VMware vSphere 6.7 Update 2 – What’s new? (Hint: Lots!)

It’s been just under 6 months since the release of vSphere 6.7 Update 1

Today, we have vSphere 6.7 Update 2 so what’s new?

New vSphere edition – vSphere ROBO Enterprise

There are two vSphere features that are now available in a new ROBO (Remote Office, Branch Office) Enterprise edition:

DRS in Maintenance Mode

  • Only available in vSphere ROBO Enterprise.
  • Can automatically move VMs to other hosts when a host goes into maintenance mode (and back again automatically) This is achieved by automatically creating VM-Host affinity rules. This basically keeps track of VMs moved for maintenance and moves them back once the host comes back online.
  • The usual vMotion requirements apply here.
  • Cannot be configured (No UI), all done behind the scenes

VM Encryption

  • VM home and VMDK encryption for ROBO
  • KMS required
  • Completely guest OS agnostic
  • UI / PowerCLI Managed


vCenter Server Architecture updates

There are several noteworthy changes in the vSphere 6.7 Update 2 release for vCenter Server:

PSC Converge tool now available in vCenter Server UI

  • You can now converge an external PSC topology into an Embedded topology right from the vCenter Server UI

  • You can also perform the necessary PSC decommissioning steps from the UI

  • All of this is available from the System Configuration Section of the vCenter Server HTML5 Interface
  • You can also see your PSC and vCenter Server topology in a graphical and tabular view from within the vCenter Server HTML UI
  • Deploying an external Platform Services Controller will no longer be an option in a future vSphere major release


File-based backup and restore for vCenter Server – Improvements

There are 2 main improvements here:

  • New file level storage protocols that you can backup the VCSA onto: NFS v3 and SMB
  • Notifications / Alarms on backup job success and failure. The alarms can be customised, similar to the traditional vCenter Server alarms to include (Send an email, Send SNMP trap & Run a script on success or failure)


New alarms and categories for vSphere Health

  • vSphere health introduces an “acknowledgement” option for vSphere health alarms, just like normal Alarms within vCenter Server
  • The new health categories include:
    • Online Availability
    • Compute
    • Network
    • Storage
  • The new health alarm categories help to organise vCenter related issues for ease of management


Content Library Improvements – VMTX Template Distribution

  • Content library is becoming more widely adopted, with that in mind VMware have introduced VM Template (VMTX) syncing.
  • This means that VM templates will now be automatically synchronised between on-prem and on-prem vCenter Servers and also from on-prem to VMware Cloud on AWS


vSphere Client – Code Capture & API Explorer

  • The HTML vSphere Client now features “code capture” ability (Taken from the VMware Fling). This means you can start a code capture, perform a task in the vSphere client and export the code that was used to perform that task. This is very useful for generating the code that you can later use to automate certain vSphere tasks.
  • The API Explorer (Accessible in the vSphere Client under “Developer Center”) is an easy to use API search tool which lets you search for key API calls, including executing examples to test certain calls.


vSphere Update Manager – Improvements

Update Manager has been included with vCenter Server deployments for quite some time now but there are some improvements in vSphere 6.7 Update 2

  • UI improvements include Attach, compliance check and remediation, all from the same screen
  • You can now also attach and remediate multiple baselines at the same time
  • During remediation, it is now possible to disconnect removable media from Virtual Machines, Enable Quickboot and skip the vSAN HealthCheck


VMware Tools – Changes

With Windows Server 2016, the PVSCSI and VMXNET3 drivers are now updated via Windows update, reducing patching operations and maintenance times

VMware tool for Linux (.TAR) version will no longer be developed after VMware Tools 10.3.10. This is because OpenVM Tools is widely available and updatable via your preferred package update manager


Host Profiles – VMK0 bugfix

Host profiles in vSphere 6.7 Update 2 have had a bugfix applies which will no longer delete VMK0 when host profiles are applied to hosts


Security Enhancements

  • Windows Server 2019 and RHEL 8 are now fully supported in vSphere 6.7 Update 2
  • Password History & Reuse limits can now be applied
  • Additional SSO events are logged in vCenter Server logging
  • ESXi certification API improvements
  • vCenter Server CSR generation is now available via the vSphere Client UI
  • vSphere 6.7 Update 2 introduces CPU Vulnerability mitigation while maintaining performance. This is available via a new CPU scheduler.
  • AppDefense Integration for VMware tools is available in vSphere Platinum
  • “Adapted allowed” behaviour is now available in AppDefense
  • NIAP Certification is available for Government customers (Letter of intent is available for non-government customers)

Performance Improvements

  • 40 & 100Gb Ethernet and RDMA support
  • VM Compatibility version 15
    • 256 vCPUs per Virtual Machine
    • 6TB RAM per VM
    • SAP HANA Support


Further reading

For more information on vSphere 6.7 Update 2, including upgrade paths and support, check the following VMware sites:




Comments are closed.