vCloud Director 9.5

What’s in the Release Notes

The release notes cover the following topics:

What’s New in this Release

For information on the new and updated features of this release, see the VMware Technical White Paper What’s New with VMware vCloud Director 9.5.

System Requirements and Installation

Compatibility Matrix

See the VMware Product Interoperability Matrixes for current information about:

  • vCloud Director interoperability with other VMware platforms
  • Supported vCloud Director databases
  • Upgrade paths

Supported vCloud Director Server Operating Systems

  • CentOS 6
  • CentOS 7
  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 7

Supported AMQP Servers

vCloud Director uses AMQP to provide the message bus used by extension services, object extensions, and notifications. This release of vCloud Director requires RabbitMQ version 3.6.

For more information, see the vCloud Director Installation and Upgrade Guide.

Supported Databases for Storing Historic Metric Data

You can configure your vCloud Director installation to store metrics that vCloud Director collects about virtual machine performance and resource consumption. Data for historic metrics is stored in a Cassandra database. vCloud Director supports Cassandra versions 3.x.

For more information, see the vCloud Director Installation and Upgrade Guide.

Disk Space Requirements

Each vCloud Director server requires approximately 2100MB of free space for the installation and log files.

Memory Requirements

Each vCloud Director server must be provisioned with at least 6GB of memory.

CPU Requirements

vCloud Director is a CPU-bound application. CPU overcommitment guidelines for the appropriate version of vSphere should be followed. In virtualized environments, regardless of number of cores available to vCloud Director, there must be a sensible vCPU to physical CPU ratio, one that doesn’t result in extreme overcommitting.

Required Linux Software Packages

Each vCloud Director server must include installations of several common Linux software packages. These packages are typically installed by default with the operating system software. If any are missing, the installer fails with a diagnostic message.

alsa-lib    
bash
chkconfig
coreutils
findutils
glibc
grep
initscripts
krb5-libs
libgcc
libICE
libSM
libstdc++
libX11
libXau
libXdmcp
libXext
libXi
libXt
libXtst
module-init-tools
net-tools
pciutils
procps
redhat-lsb
sed
tar
wget
which

In addition to these packages, which the installer requires, several procedures for configuring network connections and creating SSL certificates require the use of the Linux nslookup command, which is available in the Linux bind-utils package.

Supported LDAP Servers

vCloud Director allows you to import users and groups from the following LDAP services.

Platform LDAP Service Authentication Methods
Windows Server 2008 Active Directory Simple
Windows Server 2012 Active Directory Simple, Simple SSL, Kerberos, Kerberos SSL
Windows Server 2016 Active Directory Simple, Simple SSL
Windows 7 (2008 R2) Active Directory Simple, Simple SSL, Kerberos, Kerberos SSL
Linux OpenLDAP Simple, Simple SSL

Supported Security Protocols and Cipher Suites

vCloud Director requires client connections to be secure. SSL version 3 and TLS version 1.0 have been found to have serious security vulnerabilities and are no longer included in the default set of protocols that the server offers to use when making a client connection. The following security protocols are supported:

  • TLS version 1.1
  • TLS version 1.2

Supported cipher suites include:

  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA

Note: Interoperation with releases of vCenter earlier than 5.5-update-3e and versions of ovftool earlier than 4.2 require vCloud Director to support TLS version 1.0. You can use the cell management tool to reconfigure the set of supported SSL protocols or ciphers. See the Cell Management Tool Reference in the vCloud Director Administrator’s Guide.

Supported Browsers

The vCloud Director is compatible with the current and last major revision of browsers. Version 9.5 of vCloud Director was tested with and supports:

  • Google Chrome 69
  • Mozilla Firefox 58 ESR for the vCloud Director Web Console
  • Mozilla Firefox 60.2 ESR for the vCloud Director Service Provider Admin Portal and vCloud Director Tenant Portal
  • Microsoft Edge 42
  • Microsoft Internet Explorer 11

Note: Flash must be enabled in the browser to access the vCloud Director Web Console.

Note: Use of Microsoft Edge is not supported with vCloud Director installations that use self-signed certificates. Edge also does not support plugins, so functions such as console redirection and OVF upload do not work with Edge.

Supported Guest Operating Systems and Virtual Hardware Versions

vCloud Director supports all guest operating systems and virtual hardware versions supported by the ESXi hosts that back each resource pool.

Deprecated and Discontinued Functionality

End of Life and End of Support Warnings

  • End of Support for Oracle Database
  • End of Support for vCloud Network Isolation (VCDNI)
  • End of Support for Older vCloud API Versions
    • vCloud Director 9.5 no longer supports vCloud API version 19.0 and earlier. These API versions were deprecated in a previous release.
    • vCloud Director 9.5 is the last release of vCloud Director to support vCloud API versions 20.0 to 26.0. Those API versions are deprecated in this release and will not be supported in future releases.
  • Upcoming End of Support Notice
    • vCloud Director 9.5 is the last release to support the creation edge devices in the non-advanced mode.
      • Only edge devices that have been created/converted to advanced are supported by the HTML interfaces.
    • vCloud Director 9.5 is the last release to support MS SQL as the vCloud Director Database. Going forward only PostgreSQL database will be supported.
    • vCloud API 31.0 (vCloud Director 9.5) contains APIs that are under accelerated deprecation and will be removed in future releases. See About API Programming Guide for Service Providers.

Resolved Issues

  • Cannot create or convert an organization virtual data center network as a subinterface if the VXLAN network pool for the virtual data center is backed by multiple Distributed Virtual SwitchesA VXLAN network pool represents an NSX Transport Zone and has a set of clusters that can span multiple Distributed Virtual Switches. In versions earlier than 9.5, you cannot create or convert an organization VDC network as a subinterface if the VXLAN network pool spanned multiple Distributed Virtual Switches. In vCloud Director 9.5, a synchronization of the VXLAN network pool aligns the VXLAN network pool in vCloud Director with the Transport Zone in NSX so that you can create or convert organization VDC Networks to subinterfaces.
  • Adding or removing a resource pool from a  provider virtual data center does not update properly the corresponding NSX Transport Zone and does not synchronize the networks appropriatelyIn versions earlier than 9.5, adding a resource pool to a provider VDC does not properly expand the Transport Zone in NSX causing issues as vCloud Director and NSX become out of synchronization. In vCloud Director 9.5, the behavior is the following:
    • Expanding a provider VDC expands the NSX Transport Zone in NSX if needed.
    • Shrinking a provider VDC leaves the NSX Transport Zone unchanged. To synchronize vCloud Director and its networks with NSX, you can remove the clusters in NSX and then perform a synchronization of the VXLAN network pool in vCloud Director.

    If you change a transport zone in NSX by adding or removing clusters, to synchronize vCloud Director and its networks with NSX, you must synchronize the VXLAN network pool in vCloud Director.

Known Issues

  • Creating an NSX-T backed provider VDC, creates an unused VXLAN network poolDuring the creation of an NSX-T backed provider VDC, a VXLAN network pool for that provider VDC is unnecessarily created even though network pools cannot be used by NSX-T provider VDCs or organization VDCs.

    Workaround: Ignore these VXLAN network pools. The functions of the NSX-T backed provider VDC and organization VDC are unaffected.

  • You can create an unsupported routed or isolated vApp network in a vApp that is part of an NSX-T backed organization VDC, which results in preventing the vApp from powering onNSX-T organization VDCs can have only imported organization VDC networks that are backed by NSX-T logical switches. Therefore, routed or isolated vApp networks are unsupported for vApps that are part of an NSX-T backed organization VDC, but the UI allows you to add such vApp networks.

    If you create an unsupported routed or isolated vApp network, the vApp fails to power on.

    Workaround: Delete any non-direct vApp networks from the vApp. Use only NSX-T imported organization VDC networks and add those networks to the vApp as direct vApp networks.

  • Unable to delete data center groups if the creation of the group is not successfulIf the creation of a data center group fails, you cannot delete this data center group by using the vCloud Director Tenant Portal.

    Workaround: To delete a data center group that failed to create, use the vCloud OpenAPI.

  • The network topology diagram of a data center group does not render entities that failed to create or deleteWhen the creation of an egress point fails, even if the egress point exists in an unrealized state, it does not appear in the UI. When the egress point is replaced, even if the old egress point fails to delete, only the new egress point appears in the UI. The UI always shows the current state of the routes.

    Workaround: To delete an unrealized egress point, you must add, remove, or replace the edge gateway of the egress point, or use the vCloud OpenAPI.

  • OVF upload with OVF Tool fails to send HTTP dataWith OVF Tool 4.3.0 or earlier, an OVF upload might fail with the message Error: Failed to send http data.

    Workaround: Use the --X:skipContentLength option in the command line. This issue is fixed in OVF Tool 4.3.1.

  • Disk metrics are not populated for virtual machines that reside on vSAN datastoresIn vCloud Director, if you enable metrics collection and monitoring, the default metrics collected for disk activity, such as disk.write.average and disk.read.average, do not work for vSAN datastores. When you navigate to the UI and attempt to view disk data, the chart is not populated.

    Workaround: To view the vSAN disk metrics data, use the configure-metrics command of the cell management tool to add new disk metrics, namely virtualDisk.write.average and virtualDisk.read.average. For information about using the cell management tool, see VMware vCloud Director Administrator’s Guide.

  • vCloud Director UI and API users might encounter HTTP 502 errors if the load balancer does not permit large payloadsWhen you use either the API or the vCloud Director tenant portal, you might experience HTTP 502 errors. This might happen for a number of reasons.
    • When you try to edit a role with the vCloud Director Service Provider Admin Portal or the vCloud Director tenant portal, the Edit Role page might fail to load properly showing following symptoms:
      • If the target role has a large number of rights, the Edit Role page fails to load displaying the error message JSON.parse: unexpected character at line 1 column 1 of the JSON data.
      • If the target role has less rights, the Edit Role page loads successfully, but when you expand the rights categories, no rights are displayed.
        Trying to investigate the issue in the Web browser, shows a 502 response for the network traffic.
    • If you use the vRealize Orchestrator integration, the vCloud Director tenant portal users might experience HTTPS 502 errors.
    • API users might experience HTTP 502 error responses, when retrieving list payloads that have a large number of results, which might lead to a large number of HTTP headers in the response.

    These issues are happening because the load balancer is rejecting responses with large headers.

    Workaround 1: Apply the following configuration changes.

    • Configure the load balancer with larger buffers, for example, 100 KB.
      Note that individual cells are configured to have default buffer size of 65536 bytes (64 KB). You can adjust the HTTP header buffers  of all vCloud Director cells to match the desired load balancer configuration, by using the manage-config command of the cell management tool:
      cell-management-tool manage-config -n vcloud.http.responseHeaderMax -v new-value
      Here, new-value is an integer number of bytes greater than the default value of 65536.
    • Configure the load balancer to either not enforce the maximum HTTP header limit or set the limit to a large number, such as 1024. Refer to the documentation for the load balancer that you use.

      Note: If you use NSX for vSphere as a load balancer, you can increase the number of headers in the response only if using version 6.4 or later. See https://kb.vmware.com/s/article/52553.

    Workaround 2: Reduce the maximum number of results that can be returned by any API which returns a list of entities to a manageable number by using the configuration parameter restapi.queryservice.maxPageSize in the cell management tool.
    cell-management-tool manage-config -n restapi.queryservice.maxPageSize -v new-value

    For example, to set the value to 64:

    cell-management-tool manage-config -n restapi.queryservice.maxPageSize -v 64

    The default value is 128 and can be configured lower than 128. Values greater than 128 will be ignored.

  • LDAP over SSL connection failsvCloud Director 9.5 uses Java 8 Update 181, which introduces improved LDAP support.

    Workaround: Verify that you have a properly constructed SSL certificate. For information, see the Java 8 Release Changes at https://www.java.com.

  • A fast-provisioned virtual machine created on a VMware vSphere Storage APIs Array Integration (VAAI) enabled NFS array, or vSphere Virtual Volumes (VVols) cannot be consolidatedIn-place consolidation of a fast-provisioned virtual machine is not supported when a native snapshot is used. Native snapshots are always used by VAAI-enabled datastores, as well as by VVols. When a fast-provisioned virtual machine is deployed to one of these storage containers, that virtual machine cannot be consolidated.

    Workaround: Do not enable fast provisioning for an organization VDC that uses VAAI-enabled NFS or VVols. To consolidate a virtual machine with a snapshot on a VAAI or a VVol datastore, relocate the virtual machine to a different storage container.

  • vCloud Director 9.5 supports only a list of input parameters of vRealize Orchestrator workflowsvCloud Director 9.5 supports the following input parameters of vRealize Orchestrator workflows:
    • boolean
    • sdkObject
    • secureString
    • number
    • mimeAttachment
    • properties
    • date
    • composite
    • regex
    • encryptedString
    • array

Leave a Reply

Your email address will not be published. Required fields are marked *