Having recently just completed the upgrading our vCloud Platform from 1.5 to 5.1 I thought it best to share my experiences around the upgrading of the vShield Manager Component of the vCloud Suite. There are plenty or reference articles out there on the on the general flakiness of the vShield Product and it certainly appears to be the least polished of the vCloud Suite.

In the ZettaGrid lab we spent the most time trying to successfully upgrade the VSM from version 5.0 to 5.1.2 (at the time of writing there is a version 5.1.2b available upon request) Between my colleague and I we where having little success in reaching a point after deploying the first 5.0 Maintenance Bundle whereby the VSM wasn’t throwing a kernel panic on reboot. Again, this seems to be a common issue with the vShield’s. Time with VMware support wasn’t resulting in any great leap forward…at this stage we where in a position where we might not be able to upgrade the platform.

After a week of so of trial and error, we came up with the following order of operations resulting in a successful upgrade. The Official VMware KB for upgrading to vCloud Network and Security 5.1 can be found here:

You will need the following packages:

  • VMware-vShield-Manager-5.1.2-943471.ova
  • VMware-vShield-Manager-upgrade-bundle-5.1.2-943471.tar.gz
  • VMware-vShield-Manager-upgrade-bundle-maintenance-5.0-939118.tar.gz
  • VMware-vShield-Manager-upgrade-bundle-maintenance-5.1.2-997359.tar.gz

Get access to the VM Console to verify your running version:

vsm_upgrade_1

From here you can see we are working with version 5.0.2-791471 and that we have about 1.2G of free /common space which is relevant and why we need to deploy the maintenance bundles as part of the upgrade.

  • Take SnapShot of VSM VM
  • Shutdown VSM VM
  • Update the VSM VM Configuration

    • 2 vCPU
    • 8GB RAM
    • Change OS Type to Other 64bit
    • Change SCSI Controller to LSI Logic Parallel
  • Run 5.0 upgrade maintenance bundle in order to free up the 2.5G required for the install – check by logging into VSM and running ‘show filesystem’
  • Deploy the 5.1.2 Upgrade Bundle
  • Login as admin account
    • Deploy the 5.1.2 Maintenance Bundle
  • Login as Domain Account and check overall status
    • Check to see that the VSM has re synced with vCenter, if not reconnect and confirm Inventory Sync has occurred
    • Backup current Configuration to FTP
    • Take down the IP details of the VSM for the next step
    • Power down VSM
  • Deploy new VSM VM from 5.1.2 OVA
    • Run ‘setup’ to configure IP address the same as the original VSM
    • Configure FTP Backup location to be the same as previous instance
    • Import the backup configuration
  • Re-Deploy the 5.1.2 Maintenance Bundle
  • Test vShield Edge deployment and modifications
  • Add vCNS license to vCenter. This is an important step as the old license becomes obsolete.
  • Delete original VSM VM

These are the steps that worked for us in order to get a successful VSM upgrade. Key points to take away is that along the way through this upgrade you will see errors that make it look like it’s failed and then there are times where you need wait and wait for the system to come back in order to log into the GUI. Suffice to say, if you didn’t know what was happening you would potentially start to roll back the changes from the SnapShot and look to start from scratch. Have a little blind faith with this upgrade…it does get there…eventually.