Announcing the General Availability of VMware vSphere 7.0 U3c

Update as of March 31, 2022: VMware has since released vSphere 7.0 U3d which replaces the 7.0 U3c release. It also appears that the 7.0 U3c release is no longer available in certain online repos, as well.

As of January 27, 2022, VMware has officially released vSphere version 7.0 U3c, and this particular release resolves a number of issues that were identified in previous U3 versions. In addition, the Apache log4j components have also been updated to version 2.17 to resolve both CVE-2021-44228 and CVE-2021-45046.

Please be sure to read the release notes carefully and work with your VMware TAM or account team, as upgrade guidance can vary based on the release you’re upgrading from. If you’re upgrading from version 6.5, 6.7, 7.0 GA, or 7.0 U1 to 7.0 U3c, this should be pretty straightforward; Upgrade vCenter Server first, and then upgrade your hosts.

However, if you’re upgrading from 7.0 U2c, 7.0 U2d, or prior releases of 7.0 U3, please read through the release notes and KB 87528 in thorough detail before upgrading. As mentioned in the release notes, there’s now a pre-check script called vSphere_upgrade_assessment.py that should be used to determine if there are any ESXi hosts that require remediation before upgrading the vCenter Server.

In short, the reason behind this has to do with an Intel i40en (or i40enu) driver that was renamed between releases. In some cases, both drivers could exist on the same ESXi hosts, and this could lead to network communication errors. The aforementioned script checks to see if duplicate versions of this driver exist on the hosts. If the driver is found, it’s likely that the hosts will need to be upgraded before you can upgrade the vCenter Server. Also note that the script isn’t able to confirm or check hosts that may be in a disconnected or powered off state, so it’s best to ensure that everything is online and accessible when running this script.

vCenter Server 7.0 U3c | Build 19234570

Release notes: https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-vcenter-server-70u3c-release-notes.html
Documentation: https://docs.vmware.com/en/VMware-vSphere/index.html
Download: https://customerconnect.vmware.com/web/vmware/downloads/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/7_0

ESXi 7.0 U3c | Build 19193900

Release Notes: https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u3c-release-notes.html

Other Blogs and KBs related to the vSphere 7.0 U3c release announcement

Announcing Availability of vSphere 7.0 U3c (blog post):
https://blogs.vmware.com/vsphere/2022/01/announcing-availability-of-vsphere-7-update-3c.html
vSphere 7 Update 3 – What’s New (blog post):
https://core.vmware.com/blog/vsphere-7-update-3-whats-new
Using the vSphere_upgrade_assessment.py script | VMware KB 87258: https://kb.vmware.com/s/article/87258
Important list of Knowledge base articles identified for vSphere 7.0 U3c release | VMware KB 87327: https://kb.vmware.com/s/article/87327

Advertisement

vRealize Suite 8.6.2 Updates

With the onslaught of log4j updates that have been coming out since mid-December 2021, many VMware customers have been anxiously awaiting product updates and workarounds for the vRealize Suite of products.

As of January 18, 2022, all of the products that make up the vRealize Suite are now available at version 8.6.2. Or, in the case of vRealize Network Insight (vRNI), version 6.5.

vRealize Lifecycle Manager (vRLCM) 8.6.2

In version 8.6.1 that was released on January 14, 2022, the log4j components have been updated to version 2.17 to resolve CVE-2021-44228 and CVE-2021-45046. The new 8.6.2 release of vRLCM (January 19, 2022) adds support for vRA 8.6.2, vRA SaltStack Config 8.6.2, vRLI 8.6.2, vROps 8.6.2, vIDM 3.3.6, as well as vRNI 6.5.

Release notes: https://docs.vmware.com/en/VMware-vRealize-Suite-Lifecycle-Manager/8.6/rn/VMware-vRealize-Suite-Lifecycle-Manager-862-Release-Notes.html
What’s New in vRLCM 8.6? (blog post): https://blogs.vmware.com/management/2021/10/whats-new-in-vrealize-suite-lifecycle-manager-8-6.html
Documentation: https://docs.vmware.com/en/VMware-vRealize-Suite-Lifecycle-Manager/8.6/com.vmware.vrsuite.lcm.8.6.doc/GUID-5E1CB756-CE86-430D-89C0-DE3831C33738.html
Download: https://customerconnect.vmware.com/downloads/details?downloadGroup=VRSLCM-862&productId=938&rPId=82496

vRealize Automation (vRA) 8.6.2

In the new 8.6.2 release of vRealize Automation and vRealize Orchestrator, the log4j components have been updated to version 2.17 to address both CVE-2021-44228 and CVE-2021-45046.

Release notes: https://docs.vmware.com/en/vRealize-Automation/8.6.2/rn/vmware-vrealize-automation-862-release-notes/index.html
What’s New in vRealize Automation, OCT 2021 (blog post): https://blogs.vmware.com/management/2021/10/whats-new-with-vrealize-automation-october-2021.html
Documentation: https://docs.vmware.com/en/vRealize-Automation/index.html
Download: https://customerconnect.vmware.com/downloads/info/slug/infrastructure_operations_management/vmware_vrealize_automation/8_6

vRealize Operations (vROps) 8.6.2

In this new 8.6.2 release of vRealize Operations, the log4j components have been updated to version 2.16 to address both CVE-2021-44228 and CVE-2021-45046. In addition to log4j, there were other security and product improvements in this release, as well. See VMware KB 87154 for more information.

[Update as of 26-JAN-2022]: I just learned that there’s a vROps 8.6 Hot Fix 1 that will update the log4j components to version 2.17. There are also a few other issues that are resolved in this hot fix patch. The full details of this vROps 8.6 Hot Fix 1 can be found in VMware KB 87358.

Release notes: https://docs.vmware.com/en/vRealize-Operations/8.6.2/rn/vrealize-operations-862-release-notes/index.html
What’s New in vRealize Operations 8.6? (blog post): https://blogs.vmware.com/management/2021/10/whats-new-in-vrealize-operations-8-6.html
Documentation: https://docs.vmware.com/en/vRealize-Operations/index.html
Download: https://customerconnect.vmware.com/downloads/info/slug/infrastructure_operations_management/vmware_vrealize_operations/8_6
vROps 8.6 HF1 can be obtained via the VMware Patch Portal.

vRealize Log Insight (vRLI) 8.6.2

This new 8.6.2 release of vRealize Log Insight is technically a maintenance-only release, as the log4j components have been updated to version 2.17 to address both CVE-2021-44228 and CVE-2021-45046. No other additional features were added in this specific release.

Release notes: https://docs.vmware.com/en/vRealize-Log-Insight/8.6.2/rn/vRealize-Log-Insight-862.html
Announcing vRealize Log Insight 8.6 and Cloud: https://blogs.vmware.com/management/2021/10/announcing-vrealize-log-insight-v8-6-and-log-insight-cloud.html
Documentation: https://docs.vmware.com/en/vRealize-Log-Insight/index.html
Download: https://customerconnect.vmware.com/downloads/details?downloadGroup=VRLI-862&productId=1204

vRealize Network Insight (vRNI) 6.5

The new release of vRealize Network Insight 6.5 not only updates the log4j components to version 2.17, but also adds several new features and capabilities. Some of these features include added support for monitoring and troubleshooting NSX Advanced Load Balancer, support for Cisco ACI, support for Check Point Firewall, and much more. Be sure to visit the release notes for the full list of capabilities and enhancements.

Release notes: https://docs.vmware.com/en/VMware-vRealize-Network-Insight/6.5/rn/vmware-vrealize-network-insight-65-release-notes/index.html
Announcing vRealize Network Insight 6.5 and Cloud: https://blogs.vmware.com/management/2022/01/announcing-vmware-vrealize-network-insight-6-5-and-cloud.html
Documentation: https://docs.vmware.com/en/VMware-vRealize-Network-Insight/index.html
Download: https://customerconnect.vmware.com/downloads/info/slug/infrastructure_operations_management/vmware_vrealize_network_insight/6_x

As always, I hope you found this content useful and thanks for stopping by!

PowerCLI: Find Host Profiles and Versions in vCenter

As part of our planned upgrade to vSphere 6.7, we needed the ability to quickly scan the various vCenter Servers for host profiles that may be configured for version 5.5 or older. According to the vSphere 6.7 Release Notes, if these older host profiles are found, the vCenter pre-upgrade check will fail.

Continue reading “PowerCLI: Find Host Profiles and Versions in vCenter”

PowerCLI: Find VMs Based on Virtual Hardware Version

Hello again, everyone! For my fifth post for this year’s #BlogtoberTech challenge, I decided to share a script I recently wrote that seeks out virtual machines in a vSphere environment based on a specific virtual hardware version. This sort of ties in with the BIOS and UEFI scripts I wrote earlier in the year to seek out VMs that may still be open to the Spectre/Meltdown vulnerabilities (virtual hardware version 8 or older). Or perhaps someone wants to seek out VMs that may be good candidates to enable Secure Boot (virtual hardware 13 or newer with EFI boot firmware configured).

In the initial version of this script, I ask the user to pick the vCenter to connect to, the datacenter object to scan, and then the virtual hardware version to seek out. If VMs of virtual hardware are found, the user has the option of exporting the results to a CSV file. Otherwise, a dialog box will appear (via Out-GridView) that shows the results of the can. If, however, no VMs with a specified virtual hardware version are found, it will simply let the user know that “No VMs with virtual hardware were found.”

As usual, the latest version of this script can be found over on my GitHub page, but here’s the script as it was written at the time of this post:

Continue reading “PowerCLI: Find VMs Based on Virtual Hardware Version”

My Upcoming Central PA VMUG Presentation

Hey everyone! I wanted to spread the word about my upcoming presentation at the Central PA VMUG on Thursday, November 1st in State College! Last year, I spoke at the Pittsburgh VMUG on the topic of PowerCLI and my journey into scripting. This year, I plan on revisiting that presentation with several new updates and maybe even do live demo (assuming I can get my home lab completely set up and configured in time)! Plus, I’m looking forward to catching up with the Central PA VMUG crew as well as meeting many others in the #vCommunity!

For those who may not know, October 2017 was my first time ever presenting at a local VMUG meeting. In fact, I wasn’t really engaged in the VMware Community all that much until about April 2017, when I started my blog and began using Twitter a lot more. Sure, I’ve been using VMware’s products and services since about 2010, but the only real ‘engagement’ I’ve done in the community was attend the occasional VMUG or UserCon.

Continue reading “My Upcoming Central PA VMUG Presentation”

My First VMworld Experience

IMG_E6898I’ve been wanting to write about my first-ever VMworld experience even before the plane departed from McCarran airport, but I just couldn’t seem to find the time to actually sit down and “put my thoughts to paper” as they say. I can’t believe it’s already been a month since the conference events first kicked off in Las Vegas! The time sure does fly by! But, I at least wanted to share my experience with others who maybe haven’t been to a VMworld conference yet, or who might be going for the first time next year. (Hey, you never know!)

Continue reading “My First VMworld Experience”

PowerCLI: Find BIOS-Enabled VMs

This script is an idea that spun off of my previous post, PowerCLI: Find UEFI-Enabled VMs. If you’re preparing to enable Secure Boot in a VMware environment, it may be helpful to identify the VMs that cannot be upgraded. As you might recall, enabling secure boot requires the following:

  • VMware vSphere 6.5 or higher
  • Virtual hardware version 13 or higher
  • VMs need to be configured with EFI boot firmware

Continue reading “PowerCLI: Find BIOS-Enabled VMs”

PowerCLI: Find UEFI-Enabled VMs

With all the news regarding the Spectre and Meltdown CPU vulnerabilities over the past several months, there’s been a greater focus to get VMware virtual machines to virtual hardware version 9 or higher, as noted by Andrea Mauro’s post¬†regarding these vulnerabilities. In addition to that, several companies and organizations may be looking to enable Secure Boot, a feature first introduced with vSphere 6.5. However, in order to enable secure boot, the virtual machine needs to be configured with both EFI boot firmware AND be on virtual hardware version 13 or higher.

Continue reading “PowerCLI: Find UEFI-Enabled VMs”