VMware

vCloud Director 5.1 Release Notes

vCloud Director 5.1 | 10 SEP 2012 | Build 810718

Last updated: 10 SEP 2012

What's in the Release Notes

The release notes cover the following topics:

What's New

  • Elastic vDCs: Allocation pool model vDCs that can span multiple clusters within a vCenter server allow more flexibility while efficiently using infrastructure resources as a tenant's compute needs grow over time.
  • VXLAN: Using VXLAN, administrators can create multi-tenant L2/L3 networks that are faster to provision and require less reliance on physical network gear.
  • Storage classes: Administrators can create multiple classes of storage capacity within the same provider/Org VDC thereby using their storage more effectively. vCloud Director can now leverage Storage DRS (with vSphere 5.1) for VMs provisioned through vCloud Director.
  • Enhanced Org vDC creation workflow: Networking elements such as Edge Gateway creation, external networks connectivity, internal network creation, and 3rd party L4-7 networking and security services for the vDC can now be configured through the main Org vDC creation workflow, enabling customers to create Org vDCs complete with compute, storage, networking and security in less than 10 minutes.
  • Networking Improvements: Each Org vDC is connected to the outside world through an Edge Gateway device, which supports self-service by the tenant, can have up to 10 network interfaces, supports multiple subnets on interfaces, can be configured in multiple sizes, supports High Availability in an active-passive configuration, supports DNS relay, enhanced Load Balancing, Firewall, and VPN. For information on using multiple subnets, see Configuring Multiple Subnets on External Networks.
  • Integrated L4-7 networking and security solutions from 3rd party vendors: Using the vCloud Ecosystem Framework, customers can integrate 3rd party L4-7 networking and security services in their Org vDC. Such 3rd party solutions are available from selected vendors through the VMware Ready for Networking and Security program. This feature allows customers to leverage their existing technology investments in 3rd party vendors while leveraging automation and agility benefits of an integrated solution.
  • API Extensibility Framework: Allows SP/ISV partners to extend vCloud API capabilities and add their own services to vCloud while leveraging infrastructure services from vCloud Director.
  • Tenant and Admin Usability Improvements: Several improvements, including Web SSO for tenants, SSPI multi-factor authentication, snapshot support and easier troubleshooting for administrators.

System Requirements and Installation

For information about system requirements and installation instructions, see the VMware vCloud Director Installation and Upgrade Guide.

Documentation

To access the full set of vCloud Director 5.1 documentation, go to the vCloud Director Documentation page.

Known Issues

The following known issues have been discovered through rigorous testing and will help you understand some behavior you might encounter in this release.

The known issues are grouped as follows:

General Issues

Guest operating system support list is missing Microsoft Windows Server 2012 (64-bit)
Microsoft Windows Server 2012 (64-bit) is missing from the supported guest operating system list in the vCloud Director User's Guide. Microsoft Windows Server 2012 (64-bit) is a supported guest operating system in vCloud Director 5.1.

Only system administrators receive email alerts regarding VPN tunnel status by default
In vCloud Director 1.5, the default notification setting for VPN tunnel status was to send email notifications to organization administrators. In vCloud Director 5.1, the default setting sends email notifications only to those users set to receive organization email alerts, which by default includes only system administrators.

Workaround: Change the email notification settings for the organization.

  1. Log in to the organization using the vCloud Director Web Client.
  2. Click the Manage & Monitor tab and click Organizations.
  3. Right-click the organization name and select Properties.
  4. Click the Email Preferences tab.
  5. Select Set organization notification settings.
  6. Select the desired recipients for organization email notifications, and click OK.

OVF template creation and media upload operations sometimes fail on organization vDCs backed by datastore clusters
Sometimes, when you attempt to upload media or create an OVF template on an organization that is backed by a datastore cluster, the operation fails. This occurs when the datastore cluster threshold has been exceeded. In the case of OVF template creation, the error message that displays is misleading, as it states that "The operation failed because no suitable resource was found."

Task progress does not display correctly
While a task is running, its progress incorrectly shows as 0. When the task is complete, it correctly displays its completion status.

Predefined Roles and Rights list in the documentation is incomplete
The Predefined Roles and Their Rights table in the vCloud Director Administrator's Guide is missing some of the available rights. The following list indicated which predefined roles have these rights by default.

  • Organization: Edit Federation Settings
    • System Administrator
    • Organization Administrator
  • Organization VDC: Set Storage Profile
    • System Administrator
    • Organization Administrator
  • Organization VDC Network: Edit Properties
    • System Administrator
    • Organization Administrator
  • Organization VDC Network: View Properties
    • System Administrator
    • Organization Administrator
  • Gateway: Configure Services
      System Administrator
    • Organization Administrator
  • Disk: Change Owner
    • System Administrator
    • Organization Administrator
    • Catalog Author
    • vApp Author
  • Disk: Create a Disk
    • System Administrator
    • Organization Administrator
    • Catalog Author
    • vApp Author
  • Disk: Delete a Disk
    • System Administrator
    • Organization Administrator
    • Catalog Author
    • vApp Author
  • Disk: Edit Disk Properties
    • System Administrator
    • Organization Administrator
    • Catalog Author
    • vApp Author
  • Disk: View Disk Properties
    • System Administrator
    • Organization Administrator
    • Catalog Author
    • vApp Author
    • vApp User

Installation and Upgrade Issues

VMRC plug-in installation path in 64-bit Firefox
In 64-bit Firefox, the default installation path is /usr/lib64/mozilla/plugins. When you install the VMRC plug-in at the defaul path, the vCloud Director Web Console cannot open the plug-in. When asked to customize the installation, specify /usr/lib/mozilla/plugins as the path.

Failed to upgrade agent error message when upgrading ESX/ESXi
When completing the Upgrade each ESX/ESXi host step of the Upgrade vCenter, ESX/ESXi Hosts, and vShield Edge Appliances procedure in the vCloud Director Installation and Upgrade Guide, you may see error messages of the form:
 Failed to upgrade the agent on host "hostname". Consult the agent logs.
 Failures occurred during prepare of host "hostname."
 Cannot complete login due to an incorrect user name or password.

Workaround: A system administrator must complete the following steps.

  1. Unprepare the host. Ignore the warnings that this operation generates.
  2. Prepare the host. See Prepare or Unprepare an ESX/ESXi Host in the vCloud Director Administrator's Guide.

Upgrading vShield Edge from 5.0 to 5.1 through vShield Manager requires an update of associated Edge Gateways in vCloud Director
After upgrading vShield Edge from 5.0 to 5.1 through the vShield Manager interface, reconfigure services for each associated Edge Gateway in vCloud Director. Failing to reconfigure services results in the vCloud Director firewall service blocking the data path.

Localization Issues

ja_JP locales and Oracle
If you want to use a ja_JP locale for your vCloud Director cells and you want to use an Oracle database, you must use Oracle 11g R2 (11.2.0.1 or later) and make sure that you do not set "JA16SJISTILDE" as the NLS_CHARACTERSET.

In languages other than English, object lists can be filtered only by columns that contain user-generated content
Description: When using vCloud Director in languages other than English, the filter function on object lists works only when you filter using columns that contain user-generated content, such as Name or vApp Name.

Networking Issues

If a vApp has a fenced network and is powered on, virtual machiness or virtual machine NICs that are added to the vApp may not have network connectivity
If a vApp has a fenced network and is powered on, and NAT type is port forwarding and IP Masquerade is enabled, virtual machines or virtual machine NICs that are added to the vApp will not have network connectivity.

Workaround: Disable and re-enable IP Masquerade on the fenced network or stop and start the vApp.

Unable to ping the vShield Edge internal interface after upgrading vShield Edge from 5.0 to 5.1 in vCloud Director
After upgrading vShield Edge from 5.0 to 5.1 through vCloud Director, you can no longer ping the vShield Edge internal interface from a virtual machine connected to the internal network.

Workaround: Manually add the following rule to to allow ICMP traffic to the internal IP of vShield Edge.
  ANY -> VSE-Internal-IP ICMP ALLOW

Partial failure when deleting VPN tunnel on an upgraded system
An attempt to delete a VPN tunnel on an upgraded system partially fails with the error Edge gateway null does not exist. Deletion of the local tunnel configuration completes successfully, but the tunnel is not removed from the peer gateway.

Workaround: Delete the tunnel configuration from the peer gateway. This action completes deletion of the VPN tunnel and removes the error.

vCloud Director sometimes shows an incorrect functional status for a VXLAN network pool
In some cases, vCloud Director sometimes incorrectly displays a nonfunctional VXLAN network pool as being having a functional (green) status. In such cases, the Repair option is available when you right-click the VXLAN network pool.

If you see a Repair option available for a VXLAN network pool, repair the network pool to make it functional.

Merge provider vDC operations do not work if the provider vDCs have VXLAN network pools in different states
To merge two provider vDCs with VXLAN network pools, the VXLAN network pools on both provider vDCs must be in the same state. If one provider vDC has a functional (green) VXLAN network pool and the other has a non-functional (red) VXLAN network pool, the two provider vDCs cannot be merged.

NAT services on an Edge Gateway cannot be enabled or disabled through the vCloud Director Web Console
You cannot use the vCloud Director Web Console to enable or disable a NAT service in an Edge Gateway.

Workaround: Use the REST API to enable or disable a NAT service in an Edge Gateway. For more information about using the REST API, see the vCloud API Programming Guide.

IP Scope displays incorrectly for multiple subnets
In the vCloud Director Web Console, direct Org VDC networks and vApp networks directly connected to them show only a single IP Scope in the Network Specification page even if the provider network has more than one IP scope.

Workaround: Use the REST API to retrieve an XML representation of the OrgVdcNetwork or VappNetwork. All IP scopes are listed in the IpScopes element of the response. For more information about using the REST API, see the vCloud API Programming Guide.

Edge Gateway uplinks display only a single subnet when there are multiple subnets
In the vCloud Director Web Console, Edge Gateway uplinks show only a single subnet in "External IP Allocations" even if the external network to which the uplink connects has more than one IP scope.

Workaround: IP allocations assigned to external interfaces can be viewed from the Edge Gateway properties page on the Configure IP settings tab. IP allocations assigned for services can be viewed from Edge Gateway services tab.

vSphere distributed switch uplinks supporting VXLAN network pools foor vCloud Director must use LACP
All uplink ports in a vSphere distributed switch configured to support VXLAN network pools for vCloud Director must be configured to use LACP. See Enable or Disable LACP on an Uplink Port Group with the vSphere Web Client in the vSphere networking documentation.

Virtual Machine and vApp Issues

Running VMs quota is not updated when changing the ownership of a running vApp
When an administrator changes the ownership of a running vApp to a user, the user's Running VMs quota does not update to include the new vApp.

Workaround: Restart the vApp to update the user's Running VMs quota.

vApp creation operations are limited for vApps using storage profiles on vSphere 5.0 U1 or earlier
When vCloud Director is backed by vSphere 5.0 U1 or earlier, vApp creation operations, including creating, copying, moving, and importing vApps, are limited to eight operations per cell for vApps using storage profiles. vApp creation operations that exceed this limit are placed in a queue to begin as previously running operations are completed.

The OK button on the Edit vApp Properties dialog box might be unavailable when running vCloud Director on Windows XP or Linux
When you edit the starting or stopping virtual machine settings on the Edit vApp Properties dialog box, the OK button might become unavailable if you are running vCloud Director on Windows XP or Linux systems.

Workaround: Click anywhere on the dialog box outside the field you are editing.

Attempting to load media to a virtual machine from a datastore inaccessible by the virtual machine's host fails
When you try to load media to a virtual machine and the media exists on a datastore that is not accessible to the host the virtual machine is on, the operation fails.

Workaround: Load the media to a datastore that is accessible to the virtual machine's host or make the datatstore the media is on accessible to the virtual machine's host.

Storage profiles must be enabled to add virtual machines to a vApp
When you attempt to add or import a virtual machine to a vApp that does not have storage profiles enabled, the operation fails with an error message.

Workaround: Enable storage profiles and retry the add operation.

Failed virtual machine deletion upon vApp expiration when using vSphere 5.0 with independent disks
When you use vCloud Director 5.1 with vSphere 5.0, virtual machines configured with independent disks are not deleted properly upon vApp expiration. Instead, those virtual machines become stranded and the attached disks become unusable.

Workaround: To remove the stranded virtual machine and detatch the independent disk, take the following steps.

  1. In vCenter Server, power on and power off the virtual machine.
  2. In vCloud Director, delete the virtual machine from the stranded items list.

If you delete the virtual machine without first powering it on and off in vCenter Server, vCenter Server will not release the independent disk and the disk will remain unusable.

vCloud API Issues

API Compatibility
vCloud Director 5.1 supports vCloud API version 1.5 and 5.1. vCloud API 1.5 clients can work with a vCloud Director 5.1 server with few or no modifications. Known incompatibilities are summarized in this section.

Note: If you use a combination of vCloud API 1.5 and 5.1 clients on a single installation of vCloud Director, operations by both types of clients might fail in unpredictable ways, especially where those operations create, retrieve, update, or delete objects that are new or changed in vCloud Director 5.1. The vCloud API schema reference includes a summary of changes to the schemas in vCloud Director 5.1.

  • When a vCloud API 1.5 client creates a Provider vDC on a vCloud API 5.1 server, the VMWProviderVdc object returned in the response body contains references to all datastores that are accessible from the resource pool referenced in the request, regardless of which datastores are referenced in the request.
  • In vCloud Director 5.1, NetworkPool objects are associated with OrgVdc objects. When a vCloud API 1.5 client creates a routed or isolated OrgNetwork on a vCloud API 5.1 server, the request fails unless it specifies a NetworkPool that is associated with an organization vDC in the containing organization.
  • Requests from a vCloud API version 1.5 client to delete an organization vDC might fail if the vDC contains an Edge Gateway. To correct this problem, delete all routed or isolated organization vDC networks in the organization vDC and retry the operation.
  • Requests from a vCloud API version 1.5 client to create a routed or isolated organization vDC network might fail if no vDCs in the organization are provisioned with a network pool. To correct this problem, create at least one organization vDC that includes a network pool and retry the operation.

Rate limits are not supported with certain port group configurations
You cannot set a rate limit on an external network that is backed by a standard switch port group. If you use the REST API to set an InRateLimit or OutRateLimit in a GatewayInterface element of an EdgeGateway, the resulting task fails if the GatewayInterface is a reference to an external network that is backed by a standard switch port group, or a dynamic or ephemeral port group.

API login with SAML assertion fails as Unauthorized
If a system administrator logs in to the REST API using a SAML assertion after the cell is idle for over 10 minutes, or before any system administrator logs in to the vCloud Director Web Console, the login fails with an HTTP status of Unauthorized (401).

Workaround: Retry the request without org="System" in the Authorization header.

The response to the query /api/query?type=adminAllocatedExternalAddress&format=records contains an invalid value
The response to the query
  .../api/query?type=adminAllocatedExternalAddress&format=records
contains an invalid value for the org attribute. The value is that of the organization vDC that contains the network, rather than that of the organization itself.

Workaround: Obtain a valid reference to the organization.

  1. Replace the org part of the value with vdc.
  2. Use the new value as the URL for a GET request.
  3. Examine the response. It contains a Link element where rel="up". The value of the href attribute of this link is a reference to the organization that contains the vDC, and is the correct value for the org attribute of the query response.

Updating OrgGuestPersonalizationSettings sets the Organization's CanPublishCatalogs element to false
If you use the REST API to update the OrgGuestPersonalizationSettings of an organization (PUT /admin/org/{id}/settings/guestPersonalizationSettings), the update also resets the value of the organization's CanPublishCatalogs element to false.

Add links missing from some extension services elements
The following Link elements are not returned in a ResourceClass body, but are valid when used.

<vcloud:Link rel="add"
  type="application/vnd.vmware.admin.resourceClassAction+xml"
  href="API-URL/admin/extension/service/resourceclass/{id}/resourceclassactions"/>

<vcloud:Link rel="add"
  type="application/vnd.vmware.admin.serviceResource+xml"
  href="API-URL/admin/extension/service/resourceclass/{id}/serviceresources"/>

The following Link element is not returned in a ResourceClassAction body, but is valid when used.

<vcloud:Link rel="add"
  type="application/vnd.vmware.admin.aclRule+xml"
  href="API-URL/admin/extension/service/resourceclassaction/{id}/aclrules"/>

vCloud API 1.5 client might fail to create a routed organization network with certain NAT rules
Requests from a vCloud API 1.5 client to create an organization network that includes a NatService that supports IP masquerading by setting NatType to portForwarding and Policy to allowTraffic, as shown in this example, fail with an internal server error.
 <NatService>
   <IsEnabled>false</IsEnabled>
   <NatType>portForwarding</NatType>
   <Policy>allowTraffic</Policy>
 </NatService>

Workaround: Complete the following steps.

  1. Create the network with NatService:Policy set to allowTrafic.
  2. Change the network value of NatService:Policy to allowTrafficIn.
  3. Set the network value of AllowedExternalIpAddresses to the IP address of the Edge Gateway to which the network connects.

Creating a routed vApp network with default firewall settings using the REST API results in incorrect charging for the service by vCenter Chargeback Manager
When you create a routed vApp network using the vCloud Director REST API without specifying whether to enable firewall on the network, the firewall service is enabled on the network by default, but does not get charged correctly for vCenter Chargeback Manager.

Workaround: When you create a routed vApp network using the vCloud Director REST API, be sure to specify whether to enable firewall on the network. If you have a previously created vApp network that isn't getting charged correctly, disable and re-enable firewall on the network.