vArchitect Newsletter 028

Critical VMware Security Advisory

VMware discovered a hypervisor guest escape bug where out-of-bounds read is present in the products' SVGA video device emulation.  This allows software within a guest operating system to execute code on the host machine. Detailed information here.

Product Version Running on Patched version
ESXi 6.7 ESXi ESXi670-201810101-SG
ESXi 6.5 ESXi ESXi650-201808401-BG
ESXi 6.0 ESXi ESXi600-201808401-BG
Workstation 14.x Any 14.1.3
Fusion 10.x macOS 14.1.3

Please update your ESXi hosts as soon as possible.

Fling Updates

As usual, the VMware Flings saw some updates in September. Here is the rundown of new or updated flings since last time:

vCenter Server 6.0 Upgrade or migration path

For vCenter Server 6.0 Update 3g and Update 3h, with an embedded Postgres DB, there was no upgrade or migration path to vCenter Server 6.5 or 6.7.  KB can be found here, and if that doesn’t load check the blog post here.

This has now been resolved if you upgrade to vSphere 6.7 Update 1, however still no upgrade path available to vSphere 6.5.

New Releases

Some highly-anticipated releases were made available this month. Check the list below.

  • vCenter Server 6.7 U1
    • NOTE: If you are a Veeam customer, before upgrading please be aware this new release will break all your backup jobs. There is a workaround available with a registry change in Veeam, but it is recommended that you do not upgrade until Veeam releases Update 4. More information can be found here
    • vSphere Client (HTML5) now has feature parity with vSphere Web client!!! Finally, vSphere Client is now the only client you’ll need to manage vCenter Server.
    • vCenter Converge tool to migrate from an external to embedded PSC and move a vCenter Server with embedded PSC from one vSphere SSO Domain to another
    • Add support for vSphere Platinum
    • Simplified the creation of vCHA cluster
    • Enhanced content library
    • vMotion for NVIDIA vGPU
    • Support for Intel FPGA
    • Upgrade path from vSphere 6.5 U2 now available.
    • Release notes
  • ESXi 6.7 U1
  • vSAN 6.7 U1
    • New workflow called Cluster QuickStart
    • Integration of I/O controller firmware update with VUM
    • Release notes
  • vCloud Director for Service Provider
  • NSX SD-WAN by VeloCloud 3.2.1
  • PowerCLI 11
  • vROps Management Pack for vRO 2.0
    • Excited about this as it allows selecting *any* workflow for inclusion in an action.
    • Official blog posts here and here.
Free E-Book

Continuing on the theme we found a new e-book from David Davis on how to maximize your use of vRealize Operations. In the book you learn the following:

  • How to get started with vRealize Operations
  • How to deploy and configure vRealize Operations
  • What’s new in vRealize Operations 6.7
  • And much, much more!

Download it here.

vSOM End of Availability Promo

vSOM Enterprise Plus is going away and End of Availability (EOA) is effective February 1, 2019.  If you have vSOM Enterprise plus licenses, then those licenses are not separated into vSphere Enterprise Plus and vRealize Operations Standard in since October 15th.

Beginning on October 31, you can take advantage of the following upgrade promotions:

  • 50% off vROPS STD -> vROPS ADV or
  • 50% off vROPS STD -> vRealize Suite STD

If you decide to upgrade vSphere to vSphere platinum and upgrade vROPS at the same time then you get:

  • 50% off vSphere ENT+ -> vSphere Platinum
  • 65% off vROPS STD -> vROPS ADV or
  • 65% off vROPS STD -> vRealize Suite STD

Check out the official blog post here.

VMware TestDrive

TestDrive by VMware is something that not many customers know about and is a very valuable tool in evaluation VMware products without having to spend the time and effort to install it in your own environment.

TestDrive provides the opportunity to explore VMware's full suite of products, which are fully configured and integrated, including Workspace ONE, Workspace ONE UEM (formerly VMware AirWatch), Horizon, vSAN and Pivotal Container Service.

In order to get access to TestDrive you need to contact your VMware Sales representative and request an invite and credentials.  Check it out here.

vROps 7.0 Improvements

Lots of changes in vROps from version to version. 6.7 introduced lots of new things and new ways of doing those things—some not always with great customer enthusiasm. vROps 7.0 attempts to address some of these while moving the ball further. Check out this blog and this one and also this for some of these improvements.

Updating vCenter 6.7 to Update 1

This is issue has been making the rounds lately, and so if you’ve attempted to upgrade your vCenter to the latest Update 1 release and it’s not finding anything, check the article from Anthony here. It’s a simple fix, however it’s probably best to download the patch manually and mount it up as this takes network interruptions out of the picture.

vRealize Automation 7.5 and custom forms

Several customers who have already upgraded to (or installed fresh) vRA 7.5 have noticed issues with their custom forms either loading slowly or not at all. This is a known issue and while a more comprehensive hot fix is in the works, VMware has decided to release a patch for this particular issue which you can find on the relevant KB here. Remember to always snapshot your machines before applying patches or fixes, even if directed by official vendor sources.

Active Directory 2016 support in vSphere

Another hot topic of late is AD 2016 support by vSphere. As covered in this KB article, a domain functional level of 2016 is not officially supported until vSphere 6.7 U1. Note that this is the functional level and not the OS version, so do be certain you’re staying within a supported posture when considering your AD upgrades.

Creating a USB backup of your ESXi installation

Paul has a very interesting article here on a process that will take a full image of your ESXi installation for backup and testing purposes. Normally, the backup methods for ESXi entail the config only (using multiple CLI tools), but this could also backup any VIBs you might have installed custom as well. Handy for testing and experimentation if you ask us!

Staying On Top of new issues

We all want to prevent things from occurring in our environments and no one likes spending their nights or weekends troubleshooting failures. When at all possible, staying proactive is a great way to head these issues off before they become problems. One of the things we like doing internally is browsing for any new KBs that have been published so we know about them *before* they strike or, at the very least, so we don’t spin our wheels troubleshooting for hours. Bookmarking the KB blog is a great way to stay abreast of these issues so you are informed about the latest. Work it into your processes where you take ten minutes each week to catch up on new KB articles and review the most popular ones. You’ll be wiser for it, we guarantee.