VMware Validated Design 6.0.1 | 25 JUN 2020
Check for additions and updates to these release notes.
What's in the Release Notes
The release notes cover the following topics:
- About VMware Validated Design for Software-Defined Data Center 6.0.1
- Updated VMware Software Components in the Validated Design
- What's New
- Earlier of VMware Validated Design
- Updating to VMware Validated Design 6.0.1
- Life Cycle of the VMware Software Components
- Caveats and Limitations
- Documentation Delivery Log
- Known Issues
VMware Validated Design provides a set of prescriptive documents that explain how to plan, deploy, and configure a Software-Defined Data Center (SDDC). The architecture, the detailed design, and the deployment guides provide instructions about configuring a dual-region SDDC.
VMware Validated Design is tested by VMware to ensure that all components and their individual versions work together, scale, and perform as expected. Unlike Reference Architectures which focus on an individual product or purpose, a VMware Validated Design is a holistic approach to design, encompassing many products in a full stack for a broad set of use case scenarios in an SDDC.
This VMware Validated Design supports a number of use cases, and is optimized for integration, expansion, Day-2 operations, as well as future upgrades and updates. As new products are introduced, and new versions of existing products are released, VMware continues to qualify the cross-compatibility and upgrade paths of VMware Validated Design. Designing with a VMware Validated Design ensures that future upgrade and expansion options are available and supported.
VMware Validated Design 6.0.1 is based on a set of individual VMware products with different versions that are available in a common downloadable package.
The products included in VMware Validated Designs participate in the VMware's Customer Experience Improvement Program ("CEIP"). Join the CEIP because this program provides us with information used to improve VMware products and services, fix problems, and advise you on how best to deploy and use our products.
Details regarding the data collected through CEIP and the purposes for which it is used by VMware are set forth at the Trust & Assurance Center at http://www.vmware.com/trustvmware/ceip.html. To join or leave the CEIP for the products that are part of VMware Validated Design, see the documentation for each product.
Before you deploy or upgrade the SDDC, review the release notes of the software components that are used in this validated design.
|Product Group and Edition||Product Name||Product Version||Release Notes|
|VMware Cloud Foundation Enterprise||VMware Cloud Foundation||4.0.1 * ***||VMware Cloud Foundation 4.0.1 Release Notes|
|VMware vSphere Enterprise Plus||ESXi||ESXi 7.0b *||VMware ESXi 7.0, Patch Release ESXi 7.0b|
|vCenter Server||7.0.0b * ***||VMware vCenter Server 7.0.0b Release Notes|
|VMware vSAN Standard or higher||vSAN||7.0b *||VMware ESXi 7.0, Patch Release ESXi 7.0b|
|vSAN Witness Appliance||7.0b *
Download the appliance OVA file from its location on My VMware.
|VMware NSX Data Center Advanced or higher||NSX-T Data Center||3.0.1 * ***||VMware NSX-T Data Center 3.0.1 Release Notes|
|VMware Workspace ONE Access||VMware Workspace ONE Access||3.3.2 ** ***||VMware Identity Manager 3.3.2 Release Notes|
|VMware vRealize Suite Lifecycle Manager||vRealize Suite Lifecycle Manager||8.1 Patch 1 with 8.1 Product Support Pack 1 * ***|
|VMware vRealize Operations Manager Advanced or higher||vRealize Operations Manager||8.1 ***||vRealize Operations Manager 8.1 Release Notes|
|vRealize Operations Management Pack for VMware Identity Manager||1.1||VMware vRealize Operations Management Pack for VMware Identity Manager 1.1 Release Notes|
|vRealize Operations Management Pack for Storage Devices||8.0||VMware vRealize Operations Management Pack for Storage Devices 8.0 Release Notes|
|VMware vRealize Log Insight||vRealize Log Insight||8.1.1 *||vRealize Log Insight 8.1.1 Release Notes|
|vRealize Log Insight Content Pack for NSX-T||3.9 *|
|Realize Log Insight Content Pack for Linux||2.1|
|vRealize Log Insight Content Pack for Linux - Systemd||1.0|
|VMware vRealize Automation Advanced or higher||vRealize Automation||8.1 Patch 1 * ***|
|*||Updated from the earlier release of VMware Validated Design|
|**||These releases have been determined to be impacted by CVE-2020-4006. Fixes and workarounds are available to address this vulnerability. For more information, see VMSA-2020-0027.|
|***||New To remediate VMSA-2021-0028 (CVE-2021-44228 and CVE-2021-45046), you must apply a certain configuration in the Apache log4j module in the affected products. See VMSA-2021-0028.|
|Product Group and Edition||Product Name||Product Version||Release Notes|
|Red Hat OpenShift||OpenShift Container Platform||4.3||OpenShift Container Platform 4.3 Release Notes|
|NSX-T Data Center||NSX Container Plugin||3.0.1||NSX Container Plugin 3.0.1 Release Notes|
|VMware Tanzu||VMware Tanzu Observability by Wavefront||service||Wavefront Release Notes|
VMware makes available patches and releases to address critical security and functional issues for several products. After deploying VMware Validated Design, verify that you are using the latest security and express patches or hotfixes for a given component available.
- For applying patches and hotfixes to ESXi, vCenter Server, and NSX-T, use update bundles in SDDC Manager.
- For applying patches and hotfixes to vRealize Suite Lifecycle Manager, Workspace ONE Access, vRealize Operations Manager, vRealize Log Insight, or vRealize Automation, use vRealize Suite Lifecycle Manager.
Scalability and functionally tests for individual patches, express patches, or hotfixes are not typically performed against VMware Validated Design. If a patch must be applied to your environment, follow the VMware published practices and VMware Knowledge Base articles for the specific patch. If an issue occurs during or after the process of applying a patch, contact VMware Technical Support. If after applying a patch, the new product version no longer adheres to the bill of materials, or interrupts the upgrade to the next published version of the design, you must continue to follow the upgrade path to a version of the design that includes this product version.
VMware Solution Exchange and in-product marketplace store only the latest versions of the management packs for vRealize Operations Manager and the content packs for vRealize Log Insight. The software components table contains the latest versions of the packs that were available at the time this VMware Validated Design was validated. When you deploy the VMware Validated Design components, it is possible that the version of a management or content pack on VMware Solution Exchange and in-product marketplace is newer than the one used for this release.
For information on the life cycle of the VMware software components in this VMware Validated Design, see Life Cycle of the VMware Software Components.
VMware Validated Design 6.0.1 provides a list of new features:
- Updated Bill of Materials that incorporates new product versions.
- Individual Planning and Preparation Workbook version for VMware Validated Design 6.0.1.
- Update guidance from VMware Validated Design 6.0 to VMware Validated Design 6.0.1. See Updating to VMware Validated Design 6.0.1.
- Operational Verification guidance for VMware Validated Design 6.0.0 that you can also apply to this VMware Validated Design. See VMware Validated Design Operational Verification.
- Architecture and deployment guidance is now available for a RedHat OpenShift container platform-based workload domain. See Architecture and Design for a Red Hat OpenShift Workload Domain and Deployment of a RedHat OpenShift Workload Domain in the First Region.
- Architecture and implementation guidance is now available for backup and restore. See Architecture and Design for Backup and Restore and Backup and Restore.
For more information, see the VMware Validated Design Documentation page.
Features and known issues of VMware Validated Design are described in the release notes for each release. See VMware Validated Design 6.0 Release Notes.
This VMware Validated Design release is available only in English.
This VMware Validated Design guarantees that product versions in the VMware Validated Design 6.0, and the design chosen, are fully compatible. Any minor known issues that exist are described in this release notes document.
To install and configure an SDDC according to this validated design, follow the guidance in the VMware Validated Design 6.0 documentation. For product download information, and guides access, see the VMware Validated Design Documentation page.
You update to VMware Validated Design 6.0.1 from VMware Validated Design 6.0. You update each SDDC management product to the specific version according to the software bill of materials in this VMware Validated Design.
Before you upgrade the functional layers of the SDDC, verify that your existing VMware Validated Design environment meets certain general prerequisites.
- Verify that your environment implementation follows exactly the software bill of materials for the previous release.
- Examine the release notes for each product version included in the updated software bill of materials for the design.
- Examine the Planning and Preparation Workbook. Address any hardware or software requirements that might impact the upgrade.
- Verify that your server hardware is certified with vSphere 7.0b. For more information, see the VMware Compatibility Guide.
- Review all custom integrations developed and deployed externally from the VMware Validated Design framework to ensure compatibility with product versions in the updated software bill of materials, such as vRealize Orchestrator workflows.
- Review all third-party product integrations in your environment to ensure compatibility with the product versions in the updated software bill of materials.
For continuous monitoring of the SDDC during update by using versions of the operations management components that are compatible with both the source and target versions of the other management products, you update the vRealize Suite products in the cloud operations layer first. You continue the update of the VMware Validated Design by updating the product versions in the cloud automation layer.
|1||vRealize Suite products in the Cloud Operations Layer||vRealize Suite Lifecycle Manager||Install vRealize Suite Lifecycle Manager 8.1 Patch 1.||See VMware vRealize Suite Lifecycle Manager 8.1 Patch 1 Release Notes.|
|2||Install the vRealize Suite Lifecycle Manager 8.1 product support pack 1 for vRealize Log Insight 8.1.1.||See vRealize Suite Lifecycle Manager 8.1 Product Support Pack 1 for vRealize Log Insight 8.1.1 in the
VMware vRealize Suite Lifecycle Manager 8.1 Release Notes.
|3||vRealize Log Insight||By using vRealize Suite Lifecycle Manager, update vRealize Log Insight 8.1 to vRealize Log Insight 8.1.1.||See Update vRealize Log Insight in the vRealize Suite Lifecycle Manager 8.1 Installation, Upgrade, and Management documentation.|
|4||Cloud Automation Layer||vRealize Automation||By using vRealize Suite Lifecycle Manager, install vRealize Automation 8.1 Patch 1.||See Cumulative Update of vRealize Automation 8.1 (79170) in the VMware Knowledge Base.|
After updating the vRealize Suite products in the cloud operations and automation layers, update SDDC Manager and the components of the virtual infrastructure layer of the SDDC. You update the virtual infrastructure layer last to reduce the time to update the whole stack and prevent errors caused by incompatibility between product versions.
Starting with VMware Validated Design 6.0 and later, you use SDDC Manager in VMware Cloud Foundation for an automated upgrade and update the virtual infrastructure layer in the management and workload domains. Before you update to the SDDC Manager version in this validated design, you must update to a maintenance version of SDDC Manager and related virtual infrastructure products.
|Order||VMware Cloud Foundation Update||Updated Component||Update Steps|
|1||Update to VMware Cloud Foundation 188.8.131.52||SDDC Manager||See Upgrade to VMware Cloud Foundation 184.108.40.206 in the VMware Cloud Foundation Lifecycle Management documentation.|
|2||Update to VMware Cloud Foundation 4.0.1||SDDC Manager||See Upgrade the Management Domain and Upgrade Workload Domains in the VMware Cloud Foundation Lifecycle Management documentation.|
For each resource pool in the first cluster in the management domain, enable scalable shares.
- In a Web browser, log in to vCenter Server by using the vSphere Client.
Setting Value URL https://sfo-m01-vc01.sfo.rainpole.io/ui User name email@example.com Password vsphere_admin_password
- In the Hosts and Clusters inventory, expand the sfo-m01-vc01.sfo.rainpole.io > sfo-m01-dc01 > sfo-m01-cl01 tree.
- In the navigation pane, select one of the resource pools and select Actions > Edit Resource Settings.
- In the Edit Resource Settings dialog box, next to Scale Descendant's Shares, select Yes, make them scalable and click OK.
- Repeat the procedure for the other resource pool.
Starting with VMware Validated Design 6.0.1, when converting a cluster to a vSAN stretched cluster by using SDDC Manager in VMware Cloud Foundation 4.0.1, the vSAN witness traffic is placed on the management network. As a result, you can use a smaller MTU size on the path between both availability zones and the witness site and use jumbo frames only for the vSAN data traffic.
To align the witness traffic configuration to VMware Validated Design 6.0.1, after you update the SDDC to VMware Validated Design 6.0.1, on the vSAN witness host and ESXi hosts in the management and workload domains, you move the witness traffic from the secondary VMkernel adapter to the VMkernel adapter for the management network for the management and workload domains.
|vSAN witness host in a third location||
|ESXi hosts in the management and workload domains||
On the hosts in both availability zones in the management domain and in the workload domain, move the witness traffic on to the management VMkernel network adapter.
This VMware Validated Design version is based on one or more VMware products whose versions eventually reach the End of Support Life (EOSL) stage as described by the VMware Lifecycle Policies.Тhose versions are no longer generally supported by VMware. In such a case, upgrade to a later version by using the upgrade procedures in the VMware Validated Design Upgrade documentation.
If you are using an earlier version in your environment, upgrade your environment according to the following scenarios:
|The version of VMware Validated Design that you are using has already entered the EOSL stage but the next VMware Validated Design version is still supported.||Apply the VMware Validated Design Upgrade documentation to bring the VMware environment to a fully supported state|
|The version of VMware Validated Design that you are using and the next version have both already entered the EOSL stage||Because the VMware Validated Design Upgrade documentation supports upgrade only from one release to the next one, the transition across multiple releases might be complex. Contact a VMware sales representative to plan and perform a custom upgrade procedure with the assistance of VMware Professional Services.|
For more information about current and expired product releases, refer to the VMware Lifecycle Product Matrix
- The SDDC configuration in this release includes a single region with two availability zones.
VMware Validated Design 6.0.1 has been developed with design objectives that included multi-region and disaster recovery use cases. At the time of this release, because of architecture limitations in some of the products within the SDDC stack, providing prescriptive guidance that would meet the full set of design objectives for extending a VMware Validated Design deployment to a second region is not possible.
- Upgrade guidance from VMware Validated Design 5.1.1 to VMware Validated Design 6.0 and VMware Validated Design 6.0.1 is not available.
- The migration coordinator of NSX-T Data Center covers partially the SDDC topology in this design.
- At the time of publishing this design, a direct migration path from vRealize Automation 7.6 to vRealize Automation 8.1 does not exist.
- Use of a shared NSX-T Manager cluster for multiple workload domains is not implemented.
vRealize Automation does not support adding more than one workload domain that shares an NSX-T Data Center instance, for example, many:1:many. You can associate one NSX-T cloud account to only one vCenter Server cloud account.
Consolidated SDDC architecture is not available for this release.
For best support of vSphere with Kubernetes workload domains, SDDC Manager is configured to apply ESXi patches and updates by using vSphere Lifecycle Manager baselines.
To provide a user-friendly object naming across the SDDC, to deploy workload domains, you call the SDDC Manager API with a JSON specification instead of using the SDDC Manager user interface.
rainpole.iotop-level domain replaces
vSphere with Kubernetes supports limited use of
.localas a top-level domain.
- Мulti-tenancy for vRealize Automation is not enabled.
- Using the vRealize Log Insight Content Packs for vRealize Automation and vRealize Orchestrator is not part of the design.
Earlier versions of VMware Validated Design include vRealize Log Insight Content Packs for earlier versions of vRealize Automation and vRealize Orchestrator. At the time of publishing this design, content packs for vRealize Automation 8.1 and vRealize Orchestrator 8.1 are not available.
You configure the initial integration of vRealize Automation with virtual infrastructure workloads domain manually instead of using the vCenter Server Quickstart option in vRealize Automation.
When adding an NSX-T cloud account, the Quickstart uses the default admin user for NSX-T Manager from the SDDC Manager inventory. You are unable to pass a service account that is managed by Workspace ONE Access because of a design limitation.
The QuickStart assumes the use of native virtual machines templates but this design uses the integration with the vSphere Content Library because vSphere Content Library provides native replication and versioning of common virtual machine templates across workload domains.
- You enable the vSAN stretched cluster in the management domain and a virtual infrastructure workload domain by using the SDDC Manager API. The names of the distributed port groups for Availability Zone 2 that are created by SDDC Manager derive from the names of the distributed port groups for Availability Zone 1, introducing deviation from the naming convention in this VMware Validated Design.
- VMware Skyline is not supported. At the time of publishing this design, VMware Skyline is not interoperable with NSX-T Data Center.
- VMware Site Protection and Recovery and VMware vSphere Replication are not in scope of this release because of the limitations in multi-region support.
The VMware Validated Design documentation is published in several iterations. On the release date, the core documents that introduce VMware Validated Design and provide guidance on the SDDC design, planning, and deployment are published live. The remaining documents are released in groups until the entire set is compliant with the Bill of Materials of the VMware Validated Design release.
|16 JUL 2020||
As standalone documentation
|25 JUN 2020||As an extension to the documentation for VMware Validated Design 6.0:
As standalone documentation
All documentation is available on the VMware Validated Design Documentation page.
VMware Validated Design 6.0.1 inherits all known issues of VMware Validated Design 6.0 except for several resolved issues. See VMware Validated Design 6.0 known issues.
This release also has specific known issues.
- New The design guidance in Architecture and Design for the Management Domain and Architecture and Design for a Virtual Infrastructure Workload Domain places the vSAN witness traffic on the vSAN network
Starting with VMware Validated Design 6.0.1 and VMware Cloud Foundation 4.0.1, you place the vSAN witness traffic on the management network in both the witness site and availability zones. In this way, the requirements to use jumbo frames for witness traffic and to have static routes for vSAN traffic becomes obsolete.The Architecture and Design documentation still includes the default configuration where the witness traffic is placed on the vSAN network.
Workaround: Follow the vSAN witness traffic configuration in the deployment documentation in Deployment of the Management Domain in a First Region and Deployment of a Virtual Infrastructure Workload Domain in the First Region, and the upgrade instructions at Place the vSAN Witness Traffic on the Management Network.