![]()
VMWARE QUICKBOOT FLAG UPDATEOptional: Update virtual hardware on each VM with a vSphere Update Manager baseline. Optional: Update VMware Tools on each VM with a vSphere Update Manager baseline. VMWARE QUICKBOOT FLAG UPGRADENo vSphere Replication protection during upgrade Replication unavailable until this points it has to be disabled before starting the upgrade process Upgrade vSphere Replication at Both Sites Upgrade vCenter from vCenter 6.0.x to vCenter 6.5. Upgrade NSX Host preperation at the Prod Site Upgrade NSX Controller Cluster at the Prod Site Possible Performance and increased risk of failure during upgrade – upgrade could take several days. One host will always be unavailable while it is being upgraded with vSphere Update Manager. Repeat steps for remaining hosts in the cluster. Use vSphere Update Manger to scan and remediate an ESXi host. Outage required while edge is redeployed and upgraded Upgrade NSX Host preperation at the DR Site Yes – No Disruption as long as VM’s don’t move or any changes made NSX reverts to read only mode Change Window Required Upgrade NSX Controller Cluster at the DR Site Yes in order to restore in to 6.5 during the upgrade Yes (if using an external Platform Services Controller) Upgrade the external Platform Services Controller server 6.0.x to vCenter 6.5 for both sites No protection of VMs (Backup is the only method of restoring) VCenter management of ESXi hosts unavailable during upgrade. The following should be taken as a rough guide only please make sure you check the appropriate VMware Guides/KB’s for your product versions before commencing any upgrade.Ĭarry out Health Check of VC & PSC before starting (Go or No Go)ĭeploy second PSC at each site – Configure replication see KB 2131191 for justification It also has a deployment of vROPS and vRLI at both sites. NSX is deployed across both sites using universal objects, SRM and vSphere Replication are in use with vSAN being used locally at each site. The environment has a Production site and a DR site. In order to understand the upgrade order here is some background information on this fictitious environment. This particular implementation had the following products. I wanted to share with you the steps required to upgrade a typical multi-site vSphere/ SDDC implementation. Hopefully, this may help others and I hope to raise an internal SR to make engineering aware of this issue as I do not believe its local to this customer. You need to open up the flex (Flash) UI to see the Edge Firewall section.Īnd bingo we can see the firewall is started with a default deny rule. What’s even more confusing is the firewall section didn’t make it into the HTML5 UI so on first glance you may assume it’s still disabled as it’s not visible. You can see why during deployment this may catch you out for a period of time as you disabled the firewall but in actual fact, it is not only enabled but enabled with a default deny. However, it appears if you do this within the HTML5 UI once you toggle the enable button it will always stay enabled and more importantly it ignores whether you set it to accept so all traffic is denied. The rationale behind this is if someone later on accidentally enabled the firewall as the default rule is set to accept it wouldn’t create an outage. Now, this is where it gets interesting and let me explain why I would normally enable the firewall on the below screen, set the default rule to accept then set the firewall back to disabled. Leave auto rule generation ticked which is the default option. If you log in to NSX via the HTML5 UI and create a DLR or ESG with the HTML5 wizard like below. It later transpired to be a firewall issue on the DLR and after some digging, we were able to pinpoint this to the options selected during the deployment wizard. I have just recently completed an SDDC deployment with my good friend simoneady and while deploying NSX-V 6.4.5 we noticed we couldn’t ping any VXLAN backed networks which were connected to the newly deployed DLR.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |