VMware vCenter 6.0 Migrate from Windows to Linux (VCSA 6.7) and to embedded PSC

VMware vCenter 6.0 Migrate from Windows to Linux (VCSA 6.7) and to embedded PSC

This is the procedure how to upgrade/migrate your Windows vCenter server 6.0U3 to Linux (VCSA) appliance 6.7U1. The setup in question has one External Platform Service Controller (PSC) with two vCenters connected to it.

Short overview:
1. Upgrade and Migrate the External PSC 6.0U3 to VMware linux appliance 6.7U1

2. Upgrade and Migrate the Windows vCenter server 6.0U3 to a VCSA 6.7U1
3. Migrate the External VMware PSC appliance 6.7U1 to embedded one in each VCSA

General prerequisites

0. Prerequisites (Create snapshot of the vCenter server, PSC server, vCloud Director cells and the Oracle DB):

0.0. Check the compatibility with the following products: ChargeBack Manager, NSX, Usage Meter, vCloud Director, vRealize Orchestrator, Operations Manager;

I. (PSC upgrade and migration to 6.7U1)

Prerequisites:

0.1. Check if the network adapter have default gateway (not persistent route); if not - add it;

0.2. Check if port 9123 is open between the vCenter server and the other server;

0.3. Ensure that there is more than 12 GB of free space on the vCenter server (where it's installed; typically in C drive);

0.4. Login locally to the host on which the vCenter server VM resides (esx01 and esx02);

0.5. Ensure DNS resolution is working on the PSCs and VCs (e.g. nslookup yourvcenter01)

0.6. Check the SSL certificate configuration (if needed change/renew the certificate with the FQDN):

0.6.1. Two ways:

0.6.1.1. Using VECS-CLI (https://kb.vmware.com/s/article/2111411)

"%VMWARE_CIS_HOME%"\vmafdd\vecs-cli entry getcert --store MACHINE_SSL_CERT --alias __MACHINE_CERT --output c:\certificates\machine_ssl.crt

0.6.1.2. Open a browser to "yourpsc.local" and open the certificate > Details tab > Copy to File... > save to desired location

0.6.1. Identify which ESXi hosts are running all of the PSC(s) and vCenter Server(s) in the SSO domain, and verify we can log into all of these ESXi hosts directly with the vSphere Client and root

0.7.2. Shutdown all PSCs and vCenter Servers in the SSO domain

0.7.3. Create backups & snapshots of these servers

0.7.4. Power on all PSC(s) & vCenter Server(s) in the SSO domain

0.7.5. Verify all services are working as expected

0.7.6. Use the certificate-manager utility on the PSC(s) and replace the Machine SSL certificate with a certificate signed by the VMCA, where the FQDN is in the Subject Alternative Name (SAN); D:\Program Files\VMware\vCenter Server\vmcad > certificate-manager > option 3 for self-signed certificates > username > password > Country (leave default) > Enter > leave default > leave default > leave default > leave default > leave default > Enter > leave default > FQDN (e.g. yourpsc.local) > Short name (e.g. yourpsc) > Y

Enter proper value for 'Country' [Default value : US] : leave default

Enter proper value for 'Name' [Default value : CA] : leave default

Enter proper value for 'Organization' [Default value : VMware] : leave default

Enter proper value for 'OrgUnit' [Default value : VMware] : leave default

Enter proper value for 'State' [Default value : California] : leave default

Enter proper value for 'Locality' [Default value : Palo Alto] : leave default

Enter proper value for 'IPAddress' (Provide comma separated values for multiple IP addresses) [optional] : leave default

Enter proper value for 'Email' [Default value : email@acme.com] : leave default

Enter proper value for 'Hostname' (Provide comma separated values for multiple Hostname entries) [Enter valid Fully Qualified Doma

in Name(FQDN), For Example : example.domain.com] :  yourpsc.local

Enter proper value for VMCA 'Name' : yourpsc

You are going to regenerate Machine SSL cert using VMCA

Continue operation : Option[Y/N] ? : Y

https://kb.vmware.com/s/article/2097936

0.7.7. Perform restart operation on the vCenter Server/s by using 'service-control --stop --all' and 'service-control --start --all'

0.7.8. Verify all services are working as expected

0.7.9. Repoint the NSX Managers (MGMT and RES; https://nsxmanager01 and https://nsxmanager02) to the PSC with the new certificate

0.7.10. Confirm the connection in Usage Meter (Edit vCenter > unselect and then select PSC); accept all new thumbprints;

0.8. Check the exclusion list of the NSX manager and see if all VMware infrastructure VMs are in the list (PSC, VCM, VCR, etc.)

0.9. Disconnect all other users before the migration and stop all unnessary services (e.g. browsers, vSphere Clients, etc.)

0.10. Add the domain user to the Enterprise Admin group

Actual Upgrade:

0. Stop the PSC and vCenter servers and create snapshot of the VMs (psc01, vcenterresource01, vcentermanagement01) and backup of the Oracle DBs

1. Mount the VCSA 6.7U1 ISO file on the vCenter server (During the next steps simultaniously steps 7-15 can be executed)

2. Go to "migration-assistant" > VMware-Migration-Assistant.exe

3. Enter the SSO credentials in the new window

4. Enter the credentials for service account

5. Enter the IP network which will be primary for the vCenter server

6. After the prechecks the wizard will stop on "Waiting for migration to start…"

7. Mount the VCSA 6.7U1 ISO file on another Windows machine (not the vCenter server) utilityserver01 > go to "vcsa-ui-installer" > win32 > installer.exe > Migrate

8. Always specify the IP not the FQDN for the vCenter server

9. In Stage 1 the new appliance will be deployed:

10. Specify in the wizard all necessary information about the source vCenter server;

11. Specify IP of the destination host on which the new VM will be deployed;

12. Specify the size of the setup (Tiny, Large, etc.);

13. Select the datastore on which the appliance will be deployed;

14. Select the appropriate network port group;

15. Enter the information about the new server appliance (name: psca01, network (temporary): PROD: 10.10.10.10, 255.255.252.0, Gateway: 10.10.10.254; DNS servers: 10.10.10.20,10.10.10.21; etc.);

16. Add the new VM (Linux appliance) to the exclusion list inside the Management NSX (NSX > Firewall Settings > Exclusion List > Add > Select the new object > arrow > OK)

17. Stage II - Copy the data and finish the process by automatically shut down the source vCenter server:

18. Enter service account credentials for Ad;

19. Select Configuration and historical data (Events);

20. Deselect "Join the VMware's Customer Experience Imprevement Program";

21. Select "I have backed up the source vCenter server and all the required data from the database";

22. Click "Finish" > OK (after the migration the source (Windows vCenter server) will shut down);

23. Check the status of the new PSC Appliance server.

24. Re-register the PSC and the vCenter server in Usage Meter, vCloud Director, vRO, NSX Manager (Using web Interface)

25. Rename the old vCenter server VM and disconnect the network adapters

26. Rename the new Linux Appliance to the original VM's name

27. Billing team to check the integration of ChargeBack

28. Setup the FTP backup through the VAMI interface

29. Check if all services are working: (vCenter server (if you can login using the Web Console with domain credentials), ChargeBack Manager, NSX (check the status in the Web console of NSX manager and also in vCenter server), Usage Meter (re-establish the connection with PSC and vCenter servers), vCloud Director (refresh the connection with the vCenter server), vRealize Orchestrator, Operations Manager)

II. (vCenter Upgrade and migration to VCSA 6.7U1)

Prerequisites:

0.1. Check if in "Local Security Policy" > Local Policies > User Rights Assignment > Replace a process level (token) Assignment > Add User or Group (add the service account);

0.2. Check if the network adapter have default gateway (not persistent route); if not - add it;

0.3. Check if the OOB address of the utility server has DNS record in SDI; if not: submit request to SDI;

0.4. Check if port 9123 is open between the vCenter server and the other server;

0.5. Prepare the future monitoring change;

0.6. Prepare FTP server for backup of the vCenter server;

0.7. Ensure that there is more than 12 GB of free space on the vCenter server (where it's installed; tipically in C drive);

0.8. Ensure no 5.5 objects still exist. This includes ESXi hosts, Host profiles, DVS, and any vmfs3 volumes. Upgrade or remove them beforehand if they do;

0.9. Login locally to the host on which the vCenter server VM resides (esx01 and esx02);

0.10. Stop and unregister the Update Manager: https://communities.vmware.com/thread/592318

0.10.1. Stop Update manager service & disable the UM plugin

0.10.2. Remove the UM extension from vCenter MOB page by following below VMware KB article https://kb.vmware.com/s/article/1025360

0.10.3. Extension for UM: com.vmware.vcIntegrity;

0.11. Unregister the VSC (NetApp plugin) and SnapCenter plugin; com.netapp.nvpf and com.netapp.nvpf.webclient and com.zerto.plugin

0.12. Ensure DNS resolution is working on the PSCs and VCs (e.g. nslookup vcentermanagement01)

0.13. Make sure that every component (VCs, PSCs, Source/Destination ESXi hosts) are in time sync:

0.13.1. Windows cmd: w32tm /query /configuration

0.13.2. Windows cmd: w32tm /query /status

0.13.3. Windows cmd: Time /T

0.13.4. VMware ESXi: check the time servers entered in the config: Configuration > Time Configuration > Properties

0.14. Set DRS automation to manual on the cluster the new appliance will be created.

0.15. vSphere Client (6.0U3) should be installed on the UTL server before the migration (in this way we can access locally the ESXi hosts)

0.16. Check the exclusion list of the NSX manager and see if all VMware infrastructure VMs are in the list (PSC, VCM, VCR, etc.)

0.17. Enable TLS 1.2 for Windows Server 2008 R2.1.

0.17.1. Navigate to the registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

0.17.2. Create a new folder (New Key) and label it TLS 1.2.

0.17.3. Create two new keys with the TLS 1.2 folder, and name the keys Client and Server.

0.17.4. Under the Client key, create two DWORD (32-bit) values, and name them "DisabledByDefault" and "Enabled".

0.17.5. Under the Server key, create two DWORD (32-bit) values, and name them "DisabledByDefault" and "Enabled".

0.17.6. Ensure that the Value field is set to 0 and that the Base is Hexadecimal for "DisabledByDefault".

0.17.7. Ensure that the Value field is set to 1 and that the Base is Hexadecimal for "Enabled".

0.17.8. Reboot the Windows Server 2008 R2 computer.

0.18. Disconnect all other users before the migration and stop all unnessary services (e.g. browsers, vSphere Clients, etc.)

0.19. Deploy a new Edge Gateway and configure NAT rule for OOB IP address

Upgrade:

0. Stop the vCenter Servers and vCDs (Create snapshot of the vCenter server, PSC server, vCloud Director cells and the Oracle DB)

1. Mount the VCSA 6.7U1 ISO file on the vCenter server

2. Go to "migration-assistant" > VMware-Migration-Assistant.exe

3. Enter the SSO credentials in the new window

4. Enter the credentials for service account

5. Enter the IP network which will be primary for the vCenter server

6. After the prechecks the wizard will stop on "Waiting for migration to start…"

7. Mount the VCSA 6.7U1 ISO file on another Windows machine (not the vCenter server) utilityserver01 > go to "vcsa-ui-installer" > win32 > installer.exe > Migrate

8. Always specify the IP not the FQDN for the vCenter server

9. In Stage 1 the new appliance will be deployed:

10. Specify in the wizard all necessary information about the source vCenter server;

11. Specify IP of the destination host on which the new VM will be deployed;

12. Specify the size of the setup (Tiny, Large, etc.);

13. Select the datastore on which the appliance will be deployed;

14. Select the appropriate network port group;

15. Enter the information about the new server appliance (name: vcsa01, network (temporary): PROD: 10.10.10.10, 255.255.252.0, Gateway: 10.10.10.254; DNS servers: 10.10.10.20,10.10.10.21; etc.);

16. Add the new VM (Linux appliance) to the exclusion list inside the Management NSX (NSX > Firewall Settings > Exclusion List > Add > Select the new object > arrow > OK)

17. Stage II - Copy the data and finish the process by automatically shut down the source vCenter server:

18. Enter service account credentials for Ad;

19. Select Configuration and historical data (Events);

20. Deselect "Join the VMware's Customer Experience Imprevement Program";

21. Select "I have backed up the source vCenter server and all the required data from the database";

22. Click "Finish" > OK (after the migration the source (Windows vCenter server) will shut down);

23. Check the status of the new vCenter Appliance server.

24. Re-register the PSC and the vCenter server in Usage Meter, vCloud Director, vRO, NSX Manager (Using web Interface)

25. Rename the old vCenter server VM and disconnect the network adapters

26. Rename the new Linux Appliance to the original VM's name

27. Billing team to check the integration of ChargeBack

28. Setup the FTP backup through the VAMI interface (e.g. https://vcentermanagement01.local:5480)

29. Check if all services are working: (ChargeBack Manager, NSX (check the status in the Web console of NSX manager and also in vCenter server), Usage Meter (re-establish the connection with PSC and vCenter servers), vCloud Director (enable the integration (only Resource vCenter server); refresh the connection with the vCenter server), vRealize Orchestrator, Operations Manager)

30. Register vRealize Orchestrator plugin using this article: https://docs.vmware.com/en/vRealize-Orchestrator/7.2/com.vmware.vrealize.orchestrator-install-config...

31. Check if the NSX agents on the hosts are up and running properly (and if they are up-to-date version 6.4.4)

https://vspherecentral.vmware.com/t/vcenter-server/vcenter-lifecycle-install-upgrade-and-migrate-3/w...

Rollback: https://kb.vmware.com/s/article/2146453

1. Power off the new Platform Service Controller Appliance.

2. Power back the PSC (SSM server); Rejoin the server to the domain;

3. Verify that all Single Sign-On services are up and running.

4. Power off the vCenter Server Appliance.

5. Ensure the vCenter database is available if using an external database.

6. Power back the vCenter server.

7. Wait for all vCenter Server services to start and log in to the vSphere Web Client to verify your vSphere inventory.

III. Migrate External PSC to Embedded one

Prerequisites:

0.0. Login locally to the ESXi hosts in the management vCenter server.

0.1. Stop/change the VAMI backup of the VCM, VCR and SSM linux appliances using disable option: https://yourvcenter.local and https://vcentermanagement01.local and https://yourpsc01.local

1. From Usage Meter (https://usagemeter01.local:8443/um) products > Delete vCenter yourvcenter.local, vcentermanagement01.**.local

2. Put suppression in Monitoring system

3. Disable vCenter in the respective for the environment vCloud Director.

4. Shutdown vCenter servers vcenterresource01, vcentermanagement01 and the PSC psc01 from the ESXi hosts;

5. Create new series of snapshots for vcenterresource01, vcentermanagement01, psc01.

6. Power ON psc01. After several minutes power on vcenterresource01

7. Copy the converge tool from the ISO file VMware-VCSA-all-6.7.0-11726888.iso\vcsa-converge-cli\ to utility Windows server

8. Copy the template (vcsa-converge-cli/templates/) to the folder where vcsa-util resides

• converge.json

9. Edit the converge.json:

{

    "__version": "2.11.0",

    "__comments": "Template for VCSA with external Platform Services Controller converge",

        "vcenter": {

            "description": {

               "__comments": [

                       "PR",

                    "vcentermanagement01, vcenterresource01 and psc01"

                ]

            },

            "managing_esxi_or_vc": {

                "hostname": "esx01.local",

                "username": "root",

                "password": "pass"

            },

            "vc_appliance": {

                "hostname": "vcentermanagement01",

                "username": "administrator@vsphere.local",

                "password": "pass",

                "root_password": "pass"

            },

            "ad_domain_info": {

                "__comments": [

                    "Important Note: This section is needed only when PSC (Platform Services Controller) appliance is joined to a domain.",

                    "Remove this section if PSC appliance is not joined to a domain.",

                    "Keeping this section without valid values results in JSON validation errors."

                ],

                "domain_name": "pr.local",

                "username": "user",

                "password": "pass"

            }

        }

}

10. Go to \vcsa-converge-cli\win32

11. Run "vcsa-util.exe converge --no-ssl-certificate-verification --backup-taken --verbose D:\Support\converge.json"

12. When the procedure has been completed, type y to reboot the appliance. After rebooting the vCSA, the converge process has been completed

!Hint: on successful converge after login to the VAMI interface of vCenter you should see "Type: vCenter Server with an embedded Platform Services Controller"

13. Configure the backup of the VCSA using the VAMI interface:

14. Reconfigure the NSX Manager configuration: https://10.10.10.30/home.html#/manage/components/vshield > Manage vCenter Registration > Edit > Repoint to the new embedded PSC (yourvcenter.local)

15. Reconfigure the Usage Meter: https://usagemeter01.local:8443/um/ > Products > Show Inactive vCenter Servers > Activate vcentermanagement01.local > Un-check External PSC > Save.

16. Repeat the steps above for VCR

17. Shut down the PSC machine and disconnect the virtual adapters

18. Enable vCenter in vCloud Director.

https://kb.vmware.com/s/article/59508

https://kb.vmware.com/s/article/59907

https://kb.vmware.com/s/article/68052

https://kb.vmware.com/s/article/68086

https://kb.vmware.com/s/article/68159

https://kb.vmware.com/s/article/70420

https://kb.vmware.com/s/article/70781

https://kb.vmware.com/s/article/74678

Version history
Revision #:
1 of 1
Last update:
‎03-05-2020 04:05 AM
Updated by: