VMware vSphere 6.7 Update 2 Announced

VMware is announcing vSphere 6.7 Update 2 after several months of the previous release, vSphere 6.7 U1. The U2 not only fixes bugs but brings some significant improvements and support for Windows Server 2019 with VM hardware version 15.

VM Hardware version 15 brings not only scalability improvements (you can configure up to 256 vCPUs) targeting SAP HANA and other enterprise intensive workloads. vSphere introduces also new support for 40 and 100 Gb Ethernet and RDMA giving you the possibility to run network-demanding applications and distributed computing smoother.

VMware continues to improve the product in every release. This release has a new update to VMware tools which reaches version 10.3.5 and which allows updating vmxnet3 drivers via Windows Update for Windows Server 2016.

Update: The U2 has been now released.

There are also some new additions to the HTML 5 web-based client, and vSphere Update Manager (VUM) but we'll talk about it in details in a sec.

VMware vSphere 6.7 Update 2 – What's New?

vSphere ROBO Enterprise (in addition to ROBO standard and advanced). There are two features that are available only in vSphere ROBO enterprise. Those features are DRS in maintenance mode and VM Encryption.

• DRS in Maintenance Mode – Just for ROBO deployments. You can automatically evacuate host where VM-Host affinity rules are created behind the curtain. You'll need to have vMotion configured (vmkernel configured for vMotion). Once maintenance finishes, those VMs are automatically vMotioned back.  There is no UI for a DRS in maintenance mode.
• VM Encryption – this is exactly the same as for other editions. You still need KMS server from third party provider. You can manage it through vSphere client or PowerCLI.

vCenter Server Improvements

In one of our recent post, we have detailed the vCenter server convergence CLI utility allows you to change your existing external deployment to embedded.

Tip: What is VMware vCenter Convergence Tool?

It allows you to migrate your external Platform Service Controller (PSC) to Embedded. The 6.7 U1 embedded deployment model now also supports Enhanced Linked Mode (ELM), which in previous releases wasn’t.

The U2 brings a new UI for this utility. Note that external platform services controllers (PSC) and their installation will not be available in the next major release of vSphere.

Quote from VMware blog post:

With vSphere 6.7 Update 2, VMware is announcing the deprecation of external PSCs. With VMware vCenter Server enhanced link mode introduced in vSphere 6.7, infrastructure teams can link up to fifteen vCenter Server instances in the embedded PSC topology, eliminating the need for load balancers and simplifying architectures.

Screenshot from VMware.

File-based Backup and Restore

Now an additional storage protocol has been added – SMB/NFS.

You also have a notification and alarms allowing you to get backup job status, success/failure events, and those alarms are customizable.

vSphere Health

vSphere health works in conjunction with vSphere analytics cloud.

You have new notification/alarms/health categories.

• Online Availability
• Compute
• Network
• Storage

Content Library

VMTX template distribution (syncing).

Syncing of VM Templates (vmtx)

• Locally from one location to another
• VMware Cloud on AWS
• From Local vSphere to VMware Cloud (VMC) on AWS

Developer center – Code Capture

The HTML 5 client has new developer center where you can find Code capture and API explorer (you can execute API calls. The API explorer is now available through UI.

As usual, the HTML 5 client Fling has more and has one step ahead. For example, right now the Fling has the possibility to hide VMs in the “Host and clusters” view (the same way as it was possible in the old Windows client….).

vSphere Update Manager (VUM) improvements

The attach, check compliance and remediate … All-in-one screen. Als,o you can now attach and remediate multiple baselines.

The remediation has some new options such as enable quick boot or disconnect removable devices. Also, you can skip vSAN HealthChecks.

VMware Tools 10.3.1 Release

Driver updates:

• vmxnet3 driver is available through Windows Update for Windows server 2016. This sometimes avoids a reboot of the VM.
• VDDM driver security fix
• Open source components glib, openssl and libxml2 receive updates

VMware Tools 10.3.10 freezes TAR tools for legacy Linux

No further development for these platforms, all dev efforts to open-vm-tools

• Includes support for legacy kernels
• RHEL 6.x is supported by Red Hat through November 2020
• Over 50% of our RHEL customers run this version
• 10.3.10 includes security fixes backported into TAR/OSP

Just a reminder, vSphere 6.7 U2 will have included the 10.3.5 version of VMware Tools.

Security

There is some OS which will be an end of support. It is, for example, Windows Server 2008 R2.

VMware introduces new support for Windows Server 2019 and RHEL 8.

AppDefense integration for VMware Tools in vSphere Platinum.

vSphere Platinum – Process burndown charts and reputation summaries, Integrity check status, adaptive allowed behavior, monitoring event.

NIAP Certification – for governmental customers

Other security improvements:

• Password history/reuse limits.
• Improved SSO Events and vCenter server logging.
• Certificate API improvements.
• vCenter Server CSR generation possibility.
• CPU vulnerability mitigations – New Sibling Scheduler for Enhanced L1TF Mitigation Performance.

From the release notes:

full release notes here.

• With vCenter Server 6.7 Update 2, you can configure the property config.vpxd.macAllocScheme.method in the vCenter Server configuration file, vpxd.cfg, to allow sequential selection of MAC addresses from MAC address pools. The default option for random selection does not change. Modifying the MAC address allocation policy does not affect MAC addresses for existing virtual machines.
• vCenter Server 6.7 Update 2 adds a REST API that you can run from the vSphere Client for converging instances of vCenter Server Appliance with an external Platform Services Controller instances into vCenter Server Appliance with an embedded Platform Services Controller connected in Embedded Linked Mode. For more information, see the vCenter Server Installation and Setup guide.
• vCenter Server 6.7 Update 2 integrates the VMware Customer Experience Improvement Program (CEIP) into the converge utility.
• vCenter Server 6.7 Update 2 adds a SOAP API to track the status of encryption keys. With the API, you can see if the Crypto Key is available in a vCenter Server system, or is used by virtual machines, as a host key or by third-party programs.
• Precheck for upgrading vCenter Server systems: vCenter Server 6.7 Update 2 enables a precheck when upgrading a vCenter Server system to ensure upgrade compatibility of the VMware vCenter Single Sign-On service registrations endpoints. This check notifies for possible mismatch with present machine vCenter Single Sign-On certificates before the start of an upgrade and prevents upgrade interruptions that require manual workaround and cause downtime.
• vSphere Auditing Improvements: vCenter Server 6.7 Update 2 improves VMware vCenter Single Sign-On auditing by adding events for the following operations: user management, login, group creation, identity source, and policy updates. The new feature is available only for vCenter Server Appliance with an embedded Platform Services Controller and not for vCenter Server for Windows or vCenter Server Appliance with an external Platform Services Controller. Supported identity sources are vsphere.local, Integrated Windows Authentication (IWA), and Active Directory over LDAP.
• Virtual Hardware Version 15: vCenter Server 6.7 Update 2 introduces Virtual Hardware Version 15 which adds support for creating virtual machines with up to 256 virtual CPUs. For more information, see VMware knowledge base articles 1003746 and 2007240.
• Simplified restore of backup files: The vCenter Server Appliance Management Interface in vCenter Server 6.7 Update 2 adds version details to the Enter backup details page that help you to pick the correct build to restore the backup file.
• With vCenter Server 6.7 Update 2, you can use the Network File System (NFS) and Server Message Block (SMB) protocols for file-based backup and restore operations on the vCenter Server Appliance. The use of NFS and SMB protocols for restore operations is supported only by using the vCenter Server Appliance CLI installer.
• vCenter Server 6.7 Update 2 adds events for changes of permissions on tags and categories, vCenter Server objects and global permissions. The events specify the user who initiates the changes.
• With vCenter Server 6.7 Update 2, you can create alarm definitions to monitor the backup status of your system. By setting a Backup Status alarm, you can receive email notifications, send SNMP traps, and run scripts triggered by events such as Backup job failed and Backup job finished successfully. A Backup job failed event sets the alarm status to RED and Backup job finished successfully resets the alarm to GREEN.
• With vCenter Server 6.7 Update 2, in clusters with the Enterprise edition of VMware vSphere Remote Office Branch Office, configured to support vSphere Distributed Resource Scheduler in maintenance mode, when an ESXi host enters maintenance mode, all virtual machines running on the host are moved to other hosts in the cluster. Automatic VM-Host affinity rules ensure that the moved virtual machines return to the same ESXi hosts when it exits maintenance mode.
• With vCenter Server 6.7 Update 2, events related to adding, removing, or modifying user roles display the user that initiates the changes.
• With vCenter Server 6.7 Update 2, you can publish your .vmtx templates directly from a published library to multiple subscribers in a single action instead of performing a sync from each subscribed library individually. The published and subscribed libraries must be in the same linked vCenter Server system, regardless if on-prem, on cloud, or hybrid. Work with other templates in content libraries does not change.
• vCenter Server 6.7 Update 2 adds an alert to specify the installer version in the Enter backup details step of a restore operation. If the installer and backup versions are not identical, you see a prompt which matching build to download, such as Launch the installer that corresponds with version 6.8.2 GA.
• vCenter Server 6.7 Update 2 adds support for a Swedish keyboard in the vSphere Client and VMware Host Client. For known issues related to the keyboard mapping, see VMware knowledge base article 2149039.
• With vCenter Server 6.7 Update 2, the vSphere Client provides a check box Check host health after installation that allows you to opt-out vSAN health checks during the upgrade of an ESXi host by using the vSphere Update Manager. Before introducing this option, if vSAN issues were detected during an upgrade, an entire cluster remediation failed and the ESXi host that was upgraded stayed in maintenance mode.
• vSphere Health Аlarm and Categories: vCenter Server 6.7 Update 2 adds an alarm in the vSphere Client when vSphere Health detects a new issue in your environment and prompts you to resolve the issue. Health check results are now grouped in categories for better visibility.
• With vCenter 6.7 Update 2, you can now publish your VM templates managed by Content Library from a published library to multiple subscribers. You can trigger this action from the published library, which gives you greater control over the distribution of VM templates. The published and subscribed libraries must be in the same linked vCenter Server system, regardless if on-prem, on cloud or hybrid. Work with other templates in content libraries does not change.

Source: VMware Blog post

More from ESX Virtualization

• What is VMware vCenter Convergence Tool?
• What is VMware Platform Service Controller (PSC)?
• What is vCenter Embedded Linked Mode in vSphere 6.7?
• VMware vExpert 2019 – This is vExpert x11
• How To Reset ESXi Root Password via Microsoft AD
• How to Patch VMware vCenter Server Appliance (VCSA) 6.7 Offline

Stay tuned through RSS, and social media channels (Twitter, FB, YouTube)