What’s New in vSphere 6.5

Today at VMworld Europe 2016, vSphere 6.5 is announced. In this blog we highlight some major feature announcements on the following products and technologies:

  • vCenter Server Appliance (VCSA)
  • Virtual SAN (VSAN)
  • Host Profiles
  • Auto Deploy
  • vSphere Security
  • vSphere Fault Tolerance (FT)
  • vSphere DRS
  • Storage IO Control (SIOC):
  • Content Library
  • vSphere Operations Management
  • vRealize Log Insight
  • PowerCLI

Here is an overview of the new feature highlights in vSphere 6.5:

vCenter Server Appliance (VCSA):


  • VMware Update Manager (VUM) for the vCenter Server Appliance (VCSA). VUM is integrated by default in the VCSA and uses the internal embedded database.
  • Native High Availability for the vCenter Server Appliance (VCSA only). Create a High Available VCSA environment and eliminate the single point of failure. The HA configuration is active/passive with a witness in between and looks like:


  • Improved Appliance Management.
    • Monitoring: Built in monitoring for CPU, memory and network interface
    • vPostgres database visibility
    • Remote Syslog configuration
    • vMon: Enhanced watchdog functionality. Watch the vCenter Server services
    • Client Integration Plugin (CIP) for the vSphere Web Client is no longer required anymore
    • vSphere Management Interfaces such as the vSphere Client (HTML 5 Web Client):


  •  Native Backup & Restore of the VCSA. Removes dependency on 3rd party backup solutions. Easily restore the backup to a new VCSA. The following protocols are supported:
    • HTTP(S)
    • SCP
    • FTP(S)
  • VCSA Installer improvements:
    • Run the VCSA depolyment installeren on Windows, Mac and Linux
    • The installer supports install, upgrade, migrate and restore
  • VCSA Migration: Migrate from vCenter 5.5 or 6.0 tot 6.5 with the options to migrate the:
    • Configuration only
    • Configuration, events and tasks
    • Configuration, events, task and performance metrics

Host Profiles:

  • Manageability
    • Editor enhancements: filter and favorites
    • Bulk edit host customization using CSV files
    • Copy settings between profiles
    • Streamlined remediation wizard
  • Operational
    • Pre-check proposed changes
    • Detailed compliance results
    • DRS integration – rolling remediation
    • Parallel remediation

Auto Deploy:

  • Operational
    • GUI for Image Builder, Deploy rules
    • Interactive deployment of new hosts
    • Post-boot scripts for advanced configs
    • EUFI and IPv6 support
  • Performance and Resiliency
    • Scalabillity improvements 300+ hosts
    • VCSA HA & backup support
    • Round robin reverse proxy caching
    • Backup and restore state with PowerCLI

vSphere Security:

  • Enhanced Logging.  Expose vCenter events to a Syslog server (such as vRealize Log Insight) without turning on verbose logging in vCenter Server and blowing up the database.
  • VM Encryption. Encrypt the VM virtual disk(s) and VM files  by using an encryption policy. The VM guest is not modified. The encryption is done at the hypervisor level.
  • Encrypted vMotion. Virtual  Machine vMotion data is encrypted during a vMotion on a per VM basis.
  • Secure Boot for ESXi and Virtual Machines. Requires hardware that support EUFI and a secure Boot firmware.

vSphere HA:

  • Admission Control. Simplified configuration workflow. It automatically calculates the % of resources to reserve.
  • Restart Priorities: Additional restart priorities added such as highest and lowest for more flexibility and greater control.
  • HA Orchestrated Restart. Enforce VM to VM dependency chains. This is great for multi-tier applications the require VMs to restart in a particular order.
  • Proactive HA. vCenter plugin that connects to the hardware vendor monitoring solution (Dell Open Manage, HP Insight Manager or Cisco UCS). When there is for example a memory failure detected by the hardware vendor monitoring tools, the VMs from that hosts are migrated using vMotion to another hosts.

vSphere Fault Tolerance (FT):

  • Improved DRS integration. DRS will better place the secondary VM
  • Performance Improvements:
    • Host level network latency reduction. Allows to run more applications with FT.
    • Multi-NIC Aggregation. It is possible to pack more NICs like (vMotion for FT) for better performance.

vSphere DRS:

  • Network-Aware DRS. Adds network bandwidth calculations in DRS. This avoids an over-subscribing host network link.
  • Advanced DRS Policies exposed in the UI.

Storage IO Control (SIOC):

  • Setting IO limits in Storage Policy Based Management (SPBM) and apply the policy to the VMs.

Content Library:

  • Mount an ISO file from the Content Library
  • OS Customization during VM deployments from the library.
  • Update an existing template with a new version
  • Optimized HTTP sync between vCenter Servers

Virtual SAN 6.5

  • 2-node Direct Connect and Witness traffic separation. Ability to connect two nodes directly using ethernet cables. Stretchen VSAN with Direct Connect is not supported at the moment. Benefits:
    • Reducing costs (no need for 10 GbE switches).
    • Simplicity.
    • Separate VSAN data traffic from witness traffic.


  • Licensing:
    • The VSAN standard license includes the All-Flash option
    • New VSAN advanced for ROBO licensing
  • Virtual SAN iSCSI access. iSCSI access is built for supporting MSCS with shared storage and physical workloads that needs to have storage. There is no support in this release to targeting the VSAN storage to other ESXi clusters.

vSphere Operations Management:

  • vSOM is a combines of vSphere Enterprise plus with vRealize Operations Manager standard edition as a single offer.
  • New Home dashboard


  • New DRS Dashboard
  • Update Workload Utilization Dashboard


  • Other improvements are:


vRealize Log Insight version 4

  • New Clarity User Interface. This new interface looks much better and cleaner


  • Alert enhancements


  • Other Enhancements



  • No more snapins are used, it’s now fully module based.


  • Module improvements. Here are some examples:
    • Added cross vCenter storage vMotion support
    • The VSAN module is extended with 13 additional cmdlets
    • Complete new Horizon View module. It is now possible to run from it from anywhere, in earlier releases it was only possible to run it from a Connection Server. On this release are only 2 cmdlets available (Connect and Disconnect). Once connected you can use the API.
  • Microsoft open sourced PowerShell. It possible to run PowerShell from Windows, a MAC and Linux. VMware will release a PowerCLI Core version as fling.
  • The vSphere Management Assistent is being deprecated. Use the vCLI. It has support for different OSes. Use vCLI for:
    • ESXCLI commands
    • vicfg- commands
    • Other Perl Commands
    • Datacenter CLI


vSphere 6.5 is packed with great new features. My top is new features are:

  • vCenter Server Appliance (VCSA) with Update Manager integration
  • vCenter Server Appliance (VCSA) native High Availability
  • Virtual SAN (VSAN) Direct Connect
  • A new PowerCLI module for Horizon View

I’m curious what you’re new top features are! Please let me know.

VMware extends the hybrid cloud with Amazon Web Services (AWS)

VMware and Amazon Web Services (AWS) will partnering together to bring a new a VMware vSphere-based service, running on the AWS Cloud, that will make it easier and faster to run applications, across a hybrid cloud environment.


It’s called the “VMware Cloud on AWS”. The infrastructure looks like:


The VMware Cloud on AWS includes the following components:

  • vCenter. The environment is managed by a vCenter that is running in the cloud or on-premises.
  • ESXi on dedicated hardware in AWS Cloud (no nesting is used!).
  • Virtual SAN offers shared storage with replication and DR orchestration.
  • NSX for spanning on-premises and cloud using advanced network and security services.

This service is delivered, operated, sold and supported by VMware. Low level infrastructure management such as installing patches on ESXi servers and upgrading the vCenter is done by VMware.

The vSphere Web Client is based on HTML5 protocol. In the Web Client the on-premises datacenter and VMware AWS cloud is listed (single pane of glass).


Other CLI tools such as PowerCLI can be used against the environment.

When you want to resize a on-premises cluster you need to buy extra hardware (server, network and disk capacity) to resize the cluster.  In the AWS datacenter you can simple select the “resize” option.


This option demonstrates the flexibility and elastic scalability of the AWS cloud.

Below is the location map of the AWS regions that support the VMware Cloud datacenters:


The on-premises datacenter can be connect to the AWS datacenters using IPsec tunnels or direct connect to create a hybrid cloud.

Some use cases are:

  • Maintain and Expand the to the VMware Cloud on AWS
  • Consolidate and migrate to the VMware Cloud on AWS
  • Workload Flexibility between the on-premises an AWS cloud


During VMworld Europe 2016 more information wil be available on the VMware Cloud on AWS partnership.

Upgrading VMware Update Manager to 5.5 U3e fails

When upgrading VMware Update Manager (VUM) to 5.5 Update 3e the following error occurs:

VMware Workstation unrecoverable error: (vthread-3) GetProcAddress: Failed to resolve ENGINE_load_aesni: 127


This issue occurs when upgrading to VMware Update Manager to 5.5 Update 3e. I’ve seen this error when upgrading to 5.5U3e at different customer sites.

Here is a quick workaround:

  • Uninstall VMware Update Manager and the VMware Update Manager plugins. The database is preserved, all the configuration data is stored in this database.
  • Install VMware Update Manager and point to the existing VUM database
  • Install the VUM plugin

Within a couple of minutes you’re running VMware Update Manager 5.5 U3e.

There is also a VMTN forum post about this issue, link

Disable Virtual SAN health check alarms

When using PCIE/NVMe SSDs in the capacity layer of Virtual SAN, the SSDs are generating a warning for the “Hardware Compatibility – SCSI Controller on Virtual SAN HCL” health check, even when the devices are on the Virtual SAN HCL.


The “Hardware Compatibility – SCSI Controller on Virtual SAN HCL” health check cannot detect the PCIE/NVMe SSDs because they do not use standard I/O controllers.

To disable the HCL health check alarm use these simple steps:

  • In the vCenter Web Client top level, navigate to Manage and select “Alarm Definitions
  • Navigate to the alarm and select Edit


  • Deselect the “Enable this alarm” checkbox and click on Finish


Another use case is to disable the HCL health check(s) in non-production lab environments that use Virtual SAN with hardware that is not certified.

Tested: VDI End User Experience monitoring tools

The success  and effectiveness of a VDI environment depends on the End User Experience (UX). When the End User Experience isn’t good, users will complain and the VDI project will fail. So the ability to analyze, report and troubleshoot when a problem occurs is critical in a VDI environment. To get this insight I tested ControlUp v6 and VMware vRealize Operations for Horizon v6.3. Both tools are tested against the following subjects:

  • Architecture
  • Troubleshoot performance problems
  • Reporting
  • End User Experience monitoring
  • Supporting End-Users
  • Licensing

The features of ControlUp and VMware vRealize Operations for Horizon are tested against a VMware Horizon View 7 environment.



In the on-premises datacenter reside two components:

  • ControlUp Management Console. This is a .NET Windows  application which connects to the vCenter Server/vSphere clusters and VDI desktops.
  • ControlUp Monitor Service. This Windows service is responsible for alerting, reporting and uploading historical data to the Insight database which resides in the ControlUp Cloud.

The ControlUp installation is very simple. On a management server simply execute a single executable (ControlUpConsole.exe). It runs in memory, so there is no installation needed. For alerting and uploading data the ControlUp Monitor Service is needed. Here is an overview how a ControlUp hybrid (cloud and in-prem) infrastructure looks like:


On the left is the Enterprise Network displayed. This is the on-premises datacenter where the hypervisors and Horizon environment resides and where the ControlUp Monitor and Console are installed. There is a very minimal infrastructure needed for deploying ControlUp. All the backend components are hosted in ControlUp cloud that is  hosted on Amazon Web Services (AWS).

It’s possible to have the backend  components installed on-premises with a special version of ControlUp if you have special compliance requirements. With this version everything runs on-premises.

VMware vRealize Operations for Horizon

VMware vRealize Operations for Horizon is a monitoring solution that extends the capability of VMware vRealize Operations Manager to troubleshoot, monitor, and manage the health, capacity, and performance of VMware Horizon View environments. The architecture of vROps looks like:


The main components are:

  • VMware vRealize Operations (vROps). vROps can be deployed on Windows, Linux or when using the appliance.
  • VMware vRealize Operations Horizon management pack (PAK). After the vROps is installed and configured add the VMware vRealize Operations Horizon management pack to vROps.
  • vRealize Operations for Horizon broker agent. On one Horizon View Connection Server install the agent and pair this with vROps Horizon adapter.
  • vRealize Operations for Horizon Desktop Agent. In the Horizon View Agent enable this feature.

After installing and configuring these main components the gathering of statistics, events and performance data can begin. All the components are installed in the on-premises datacenter. Besides the VMware vRealize Operations Horizon management pack there are other management packs available that can be imported in vROps such as the Virtual SAN and NSX management pack. This improves the end-to-end visibility and monitoring.

User Interface


When executing the ControlUp Management Console the following UI is displayed after adding the central vCenter server.

CU Management Console1

This is a real-time performance dashboard.

On the left the managed hypervisor(s), vCenter(s) and servers and desktops are listed. On the managed Windows desktops a lightweight agent is pushed.

The following dashboards are available:

  • Folders
  • Hosts
  • Computers
  • Sessions
  • Processes
  • Accounts
  • Applications

You can easily search, filter, sort, group by,  customize and organize the columns that will be displayed in each dashboard.

vROPS for Horizon

The User Interface (UI) for vROps is accessible from the internet browser.

webportal webportal1

After logging-in there are Horizon specific dashboards available such as:

  • Horizon Overview
  • Horizon Help Desk
  • Horizon Infrastructure
  • Horizon User Sessions
  • Horizon VDI Pools
  • Horizon RDS Pools
  • Horizon Applications
  • Horizon Desktop Usage
  • Horizon User Session details
  • Horizon RDS Host Details
  • Horizon End User Experience

These are the default dashboards but it is possible to create own personalized dashboards with widgets and metrics you need.

Troubleshoot performance problems

To demonstrate performance troubleshooting with both products we use a Windows 10 VDI desktop and run the tool “Heavyload.exe” to generate 100% CPU utilization.



With ControlUp Management Console we can troubleshoot performance problems on hosts, computers and,-sessions in real-time and  identify the process that is causing the 100% CPU utilization.

1 2a

vROPS for Horizon

With vROps we filter on “Percent Processor Time%”, select the session and perform a manual “Get Desktop Processes”.

3High CPU 1

The “Get Desktop Processes” task takes between 10-30 seconds to generate a list of process information per desktop. In ControlUp getting the processes list is in real-time. Besides identifying high CPU utilization other performance counters can be identified with both products.


ControlUp Insights

With ControlUp v5 ControlUp Insights was introduced. ControlUp Insights is historical reporting and analytics platform in the cloud. In v6 ControlUp Insights is extended with new reports. Each month new reports are added to the portal. The portal is accessible from the following URL:

  • https://insights.controlup.com

When logging-in there are three main sections with a couple of sub-sections:

  • User Activity
    • Session Count
    • Session Activity
    • Session Details
    • Session Resources
    • Logon Durationreports
    • Protocol Latency
  • System Health
    • Computer Trends
    • Computer Statistics
    • Host Trends
    • Top Windows Errors
  • Application Usage
    • App Usage Details
    • Citrix License Usage

Each section has a several reports with information about user activity, user experience, resource consumption, application activity, system health and license information. The reports are simple, interactive and good-looking.  In addition, where applicable, ControlUp Insights presents global benchmark values for performance and user experience metrics. These metrics are calculated based on anonymize metadata sent to ControlUp Insights from the customers that use this platform

Here are 4 examples reports of Insights:

Computer Trends Host Trends Resource usage Toperrors

The report data can be exported as CSV files.


vROPS for Horizon

There are several predefined Horizon reports that can be run or scheduled on regular basis. These reports provide information about remote desktop and application usage, desktop and application pool configuration details, and license compliance. Here are some examples:

2016-08-15_15h39_39 2016-08-15_15h50_12 2016-08-15_15h50_30 2016-08-15_15h50_50

The reports aren’t as fancy and interactive as in ControlUp. The reports can be exported as CSV or PDF files.

End User Experience (UX) monitoring

Besides performance metrics User Experience (UX) metrics are very important in a VDI and SBC environment.

ControlUp UX metrics

  • PCoIP Session bandwidth usage and latency.
  • Desktop Load Time.
  • Group Policy Load Time.

Protocol LatencyUX metrics

  • Application Load Time.

appl load time

vROps for Horizon

  • PCoIP and Blast extreme protocol metrics
  • Profile Load Time
  • Shell Load Time


Both products offer UI metrics. The Application Load Time is a new cool feature in ControlUp 6 that measures the time that it takes that an application become available for the end user. This is good indicator for the User Experience.

Supporting End-Users


Besides monitoring and reporting there are other features built-in to support the End-users. The following screenshot show some of these features:


Script-Based Actions (SBA) allows the admin to extend ControlUp functionality. Scripts (either developed internally or by the community and then sanitized by ControlUp before being published), can be written using Batch, VBScript or PowerShell.
These scripts can be used and executed on one or more target computers. This following SBA list the PCoIP bandwidth usage for example

sba pcoip

The Application usage report lists the number of concurrent   instances and named users for the selected application.


This helps identifying who is using what application(s) and licensing applications.

The “top 10 Windows errors” report shows the most frequently occurring errors on all managed computers. If the error is known, it has a link with a possible solution and how to fix it.


All the errors are benchmarkend against other organizations.

vROps for Horizon

vROps focuses primarily on monitoring and reporting. So no other end-user supporting features are available as  in ControlUp. Other unique features are:

  • Horizon VDI and application pool indicator metrics
  • Besides PCoIP Blast Extreme protocol metrics are available in vROps for Horizon 6.3
  • Management Packs.  There is a lot (VMware and third party) management packs available such as Virtual SAN and NSX. This improves the end-to-end visibility and monitoring with there own metrics.



ControlUp is available as Pro, Enterprise, or Platinum edition. The main differences between these versions are in:

  • Insights retention data (1 Day for Pro, 1 Month for Enterprise, 1 Year for Platinum)
  • Multi Tenancy Support (Enterprise and above)
  • Multi AD support (Enterprise and above)

vROPS for Horizon

vROps for Horizon is licensed as:

  • standalone product.
  • Included in the Horizon Enterprise license


In this blogpost I tried to give a impression of both products. ControlUp and VMware vRealize Operations for Horizon are both great products for monitoring and reporting on your Horizon environment.  Each products has several pros against the other such as:


  • Less infra structure is needed than vROps for Horizon.
  • Simplicity of the product with an easy learning curve.
  • Great tool for real-time troubleshooting. Process information is available is real-time.
  • Pre-defined interactive reports available for troubleshooting and management information.
  • Offers other functions such as: killing services, Script Based Actions, chatting, managing the file system and registry, application usage, top Windows events etc.

VMware vRealize Operations for Horizon:

  • Besides the VMware vRealize Operations Horizon management pack, there are other management packs (VMware and third party) available that can be imported in vROps such as the Virtual SAN and NSX management pack. Such components become more and more common in a VMware Horizon environment. Adding these management packs improves the end-to-end visibility and monitoring.
  • Ability to create personalized dashboards.
  • vSphere and Horizon Infrastructure related counters such as VDI and Horizon applications pool information.

What product do I need for Horizon environment? This depends on your requirements, use case and what licenses you already have. For example when having a Horizon Enterprise license, vROps for Horizon is included. Even when having a vROps environment, ControlUp adds great value by it’s unique features such as the interactive ControlUp Insights reports and complement vROps.