New Features
What's New
This release resolves CVE-2024-37085 and CVE-2024-37086.
The list of new features and enhancements that follows adds some of the key highlights for vSphere 8.0 Update 3:
- DPU/SmartNIC
- High Availability with VMware vSphere Distributed Services Engine: Starting with ESXi 8.0 Update 3, vSphere Distributed Services Engine adds support for 2 data processing units (DPUs) to provide high availability or increase offload capacity per ESXi host. Dual-DPU systems can use NVIDIA or Pensando devices. In ESXi 8.0 Update 3, dual-DPU systems are supported by Lenovo server designs. For more information, see High Availability with VMware vSphere Distributed Services Engine.
- vSphere IaaS control plane
- Support for running vSphere IaaS control plane on vSAN stretched clusters: vSphere 8.0 Update 3 adds support for vSphere IaaS control plane, formerly known as vSphere with Tanzu, on vSAN stretched clusters. This capability is available only for greenfield installations of the IaaS control plane on stretched vSAN clusters. If you already have IaaS control pane or vSphere with Tanzu plus Content Library running, you need to redeploy it before you use the vSAN Stretched Cluster Storage Policies.
- Before configuring this capability, read Running vSphere IaaS Control Plane on vSAN Stretched Cluster and follow content on https://core.vmware.com.
Virtual Machine Management
- New Virtual Machine Compute Policy for Best Effort Virtual Machine Evacuation: vSphere 8.0 Update 3 adds a compute policy for best effort evacuation of virtual machines on ESXi hosts that are entering maintenance mode. When the host enters maintenance mode, all VMs are shut down. If shutdown fails, the VMs are powered off. If power off fails, you need to evacuate the VMs. With the new capability, when the VMs are in a powered-off state, vCenter attempts to power them on every few minutes on the best available ESXi host at the time. This policy overrules any DRS overrides set at the VM level, and the hosts on which the VMs are powered on might be different from the original host.
- vSphere Cluster Service
- Introducing Embedded vSphere Cluster Service (vCLS): vSphere 8.0 Update 3 introduces a redesign of vCLS to Embedded vCLS, which utilizes vSphere Pod technology. Deployment and lifecycle of these VMs are managed within ESXi and are no longer managed by the vSphere ESX Agent Manager (EAM). Earlier versions of vCLS are termed External vCLS. Issues previously encountered with External vCLS are resolved in this release of Embedded vCLS. While existing API compatibility is preserved, minor modifications to customer scripts or automation tools might be necessary. Other products and solutions that have defined business logic around External vCLS might not work with Embedded vCLS. See individual product documentation to understand the interoperability support and impact. For more information, see vSphere Cluster Services and content available from vSphere Technical Marketing on the Broadcom Support Portal.
- vSAN
- vSAN add-on licenses based on capacity per tebibyte (TiB): With vSphere 8.0 Update 3, you can license your use of vSAN storage based on TiB capacity. The new capacity-based license replaces the core and CPU-based licenses. For more information on capacity reporting and licensing in vSAN, see License Requirements and Counting Cores for VMware Cloud Foundation and vSphere Foundation and TiBs for vSAN.
- Security
- TLS 1.3 and 1.2 support by using TLS profiles: Starting with vSphere 8.0 Update 3, you can use TLS profiles to simplify the configuration of TLS parameters and improve supportability in your vSphere system. With vSphere 8.0 Update 3, you get a default TLS profile on ESXi and vCenter Server hosts, COMPATIBLE, which supports TLS 1.3 and some TLS 1.2 connections. For more information, see vSphere TLS Configuration.
- PingFederate Identity Provider for vSphere: With vSphere 8.0 Update 3, you can configure PingFederate as an external identity provider in your vSphere system. For more information, see Configuring vCenter Server Identity Provider for PingFederate.
- Storage/Memory
- Memory Tiering: vSphere 8.0 Update 3 launches in tech preview the Memory Tiering capability, which allows you to use NVMe devices that you can add locally to an ESXi host as tiered memory. Memory tiering over NVMe optimizes memory utilization by directing VM memory allocations to either NVMe devices or faster dynamic random access memory (DRAM) in the host. This allows you to increase your memory footprint and workload capacity, while reducing the total cost of ownership (TCO). For more details on the tech preview, see KB 95944.
- Fabric Notification support for SAN clusters: ESXi 8.0 Update 3 introduces support for Fabric Performance Impact Notifications Link Integrity (FPIN-LI). With FPIN-LI, the vSphere infrastructure layer can manage notifications from SAN switches or targets, identifying degraded SAN links and ensuring only healthy paths are used for storage devices. FPIN can also notify ESXi hosts for storage link congestion and errors.
- Support for space reclamation requests from guest operating systems on NVMe-backed vSphere Virtual Volumes datastores and Config-vVol: ESXi 8.0 Update 3 adds support for automatic space reclamation requests from guest operating systems on NVMe-backed vSphere Virtual Volumes datastores. ESXi 8.0 Update 3 also adds support for both command line-based and automatic unmap for vSphere Virtual Volumes objects of type Config-vVol, formatted with VMFS-6. For more information, see Reclaim Space on the vSphere Virtual Volumes Datastores.
- Manage the UNMAP load from ESXi hosts at a VMFS datastore level: Starting with ESXi 8.0 Update 3, you can control the unmap load at datastore level to avoid time delays from space reclamation and reduce overall unmap load on the arrays in your environment. For more information, see Space Reclamation on vSphere VMFS Datastores.
- Windows Server Failover Clustering (WSFC) enhancements on vSphere Virtual Volumes: vSphere 8.0 Update 3 adds support for a WSFC solution for NVMe-backed disks on vSphere Virtual Volumes. This capability allows NVMe reservations support in NVMe/TCP environments apart from Fibre Channel support for WSFC on vSphere Virtual Volumes. Virtual NVMe (vNVME) controllers are supported as the frontend for WSFC with NVMe-backed disks, not with SCSI-backed disks. For more information, see VMware vSphere® Virtual Volumes Support for WSFC.
- Support for active-active vSphere Metro Storage Cluster (vMSC) with vSphere Virtual Volumes: vSphere 8.0 Update 3 introduces a new version of the VMware vSphere Storage APIs for Array Integration (VASA) to add support to active-active stretched storage clusters with vSphere Virtual Volumes, with active-active deployment topologies for SCSI block access between two sites. VASA version 6 includes new architecture and design for VASA Provider High Availability support for both stretched and non-stretched storage clusters. For more information, see Using Stretched Storage Clustering with Virtual Volumes.
- VMkernel port binding for NFS v4.1 datastores: With vSphere 8.0 Update 3, you can bind an NFS 4.1 connection to a specific VM kernel adapter. If you use multipathing, you can provide multiple vmknics for each connection to ensure path isolation and security by directing NFS traffic across a specified subnet/VLAN, so that the NFS traffic does not use other vmknics. For more information, see Configure VMkernel Binding for NFS 4.1 Datastores.
- Support for nConnect for NFS v4.1 datastores: ESXi 8.0 Update 3 adds support to multiple TCP connections for a NFS v4.1 volume, also referred to as nConnect. For NFS v4.1, multiple TCP connections are created for a single session that many datastores can share in parallel. It can be configured by using either the vSphere API or ESXCLI directly on an ESXi host. For more information, see Configure Multiple TCP Connections for NFS.
- Reduced time to inflate VMFS disks: With vSphere 8.0 Update 3, a new VMFS API allows you to inflate a thin-provisioned disk to eagerzeroedthick (EZT) while the disk is in use and up to 10 times faster than previous alternative methods. During the inflation, all blocks are fully allocated and zeroed upfront to allow faster run-time performance. For more information, see Virtual Disk Options.
- Improved resiliency against memory corruption on RAM-heavy ESXi hosts: vSphere 8.0 Update 3 adds proactive measures to prevent memory errors in systems with VMs of more than 1TB that might bring down an entire ESXi host and increase application downtime.
- Advanced setting to block deletion and removal of disks for VMs with snapshots: ESX 8.0 Update 3 adds a per-host advanced option blockDiskRemoveIfSnapshot to prevent the removal of disks from a VM that has snapshots, even if you choose to delete files, which might lead to orphaned disks. For more information, see VMware knowledge base article 94545.
- Hardware accelerated move (clone operation) support on NVMe devices: vSphere 8.0 Update 3 supports NVMe copy command for hardware accelerated move (also called clone blocks or copy offload) across or within NVMe namespaces that belong to the same NVMe subsystem.
- Granular monitoring for VASA provider accessibility and certification authentication status on ESXi host level: With vSphere 8.0 Update 3, you can monitor connection status and ESXi authentication with VASA storage providers from the vSphere Client and re-authenticate hosts as necessary. For more information, see Reauthenticate VASA Client in ESXi.
GuestOS
- Guest customization supports RHEL NetworkManager keyfile format: In vSphere 8.0 Update 3, guest customization adds support for RHEL NetworkManager keyfile format and you can store network configuration in both keyfile and ifcfg format.
Drivers/Network
- Support for Fibre Channel Extended Link Services (FC-ELS): With vSphere 8.0 Update 3, you can use the command esxcli storage fpin info set -e= <true> to activate or deactivate the Fabric Performance Impact Notification (FPIN). The command saves the FPIN activation to both ConfigStore and the VMkernel System Interface Shell and persists across ESXi reboots. This is enabled by both Broadcom’s lpfc and Marvell’s qlnativefc drivers.
- Unified Enhanced Networking Stack (UENS) driver for the Elastic Network Adapter (ENA): vSphere 8.0 Update 3 adds a UENS driver for ENA, which provides connectivity to the AWS underlay Virtual Private Cloud (VPC).
- Overlay Filters Supporting Tunnel End Point (TEP): vSphere 8.0 Update 3 enhances the i40en, qedentv, and sfvmk NIC drivers by adding capabilities that expose overlay filters, supporting the TEP functionality.
Broadcom Driver Updates:
- Broadcom bnxtnet driver: Adds support for NetQ RSS to facilitate future Unified Enhanced Networking Stack (UENS) support.
Intel Driver Updates:
- Intel i40en driver: The number of queues per RSS engine is up from 4 to 8, in ENS mode it supports up to 16 queues.
- Intel icen driver: Adds RoCE support on 1000GbE NIC.
- Intel irdman driver: Adds RoCE support on 1000GbE NIC. - Marvell Driver Updates:
- Marvell qedentv driver: The max number of queues for the Default RSS engine is up from 4 to 16 in ENS mode.
- Mellanox Driver Updates:
- Mellanox nmlx5 driver: Adds support for hardware Large Receive Offload (LRO) in Enhanced Data Path mode to increase inbound throughput of high-bandwidth network connections by reducing CPU overhead.
- Adds support for dual-DPU servers.
- Pensando Driver Updates:
- Pensando ionic_en driver: Adds support for dual-DPU servers.
- Routine Inbox Driver Updates and Bug Fixes
- Broadcom bcm_mpi3
- Broadcom lpfc
- Cisco nfnic
- Marvell qlnativefc
- Microchip smartpqi
- CPU
- PCIe hot plug is updated for server platforms utilizing newer generation AMD Genoa and Intel Sapphire Rapid CPUs: Starting with vSphere 8.0 Update 3, kernel hot plug is supported for newer generation CPUs such as AMD Genoa and Intel Sapphire Rapids. - Support for Intel Xeon Max Series processors with integrated High Bandwidth Memory (HBM): vSphere 8.0 Update 3 adds support for Intel Xeon Max Series processors (formerly with code name Sapphire Rapids HBM) with 64 GB of integrated HBM, aimed to enhance performance for workloads like high performance computing apps, artificial intelligence (AI), and machine learning (ML).
- CPU C-State Power virtualization: With vSphere 8.0 Update 3, for use cases such as Virtualized Radio Access Network (vRAN) workloads, you can configure and control the C-State power of the physical CPUs dedicated to vRAN VMs from the vSphere Client.
- Cluster-wide option to retain virtual NUMA topology: vSphere 8.0 Update 3 adds a setting to retain preconfigured vNUMA topology even if the VM moves, allowing for better NUMA topology tuning for VMs across all the hosts in the cluster. This is the advanced vCenter Server setting VPXD_PersistVnuma to keep the virtual NUMA topology on a cluster level under Configure > Advanced Settings in the vSphere Client.
Analytics and Metrics
- vSphere green metrics with Running Average Power Limit (RAPL) technology: Starting with vSphere 8.0 Update 3, in the Advanced Performance Charts in the vSphere Client you can see RAPL data on ESXi hosts that normally do not report individual subsystem power consumption, such as CPU and Memory, but only general host-level power consumption. With individual subsystem power consumption reports, you can plan on a more granular level to match your power and cooling budget.
- Set VM log levels without powering off the VMs: With vSphere 8.0 Update 3, you can set log levels between VMW_LOG_TRIVIA and VMW_LOG_DEBUG_3 to avoid log spew in a healthy running VM without a power cycle by using the SetLogLevel service in the vAPI infrastructure.
- GPU
- Support for switching between Time Sliced and Multi-Instance GPU (MIG) modes for NVIDIA virtual GPUs: Starting with vSphere 8.0 Update 3, you do not need to reboot an ESXi host to switch between time sliced and MIG modes for NVIDIA virtual GPUs. vGPU VMs can automatically set the correct device mode according to their vGPU type.
- Zero-copy support for vGPUs to enhance vSphere vMotion and vSphere DRS tasks: vSphere 8.0 Update 3 adds zero-copy support for vGPUs to enhance vSphere vMotion and vSphere DRS tasks by utilizing throughput of up to 100 Gbps.
- Support for heterogeneous vGPU profiles on physical GPUs: Starting with vSphere 8.0 Update 3, you can set vGPU profiles with different types or sizes on a single physical GPU to achieve greater flexibility with vGPU workloads and better utilization of GPU devices. For more information, see Configuring vGPU Size.
- vSphere Lifecycle Management
- Support for parallel hardware and firmware upgrade with vSphere Lifecycle Manager: With vCenter Server 8.0 Update 3, you can run parallel hardware and firmware remediation by using an integration between the vSphere Lifecycle Manager and the Hardware Support Manager.
- VMware Photon™ 5.0 support for Update Manager Download Service (UMDS): vSphere 8.0 Update 3 adds VMware Photon™ 5.0 to the supported Linux-based operating systems for installing UMDS. For more information, see Installing UMDS.
- Additional lifecycle management capabilities for standalone ESXi hosts: Starting with vSphere 8.0 Update 3, you can add a standalone host to a data center or folder by importing an image from another ESXi host in the vCenter Server inventory or by using the current image on the host. For more information, see Managing Standalone ESXi Hosts with vSphere Lifecycle Manager Images. When you move a host out of a cluster that you manage with a vSphere Lifecycle Manager image to a data center or a folder, the host becomes standalone and can retain the image from the cluster. For more information, see Specifics of the Transitioning Workflow.
- Lifecycle management of standalone ESXi hosts with VMware NSX: Starting with vSphere 8.0 Update 3, NSX Manager and vSphere Lifecycle Manager work together to coordinate remediation of standalone ESXi hosts with VMware NSX. For more information, see Using vSphere Lifecycle Manager Images for Standalone Hosts with NSX 4.2 and later.
- Convert baseline-managed clusters to clusters managed by a single vSphere Lifecycle Manager image: Starting with vSphere 8.0 Update 3, to start managing a cluster with a single vSphere Lifecycle Manager image, you can use the image installed on one of the ESXi hosts inside the cluster managed with baselines. For more information, see Use an Image from a Host in the Cluster.
- Patch VMX-related security vulnerabilities without any disruption to your workloads: Starting with vSphere 8.0 Update 3, you can use the Live Patch capability to apply VMX-related security patches and bug fixes to ESXi hosts in a cluster managed with a vSphere Lifecycle Manager image. A pre-check prior to remediation lists all suitable hosts in a cluster. After you activate LivePatch in the remediation settings, qualified hosts in a cluster do not require maintenance mode, or reboot, or VM migration during the update procedure.
- Customize vSphere Lifecycle Manager desired state images: Starting with vSphere 8.0 Update 3, you can remove the Host Client and VMware Tools components from the base image, remove unnecessary drivers from vendor add-ons and components, and override existing drivers in a desired image. For more information, see Edit a vSphere Lifecycle Manager Image.
- Support for dual DPUs with vSphere Lifecycle Manager: Starting with vSphere 8.0 Update 3, you can install dual DPUs on ESXi hosts and use the vSphere Lifecycle Manager workflow to upgrade the dual DPU system.
- Extended support for vSphere Configuration Profiles (VCP): With vSphere 8.0 Update 3, you can use VCP with the following new capabilities:
- Support to baseline-managed clusters (formerly referred to as VUM clusters): Having an image-managed cluster is no longer a prerequisite for using VCP. You can use VCP to configure either baseline-managed clusters or image-managed clusters.
- Support for vSphere Distributed Switch (VDS): VCP is fully integrated with VDS and supports drift detection and remediation of VDS configurations at a cluster level.
- Firewall ruleset management: You can manage custom firewall rules at a cluster level by using VCP.
- ESXi Lockdown Mode: vSphere admins can use the VCP desired configuration document to enforce Lockdown Mode on all hosts in a cluster.
- Support for SNMP and PCI device configurations: You can manage SNMP and PCI devices at a cluster level by using VCP.
- vSphere Client and vCenter
- Warning on the maximum number of remote https connections for vCenter: Starting with vSphere 8.0 Update 3, to prevent a vCenter system to become unresponsive due to exceeding the limit of 2048 https connections, you will see HTTP error code 503 Service Unavailable and x-envoy-local-overloaded: true in the response headers.
- Merging the vSAN Management SDK with the Python SDK for the VMware vSphere API: Starting with vSphere 8.0 Update 3, the vSAN Management SDK for Python is integrated into the Python SDK for the VMware vSphere API (pyVmomi). From the Python Package Index (PyPI), you can download a single package to manage vSAN, vCenter, and ESXi. This integration streamlines the discovery and installation process and enables automated pipelines instead of the series of manual steps previously.
- vCenter Universally Unique Identifier (VC_UUID) field in the vSphere Client: With vSphere 8.0 Update 3, the property table under VMs > Virtual Machines in the vSphere Client includes a new column that contains the VC_UUID. This identifier is automatically assigned to every virtual machine within a vCenter instance. The VC_UUID field helps clarify the correlation between the VM’s UUID displayed on the switch’s fabric and the VM name in vCenter.
- Default HTTP response compression: vSphere 8.0 Update 3 adds support for HTTP response compression by default on the edge proxies of vCenter and ESXi hosts, management traffic between vCenter and ESXi hosts, and for outgoing HTTP requests on sidecar proxies. HTTP response compression reduces the HTTP traffic in a vCenter Server system, shrinks page load time and speeds up API operations. You can deactivate HTTP response compression if required, but the capability does not require any changes in your environment and is backward compatible.
- Remove restrictions on virtual machine operations from the vSphere Client: Starting with vCenter Server 8.0 Update 3, in the vSphere Client under Virtual Machine > Configure > Disabled Methods you can remove restrictions on virtual machine operations such as migration. For more information, see VMware knowledge base article 2044369.
- Unified Management and Automation API Sessions: Starting with vCenter 8.0 Update 3, you can combine vSphere Management API (VIM) and vSphere Automation API (vAPI) sessions, effectively unifying authentication across SOAP and REST vCenter endpoints. For more information see Unified Management and Automation Session.
- Migration of SPBM, SMS, EAM, and VLSM APIs to HTTP/JSON-based wire protocol: Starting with vCenter Server 8.0 Update 3, the following 4 SOAP/XML service interfaces migrate to a HTTP/JSON-based wire protocol, providing OpenAPI 3.0 specifications for each, and integration with the REST API documentation:
- The Storage Policy (SPBM) API, which simplifies the task of matching available storage to virtual machines.
- VMware vCenter Storage Monitoring Service (SMS), which facilitates access to all vCenter storage information associated with VMware vCenter servers.
- vSphere ESX Agent Manager API (EAM), which gives access to the objects that manage, monitor, and control lifecycle operations in vSphere.
- Virtual Storage Lifecycle Management (VSLM) API that you use to manage first class disks (FCD).
For vSphere Quick Boot support in ESXi 8.0 Update 3, see Understanding ESXi Quick Boot Compatibility.
- ESXi 8.0 Update 3 adds support for vSphere Quick Boot to Marvel OCTEON Fusion CNF105xx drivers.