VMware Validated Design 6.2 | 09 FEB 2021 Check for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

• About VMware Validated Design for Software-Defined Data Center 6.2
• Updated VMware Software Components in the Validated Design
• What's New
• Internationalization
• Compatibility
• Installation
• Upgrade
• Life Cycle of the VMware Software Components
• Caveats and Limitations
• Deployment of the Management Domain with VLAN-Backed Networks
• Documentation Delivery Log
• Known Issues

About VMware Validated Design 6.2

VMware Validated Design provides a set of prescriptive documents that explain how to plan, deploy, and configure a Software-Defined Data Center (SDDC). The architecture, the detailed design, and the deployment guides provide instructions about configuring a dual-region SDDC.

VMware Validated Design is tested by VMware to ensure that all components and their individual versions work together, scale, and perform as expected. Unlike Reference Architectures which focus on an individual product or purpose, a VMware Validated Design is a holistic approach to design, encompassing many products in a full stack for a broad set of use case scenarios in an SDDC.

This VMware Validated Design supports a number of use cases, and is optimized for integration, expansion, Day-2 operations, as well as future upgrades and updates. As new products are introduced, and new versions of existing products are released, VMware continues to qualify the cross-compatibility and upgrade paths of VMware Validated Design. Designing with a VMware Validated Design ensures that future upgrade and expansion options are available and supported.

Updated VMware Software Components in the Validated Design

VMware Validated Design 6.2 is based on a set of individual VMware products with different versions that are available in a common downloadable package.

The products included in VMware Validated Designs participate in the VMware's Customer Experience Improvement Program ("CEIP"). Join the CEIP because this program provides us with information used to improve VMware products and services, fix problems, and advise you on how best to deploy and use our products.

Details regarding the data collected through CEIP and the purposes for which it is used by VMware are set forth at the Trust & Assurance Center at http://www.vmware.com/trustvmware/ceip.html. To join or leave the CEIP for the products that are part of VMware Validated Design, see the documentation for each product.

Before you deploy or upgrade the SDDC, review the release notes of the software components that are used in this validated design.

VMware Software Components in VMware Validated Design 6.2

Product Group and Edition	Product Name	Product Version	Release Notes
VMware Cloud Foundation Enterprise	VMware Cloud Foundation	4.2* **	VMware Cloud Foundation 4.2 Release Notes
VMware vSphere Enterprise Plus	ESXi	7.0 Update 1d*	VMware ESXi 7.0 Update 1d Release Notes
	vCenter Server	7.0 Update 1c* **	VMware vCenter Server 7.0 Update 1c Release Notes
VMware vSAN Standard or higher	vSAN	7.0 Update 1d*	VMware ESXi 7.0 Update 1d  Release Notes
	vSAN Witness Appliance	7.0 Update 1c* Download the appliance from its location on My VMware.
VMware NSX Data Center Advanced or higher	NSX-T Data Center	3.1* **	VMware NSX-T Data Center 3.1 Release Notes
VMware Workspace ONE Access	VMware Workspace ONE Access	3.3.4* **	VMware Identity Manager 3.3.4 Release Notes
VMware vRealize Suite Lifecycle Manager	vRealize Suite Lifecycle Manager	8.2 Patch 2* **	VMware vRealize Suite Lifecycle Manager 8.2 Patch 2 Release Notes
VMware vRealize Operations Manager Advanced or higher	vRealize Operations Manager	8.2* **	vRealize Operations Manager 8.2 Release Notes
	vRealize Operations Management Pack for VMware Identity Manager	1.1	VMware vRealize Operations Management Pack for VMware Identity Manager 1.1 Release Notes
	vRealize Operations Management Pack for Storage Devices	8.0	VMware vRealize Operations Management Pack for Storage Devices 8.0 Release Notes
VMware vRealize Log Insight	vRealize Log Insight	8.2* **	vRealize Log Insight 8.2 Release Notes
	vRealize Log Insight Content Pack for NSX-T	3.9.2*
	vRealize Log Insight Content Pack for Linux	2.1
	vRealize Log Insight Content Pack for Linux  - Systemd	1.0
	vRealize Log Insight Content Pack for vRealize Suite Lifecycle Manager 8.0.1+	1.0.2*
	vRealize Log Insight Content Pack for VMware Identity Manager	2.0
VMware vRealize Automation Advanced or higher	vRealize Automation	8.2* **	vRealize Automation 8.2 Release Notes

 

*	Updated from the earlier release of VMware Validated Design
**	New To remediate VMSA-2021-0028 (CVE-2021-44228 and CVE-2021-45046), you must apply a certain configuration in the Apache log4j module in the affected products. See VMSA-2021-0028.

VMware makes available patches and releases to address critical security and functional issues for several products. After deploying VMware Validated Design, verify that you are using the latest security and express patches or hotfixes for a given component available.

• For applying patches and hotfixes to ESXi, vCenter Server, NSX-T, and vRealize Suite Lifecycle Manager, use update bundles in SDDC Manager.
• For applying patches and hotfixes to Workspace ONE Access, vRealize Operations Manager, vRealize Log Insight, or vRealize Automation, use vRealize Suite Lifecycle Manager.
• For applying patches and hotfixes to the region-specific Workspace ONE Access, use the updatemgr.hzn command tool in the appliance. See Performing an Online Upgrade to the Latest Version in the Workspace ONE Access 3.3 documentation.

Scalability and functionally tests for individual patches, express patches, or hotfixes are not typically performed against VMware Validated Design. If a patch must be applied to your environment, follow the VMware published practices and VMware Knowledge Base articles for the specific patch. If an issue occurs during or after the process of applying a patch, contact VMware Technical Support. If after applying a patch, the new product version no longer adheres to the bill of materials, or interrupts the upgrade to the next published version of the design, you must continue to follow the upgrade path to a version of the design that includes this product version.

VMware Marketplace and in-product marketplace store only the latest versions of the management packs for vRealize Operations Manager and the content packs for vRealize Log Insight. The software components table contains the latest versions of the packs that were available at the time this VMware Validated Design was validated. When you deploy the VMware Validated Design components, it is possible that the version of a management or content pack on VMware Marketplace and in-product marketplace is newer than the one used for this release.

For information on the life cycle of the VMware software components in this VMware Validated Design, see Life Cycle of the VMware Software Components.

What's New

VMware Validated Design 6.2 provides a list of new features:

• Updated Bill of Materials that incorporates new product versions.
• VMware Validated Design now contains dual-region design and deployment guidance for the virtual infrastructure components of the management domain and a virtual infrastructure workload domain, and for the cloud operations and automation components.

  The guidance uses NSX-T Federation and multi-instance management in VMware Cloud Foundation. The scope of the guidance for cloud operations and automation includes integration only with the NSX-T Local Manager instances in the environment.

  The architecture and design documents contain guidance for both single- and dual-region environments. The deployment guidance for the second region for the management and workload domains is placed in separate documents. The deployment guidance for the second region for the cloud operations and automation solutions is co-located with the deployment guidance for the first region.

  • Architecture and Design for the Management Domain
  • Deployment of the Management Domain in the Second Region
  • Architecture and Design for a Virtual Infrastructure Workload Domain
  • Deployment of a Virtual Infrastructure Workload Domain in the Second Region
  • Architecture and Design for Cloud Operations and Automation
  • Deployment of Cloud Operations and Automation

Internationalization

This VMware Validated Design release is available only in English.

Compatibility

This VMware Validated Design guarantees that product versions in the VMware Validated Design 6.2, and the design chosen, are fully compatible. Any minor known issues that exist are described in this release notes document.

Installation

To install and configure an SDDC according to this validated design, follow the guidance in these documents: 

• Deployment of the Management Domain in the First Region
• Deployment of the Management Domain in the Second Region
• Deployment of a Virtual Infrastructure Workload Domain in the First Region
• Deployment of a Virtual Infrastructure Workload Domain in the Second Region
• Deployment of a vSphere with Tanzu Workload Domain in the First Region
• Deployment of Cloud Operations and Automation

Upgrade

To upgrade your SDDC according to this validated design, follow the guidance in the Upgrade documentation.

Life Cycle of the VMware Software Components

This VMware Validated Design version is based on one or more VMware products whose versions eventually reach the End of Support Life (EOSL) stage as described by the VMware Lifecycle Policies.Тhose versions are no longer generally supported by VMware. In such a case, upgrade to a later version by using the upgrade procedures in the VMware Validated Design Upgrade documentation.

If you are using an earlier version in your environment, upgrade your environment according to the following scenarios:

Scenarios for Upgrade from a Version that Has Reached EOSL

Scenario	Upgrade Approach
The version of VMware Validated Design that you are using has already entered the EOSL stage but the next VMware Validated Design version is still supported.	Apply the VMware Validated Design Upgrade documentation to bring the VMware environment to a fully supported state
The version of VMware Validated Design that you are using and the next version have both already entered the EOSL stage	Because the VMware Validated Design Upgrade documentation supports upgrade only from one release to the next one, the transition across multiple releases might be complex. Contact a VMware sales representative to plan and perform a custom upgrade procedure with the assistance of VMware Professional Services.

For more information about current and expired product releases, refer to the VMware Lifecycle Product Matrix

Caveats and Limitations

• Upgrade guidance from VMware Validated Design 5.1.x to VMware Validated Design 6.0.x, VMware Validated Design 6.1, and VMware Validated Design 6.2 is not available.

  At the time of publishing this design, a migration path from an architecture that is not based on VMware Cloud Foundation to an architecture on top of VMware Cloud Foundation is not available.

• This release of VMware Validated Design provides dual-region guidance only for а clean SDDC deployment.

  The scope of VMware Validated Design 6.0 and VMware Validated Design 6.1 is an SDDC with a single region. Guidance on upgrading your single-region SDDC to VMware Validated Design 6.2 and extending it to a dual-region SDDC is not available.

• This release of the VMware Validated Design does not include design or implementation guidance on the use of a shared NSX-T Manager cluster for multiple workload domains.
• This release of VMware Validated Design does not provide design or implementation guidance for the consolidated SDDC architecture.

• For best support of vSphere with Tanzu workload domains, SDDC Manager is configured to apply ESXi patches and updates by using vSphere Lifecycle Manager baselines.

• To provide a user-friendly object naming across the SDDC, to deploy workload domains, you call the SDDC Manager API with a JSON specification instead of using the SDDC Manager user interface.

• While you can use NSX-T Federation to implement a dual-region SDDC, the versions of vRealize Operations Manager, vRealize Log Insight, and vRealize Automation in this release do not provide a native integration with this feature of NSX-T Data Center. Reach out to your VMware  contact for roadmap information.

• This release of VMware Validated Design does not include design or implementation guidance on the use of multi-tenancy for vRealize Automation and Workspace ONE Access.

• Using the vRealize Log Insight Content Packs for vRealize Automation and vRealize Orchestrator is not part of the design.

  Earlier versions of VMware Validated Design include vRealize Log Insight Content Packs for earlier versions of vRealize Automation and vRealize Orchestrator. At the time of publishing this design, content packs for vRealize Automation 8.2 and vRealize Orchestrator 8.2 are not available.

• You enable the vSAN stretched cluster in the management domain and a virtual infrastructure workload domain by using the SDDC Manager API. The names of the distributed port groups for Availability Zone 2 that are created by SDDC Manager derive from the names of the distributed port groups for Availability Zone 1, introducing deviation from the naming convention in this VMware Validated Design.
• VMware Site Recovery Manager and VMware vSphere Replication are not in scope of this release because of the limitations in multi-region support.
• In this release of VMware Validated Design, the Operational Verification, and Shutdown and Startup documentation is single-region.

Deployment of the Management Domain with VLAN-Backed Networks

In VMware Validated Design 6.2, you connect the cross-region Workspace ONE Access cluster and the vRealize Suite products to virtual network segments in NSX-T Data Center. This approach provides support for BGP-based dynamic routing for improved mobility and security of the management applications. As an alternative, you can use VLAN-backed network segments with static routes in NSX-T Data Center. See VMware Knowledge Base article 80864.

Documentation Delivery Log

The VMware Validated Design documentation is published in several iterations. On the release date, the core documents that introduce VMware Validated Design and provide guidance on the SDDC design, planning, and deployment are published live. The remaining documents are released in groups until the entire set is compliant with the Bill of Materials of the VMware Validated Design release.

Log of Delivered VMware Validated Design Documentation

Delivery Date	Documentation
30 MAR 2021	The following guides are extended to support multiple regions for the solutions for cloud operations and automation: Planning and Preparation Workbook Solutions Cloud Operations and Automation Architecture and Design for Cloud Operations and Automation Deployment of Cloud Operations and Automation
09 FEB 2021	Introducing VMware Validated Design Management Domain Architecture and Design for the Management Domain Deployment of the Management Domain in the First Region Deployment of the Management Domain in the Second Region Workload Domain Virtual Infrastructure Workload Domain Architecture and Design for the Virtual Infrastructure Workload Domain Deployment of a Virtual Infrastructure Workload Domain in the First Region Deployment of a Virtual Infrastructure Workload Domain in the Second  Region vSphere with Tanzu Workload Domain Architecture and Design for vSphere with Tanzu Workload Domain Deployment of a vSphere with Tanzu Workload Domain in the First Region Solutions Cloud Operations and Automation Architecture and Design for Cloud Operations and Automation Deployment of Cloud Operations and Automation in the First Region Operations Shutdown and Startup Upgrade Operational Verification

All documentation is available on the VMware Validated Design Documentation page.

Known Issues

• After you upgrade to VMware Validated Design 6.2, trying to add another workload domain fails at deploying the NSX-T Edge cluster for the domain

  In VMware Validated Design 6.1, during the deployment of the vRealize Suite components, for compliance with the VMware Validated Design naming convention, you override the default name of the initial service interface on the load balancing Tier-1 gateway. As a result, the next time you try to add a workload domain, during the NSX-T Edge cluster deployment, SDDC Manager tries to use the same name for the initial service interface of the Tier-1 gateway for the new workload domain.

  In the SDDC Manager user interface, the Create NSX-T Data Center Tier-0 interface subtask fails with the following error:

  Unable to create Tier0 interface sfo-w01-ec01-t01-gw01
Type: com.vmware.vapi.std.errors.InvalidRequest
Message: InvalidRequest (com.vmware.vapi.std.errors.invalid_request) => { messages = [], data = struct => {error_message=Cannot create an object with path=[/infra/tier-0s/sfo-w01-ec01-t0-gw01/locale-services/default/interfaces/sfo-m01-ec01-t1-lb01-si01] as it already exists., httpStatus=BAD_REQUEST, error_code=500127, module_name=Policy}, errorType = INVALID_REQUEST }

  Workaround: Temporarily disable overriding the default naming for the Tier-1 gateways that are created by SDDC Manager and for their components .

  1. Log in to SDDC Manager by using a Secure Shell (SSH) client.

     Setting	Value
     URL	sfo-vcf01.sfo.rainpole.io
     User name	vcf
     Password	vcf_password

  2. Switch to the root user by running the su command.
  3. In the /opt/vmware/vcf/domainmanager/config/application-prod.properties file, comment the following lines out.
     #override.tier.interface.name=sfo-m01-ec01-t1-lb01-si01
#default.standalone.t1.name=sfo-m01-ec01-t1-lb01
#vcf.vrealize.lb.name=sfo-m01-lb014
  4. Restart the domain manager service.
     systemctl restart domainmanager