vSphere 5.5 Update 1 was released on March 11th, 2014. The primary drivers for this release were lots of bug fixes and support for VSAN. At the risk of duplicating a huge amount of the release notes, please review in detail those things that are important to you. There’s a number of things in Upgrade and Installation and there’s a specific Security section that would be of interest. Also review the Known Issues section as there’s some interesting tidbits in there as well.
5.5 Hardening Guide Update
I will be releasing an update to the vSphere Hardening Guide to go along with 5.5 Update 1 in the next couple of weeks. I’ve been collecting updates since it was released shortly after 5.5. No MAJOR changes, just minor fixes and a couple of clarifications and at least one deletion. More on this soon. I know it’s a hot button for some folks.
If there’s something YOU think needs to be corrected, now is the time to let me know!
Get in touch as a reply to this blog or preferably an email to me. I’m mfoley at VMware.com.
While VMware highly recommends the deployment of all vCenter Server components into a single virtual machine (excluding the vCenter Server database), large enterprise customers running multiple vCenter Server instances within a single physical location can simplify the vCenter Single Sign-On architecture and management by reducing the footprint and required resources and specify a dedicated vCenter Single Sign-On environment for all local resources in each physical location.
For vSphere 5.5 the VMware recommendation is to centralize vCenter Single Sign-On when you have 8 or more vCenter Server instances in a given location (this is a soft recommendation).
Centralized vCenter Single Sign-On Architecture
Figure 1: A Centralized vCenter Single Sign-On Server environment
There can be increased risk when centralizing a vCenter Single Sign-On server (to why it is not recommended for smaller environments) due to the increased number of components affected if the vCenter Single-Sign-On server was to become unavailable, in short all vCenter Server components of all vCenter Servers registered will incur authentication loss (when compared to just the single vCenter Server instance when installed locally) and so availability of the vCenter Single Sign-On centralized server(s) is highly recommended. Continue reading →
One of the new 5.5 features in vSphere Replication is the ability to retain historical replications as point-in-time snapshots on the recovered virtual machines.
Using this feature is quite handy in order to recover from systems that have corrupted data or viruses or even to do auditing of system changes and the like. While VMs protected with vSphere Replication can be recovered manually, and one by one, the full automation of recovery is of course offered by Site Recovery Manager.
In this post I’ll look at how we configure these multiple points in time (MPIT) during replication, and how we interact with them after failover by SRM.
A minor update to the vCenter Server 5.5 has been released
VMware vCenter Server™ 5.5.0a | 31 OCT 2013 | Build 1378901
vCenter Server Appliance 5.5.0a | 31 OCT 2013 | Build 1398493
Issues resolved with this release are as follows
Attempts to upgrade vCenter Single Sign-On (SSO) 5.1 Update 1 to version 5.5 might fail with error code 1603
Attempts to log in to the vCenter Server might be unsuccessful after you upgrade from vCenter Server 5.1 to 5.5
Unable to change the vCenter SSO administrator password on Windows in the vSphere Web Client after you upgrade to vCenter Server 5.5 or VCSA 5.5
VPXD service might fail due to MS SQL database deadlock for the issues with VPXD queries that run on VPX_EVENT and VPX_EVENT_ARG tables
Attempts to search the inventory in vCenter Server using vSphere Web Client with proper permissions might fail to return any results
vCenter Server 5.5 might fail to start after a vCenter Single Sign-On Server reboot
Unable to log in to vCenter Server Appliance 5.5 using domain credentials in vSphere Web Client with proper permission when the authenticated user is associated with a group name containing parentheses
Active Directory group users unable to log in to the vCenter Inventory Service 5.5 with vCenter Single Sign-On
Attempts to log in to vCenter Single Sign-On and vCenter Server might fail when there are multiple users with the same common name in the OpenLDAP directory service
Attempts to log in to vCenter Single Sign-On and vCenter Server might fail for OpenLDAP 2.4 directory service users who have attributes with multiple values attached to their account
Attempts to Log in to vCenter Server might fail for an OpenLDAP user whose account is not configured with a universally unique identifier (UUID)
Unable to add an Open LDAP provider as an identity source if the Base DN does not contain an “dc=” attribute
Active Directory authentication fails when vCenter Single Sign-On 5.5 runs on Windows Server 2012 and the AD Domain Controller is also on Windows Server 2012
The realese notes can be found here with full details, download now from www.vmware.com
Part of my role at VMware is to work closely with our customers and partners, sharing experiences and feedback with internal VMware Product Management and Engineers to help make our products better. One area that has been dominantly more focused than others over the last 12 months has obviously been vCenter Single Sign-On.
Due to this feedback, one of the drivers for the new vCenter Single Sign-On was to provide backwards compatibility and to highlight this, a recent Knowledge Base article released.
At VMworld we announced the newest release of both vSphere Replication and Site Recovery Manager.
Version 5.5 introduces a few new features for each of these that I will be diving into more detail on over the next few weeks, but I wanted to give a quick introduction to the new features so that when the products become available you’ll know what to go take a look at.
I recently posted a summary of the new features and capabilities available in vSphere 5.5 and I want to follow that with a summary of the new features and capabilities available in vCloud Director 5.5.
However, before we talk about what’s new in vCloud Director 5.5 I recommend you first read Mike Adams recent post discussing the new vCD product strategy that was announced at VMworld 2013. This post has some important information that everyone working with vCloud Director should be aware of.
With that, I’m excited to announce these new vCloud Director features as there are some very cool new capabilities being introduced with the 5.5 release. I want to stress that this list is just a summary. For additional information be sure to check out the new VMware Mobile Knowledge Portal iPad app where you will find several recorded demos that show most of these features in action. In addition there are also some nice click-through demos available online. Both the Mobile Knowledge Portal app and click-through demos were created by VMware’s Technical Marketing Group and provide a wealth of information not just on vCloud Director but the entire vCloud Suite. We’re actively working to add more content so even if you’ve played with it in the past, be sure to revisit and check out the recent additions.