vCloud Director 8.20 for Service Providers Release Notes

Updated on: 27 March 2017

vCloud Director 8.20 for Service Providers | 21 February 2017 | Release Build 5070630 (installer build 5070903)

What's in the Release Notes

The release notes cover the following topics:

Notice: vCloud Director 8.20 and Usage Meter Interop Requirements

Before deploying vCloud Director 8.20 in production, you must ensure that it is configured correctly with Usage Meter. See Installation and Upgrade Issues.

What's New in this Release

New Features

  • Advanced Edge Gateway and Distributed Firewall configuration via the vCloud Director Tenant Portal
    This release introduces the vCloud Director Tenant Portal with an initial set of controls that you can use to configure Edge Gateways and NSX Distributed Firewalls in your organization. The Tenant Portal is a pure-HTML5 user interface that you can use in conjunction with the legacy vCloud Director Web Console.

  • A new vCloud Director API for NSX
    This release introduces a new a proxy API that enables vCloud API clients to make requests to the NSX API. Unlike the NSX API, which is designed to address NSX objects in a global scope like that of a vCenter datacenter, the vCloud Director API for NSX is designed to address NSX objects within the scope of a vCloud Director tenant organization.

  • Role Administration at the Organization Level
    In previous releases, roles were global objects created by system administrators and available to all organizations. Beginning with vCloud Director 8.20, role objects exist in each organization in the system. System administrators can use the vCloud Director Web Console or the vCloud API to create roles in any organization. Organization administrators can use the vCloud API to create roles that are local to their organization. During upgrade, existing global roles are mapped to local roles with the same names and rights. After upgrade, organization administrators can modify these roles or add new ones for use within their organization. When the system administrator creates an organization, it includes the default set of pre-defined roles and the rights they contain. A system administrator can grant additional rights to an organization. A system administrator can create roles in the System organization and in other organizations, but roles are no longer global to the system.

  • Automatic discovery and import of vCenter VMs
    Organization VDCs automatically discover vCenter VMs that exist in any resource pool that backs the VDC. A system administrator can use the vCloud API to specify vCenter resource pools for the VDC to adopt. vCenter VMs that exist in an adopted resource pool become available as discovered vApps in the new VDC.

  • Virtual Machine Host Affinity
    A system administrator can create groups of VMs in a resource pool, then use VM-Host affinity rules to specify whether members of a VM group should be deployed on members of a vSphere host DRS Group.

  • Multi-Cell Upgrade
    The upgrade utility now supports upgrading all the cells in your server group with a single operation.

Documentation

To access the full set of vCloud Director 8.20 for Service Providers documentation, go to the vCloud Director for Service Providers Documentation page.

System Requirements and Installation

Compatibility Matrix

See the VMware Product Interoperability Matrixes for current information about:

  • vCloud Director interoperability with other VMware platforms
  • Supported vCloud Director databases
  • Upgrade paths

Supported vCloud Director Server Operating Systems

  • CentOS 6
  • CentOS 7
  • Oracle Linux 6
  • Oracle Linux 7
  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 7

Supported vCloud Director Databases

The most current information about supported databases for this release of vCloud Director is available from the VMware Product Interoperability Matrixes. For recommended database server configurations, see the vCloud Director Installation and Upgrade Guide.

Supported AMQP Servers

vCloud Director uses AMQP to provide the message bus used by extension services, object extensions, and notifications. This release of vCloud Director requires RabbitMQ version 3.6.

For more information, see the vCloud Director Installation and Upgrade Guide.

Supported Databases for Storing Historic Metric Data

You can configure your vCloud Director installation to store metrics that vCloud Director collects about virtual machine performance and resource consumption. Data for historic metrics is stored in a KairosDB database backed by Cassandra. vCloud Director supports the following KairosDB and Cassandra versions.

  • KairosDB 1.1.1
  • Cassandra 3.7

For more information, see the vCloud Director Installation and Upgrade Guide.

Disk Space Requirements

Each vCloud Director server requires approximately 2100MB of free space for the installation and log files.

Memory Requirements

Each vCloud Director server must be provisioned with at least 6GB of memory.

Required Linux Software Packages

Each vCloud Director server must include installations of several common Linux software packages. These packages are typically installed by default with the operating system software. If any are missing, the installer fails with a diagnostic message.

alsa-lib    
bash
chkconfig
coreutils
findutils
glibc
grep
initscripts
krb5-libs
libgcc
libICE
libSM
libstdc++
libX11
libXau
libXdmcp
libXext
libXi
libXt
libXtst
module-init-tools
net-tools
pciutils
procps
redhat-lsb
sed
tar
which

In addition to these packages, which the installer requires, several procedures for configuring network connections and creating SSL certificates require the use of the Linux nslookup command, which is available in the Linux bind-utils package.

Supported LDAP Servers

vCloud Director allows you to import users and groups from the following LDAP services.

Platform LDAP Service Authentication Methods
Windows Server 2003 Active Directory Simple, Simple SSL, Kerberos, Kerberos SSL
Windows Server 2008 Active Directory Simple
Windows Server 2012 Active Directory Simple, Simple SSL, Kerberos, Kerberos SSL
Windows 7 (2008 R2) Active Directory Simple, Simple SSL, Kerberos, Kerberos SSL
Linux OpenLDAP Simple, Simple SSL

Supported Security Protocols and Cipher Suites

vCloud Director requires client connections to be secure. SSL version 3 and TLS version 1.0 have been found to have serious security vulnerabilities and are no longer included in the default set of protocols that the server offers to use when making a client connection. The following security protocols are supported:

  • TLS version 1.1
  • TLS version 1.2

Supported cipher suites include:

  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA

Interoperation with releases of vCenter earlier than 5.5-update-3e requires vCloud Director to support TLS version 1.0. You can use the cell management tool to reconfigure the set of supported SSL protocols or ciphers. See the Cell Management Tool Reference in the vCloud Director Administrator's Guide.

Supported Browsers

The vCloud Director Web Console is compatible with recent versions of Google Chrome, Mozilla Firefox, and Microsoft Internet Explorer.

Browsers Supported on Linux Platforms

On these Linux platforms, the vCloud Director Web Console is compatible with the most recent version of Mozilla Firefox and Google Chrome, and with their immediate predecessor versions.

  • CentOS 7.x
  • Red Hat Enterprise Linux 7.x
  • Ubuntu 14.x

Browsers Supported on Windows Platforms

On Windows platforms, the vCloud Director Web Console is compatible with at least one version of Microsoft Internet Explorer. Some Windows platforms are also compatible with the most recent version of Mozilla Firefox and Google Chrome, and with their immediate predecessor versions.

Note: Use of Microsoft Edge is not supported with vCloud Director installations that use self-signed certificates.

Platform Google Chrome Mozilla Firefox Microsoft Browsers
Windows XP Pro YES YES IE 11.x
Windows Server 2003 Enterprise Edition YES YES IE 11.x
Windows Server 2008 YES YES IE 11.x
Windows Server 2008 R2 YES YES IE 11.x
Windows Server 2012 R2 YES YES IE 11.x
Windows Vista YES No IE 11.x
Windows 7 YES YES IE 11.x
Windows 8, 8.1 YES YES IE 11.x
Windows 10 YES YES IE 11.x, Edge

Browsers Supported on Macintosh Platforms

On Macintosh platforms, the vCloud Director Web Console is compatible with the most recent version of Mozilla Firefox and Google Chrome, and with their immediate predecessor versions.

Supported Versions of Adobe Flash Player

The vCloud Director Web Console requires Adobe Flash Player 11.2 or later. Only the 32-bit version is supported.

Supported Versions of Java

vCloud Director clients must have JRE 1.6.0 update 10 or later installed and enabled. Only the 32-bit version is supported.

Supported Guest Operating Systems and Virtual Hardware Versions

vCloud Director supports a wide variety of 32-bit and 64-bit operating systems in its virtual machine templates and virtual machines. This release can support virtual hardware version 4 and versions 7-13. The availability of any virtual hardware version depends on the version of vCenter and ESXi you are using with vCloud Director.

Microsoft Windows Guest Operating System Support

The following Microsoft Windows guest operating systems are supported. Unless stated otherwise, all OS variants and 32-bit/64-bit editions are supported. Unless specified, all SP, minor or maintenance versions are supported.

  • Microsoft Windows Server 2016 64-bit
  • Microsoft Windows Server 2012 R2 64-bit
  • Microsoft Windows Server 2012 64-bit
  • Microsoft Windows 10
  • Microsoft Windows 8
  • Microsoft Windows 7
  • Microsoft Windows Server 2008 R2 64-bit
  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2003
  • Microsoft Windows Small Business Sever 32-bit
  • Microsoft Windows Vista
  • Microsoft Windows XP Professional

UNIX/Linux Guest Operating System Support

The following UNIX and Linux guest operating systems are supported. Unless stated otherwise, all OS variants and 32-bit/64-bit editions are supported. Unless specified, all SP, minor or maintenance versions are supported.

  • Red Hat Enterprise Linux 4-7
  • SUSE Enterprise Linux 10-12
  • Oracle Linux 4-7
  • CentOS
  • Ubuntu Linux
  • Other 3.x Linux
  • Other 2.6.x Linux
  • Other 2.4.x Linux
  • Other Linux

Known Issues

General Issues

  • Outdated References to vShield Manager in the Administrator's Guide
    Several topics in the Administrator's Guide refer to vShield manager, which is no longer supported with vCloud Director.

    Workaround: Most procedures that reference vShield Manager are unchanged when using NSX.

Installation and Upgrade Issues

  • Interoperation with VMware vCloud Usage Meter 3.5
    If you are currently using VMware vCloud Usage Meter 3.5 with vCloud Director, upgrading vCloud Director to release 8.20 will introduce an incompatibility between those two products. vCloud Usage Meter 3.5 must use the TLS1.0 protocol for HTTPS connections. vCloud Director no longer supports TLS1.0 in its default configuration.

    Workaround: You can use the cell management tool to re-enable use of TLS1.0 by vCloud Director. See Managing the List of Allowed SSL Protocols in the vCloud Director Administrator's Guide. For more information about TLS1.0 and VMware Products, see VMware Knowledge base article 2145796.

    If you cannot use vCloud Director with TLS1.0 you must wait until the next Usage Meter release becomes available.

Networking Issues

  • Additional Advanced Networking Rights Required When Configuring Remote Access or Syslog Properties.
    Attempts to configure either syslog settings or remote access settings fail for roles that do not have both the Organization vDC Gateway: Configure Remote Access and Gateway: Configure Syslog Server right.

    Workaround: Add the necessary rights to the role.

  • Cannot Convert an Organization VDC Network to a Subinterface if it is Specified in a DHCP, NAT or Routing Configuration.
    Attempts to convert an Organization VDC Network to a subinterface fail if the network is specified in a DHCP, NAT or routing configuration.

    Workaround: Remove the network from the DHCP, NAT, or routing configuration. Convert the network to a subinterface, then return it to the configuration.

  • Migrate to VXLAN Operation Not Supported With vSphere 6.5
    You cannot use the Migrate to VXLAN button to convert VCDNI network pools to VXLAN network pools after you have upgraded your vCloud Director installation to use vSphere 6.5. VCDNI network pools are not supported on vSphere releases later than 6.0 and NSX releases later than 6.2.

    Workaround: If your vCloud Director installation still has any VCDNI network pools hosted on vSphere 6.0 or earlier, upgrade vCloud Director to 8.20 and migrate the VCDNI pools to VXLAN before upgrading to vSphere 6.5. For more information, see VMware Knowledge Base article 2148381.

Virtual Machine and vApp Issues

  • vCloud Director Does Not Support New Guest Operating Systems Introduced in vSphere 6.5
    While this release of vCloud Director continues to support all guest operating systems supported by the previous release of vCloud Director, it does not yet support the following guest operating systems, which were introduced in vSphere 6.5.

    VMware Photon OS (64-bit)
    CentOS 7 (64-bit)
    CentOS 6 (64-bit)
    CentOS 6 (32-bit)
    Debian GNU/Linux 10 (64-bit)
    Debian GNU/Linux 10 (32-bit)
    Debian GNU/Linux 9 (64-bit)
    Debian GNU/Linux 9 (32-bit)
    Asianux 7 (64-bit)
    Oracle Linux 7 (64-bit)
    Oracle Linux 6 (64-bit)
    Oracle Linux 6 (32-bit)
    Apple Mac OS X 10.12 (64-bit)
    Apple Mac OS X 10.11 (64-bit)

    The vCloud Director Web Console displays a generic description such as "Other (32-bit)" when it encounters a VM with one of the listed guest operating systems. For example, This issue can affect users who want to create a VM with one of the unsupported guest operating systems. It can also affect organizations whose VDCs have been configured to discover VMs in vCenter resource pools that contain VMs with any of the unsupported guest operating systems.

    Workaround: When creating a VM with one of the unsupported guest operating systems, choose a supported guest OS type that is a close match. For example use "CentOS 4/5 or later" as a substitute for CentOS 6 or CentOS 7. When a VM with one of the unsupported guest operating systems is discovered, you can use the Virtual Machine Properties page to change the Operating System Family and Operating System values to a supported value that is a close match. This workaround can allow guest customization to succeed in some cases.

  • Limitations When Adopting a Discovered vApp
    When you adopt a discovered vApp that includes a powered-on VM, the process cannot always reconfigure the VM to be compatible with the target VDC.

    • The VM must not include an IDE hard disk controller.
    • The VM must be able to connect to a portgroup backing an existing network in the containing organization VDC.
    • The containing organization VDC must be backed by a storage profile that includes the datastore to which the VM is currently deployed.

    Workaround:

    • If the VM uses an IDE controller, power off the VM and re-run the adoption.
    • If the VM connects to a portgroup that does not back a network in the VDC, disconnect it and then connect it to a network in the organizaion VDC.
    • If the VM uses a datastore that is not part of a storage profile in the VDC, power it off so the system can move it to new backing storage during adoption.

API Issues

  • Incorrect List of vCloud API Changed Types in the Schema Reference
    The vCloud API Changed Types page of the vCloud API Schema Differences lists a number of types as removed in API version 20.0 and added in API version 27.0. Any types listed this way were actually not changed in either API version.

    Workaround: The list of changed elements is not affected by this problem. Most types have a corresponding element with a similar name.