VMworld 2015: vSphere 6.1 Upgrade & Deployment Pt. 1

Session INF4944

Goal: Deliver and enhanced customer experience for deploying and upgrading vCenter environments.

vCenter server 6.0 platforms: Windows and VCSA support the same scale and performance

Enhanced Linked mode is brand new in 6.0 and supported on Windows or VCSA. Policies and tags are now supported in Linked Mode.

Deployment Models

  • PSC is no longer just SSO, but adds certificates and licensing
  • PSC supports data replication
  • Embedded deployment: PSC and vCenter running on single VM
  • External PSC: vCenter and PSCs on separate VMs
  • vCSA is the recommended deployment package

vCenter Server Install

  • Both Windows and VCSA have similar simplified installs.
  • Supports GUI or scripted installs
  • Simple

vCenter Best Practices

  • Sizing
  • Windows OS and DB compatibility
  • Use FQDN
  • vCSA install target will support vCenter and ESXi in 6.0 U1
  • Time sync is important
  • DNS forward and reverse lookups
  • If using VDS use ephemeral port group
  • Ensure routing works

vCenter Server Upgrade

  • Multi-stage process: SSO/PSC, vCenter, ESXi, VMs, VMFS/VDS
  • Order is important KB2109760
  • Don’t forget about plug-ins, add-ons, VMFS, VDS, etc.
  • Approach upgrades with a holistic view of your infrastructure
  • vCSA upgrade is migration based and required temporary IP
  • Windows vCenter upgrade is in-place

Upgrade Paths

  • Windows Server – From 5.0 on up is supported. Prior to 4.0 you need to upgrade to 5.x.
  • vCSA upgrade from 5.1 later only

Upgrade best Practices

  • Sizing – 6.0 is larger.
  • Windows OS and DB compatibility
  • VCSA Oracle DB deprecation (use embedded DB)
  • Backup DB and VM prior to upgrade
  • Stick to recommended topologies
  • Time sync is very important
  • DB password issues: don’t use dash, question mark, underscore, left paren, equal, exclamation

Repointing from embedded deployment to external PSC – In 6.0 U1

  • First upgrade to 6.0 U1
  • Then deploy external PSC and replicate with embedded PSC
  • Repoint VC to the external PSC

vCSA Management UI (U1)

  • https://vcsa IP/:5480

PSC Management UI (U1)

  • https://PSC IP/psc


VMware Releases vCenter 5.5a

11-3-2013 8-51-23 PMFollowing last year’s pattern of ‘lettered’ vCenter updates, VMware has released vCenter 5.5a. (Note the ‘a’.) This addresses a number of issues, mostly with the SSO service. If you are using vCenter on Windows Server 2012, you will no longer have to download a patched DLL. You can find the full set of release notes here. Given these fixes, I would urge everyone to use the 5.5a media and get rid of your 5.5 GA media. I appreciate VMware releasing fixes, but it’s starting to bring back memories of 5.1 where there were ‘a’ and ‘b’ bug fix releases.

If you want the web’s most comprehensive vSphere 5.5 installation guide, check out my 16+ part install and upgrade series here.

Bug fixes in vCenter 5.5a:

  • Attempts to upgrade vCenter Single Sign-On (SSO) 5.1 Update 1 to version 5.5 might fail with error code 1603
  • Attempts to log in to the vCenter Server might be unsuccessful after you upgrade from vCenter Server 5.1 to 5.5
  • Unable to change the vCenter SSO administrator password on Windows in the vSphere Web Client after you upgrade to vCenter Server 5.5 or VCSA 5.5
  • VPXD service might fail due to MS SQL database deadlock for the issues with VPXD queries that run on VPX_EVENT and VPX_EVENT_ARG tables
  • Attempts to search the inventory in vCenter Server using vSphere Web Client with proper permissions might fail to return any results
  • vCenter Server 5.5 might fail to start after a vCenter Single Sign-On Server reboot
  • Unable to log in to vCenter Server Appliance 5.5 using domain credentials in vSphere Web Client with proper permission when the authenticated user is associated with a group name containing parentheses
  • Active Directory group users unable to log in to the vCenter Inventory Service 5.5 with vCenter Single Sign-On
  • Attempts to log in to vCenter Single Sign-On and vCenter Server might fail when there are multiple users with the same common name in the OpenLDAP directory service
  • Attempts to log in to vCenter Single Sign-On and vCenter Server might fail for OpenLDAP 2.4 directory service users who have attributes with multiple values attached to their account
  • Attempts to Log in to vCenter Server might fail for an OpenLDAP user whose account is not configured with a universally unique identifier (UUID)
  • Unable to add an Open LDAP provider as an identity source if the Base DN does not contain an “dc=” attribute
  • Active Directory authentication fails when vCenter Single Sign-On 5.5 runs on Windows Server 2012 and the AD Domain Controller is also on Windows Server 2012

vSphere 5.5 Install Pt. 4: ESXi 5.5 Upgrade

ESXi 5.5 upgradeIn this installment of the vSphere 5.5 installation how-to series we cover upgrading ESXi hosts, VMs, and VMFS. As stated in my vCenter 5.5 upgrade post, I’m not going to do a step-by-step screenshot filled posts for upgrades. Why? Too many different deployment types for that to be widely useful. But you do need to understand ESXi/VM/VMFS upgrade best practices, recommended order, and gotchas. That’s what this post is for.

Blog Series

SQL 2012 AlwaysOn Failover Cluster for vCenter
vSphere 5.5 Install Pt. 1: Introduction
vSphere 5.5 Install Pt. 2: SSO 5.5 Reborn 
vSphere 5.5 Install Pt. 3: vCenter Upgrade Best Practices and Tips
vSphere 5.5 Install Pt. 4: ESXi 5.5 Upgrade Best Practices and Tips
vSphere 5.5 Install Pt. 5: SSL Deep Dive
vSphere 5.5 Install Pt. 6: SSL Certificate Template
vSphere 5.5 Install Pt. 7: Install SSO
vSphere 5.5 Install Pt. 8: Online SSL Minting
vSphere 5.5 Install Pt. 9: Offline SSL Minting
vSphere 5.5 Install Pt. 10: Update SSO Certificate
vSphere 5.5 Install Pt. 11: Install Web Client 
vSphere 5.5 Install Pt. 12: Configure SSO
vSphere 5.5 Install Pt. 13: Install Inventory Service
vSphere 5.5 Install Pt. 14: Create Databases
vSphere 5.5 Install Pt. 15: Install vCenter
vSphere 5.5 Install Pt. 16: vCenter SSL
vSphere 5.5 Install Pt. 17: Install VUM
vSphere 5.5 Install Pt. 18: VUM SSL
vSphere 5.5 Install Pt. 19: ESXi SSL Certificate

Permalink to this series: vexpert.me/Derek55
Permalink to the Toolkit script: vexpert.me/toolkit55

Upgrade Overview

First of all, planning is key. Even in a lab environment you want to settle on an upgrade strategy and understand the order. Order is huge!  At a high level the order is:

1) vCenter
2) VUM
3) ESXi hosts
4) VMs

But don’t just plow ahead full steam ahead and forget about things like vCenter plug-ins, VDI dependencies, backup software support, SRM, and the plethora of other VMware and third-party products. Once you get vCenter and VUM updated it is fully supported to do rolling ESXi host upgrades. Now you have to think about VM hardware versions, VM tools, and VDS configuration.

Bottom line: Think through and plan the ENTIRE upgrade before starting any part of it, including vCenter.

VIBs and Image Profiles

Understanding how VMware packages ESXi is important to better understand the upgrade path. Vendors like HP, Cisco, Dell, and others provide customized ESXi ISO media. VMware packages software (drivers, agents, etc.) as VIBs (vSphere Installation Bundle). It’s similar to a zip file or tarball. VIBs can be bundled into an ISO file (such as the ESXi installer), or as a zip depot file.

An image profile defines the VIBs which will be installed. A “standard” profile contains VMware tools and a “no-tools” profile has no VMware tools (mostly for autodeploy). You can use the image builder CLI to create a custom profile. In fact, I have a blog article here about how to build a custom ESXi ISO for Cisco UCS here.

9-29-2013 2-45-06 PM

If you want to view the VIBs on your ESXi host use the following command:

esxcli software vib list

There are many third party custom ISOs, bundles, and online depots. VMware recommends that you use a vendor customized ISO for your hardware. Some vendors are extremely timely (HP 5.5 ISO here), while others lag or nearly non-existent (Cisco). I know from personal experience the HP install ISOs are heavily customized, while the Cisco ones only have a handful of drivers. Tip: Do NOT use the HP ISO on non-HP hardware. The core software packaged on VMware ISOs and vendor ISOs is the same.

Upgrading vSphere Hosts

The big question is: Should I upgrade the host or do a fresh install? Unlike vCenter where VMware recommends to do a fresh install, if possible, they recommend upgrading ESXi hosts. You can leverage features like HA, DRS, storage vMotion, and host profiles to quickly roll through hosts. Fresh installs should be limited to a small number of hosts, maybe for test purposes. Or if you are really bored at work, then knock yourself out.

Before you upgrade check the VMware Compatibility Guide. Just because your host works with 5.0 or 5.1, does NOT mean it will work with 5.5. For example, historically HP BladeSystem has needed newer firmware to address gotchas with new ESXi builds. Don’t just blow this step off and think you have a tier-1 vendor so all is good. Likely specific firmware versions will be required/approved. Also, with 5.5 VMware removed some drivers like RealTek NICs. So if you do a fresh install you may suddenly be missing your NICs on a whitebox server. Doh!

Release Notes

The vSphere 5.5 release notes are quite lengthy. A number of support calls can be avoided by getting a heads up of issues. That’s why planning is so important. Get a cup of coffee or Five Hour Energy and read every issue in the release notes. It can pay dividends! The vSphere 5.5 release notes are here.

ESXi Upgrade Methods

  • ESXi Installer – Boot from ISO, choose upgrade
  • vSphere Update Manager – Import ISO, create upgrade baseline, remediate
  • ESXCLI – Stage ZIP, execute ‘esxcli system profile update’
  • Scripted Upgrades – Update/customize upgrade script

The most popular and automated method is using VUM. It will orchestrate host maintenance modes, respect DRS directives, and generally make it seamless. You can directly upgrade from ESX/ESXi 4.x and ESXi 5.x. No stairstep upgrade is needed.

Upgrading Clusters

Rolling upgrades within clusters are supported and highly recommended. You can mix ESX/ESXi 4.x and ESXi 5.x hosts in the same cluster. Be careful with VM hardware compatibility in such situations though. Be sure to leverage HA, DRS, vMotion and storage vMotion to enable minimal/zero downtime upgrade. If you are using Enterprise Plus, leverage host profiles. It minimizes configuration drift and enables stricter configuration control.

Upgrading ESXi Hosts

The boot disk is not re-partitioned during the upgrade process. However, the contents ARE overwritten. If there’s a VMFS datastore on the boot volume it will be preserved. Same for scratch. Absolute minimum is 1GB of space on your boot volume. Here’s a good KB on boot volume sizing. I personally use 5-6GB LUNs for boot-from-SAN configurations. The figure below shows the basic partition layout of an ESXi installation.

9-29-2013 3-42-30 PM

VM Upgrades

VMware has changed their nomenclature in how they refer to VM hardware compatibility. Previously they always called out the specific “hardware” version such as 4, 7, 9, etc. But that didn’t obviously relate to a specific release, and people got confused. Plus they thought on my gosh I’m on HW 4 and they are up 9, I’m way out of date…upgrade!

Now VMware calls out the “Compatibility” level and ties that to a release of ESXi. For example, if under the covers the VM is HW v7 it will show ESX 4.x and later in the web GUI. Do NOT feel pressure to always upgrade the compatibility level. Sometimes you need to, such as provisioning a monster VM that wasn’t supported on older versions of ESXi. But if your VM is running perfectly fine in ESX 4.x compatibility mode, you really don’t need to upgrade. I’ve fallen into the HW upgrade trap, but after hearing VMware tell us not to worry, I’ll worry less about it.

9-29-2013 3-49-24 PM

Upgrading tools and VM hardware is OPTIONAL, and VMware officially supports N-4 versions. VM hardware versions are NOT backwards compatible, though. You won’t be running HW version 10 VMs on anything but vSphere 5.5.

Important Note: Any VM’s that are only compatible with vSphere 5.5 and later (hardware version 10) can NOT be modified by the Windows VI client. No adding memory, no changing networks, nothing. This poses a problem if you want to do things like add memory to your vCenter server and hot-add is not enabled. Also if you are in an emergency situation and need to change VM properties (networking, etc.) while vCenter is down you are out of luck. While I understand the Windows VI client will probably go away entirely in vSphere 6.0, today’s situation is not optimal. Unless you are pushing the boundaries of a VM’s size and REQUIRE vHW 10, I would strongly advise to cap the VMs at vHW 9. Don’t rush into vHW 10 mode.

VMware tools is a different story,thankfully. VMware tools are backward and forward compatible to a very large degree. Don’t freak out if your VM isn’t running the latest tools. VMware recommends you DO keep up (performance, security, compliance checking, etc.), but you have wide latitude. Backup software, HA, heartbeats and other functions rely on VMware tools so if they have problems, verify the tools version matches your host. VUM is excellent for verifying compliance.

9-29-2013 3-55-59 PM

For those of you that heard starting with vSphere 5.1 that upgrading VMware tools would no longer require a reboot, that’s not actually the case. The low-down is that VMware did make changes to VMware tools to leverage Windows hot-swap of some kernel modules. However, some modules like keyboard/mouse/USB still require reboots. VMware includes those non-hot-plug modules in each tools update. So the net result is still needing to reboot when doing VMtools updates. Perhaps in the future they will change that behavior, but that’s not in 5.1 or 5.5.

VMFS Upgrades

VMFS upgrades are simple, and completely non-disruptive. You can upgrade a VMFS datastore from VMFS-3 to VMFS-5 with running VMs. However, while this may sound perfect, keep reading as the reality is more complicated. The table below shows the differences between the two filesystem versions.

9-29-2013 4-02-44 PM

Ok so you are thinking, why is an upgrade not ideal? The problem is that an upgraded volume does NOT look the same under the covers from a freshly formatted VMFS-5 volume. The table below shows the differences. The most impacting can be the block size. In vSphere 4.x and earlier you had a choice of block sizes that ranged from 1MB to 8MB. If your array supports VAAI extensions the VMFS volumes must have the same block size if you are doing operations such as copying VMs. Otherwise the disk operations revert back to legacy mode and will run slower.

9-29-2013 4-05-15 PM

The VMware recommendation is to create a fresh VMFS datastore then storage vMotion your VMs into the datastore. After the datastore is evacuated re-format or decommission it. If you aren’t licensed for storage vMotion, then during your vCenter upgrade don’t input a product key. This gives you 60 days of the ‘enhanced’ license features.


  • Understand the vSphere Upgrade Process
  • Understand how ESXi is packaged and distributed
  • Understand patches vs. updates vs. upgrades
  • Know the different upgrade methods
  • Stay current on VMware tools
  • Upgrade VM HW compatibility only when needed
  • Freshly format VMFS5 volumes; don’t upgrade from VMFS3

Again, don’t feel pressure to immediately upgrade all of your VMs to hardware version 10 (vSphere 5.5 compatibility). As mentioned above, in vSphere 5.5 the only way to modify a VM that’s at HW version 10 is via the web client/vCenter. The Windows VI client will NOT let you modify VM properties. Makes it challenging to add more CPU/memory to your vCenter VM or recover from emergency situations where vCenter is down.

Next up in Part 5 is a deep dive on vCenter SSL Certificate requirements.

vSphere 5.5 Install Pt. 3: Upgrading vCenter

9-29-2013 7-39-13 AMUpgrades can be scary times with any enterprise product. The more your critical infrastructure relies on a particular solution, or set of solutions, the more imperative it is you fully understand and test the new product. vSphere 5.1 taught us that thorough testing cannot be skipped and you should not rush a new product into production.

Normally for my vSphere installation series I do NOT cover upgrades, or go through an upgrade process in the series. Why? Customer environments wildly vary and a simple lab upgrade will likely not look like or behave like YOUR environment. That’s why its so critical for you to test in your environment. My upgrade would not look like your upgrade.

But, what I am doing in this post and the next installment is covering upgrade best practices to help you understand your road ahead and things to keep in mind. It contains information from VMworld 2013 vSphere 5.5 upgrade sessions, plus links to resources that have been published post-GA. This post covers vCenter only, and the next installment covers VMs, VMFS, ESXi hosts, and other products.

Blog Series

SQL 2012 AlwaysOn Failover Cluster for vCenter
vSphere 5.5 Install Pt. 1: Introduction
vSphere 5.5 Install Pt. 2: SSO 5.5 Reborn
vSphere 5.5 Install Pt. 3: vCenter Upgrade Best Practices and Tips
vSphere 5.5 Install Pt. 4: ESXi Upgrade Best Practices and Tips 
vSphere 5.5 Install Pt. 5: SSL Deep Dive
vSphere 5.5 Install Pt. 6: SSL Certificate Template
vSphere 5.5 Install Pt. 7: Install SSO
vSphere 5.5 Install Pt. 8: Online SSL Minting
vSphere 5.5 Install Pt. 9: Offline SSL Minting
vSphere 5.5 Install Pt. 10: Update SSO Certificate
vSphere 5.5 Install Pt. 11: Install Web Client 
vSphere 5.5 Install Pt. 12: Configure SSO
vSphere 5.5 Install Pt. 13: Install Inventory Service
vSphere 5.5 Install Pt. 14: Create Databases
vSphere 5.5 Install Pt. 15: Install vCenter
vSphere 5.5 Install Pt. 16: vCenter SSL
vSphere 5.5 Install Pt. 17: Install VUM
vSphere 5.5 Install Pt. 18: VUM SSL
vSphere 5.5 Install Pt. 19: ESXi SSL Certificate

Permalink to this series: vexpert.me/Derek55
Permalink to the Toolkit script: vexpert.me/toolkit55

vSphere 5.5 Upgrade Overview

  • Plan your upgrade – Extremely important. KB on update sequence is here.
  • Five major steps: vCenter, VUM, ESXi, VMs, VMFS
  • Key VMware Sites to bookmark: Documentation Center, Compatibility Guide, Interop matrix
  • KB article here for vCenter 5.5 Upgrade using the Simple Installer
  • KB article here for vCenter 5.5 Upgrade using the Custom Installer
  • If you upgrade Windows with a service pack or other system changes and get locked out of SSO, read this KB to regain access
  • Upgrade vCenter to 5.5 before vSphere replication is upgraded (blog post here)

Prior to 5.1 life was simple. You had vCenter Server, vCenter Database server, and vSphere web client (introduced in 5.0, but rarely used). The vCenter server is NOT stateless, meaning the database is not all inclusive. The local vCenter server has SSL certificates and the ADAM database. ADAM is not just for linked mode but holds data such as licenses, roles, and permissions. So don’t stand up a fresh VM, install the “old” version on that VM then do an upgrade to 5.5 and expect everything to be there. It won’t be and further complicates your upgrade process. If you are using vSphere 5.1, then ‘tags’ are also stored locally on the vCenter server and thus not in the database.

Upgrade Matrix

  • In-place upgrade supports vCenter 4.x, 5.0.x, 5.1.x (must be 64-bit host)
  • VMware does NOT support directly migrating an existing 5.x or earlier vCenter Server to a new machine during the upgrade process
  • vCenter Server 5.5 can manage ESX/ESXi 4.x, 5.0.x  and 5.1.x hosts. It will NOT manage ESX 2.x or 3.x hosts.

System Requirements

  • Strongly recommend installing ALL vCenter components on a single VM – Simplified model
  • Simple install – 2 vCPUs, 12GB RAM, 100GB disk
  • Recommended for 400 hosts or 4000 VMs: 4 vCPU, 24GB RAM, 200GB disk
  • vCenter OS Support: Removes WS2003, only supports Windows Server 2008 SP2 and later (including WS2012 but NOT WS2012 R2)

New Install Vs. In Place Upgrade

VMware recommends a fresh install, but sometimes its not just possible. However, do check out the “Inventory Snapshot” Fling, which is a great (unsupported) tool to migrate hosts, VM, and permissions from one vCenter instance to another. It does NOT appear to support tags and currently has some vDS issues. Tags are not stored in the SQL database, so if you use tags then be sure to find a way to migrate them. If you are in a regulated industry and have strict audit requirements you may be legally required to maintain the historical data in your vCenter database and unable to start fresh.

If you have a sprawling 5.1 architecture, with different vCenter components on different VMs, strongly consider a fresh install and do not upgrade. As previously mentioned VMware now urges the “simple install” method where all components are on a single beefy VM. This is a great time to re-visit your architecture and make it easier to manage and follow 5.5 best practices. That’s not to say you can’t upgrade and consolidate at the same time, you can, and VMware has promised some blog posts on how to do just that.

I’ve read reports that upgrading a vCenter 5.1 instance with trusted SSL certificates to 5.5 had problems. I have not personally tried that yet, so I can’t report my own experience. So make sure you have full backups and a tested plan to revert back to 5.1 incase you experience problems.

VMware has stated that the vCenter Server appliance will be the ONLY deployment option sometime in the future. So if you are starting with a fresh install, do take a close look at the VCSA. It still has a few minor gotchas including no support for IPv6, Linked Mode or vCenter Heartbeat. Those features are probably not widely used, so if you aren’t using those features take a serious look at VCSA.

At this time an external SQL database is NOT supported for the VCSA, but in the future when Microsoft releases the ODBC driver for SUSE Linux (currently in tech preview), VMware will support it. VCSA is certified up to 100 hosts and 3000 VMs. If you need to scale beyond that, use Windows.

Installation – Then and Now

vSphere 5.5 features a new Install splash screen, and the component order is different from 5.1. Simple Install should only be used for the first vCenter. All subsequent vCenter/SSO installs should use the custom method. This is due to changes in SSO, and the new automatic replication among SSO servers. Even if you are doing a single vCenter install and want to customize it in ANY way, including directory paths, you must do the custom install.

Upgrade Paths

For “typical” single server upgrades the path is fairly simple. You can do an in place upgrade and all of the required components and configuration settings will be retained. If you are going from pre-5.1, then the only database in play is the vCenter database.

vCenter 5.5 upgrade

If you are already running 5.1, then the upgrade path is ever so slightly different. Since the SSO database in 5.1 is no more, that data is migrated into the new SSO internal database. So post upgrade you are left with only the vCenter upgrade. Yes, no more SQL authentication required or impossible to configure JDBC SSL.

vCenter 5.5 upgrade

If you are one of those adventurous customers that implemented a load balancer with SSO, VMware is really discouraging you to continue with that model. Its complex, SSL creates additional headaches, and just not needed in most environments. Big changes could be coming in the future, but it’s not recommended for 5.5. As mentioned in my previous installment, SSO Reborn, VMware recommends local SSO instances for each site/vCenter. SSO uses multi-master replication to sync data such as identity sources, users, group, and policies. A geographically distributed example is shown below. Notice the local SSO and vCenter instances at each site. VMware SSO 5.5

Linked Mode

Linked mode adds additional complications to the upgrade process. As you may recall you can’t link vCenters of different versions. So you first need to unjoin all vCenters from the linked mode group. Once you upgrade two vCenters to 5.5, you can then re-establish Linked Mode and add other 5.5 vCenters as they come online. The biggest problems with Linked Mode include DNS and NTP failures. It’s critical name resolution works (forward AND reverse) and that the server clocks are all synchronized. All vCenter servers that are linked must also be a part of the same SSO authentication domain.

Host Agent Pre-Upgrade Checker

A tool included on the vSphere 5.5 ISO is the Host Agent Pre-Upgrade checker. Personally I’ve never used it (slipped my mind that it existed). If you choose to use it some simple checks are done against your ESXi hosts to validate that an upgrade will be successful. It’s not exhaustive, so even if your hosts pass the check you could still run into issues. But it’s a little bit of insurance that major gotchas can be discovered ahead of time. It does check items such as sufficient disk space, functional network, file system consistency, required patches are applied.

vCenter Appliance

The VCSA has undergone major scalability increases in 5.5. In 5.1 it was only rated for 5 hosts and 50 VMs when using the embedded database. With 5.5 that is increased to 100 hosts and/or 3000 VMs. So that makes it a much more viable solution for enterprise customers. You can NOT migrate from the Windows vCenter to the VCSA. As mentioned before, there’s also no Linked Mode, vCenter Heartbeat or IPv6. Again, the road map is an appliance only model for vCenter, so now is an excellent time to try it out. VMware said upgrades to future versions will be pretty easy, simplifying life.

Update Manager

You can upgrade VUM from 4.x, 5.0 and 5.1 versions. VUM is still Windows only, so if you do deploy the VCSA you will still need a Windows server to host VUM. The web client in 5.5 also has limited VUM functionality, so the C# is still needed to do things like pushing patches and configuring baselines. During the upgrade you can’t change the installation or download paths. Scheduled tasks remain, but patch baselines are removed.

VMware has hinted/stated that VUM is going the way of the dodo bird. I would expect its replacement to be very different, and probably incorporated into the VCSA. I’m hoping in vSphere 6.0 there’s a good story on the VUM successor.


You need to carefully plan your upgrades, and understand all of the moving components. Generally you would start by upgrading vCenter, then your ESXi hosts. But you may have other products that depend on vCenter which need upgrading first. Thoroughly map out all of your dependencies, read the VMware documentation, then plan in an organized fashion how you are going to upgrade. If you are already on 5.1, custom SSL certificates may trip you up. So really make sure you have a full backup and roll-back plan in case things go pear shaped.

Next up in Part 4 are practices and tip for upgrading ESXi hosts, VMs, and VMFS datastores.

VMworld 2013: vSphere 5.5 Upgrade Part 1

NOTE: I’ve started my vSphere 5.5 Install series. This is a complete How-To guide for installing, configuring, and securing your vCenter 5.5 installation. Check it out here. The information in this post has been incorporated into that series.  

Twitter: #VSVC5690. This session covered the recommended vCenter 4.x and 5.x to 5.5 upgrade paths. They quickly touched on a few new vCenter 5.5 features, such as a completely re-written SSO service, and simplified install architecture. There are supported and direct upgrade paths from vCenter 4.x through 5.1. You will be very glad to know that vCenter 5.5 does not add any new components, it’s just new and improved.

vSphere 5.5 Upgrade Overview

  • Five steps: vCenter, VUM, ESXi, VMs, VMFS
  • Review: Documentation Center, Compatibility Guide, Intero Matrix
  • Prior to 5.1: vCenter Server, vCenter Database server, and vSphere web client – Simple, life before vSphere 5.1
  • vCenter Server has SSL certificates, ADAM database – The vCenter server is not stateless
  • Web client – Third party products
  • vCenter 5.1 adds Single Sign on and Inventory Service
  • No new components added to vCenter 5.5

Upgrade Matrix

  • In-place supports vCenter 4.x, 5.0.x, 5.1.x
  • VMware does NOT support directly migrating an existing 5.x earlier vCenter Server to a new machine during the upgrade process
  • vCenter Server 5.5 can manage 4.x and 5.x hosts

System Requirements

  • Simple install – 2 vCPUs, 12GB RAM, 100GB disk
  • Strongly recommend installing ALL vCenter components on a single VM – Simplified model
  • Recommended for 400 hosts and 4000 VMs: 4 vCPU, 24GB RAM, 200GB disk
  • vCenter OS Support: Removes WS2003, only supports Windows Server 2008 SP2 and later (including WS2012)

New Install Vs. In Place Upgrade

  • New Install Pros: Clean start, reconfigure architecture, new hardware
  • New Install Cons: Loss of historical data, rebuild environment, settings manually created, time involved
  • VMware recommends a fresh install, but sometimes its not just possible
  • In Place Upgrade Pros: Most common, all settings maintained, slipstreamed process, historical data maintained
  • In Place Upgrade Cons: Carry over of old/unused data, possible performance
  • vCenter 5.5 appliance does NOT support IPv6, Linked Mode, vCenter Heartbeat, but can be a good option
  • vCenter appliance may support SQL server in the future, when Microsoft released from tech-preview the SUSE Linux ODBC connector

Installation – Then and Now

  • New Install splash screen – Simple Install is now strongly, strongly preferred
  • Simple Install should only be used for the first vCenter only
  • 5.5 Install order changed: Single Sign-On, vSphere WebClient, Inventory Service, vCenter
  • vSphere Web client is installed right after SSO to aid in troubleshooting
  • Custom install: Needed if you want to customize install location, distribute the components, or advanced config like SSO

Design Recommendations

  • Use simpler installer
  • Installs/Upgrades core components with single VMs
  • Multi-site vCenters: Single SSO domain (vsphere.local); Multi-master SSO replication
  • Each site is independent, does NOT provide a single pane of glass view
  • SSO automated replication – SSO users and groups, SSO policies, identity sources
  • Site awareness
  • Linked Mode – Maintains single pane of glass, replicates licenses, permissions and roles
  • Availability: Use vSphere HA and vCenter heartbeat

Multi-vCenter Design Recommendations (6 or more vCenters)

  • Centralized SSO authentication, same physical location
  • Single centralized vSphere web client
  • Availability (required) – vSphere HA, vCenter heartbeat, network load balancer
  • VM #1: SSO Server, Web Client; VM 2 – 6: vCenter 5.5, Inventory service

vCenter Linked Mode

  • vCenter Server linked mode groups – Does not support different versions of vCenter
  • DNS and network time are absolutely critical
  • All vCenter servers need to be a part of the same SSO domain

Host Agent Pre-Upgrade Checker

  • Perform checks include: Host is reachable, disk space is sufficient, network is functioning, file system intact, required patches installed
  • Aim is to prevent hosts going disconnected after host

vCenter Appliance

  • No migration from Windows vCenter to VCSA
  • Same license as Windows vCenter
  • Linux, no Windows
  • All in one, self contained

Update Manager

  • Can upgrade to 5.5 from 4.x and 5.x
  • Upgrades cannot change installation or download path
  • Scheduled tasks for scan and remediation are maintained
  • Patch baselines are removed
  • Use update manager utility to replace 512-bit key with 2048 key