Table of Contents


vCloud Director 10.1 (VCD) has recently been released from VMware, with this release comes some great new features and enhancements. Many of these are items that will greatly enhance our abilities as VCD administrators and allow our tenants through the UI to have a much easier time managing vApps and VMs, including Kubernetes (K8s) clusters, and get much needed features available like VM and disk encryption. Here are a few highlights from the release documents that are going to be major impact for my team.

Please note that as of right now VCD 10.1 does not support vSphere 7.0 or NSX-T 3.0. There will soon be a minor patch that will update VCD in order to allow that functionality.


Appliance and general changes.

As with most things VMware VCD has previously become available as an appliance running on VMware’s Photon OS. If you have not already moved to the appliance it is something I would recommend. Moving away from CentOS/RHEL directly to the appliance makes it a lot easier to manage and upgrade VCD and most procedures/how-to articles are going to be written/designed around the appliance aspect. However, you can still deploy VCD on CentOS/RHEL 6 and 7 at this time if you so desire.

In this version only PostgreSQL databases are supported.

The old flex-based (flash) client has been removed and is no longer supported.

vApp Power Off changes.

Powering off a vApp in VCD will now leave the VMs in the vApp, the VM’s NICs connected to their respective networks and the vApp edge gateways deployed. The powering off of the vApp will also do a reverse-order of the power-up process you have configured.


There is now much stricter SSL certificate processes in VCD 10.1. These changes include depreciation of ‘trust all SSL certificates’ and now require explicit trusting of SSLs via ‘trust-on-first-use’ dialog or tenants can upload certs through the API.

TLS version 1.2 is now the only transport layer supported by default and a specific set of cipher suites are enabled. You can enable older TLS versions and cipher suites via the cell management tool if required.


There are new enhancements to NSX-V to NSX-T migration tool which will allow you to migrate from the older NSX-V, which will soon become deprecated, to the newer NSX-T. The new script is fully automated and is performed against an Organization VDC for single tenant moves. During the migration there will be bridged networks, live migrations, and the ability to do an ‘as-is rollback’ in case of any issues. This should greatly reduce the risk and also allow for minimal downtime for the tenant.

The new NSX-T work flows allow for easier IPsec mgmt, support for dedicated external networks, and make it generally easier to manage cluster and security groups. There are also some great enhancements around IPSec VPN tunnels against specific edges where VCD does all of the commands to NSX-T in order to set it all up.

New UI enhancements

Tenant UI, with its new card design that includes IP info, has new features that allow for better managing of vApps and VMs across all data centers. We are also able edit OVF properties of a vApp/VM and the ability to import a vApp/VM directly from vSphere and we are able to see unexpired templates with the new grid column view.

For those of you who have been haunted by Shadow VMs, the latest version now gives us the ability to delete them.

Automate Proxy Configs.

A new Chrome browser extension is available that allows you to automate proxy configuration, this gives us the ability to get information around proxies and tenant/username/token using the specs from the VCD’s HTML5 UI across multiple sites.

VM Encryption

With 10.1 comes native VCD VM encryption which will allow tenants to encrypt an entire VM or specific VM disk. The VCD provider will need to manage the encryption keys and assign out rights to use this feature on a per-tenant basis in their dedicated vCenter.

App Launchpad

This new feature allows for quick deployments of various software solutions from the VMware Cloud Marketplace, in-house software, and can even connect to the Bitnami Community Catalog. This should make it a lot easier for tenants to find, deploy, and manage inside their portal, regardless of the platform involved.

Container Service Extension (CSE 2.6)

This service has some changes to the Kubernetes cluster tool, which allows you to create and manage the K8s cluster in your configuration. Changes include encryption of credentials, UI plug-in for management (allowing for creation and managing of clusters by tenants via GUI), and ability to update/upgrade versions easily with no more need to flush nodes and redeploy entire K8s configs.

Terraform updates

Recent changes allow for changing org lease policies, flex allocation models, enhanced vApp and VM management including adding routes, disk mgmt, NIC adapter type and full guest customization options!


VCD 10.1 Release Notes.

VCD 10.1 What’s New.