VMware Cloud Foundation 3.11 on Dell EMC VxRail | 14 FEB 2022 | Build 19312783
VMware Cloud Foundation 220.127.116.11 on Dell EMC VxRail | 07 APR 2022 | Build 16419449
Check for additions and updates to these release notes.
The VMware Cloud Foundation (VCF) 3.11 on Dell EMC VxRail release includes the following:
- Security fixes for Apache Log4j Remote Code Execution Vulnerability: This release fixes CVE-2021-44228 and CVE-2021-45046. See VMSA-2021-0028.
- Security fixes for Apache HTTP Server: This release fixes CVE-2021-40438. See CVE-2021-40438.
- Improvements to upgrade prechecks: Upgrade prechecks have been expanded to verify filesystem capacity, file permissions, and passwords. These improved prechecks help identify issues that you need to resolve to ensure a smooth upgrade. Running a precheck now evaluates the health of VxRail Managers, in addition to other VMware Cloud Foundation components.
- Skip-level upgrade to VMware Cloud Foundation 3.11: Upgrade directly to VMware Cloud Foundation 3.11 using the skip-level upgrade CLI tool, which has been updated with additional guardrails, prechecks, and usability improvements.
- BOM Updates: Updated Bill of Materials with new product versions.
VMware Cloud Foundation over Dell EMC VxRail Bill of Materials (BOM)
The VMware Cloud Foundation software product is comprised of the following software Bill-of-Materials (BOM). The components in the BOM are interoperable and compatible.
||14 FEB 2022
||14 FEB 2022
|VMware vCenter Server Appliance
||6.7 Update 3q
||08 FEB 2022
|VMware NSX Data Center for vSphere
||21 DEC 2021
|VMware NSX-T Data Center
||23 DEC 2021
|VMware vRealize Suite Lifecycle Manager
||2.1 Patch 3
||12 JAN 2022
|VMware vRealize Log Insight
||11 APR 2019
|vRealize Log Insight Content Pack for NSX for vSphere
|vRealize Log Insight Content Pack for Linux
|vRealize Log Insight Content Pack for vRealize Automation 7.5+
|vRealize Log Insight Content Pack for vRealize Orchestrator 7.0.1+
|vRealize Log insight Content Pack for NSX-T
|vSAN content pack for Log Insight
|vRealize Operations Manager
||11 APR 2019
||11 APR 2019
||17 DEC 2021
- VMware vSphere (ESXi) and VMware vSAN are part of the VxRail BOM.
- vRealize Log Insight Content Packs are deployed during the workload domain creation.
- VMware Solution Exchange and the vRealize Log Insight in-product marketplace store only the latest versions of the content packs for vRealize Log Insight. The software components table contains the latest versions of the packs that were available and automation at the time VMware Cloud Foundation released. When you deploy the VMware Cloud Foundation components, it is possible that the version of a content pack within the in-product marketplace for vRealize Log Insight is newer than the one used for this release.
- To remediate VMSA-2020-0007 (CVE-2020-3953 and CVE-2020-3954) for vRealize Log Insight 4.8, you must apply the vRealize Log Insight 4.8 security patch. For information on the security patch, see KB article 79168.
The following documentation is available:
You can upgrade to VMware Cloud Foundation 3.11 on Dell EMC VxRail from VMware Cloud Foundation 18.104.22.168 on Dell EMC VxRail (sequential upgrade) or from VMware Cloud Foundation 3.7.1 on Dell EMC VxRail (skip-level upgrade). For upgrade information, see VMware Cloud Foundation on VxRail Lifecycle Management.
VMware Cloud Foundation 3.11 on Dell EMC VxRail cannot be deployed as a new release.
VMware Cloud Foundation 3.11 on Dell EMC VxRail with VxRail Manager 4.7.541 is supported as a source version for migration to VMware Cloud Foundation 4.x on Dell EMC VxRail.
Design Considerations for Multiple Availability Zones
NSX-T Data Center 3.x changes how the northbound traffic flow can be influenced. If you have the following architecture, you must change the Tier-0 gateway architecture before you upgrade to NSX-T Data Center 3.x:
- An NSX Edge cluster with edge nodes placed in both availability zones (typically two edge nodes pinned to Availability Zone 1 and two edge nodes pinned to Availability Zone 2)
- An Active/Active Tier-0 gateway architecture where the Tier-0 gateway spans edge nodes in both availability zones.
- Deployed in a data center infrastructure that cannot tolerate asymmetrical routing to or from each availability zone, for example, for physical data center firewalls, and other.
Change to a Tier-0 gateway architecture where the Tier-0 gateway is active only in a single availability zone at a time in one of the following ways:
- Recommended: Place an NSX Edge cluster with edge nodes in a single availability zone only (typically Availability Zone 1), that fail over using vSphere HA to Availability Zone 2 on failure. This change requires changes in the data center fabric including stretching of the Uplink and Edge TEP VLANs between the availability zones. See KB 87426 for more information.
- Migrate to an Active/Standby Tier-0 gateway. Follow the NSX-T Data Center 3.x product documentation for changing from an Active/Active to an Active/Standby architecture of the Tier-0 gateway.
Changing from a Three N-VDS to Single N-VDS Edge Node Design
Starting with NSX-T Data Center 2.5, a single N-VDS switch design is available in the NSX Edge node. Changing from three N-VDS instances to a single N-VDS provides network throughput and scalability improvements in NSX-T Data Center. It is recommended for all environments but highly recommended for environments deployed at scale.
The procedure involves the following high-level steps:
- Deploy a new NSX Edge cluster with new edge nodes based on the single N-VDS design.
- Deploy a new Tier-0 gateway and verify connectivity.
- Once tested, you can reconfigure your Tier-1 gateways to utilize the new Tier-0 gateway on the single N-VDS edge cluster.
See KB 87426 for more information.
The following issues have been resolved in Cloud Foundation 3.11:
- VMware vCenter Server Appliance 6.7 Update 3p addresses security vulnerabilities CVE-2021-21980 and CVE-2021-22049 as described in VMware Security Advisory VMSA-2021-0027.
- Duplicate node expansion tasks are generated in SDDC Manager.
- When Enable Cluster-Level Selection button is disabled, previously upgraded clusters are automatically selected for upgrade.