) and GovCloud (US-East). This gives US public sector customers additional geographic choice and disaster recovery options for sensitive data and workloads while meeting US government security and compliance requirements. 

• Support for 2-host i3en.metal

  Reduce your steady state and recovery infrastructure costs by using a 2-host i3en.metal SDDCs.

• 2-Host Stretched Clusters (1-1)

  You can now deploy a 2-host stretched cluster. With a single host in each AZ and a managed witness in the third, the cluster can survive the loss of an entire AZ. This powerful capability enables business-critical applications within VMware Cloud without rearchitecting for AWS Availability.

• Performance Optimizations for Erasure Coding for bursty writes

  In version 1.14, you can view an improved performance and CPU efficiency of RAID 5/6. This enables the space efficiency of erasure coding while enhancing application performance and reducing CPU cost per I/O, particularly for bursty writes. Improved additional buffer tier performance.

• Stretched Cluster/ Multi-AZ Improvements: vSAN DRS awareness: VMware Cloud on AWS version 1.14 introduces integration with data placement and DRS so that after a recovered failure condition, DRS will keep the VM state at the same site until data is fully re-synchronized, which ensures all read operations not to traverse the Inter Site Link (ISL). Once the data is fully re-synchronized, DRS moves the VM state to the required site with DRS rules accordingly.  The improvement can dramatically reduce unnecessary read operations occurring across the ISL, and free up ISL resources to continue with its efforts to complete any re-synchronizations post-site recovery.
• Automatic adjustment of vSAN policy for improved data availability

  The automatic adjustment of vSAN policy for improved data availability feature will automatically assign the default policy for your VMs to ensure that your workloads are SLA compliant. You can deploy your cluster, and based on the number of hosts, a policy will be automatically assigned. If a host limit is crossed which requires a different policy, then the policy is automatically changed so that your clusters remain SLA compliant. If you want to set the policies yourselves, you can override this function.

  • The policies settings which will be applied by automatic adjustment of vSAN policy for improved data availability are:
    • Standard Cluster:
      • =< 5 hosts: Failure to tolerate 1 - RAID-1
      • >= 6 hosts: Failure to tolerate 2 - RAID-6
    • Stretched Cluster:
      • Dual Site Mirroring, Failure to tolerate 1 - RAID-1

          Note: This feature is enabled for SDDC versions 1.10 and higher.

• Network Performance
  • This release provides improvements for i3en.metal network performance for north-south communication (approximately twice the performance compared to i3.metal) to the SDDC, as well as east-west communication within the SDDC. You can notice higher network throughput for your workloads driving TCP traffic and for UDP traffic across i3en edge nodes.

• Increased Scale Attributes for NSX Distributed Firewall (DFW)​
  • VMware Cloud on AWS supports higher scale attributes for NSX Distributed Firewall (DFW) for SDDCs running version 1.12 and higher. VMware Cloud on AWS SDDC now supports up to 40,000 DFW rules across all sections. Also, the number of security groups supported is now increased to 12,000 and the number of VMs per security group in the SDDC is increased to 1,800. The complete list of configuration maximums for Networking and Security can be found here.
• Firewall​
  • Advanced search and filtering capability in the UI - Users can search firewall rules using a number of criteria including rule ID, rule name, Group membership, source/ destination IP address, protocol, service, action and rule status.
  • Rule ID is now directly available in the UI.
• Distributed Firewall​
  • Time-based Scheduling of DFW Rules- Users can now schedule enforcement of specific rules for specific time intervals. This option can be accessed through the clock symbol in the UI.
  • Advanced search and filtering capability in the UI - Users can search firewall rules using a number of criteria including rule ID, rule name, Group membership, source/ destination IP address, protocol, service, action and rule status.
  • Rule ID is now directly available in the UI.
• VPN
  • ​MSS Clamping is now supported for Policy-based/ Route-based VPN. This option allows the user to set the maximum segment size IPSec traffic to avoid fragmentation. VPN UI is streamlined to group together all required fields above the Advanced Parameters fold.
• DHCP
  • ​Users can create custom DHCP profiles for DHCP Relay/ Server. DHCP server can be configured at Gateway (all segments) or Local (individual segment) level as well as Relay mode. Users can view DHCP Relay/ Server configuration stats under Tier-1 Gateways (CGW) tab in the UI.
• Network Segments​
  • Segment level metrics - Fine grained network stats are available at the individual segment level. Counters for packets transmitted/ received/ dropped are available via the UI. Users can view all related Groups where individual segment is referenced.
  • Segment Profiles - Users can view the segment profiles that apply to individual segments during segment creation. Users can set bindings for DHCP addresses.
  • Segments UI enhancement - Users can view all related Groups where the individual segment is referenced.

• Flexible vCenter Permissions during upgrades
  • Flexible vCenter permissions model for role-based access. Existing SDDCs that do not currently support flexible vCenter permissions will now get the feature as part of the next upgrade. This capability enables cloud administrators to create custom roles and assign more granular permissions to users and groups. These permissions can be assigned to users and groups globally or for specific vCenter objects.

• Networking
  • Enhancements to DNS UI. Users can now enter the DNS server IP addresses in the DNS service section. Previously, users had to configure the server in the DNS zones section. Users can now insert a description to the DNS service, add tags and view stats on the DNS service section.
  • Resolved Issues:
    • ​This release resolves an issue with IP address range expansion, which caused the server to become overloaded, which in turn caused the API and UI to be unreachable.
• i3en.metal instance type is now available
  • ​​​i3en.metal instances are now available for new SDDC and cluster deployments on VMware Cloud on AWS. These instances come with Intel Xeon Cascade Lake processors @2.5GHz, 96 vCPUs with hyper-threading enabled, 768 GiB memory & 45.84 TiB (50TB) raw storage capacity, with additional 6.55 TiB cache storage capacity. Additionally i3en instances include in-transit hardware encryption of east-west traffic for improved security.  I3en.metal hosts are FedRAMP High compliant and must be selected when deploying new SDDC’s that require FedRAMP High compliance.

VMware Site Recovery now Available

• ​VMware Site Recovery is now available on VMware Cloud on AWS GovCloud (US) region. VMware Site Recovery for VMware Cloud on AWS GovCloud (US) enables US Public Sector agencies to protect and migrate their workloads to FedRAMP compliant AWS GovCloud region in the US. For more information, see VMware Site Recovery for VMware Cloud on AWS GovCloud.