VMware Cloud Foundation 4.4 Released

VMware Cloud Foundation 4.4 is now GA!

VCF 4.4 features log4j fixes for the entire BOM.

VCF 4.4 also features flexible upgrades for the vRealize Suite. You can now upgrade vRS products without waiting for a new VCF BOM to be released.

SSH is finally disabled on the ESXi hosts. Do note that some operations still require SSH, the workflows will enable and disable SSH automatically, but if you’re firewalling please enable SSH.
If you need to enable SSH on the hosts again, you can use the sos tool:
/opt/vmware/sddc-support-sos --enable-ssh-esxi --domain-name <name>

Something that has been requested for a long time, 2-node clusters are now supported. This applies to clusters with the following principal storage: vVol, NFS and VMFS on FC. vSAN is not supported for 2-node clusters. Another requirement for 2-node clusters is to use vSphere Lifecycle Manager Image Mode.

Multi-Instance Management (VCF Federation) is now fully deprecated and removed from the SDDC Manager UI and code base. My recommendation is to use the vROps SDDC Health Management Pack, see: Managing VCF with vRealize Operations and the SDDC Health Management Pack and VMware Cloud Foundation Dashboards.

You can upgrade to VCF 4.4 from ≥4.1.0.0.

What’s New

• Flexible vRealize Suite product upgrades:  Starting with VMware Cloud Foundation 4.4 and vRealize Lifecycle Manager 8.6.2, upgrade and deployment of the vRealize Suite products is managed by vRealize Suite Lifecycle Manager. You can upgrade vRealize Suite products as new versions become available in your vRealize Suite Lifecycle Manager. vRealize Suite Lifecycle Manager will only allow upgrades to compatible and supported versions of vRealize Suite products. Specific vRealize Automation, vRealize Operations, vRealize Log Insight, and Workspace ONE Access versions will no longer be listed in the VMware Cloud Foundation BOM.
  
  
• Improvements to upgrade prechecks: Upgrade prechecks have been expanded to verify filesystem capacity and passwords. These improved prechecks help identify issues that you need to resolve to ensure a smooth upgrade.
  
  
• SSH disabled on ESXi hosts: This release disables the SSH service on ESXi hosts by default, following the vSphere security configuration guide recommendation. This applies to new and upgraded VMware Cloud Foundation 4.4 deployments. 
  
  
• User Activity Logging: New activity logs capture all the VMware Cloud Foundation API invocation calls, along with user context. The new logs will also capture user logins and logouts to the SDDC Manager UI.
  
  
• SDDC Manager UI workflow to manage DNS and NTP configurations: This feature provides a guided workflow to validate and apply DNS and NTP configuration changes to all components in a VMware Cloud Foundation deployment. 
  
  
• 2-node vSphere clusters are supported when using NFS, VMFS on FC, or vVols as the principal storage for the cluster: This feature does not apply when using vSAN as principal storage or when using vSphere Lifecycle Manager baselines for updates.
  
  
• Security fixes: This release includes fixes for the following security vulnerabilities:
  Apache Log4j Remote Code Execution Vulnerability: This release fixes CVE-2021-44228 and CVE-2021-45046. See VMSA-2021-0028.
  Apache HTTP Server: This release fixes CVE-2021-40438.
  
  
• Improvements to reduce SDDC Manager service CPU and Memory usage and decrease inventory load times: Reduces the overall SDDC Manager service resource usage and improves service stability in scaled deployments. Decreases the load times for inventory objects (for example, ESXi hosts, workload domains, and so on) in the SDDC Manager UI.
  
  
• Multi-Instance Management is deprecated: The Multi-Instance Management Dashboard is no longer available in the SDDC Manager UI.
  
  
• BOM updates: Updated Bill of Materials with new product versions.
  

Cloud Foundation Bill of Materials (BOM)

*VxRail Manager only applies to VMware Cloud Foundation on VxRail