vCloud Director 10.0 for Service Providers | 19 SEP 2019 | Build 14638910 (installed build 14636284) Check for additions and updates to these release notes. |
What's in this Document
- What's New in This Release
- Deprecated and Discontinued Functionality
- Flex UI Deprecation
- Upgrading from Previous Releases
- System Requirements and Installation
- Unavailable Flex UI Functionalities In the vCloud Director 10.0 HTML5 UI
- Known Issues
What's New in This Release
For information about the new and updated features of this release, see the VMware Technical White Paper What’s New with VMware vCloud Director 10.0.
Deprecated and Discontinued Functionality
End of Life and End of Support Warnings
- SQL Server database is no longer supported. Only the PostgreSQL database is supported.
- Oracle Linux is no longer supported as the host operating system to install the vCloud Director application.
- vCloud API version 20 is no longer supported.
- vCloud API Version 27.0 is deprecated and will become unsupported after vCloud Director 10.0.
- vCloud API Version 29.0 is deprecated.
- The Flex-based UI is deprecated and is disabled by default. vCloud Director 10.0 is the last release of vCloud Director to include the Web Console (Flex-based UI). The HTML5 UI is the only supported user interface for tenants and service providers.
- The
/api/sessions
API login endpoint is deprecated in vCloud API Version 33.0. vCloud Director 10.0 introduces separate vCloud Director OpenAPI login endpoints for the service provider and tenant access to vCloud Director. - vCloud Director 10.0 no longer keeps audit events indefinitely in the database. The default number of days is 45 and the maximum is 60. vCloud Director 10.0 maintains in the database the audit events collected from environments prior to version 10.0. You can export the audit event information in CSV format by using the cell-management-tool export-audit-events.
- The query API for audit events
/api/query?type=event
is deprecated in favor of the new OpenAPI Event API at/cloudapi/1.0.0/auditTrail
. This new API only retrieves audit events that have occurred in the window defined by the configuration variablecom.vmware.vcloud.audittrail.history.days
which is 45 days by default and has a maximum of 60 days.
Upcoming End of Support Notice
- vCloud API 33.0 (vCloud Director 10.0) contains APIs that are under accelerated deprecation and will be removed in future releases. See vCloud API Programming Guide for Service Providers.
Flex UI Deprecation
In vCloud Director 10.0, the vCloud Director Web Console (Flex-based UI) is deprecated and disabled by default. The Web Console URL redirects to the corresponding HTML5 landing pages for service providers and tenants. System administrators with root credentials can use the cell management tool to enable the Web Console. For more information on enabling the Web Console and the redirects from the Web Console URL, see the Enable the vCloud Director Web Console topic in the vCloud Director Installation, Configuration, and Upgrade Guide.
Upgrading from Previous Releases
For more information on upgrading to vCloud Director 10.0, upgrade and migration paths and workflows, see Upgrading vCloud Director.
System Requirements and Installation
Compatibility Matrix
See the VMware Product Interoperability Matrixes for current information about:
- vCloud Director interoperability with other VMware platforms
- Supported vCloud Director databases
Supported vCloud Director Server Operating Systems
- CentOS 6
- CentOS 7
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 7
Supported AMQP Servers
vCloud Director uses AMQP to provide the message bus used by extension services, object extensions, and notifications. This release of vCloud Director supports RabbitMQ versions 3.7, 3.7.9 and 3.8.2.
For more information, see the vCloud Director Installation, Configuration, and Upgrade Guide.
Supported Databases for Storing Historic Metric Data
You can configure your vCloud Director installation to store metrics that vCloud Director collects about virtual machine performance and resource consumption. Data for historic metrics is stored in a Cassandra database. vCloud Director supports Cassandra versions 3.x.
For more information, see the vCloud Director Installation, Configuration, and Upgrade Guide.
Disk Space Requirements
Each vCloud Director server requires approximately 2100MB of free space for the installation and log files.
Memory Requirements
Each vCloud Director server must be provisioned with at least 6GB of memory.
CPU Requirements
vCloud Director is a CPU-bound application. CPU over-commitment guidelines for the appropriate version of vSphere should be followed. In virtualized environments, regardless of the number of cores available to vCloud Director, there must be a sensible vCPU to physical CPU ratio, that does not result in extreme over-committing.
Required Linux Software Packages
Each vCloud Director server must include installations of several common Linux software packages. These packages are typically installed by default with the operating system software. If any of the packages are missing, the installer fails with a diagnostic message.
alsa-lib bash chkconfig coreutils findutils glibc grep initscripts krb5-libs libgcc |
libICE libSM libstdc++ libX11 libXau libXdmcp libXext libXi libXt libXtst |
module-init-tools net-tools pciutils procps redhat-lsb sed tar wget which |
In addition to the installer required packages, several procedures for configuring the network connections and creating SSL certificates require the use of the Linux nslookup
command, which is available in the Linux bind-utils package.
Supported LDAP Servers
You can import users and groups to vCloud Director from the following LDAP services.
Platform | LDAP Service | Authentication Methods |
---|---|---|
Windows Server 2008 | Active Directory | Simple |
Windows Server 2012 | Active Directory | Simple, Simple SSL, Kerberos, Kerberos SSL |
Windows Server 2016 | Active Directory | Simple, Simple SSL |
Windows 7 (2008 R2) | Active Directory | Simple, Simple SSL, Kerberos, Kerberos SSL |
Linux | OpenLDAP | Simple, Simple SSL |
Supported Security Protocols and Cipher Suites
vCloud Director requires the client connections to be secure. SSL version 3 and TLS version 1.0 have been found to have serious security vulnerabilities and are no longer included in the default set of protocols that the server offers to use when making a client connection. The following security protocols are supported:
- TLS version 1.1
- TLS version 1.2
Supported cipher suites include:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
- TLS_RSA_WITH_AES_256_CBC_SHA
- TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
Note: Interoperation with releases of vCenter Server earlier than 5.5-update-3e and versions of ovftool
earlier than 4.2 require vCloud Director to support TLS version 1.0. You can use the cell management tool to reconfigure the set of supported SSL protocols or ciphers. See the Cell Management Tool Reference in the vCloud Director Installation, Configuration, and Upgrade Guide.
Supported Browsers
vCloud Director is compatible with the current major and previous major release of the following browsers:
- Google Chrome
- Mozilla Firefox
- Microsoft Edge
- Microsoft Internet Explorer 11
Note: Use of Microsoft Edge is not supported with vCloud Director installations that use self-signed certificates. Edge also does not support plugins, so functions such as console redirection and OVF upload do not work with Edge.
Supported Guest Operating Systems and Virtual Hardware Versions
vCloud Director supports all guest operating systems and virtual hardware versions supported by the ESXi hosts that back each resource pool.
vCloud Director WebMKS 2.1.1
The vCloud Director WebMKS 2.1.1 console adds support for:
- the PrintScreen key in Google Chrome and in Mozilla Firefox for Windows.
- the Windows key in Windows and macOS. To simulate pressing the Windows key, press Ctrl+Windows in Windows OS, or Ctrl+Command in macOS.
- Automatic keyboard layout detection in Google Chrome and Mozilla Firefox.
Unavailable Flex UI Functionalities In the vCloud Director 10.0 HTML5 UI
Below are some of the functionalities that are not available in the HTML5 Tenant Portal and Service Provider Admin Portal.
- Unable to change the catalog owner (Tenant portal)
- Unable to edit the OVF properties of a vApp and VM (Tenant portal)
- No option to power on a vApp after vApp deployment (Tenant portal)
- Unable to import a VM or vApp from vSphere (Tenant portal)
- Unable to change the user notification settings (Tenant portal)
- Unable to change the vApp lease expiry alert notification settings (Tenant portal)
- Unable to import a vApp template from vSphere (Tenant portal)
- Unable connect to a vApp network when creating a VM within a vApp (Tenant portal)
- vApp templates are not differentiated from unexpired templates (Tenant portal)
- Unable to set per-disk IOPS through the HTML5 UI (Provider portal)
- Unable to set custom vApp lease times (Tenant portal)
- Unable to copy a role (Provider portal)
- External IP is not showing on the vApp details page (Tenant portal)
Known Issues
- New In the Tenant Portal UI, when you create an affinity or an anti-affinity rule, deselecting the Required check box does not affect the rule configuration
In the Tenant Portal UI, when you create an affinity or an anti-affinity rule, deselecting the Required check box does not affect the rule configuration. Affinity and anti-affinity rules are always Required, which means that if a rule cannot be satisfied, the VMs that are added to the rule don't power on.
Workaround: None.
- New When you associate two vCloud Director appliance sites, are not visible across the sites
If you make a site association and your sites have objects like organizations, organization VDCs, vApps, VMs, you cannot see the objects across sites. The HTML 5 UI displays an Internal server error message. The issue occurs during multisite fanout communication because the
/etc/hosts
file of the vCloud Director appliance does not have correct contents.Workaround: None.
- If you disable the provider access to the legacy API login endpoint, all API integrations that rely on the system administrator login stop working, including vCloud Usage Meter and vCloud Availability for vCloud Director
Starting with vCloud Director 10.0, you can use separate vCloud Director OpenAPI login endpoints for service provider and tenant access to vCloud Director. If the service provider access to the legacy
/api/sessions
endpoint is disabled, it causes products that integrate with vCloud Director, like vCloud Usage Meter and vCloud Availability for vCloud Director, to stop working. These products will require a patch to continue to operate.The issue affects only system administrators. The tenant login is not affected.
Workaround: Re-enable the service provider access to the legacy
/api/sessions
endpoint by using the cell management tool. - When you change the reservation guarantee values of a VDC, the existing VMs are not updated accordingly even after a reboot
If you have a flex organization VDC with the system default policy and powered-on virtual machines on that VDC are with the default sizing policy, when you increase the resource guarantee value of the VDC, the resource reservation for the existing VMs is not updated and they are also not marked as non-compliant. The issue occurs also when you convert a legacy VDC allocation model to a flex allocation model and the existing VMs become non-compliant with the new default policy of the flex organization VDC after the conversion.
Workaround:
- To display the non-compliant VMs in the vCloud Director UI, perform an explicit compliance check against the VMs by using the vCloud API.
- To reapply the policy and reconfigure the resource reservations, in the vCloud Director Tenant Portal, click Make VM Compliant for a non-compliant VM.
- The New Organization VDC Network wizard might not display all edge gateways on the Edge connection page
When creating a routed organization VDC network, the Tenant Portal UI might not display all of the edge gateways to connect to.
Workaround: If the Tenant Portal UI does not display the edge gateway you want to connect to, use the vCloud Director Web Console (Flex-based UI).
- vCloud Director displays incorrect information about running and total VMs and CPU and memory stats in dedicated vCenter Server instances
If a dedicated vCenter Server is version 6.0 U3i or earlier, 6.5U2 or earlier, or 6.7U1 or earlier, vCloud Director displays incorrect information about running VMs, total VMs, and CPU and memory statistical information in the vCenter Server instance. The dedicated vCenter Server tile in the Tenant Portal and the dedicated vCenter Server information in the Service Provider Admin Portal display zero for both running and total VMs, even when there are virtual machines in the vSphere environment.
Workaround: Upgrade the vCenter Server instance to version 6.0 U3j, 6.5U3, 6.7U2 or later.
- If the current primary cell is healthy, you cannot promote a standby cell to primary by using the appliance management user interface
If the primary node is healthy, the Promote button in the appliance management UI does not work.
Workaround: Switch the roles of the primary and a standby by using the Replication Manager Tool suite. For more information, see Switch the Roles of the Primary and a Standby Cell in a Database High Availability Cluster.
- Updating a VM sizing policy fails with a memory allocation error
If you convert an allocation-pool VDC to a flex organization VDC, vCloud Director keeps the maximum policy information from the allocation-pool VDC before the conversion. CPU or memory reservation guarantees higher than the reservations defined in the allocation-pool VDC fail with a
Virtual machine reservation or limit or shares settings are invalid
error.Workaround: Log in as a system administrator and set a new maximum policy with the new resource reservation guarantees.
- Used NICs count in edge gateways grid is incorrect for NSX-T Edge Gateways
For NSX-T organization VDC edge gateways, the number of used NICs displayed in the Edge Gateways page of the vCloud Director Service Provider Admin Portal is incorrect.The issue does not affect the functionality itself.
Workaround: None.
- Cannot configure the system to use a SAML identity provider by using the vCloud Director Service Provider Admin Portal
After you configure your system to use a SAML identity provider by using the vCloud Director Service Provider Admin Portal, you cannot log in again to the vCloud Director Service Provider Admin Portal.
Workaround: Configure your system to use a SAML identity provider by using the vCloud Director Web Console.
- In the tenant H5 UI, not all organization VDC networks are displayed when adding an organization VDC network to a vApp
In the tenant H5 UI, when you try to select an organization VDC network to add to a vApp, the H5 UI does not display the full network list. This is observed only with shared organization VDC networks when a multi-clustered backed PVDC is used.
Workaround: Use vCloud Director Web console (Flex UI).
- Cannot access an SDDC proxy if vCloud Director uses legacy self signed certificates
After the upgrade to vCloud Director 9.7, connecting to an SDDC proxy might fail with the error message:
verify error:num=20:unable to get local issuer certificate
. This issue happens if you generated the self signed certificates by using the cell management tool in vCloud Director 9.5 or earlier.Workaround: After the upgrade to vCloud Director 9.7, regenerate and update the self signed certificates.
- After the upgrade to vCloud Director 9.7 (vCloud API v.32.0), custom links that you added by using branding OpenAPI calls are removed
In vCloud API v.32.0, type
UiBrandingLink
that is used for custom links is replaced by typeUiBrandingMenuItem
. These types have different elements. This change is backward incompatible. As a result, API calls from versions 31.0 or earlier that attempt to process or setcustomLinks
within aUiBranding
object fail.Workaround: Update your API calls to the new data type.
- Changing the compute policy of a powered on VM might fail
When trying to change the compute policy of a powered on VM, if the new compute policy is associated with a provider VDC compute policy that has VM Groups or Logical VM Groups, an error occurs. The error message contains:
Underlying system error: com.vmware.vim.binding.vim.fault.VmHostAffinityRuleViolation
.Workaround: Power off the VM, and retry the operation.
- When using the vCloud Director Service Provider Admin Portal with Firefox, you cannot load the tenant networking screens
If you are using the vCloud Director Service Provider Admin Portal with Firefox, the tenant networking screens, for example, the Manage Firewall screen for an organization virtual data center, might fail to load. This issue happens if your Firefox browser is configured to block Third-Party cookies.
Workaround: Configure your Firefox browser to allow third-party cookies.
- vCloud Director 9.7 supports only a list of input parameters of vRealize Orchestrator workflows
vCloud Director 9.7 supports the following input parameters of vRealize Orchestrator workflows:
boolean
sdkObject
secureString
number
mimeAttachment
properties
date
composite
regex
encryptedString
array
Workaround: None
- A fast-provisioned virtual machine created on a VMware vSphere Storage APIs Array Integration (VAAI) enabled NFS array, or vSphere Virtual Volumes (VVols) cannot be consolidated
In-place consolidation of a fast provisioned virtual machine is not supported when a native snapshot is used. Native snapshots are always used by VAAI-enabled datastores, as well as by VVols. When a fast-provisioned virtual machine is deployed to one of these storage containers, that virtual machine cannot be consolidated .
Workaround: Do not enable fast provisioning for an organization VDC that uses VAAI-enabled NFS or VVols. To consolidate a virtual machine with a snapshot on a VAAI or a VVol datastore, relocate the virtual machine to a different storage container.
- Org VDC network status is blank
In the H5 tenant portal, the status of some old operational Org VDC networks appears as blank.
Workaround: Change a property of the Org VDC network (e.g. description) and save it.
- Organization VDC network cannot be deleted from the Tenant portal
You have added a VDC network to a vApp and you have connected the same vApp to a virtual machine.
When you try to delete the organization VDC network in the tenant portal, you receive an error message and you cannot proceed with the deletion.
This network is in use.
Workaround: To delete the organization VDC network follow the steps.
- In vCloud Director Web console, navigate to System > Organizations, and select your organization name.
A window with all vApps, associated to your organization opens. - Select the organization VDC vApp and navigate to the Networking tab.
- Right-click the organization VDC network you want to delete and select Delete.
- To delete the organization VDC network, click Apply.
- In vCloud Director Web console, navigate to System > Organizations, and select your organization name.
- When creating an Anti-Affinity Rule in the vCloud Director tenant portal, the UI displays empty virtual machine list
When you try to create an Anti-Affinity rule in the vCloud Director tenant portal, you cannot select a virtual machine to add to the rule because the virtual machine selection list is empty.
Workaround: To create an Anti-Affinity Rule, use the vCloud Director Web console.
- Newly created virtual machines are deployed on the organization VDC default storage policy
In the vCloud Director Tenant Portal, when you create a new standalone virtual machine, the option to specify the storage policy is missing. As a result the created virtual machine is deployed with the default storage policy of the organization VDC.
Workaround: After you create the virtual machine, go to the resulted virtual machine properties and change the storage policy.