VMware vShield 5.0.2 Release Notes

VMware vShield 5.0.2 | 31 July 2012 | Build 791471

Last updated: 31 July 2012

What's in the Release Notes

The release notes cover the following topics:

System Requirements and Installation

For information about system requirements and installation instructions, see the VMware vShield Quick Start Guide.

Before installing vShield Edge, you must verify the SSL certificate for the ESX/ESXi hosts on which vShield Edge is to be installed. For more information, see the Configure SSL Settings section in the vCenter Server and Host Management Guide.

Known Issues

The following known issues have been discovered through rigorous testing and will help you understand some behavior you might encounter in this release.

The known issues are grouped as follows:

General Issues

vShield CLI enable password changes
If the vShield CLI enable password is changed by the admin user, only the admin user can change it again. This issue does not occur if a CLI user other than the admin user changes the CLI enable password.

Cannot create a new user with the same name as an existing user
You cannot create a new user with the same name as an existing vCenter or vShield user. Also, you cannot assign a role to a vCenter user whose name is the same as a vShield user even if the vShield user does not have a role assigned to it.

vmservice-vswitch not deleted during uninstallation
Uninstalling vShield components does not delete the vmservice-vswitch. If required, you can delete it manually.

vShield App Issues

Old flows are reported on reinstalling vShield App on the same host
When vShield App is reinstalled on the same host, flows for the virtual machines which were reported for the previous vshield App are also reported on the current vShield App.

vShield App uninstallation fails if the host is in maintenance mode
If the host is in maintenance mode, vShield App uninstallation fails and you may need to delete the security virtual machine manually.

vShield Edge Issues

If the vShield Edge virtual machine is migrated during installation, the install fails
If the vShield Edge virtual machine is automatically or manually migrated while a vShield Edge install is going on, the install operation may fail with one of the following error messages:.

  • "Error while connecting to edge. Please retry." (Code: 70907)
  • "Internal error in communication with edge. Please retry." (Code: 70913)

Workaround: Re-try the same operation as these errors might occur during processing of some intermediate states.

VPN configuration fails if CN contains special characters
If the CN contains special characters other than dots and underscores, VPN configuration fails with the following error message:
"Configuration Failed" (Code: 73000)
Workaround: Ensure that the CN contains only alphanumeric characters, dots, and underscores.

vShield Endpoint Issues

Incorrect Health Status for SVMs
When the last protected guest VM on a host is powered off and there are no remaining connections to an SVM, the status of the SVM is unknown. However, the vShield Endpoint Health and Alarms page erroneously reports the status of the SVM as either green or red.

vShield Endpoint health monitoring and vShield Data security do not function properly when there are multiple virtual machines with the same UUID
When there are multiple virtual machines with the same UUID, vShield Endpoint reports only one virtual machine as protected and vShield Data security violations may be reported on the wrong object..
Workaround: When you copy a VM, make sure to always indicate that you copied the VM so that a new UUID is generated. In addition, power cycle the VM once (no soft reboot) after the copy.

Uninstalling vShield Endpoint from a host that has vShield Data Security installed on it
If a host has both vShield Endpoint and vShield Data Security installed on it, you must uninstall vShield Data Security before uninstalling vShield Endpoint.

vShield Data Security Issues

Incorrect Health Status for SVM during installation
When the vShield Data Security SVM is being deployed by the vShield Manager, an alarm may be prematurely triggered for the SVM. The alarm is removed once the SVM is up and running.

Uninstalling vShield Endpoint stops vShield Data Security from working
If you uninstall vShield Endpoint from a host, vShield Data Security on that host does not work.

vShield Manager does not support UTF8 character encoding for display and reporting purposes
File names or paths which include UTF8 character sets will display in the UI with '?' substituted for the unsupported characters.

State specific policies match US driver licenses from all states
If one of the US state policies is enabled in vShield Data Security, files containing driver's licences from other states may be incorrectly identified as violating files.

vShield Data Security scan start and stop do not work after restoring a backup configuration
On a setup where vShield App and vShield Data Security are installed on the same ESX host, vShield Data Security scan start and stop may not work after you restore a backed-up configuration (using database backup/restore feature) and re-configure vCenter Server.

Workaround: Follow the steps below.

  1. Power off the data security virtual machine.
  2. Right click the virtual machine, and select Edit Settings -> Options tab -> General settings.
  3. Click the Configuration Parameters button.
  4. Delete the values for the ethernet0.filter0.param1 and ethernet0.filter0.name parameters. Do not delete the parameters.
  5. Click OK to close the Configuration Parameter window.
  6. Click OK.
  7. Power on the data security virtual machine and start the scan.

Resolved Issues

The following issues have been resolved in the 5.0.2 release.

  • When vShield Manager is upgraded to 5.0.1 in vCloud Director environment, pre-5.0 vShield Edge allows all traffic for the internal interface by default
  • VPN connection fails with errors in the vShield Edge device logs and the VPN service fails to restart
  • vShield App firewall policies do not apply to a virtual machine when it is added or removed from a secuirty group
  • Excessive delay in publishing rules to vShield App appliances
  • vShield Manager upgrade from version 5.0.0 to 5.0.1 fails when the vShield Manager file system is corrupted