A while back, I wrote up a blog about the release of vSphere 6.0, with an NFS slant to it. Why? Because NFS!
With VMworld 2016 Barcelona, vSphere 6.5 (where’d .1, .2, .3, .4 go?) has been announced, so I can discuss the NFS impact. If you’d like a more general look at the release, check out Cormac Hogan’s blog on it.
Before I get into the new NFS feature/functionality of the release, let’s talk about the changes to VMFS. One of the reasons people use NFS with VMware (other than its awesomeness) is that VMFS had some… limitations.
With the announcement of VMFS-6, some of those limitations have been removed. For example, VMFS-6 includes something called UNMAP, which essentially is a garbage collector for unused whitespace inside the VMFS datastore. This provides better space efficiency than previous iterations.
Additionally, VMware has added some performance enhancements to VMFS, so it may outperform NFS, especially if using fiber channel.
Other than that, you still can’t shrink the datastore, it’s not that easy to expand, etc. So, minor improvements that shouldn’t impact NFS too terribly. People who love NFS will likely stay on NFS. People who love VMFS will be happy with the improvements. Life goes on…
What’s new in vSphere 6.5 from the NFS perspective?
In vSphere 6.0, NFS 4.1 support was added.
However, it was a pretty minimal stack – no pNFS, no delegations, no referrals, etc. They basically added session trunking/multipath, which is cool – but there was still a lot to be desired. On the downside, that feature isn’t even supported in ONTAP yet. So close, yet so far…
In vSphere 6.5, the NFS 4.1 stack has been expanded a bit to include hardware acceleration for NFSv4.1. This is actually a pretty compelling addition, as it can help the overall NFSv4.1 performance of the datastore.
NFSv4.1 also fully supports IPv6. Your level of excitement is solely based on how many people you think use IPv6 right now.
Perhaps the most compelling NFS changs in vSphere 6.5 is how we secure our mounts.
In 6.0, Kerberos support was added, but you could only do DES. Blah.
Now, Kerberos support in vSphere 6.5 includes:
- REMOVAL of DES encryption
- Kerberos with integrity checking (krb5i – prevents “man in the middle” attacks)
Now, while it’s pretty cool that they removed support for the insecure DES enctype, that *is* going to be a disruptive change for people using Kerberos. The machine account/principal will need to be destroyed and re-created, clients will need to re-mount, etc. But, it’s an improvement!
How vSphere 6.5 personally impacts me
The downside of these changes means that I have to adjust my Insight presentation a bit. If you’re going to Insight in Berlin, check out 60831-2: How Customers and Partners use NFS for Virtualization.
Still looking forward to pNFS in vSphere, though…