At VMworld 2013 in San Francisco VMware unveiled vSphere 5.5, the successor to vSphere 5.1. Customers are now chomping at the bit for vSphere 5.5 upgrade information. Of great anticipation was what VMware did to the vSphere 5.1 SSO service to address common complaints.
If you’ve been living under a rock, or haven’t tried vSphere 5.1, you’ve been missing out. While vSphere 5.1 brought a great number of new features to the table, it also brought a wee bit of frustration surrounding the new SSO (Single Sign-On) service and SSL certificates.
Exactly one year later we now have vSphere 5.5 dropped in our lap. Last year I put countless hours into writing a 15-part vCenter 5.1 install series, which earned me the nickname “SSL Guy” at VMworld. The amount of traffic that series continues to get floors me, and I’m glad the community has found it useful.
This year I will endeavor to one up myself, and do a better job with 5.5. Now that SSO and SSL are bit better understood (by myself and VMware), and massively improved, I shouldn’t have to revise the articles on a weekly basis like I did for the 5.1 series. I hope this series proves even clearer, more accurate, and fills in the gaps that VMware documentation sometimes has.
I’ve created a shortened permalink that you can use for quick reference: vexpert.me/Derek55 for this series. Feel free to use however you like…PowerPoint slides, email, etc. If you find this series helpful, please spread the word.
UPDATE November 3, 2013: VMware released vCenter 5.5a, to correct some bugs with SSO and other services. Please use the 5.5a media and not the 5.5 GA media. Find out more here.
The exact number of installments and what I’ll cover is a bit fluid at the moment. But at a minimum it will cover the following topics:
- Upgrade or fresh install?
- Deep dive on what’s new in SSO 5.5
- vCenter upgrade best practices and tips
- ESXi upgrade best practices and tips
- Right sizing your WS2012 vCenter VM (think big)
- Creating vCenter SSL certificates (remember the 5.1 days)
- VMware vCenter Certificate Automation Tool (hair loss reduction tool)
- Manual SSL certificate replacement process
- Using a SQL 2012 AlwaysOn Failover Cluster for the vCenter database
- Installing the full vCenter stack of software on Windows Server 2012 (not R2)
- Configuring VUM
- ESXi host SSL certificate replacement
- Deploying the vCenter Server Appliance (VCSA)
- ..and possibly more…such as VSAN or vFlash Read Cache
I am fully anticipating the vSphere 5.5 installation will be easier, quicker, and cause less hair loss. If you are lucky it might even re-grow hair lost during your vSphere 5.1 deployment. I shall report my results after this series is complete.
While I have two entire blog posts dedicated to upgrade best practices and tips, the step-by-step instructions will assume a fresh install. This is the VMware recommended approach, but doesn’t work for everyone. Upgrade how-to’s are not very valuable, IMHO, since customer configurations will wildly vary. This is particularly true with SSO 5.1 and the many deployment options, coupled with little VMware best practices around SSO 5.1.
VMware now officially supports SQL 2012 AlwaysOn failover clusters (using shared storage) for the vCenter database. It does NOT support AlwaysOn Availability groups or database mirroring. To that end I recently wrote a soup to nuts guide (12 parts) on how to install a SQL 2012 Failover Cluster on Windows Server 2012. If that’s something you want to do, you can dive head first into that while waiting on me to post the next vCenter installation installments. Many of you may not be clustering experts, so it should be enough to get you all the way up, with a ton of best practices incorporated. Here’s a quick reference chart for all of the SQL 2012 HA/DR options.
Best Practices Video
You can also check out this 20 minute video from VMware on vCenter 5.5 best practices. There’s also an accompanying KB article that has some good details as well. You can find that here.
Derek’s Toolkit Script
This year I’m doing something a little different to hopefully make life easier for you all. Last year in the vCenter 5.1 series I had numerous scripts and configuration files to help you through the SSL replacement process. While those worked, it still wasn’t as clear cut and easy to use as I would have liked.
So this year I’ve written a PowerShell script that I cover in-depth in Part 8, which takes most of the pain away in creating your certificate requests and making the files the VMware certificate automation tool needs. As I go through the series it will also do tasks like creating your ODBC connectors. The script will be updated on a regular basis. If there are any PowerShell experts out there that have ideas for making it better, I’m all ears. A sample screenshot of v1.56 is below.
You can also download the latest version at: vexpert.me/toolkit55
As I add new installments to the series this landing page will be updated with links to each part. The flow will be somewhat different than last year, due to the re-ordering of components and some SSL lessons learned. If you have other areas that you think I should cover, please leave a comment or Tweet me. I’m very active on Twitter, so if you use that medium, be sure to follow me @vDerekS. I’ll tweet about new posts as they get published. If you like the posts, sharing on social media and with co-workers is appreciated.
Feedback is always welcome, so leave comments about your experiences. This can help other people that may have the same problem. The 5.1 series literally had hundreds of reader comments. Some of which had to be censored due to expressed high frustration with 5.1.
One last comment…and I can’t stress this enough. You must, must, must read the vSphere 5.5 release notes. You can find the long document here.
SQL 2012 AlwaysOn Failover Cluster for vCenter
vSphere 5.5 Install Pt. 1: Introduction
vSphere 5.5 Install Pt. 2: SSO Reborn
vSphere 5.5 Install Pt. 3: vCenter Upgrade Best Practices and Tips
vSphere 5.5 Install Pt. 4: ESXi Upgrade Best Practices and Tips
vSphere 5.5 Install Pt. 5: SSL Deep Dive
vSphere 5.5 Install Pt. 6: SSL Certificate Template
vSphere 5.5 Install Pt. 7: Install SSO
vSphere 5.5 Install Pt. 8: Online SSL Minting
vSphere 5.5 Install Pt. 9: Offline SSL Minting
vSphere 5.5 Install Pt. 10: Update SSO Certificate
vSphere 5.5 Install Pt. 11: Install Web Client
vSphere 5.5 Install Pt. 12: Configure SSO
vSphere 5.5 Install Pt. 13: Install Inventory Service
vSphere 5.5 Install Pt. 14: Create Databases
vSphere 5.5 Install Pt. 15: Install vCenter
vSphere 5.5 Install Pt. 16: vCenter SSL
vSphere 5.5 Install Pt. 17: Install VUM
vSphere 5.5 Install Pt. 18: VUM SSL
vSphere 5.5 Install Pt. 19: ESXi SSL Certificate