Alex - stock.adobe.com
VMware Cloud Foundation's most recent release addresses security vulnerabilities found in previous versions. Version 4.3 introduced Federal Information Processing Standards for all components and includes all security patches since the last release to address vCenter Server and VMware vRealize Operations Manager vulnerabilities. VCF 4.3 also made improvements to vSphere Lifecycle Manager to better address any potential security risks associated with images imported from unknown sources.
VMware Cloud Foundation (VCF) is VMware's fully supported instantiation of the Cloud Foundry architecture delivered through VMware Tanzu. The product went through multiple iterations to become an open source product and the Cloud Foundry Foundation eventually assumed stewardship of the code base in 2015.
Security is one of the biggest reasons to upgrade to VCF 4.3. VMware identified two vulnerabilities in vCenter Server in early 2021 and another vulnerability in VMware vRealize Operations Manager in August. You can apply these security patches without upgrading to VCF 4.3, but best practice dictates you should update your software to its current versions from a supportability perspective.
The building blocks of VCF 4.3
VMware ESXi and vCenter Server make up the core foundation of VCF; the product covers all bases from the hypervisor to networking to storage. VMware NSX-T Data Center provides the networking capabilities while VMware vSAN provides storage.
Several vRealize components, including vRealize Automation, vRealize Log Insight and vRealize Operations Manager, provide the necessary tools to automate operations.
These individual products function together to help implement VCF. Each product runs on the same VMware infrastructure used to provision VMs. While some of the terminology may differ, you still need physical machines that run the ESXi hypervisor as the VCF.
VCF 4.3 new updates and features
The VCF 4.3 release changed the implementation of some features, such as Application Virtual Networks (AVN), to provide greater network flexibility. VCF previously deployed and configured AVNs during initial deployment.
With VCF 4.3 you can create and manage an AVN after initial deployment using the software-defined data center (SDDC) Manager to address changing requirements. Another network-related enhancement is NSX Edge Node management in NSX Edge Clusters. This addresses the need to scale NSX resources as needed.
VCF 4.0 was the first version to introduce Kubernetes. Later releases focused on building out functionality and providing additional security updates. FIPS 140 is a security standard maintained by the U.S. government for cryptographic software certification. VCF 4.3 now supports enablement of FIPS support for all supported components. VCF 4.3 also includes all security patches issued since the last release.
VCF 4.3's vSphere Lifecycle Manager improvements address the issue of maintaining fully patched and updated images when you deploy new nodes. This feature helps address any potential security risks associated with images imported from unknown sources. VMware resolved a small number of issues from previous releases but the list of known issues remains quite long. Refer to the VCF 4.3 release notes to see if any of those known issues affect your installation.
Why you should upgrade to VCF 4.3
A main reason to update to VCF 4.3 is to ensure your workloads remain secure. Many organizations require you to keep up with software releases within a certain amount of time to maintain your warranty support. Even though VCF 4.3 is mostly maintenance updates, it does provide a single source for all security patches.
VMware offers an upgrade path to VCF 4.3 for all versions back to 4.1. If you have an older version, you must upgrade the management domain and all VM workload domains to version 4.1 before you upgrade to VCF 4.3.