The VMware Cloud Foundation (VCF) 3.11 on Dell EMC VxRail release includes the following:

• Security fixes for Apache Log4j Remote Code Execution Vulnerability: This release fixes CVE-2021-44228 and CVE-2021-45046. See VMSA-2021-0028.

• Security fixes for Apache HTTP Server: This release fixes CVE-2021-40438. See CVE-2021-40438.

• Improvements to upgrade prechecks: Upgrade prechecks have been expanded to verify filesystem capacity, file permissions, and passwords. These improved prechecks help identify issues that you need to resolve to ensure a smooth upgrade. Running a precheck now evaluates the health of VxRail Managers, in addition to other VMware Cloud Foundation components.

• Skip-level upgrade to VMware Cloud Foundation 3.11: Upgrade directly to VMware Cloud Foundation 3.11 using the skip-level upgrade CLI tool, which has been updated with additional guardrails, prechecks, and usability improvements.

• BOM Updates: Updated Bill of Materials with new product versions.

The VMware Cloud Foundation software product is comprised of the following software Bill-of-Materials (BOM). The components in the BOM are interoperable and compatible.

Note: 

• VMware vSphere (ESXi) and VMware vSAN are part of the VxRail BOM.

• vRealize Log Insight Content Packs are deployed during the workload domain creation.

• VMware Solution Exchange and the vRealize Log Insight in-product marketplace store only the latest versions of the content packs for vRealize Log Insight. The software components table contains the latest versions of the packs that were available and automation at the time VMware Cloud Foundation released. When you deploy the VMware Cloud Foundation components, it is possible that the version of a content pack within the in-product marketplace for vRealize Log Insight is newer than the one used for this release.

• To remediate VMSA-2020-0007 (CVE-2020-3953 and CVE-2020-3954) for vRealize Log Insight 4.8, you must apply the vRealize Log Insight 4.8 security patch. For information on the security patch, see KB article 79168. ​

The following documentation is available:

• VMware Cloud Foundation on Dell EMC VxRail Admin Guide

• VMware Cloud Foundation 3.11 Release Notes

• Support Matrix of VMware Cloud Foundation on Dell EMC VxRail

You can upgrade to VMware Cloud Foundation 3.11 on Dell EMC VxRail from VMware Cloud Foundation 3.10.2.2 on Dell EMC VxRail (sequential upgrade) or from VMware Cloud Foundation 3.7.1 on Dell EMC VxRail (skip-level upgrade). For upgrade information, see VMware Cloud Foundation on VxRail Lifecycle Management.

VMware Cloud Foundation 3.11 on Dell EMC VxRail cannot be deployed as a new release.

VMware Cloud Foundation 3.11 on Dell EMC VxRail with VxRail Manager 4.7.541 is supported as a source version for migration to VMware Cloud Foundation 4.x on Dell EMC VxRail.

vRealize Suite Lifecycle Manager Version 2.1.0 Patch 3

There is no upgrade bundle for vRealize Suite Lifecycle Manager Version 2.1.0 Patch 3. To upgrade, follow the process described in the VMware vRealize Suite Lifecycle Manager 2.1 Patch 3 Release Notes.

Design Considerations for Multiple Availability Zones

NSX-T Data Center 3.x changes how the northbound traffic flow can be influenced.  If you have the following architecture, you must change the Tier-0 gateway architecture before you upgrade to NSX-T Data Center 3.x:

• An NSX Edge cluster with edge nodes placed in both availability zones (typically two edge nodes pinned to Availability Zone 1 and two edge nodes pinned to Availability Zone 2)

• An Active/Active Tier-0 gateway architecture where the Tier-0 gateway spans edge nodes in both availability zones.

• Deployed in a data center infrastructure that cannot tolerate asymmetrical routing to or from each availability zone, for example, for physical data center firewalls, and other. 

Change to a Tier-0 gateway architecture where the Tier-0 gateway is active only in a single availability zone at a time in one of the following ways:

• Recommended: Place an NSX Edge cluster with edge nodes in a single availability zone only (typically Availability Zone 1), that fail over using vSphere HA to Availability Zone 2 on failure. This change requires changes in the data center fabric including stretching of the Uplink and Edge TEP VLANs between the availability zones.  See KB 87426 for more information.

• Migrate to an Active/Standby Tier-0 gateway.  Follow the NSX-T Data Center 3.x product documentation for changing from an Active/Active to an Active/Standby architecture of the Tier-0 gateway.

Changing from a Three N-VDS to Single N-VDS Edge Node Design

Starting with NSX-T Data Center 2.5, a single N-VDS switch design is available in the NSX Edge node. Changing from three N-VDS instances to a single N-VDS provides network throughput and scalability improvements in NSX-T Data Center. It is recommended for all environments but highly recommended for environments deployed at scale.

The procedure involves the following high-level steps:

• Deploy a new NSX Edge cluster with new edge nodes based on the single N-VDS design.

• Deploy a new Tier-0 gateway and verify connectivity.

• Once tested, you can reconfigure your Tier-1 gateways to utilize the new Tier-0 gateway on the single N-VDS edge cluster.

See KB 87426 for more information.

You can upgrade to VMware Cloud Foundation 3.11.0.1 either from VMware Cloud Foundation 3.11 (sequential upgrade) or from VMware Cloud Foundation 3.7.1 or later (skip-level upgrade). VMware Cloud Foundation 3.11.0.1 cannot be deployed as a new release. For upgrade information, refer to the VMware Cloud Foundation Upgrade Guide. It is strongly recommended that all customers on VCF 3.x upgrade to VCF 3.11.0.1.

VMware Cloud Foundation 3.11.0.1 contains the following BOM updates:

SDDC Manager 3.11.0.1 fixes the issue:

• Deleting an NSX for vSphere (NSX-V) VI workload domain incorrectly deletes the NSX controllers for the management domain

VMware NSX Data Center for vSphere 6.4.13 addresses the security vulnerability described in VMSA-2022-0005

The following issues have been resolved in Cloud Foundation 3.11:

• VMware vCenter Server Appliance 6.7 Update 3p addresses security vulnerabilities CVE-2021-21980 and CVE-2021-22049 as described in VMware Security Advisory VMSA-2021-0027.

• Duplicate node expansion tasks are generated in SDDC Manager.

• When Enable Cluster-Level Selection button is unavailable, previously upgraded clusters are automatically selected for upgrade.

For VMware Cloud Foundation 3.11 known issues, see VMware Cloud Foundation 3.11 known issues.