vArchitect Newsletter 038

Welcome, folks, to our September and post-VMworld newsletter. Lots of announcements, as happens every year, so naturally lots of stuff to report back to you. Let’s get going.

New Releases

Here are the new and updated releases since last month.  With all new releases and updates, be absolutely sure you read the release notes carefully!

  • VMware vCenter Server 6.7 Update 3
    • Support for Dynamic Domain Name Service (DDNS)
    • Can now change the Primary Network Identifier (PNID) of your VCSA
    • VMs can now have up to four NVIDIA virtual GPU (vGPU)
    • Announcement blog
    • Release notes
  • VMware ESXi 6.7 Update 3
    • Drive enhancements to both ixgben and bnxtnet
    • VMXNET3 enhancements adds guest encapsulation offload and UDP, and ESP RSS support
    • Release notes
  • VMware vSAN 6.7 Update 3
  • VMware Enterprise PKS 1.4.2
  • VMware Site Recovery Manager Patch)
  • VMware vSphere Replication (Express Patch)
  • VMware NSX-T / NSX Cloud 2.4.2
  • VMware Cloud Foundation 3.8.1
    • Automated deployment of VMware Enterprise PKS on NSX-T
    • Release Notes
  • VMware vSphere Hypervisor (ESXi) 6.5U3a (Patch Release)


VMware Security Advisory

VMware released advisory VMSA-2019-0012 that address out-of-bounds read/write vulnerabilities within ESXi, Workstation and Fusion. Details can be found here.

Product Version Patched version Mitigation/Workaround
ESXi 6.7 ESXi670-201904101-SG VMSA-2018-0025
ESXi 6.5 ESXi650-201903001 VMSA-2018-0025
Workstation 15.x 15.0.3 VMSA-2018-0025
Workstation 14.x 14.1.6 VMSA-2018-0025
Fusion 11.x 11.0.3 VMSA-2018-0025
Fusion 10.x 10.1.6 VMSA-2018-0025


Fling Updates

As usual, we bring you the VMware Flings which saw some updates in August.


Notable VMware Blogs

Several new and cool blogs have been written in the past month, so we’re aggregating the best of these for you below.
Three part blog series discussing VMware Cloud on AWS.  The series takes you through a basic understanding of the product, cloud migration strategies, and finally extending your on-prem infrastructure to the cloud.  You can find the first part in the series here
Workspace One Access is the new name for VMWare Identity Manager (vIDM).
Brigh10 Your Day with the All New vCloud Director!
Announcing a New Open Source Service Mesh Interoperation Collaboration
Tech Preview Announcement: Project Magna for vSAN Continuous Optimization

vRealize Orchestrator Plug-in for vSphere Client - Beta

A new beta plug-in for vRO will allow you to run those workflows from the H5 client, and that’s a good thing considering the H5 client is the only client that’ll be available moving forward. Ensure you read those notes carefully, and don’t do this in production!

New CBT issue discovered

As our regular followers of this newsletter knows, CBT has had some issues in the past.  Well another “issue” has been reported by Anton Gostev in his weekly Veeam Forum Newsletter email. The “bug” happens if you revert a snapshot on a protected VM, after that the CBT API starts to return invalid data which means your backup is corrupted.  The reason for the quotations is because VMware provided KB71155 to address this and states that reverting operation is not supported by CBT.
The recommended workaround is stop using snapshots and use backups instead, but if you do revert a snapshot then you should reset the CBT data for that VM.

Kubernetes DoS Vulnerabilities

A brief time ago, some serious vulnerabilities were found in the Go library for net/http which is used by Kubernetes. These vulnerabilities made it possible for malicious users to attempt DoS attacks against your clusters as outlined in this article. Strongly recommended to patch them ASAP. And for Enterprise PKS users, at the time of this writing the patches have not yet been published but we have been told “very soon” on them.

VMWorld Announcements

Tanzu is a portfolio of products and services to build modern applications, run Kubernetes consistently across environments, and manage the entire Kubernetes estate from a single point of control. Cormac has done a good job of summarizing them all here.
Tanzu Mission Control is a powerful, API driven platform that allows operators to apply policy to individual clusters or groups of clusters, establishing guardrails and freeing developers to work within those boundaries.
Project Pacific is an initiative to deeply integrate and embed Kubernetes into vSphere. It evolves vSphere to be a native Kubernetes platform. This will allow customers to take advantage of all the investments in the vSphere ecosystem in terms of technology, tools and training while supporting modern applications. Official, technical overview here, more on namespaces here, details from Joe (Kubernetes co-creator) here, and Frank has an excellent article here on with more details.
Pivotal Software and Carbon Black acquisitions.
NSX-T 2.5 was announced and has exciting list of new features and enhancements. Arguably the most intriguing is NSX Intelligence which is a distributed analytics engine built into the NSX-T interface.
vRealize is now available as both an on-premises platform as well as a SaaS-based platform.
vRealize Automation 8.0

vRealize Operations 8.0
vRealize Operations Cloud
vRealize Suite Lifecycle Manager 8.0
VMware Cloud on Dell-EMC is now available. VMware Cloud on Dell EMC is Dell Technologies infrastructure installed in your local data center and edge locations consumed just like a cloud service.
Kubernetes Academy is a free cloud native education platform. Courses are composed of a series of video lessons – each five-to-eight minutes long. The courses dive into topics for skill levels ranging from beginner to intermediate, with advanced topics being introduced soon.
vRealize Network Insight 5.0 has some pretty cool advancements in edge visibility.

VMworld Session Recordings

If you were like us, some of the more popular sessions filled up before we could add them to our schedule.  Thankfully, VMware recorded all the sessions and have made them available.  All the recorded sessions as well as the presentations can be accessed here courtesy of William Lam.



New Releases


New and updated releases since last month.  With all new releases and updates, be absolutely sure you read the release notes carefully!


  • vCenter 6.7 U2c
    • Maintenance release with mostly bug/security fixes
    • Release notes





  • VMware vRealize Operations Management Pack for NSX-T 2.1


VMware Security Advisory


VMware released advisory VMSA-2019-0011 that addresses partial DoS in hostd process in ESXi. Details can be found here. Note that patch is still pending for ESXi 6.7.


Fling Updates


As usual, we bring you the VMware Flings which saw some updates in July.



Update to Synology NFS VAAI plug-in


Synology storage is really popular with home labs, and while they do have NFS VAAI integration, the plug-in isn’t been updated in a long time. It’s nice to see that, after two years, they’ve finally updated it bringing support for ESXi 6.7 and some minor fixes. Check the notes here.



vRA 7.6 Hot Fix Pulled


VMware have pulled the first hotfix for vRA 7.6 due to some “issues” related to multi-tabbed XaaS forms. This was the hot fix that resolved the disappearing buttons since the last Chrome update broke them. So if you’ve already installed this and you do have XaaS, you might want to watch it. And if you don’t, hang tight for the next update.



Notable VMware Blogs


Several new and cool blogs have been written in the past month, so we’re aggregating the best of these for you below.


Kubernetes Across VMware Cloud Automation Services

Handling the Lifecycle of a vCenter HA Environment

vCenter Server 6.7: Day 2 Operations (good for the links)


VMworld 2019 Gatherings


Reminder that VMworld 2019 is about to hit, so our next newsletter may be delayed a bit to catch up on the “stuff” that results. But if you’re going to be in attendance then there’s a list of parties and gatherings you might be interested in seeing.