Before upgrading to vCenter Server 5.5, vSphere 5.5 requires you to install vCenter Single Sign-On (SSO) and install or upgrade the Inventory Service. You can install SSO and upgrade the Inventory Service and vCenter Server all on a single host machine using the vCenter Server Simple Install option. This option is appropriate for small deployments or if you want to have your vSphere 5.5 implementation all inclusive on a single system. For more information, see Upgrade using the Simple Install method
Alternatively, you can install SSO, upgrade the Inventory Service, and upgrade vCenter Server separately to customize the location and configuration of the components. For more information, see Upgrade components separately.
What is vCenter Single Sign-On and how it affects vCenter Server upgrades
vCenter Single Sign-On is the identity and authentication managing component for your vSphere 5.5 implementation. This component dictates which users can log in to vCenter Server after an upgrade depending on the version from which you are upgrading and the deployment configuration. For more information about vCenter Single-Sign On, see:
In upgrade scenarios in vCenter Server 5.0 and earlier releases that do not include the SSO component, authentication requests from both the local operating system users and Microsoft Active Directory users and also environmental permissions are handled by vCenter Server. With vSphere 5.5, these authentication requests are offloaded to SSO, which handles all of the token requests and admission. Current user permissions on your vCenter Server 5.0 and prior versions continue to remain after the upgrade.
Further, with the use of SSO, you now have the capability to add OpenLDAP users to your vCenter Server 5.5 with the correct identity source configuration. With the ability to use Active Directory and OpenLDAP users for authentication, the use of local operating system users become far less necessary.
Upgrade using the Simple Install method
Using Utilizing the Simple Install method to upgrade goes through each of the vSphere components on the same system and, one-by-one, upgrade them.
If you upgrade to vCenter Server 5.5 from a vCenter Server version prior to vSphere 5.1, which does not include vCenter Single Sign-On, SSO recognizes only the local operating system users. For administrative purposes, the new user account firstname.lastname@example.org
can be used to log in to both SSO (via the vSphere Web Client) and vCenter Server.
- If you previously used Active Directory authentication on your vCenter Server instance, see Creating and using a Service Principal Account in vCenter Single Sign-On 5.5 (2058298) for creating an identity source for Active Directory.
- If you upgrade to vCenter Server 5.5 from vCenter Server 5.1, vCenter Single Sign-On recognizes existing local operating system users and also the existing Active Directory and OpenLDAP identity sources. If you were previously using an Active Directory identity source, it is converted to an Active Directory over an LDAP server identity source. Because vCenter Server supports only one default identity source, if multiple Active Directory or OpenLDAP identity sources are used, users must specify their full user principal name (user@domain) to log in. In addition, the user admin@system-domain that was previously used to administer vCenter Single Sign-On, will be converted to email@example.com. The new firstname.lastname@example.org user can log to vCenter Single Sign-On and vCenter Server as an administrator user.
Using Simple Install to upgrade vCenter Server
vCenter Server versions 5.1 and later require the SSO and vCenter Inventory Service components. Depending on your existing vCenter Server installation, you can use the Simple Install option to upgrade to vCenter Server, including SSO, the vSphere Web Client, and vCenter Inventory Service, all on a single host machine.
You can use Simple Install to upgrade vCenter Server 4.x, 5.0.x, or 5.1.x to version 5.5. For more information, see the VMware Product Interoperability Matrix
. Depending on the version you are upgrading from, the Simple Install option installs or upgrades SSO, upgrades vCenter Inventory Service, and upgrades vCenter Server.
Upgrade components separately
With vSphere 5.5, you can separate the individual vSphere components and install them on different systems.
Instead of exporting and importing node information that was required in vSphere 5.1, the VMware Directory Service is updated to automatically replicate between both local and geographical nodes, previously referred to as High Availability and Multisite, respectively.
- If you upgrade to vCenter Server 5.5 from a vCenter Server version prior to vSphere 5.1, which does not include SSO, it is configured as the first node in your vCenter SSO infrastructure. If you install this SSO node on a different machine than vCenter Server, you cannot use the existing local operating system users. The user email@example.com can log in to vCenter Single Sign-On and vCenter Server as an administrator user. If you were previously using an Active Directory identity source, it is converted to an Active Directory over and LDAP server identity source.
- If you are upgrading vCenter Server from a version that includes SSO in a Multisite configuration, you must re-synchronize all of the nodes by performing the export command from the Primary SSO node and importing into all of the secondary nodes. From there, you must upgrade all SSO instances at the same time to maintain both vCenter Server Linked-Mode functionality. Multisite SSO is supported only if all nodes are the same version. There are no components in the vSphere suite that communicate with multiple vCenter Single Sign-On servers. Each vSphere component should be configured to communicate with its local SSO instance for faster access.
For more information see the Upgrade vCenter Server in a Multisite vCenter Single Sign-On Deployment section in the vSphere Upgrade Guide.
- If you are upgrading vCenter Server from a version that includes SSO in a High Availability (HA) configuration, you must upgrade all of the SSO HA nodes. High Availability SSO is supported only if primary and secondary nodes are the same version.
- If you are protecting your vCenter Server with vCenter Server Heartbeat, see the vCenter Server Heartbeat 6.6 Release Notes for information on performing the upgrade.
Note: vCenter Server 5.5 supports connection between vCenter Server and vCenter Server components by IP address only if the IP address is IPV4-compliant. To connect to a vCenter Server system in an IPv6 environment, you must use the fully qualified domain name (FQDN) or host name of vCenter Server. The best practice is to use the FQDN, which works in all cases, instead of the IP address, which can change if assigned by DHCP.