I’m a great fan of vSphere-Client a.k.a HTML5 client. The user interface based on project clarity is an eye catcher and the user experience is great. But sometimes you’re forced to use the old Flash based flex-client. Not with latest vCenter Server 6.7 but with older releases like vSphere 6.0.
We were facing compatibility issues between flex-client 6.0 and NSX 6.4.4 although it’s a supported combination.
After installing VMware patches you might see a warning:
XXX esx.problem.hyperthreading.unmitigated.formatonhost not found XXX
Those patches which are addressed in VMware Security Advisory VMSA-2018-0020 migitate a vulnerability named L1TF. Because the patch will result in a performance impact, it is not activated by default. Administrators need to decide what is their main focus: performance or security.
If one decides to have more performance and neglects the potential threat, then it is possible to suppress the warning. Just set advanced option UserVars.SuppressHyperthreadWarning from 0 to 1 and the warning will disappear. This should only be done after reviewing KB 55806.
Connect to the vCenter Server using either the vSphere Web or vSphere Client. Switch to “Hosts and Clusters” view and select an ESXi host in your inventory. Select an ESXi host in the inventory.
Click the Manage (5.5/6.0) or Configure (6.5/6.7) tab and then switch to “Settings”. Move to System > Advanced System Settings and enter in the filterbox: VMkernel.Boot.hyperthreadingMitigation.
Select the setting and click the Edit pencil icon. Change the default value (false) to true and click OK.
In order to take effect, the host needs to reboot.
Using PowerCLI is recommended if you have more than one host.
Check current values.
Get-VMHost | Get-AdvancedSetting -Name VMkernel.Boot.hyperthreadingMitigation | Select Entity, Name, Value
The next command will activate the migitation on all hosts without confirmation (be careful!).
A new release of Runecast Analyzer is scheduled for June, 26th. Version number 1.8 will come with a bunch of improvements and new features. Most important new feature will be support for the NSX-V platform. Every important function of vSphere- and vSAN analysis will now be available for NSX-V too.
The Analyzer now detects NSX issues on VMware NSX-V versions 6.2 – 6.4.x
Automated scan and evaluation of the NSX-V Best Practices violations.
Automatic NSX-V VMware Security Hardening profile analysis and reporting
NSX-V DISA-STIG profile analysis and reporting
Automatic discovery of the NSX Managers linked to VMware vCenters
Web-console performance improvements for bigger environments (dozens of ESXi hosts).
vSphere web console Runecast plugin NSX update with a new issue summary widget.