Each major version of VMware vSphere also brings a new virtual machine (VM) compatibility level and as such, a new virtual hardware version. In this post, I will cover VM hardware version 14 (vmx-14).

VM compatibility basically consists of determining the match between the VM's virtual hardware and the host's physical hardware.

Note: You need to update the VMware Tools to the latest version before upgrading the VM's virtual hardware because the VMware Tools contain the drivers for the new virtual hardware.

You can create a new VM perfectly with virtual hardware of a lower version than the current one. You might have different versions of ESXi (like 6.0 or 6.5), and you might be willing to run a VM on these hosts one day.

The problem is that if you create a VM on a VMware product that supports a given virtual hardware version and then migrate it to a VMware product that does not support this level of virtual hardware, it will not power on.

Here is an overview of different ESXi versions and virtual hardware versions (not an exhaustive list of features present).

Supported features for VMware virtual hardware compatibility

Supported features for VMware virtual hardware compatibility

VMware recommends upgrading VM virtual hardware only if you really need the latest features introduced in a particular version of the VMware Tools.

Here's how it works:

  • Hardware version 14 is compatible with ESXi 6.7 (and 6.7 U1)
  • Hardware version 13 is compatible with ESXi 6.5 and ESXi 6.7
  • (and so on…)

To see a particular VM's hardware version, just select the VM and go to Summary. You'll see VM Version 14 as on the image below from our test system running ESXi 6.7 U1.

VM hardware version

VM hardware version

To upgrade virtual hardware:

Select your VM and go to Actions > All vCenter Actions > Compatibility > Upgrade VM compatibility.

You can schedule the upgrade if, for example, you want to do this after working hours:

Select your VM and go to Actions > All vCenter Actions > Compatibility > Schedule VM compatibility upgrade.

Key new features in vmx-14 ^

Virtualization-based security (VBS): Microsoft VBS is a feature of Windows 10 and Windows Server 2016. It uses hardware and software virtualization to improve system security by creating an isolated, hypervisor-restricted, specialized subsystem.

Why is VBS important? Even if malware gets access to the OS kernel, it's possible to limit exploits because the hypervisor can prevent the malware from executing code or accessing platform secrets.

VBS uses the underlying hypervisor of the guest OS to create this virtual secure mode and to enforce restrictions that protect vital system and OS resources.

Microsoft uses the hypervisor as a restricted memory space, and if you have some sensitive information like credentials, it can store those instead of on the OS itself.

With the increased protections VBS offers, if you have a VM with VBS configured, it will use the Windows hypervisor, which will load before the guest OS.

Windows with VBS on VMware vSphere

Windows with VBS on VMware vSphere

Requirements:

  • vCenter Server 6.7
  • VM encryption configured in vSphere
  • Key management server (KMS) configured for vSphere
  • EFI firmware configured on the VM
  • Window 10 or Windows Server 2016 VMs (note: the upcoming release will have support for the recently released Windows Server 2019)

Note: Newly created VMs configured for Windows 10 and Windows Server 2016 on hardware versions lower than version 14 use Legacy BIOS by default. If you change the VM's firmware type from Legacy BIOS to UEFI, you must reinstall the guest OS.

Virtual Trusted Platform Module (vTPM): A virtualized infrastructure has to implement the TPM in software compared to hardware TPM systems embedded into a host's actual hardware.

As such, a vTPM 2.0 is very similar to a physical TPM. The only difference is that it handles the cryptographic operations in software. Instead of storing secrets in a hardware component, it stores them in an ".nvram" file in the VM's home folder and encrypts this file. (This is why configuring VM encryption is necessary.)

The steps: Connect to vCenter Server using the vSphere Client. Right-click the VM in the inventory you want to modify and select Edit Settings.

In the Edit Settings dialog box, click Add New Device and select Trusted Platform Module.

Add a vTPM to the VM

Add a vTPM to the VM

Non-volatile dual in-line memory module (NVDIMM) and NVDIMM controller: VMware's vmx-14 added a new high-speed storage device that appears in the server's ecosystem. These devices are NVDIMM devices.

VMware takes advantage of these devices and introduced a feature called persistent memory in vSphere 6.7. VMs configured with vmx-14 can have 1 NVDIMM controller and a maximum of 64 NVDIMM devices.

The steps: Connect to vCenter Server using the vSphere Client. Right-click the VM in the inventory you want to modify and select Edit Settings.

In the Edit Settings dialog box, click Add New Device and select NVMe Controller.

Add a vTPM to the VM

Add a vTPM to the VM

Other vmx-14 features:

Final words ^

As usual, as with every major release of VMware vSphere, there's a new virtual hardware version. We already know virtual hardware 15 is next because it's already present in VMware Workstation. VMware uses this desktop virtualization software mostly for testing new virtual hardware versions ahead of time.

But as said, VMware does recommend upgrading to the latest virtual hardware version only if you really need to take advantage of a particular feature or a particular enhancement. This is because upgrading a VM's virtual hardware is like a changing a server motherboard. It works well in 99.99% of cases, but one never knows.

avataravatar
2 Comments
  1. Tom 3 years ago

    I completely disagree with your statement to only upgrade the compatibility if needed and I've never heard that recommendation from VMware.  More often than not, compatibility issues will arise with backup software, VM settings reliability, and sometimes VM performance if you don't keep your hardware compatibility at least within one or two revisions of the latest level supported by the hypervisor.

    Keeping the hypervisor updated is another thankless but necessary task.  Having a mixed vSphere data center is not ideal.  It will end up biting you as an admin if you aren't maintaining current software.

    • Author
      Vladan Seget 3 years ago

      Most backup vendors support backing up VMs with VM hardware 7 (vmx-7) when introduction of CBT (changed block tracking). 

      Remember, virtual machine compatibility setting determines the virtual hardware available to the virtual machine, which corresponds to the physical hardware available on the host. Consider older hosts which can't be upgraded because old host hardware, you've got another reason not to.

       

       

Leave a reply

Your email address will not be published.

*

© 4sysops 2006 - 2022

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account