check-circle-line exclamation-circle-line close-line

vCloud Director 10.0 for Service Providers | 19 SEP 2019 | Build 14638910 (installed build 14636284)

Check for additions and updates to these release notes.

What's in this Document

 

What's New in This Release

For information about the new and updated features of this release, see the VMware Technical White Paper What’s New with VMware vCloud Director 10.0.

 

Deprecated and Discontinued Functionality

End of Life and End of Support Warnings

  • SQL Server database is no longer supported. Only the PostgreSQL database is supported.
  • Oracle Linux is no longer supported as the host operating system to install the vCloud Director application.
  • vCloud API version 20 is no longer supported.
  • vCloud API Version 27.0 is deprecated and will become unsupported after vCloud Director 10.0.
  • vCloud API Version 29.0 is deprecated.
  • The Flex-based UI is deprecated and is disabled by default. vCloud Director 10.0 is the last release of vCloud Director to include the Web Console (Flex-based UI). The HTML5 UI is the only supported user interface for tenants and service providers.
  • The /api/sessions API login endpoint is deprecated in vCloud API Version 33.0. vCloud Director 10.0 introduces separate vCloud Director OpenAPI login endpoints for the service provider and tenant access to vCloud Director.
  • vCloud Director 10.0 no longer keeps audit events indefinitely in the database. The default number of days is 45 and the maximum is 60. vCloud Director 10.0 maintains in the database the audit events collected from environments prior to version 10.0. You can export the audit event information in CSV format by using the cell-management-tool export-audit-events.
  • The query API for audit events /api/query?type=event is deprecated in favor of the new OpenAPI Event API at /cloudapi/1.0.0/auditTrail. This new API only retrieves audit events that have occurred in the window defined by the configuration variable com.vmware.vcloud.audittrail.history.days which is 45 days by default and has a maximum of 60 days.

Upcoming End of Support Notice

 

Flex UI Deprecation

In vCloud Director 10.0, the vCloud Director Web Console (Flex-based UI) is deprecated and disabled by default. The Web Console URL redirects to the corresponding HTML5 landing pages for service providers and tenants. System administrators with root credentials can use the cell management tool to enable the Web Console. For more information on enabling the Web Console and the redirects from the Web Console URL, see the Enable the vCloud Director Web Console topic in the vCloud Director Installation, Configuration, and Upgrade Guide.

 

For more information on upgrading to vCloud Director 10.0, upgrade and migration paths and workflows, see Upgrading vCloud Director.

 

System Requirements and Installation

Compatibility Matrix

See the VMware Product Interoperability Matrixes for current information about:

  • vCloud Director interoperability with other VMware platforms
  • Supported vCloud Director databases

Supported vCloud Director Server Operating Systems

  • CentOS 6
  • CentOS 7
  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 7

Supported AMQP Servers

vCloud Director uses AMQP to provide the message bus used by extension services, object extensions, and notifications. This release of vCloud Director requires RabbitMQ version 3.7.

For more information, see the vCloud Director Installation, Configuration, and Upgrade Guide.

Supported Databases for Storing Historic Metric Data

You can configure your vCloud Director installation to store metrics that vCloud Director collects about virtual machine performance and resource consumption. Data for historic metrics is stored in a Cassandra database. vCloud Director supports Cassandra versions 3.x.

For more information, see the vCloud Director Installation, Configuration, and Upgrade Guide.

Disk Space Requirements

Each vCloud Director server requires approximately 2100MB of free space for the installation and log files.

Memory Requirements

Each vCloud Director server must be provisioned with at least 6GB of memory.

CPU Requirements

vCloud Director is a CPU-bound application. CPU over-commitment guidelines for the appropriate version of vSphere should be followed. In virtualized environments, regardless of the number of cores available to vCloud Director, there must be a sensible vCPU to physical CPU ratio, that does not result in extreme over-committing.

Required Linux Software Packages

Each vCloud Director server must include installations of several common Linux software packages. These packages are typically installed by default with the operating system software. If any of the packages are missing, the installer fails with a diagnostic message.

alsa-lib    
bash
chkconfig
coreutils
findutils
glibc
grep
initscripts
krb5-libs
libgcc
libICE
libSM
libstdc++
libX11
libXau
libXdmcp
libXext
libXi
libXt
libXtst
module-init-tools
net-tools
pciutils
procps
redhat-lsb
sed
tar
wget
which

In addition to the installer required packages, several procedures for configuring the network connections and creating SSL certificates require the use of the Linux nslookup command, which is available in the Linux bind-utils package.

Supported LDAP Servers

You can import users and groups to vCloud Director from the following LDAP services.

Platform LDAP Service Authentication Methods
Windows Server 2008 Active Directory Simple
Windows Server 2012 Active Directory Simple, Simple SSL, Kerberos, Kerberos SSL
Windows Server 2016 Active Directory Simple, Simple SSL
Windows 7 (2008 R2) Active Directory Simple, Simple SSL, Kerberos, Kerberos SSL
Linux OpenLDAP Simple, Simple SSL

Supported Security Protocols and Cipher Suites

vCloud Director requires the client connections to be secure. SSL version 3 and TLS version 1.0 have been found to have serious security vulnerabilities and are no longer included in the default set of protocols that the server offers to use when making a client connection. The following security protocols are supported:

  • TLS version 1.1
  • TLS version 1.2

Supported cipher suites include:

  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA

Note: Interoperation with releases of vCenter Server earlier than 5.5-update-3e and versions of ovftool earlier than 4.2 require vCloud Director to support TLS version 1.0. You can use the cell management tool to reconfigure the set of supported SSL protocols or ciphers. See the Cell Management Tool Reference in the vCloud Director Installation, Configuration, and Upgrade Guide.

Supported Browsers

vCloud Director is compatible with the current major and previous major release of the following browsers:

  • Google Chrome
  • Mozilla Firefox
  • Microsoft Edge
  • Microsoft Internet Explorer 11

Note: Use of Microsoft Edge is not supported with vCloud Director installations that use self-signed certificates. Edge also does not support plugins, so functions such as console redirection and OVF upload do not work with Edge.

Supported Guest Operating Systems and Virtual Hardware Versions

vCloud Director supports all guest operating systems and virtual hardware versions supported by the ESXi hosts that back each resource pool.

vCloud Director WebMKS 2.1.1

The vCloud Director WebMKS 2.1.1 console adds support for:

  • the PrintScreen key in Google Chrome and in Mozilla Firefox for Windows.
  • the Windows key in Windows and macOS. To simulate pressing the Windows key, press Ctrl+Windows in Windows OS, or Ctrl+Command in macOS.
  • Automatic keyboard layout detection in Google Chrome and Mozilla Firefox. 

 

Unavailable Flex UI Functionalities In the vCloud Director 10.0 HTML5 UI

Below are some of the functionalities that are not available in the HTML5 Tenant Portal and Service Provider Admin Portal.

  • Unable to change the catalog owner (Tenant portal)
  • Unable to edit the OVF properties of a vApp and VM (Tenant portal)
  • No option to power on a vApp after vApp deployment (Tenant portal)
  • Unable to import a VM or vApp from vSphere (Tenant portal)
  • Unable to change the user notification settings (Tenant portal)
  • Unable to change the vApp lease expiry alert notification settings (Tenant portal)
  • Unable to import a vApp template from vSphere (Tenant portal)
  • Unable connect to a vApp network when creating a VM within a vApp (Tenant portal)
  • vApp templates are not differentiated from unexpired templates (Tenant portal)
  • Unable to set per-disk IOPS through the HTML5 UI (Provider portal)
  • Unable to set custom vApp lease times (Tenant portal)
  • Unable to copy a role (Provider portal)
  • External IP is not showing on the vApp details page (Tenant portal)

 

Known Issues

  • If you disable the provider access to the legacy API login endpoint, all API integrations that rely on the system administrator login stop working, including vCloud Usage Meter and vCloud Availability for vCloud Director

    Starting with vCloud Director 10.0, you can use separate vCloud Director OpenAPI login endpoints for service provider and tenant access to vCloud Director. If the service provider access to the legacy /api/sessions  endpoint is disabled, it causes products that integrate with vCloud Director, like vCloud Usage Meter and vCloud Availability for vCloud Director, to stop working. These products will require a patch to continue to operate.

    The issue affects only system administrators. The tenant login is not affected.

    Workaround: Re-enable the service provider access to the legacy /api/sessions  endpoint by using the cell management tool.

  • When you change the  reservation guarantee values of a VDC, the existing VMs are not updated accordingly even after a reboot

    If you have a flex organization VDC with the system default policy and powered-on virtual machines on that VDC are with the default sizing policy, when you increase the resource guarantee value of the VDC, the resource reservation for the existing VMs is not updated and they are also not marked as non-compliant. The issue occurs also when you convert a legacy VDC allocation model to a flex allocation model and the existing VMs become non-compliant with the new default policy of the flex organization VDC after the conversion.

    Workaround:

    1. To display the non-compliant VMs in the vCloud Director UI, perform an explicit compliance check against the VMs by using the vCloud API.
    2. To reapply the policy and reconfigure the resource reservations, in the vCloud Director Tenant Portal, click Make VM Compliant for a non-compliant VM.
  • The New Organization VDC Network wizard might not display all edge gateways on the Edge connection page

    When creating a routed organization VDC network, the Tenant Portal UI might not display all of the edge gateways to connect to.

    Workaround: If the Tenant Portal UI does not display the edge gateway you want to connect to, use the vCloud Director Web Console (Flex-based UI).

  • vCloud Director displays incorrect information about running and total VMs and CPU and memory stats in dedicated vCenter Server instances

    If a dedicated vCenter Server is version 6.0 U3i or earlier, 6.5U2 or earlier, or 6.7U1 or earlier, vCloud Director displays incorrect information about running VMs, total VMs, and CPU and memory statistical information in the vCenter Server instance. The dedicated vCenter Server tile in the Tenant Portal and the dedicated vCenter Server information in the Service Provider Admin Portal display zero for both running and total VMs, even when there are virtual machines in the vSphere environment.

    Workaround: Upgrade the vCenter Server instance to version 6.0 U3j, 6.5U3, 6.7U2 or later.

  • If the current primary cell is healthy, you cannot promote a standby cell to primary by using the appliance management user interface 

    If the primary node is healthy, the Promote button in the appliance management UI does not work.

    Workaround: Switch the roles of the primary and a standby by using the Replication Manager Tool suite. For more information, see Switch the Roles of the Primary and a Standby Cell in a Database High Availability Cluster.

  • Updating a VM sizing policy fails with a memory allocation error

    If you convert an allocation-pool VDC to a flex organization VDC, vCloud Director keeps the maximum policy information from the allocation-pool VDC before the conversion. CPU or memory reservation guarantees higher than the reservations defined in the allocation-pool VDC fail with a Virtual machine reservation or limit or shares settings are invalid error.

    Workaround: Log in as a system administrator and set a new maximum policy with the new resource reservation guarantees.

  • Used NICs count in edge gateways grid is incorrect for NSX-T Edge Gateways

    For NSX-T organization VDC edge gateways, the number of used NICs displayed in the Edge Gateways page of the vCloud Director Service Provider Admin Portal is incorrect.The issue does not affect the functionality itself.

    Workaround: None.

  • Cannot configure the system to use a SAML identity provider by using the vCloud Director Service Provider Admin Portal

    After you configure your system to use a SAML identity provider by using the vCloud Director Service Provider Admin Portal, you cannot log in again to the vCloud Director Service Provider Admin Portal.

    Workaround: Configure your system to use a SAML identity provider by using the vCloud Director Web Console.

  • In the tenant H5 UI, not all organization VDC networks are displayed when adding an organization VDC network to a vApp

    In the tenant H5 UI, when you try to select an organization VDC network to add to a vApp, the H5 UI does not display the full network list. This is observed only with shared organization VDC networks when a multi-clustered backed PVDC is used.

    Workaround: Use vCloud Director Web console (Flex UI).

  • Cannot access an SDDC proxy if vCloud Director uses legacy self signed certificates

    After the upgrade to vCloud Director 9.7, connecting to an SDDC proxy might fail with the error message: verify error:num=20:unable to get local issuer certificate. This issue happens if you generated the self signed certificates by using the cell management tool in vCloud Director 9.5 or earlier.

    Workaround: After the upgrade to vCloud Director 9.7, regenerate and update the self signed certificates.

  • After the upgrade to vCloud Director 9.7 (vCloud API v.32.0), custom links that you added by using branding OpenAPI calls are removed

    In vCloud API v.32.0, type UiBrandingLink that is used for custom links is replaced by type UiBrandingMenuItem. These types have different elements. This change is backward incompatible. As a result, API calls from versions 31.0 or earlier that attempt to process or set customLinks within a UiBranding object fail.

    Workaround: Update your API calls to the new data type.

  • Changing the compute policy of a powered on VM might fail

    When trying to change the compute policy of a powered on VM, if the new compute policy is associated with a provider VDC compute policy that has VM Groups or Logical VM Groups, an error occurs. The error message contains: Underlying system error: com.vmware.vim.binding.vim.fault.VmHostAffinityRuleViolation.

    Workaround: Power off the VM, and retry the operation.

  • When using the vCloud Director Service Provider Admin Portal with Firefox, you cannot load the tenant networking screens

    If you are using the vCloud Director Service Provider Admin Portal with Firefox, the tenant networking screens, for example, the Manage Firewall screen for an organization virtual data center, might fail to load. This issue happens if your Firefox browser is configured to block Third-Party cookies.

    Workaround: Configure your Firefox browser to allow third-party cookies.

  • vCloud Director 9.7 supports only a list of input parameters of vRealize Orchestrator workflows

    vCloud Director 9.7 supports the following input parameters of vRealize Orchestrator workflows:

    • boolean
    • sdkObject
    • secureString
    • number
    • mimeAttachment
    • properties
    • date
    • composite
    • regex
    • encryptedString
    • array

    Workaround: None

  • A fast-provisioned virtual machine created on a VMware vSphere Storage APIs Array Integration (VAAI) enabled NFS array, or vSphere Virtual Volumes (VVols) cannot be consolidated

    In-place consolidation of a fast provisioned virtual machine is not supported when a native snapshot is used. Native snapshots are always used by VAAI-enabled datastores, as well as by VVols. When a fast-provisioned virtual machine is deployed to one of these storage containers, that virtual machine cannot be consolidated .

    Workaround: Do not enable fast provisioning for an organization VDC that uses VAAI-enabled NFS or VVols. To consolidate a virtual machine with a snapshot on a VAAI or a VVol datastore, relocate the virtual machine to a different storage container.

  • Org VDC network status is blank

    In the H5 tenant portal, the status of some old operational Org VDC networks appears as blank.

    Workaround: Change a property of the Org VDC network (e.g. description) and save it.

  • Organization VDC network cannot be deleted from the Tenant portal

    You have added a VDC network to a vApp and you have connected the same vApp to a virtual machine.
    When you try to delete the organization VDC network in the tenant portal, you receive an error message and you cannot proceed with the deletion.
    This network is in use.

    Workaround: To delete the organization VDC network follow the steps.

    1. In vCloud Director Web console, navigate to System > Organizations, and select your organization name.
      A window with all vApps, associated to your organization opens.
    2. Select the organization VDC vApp and navigate to the Networking tab.
    3. Right-click the organization VDC network you want to delete and select Delete.
    4. To delete the organization VDC network, click Apply.
  • When creating an Anti-Affinity Rule in the vCloud Director tenant portal, the UI displays empty virtual machine list

    When you try to create an Anti-Affinity rule in the vCloud Director tenant portal, you cannot select a virtual machine to add to the rule because the virtual machine selection list is empty.

    Workaround: To create an Anti-Affinity Rule, use the vCloud Director Web console.

  • Newly created virtual machines are deployed on the organization VDC default storage policy

    In the vCloud Director Tenant Portal, when you create a new standalone virtual machine, the option to specify the storage policy is missing. As a result the created virtual machine is deployed with the default storage policy of the organization VDC.

    Workaround: After you create the virtual machine, go to the resulted virtual machine properties and change the storage policy.