vCloud Director 9.0 for Service Providers Release Notes

|

vCloud Director 9.0 for Service Providers | 28 September 2017 | Release Build 6679579 (installer build 6681978)

Check for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

What's New in this Release

For information on the new and updated features of this release, see the VMware Technical White Paper What's New in vCloud Director 9.0.

Upcoming End of Support for vCloud API Versions 1.5 and 5.1

vCloud Director 9.0 is the last release of vCloud Director to support vCloud API versions 1.5 and 5.1.

System Requirements and Installation

Compatibility Matrix

See the VMware Product Interoperability Matrixes for current information about:

  • vCloud Director interoperability with other VMware platforms
  • Supported vCloud Director databases
  • Upgrade paths

Supported vCloud Director Server Operating Systems

  • CentOS 6
  • CentOS 7
  • Oracle Linux 6
  • Oracle Linux 7
  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 7

Supported AMQP Servers

vCloud Director uses AMQP to provide the message bus used by extension services, object extensions, and notifications. This release of vCloud Director requires RabbitMQ version 3.6.

For more information, see the vCloud Director Installation and Upgrade Guide.

Supported Databases for Storing Historic Metric Data

You can configure your vCloud Director installation to store metrics that vCloud Director collects about virtual machine performance and resource consumption. Data for historic metrics is stored in a Cassandra database. vCloud Director supports the following Cassandra versions.

  • Cassandra 2.2.6

For more information, see the vCloud Director Installation and Upgrade Guide.

Disk Space Requirements

Each vCloud Director server requires approximately 2100MB of free space for the installation and log files.

Memory Requirements

Each vCloud Director server must be provisioned with at least 6GB of memory.

CPU Requirements

vCloud Director is a CPU-bound application. CPU overcommittment guidelines for the appropriate version of vSphere should be followed. In virtualized environments, regardless of number of cores available to vCloud Director, there must be a sensible vCPU to physical CPU ratio, one that doesn't result in extreme overcommitting.

Required Linux Software Packages

Each vCloud Director server must include installations of several common Linux software packages. These packages are typically installed by default with the operating system software. If any are missing, the installer fails with a diagnostic message.

alsa-lib    
bash
chkconfig
coreutils
findutils
glibc
grep
initscripts
krb5-libs
libgcc
libICE
libSM
libstdc++
libX11
libXau
libXdmcp
libXext
libXi
libXt
libXtst
module-init-tools
net-tools
pciutils
procps
redhat-lsb
sed
tar
wget
which

In addition to these packages, which the installer requires, several procedures for configuring network connections and creating SSL certificates require the use of the Linux nslookup command, which is available in the Linux bind-utils package.

Supported LDAP Servers

vCloud Director allows you to import users and groups from the following LDAP services.

Platform LDAP Service Authentication Methods
Windows Server 2003 Active Directory Simple, Simple SSL, Kerberos, Kerberos SSL
Windows Server 2008 Active Directory Simple
Windows Server 2012 Active Directory Simple, Simple SSL, Kerberos, Kerberos SSL
Windows 7 (2008 R2) Active Directory Simple, Simple SSL, Kerberos, Kerberos SSL
Linux OpenLDAP Simple, Simple SSL

Supported Security Protocols and Cipher Suites

vCloud Director requires client connections to be secure. SSL version 3 and TLS version 1.0 have been found to have serious security vulnerabilities and are no longer included in the default set of protocols that the server offers to use when making a client connection. The following security protocols are supported:

  • TLS version 1.1
  • TLS version 1.2

Supported cipher suites include:

  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA

Note: Interoperation with releases of vCenter earlier than 5.5-update-3e requires vCloud Director to support TLS version 1.0. You can use the cell management tool to reconfigure the set of supported SSL protocols or ciphers. See the Cell Management Tool Reference in the vCloud Director Administrator's Guide.

Supported Browsers

The vCloud Director Web Console is compatible with recent versions of Google Chrome, Mozilla Firefox, and Microsoft Internet Explorer.

Browsers Supported on Linux Platforms

On these Linux platforms, the vCloud Director Web Console is compatible with the most recent version of Mozilla Firefox and Google Chrome, and with their immediate predecessor versions.

  • CentOS 7.x
  • Red Hat Enterprise Linux 7.x
  • Ubuntu 14.x

Browsers Supported on Windows Platforms

The vCloud Director Web Console is compatible with recent versions of Google Chrome, Mozilla Firefox, Microsoft Edge, and Microsoft Internet Explorer. Flash must be enabled in the browser.

Note: Use of Microsoft Edge is not supported with vCloud Director installations that use self-signed certificates. Edge also does not support plugins, so functions such as console redirection and OVF upload do not work with Edge.

Browsers Supported on Macintosh Platforms

On Macintosh platforms, the vCloud Director Web Console is compatible with the most recent version of Mozilla Firefox and Google Chrome, and with their immediate predecessor versions.

Supported Guest Operating Systems and Virtual Hardware Versions

Beginning with this release, vCloud Director supports all guest operating systems and virtual hardware versions supported by the ESXi hosts that back each resource pool.

Known Issues

The known issues are grouped as follows.

Installation and Upgrade Issues
  • System administrators cannot use an existing vSphere SSO configuration to authenticate to vCloud Director.

    Federation for the System organization has changed in this release. The System organization can now use any SAML IDP, not just the vSphere Single Sign-On service. Existing federation settings for the System organization are no longer valid and are deleted during the upgrade.

    Workaround: Re-register your organization with your SAML IDP. See "Enable Your Organization to Use a SAML Identity Provider" in the vCloud Director Administrator's Guide

  • Enabling SSL connections to a PostgreSQL vCloud Director database during the "Configure Network and Database Connections" workflow fails in some configurations.

    Because the configuration agent and the reconfigure-database command do not always import certificates and configure the keystore correctly, SSL connections to a PostgreSQL database must be configured for each cell individually.

    Workaround: When prompted to "Enable SSL for database connections?" respond with "N". Use the procedure in VMware Knowledge Base Article 2151464 to enable SSL connections to a PostgreSQL vCloud Director database.

Browser Issues
  • Using the vCloud Director Tenant Portal with Internet Explorer 11, vApp status is not reported accurately.

    vApp status is always reported as "stopped" and the Task List does not display all tasks.

    Workaround: When using the Tenant Console with Internet Exporer 11, you must disable the Internet Explorer cache. 

  • Using the vCloud Director Tenant Portal with Internet Explorer 11, you cannot open a VM console

    Console thumbnails are displayed, but remain in the "connecting" state when you attempt to open them.

    Workaround: Use a different browser such as Firefox, Google Chrome, or Microsoft Edge. Or use the vCloud Director Web Console.

Other Issues
  • Deployment of VMs can fail due to resource insufficiency in VDCs backed by vCenter 6.5 even though vCenter shows that the backing cluster has adequate resources. New capacity added after a vCenter Sever is registered with vCloud Director is not visible in a Provider VDC or organization VDC.

    vCloud Director does not always receive the latest information on CPU and memory usage from vCenter 6.5. This can lead to problems when creating Provider VDCs, especially those backed by a cluster that was added or updated after the vCenter server was registered with vCloud Director. It can also prevent the creation of an organization VDC when the backing Provider VDC appears to have no more resources, and can prevent the deployment of VMs in a Pay-As-You-Go VDC because capacity is incorrectly reported as being over the allocated limit. Deployment of a VM in an elastic VDC can fail if the vCloud Director placement selects a cluster whose capacity appears to be adequate when it really isn’t. Powering-off VMs does not appear to release CPU or memory in the corresponding resource pool.

    Workaround: Use the vCloud Director Web Console to reconnect to the vCenter server. All operations in the VDCs backed by the selected vCenter Server will be halted while vCenter syncs

  • Migration to a PostgreSQL database completes even though cells are active.

    The cell-management-tool dbmigrate subcommand fails to verify that all cells have been stopped before migration begins. This can cause the migration to fail, or make a partial migration appear to have succeeded.

    Workaround: Manually quiesce all cells and then stop the vmware-vcd service before running dbmigrate.

Networking Issues
  • Problems accessing L2 VPN after conversion from a subinterface.

    An L2 VPN configuration on an organization VDC network connected to an Edge Gateway subinterface becomes unusable when the subinterface is converted to an internal or distributed interface.

    Workaround: Disable the L2 VPN and remove it before converting the subinterface.

  • Registration of an NSX Server fails when you supply the credentials of an SSO user

    vCloud Director SSO users are not authorized to access an NSX endpoint required for registration, so registration fails.

    Workaround: Supply the credentials of a local user (integrated IDP) when you register NSX.