Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Best practices for upgrading to VMware vCloud Networking and Security 5.5.1 (2075146)

Purpose

This article provides best practices for upgrading a vShield environment to vCloud Networking and Security 5.5.1.

Notes:

Resolution

To upgrade vShield, you must first upgrade vShield Manager and then update the other components for which you have a license.

You must complete the upgrades in this order:
  1. vShield Manager
  2. vCenter Server
  3. The other vShield components managed by vShield Manager
  4. ESXi hosts

Software Requirements

For information on the latest interoperability, see the Product Interoperability Matrix.
 
The minimum required versions of VMware products to be installed with vShield 5.5.1 include:
  • VMware vCenter Server 5.1 or later

    • For VXLAN virtual wires, you need vCenter Server 5.1 or later


  • VMware ESXi/ESX 5.0 or later for each server

    • For VXLAN virtual wires, you need VMware ESXi 5.1 or later
    • For vShield Endpoint, you need VMware ESX 5.0 or later

  • VMware Tools

    • For vShield Endpoint and vShield Data Security, you must upgrade your virtual machines to hardware version 7 or 8, and install VMware Tools 8.6.0 (that was released with ESXi 5.0 Patch 3)
    • You must install VMware Tools on virtual machines that are to be protected by vShield App


  • VMware vCloud Director 5.5 or later

Client and User Access Requirements

VMware vShield 5.5.1 has these client and user access requirements:
  • A PC with the vSphere Client installed.
  • If you add ESXi hosts by domain name to the vSphere inventory, ensure that the DNS servers have been configured on the vShield Manager and that name resolution is working. If name resolution is not working, vShield Manager cannot resolve the IP addresses to domain names.
  • Sufficient permission to add and power on virtual machines.
  • Access to the datastore where you store the virtual machine files and sufficient permission to copy files to that datastore.
  • Ensure that you have enabled cookies on your web browser so as to access the vShield Manager user interface.
  • Port 443 must be accessible from the ESXi host, vCenter Server, and the vShield appliances to be deployed. This port is required to download the OVF file on the ESXi host for deployment.
  • A connection to the vShield Manager user interface using one of these supported browsers:

    • 
Internet Explorer 6.x and later.
    • Mozilla Firefox 1.x and later.
    • Safari 1.x or 2.x.

System Requirements

This table outlines the minimum system requirements:

Component Minimum Requirements
Memory vShield Manager (64-bit): 8 GB, 3GB reserved
vShield Edge compact: 512 MB, large: 1GB, x-large: 8GB
vShield Endpoint Service: 1GB
vShield Data Security: 512 MB
Disk Space vShield Manager: 60 GB
vShield Edge compact and large: 512 MB, x-Large: 4.5 GB (with 4 GB swap file)
vShield Endpoint Service: 4 GB
vShield Data Security: 6GB per ESX host
vCPU vShield Manager: 2
vShield Edge compact: 1, large and x-Large: 2
vShield Endpoint Service: 2
vShield Data Security: 1

Pre-upgrade Preparation

Before starting the upgrade process, consider these points to ensure a successful upgrade:

  • Take a snapshot of the vShield Manager.
  • If you are running a version of vShield earlier than 5.1.0, follow the upgrade process documented in Upgrading to vCloud Networking and Security 5.1.3 best practices to ensure you are running the correct virtual hardware required as of vShield version 5.1.
  • For vShield Managers running version 5.1.x that were upgraded from versions 5.0.0 build 473791, 5.0.1 build 638924, or 5.0.2 build 791471, ensure that you have upgraded the virtual hardware as documented in Upgrading to vCloud Networking and Security 5.1.3 best practices.

    

Note: This virtual hardware upgrade applies only to vShield Managers that are upgraded from versions 5.0.x or earlier. New installations of vShield Manager 5.1.0 or later already ship with this upgraded virtual hardware.


  • Never uninstall a deployed instance of the vShield Manager appliance.

Upgrading vShield Manager

For vShield Manager 5.1.x or 5.5.0 or 5.5.0a:

  1. From the VMware Download Center, download the vShield upgrade bundle to a location that vShield Manager can browse. The name of the upgrade bundle file is VMware-vShield-Manager-upgrade-bundle-5.5.1-1660903.tar.gz
.
  2. From the vShield Manager Inventory panel, click Settings & Reports.
  3. Click the Updates tab.
  4. Click Upload Upgrade Bundle.
  5. Click Browse and select the VMware-vShield-Manager-upgrade-bundle-5.5.1-1660903.tar.gz file.
  6. Click Open.
  7. Click Upload File.
  8. Click Install to begin the upgrade process.
  9. Click Confirm Install. The upgrade process reboots vShield Manager so you may lose connectivity to the vShield Manager user interface. None of the other vShield components are rebooted.
  10. After the reboot log in to the vShield Manager again and click the Updates tab. The Installed Release panel displays version vShield 5.5 which is the version you just installed.

Upgrading vShield components

You must upgrade the other vShield components managed by vShield Manager.

Upgrading the vShield Appliance

To upgrade the vShield Appliance:
  1. Log in to the vSphere Client.
  2. Click Inventory > Hosts and Clusters.
  3. Click the host on which you want to upgrade the vShield App.
  4. Click the vShield tab. The General tab displays each vShield component that is installed on the selected host and the available release.
  5. Click Update (next to vShield App).
  6. Select the vShield App option.
  7. Click Install.



    Note: During the vShield App upgrade, the ESXi host is placed into Maintenance Mode by the system and rebooted. Ensure that the virtual machines on the ESXi host are migrated or powered off to allow the host to be placed into Maintenance Mode.

Upgrading vShield Edge

You must upgrade each vShield Edge instance in your data center. vShield Edge 5.1.2 and later, including 5.5.x, is not backward compatible and you cannot use 2.0 REST API calls after the upgrade.

Note: During the vShield Edge upgrade, there will be a brief network disruption for the networks that are being served by the vShield Edge instance that is being upgraded.

If you have vShield Edge 5.0.x, each 5.0.x vShield Edge instance on each portgroup in your data center must be upgraded to 5.5.1.
To upgrade vShield Edge:
  1. Log in to the vSphere Client.
  2. Click the portgroup on which the vShield Edge is deployed.
  3. In the vShield Edge tab, click Upgrade.
  4. View the upgraded vShield Edge:


    1. Click the data center corresponding to the portgroup on which you upgraded the vShield Edge.
    2. In the Network Visualization tab, click Edges. vShield Edge is upgraded to the compact size. A system event is generated to indicate the ID for each upgraded vShield Edge instance.
    3. Repeat for all other vShield Edges that require upgrading.
If you have vShield Edge 5.1.0 or later instances, upgrade each Edge:
  1. Log in to the vSphere Client.
  2. Click the data center for which vShield Edge instances are to be upgraded.
  3. Click the Network Visualization tab. All existing vShield Edge instances are shown in the listings page. An arrow icon is shown for each vShield Edge that must be updated.
  4. Click an Edge and click Upgrade from Actions to start the upgrade. When the Edge is upgraded, the arrow icon no longer appears.
  5. Repeat for each vShield that must be upgraded.

What to do next

The firewall rules from the previous release are upgraded with some modifications. Inspect each upgraded rule to ensure it works as intended. For information on adding new firewalls see the vShield Administration Guide.
 
If your scope in a previous release was limited to a portgroup that had a vShield Edge installation, the user is automatically granted access to that vShield Edge after the upgrade.

Upgrading vShield Endpoint
 
To upgrade vShield Endpoint from 5.1.x to 5.5.1, you must first upgrade vShield Manager then update vShield Endpoint on each host in your data center.
  1. Log in to the vSphere Client.
  2. Click Inventory > Hosts and Clusters.
  3. Click the host on which you want to upgrade the vShield Endpoint.
  4. Click the vShield tab. The General tab displays each vShield component that is installed on the selected host and the available version.
  5. Click Update next to vShield Endpoint.
  6. Click vShield Endpoint.
  7. Click Install.

Upgrading vShield Data Security
 
To upgrade vShield Data Security from 5.1.x to 5.5.1 you must first upgrade vShield Manager then update vShield Data Security on each host in your data center.
  1. Log in to the vSphere Client.
  2. Click Inventory > Hosts and Clusters.
  3. Click the host on which you want to upgrade vShield Data Security.
  4. Click the vShield tab. The General tab displays each vShield component that is installed on the selected host and the available version.
  5. Click Update next to vShield Data Security.
  6. Click vShield Data Security.
  7. Click Install.
Upgrading VXLAN
 
When upgrading VXLAN, consider these points:
  • VXLAN virtual wires require vCenter Server 5.1 or later.
  • You must upgrade the vShield server before upgrading the ESXi hosts.
  • Upgrading an ESXi host from 5.1 to 5.5 results in a new kernel module automatically being pushed to the upgraded host.
A reboot of the host is required to complete the host upgrade for VXLAN.

See Also

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 0 Ratings
Actions
KB: