Search
StarWind is a hyperconverged (HCI) vendor with focus on Enterprise ROBO, SMB & Edge
Find out how HCI cuts down virtualization costs and complexity

VMware vSphere 8.0 Update 3 – Technical Overview

  • October 13, 2024
  • 40 min read
Vitalii Feshchenko
Vitalii is a Post-Sales Support Engineer at StarWind about 2 years. Has a broad knowledge of storage, virtualization, backup, and infrastructure implementation. Ping pong as a hobby.
Vitalii is a Post-Sales Support Engineer at StarWind about 2 years. Has a broad knowledge of storage, virtualization, backup, and infrastructure implementation. Ping pong as a hobby.

Overview of vSphere 8.0 Update 3

VMware vSphere 8.0 Update 3 introduces a broad range of improvements across virtualization management, hardware support, and security. It is the first major vSphere 8 update since Update 2 (August 2023) and focuses on enhancing operational uptime, supporting next-generation hardware, and streamlining administrative workflows.

Notable updates include ESXi live patching to minimize host reboot downtime, expanded support for DPUs (Data Processing Units) and latest CPUs/GPUs, a rearchitected cluster service (vCLS) for improved resilience, faster VM disk provisioning, and advanced integration with Kubernetes for devops use cases.

Enhanced Lifecycle Management and Upgrade Process

vSphere 8.0 U3 delivers significant improvements in lifecycle management, reducing downtime for patching and upgrades:

  • ESXi Live Patch: Administrators can now apply certain ESXi patches without requiring host reboots or VM migrations. Critical fixes to the VM execution layer (VMX) can be installed while VMs remain running. The host enters a new Partial Maintenance Mode, where existing VMs continue to run but no new VMs can be started or moved to the host. During patching, running VMs perform a fast suspend-and-resume (FSR) operation to pick up the patched code, a process that is typically non-disruptive. This dramatically reduces maintenance windows for important updates.
    (Note: Certain workloads like Fault Tolerance or DirectPath I/O VMs are not eligible for live patching and must still be manually migrated or briefly powered off).
    The vSphere Client visibly indicates when a host is in Partial Maintenance Mode for live patching​, helping administrators easily identify hosts being patched in-place.
  • vCenter “Reduced Downtime” Upgrades: Update 3 introduces a streamlined vCenter Server update method that minimizes downtime. Instead of in-place upgrade, a new vCenter appliance is deployed and the data is copied over while the original vCenter remains online. This results in only a few minutes of actual downtime during the switchover to the new version (often under 5 minutes). Crucially, vCenter upgrades now support all deployment topologies in this mode – whether the vCenter is self-managed or external, in Enhanced Linked Mode, or even in a vCenter High Availability cluster​.
    For vCenter HA configurations, the HA pairing is automatically taken down at the start of the update and re-established after the update completes​. Update 3 also adds a new Automatic Switchover option during the upgrade process: administrators can let the system automatically execute the final cutover to the new vCenter once data sync is done, rather than manually triggering it. This reduced-downtime upgrade approach greatly simplifies vCenter maintenance by keeping services online until the last moment.
  • vSphere Lifecycle Manager (vLCM) Improvements: vSphere 8.0 U3 further refines lifecycle management of ESXi hosts and clusters. Cluster Image customization is more flexible – administrators can now remove certain optional components (like the ESXi embedded host client UI or VMware Tools) from a base image, or override vendor-recommended components/drivers if needed​. This allows creating lean ESXi images (for example, omitting non-essential packages) to suit edge deployments or to maintain specific driver versions for stability. Additionally, vSphere Configuration Profiles (the updated Host Profiles mechanism for consistency) now support environments using legacy update baselines. In other words, clusters that still use traditional Update Manager baselines (instead of image management) can still be managed with configuration profiles in vSphere 8.0 U3. This backward compatibility eases the transition to image-based lifecycle management by bringing baseline-managed clusters under the new config management framework.

Hardware Support and Performance Enhancements

Update 3 brings expanded hardware support and performance improvements, ensuring vSphere can fully leverage contemporary server technologies:

  • Dual DPU Support: vSphere 8.0 U3 introduces support for up to two Data Processing Units (DPUs) per ESXi host as part of the vSphere Distributed Services Engine. This enables new configurations for offloading network and security functions to DPUs. Dual DPUs can be configured in an Active/Standby pair for high availability (one DPU takes over if the other fails or an uplink is lost), or as Dual Independent DPUs to double the offload capacity per host. In the independent mode, each DPU attaches to its own vSphere Distributed Switch, increasing throughput without failover between DPUs​. The vCenter Server UI and workflows have been updated to manage DPUs seamlessly – for example, vSphere Lifecycle Manager can now remediate (update) both DPUs in lockstep with the host during patching. The vSphere Client also displays DPU-specific compliance and status, helping administrators monitor DPU firmware/ESXi versions (see image: a host showing a DPU component out of compliance)​. Overall, dual DPU support improves network acceleration, security isolation, and resilience for environments leveraging modern SmartNICs.
  • Latest CPU Architecture Support: vSphere 8.0 U3 is optimized for new server CPU generations. It adds official support for AMD “Genoa” EPYC 4 and Intel “Sapphire Rapids” Xeon CPUs, including enabling kernel-level hot-add/hot-remove for these processors​. This means vSphere can better handle dynamic CPU provisioning on platforms that support CPU hot-plug, without requiring reboots, on newer AMD and Intel architectures. Additionally, U3 introduces support for Intel Xeon CPU Max Series processors (Sapphire Rapids with High Bandwidth Memory)​. These CPUs have up to 64 GB of HBM onboard, which vSphere can now take advantage of to boost memory-intensive workloads. The integrated HBM on Intel Xeon Max is particularly beneficial for HPC, AI/ML, and other applications that demand extremely high memory bandwidth​. Administrators planning to deploy these new CPUs can be confident that vSphere 8.0 U3 will recognize and optimize for their advanced features.
  • CPU C-State Virtualization for Telco Workloads: In Update 3, vSphere allows the exposure of physical CPU power-saving states (C-states) to virtual machines, aimed at telco and edge use cases such as vRAN (virtual radio access networks). This feature lets specially configured VMs actively manage the C-state of the underlying host CPU cores that they are bound to. For example, when a vRAN workload is idle, it can request its physical core to enter a deep C-state (low-power mode), and later return to full power when needed​. By virtualizing CPU C-states, vSphere enables fine-grained power management from within the guest, improving energy efficiency for telecom infrastructure running on VMware. (This capability requires newer CPU models – Intel Cascade Lake or later – and guest OS support for the intel_idle driver to function properly​.)
  • GPU Virtualization Enhancements: vSphere 8.0 U3 expands support for heterogeneous GPU use and monitoring in virtual environments. Previously, all VMs on a given host with NVIDIA virtual GPUs (vGPU) had to use an identical profile (same GPU memory size and feature set). Now, with Update 3, a single physical GPU can be shared by VMs with different vGPU profile types and memory sizes, as long as the GPU hardware supports partitioning for mixed profiles​. This flexible vGPU profile support allows better utilization of high-end GPUs by running diverse workloads (with varying GPU memory requirements) on the same card. Additionally, the GPU Media Engine (NVENC/NVDEC) on NVIDIA GPUs – used for video encode/decode acceleration – can now be assigned to a vGPU profile in vSphere 8.0 U3​. In previous releases, the media engine could only be leveraged if a VM had the entire physical GPU; now smaller virtual GPU slices (MIG instances) can access the media engine for tasks like video transcoding, although only one VM’s vGPU can use the media engine at a time per physical GPU​.
  • GPU Monitoring and DRS Integration: To assist with management of GPU-enabled clusters, the vSphere Client in 8.0 U3 adds new cluster-level GPU monitoring. Administrators can see at a glance the aggregate GPU usage (compute and memory) across the cluster in the vCenter UI’s summary dashboards​. Historical and real-time charts show GPU resource utilization, similar to how CPU and memory are tracked, aiding in capacity planning for GPU workloads. Furthermore, VMware has integrated vSphere DRS (Distributed Resource Scheduler) with GPU-based VMs more tightly. In U3, cluster DRS settings include options to allow automated vMotion of vGPU VMs by specifying a maximum “stun time” – essentially pausing the VM briefly during vMotion to disconnect and reconnect its virtual GPU​. By configuring an acceptable stun duration, admins can let DRS move vGPU-powered VMs for load balancing or maintenance, which was historically challenging. This improvement streamlines operations like patching GPU hosts, as vSphere can evacuate GPU VMs safely within defined delay limits​.
  • Increased Scalability Limits: vSphere 8.0 Update 3 raises some configuration maximums to accommodate larger deployments. Notably, the supported number of virtual machines per cluster has been increased from 8,000 to 10,000 VMs per cluster, allowing more consolidation in a single vCenter cluster domain​. Likewise, the maximum count of DirectPath I/O (passthrough) devices per host (e.g. SR-IOV NICs or GPU passthrough devices) is expanded from 8 to 32 devices per ESXi host​. These higher limits give architects more headroom when designing very large or hardware-intensive vSphere environments.

Cluster Services and Availability Enhancements

vSphere 8.0 U3 includes improvements to core cluster services (like DRS/HA mechanisms) and VM availability features:

  • Embedded vSphere Cluster Service (vCLS): One of the notable architectural changes in Update 3 is the redesign of the vSphere Cluster Service, which provides small agent VMs to enable cluster functionalities such as DRS and HA. In earlier versions, each cluster would automatically deploy up to three lightweight vCLS VMs stored on datastores. With 8.0 U3, vCLS is now embedded directly into the ESXi hosts’ runtime, eliminating the need for persisting vCLS VMs on disk​. The embedded vCLS instances run entirely in host memory and have no storage footprint, which removes previous issues related to vCLS VM placement or datastore clutter​. Furthermore, the number of cluster service VMs needed is reduced – a cluster with two or more hosts now uses only two vCLS agent VMs (down from up to 3), and a single-host cluster uses one​. These VMs are spun up by ESXi itself and are managed by vCenter transparently (no manual deployment or OVA templates required, and the old ESX Agent Manager process is not involved). Administrators can identify if a cluster is using Embedded vCLS via the Cluster Services summary in vCenter (it will show Cluster Service type: Embedded vCLS instead of the legacy type). Embedded vCLS improves overall resilience by simplifying cluster service management – if a host running an embedded agent goes into maintenance or fails, the necessary cluster service VM will automatically respawn on another available host. This change also slightly reduces resource overhead, as each vCLS agent VM now consumes only memory (around 100 MB each) and no storage. It’s important to note that embedded vCLS is enabled once any host in the cluster is upgraded to ESXi 8.0 U3, but mixed clusters will still operate; VMware recommends upgrading vCenter to 8.0 U3 first, then hosts, to fully benefit from this feature​.
  • Best-Effort VM Evacuation Policy: A new Virtual Machine Compute Policy is introduced to handle host Maintenance Mode in cases where some VMs cannot be live-migrated off. In prior versions, if a VM could not be migrated during maintenance mode (e.g. no compatible target or a VM stuck), the host entering maintenance would stall or the VM would have to be powered off. The new best-effort evacuation policy provides an automated way to handle this. With this policy, when a host is placed into maintenance mode, vCenter will try to gracefully shut down VMs on that host; if a VM fails to shut down in a timely manner, it will be power-off forced​. Then, while the host is in maintenance, vCenter periodically attempts to power those VMs back on elsewhere in the cluster as resources allow​starwindsoftware.com. Essentially, it ensures that any VMs that had to be powered off are automatically restarted on other hosts when possible, rather than leaving them down until manual intervention. This “best-effort” approach improves availability during maintenance operations by reducing downtime for VMs that could not vMotion. Administrators can enable this policy via compute policies to enhance cluster maintenance behavior.
  • vSphere Fault Tolerance for Stretched Clusters: vSphere FT (Fault Tolerance) now supports a metro-distance cluster scenario in 8.0 U3. Previously, FT was only supported within a single site (cluster). Now, users can configure an FT-protected VM with its primary and secondary copies running on hosts in different sites of a stretched cluster (assuming a high-bandwidth, low-latency link between sites). A new option “Enable Metro Cluster FT” appears when configuring Fault Tolerance on a VM. If enabled, vCenter will place the FT primary VM on one site (one host group) and the secondary on a host in the opposite site. In the event of a host failure, FT works as usual (secondary takes over immediately and a new secondary is spawned on a host in the same site as the failed primary to maintain two copies). If an entire site fails, the VM continues running on the surviving site without FT (until the second site recovers)​. This enhancement allows using vSphere FT for VMs that require zero downtime and geographic redundancy, providing an extra layer of availability for critical workloads across datacenters. Administrators should ensure the network meets the strict latency requirements and understand that inter-site FT will behave as described (no continuous FT if one site is down).

Storage and Network Enhancements

vSphere 8.0 Update 3 also introduces improvements in storage operations and SAN/NVMe integrations:

  • Faster VMFS Disk Conversion (Thin to Thick): A new VMFS API in Update 3 allows administrators to inflate a thin-provisioned VMDK to thick (eager-zeroed) while the VM is running on it, with dramatically improved speed​. Converting a thin disk to eager-zeroed thick can now be up to 10× faster than the previous method (which required fully writing zeroes to all blocks)​. This improvement benefits scenarios where an admin needs to pre-allocate a VM’s storage for performance or VVol migration reasons – the inflation can be done online with minimal performance impact. The faster mechanism applies to standard VMFS datastores and supports thickening virtual disks (thin -> EZT) as well as lazy-zeroed to eager-zeroed conversion, including First Class Disks (improved vVol support). This significantly reduces the time large disks spend in conversion, helping in storage management tasks and reducing VM downtime for those conversions to essentially zero.
  • Fabric Performance Degradation Notifications (FPIN): vSphere 8.0 U3 adds support for FC Fabric Performance Impact Notification in the storage stack. FPIN is an industry-standard mechanism where Fibre Channel switches or storage targets send notifications about degraded links or other issues in the SAN fabric. With this update, ESXi hosts can receive and react to these notifications. In practice, if a SAN path becomes problematic (e.g. high error rates or partial outage), the ESXi multipathing can learn of it via FPIN and proactively avoid using the bad path, rather than waiting for a path failure. This makes SAN environments more resilient and can improve performance by routing I/O through healthy paths when an issue is reported. FPIN support requires compatible FC infrastructure (switch firmware that generates FPIN messages and storage that flags issues), but it aligns vSphere with modern SAN standards for better reliability.
  • vVols Stretched Cluster Support: VMware Virtual Volumes (vVols) get an upgrade in Update 3 with initial support for active-active stretched storage configurations. This means a storage array with multi-site replication can present a vVol datastore across two sites in an active/active manner, and vSphere will support provisioning and failing over vVols across those sites​. In this initial release, the support is focused on uniform host access configurations (each host sees both sides) with an active-active storage backend. For instance, a VM’s vVols could be accessible on two arrays (or two halves of one array) in lockstep, enabling site-failover without data loss​. One current limitation is that vCenter Server HA is not supported with vVols stretched clusters yet (planned for future enhancement). Nonetheless, this feature opens the door for enterprise customers to run mission-critical VMs on vVols with full stretch cluster capabilities, similar to what was possible with vSAN or array-based metro clusters.
  • Automated UNMAP for NVMe vVols: Space reclamation in vVols is improved in 8.0 U3. VMware has added both a manual CLI method and an automatic UNMAP mechanism for NVMe-backed vVol datastores​. UNMAP is the SCSI (or NVMe) command to tell the storage array that blocks are no longer in use (thin provisioning reclamation). With this update, when VMs delete or zero out data on vVols that reside on NVMe-oF storage, vSphere can issue UNMAP commands to reclaim space without requiring admin scripts. Additionally, to avoid overloading an array with too many simultaneous trim requests, vSphere now allows configuring a limit on how many hosts can send UNMAP to a datastore at once (a new reclaim-maxhosts parameter, adjustable from 1 to 128 hosts)​. This throttling setting helps in large clusters to stagger UNMAP traffic. The result is more efficient storage utilization on modern flash storage arrays using NVMe protocols, maintaining thin provisioning automatically in the background.
  • vVols Support for SCSI-3 Reservations over NVMeoF: Another enhancement for vVols in U3 is support for SCSI-3 Persistent Reservations on NVMe-over-Fabrics vVols​. This capability is crucial for enabling shared-disk clustering (like Windows Failover Clusters using shared VMDKs) on vVol storage. Previously, such clusters often required RDMs or physical disks to handle SCSI reservations. Now, vVols presented via NVMe can support persistent reservations, meaning a Windows Server Failover Cluster can use a shared vVol disk for the quorum or data and have the necessary SCSI reservation semantics for coordination​. This eliminates the need for older constructs like RDMs, simplifying configurations for applications like SQL Server FCIs or other clustered applications when using vVol storage.

(Networking Note: Besides DPU enhancements and FPIN above, it’s worth noting vSphere 8.0 U3 also updates several network drivers (enhancing support for newer NICs) and continues to support the latest VMware NSX integration. However, those are minor updates beyond the scope of this overview.)

Security and Identity Features

vSphere 8.0 Update 3 includes updates to authentication and security configurations, helping enterprises meet compliance requirements:

  • Identity Federation – PingFederate Support: vSphere’s Identity Federation feature (introduced in vSphere 7 to allow vCenter login via external Identity Providers using SAML/OIDC) is enhanced in Update 3 to support multiple Identity Providers, including PingFederate​. PingFederate is a common enterprise IdP, and with vSphere 8.0 U3, admins can integrate vCenter Server with PingFederate for federated SSO, MFA, and other advanced auth flows. In fact, vCenter can now be configured with more than one federated IdP at the same time (for example, one on-prem IdP and one cloud SSO service), providing flexibility in how administrators and users authenticate. This allows organizations to enforce modern authentication (like MFA policies) for vCenter access using their existing identity management tools. The addition of PingFederate support is a step towards broader IdP compatibility in vSphere.
  • TLS Configuration Management: vSphere 8.0 U3 makes it easier to keep ESXi hosts in compliance with security standards by letting admins quickly apply predefined TLS cipher suite profiles. In prior versions, tweaking TLS settings on hosts required manual configuration. Now, vCenter offers a selection of modern TLS cipher profiles that can be applied cluster-wide, aligning ESXi’s accepted cipher suites with corporate security guidelines​. For example, an administrator can choose to disallow older TLS 1.0/1.1 protocols or weak ciphers easily through the UI or API. When a new cipher profile is applied, ESXi will require a reboot for it to take effect​, as it adjusts low-level services. This feature simplifies the process of hardening vSphere’s encryption in line with standards like NIST guidelines or PCI compliance, ensuring only strong encryption algorithms are used for vSphere management interfaces.

(Additional security notes: vSphere 8.0 U3 also includes numerous security patches (for vCenter’s underlying Photon OS and third-party libraries) and continues to enforce secure boot and TPM 2.0 requirements introduced in vSphere 8. Administrators should review the release notes for any specific vulnerability fixes included in this update.)

Kubernetes and Developer Services Integration

Because modern data centers often run containerized workloads alongside VMs, vSphere 8.0 U3 brings improvements to its integrated Kubernetes capabilities (vSphere with Tanzu):

  • vSphere IaaS Control Plane Enhancements: In vSphere 8 U3, VMware introduced a new vSphere IaaS control plane for self-service provisioning, which builds on the vSphere with Tanzu architecture. There is now a “Local Consumption Interface” in vCenter – essentially a developer-friendly portal where users (with appropriate permissions) can directly provision VMs, storage, and Kubernetes clusters as a service. This interface exposes services like VM Service and Storage Service, as well as the Kubernetes cluster service, in a more streamlined way. It empowers development teams to deploy their own VMs or K8s clusters on-demand via the vCenter UI or API, without needing deep vSphere expertise, while administrators maintain governance. This is part of VMware’s effort to make vSphere a multi-tenant cloud platform for VMs and containers.
  • Decoupled Tanzu Kubernetes Grid (TKG) Updates: A major change in vSphere 8.0 U3 is the decoupling of the embedded Tanzu Kubernetes Grid Service from the vCenter release cycle. VMware now offers an Independent TKG Service that can be updated asynchronously, aligning with upstream Kubernetes versions. In practical terms, this means the Kubernetes versions and features available to run guest clusters on vSphere can be updated more frequently, without waiting for a full vSphere update. For example, if a new Kubernetes version is released, VMware can provide a TKG update that customers can apply to get that version supported on their vSphere 8 U3 environment, even if vCenter stays at U3. This decoupling provides flexibility and ensures the Supervisor Cluster (the Kubernetes control plane inside vSphere) stays current with features, security patches, and bug fixes from the K8s community​. It gives vSphere administrators and DevOps teams more agility in maintaining Kubernetes clusters on vSphere, aligning with cloud-native release cadence.
  • Kubernetes Cluster Autoscaling: To further enhance the developer experience, vSphere 8.0 U3 adds support for workload cluster autoscaling in vSphere with Tanzu environments. Kubernetes clusters created through the TKG Service can now be set to automatically scale in response to resource demand: scaling down underutilized worker nodes when workloads are light, and scaling up (adding nodes) when demand increases​. This autoscaling is managed by the Kubernetes Cluster API provider in vSphere and helps right-size resources for container workloads dynamically. It enables more efficient use of infrastructure – developers get elasticity for their clusters without manual intervention, similar to how cloud Kubernetes services work. Autoscaling policies can be configured to control the min/max number of nodes and scaling sensitivities.
  • Tanzu on Stretched Clusters: vSphere 8 U3 now supports deploying the Kubernetes Supervisor Cluster (vSphere Namespaces control plane) on a vSAN stretched cluster configuration​. This enhancement provides higher availability for the supervisor control plane across sites, improving resilience for running workloads in a stretched deployment. (While the Supervisor control plane can be stretched, VMware’s guidance is to keep the control plane VMs together to maintain an odd quorum and avoid split-brain, placing worker nodes across sites for resilience​.) In essence, vSphere with Tanzu can now be used in active-active datacenter scenarios, which is valuable for enterprises that require geographic redundancy for both VMs and Kubernetes clusters.

Conclusion

VMware vSphere 8.0 Update 3 delivers a comprehensive set of upgrades that are squarely aimed at making the platform more robust, efficient, and ready for future workloads. By introducing live patching and near-zero-downtime updates, it tackles the challenge of maintaining infrastructure without interrupting services. Improvements in hardware support (from dual DPUs to next-gen CPUs/GPUs) ensure that vSphere remains the optimal platform to run the latest servers and accelerators at full potential. Core platform changes like the embedded cluster service and faster disk operations simplify management and improve performance for administrators. Enhanced integration with modern storage, security (federated identity, TLS), and Kubernetes means vSphere 8.0 U3 is well-equipped for both traditional enterprise applications and cloud-native workloads. All of these features are implemented in an objective, practical manner – providing tangible value such as reduced downtime, higher resource utilization, and easier operations for IT infrastructure engineers planning their vSphere environments in 2024 and beyond.

Related articles
How to upgrade older versions of vSphere to the latest vSphere 8.0 the right way
A Closer Look at VMware vSphere Live Patch Feature in Version 8 Update 3 
Tags
Hey! Found Vitalii’s insights useful? Looking for a cost-effective, high-performance, and easy-to-use hyperconverged platform?
Taras Shved
Taras Shved StarWind HCI Appliance Product Manager
Look no further! StarWind HCI Appliance (HCA) is a plug-and-play solution that combines compute, storage, networking, and virtualization software into a single easy-to-use hyperconverged platform. It's designed to significantly trim your IT costs and save valuable time. Interested in learning more? Book your StarWind HCA demo now to see it in action!