vCloud Networking and Security 5.5 Release Notes
vCloud Networking and Security 5.5 | 22 SEP 2013 | Build 1317534
What's in the Release Notes
The release notes cover the following topics:
- Kernel crash dump enabled for vShield Edge: New CLI command for debugging kernel crashes or panics. Use the following command in Enable mode to enable crash dump:
[no] debug crashdump
This command triggers an immediate reboot. When a kernel panic occurs, vShield Edge will boot the crash kernel and store the kernel dump to the file system. Edge will then reboot back into the standard kernel with crashdump still enabled.
To view the kernel dump file, use the
debug show files command.
To copy the kernel dump file, use the
debug copy [ftp|scp] ... command.
To delete the kernel dump file, use the
debug remove [|all] command.
When no longer required, disable the crashdump support using the
no debug crashdump command.
Note: When crashdump is activated, the available Edge memory is reduced by 64MB.
- New form factor for vShield Edge: vShield Edge is now available in four form factors: Compact, Large, X-Large, and Quad Large. The new Quad Large form factor provides additional throughput over other form factors.
- X-Large vShield Edge CPU change: The X-Large vShield Edge now requires 4 vCPU.
System Requirements and Installation
For information about system requirements and installation instructions, see the
vShield Installation and Upgrade Guide.
The following known issues have been discovered through rigorous testing and will help you understand some behavior you might encounter in this release.
The known issues are grouped as follows:
SVMs deployment on physical ESXi-5.x fails if nested ESX support on physical host is enabled
If nested ESX support on physical host is enabled, a virtualised Intel VT/EPT error is displayed for vShield SVM.
UI does not indicate that the vCenter password has expired
Currently, the UI only displays the last successful sync time for the inventory coming from the vCenter Server. The current status for the vCenter connection is not displayed.
Workaround: Either answer the VM question before the vSM timeout is reached or remove the line "vhv.enable = "TRUE" from /etc/vmware/config file on ESX and reboot the ESX. The second option is not possible if the guest VMs running on the ESX host cannot be migrated.
Data is not backed up if specified backup directory does not exist
If you specify an invalid directory while backing up vShield Manager data, the backup file is not created.
Workaround: Ensure that the backup directory exists on the FTP server.
Backup/Restore functionality does not work after a restore operation failure
If a restore operation results in failure, subsequent backup and restore operations will fail. One of the reasons for a restore operation may fail is because of wrong credentials.
Workaround: Restart the vShield Manager web interface from the CLI.
DNS settings remain unchanged on a restore operation
DNS settings remain unchanged on a restore operation even if the backup file used for restore has different DNS settings. DNS settings are appliance-specific and are not changed.
vShield App Issues
Firewall rules with source/destination as virtual wire does not get applied if new VM is added to existing virtual wire
If pre-configured firewall rules contains virtual wire in source/destination, those rules do not get applied to new VM added to that virtual wire
Workaround: After adding the new VM to the virtual wire, republish the firewall configuration on that virtual wire.
Unable to provision firewall when vnic is used in ethernet rules
Cannot publish an L2 firewall rule with a vnic as source or destination.
Workaround: Create IP address/address group or virtual machine based firewall rules.
Cannot add multiple services to an existing firewall rule with a single service
Modifying a single service firewall rule by adding multiple services results in a null point exception.
Workaround: Delete the service from the rule and publish changes. Then modify the rule to add the appropriate services and publish the changes again.
VXLAN virtual wire names cannot include special characters
If you have special characters in the network name, VXLAN virtual wires are not created.
Workaround: Avoid special characters and slashes in VXLAN virtual wire names.
Reboot required after ESX upgrade to 5.5
You must reboot the host after ESX is upgraded to 5.5. Click the Resolve button in the Network Preparation window.
Cannot add VXLAN virtual wire after the host is upgraded to version 5.5
Workaround: After upgrading vCenter Server to 5.5, re-register the vCenter server on the vShield Manager UI to ensure that vShield Manager uses the latest VMODL libraries to connect to vCenter Server.
Service Insertion Issues
Using Certificates displays an error
An error is displayed while creating an application profile using certificates and the UI session is terminated. However, the user settings are applied successfully and there is no functional impact on application profile configuration.
Workaround: Refresh the browser to review settings.
NetX 5.1 services are not a compatible with vCloud Networking and Security 5.5
NetX 5.1 services do not work with vCloud Networking and Security 5.5 release.
Workaround: Create a 5.5 deployment spec when registering a NetX 5.1 service in the vCloud Networking and Security 5.5 environment. For further clarification, open an issue on your vmdev.net project
Unable to bind service profile to network
Cannot bind a service profile to any available network.
Workaround: Reboot vShield Manager.