In vCenter 6.5 and vCenter 6.7, if you had vCenter HA setup and had Active, Passive and Witness nodes, you could patch them in a specific order, initiate a manual failover and have no disruption of vCenter management services while applying patches.
Apparently in vCenter 7, you must disable vCenter HA, delete the existing Passive and Witness VMs, patch the remaining singleton VM ... and then I assume reboot and cause a management outage ... once the single vCenter VCSA is back online, then you can re-configure vCenter HA.
Who thought eliminating high availability of a critical management endpoint in order to patch a singleton was a good idea? What feature change from 6.x to 7.x required this?
This irks me for quite a while now as well... everytime a VCSA update shows up we need to break and rebuild the VCSA-HA setup. Why?
Isn't there a simple function which at least stores all HA configs and can rebuild it after the update? Copy/paste and screenshots of the HA setup (IP addresses etc.) seems very out-of-date...