vRealize Operations 8.6.2 | 21 DEC 2021 Check for additions and updates to these release notes. |
VMware vRealize Operations 8.6.2 | 2021 | Build 19081814
VMware vRealize Operations Upgrade PAK for setups without Cloud Proxy | 2021 | Build 19081810
Note:This upgrade .pak file includes the OS upgrade files from Photon to Photon and the vApp upgrade files.
VMware vRealize Operations Upgrade PAK for setups with Cloud Proxy | 2021 | Build 19081810
Note:This upgrade .pak file includes the OS upgrade files from Photon to Photon, the vApp upgrade files, and Cloud Appliance upgrade files.
VMware vRealize Operations 8.6.2 Pre-Upgrade Assessment Tool | 2021 | Build 18696447
VMware vRealize Operations Cloud Appliance (vRealize Operations Cloud Proxy) 8.6.2 | 2021 | Build 19081813
VMware vRealize Operations Certificate Renewal PAK 8.6.2 | 2021 | Build 18456750
Check frequently for additions and updates to these release notes.
Security Vulnerability Fixed
This is a maintenance release in which Apache log4j has been updated to version 2.16 to resolve CVE-2021-44228 and CVE-2021-45046. For more information on these vulnerabilities and their impact on VMware products please see VMSA-2021-0028.
This maintenance release also resolves a few other important security and functionality issues. For more information, see KB 87154.
For what's new in 8.6.x, see the vRealize Operations 8.6 Release Notes.
Metrics and Properties Modifications
The following KB article describes all the metrics and properties that have been modified in vRealize Operations 8.6.2:
Metrics added in vRealize Operations 8.6
Instanced Metrics
Instanced metrics are disabled by default after deploying or upgrading to vRealize Operations 8.2 or later, and after importing a policy from older versions. To re-enable instanced metrics in vRealize Operations 8.2 or later, see KB 81119.
VMware vRealize Operations Certificate Renewal PAK File
An upgrade to vRealize Operations 8.6.2 also upgrades the internal certificate, except for 8.4.x and 8.5.x setups with Cloud Proxy connected. The VMware vRealize Operations Certificate Renewal PAK file must be applied on vRealize Operations 8.6.2 only if the internal certificate has expired and if Cloud Proxy was connected to vRealize Operations before upgrade. The internal certificate in vRealize Operations 8.6.2 is generated during initial deployment. See KB 71018. Cloud Proxy certificates are upgraded separately, for more details, see KB 83698.
Basic Authentication
Basic authentication using the REST API is deprecated and disabled in vRealize Operations 8.6.2 fresh deployments by default. Instances that have been upgraded to vRealize Operations 8.6.2, will inherit the same properties before the upgrade. It is recommended that you use token-based authentication instead. If you still need to enable or disable basic authentication, see KB 77271.
Active Directory Authentication Sources
Logging in to vRealize Operations with a short name will be successful only if the user name's domain suffix matches the domain name specified in the Base DN option. Otherwise, the full user name with the domain suffix is required during login. For more information, see KB 68131
Review this section before you install or update vRealize Operations.
Sizing and Scaling
The CPU, memory, and disk requirements that meet the needs of a particular environment depend on the number and type of objects in your environment and data collected. This includes the number and type of adapters installed, the use of HA (High Availability) and CA (Continuous Availability), the duration of data retention, and the quantity of specific data points of interest. VMware updates Knowledge Base article 2093783 with the most current information about sizing and scaling. The Knowledge Base article includes overall maximums and spreadsheet calculations that provide a recommendation based on the number of objects and metrics you expect to monitor.
Deployment Formats
You can deploy vRealize Operations 8.6.2 with VMware virtual appliance.
If you are deploying a vRealize Operations virtual appliance and vRealize Operations Cloud Appliance (cloud proxy), use a VMware vSphere Client to connect to a VMware vCenter Server, and deploy the virtual appliance through the vCenter Server instance. The vRealize Operations virtual appliance and vRealize Operations Cloud Appliance (cloud proxy) must be deployed on hosts that are:
Hardware Versions
The minimum hardware version required for vRealize Operations 8.x releases is version 11. If your vRealize Operations virtual appliance had a hardware version earlier than 11, you must first upgrade to hardware version 11 on vRealize Operations virtual appliance and then upgrade to vRealize Operations 8.6.2.
Cipher Suites and Protocols
For information about cipher suite lists and relevant protocols, see Cipher Suites and Protocols.
VMware Product Compatibility
Note: The VMware Product Interoperability Matrix provides details about the compatibility of vRealize Operations with VMware products.
Note: For FIPS mode compatibility details, see the footnotes in the interoperability matrix. The product will not work in FIPS mode if there are footnotes that state that it will not work in FIPS mode.
Solutions Support
In addition to the VMware solutions (vSphere, vRealize Log Insight, vSAN, Service Discovery, NSX-T, and many more), see the VMware Marketplace for many more solutions. These solutions work with Virtual Appliance single or multiple nodes.
Browser Support
This vRealize Operations release supports all current Web browsers, although only the following browsers were tested with this release:
Note: Support for Internet Explorer has been dropped from vRealize Operations 8.4 onwards.
To ensure compliance of your vSphere, VMware Cloud on AWS, and vSAN 7.0, 6.7, and 6.5 objects, and also NSX-T 2.3, 2.4, and 2.5, and NSX-V 6.3.x and 6.4.x objects, vRealize Operations 8.6.2 includes compliance alerts for VMware vSphere Security Configuration Guides versions 6.7 Update 1 and 6.5. These security configuration guide alerts are based on the corresponding object types. Some of the alerts and symptoms are available only for backward compatibility with older versions of vSphere, even though the current release supports the latest vSphere Security Configuration Guide 6.7 Update 1.
Note: Compliance rules will work on vSphere 7.0 objects as well. However, those rules are based on vSphere Security Configuration Guide 6.7 Update 1.
Upgrading to vRealize Operations 8.6.2, resets out-of-the-box content as part of the software upgrade process. This implies that the user modifications made to default content such as alert definitions, symptom definitions, recommendations, policies, views, dashboards, widgets, and reports are overwritten. You need to clone or backup the content before you upgrade to vRealize Operations 8.6.2.
There are two different upgrade .pak files to upgrade to vRealize Operations 8.6.2:
Notes:
Refer to the vRealize Operations Upgrade Center that has information about upgrading vRealize Operations. Refer to the VMware Lifecycle Product Matrix for information about supported versions of vRealize Operations.
vRealize Suite Lifecycle Manager 8.6.1 Product Support Pack 1 supports the installation of vRealize Operations 8.6.2. For more information, see VMware vRealize Suite Lifecycle Manager 8.6.1 release notes.
The vRealize Operations Information Center has detailed information about installation and software updates.
Refer to the vRealize Operations vApp Deployment and Configuration Guide that provides guidance for a vRealize Operations virtual appliance, before you install or update vRealize Operations.
Deploy vSphere with Operations Management (any edition) and vRealize Operations Standard together in one deployment.
Deploy vCloud Suite/vRealize Suite Standard, Advanced, or Enterprise and vRealize Operations Advanced or Enterprise edition together in one deployment.
Note: You can also install vRealize Operations by using vRealize Suite Lifecycle Manager. For more information, see the vRealize Suite Lifecycle Manager Installation, Upgrade, and Management Guide.
For details on resolved issues, see KB 87154.
After you upgrade vRealize Operations from 8.4 to a later release, content upgrade and agent management actions fail
After you upgrade vRealize Operations from a previous release, content upgrade and agent management actions fail on vRealize Operations on-prem and vRealize Operations Cloud when you also upgrade cloud proxy.
Workaround:
Complete the following steps:
You can view the log from the following location: /opt/vmware/var/log/ucp-subsequentboot
Upgrade might fail if any of the nodes are running on VMs with US/Pacific-New timezone
PostgreSQL database systems no longer support the US/Pacific-New timezone, which was just an alias for America/Los_Angeles timezone. If any of the vRealize Operations nodes are running on VMs with US/Pacific-New timezone, upgrade might fail.
Workaround: Change VM timezones from US/Pacific-New to America/Los_Angeles, and then upgrade.
The Take Node(s) Offline wizard appears when you try to bring an offline RC node online
When you try to bring an RC node back online after having just taken it offline, the Take Node(s) Offline wizard appears when you click the Take Node Offline/Online button, instead of the Take Node(s) Online wizard as expected.
Workaround: If the node state still displays as Running or the status is still Online after having taken it offline, wait a few moments and then manually refresh the data in the view from the top menu to get the latest state of the node. After the correct state is displayed which is Not Running, the Take Node Offline/Online button will work as expected.
JBoss server running in domain mode does not support LCM using custom Telegraf
You cannot deploy jolokia.war across all the servers that run as a part of the JBoss domain mode and hence metrics cannot be collected.
Workaround: Monitoring domain mode configuration in JBoss is supported in open source Telegraf. You can deploy jolokia.war across multiple servers.
The Add button in the Manage Telegraf Agents page remains activated after the creation of an application service
While monitoring specific application services using Telegraf, the Add button in the Manage Telegraf Agents page is active after the creation of the second instance of the following application services: MSIIS, Active Directory, Sharepoint, MSExchange, and Network Time Protocol.
Workaround: Delete the previous configurations of the specific application services and configure a new one.
Concurrent activation or deactivation of plugins during application monitoring using suite-api does not work
During application monitoring using suite-api, when you activate or deactivate plugins concurrently, plugin activation or deactivation does not work. An exception is logged in the ucpapi.log file.
Workaround: Provide a gap of one second between each thread during activation or deactivation of the plugins using suite-api.
When you get an application instance's configuration status using a Rest-API call, a wrong status is returned when the same configuration was installed or uninstalled previously
If you installed or uninstalled an application instance and then uninstalled or installed it respectively, the API returns "SUBMITTING" when you try to get the application instance install or uninstall configuration status using "GET /api/applications/agents/services/{taskId}/status".
Workaround: While getting the application instance configuration status using the "GET /api/applications/agents/services/{taskId}/status" API, ensure that you use the latest performed task ID. The result of calls with older IDs is undefined.
Previewing a view works incorrectly
When you try to preview a view that was not opened recently, the preview is not displayed.
Workaround: Click on Sample Data and then anywhere on the screen to view the preview. Refresh your browser tab afterwards, so that the workaround is applicable to other views from the left pane, which do not have a specified preview source.
When you upgrade from vRealize Operations 8.1 to 8.6.2, the Cassandra application service is displayed as Java Application in the Services Discovered/Configured column of the Manage Telegraf Agents tab
During application monitoring, after you upgrade from vRealize Operations 8.1 to 8.6.2, the Cassandra application service is displayed as Java Application in the Services Discovered/Configured column of the Manage Telegraf Agents tab. This happens if the Cassandra application service is configured for monitoring in vRealize Operations 8.1, using the vRealize Application Remote Collector generic Java plugin.
Workaround: Deactivate the Java plugin before you upgrade the vRealize Application Remote Collector agent on the VM. After upgrading the vRealize Application Remote Collector agent, the Cassandra plugin will be discovered and can then be activated.
System language settings affects service discovery
Service discovery might not work if the system language is different from English. For languages different from English, network connection state values might be different from constants defined in standard RFCs.
Workaround: None
Reconfigure the Project Price widget if the vRealize Automation 8.x integration is deactivated and then reactivated
There is data missing in the Project Price widget of the Cloud Automation Project Price Overview dashboard when you deactivate and then reactivate an existing vRealize Automation 8.x integration.
Workaround: Reconfigure the Project Price widget by completing the following steps:
While monitoring applications, you cannot activate a plugin with the same fields till the plugin configuration is deleted
An error message is displayed in the user interface of vRealize Operations that states the following: 'Failed to update resource: Resource with same key already exists'.
Workaround: Manually delete the existing plugin configuration and then continue with the activation of the plugin. If the problem persists, delete the corresponding resource from the inventory.
Alerts from the vSAN adapter that correspond to vSAN health check tests are not canceled if the test is removed from the vSAN Health Service.
vRealize Operations cannot detect and cancel deleted alerts.
Workaround: Manually cancel the alert from the user interface of vRealize Operations.
Generated reports may be blank
If you log in to vRealize Operations with vCenter Server credentials and generate a report, the generated report is always blank.
Workaround: None
Despite deleting ucp-adapter instance certificates, users can run actions
If users delete ucp-adapter instance certificates, they can still run actions such as, start and stop an agent, configure remote checks, and so on.
Workaround: None
If you change the vRealize Operations web certificate, some services might not work as expected
Some services might not work as expected after an update of the web certificate via API or from the vRealize Operations admin user interface.
Workaround: Restart the cluster after updating the web certificate.
Sorting by name in a view, results in unexpected behavior
When you edit a view and sort by name, the number of virtual machines displayed is more than what is configured.
Workaround: None
HTTP Post Adapter is deprecated in vRealize Operations 7.0 and above
Re-enabling the HTTP Post Adapter can open vRealize Operations to security flaws.
Workaround: Complete the steps in KB 60328.
The compliance score for a user with limited object visibility is the same as for a user with complete object visibility
The compliance score is calculated for objects that are not visible (not assigned) to the current user.
Workaround: Complete the following steps:
If that set is enabled only in one active policy (the one that is applied to the custom group), the compliance benchmark based on those alert definitions will display the correct score.
After upgrading cloud proxy and vRealize Operations to 8.6.2, the VM name is not appended to the MSSQL instance
After upgrading cloud proxy and vRealize Operations to 8.6.2, the VM name is not appended to the MSSQL instance for existing or newly activated plugins.
Workaround: None
The Last Year option in the date picker is not intuitive
The Last Year option in the date picker indicates that the time range starts from the end of the previous month and goes back a year. It does not indicate a time range that spans one year from the current date or the whole previous year.
Workaround: None
A PDF report file might not include all data from a widget that has a scrollbar
When you generate a report that contains a custom dashboard with a widget that has a scrollbar, the downloaded PDF file might not include all the data in the widget.
Workaround: Increase the height of the widget in the dashboard to fit all the data.