vce vision intelligent operations version 2.6.5 release · pdf filevce vision ™...

www.vce.com

VCE Vision™ Intelligent OperationsVersion 2.6.5Release Notes

Document revision 1.0

May 2015

VCE CONFIDENTIALSubject to Confidentiality Use Restrictions

Revision history

Date Document revision Description of changes

May 2015 1.0 Maintenance release for VCE Vision™ Intelligent Operations Version 2.6.

VCE Vision™ Intelligent Operations Version 2.6.5 Release Notes Revision history

2VCE CONFIDENTIAL

Subject to Confidentiality Use Restrictions© 2015 VCE Company, LLC.

All Rights Reserved.

Contents

Introduction.................................................................................................................................................4

Accessing VCE documentation.................................................................................................................5

What's new.................................................................................................................................................. 6New in version 2.6.5 release.................................................................................................................. 6

Known issues in this release.....................................................................................................................8

Fixed issues.............................................................................................................................................. 13Fixed issues in this release.................................................................................................................. 13

Appendix....................................................................................................................................................14

Contents VCE Vision™ Intelligent Operations Version 2.6.5 Release Notes

3© 2015 VCE Company, LLC.

All Rights Reserved.VCE CONFIDENTIAL

Subject to Confidentiality Use Restrictions

Introduction

This document provides information about the VCE Vision™ Intelligent Operations Version 2.6.5 releaseincluding:

• Release information about the following components of the VCE Vision software suite:

— VCE Vision™ System Library

— VCE Vision™ Plug-in for vCenter

— VCE Vision™ Compliance Checker

— VCE Vision™ Adapter for vCenter Operations Manager

— VCE Vision™ RCM Content Pre-positioning

• Information about new features delivered in the release.

• Known issues and steps to work around them.

• Fixed issues in this release.

The target audience for this document includes VCE customers and VCE teams working with customersand certified partners.

The VCE Glossary provides terms, definitions, and acronyms that are related to the Vblock System.

To suggest documentation changes and provide feedback on this book, send an e-mail to [email protected]. Include the name of the topic to which your comment applies.

VCE Vision™ Intelligent Operations Version 2.6.5 Release Notes Introduction

4VCE CONFIDENTIAL



mailto:[email protected]

Accessing VCE documentationSelect the documentation resource that applies to your role.

Role Resource

Customer support.vce.com

A valid username and password are required. Click VCE Download Center to access thetechnical documentation.

VCE Partner partner.vce.com

A valid username and password are required.

Cisco, EMC, VCE, orVMware employee

portal.vce.com

VCE employee sales.vce.com/saleslibrary

or

vblockproductdocs.ent.vce.com

Accessing VCE documentation VCE Vision™ Intelligent Operations Version 2.6.5 Release Notes




http://support.vce.com

https://partner.vce.com/

https://portal.vce.com/

https://sales.vce.com/saleslibrary/

http://vblockproductdocs.ent.vce.com

What's new

New in Version 2.6.5Find out what new features and content are available in this version of VCE Vision software.

Note: For information about features and content delivered in earlier releases, see previous versions ofthe VCE Vision™ Intelligent Operations Release Notes.

Features and content Description

Platform support As part of this release, VCE Vision software now supports the followingVblock® Systems, components, and features:

• Cisco C220/C240 M4 Rack Servers

• Cisco UCS B200 M4 Blade Server for Vblock Specialized Systemsfor Extreme Applications (VSS XAPP)

• Cisco MDS 9710 Multilayer Director Switch

• Vision Multi UCS Domain Support

• VCE™ Technology Extension for EMC XtremIO storage

VCE Collection Tool As part of this release, the VCE Collection Tool adds support for thefollowing components:

• VCE™ Technology Extension for EMC XtremIO storage

• VCE™ Technology Extension for EMC Isilon storage

Enhancements and bug fixes • This release contains fixes for two security vulnerabilities found inVCE Vision software. These vulnerabilities could lead to thedisclosure of sensitive information and it is advised that allinstallations prior to Version 2.6.5 be updated to this release toensure secure operations.— CVE-2015-4056 resolves cryptographic issues that could be

exploited by authenticated, administrative users to obtaincredential information.

— CVE-2015-4057 resolves a cleartext transmission issue in thePlug-in for vCenter for VCE Vision software that could beexploited by attackers to obtain password information.

For more information about the CVEs, see the National VulnerabilityDatabase.

• Security updates have also been applied to address a set ofvulnerabilities to the Linux kernel, NSS, and OpenSSL componentsof the VCE Vision virtual machine. For more information, see the Appendix (see page 14) for a detailed list of CVE identifiers.

• In the VCE Vision™ Adapter for vCenter Operations Manager, theseverity of alerts is not being reported correctly. When incomingevents do not have any severity set, VCE Vision software applies ageneric severity status of Info as the default (<category>Info</

VCE Vision™ Intelligent Operations Version 2.6.5 Release Notes What's new

6VCE CONFIDENTIAL



https://web.nvd.nist.gov/view/vuln/search


Features and content Description

category>). Additionally, the significance of events cannot bedetermined while using the Adapter for vCenter OperationsManager to monitor this event stream.

To address this issue, the following enhancements have beenmade:— A timestamp has been added to each alert.— Additional information is provided to the events that VCE Vision

software forwards to the Adapter for vCenter OperationsManager in the following order: Time stamp >Object Identifier> Event Message > Event Data List.

• A number of known issues and defects are resolved in this versionof VCE Vision software. For more information, refer to Fixed issuesin this release (see page 13).

What's new VCE Vision™ Intelligent Operations Version 2.6.5 Release Notes




Known issues in this releaseKnown issues are defects and bugs that exist in VCE Vision software.

The VCE Vision software development teams are actively working to resolve these known issues. In themeantime, you should review these known issues before getting started with the current version of VCEVision software. For each known issue, there is a symptom that describes the behavior you mightencounter, a list of possible causes, and, when available, a recommended action to help you work aroundthe issue.

System Library

Symptom Possible Causes Recommended Action

VCE Vision software Version 2.6.5fails to discover EMC VNX OEControl Station that has 8.1.6firmware installed.

This is the result of a known issue. None

During an upgrade, an errormessage displays in the log file asfollows:

error: Faileddependencies:kernel-firmware >=2.6.32-504.16.2.el6 isneeded bykernel-2.6.32-504.16.2.el6.x86_64

This error appears because the check runs too earlyin the upgrade process.

The new kernel and its dependencies are installedafter the upgrade completes

None

Discovery may fail on Cisco Nexus1000V and 5000K Series Switches.

This is the result of a slow response from the Nexusswitches being discovered.

None

Vision discovery cannot discoverstorage array block side when thefile side ECOM server fails.


When performing discovery, theFMAgent.log file may notdisplay the message that discoveryhas reached 100% completion.

This is the result of an issue with discovering thelast component in the vblock.xml file.

None. Discovery hasbeen completed – it isonly the message thatis not printed to theFMAgent.log.

An error message is not returnedwhen a UCSM on a Vblock 300 ora Vblock 700 has not sufficient diskspace to successfully execute a logcollection request.


VCE Vision™ Intelligent Operations Version 2.6.5 Release Notes Known issues in this release

8VCE CONFIDENTIAL




System Library discovery isdisabled.

When the user runs the startFMagent script,they do not get a prompt that the End User LicenseAgreement (EULA) has not been accepted.

Run thestartEulaAcceptance script and acceptthe EULA.

On a Cisco Nexus 5K, the VLANdiscovery intermittently fails.

The following SNMP getmany command for VLANdoes not return consistent output from the CiscoNexus 5K switch:

# getmany -v2c -timeout 100 -retries 10.11.36.70 publicciscoMgmt.46.1.3.1.1.4.1

None

The configTool only includes theNexus 3K switch when AMP-2P,AMP-RP, and AMP-2HA areinstalled.

The Nexus 3K is not supported when it is installedwith the AMP-2V.

When prompted: Doyou want toinclude amanagementcomponent inthisconfiguration?Type s to skip this step.

The following VNX2 filecomponents are not displaying inthe REST API:

• PSU

• IO module

• SFP

This issue may be due to defects in the EMCECOM/SMI-S provider.

None

The System Library does notdiscover port-to-port connectionsfor Cisco Nexus 9300 switches andVMAX3 connectivity is notsupported.

This is the result of a known defect. Not applicable

Plug-in for vCenter


When the security hardening profile runsa scan on the Vblock® System 540, theVCE VBlock(TM) System SecurityGuide - Configuration profile runs butthe Cisco Nexus 1000V tests fail.

This is the result of a knownissue.

1 Copy the profile.

2 In the Edit Profile window, clickDeselect All for the CiscoNexus 1000V tests

3 Click Finish.

Known issues in this release VCE Vision™ Intelligent Operations Version 2.6.5 Release Notes





When the security hardening profile runsa scan on the Vblock System 540, the(Default) Manufacturing Configurationfor VCE VBlock(TM) System SecurityGuide profile fails to run when a CiscoNexus 1000V component is not found.


1 Copy the profile.

2 In the Edit Profile window, clickDeselect All for the CiscoNexus 1000V tests.

3 Click Finish.

The VPM list command intermittentlydisplays errors.


None

A health score of 100 is displayed forunreachable Vblock Racks.

This is the result of a knowndefect.

None

A health score of 100 is displayed forunreachable network switches.

This is the result of a knowndefect.

None

The search icon in the bottom left of thelist view does not work.

This is the result of a knownframework limitation.

Use the Search feature at the topright corner of the window.

An error occurs when saving a profile. If an ampersand is used in whentailoring a profile in regularexpression, you will not be ableto save the profile.

Use the word and instead of &.

Compliance Checker


Compliance content install fails when thecontent is upgraded or reinstalled.

A non-VCE profile is selected asdefault in the vSphere Client.

1 In the vSphere Client, navigateto the Compliance Profilestab.

2 Select a VCE-signed profile asthe default setting.

3 Install the new compliancecontent on the System Libraryvirtual machine.

Note: Refer to the VCEVision™ IntelligentOperations InstallationGuide for moreinformation oninstalling thecompliance content.

Note: You can reset the defaultprofile to a non-VCE profileafter completing Steps 1 to3.


10VCE CONFIDENTIAL




The Plug-in for vCenter compliance reportdoes not scroll horizontally.

This defect is as a result of aknown issue.

None

Compliance scans for switches indicatefailures for all read-write SNMPcommunity strings.

Compliance reports show that allread-write SNMP communitystrings fail if at least one read-write string is set to ‘private’.

This issue is the result of alimitation within the OpenVulnerability and AssessmentLanguage (OVAL) that theCompliance Checker uses.

The limitation causes theCompliance Checker to showcompliance for all SNMPcommunity strings, not individualcommunity strings. As a result, ifone community string causes afailure, the Compliance Checkerreports a failure for allcommunity strings.

This issue does not affect theoverall result of the compliancescan. Your Vblock System is notcompliant if any read-write SNMPcommunity strings have a value of‘private’.

For this reason, you should changeall the read-write SNMP communitystrings to values other than thedefault of ‘private’.

VCE Collection Tool


An error appears when collecting logsfrom the Control Station.

Control Station (CS) 0 is not thePrimary Control station.

Manually collect Control Station 1logs from the actual device.

Known issues in this release VCE Vision™ Intelligent Operations Version 2.6.5 Release Notes




RCM Content Pre-positioning


When internet proxy settings aremisconfigured and you click Download inthe RCM Content widget, no content islisted as available for download. An errormessage is not displayed.

This issue occurs when the proxysettings are incorrectlyconfigured in the Asset Managerproperties files.

Configure the proxy settingscorrectly. Refer to the VCE Vision™

Intelligent OperationsAdministration Guide for moreinformation.

After upgrading VCE Vision software, thefollowing messages are written to thepatch.log file:

error: Failed dependencies:vce-upgrade-manager is needed byvce-asset-manager-2.6.0-XXXX.x86_64

vce-vision-repo is needed byvce-asset-manager-2.6.0-XXXX.x86_64

These error messages are theresult of a known issue with theinternal check that VCE Visionsoftware performs during theupgrade process and do notindicate an actual problem withthe upgrade.

Ignore these error messages. Nouser action required.

VCE Vision software does not display anerror message if it cannot connect to theRCM content distribution network (CDN).

This issue is the result of aknown defect.

If your environment uses a proxyserver for external network access,ensure that you configure VCEVision software to use a proxyserver. Refer to the VCE Vision™

Intelligent OperationsAdministration Guide for moreinformation.

Confirm all other network andconfiguration settings are correct. Ifthis issue persists and VCE Visionsoftware cannot connect to theCDN, contact VCE Support andprovide the log files.


12VCE CONFIDENTIAL



Fixed issues

Fixed issues in this releaseFixed issues are defects and bugs that exist in previous versions but are resolved in the 2.6.5 version ofVCE Vision software.

Note: For information about fixed issues in earlier releases, see previous versions of the VCE Vision™

Intelligent Operations Release Notes.

Product Fixed issues

System Library • An incorrect health status of Minor is returned when a storage arrayand virtualizer are in an operable state.

• The REST API displays a Not Collected state on VNXe.

• UCS Compute System displays the following values:OperStatus=Minor and CalculatedStatus=Critical.

• A C-Series log collection request will fail if the ComponentTag in thexblock.xml has a period [.]

• Validation breaks when the configTool is used to edit an existing file witha name other than vblock.xml.

• The REST API user sees an unauthorized error message when trying toaccess an Active Directory group.

• If you replaced your VCE self-signed certificate with a trusted certificate,you need to repeat this procedure if you upgrade to the 2.6.5 version ofVCE Vision software. For details on using a third party signed certificate,see the VCE Vision™ Intelligent Operations Administration Guide.

VCE Vision™ Adapter for vCenterOperations Manager

• VCE Vision forwards incorrect metric values to the Adapter for vCenterOperations Manager, raising false alerts.

• The Plug-in for vCenter contains null pointer exceptions in the log files.

Fixed issues VCE Vision™ Intelligent Operations Version 2.6.5 Release Notes




AppendixSecurity updates have been applied to address a set of vulnerabilities to the Linux kernel, NSS, andOpenSSL components of the VCE Vision virtual machine.

The following is a list of CVE identifiers associated with RPM updates that are included in the 2.6.5release. For more information on any of the listed CVEs, go to the National Vulnerability Database andenter the CVE identifier in the Keyboard search field.

Table 1: RPM CVEs remedied

kernel

kernel-headers

kernel-firmware

• CVE-2013-2929, CVE-2013-6381, CVE-2013-7263,CVE-2013-7265

• CVE-2013-1860, CVE-2013-7266, CVE-2013-7270,CVE-2014-0055, CVE-2014-0069,CVE-2014-0101,CVE-2014-2038

• CVE-2013-6383, CVE-2014-0077, CVE-2014-2523

• CVE-2013-6378, CVE-2014-0203, CVE-2014-1737,CVE-2014-1738, CVE-2014-1874, CVE-2014-2039,CVE-2014-3153

• CVE-2014-4699, CVE-2014-4943

• CVE-2012-6647, CVE-2013-7339, CVE-2014-2672,CVE-2014-2678, CVE-2014-2706, CVE-2014-2851,CVE-2014-3144, CVE-2014-3145

• CVE-2014-0205, CVE-2014-3535, CVE-2014-3917,CVE-2014-4667

• CVE-2014-3185, CVE-2014-3611, CVE-2014-3645,CVE-2014-3646

• CVE-2012-6657, CVE-2014-3673, CVE-2014-3687,CVE-2014-3688, CVE-2014-5471, CVE-2014-5472,CVE-2014-6410, CVE-2014-9322

• CVE-2014-4656, CVE-2014-7841

• CVE-2014-3215, CVE-2014-3690, CVE-2014-7825,CVE-2014-7826, CVE-2014-8171, CVE-2014-8884,CVE-2014-9529, CVE-2014-9584, CVE-2015-1421

nss

nss-tools

nss-sysinit

nss-util

nss-softokn

nss-softokn-freebl

nspr

• CVE-2014-1568

VCE Vision™ Intelligent Operations Version 2.6.5 Release Notes Appendix

14VCE CONFIDENTIAL




Table 1: RPM CVEs remedied

OpenSSL • CVE-2015-0287

• CVE-2015-0209, CVE-2015-0286, CVE-2015-0289,CVE-2015-0292, CVE-2015-0293

• CVE-2014-3570, CVE-2014-3571, CVE-2014-3572,CVE-2014-8275, CVE-2015-0204, CVE-2015-0205,CVE-2015-0206

Appendix VCE Vision™ Intelligent Operations Version 2.6.5 Release Notes




www.vce.com

About VCE

VCE accelerates the adoption of converged infrastructure and cloud-based computing models that dramatically reduce thecost of IT while improving time to market for enterprises and service providers globally. Through its leading VblockSystems, VCE delivers the industry's only true converged infrastructure, leveraging Cisco compute and networktechnology, EMC storage and data protection, and VMware virtualization and virtualization management. VCE solutionsare available through an extensive partner network and cover horizontal applications, vertical industry offerings andapplication development environments, enabling customers to focus on business innovation instead of integrating,validating, and managing IT infrastructure.

For more information, go to http://www.vce.com.

© 2015 VCE Company, LLC. All rights reserved. VCE, Vblock, VCE Vision, and the VCE logo are registered trademarks ortrademarks of VCE Company, LLC. and/or its affiliates in the United States or other countries. All other trademarks usedherein are the property of their respective owners.

16VCE CONFIDENTIAL



vce vision intelligent operations version 2.6.5 release · pdf filevce vision ™...

Documents