Solved: vCloud Director 1.0.1 to 1.5 upgrade question

Theovd · ‎10-14-2011

Hi all,

I am planning an upgrade from vCD 1.0.1. to 1.5 including vShield Manager 4.1 to 5.0. The upgrade to vSphere 5 will follow some weeks later. I understood this is supoort but some new features will not work until the upgrade to vSphere 5 is carried out.

As the upgrade from vShield Manager contains also upgrades of all the vShield Edges to 5.0 which is disruptive for the environments running in the various vCD organization data centers, I want to split the upgrade so I can plan environment downtime in a flexible way with my customers iso to have to do everything in one maintenance window.

Day1:

- Upgrade vCD to 5.0

- Upgrade vShield Manager to 5.0

And over the days after this day upgrade the vShield Edges.

I am wondering what the consequences are of such an approach. Is it supported? What happens if a vShield Edge needs to be restarted i.e. due to an incident or when an vApp is restarted (which initiates an deployment of a new vShield Edge device).

Has someone already experience with this?

Regards,

Theo.

admin · ‎10-17-2011

So within "Phase I" you do not have to upgrade the running Edge devices right away, they can remain until you decide to reset them, or in the case of a vApp network if the vApp is powered off then back on they will be updated. Although I think vShield Manager 4.1 technically works with vCD 1.5 at a minimum I would still suggest that vShield Manager go to 5.0 with 1.5 at the same time. I would have to check the supported configurations to even see if 1.5 with vShield Manager 4.1 is actually supported. Personally, I would do the vShield Manager the same day as vCD and then do the edge devices as you need to unless you check the supported configuration of vCD 1.5 with vShield Manager 4.1.

It looks like according to http://partnerweb.vmware.com/comp_guide2/sim/interop_matrix.php? vShield Edge 1.0 is supported but there is no specific information on the Manager itself.

I cannot see an impact/risk other than not taking advantage the newer security features in vShield 5.0. Again I would do the manager, and tackle the deployed edges as you see fit. The Manager upgrade is pretty fast and easy to get done though so I see no reason to postpone it for than long. Certainly the deployed edges you may need to deal with with end users.

View solution in original post

admin · ‎10-14-2011

Fully Documented here:

http://www.chriscolotti.us/vmware/vcloud/how-to-upgrade-vcloud-director-in-detail-part-1/

http://www.chriscolotti.us/vmware/vcloud/how-to-upgrade-vcloud-director-in-detail-part-2/

http://www.chriscolotti.us/vmware/vcloud/how-to-upgrade-vcloud-director-in-detail-part-3/

http://www.chriscolotti.us/vmware/vcloud/how-to-upgrade-vcloud-director-in-detail-part-4/

Enjoy!

Theovd · ‎10-17-2011

Hi Chris,

Thanks for posting the links. The information on your site is really heapful!!

What is still not clear to me whether there can be some days between the upgrade of vCD and vShieldManager and the upgrade of the running vShield Edges? And what the impact/risk is in between?

Regards,

Theo.

admin · ‎10-17-2011

So within "Phase I" you do not have to upgrade the running Edge devices right away, they can remain until you decide to reset them, or in the case of a vApp network if the vApp is powered off then back on they will be updated. Although I think vShield Manager 4.1 technically works with vCD 1.5 at a minimum I would still suggest that vShield Manager go to 5.0 with 1.5 at the same time. I would have to check the supported configurations to even see if 1.5 with vShield Manager 4.1 is actually supported. Personally, I would do the vShield Manager the same day as vCD and then do the edge devices as you need to unless you check the supported configuration of vCD 1.5 with vShield Manager 4.1.

It looks like according to http://partnerweb.vmware.com/comp_guide2/sim/interop_matrix.php? vShield Edge 1.0 is supported but there is no specific information on the Manager itself.

I cannot see an impact/risk other than not taking advantage the newer security features in vShield 5.0. Again I would do the manager, and tackle the deployed edges as you see fit. The Manager upgrade is pretty fast and easy to get done though so I see no reason to postpone it for than long. Certainly the deployed edges you may need to deal with with end users.

Theovd · ‎10-17-2011

Hi Chris,

Thanks for the elaboration. I am planning to update vShield Manager together with vCD in the same maintenance window so that should be fine. As vShiueld edge 1.0 is supported together with vShield Manager 5.0, I should be able to carry out my plan as I want it: Do the Edges in seperate maintenance windows.

Regards,

Theo.

Theovd · ‎10-17-2011

Hi,

One thing that popped into my mind: How is vShield handling DHCP leases when the Edges are upgraded. I.e. Suppose VMs have a lease on an IP address, after the upgrade is the Edgle still aware on the leases thus not giving them out a second time?

Regards,

Theo.

admin · ‎10-17-2011

The Database remains intact on the vShield Manager after the upgrade so yes leases should remain after the upgrade until they expire. If not we would have a pretty big issue on our hands

admin · ‎10-17-2011

Yes that is what I would do. Seeing s you have only one Manager but maybe many Edge devices tackle those seprately. I'm glad the posts and documetnation are helping!

Theovd · ‎10-17-2011

Hi Chris,

I understood vShield Edge is using ISC dhcpd as DHCP server. From the documentation of this server, I understood it maintains a local database to store the lease information for reboots and restarts.

Does vShield Manager adds an mechanism to copy this database forth and back to the Edges?

BTW: I also understood from the dhcpd documentation that dhcpd always checks the IP availility using ''echo" even if the IP should be free acording dhcpd's administration.

Regards,

Theo.

admin · ‎10-18-2011

That I am not sure, however I did not see any duplicate IP addresses issued from DHCP on an Edge after the upgrade so there must be a mechanism to deal with it. I just know it was not an issue.

_morpheus_ · ‎10-18-2011

On upgrade or reset, the DHCP leases will be preserved. Even if they are lost, the DHCP server will do a ping test before handing out a new lease (as you described).

All

vCloud Director 1.0.1 to 1.5 upgrade question