There are just over three months to go before the end of general support for VMware vSphere 5.5, on 19 September 2018.

Technical Architect Dean Lewis shares his knowledge and expertise to help navigate this potentially complex process, including pitfalls to look out for.

Extended Support

End of General Support for vSphere 5.5 is September 19, 2018, and includes vCenter 5.5, ESXi 5.5 and VSAN 5.5.

In the event you are unable to upgrade before the End of General Support (EOGS) and are active on Support and Subscription, you have the option to purchase extended support in one year increments for up to two years beyond the EOGS date.

  • Expect this to be more costly than general support
  • SLAs are more akin to that of basic support rather than production support
  • Annual security patch includes catastrophic/critical security fixes only
  • Ability to create hot patches for Severity 1 issues only
  • Technical Guidance for vSphere 5.5, primarily through the self-help portal, will be available until September 19 2020 
  • During the Technical Guidance phase, VMware does not offer new hardware support, server/client/guest OS updates, new security patches or bug fixes unless otherwise noted — for example, there was no SPECTRE/Meltdown security patches released for vSphere 5.1

What Other Products are Affected?

It’s not only the core vSphere 5.5 products that are affected, as detailed in the End-of-Support tracking page provided by virten.net:

vSphere 6.5 —  New Features

There are two offerings in which to install vCenter:

vCenter 6.5 for Windows

  • Windows 2008 R2 or above
  • Database
  • Embedded PostgreSQL — 20 Hosts/200 VMs
  • External DB for larger (SQL/Oracle)
  • Penultimate release — vSphere. Next will be the last version to feature vCenter for Windows

vCenter 6.5 Appliance (VCSA)

  • PhotonOS — developed/Maintained by VMware. Open source, optimized for VMware infrastructure components, VMware control the full lifecycle
  • PostgreSQL database that has the scalability of up to 2,000 hosts and 35,000 virtual machines
  • vCenter High Availability — When vCenter HA is enabled, a three-node vCenter Server cluster (Active, Passive, and Witness nodes) is deployed.
  • vCenter Server uses the VMware vSphere Update Manager Extension service

vCenter High Availability Overview 

VMFS 6

  • 512e and 4K SSDs/NVMe drives support
  • Automatic unmap – no more scripts to reclaim space off your arrays
  • Requires creation from new ( KB2147824)
  • There is a PowerCLI command – Update-VmfsDatastore
    • This operation deletes the existing VMFS5 datastore to create a VMFS6 datastore. You should back up any files from the VMFS5 datastore to prevent any data loss
  • VM level encryption: Requires a 3rd party external key manager solution
  • Common REST API Framework: Will feature between all VMware solutions going forward to make scripting/automation easier and more consistent
  • Predictive DRS
    • Ties into your vRealize Ops Mgr deployment
    • Using trend data, will ensure your cluster resources are allocated to best suit the trends; eg: Think of your payroll server, it idles for most of the month. Then last day of the month it runs at full resource utilisation whilst it churns through the payment runs for employees
  • Pro-Active HA: Detects hardware conditions of the ESXi host, allowing the ability to evacuate the Virtual machines before  hardware issues cause an outage
  • HTML5 web client built in: updates released into vCenter patches
  • And most importantly, no more Windows vSphere client

The 8 Step Upgrade Process  

  1. Read the vSphere release notes
  2. Verify that you have backed up your configuration
  3. If your vSphere system includes VMware solutions or plug-ins, verify that they are compatible with the vCenter Server or vCenter Server Appliance version to which you are upgrading
  4. Upgrade vCenter Server
  5. If you are using vSphere Update Manager, upgrade it. Refer to the VMware vSphere Update Manager documentation
  6. Upgrade your ESXi hosts. See Overview of the ESXi Host Upgrade Process
  7. To ensure sufficient disk storage for log files, consider setting up a syslog server for remote logging. Setting up logging on a remote host is especially important for hosts with limited local storage. See Required Free Space for System Logging and Configure Syslog on ESXi Hosts
  8. Upgrade your VMs and virtual appliances, manually or by using vSphere Update Manager, to perform an orchestrated upgrade. See Upgrading Virtual Machines and VMware Tools

What Are The Challenges?

The Plugins

  • Does your vSphere system includes VMware solutions or plug-ins? If so, you'll need to verify that they are compatible with the vCenter Server or vCenter Server Appliance version to which you are upgrading
  • Similarily, you need to ensure that any VMware based products or 3rd party applications that tie into vCenter support the latest versions

Check VMware KB2147289, where there's a list of the VMware Solutions which need to be considered during a vSphere 6.5 upgrade, and which may need upgrading first, along with the upgrade sequence, which include a possible 8 products that need upgrading before vCenter.

Single Sign On

Single Sign On has now been migrated into the Platform Services Controller (PSC), which deals with identity management for administrators and applications that interact with the vSphere platform. There's no longer the option to distribute vSphere components such as Web Client, Inventory Service, vCenter, to different servers.

Services which are held in the PSC include:

  • VMware Licence Service VMware Component Manager
  • VMware Security Token Service
  • VMware Common Logging Service
  • VMware Syslog Health Service
  • VMware Authentication Framework
  • VMware Certificate Service
  • VMware Directory Service

Consolidating SSO Domains

If you need to consolidate your SSO Domains, do this in 5.5, before the upgrade ( KB 2033620)

Enhanced replaces vCenter Linked Mode (which needs to be uninstalled before the migration) and connects multiple vCenter Server systems together by using one or more Platform Services Controllers, letting you view and search across all linked vCenter Server systems and replicate roles, permissions, licenses, policies, and tags.

Understand Your Topologies

  • With the replacement of SSO for PSC, the topologies also change 
  • During the migration or upgrade process a mixed environment is supported
    • There is no time frame in which to complete your upgrade when in mixed mode, however the advice from VMware is to do this as soon as possible
  • One single SSO domain
    • Multiple SSO sites if needed

Simple Embedded Install

vCenter + PSC installed on the same Server.

External PSC Deployment

This allows two vCenter servers to be connected and will also enable the Enhanced Linked Mode. This diagram also demonstrates the mixed mode deployment, with both vCenter 5.5 and vCenter 6.5 connecting the PSC.

This highly available PSC deployment requires a load balancer to be deployed, allowing the vCenter servers to connect to the load balanced domain name for HA purposes.

The final diagram shows an example of the deprecated topologies, such as two connecting two embedded deployments together, or connecting a single vCenter server to an embedded deployment. As a general rule, if you have multiple vCenters which you need to be part of the same deployment, you will need an External PSC.

Pre-Upgrade Tasks

  • Health check the environment
    • Check all hardware status
    • Check software services (vSphere Web Client, SSO)
    • Backup status (Ensure good)
    • VMware infrastructure (correct current patch levels, status of VMs, Logging enabled)
  • Check your hardware – Compute, Storage, Networking, IO Cards against the VMware Compatibility List. 
  • Read the vSphere upgrade documentation for any VMware Solutions, plugins, 3rd party apps: Trend Micro Deep Security, Veeam, ArcServe, Turbonomic, OpsVizor, vRealize, NSX, VSAN
  • Ensure you have your infrastructure details and pre-req configurations in place
    • DNS (including any records configured), NTP, Network settings (IP, Subnet, Gateway), Firewall Rules
    • New VMs/Appliances may be deployed during the upgrade, hence the need to have your networking details on hand
  • Build a Checklist
  • Build a table for your software and versions you will upgrade to, include notes/web links
  • Detail the upgrade sequence for the various components that need upgrading eg:
  • Ensure that any support tickets (internal or with external support) that are open and cover hardware/services which interact with your VMware platform are resolved first before the upgrade
  • Ensure that you have a backup prior to starting the upgrade process, along with a recovery plan in case you need to revert back
  • Open a support request with VMware Support prior to starting your upgrade process—it will expedite the process should any issues come up.Below is a screenshot of VMware confirming the details they would need for a proactive ticket in regards to upgrading NSX

 

Migrate or Upgrade

Migration — Deploying PSC and vCenter as distributed components

Upgrade — Straight upgrade of VCSA (actually deploys a new one) or Windows vCenter

During upgrade

  • It's a good idea to stop all vCenter based actions, either manually, scripted or automated (including via 3rd party software interaction, i.e backups)
  • Whilst vCenter is unavailable, vSphere Distributed Resource Scheduler (DRS) and vSphere HA do not work

Before running vCenter 6.5 ISO — vCenter database tips

On the vCenter 6.5 ISO — Locate the cleanup_orphaned_data_MSSQL.sql script in the ISO image and copy it to the Microsoft SQL server.

If using custom SSL certificates,   back them up before hand

Check network connectivity on machine you run the upgrade/migration from

  • DNS lookup and Reverse Lookup
  • Basic ping connectivity
  • Upgrade the components as per your checklist and sequencing
    • Check each component after each upgrade, i.e log into web services, check health status
  • Upgrade your 3rd party products first, likely they will support vSphere 5.5 and 6.5 at the same time.
  • Bring your ESXi hosts up to 6.5, remember to use the vendor customized ISO’s
  • Upgrade VMware Tools — remember this is now   updated separately to ESXi releases
  • Upgrade virtual hardware version
    • Exposes new CPUID features to the VMs (think Spectre/Meltdown patches)
    • Ability to use new features such as VM encryption
  • Upgrade your licensing in   https://my.vmware.com
    • Install your new licenses — you will currently be on evaluation licenses (60 days)
    • How to upgrade your licences in the VMware portal ( KB 2006974)

Points To Note

  • ESXi 5.1 and older cannot be managed by vCenter 6.5
  • Devices are deprecated and unsupported in ESXi 6.5 ( KB 2145810)
    • Number of qlogic and Emulex devices that are no longer supported
    • End of Availability and End of Support for FCoE on Intel Network Controllers ( KB 2147786)
  • Microsoft SQL Server Express is not supported for vCenter Server 6.5. The vCenter Server 5.5 embedded Microsoft SQL Server Express database is replaced with an embedded PostgreSQL database during the upgrade to vCenter Server 6.5
  • Update manager is now built into the vCenter Appliance — if you have trouble migrating update manager, uninstall it from your windows machine and don’t migrate it
  • HP Server – ESXi upgrade to 6.5

The image below shows the conflicting VIBs in the HPE Customised image.

 vSphere 6.5 no longer supports the following processors:

    • Intel Xeon 51xx series
    • Intel Xeon 30xx series
    • Intel core 2 duo 6xxx series
    • Intel Xeon 32xx series
    • Intel core 2 quad 6xxx series
    • Intel Xeon 53xx series
    • Intel Xeon 72xx/73xx series
  • VMware is announcing discontinuation of its third party virtual switch (vSwitch) program, and plans to deprecate the VMware vSphere APIs used by third party switches in the release following vSphere 6.5 Update 1 ( KB 2149722)
  • Upgrading the VCSA 6.5 to a later version
    • Login to the vCenter Server appliance 6.5 VAMI page using the URL (https://vCenter-appliance-name:5480) and login with the root credentials

 

VSAN Considerations

  • vCenter Servers   must  be upgraded to vSphere 6.5 Update 1   before  vSAN hosts are upgraded to vSAN 6.6 or vSAN 6.6.1
  • Verify that you have backed up your virtual machines
  • Verify that the software and hardware components, drivers, firmware, and storage I/O controllers that you plan on using are supported by VMware vSAN for 6.6 and later, and are listed on the   VMware vSAN Compatibility Guide  website
  • Verify that you are using the latest patched version of VMware vSAN  prior  to upgrade.
    Please review VMware   KB 2146381

The above screenshot shows that to   upgrade to VSAN 6.6.1, you need to be on ESXi 5.5 Express Patch 7, which sits between 5.5 u2 and 5.5 u3. This particular patch fixes a bug of vSAN data availability after an upgrade to vSphere 6.0 or higher.

Upgrade vShield Manager to NSX Manager

  • vCloud Network security & vShield Manager are now end of life (19th September 2016), and is not supported by vCenter 6.5
    • Migrate vShield Manager 5.5 to NSX Manager 6.2 ( KB 2144620)
  • 6.2 is End of General Support —   20th August 2018
  • Upgrade NSX Manager to a supported version by vCenter 6.5

Resources