RSS
 

VMware Cloud Foundation 3.11 | 14 FEB 2022 | Build 19312783

VMware Cloud Foundation 3.11.0.1 on Dell EMC VxRail | 07 APR 2022 | Build 16419449

Check for additions and updates to these release notes.

What's New

The VMware Cloud Foundation (VCF) 3.11 on Dell EMC VxRail release includes the following:

  • Security fixes for Apache Log4j Remote Code Execution Vulnerability: This release fixes CVE-2021-44228 and CVE-2021-45046. See VMSA-2021-0028.
  • Security fixes for Apache HTTP Server: This release fixes CVE-2021-40438. See CVE-2021-40438.
  • Improvements to upgrade prechecks: Upgrade prechecks have been expanded to verify filesystem capacity, file permissions, and passwords. These improved prechecks help identify issues that you need to resolve to ensure a smooth upgrade. Running a precheck now evaluates the health of VxRail Managers, in addition to other VMware Cloud Foundation components.
  • Skip-level upgrade to VMware Cloud Foundation 3.11: Upgrade directly to VMware Cloud Foundation 3.11 using the skip-level upgrade CLI tool, which has been updated with additional guardrails, prechecks, and usability improvements.
  • BOM Updates: Updated Bill of Materials with new product versions.

VMware Cloud Foundation over Dell EMC VxRail Bill of Materials (BOM)

The VMware Cloud Foundation software product is comprised of the following software Bill-of-Materials (BOM). The components in the BOM are interoperable and compatible.

Software Component Version Date Build Number
SDDC Manager 3.11 14 FEB 2022 19312783
VxRail Manager 4.7.541 14 FEB 2022 n/a
VMware vCenter Server Appliance 6.7 Update 3q 08 FEB 2022 19300125
VMware NSX Data Center for vSphere 6.4.12 21 DEC 2021 19066632
VMware NSX-T Data Center 3.0.3.1 23 DEC 2021 19067109
VMware vRealize Suite Lifecycle Manager 2.1 Patch 3 12 JAN 2022 19201324
VMware vRealize Log Insight 4.8 11 APR 2019 13036238
vRealize Log Insight Content Pack for NSX for vSphere 3.9 n/a n/a
vRealize Log Insight Content Pack for Linux 2.0.1 n/a n/a
vRealize Log Insight Content Pack for vRealize Automation 7.5+ 1.0 n/a n/a
vRealize Log Insight Content Pack for vRealize Orchestrator 7.0.1+ 2.1 n/a n/a
vRealize Log insight Content Pack for NSX-T 3.8.2 n/a n/a
vSAN content pack for Log Insight 2.2 n/a n/a
vRealize Operations Manager 7.5 11 APR 2019 13165949
vRealize Automation 7.6 11 APR 2019 13027280
Horizon 7 7.10.3 17 DEC 2021 19069415

Note: 

  • VMware vSphere (ESXi) and VMware vSAN are part of the VxRail BOM.
  • vRealize Log Insight Content Packs are deployed during the workload domain creation.
  • VMware Solution Exchange and the vRealize Log Insight in-product marketplace store only the latest versions of the content packs for vRealize Log Insight. The software components table contains the latest versions of the packs that were available and automation at the time VMware Cloud Foundation released. When you deploy the VMware Cloud Foundation components, it is possible that the version of a content pack within the in-product marketplace for vRealize Log Insight is newer than the one used for this release.
  • To remediate VMSA-2020-0007 (CVE-2020-3953 and CVE-2020-3954) for vRealize Log Insight 4.8, you must apply the vRealize Log Insight 4.8 security patch. For information on the security patch, see KB article 79168. ​

Upgrade Information

You can upgrade to VMware Cloud Foundation 3.11 on Dell EMC VxRail from VMware Cloud Foundation 3.10.2.2 on Dell EMC VxRail (sequential upgrade) or from VMware Cloud Foundation 3.7.1 on Dell EMC VxRail (skip-level upgrade). For upgrade information, see VMware Cloud Foundation on VxRail Lifecycle Management.

VMware Cloud Foundation 3.11 on Dell EMC VxRail cannot be deployed as a new release.

VMware Cloud Foundation 3.11 on Dell EMC VxRail with VxRail Manager 4.7.541 is supported as a source version for migration to VMware Cloud Foundation 4.x on Dell EMC VxRail.

Design Considerations for Multiple Availability Zones

NSX-T Data Center 3.x changes how the northbound traffic flow can be influenced.  If you have the following architecture, you must change the Tier-0 gateway architecture before you upgrade to NSX-T Data Center 3.x:

  • An NSX Edge cluster with edge nodes placed in both availability zones (typically two edge nodes pinned to Availability Zone 1 and two edge nodes pinned to Availability Zone 2)
  • An Active/Active Tier-0 gateway architecture where the Tier-0 gateway spans edge nodes in both availability zones.
  • Deployed in a data center infrastructure that cannot tolerate asymmetrical routing to or from each availability zone, for example, for physical data center firewalls, and other. 

Change to a Tier-0 gateway architecture where the Tier-0 gateway is active only in a single availability zone at a time in one of the following ways:

  • Recommended: Place an NSX Edge cluster with edge nodes in a single availability zone only (typically Availability Zone 1), that fail over using vSphere HA to Availability Zone 2 on failure. This change requires changes in the data center fabric including stretching of the Uplink and Edge TEP VLANs between the availability zones.  See KB 87426 for more information.
  • Migrate to an Active/Standby Tier-0 gateway.  Follow the NSX-T Data Center 3.x product documentation for changing from an Active/Active to an Active/Standby architecture of the Tier-0 gateway.

Changing from a Three N-VDS to Single N-VDS Edge Node Design

Starting with NSX-T Data Center 2.5, a single N-VDS switch design is available in the NSX Edge node. Changing from three N-VDS instances to a single N-VDS provides network throughput and scalability improvements in NSX-T Data Center. It is recommended for all environments but highly recommended for environments deployed at scale.

The procedure involves the following high-level steps:

  • Deploy a new NSX Edge cluster with new edge nodes based on the single N-VDS design.
  • Deploy a new Tier-0 gateway and verify connectivity.
  • Once tested, you can reconfigure your Tier-1 gateways to utilize the new Tier-0 gateway on the single N-VDS edge cluster.

See KB 87426 for more information.

VMware Cloud Foundation 3.11.0.1 on Dell EMC VxRail Release Information

You can upgrade to VMware Cloud Foundation 3.11.0.1 either from VMware Cloud Foundation 3.11 (sequential upgrade) or from VMware Cloud Foundation 3.7.1 or later (skip-level upgrade). VMware Cloud Foundation 3.11.0.1 cannot be deployed as a new release. For upgrade information, refer to the VMware Cloud Foundation Upgrade Guide. It is strongly recommended that all customers on VCF 3.x upgrade to VCF 3.11.0.1.

VMware Cloud Foundation 3.11.0.1 contains the following BOM updates:

Software Component Version Date Build Number
SDDC Manager 3.11.0.1 07 APR 2022 19571759
VxRail Manager 4.7.542 21 APR 2022 n/a
VMware NSX Data Center for vSphere 6.4.13 08 FEB 2022 19307994

SDDC Manager 3.11.0.1 fixes the issue:

  • Deleting an NSX for vSphere (NSX-V) VI workload domain incorrectly deletes the NSX controllers for the management domain

VMware NSX Data Center for vSphere 6.4.13 addresses the security vulnerability described in VMSA-2022-0005

Resolved Issues

The following issues have been resolved in Cloud Foundation 3.11:

  • VMware vCenter Server Appliance 6.7 Update 3p addresses security vulnerabilities CVE-2021-21980 and CVE-2021-22049 as described in VMware Security Advisory VMSA-2021-0027.
  • Duplicate node expansion tasks are generated in SDDC Manager.
  • When Enable Cluster-Level Selection button is disabled, previously upgraded clusters are automatically selected for upgrade.

Known Issues

For VMware Cloud Foundation 3.11 known issues, see VMware Cloud Foundation 3.11 known issues.

  • Download of VxRail upgrade bundle version 4.7.541 errors out in SDDC Manager.

    Download of VxRail bundle (4.7.541) fails from SDDC Manager UI in online mode.

    See KB 87995 for more information.

check-circle-line exclamation-circle-line close-line
Scroll to top icon