VMware Cloud Foundation Configuration Updates identifies and resolves any discrepancies between the intended/prescribed configuration and the actual configuration, ensuring that the deployment aligns with the recommended configuration. This process includes reconciling the configuration for 2nd party software components listed in the VMware Cloud Foundation Bill of Materials (BOM).

Configuration updates may be required after you apply software updates. Once a configuration update becomes available, you can apply it immediately or wait until after you have applied all software updates. Configuration Updates must be performed during a maintenance window.

Configuration Updates can be applied to multiple domains in parallel. However, if a Configuration Update is in progress, another configuration update on the same domain should not be attempted.

Note: Configuration Updates in VCF detects and reconciles to a prescribed configuration for the release. Once reconciled, it does not identify subsequent non-compliance arising from out of band changes.

The following configuration updates may become available, depending on your source version of VMware Cloud Foundation:

Configuration Update Description Introduced in VCF Version Resource Type Update Type Required Minimum Component Versions

ConfigureVsanHaIsolationAddressesConfigDrift

Configures the vSAN HA network isolation address to use the vSAN vmkernel interface gateway, in conformance with VCF best practices.

 4.3.0.0 CLUSTER FIX vCenter 7.0.3

ToggleVSanRecommendationConfigDrift

Disables vSAN baseline recommendations for vSAN enabled clusters.

 4.4.1.0 CLUSTER FIX vCenter 7.0.0

RemoveNfsDatastoreConfigDrift

Removes NFS datastore on hosts.

 5.0.0.0 CLUSTER FIX NA

CloudAdminRoleConfigDrift

Creates Cloud Admin role in vCenter Server for the management domain.

 5.0.0.0 DOMAIN FEATURE vCenter 7.0.3
AllowBrokerConfigurationConfigDrift

Adds config.SDDC.Deployed.AllowBrokerConfiguration advanced property in vCenter Server. This property restricts the user from configuring an external IDP from the vCenter UI in the ELM ring ( workload domain vCenters). Configuration is only possible from the management domain vCenter UI and isolated workload domain vCenter UI.

 5.1.0.0 DOMAIN FEATURE vCneter 8.0.2
ClusterHaSettingsConfigDrift

Removes das.includeFTcomplianceChecks option HA configuration from all clusters on the management domain.

 5.1.0.0 DOMAIN FEATURE vCenter 8.0.1

ComputeManagerSettingsDrift

Creates an internal NSX service account to enable NSX to vSphere Lifecycle Manager communication.

 5.1.0.0 DOMAIN FEATURE vCenter 7.0.2.00400, NSX 3.1.3.0.0
DvpgConfigurationDrift

Creates a new distributed virtual port group named VM_MANAGEMENT in the target domain, and migrates all VMs connected to the management port group to this new port group. The purpose of this feature is to allow separation of traffic coming from management VMs and ESXi hosts.

VMs migrated: VCSA, SDDC Manager, NSX Manager and Edge VMs.

 5.1.0.0 CLUSTER FEATURE NA
EsxAdvancedOptionsConfigDrift

Configures

UserVars.SuppressShellWarning

property on every ESXi host to false, to enable warnings for ESXi Shell and SSH services.

 5.1.0.0 DOMAIN FEATURE NA
WorkspaceOneBrokerConfigDrift

Configures BOM components as OIDC relying parties of Workspace ONE Broker in vCenter.

 5.1.0.0 DOMAIN FEATURE vCenter 8.0.2, NSX 4.1.2

RegisterSDDCmanagerAsVCExtensionConfigDrift

Register SDDC Manager as an extension in a workload domain vCenter.

 5.2.0.0 DOMAIN FEATURE vCenter 7.0.0

SddcMgrVxRailServiceAccountConfigDrift

Creates a service account for SDDC Manager to VxRail Manager communication.

5.2.0.0 CLUSTER FEATURE vCenter 7.0.400

Procedure

  1. In the navigation pane, click Inventory > Workload Domains.
  2. On the Workload Domains page, click the workload domain name and then click the Updates tab.
  3. Click Run Precheck to run the upgrade precheck.

    Resolve any issues before proceeding with the upgrade.

  4. Expand Available Configuration Updates, click Apply All.


    • FEATURE: Configuration change required for a new feature.
    • FIX: Configuration change associated with a fix for a defect.
  5. Check the progress of a configuration update by clicking the task in the Tasks panel.SDDC Manager Tasks table showing that Config Reconcilation is Running.
  6. After the configuration updates are successfully applied, they will no longer appear in the table.There are noi available Configuration Updates.

    Pending Configuration Updates do not block future BOM upgrades.