Solved: Re: Help on vSphere 6 upgrade strategy with an int...

fduranti · ‎03-13-2015

I would like to ask for some idea and help on what and how to reorganize our vsphere infrastructure.

We have an environment that grow really fast in the last 2 years... from a single vcenter center/infrastructure for our server environment we growth to 2 main Datacenter + 1 small site with a 2nd arriving in some months and probably a good number of branch offices.

Our 2 main datacenter are configured each with 3 vCenter 5.5:

1) Our Main Server vCenter

2) Our Horizon vCenter for VDI

3) A vCenter dedicated to a separate set of servers for a specific project

All the vCenter are now 5.5u2 but in the past our VDI vSphere was still 5.0 while the rest was upgaded to 5.1 and then 5.5.

The 3) is a dedicated environment with some software/configuration that could conflict or be managed in a different way from our actual infrastructure (it could remain to an older version for more time for example).

All those vCenter are configured with a Multisite SSO separated by environment so we have a Multisite SSO for Server, 1 for VDI and 1 for the 3).

Our vCenter have the SSO and all services embedded into the windows server and a separate SQL Server Database for each of them.

Checking some documents on the vSphere 6 I saw that it seems that we've a configuration that should in some way changed and thinking about the future and implementation of new products I would like to understand how we could manage those infrastructure and how we can join it.

In this document http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=210854... it seems that managing sites that have embedded PSC and vCenter Server on the same host is not a recommended configuration so, thinking at least at our main Server vCenter infrastructure (2 different in 2 sites) we should separate the PSC making them external.

Should we move the SSO server outside of our 5.5 infrastructure now before upgrading to 6 so that we could upgrade SSO to external PSC and simply upgrade our vCenter Server or there's any way during upgrade to put the PSC on an external server (like running the setup on a new server and migrating the SSO to external PSC)?

Thinking about the future, we would probably like to unify the PSC and use the same PSC servers (2 ha with a LB probably in each site). It's possible when upgrading a vcenter Server to migrate it from the SSO server/PSC it's using to a different one?

RAMESA · ‎03-17-2015

If you want to move from embedded mode to external PSC; currently during upgrade you can not change this i.e if it embedded in 5.5 then it will continue in embedded mode. Future update release might provide an option / tool to move from embedded to external PSC mode post upgrade (this tool is regardless you are doing upgrade or not; 6.0 embedded deployment can be converted to vCenter pointing to external PSC).

As of now if you want to move to external PSC mode then first for 5.5 embedded setup itself move to external SSO. You can do this by installing separate SSO and re-point your existing Inventory service, webclient and VC to that SSO. Below KB provides details on re-pointing -

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=203362...

Once you are done with re-pointing you can start upgrade with external PSC.

Regards, Ramesh

View solution in original post

BenLiebowitz · ‎03-13-2015

Here is the vSphere 6 Update Sequence that was released the other day. Hope it helps.

VMware KB: Update sequence for vSphere 6.0 and its compatible VMware products

Ben Liebowitz, VCP vExpert 2015, 2016, & 2017 If you found my post helpful, please mark it as helpful or answered to award points.

fduranti · ‎03-13-2015

My problem is mostly that now I have my vCenter with embedded SSO and I want to upgrade to vSphere 6 moving the PSC as external but I'm not sure on how this migration path will be done and if it's possible.

The alternatives seems mostly:

1) Migrate the SSO to another server before upgrade .. it's possible ? how?

2) Migrate the PSC from embedded to external after upgrade (seems not possible but I can be wrong)

3) I can upgrade "moving" the PSC or the vCenter part to another server so that the PSC is external (possible? ...how it can be done?)

After the migration of the first 2 vCenter I should think on what to do to the rest of the vCenter (VDI etc):

1) It's possible to make a vCenter (and all the component like vshield/infrastructure navigator/etc) point to a completely different SSO/PSC server?

2) In this case should I register the vCenter 5.5 (that has his own SSO) to the external PSC I've installed for the infrastructure and then upgrade to vSphere 6?

3) Does this impact on vCenter configuration/VM/Virtual Server/client?

RAMESA · ‎03-17-2015

If you want to move from embedded mode to external PSC; currently during upgrade you can not change this i.e if it embedded in 5.5 then it will continue in embedded mode. Future update release might provide an option / tool to move from embedded to external PSC mode post upgrade (this tool is regardless you are doing upgrade or not; 6.0 embedded deployment can be converted to vCenter pointing to external PSC).

As of now if you want to move to external PSC mode then first for 5.5 embedded setup itself move to external SSO. You can do this by installing separate SSO and re-point your existing Inventory service, webclient and VC to that SSO. Below KB provides details on re-pointing -

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=203362...

Once you are done with re-pointing you can start upgrade with external PSC.

Regards, Ramesh

fduranti · ‎03-17-2015

Thanks for the answer Ramesh.

Just an information on the move to an external SSO. Should I install a new Empty SSO and repoint inventory/vcenter/webclient to the new SSO or I should create a SSO connected to the one that already exist (in HA) to mantain all the configuration and then remove the original in some way?

If I should install a new Empty one it seems that the strategy, having 3 sites (2 site with 3 vCenter and 1 with 1 vCenter) will be:

- install the new SSO Infrastructure composed by 2 HA SSO per site (to have the redundancy) connected as multisite SSO.

- starting from the first site repoint the vCenter services to the new SSO infrastructure

- upgrade SSO to PSC

- upgrade vCenter server to 6

Will I lose some configuration going with a new SSO this way? There's anything I should care about ?

If I've understood at the end I should only reconfigure access/permission and nothing more, vCenter will continue to run during the operation and It will not impact vCenter configuration and ESXi servers. Is this correct?

Just one additional question: It's possible to repoint a 5.5 vCenter (inventory/server/webclient) to a 6.0 external PSC ? Can I just upgrade my primary infrastructure and then move my other server to the external PSC and then upgrade them?

RAMESA · ‎03-17-2015

If you configure new SSO - you are going to only loose SSO data i.e users, groups, password policies if any changed etc.

This will not affect permissions in VC as long as new SSO is having same identity source.

If you could mark the question as answered and award points, I would greatly appreciate it!

Regards, Ramesh

fduranti · ‎03-17-2015

Thanks for the really useful answer

Bill_Oyler · ‎04-06-2015

Ramesh,

Is there currently a knowledge base article that explains how to re-point a vCenter 6.0 server to a new PSC 6.0 server? Or is re-pointing only possible to do in vCenter 5.5 / SSO 5.5 currently?

Thanks,

Bill

Bill Oyler Systems Engineer

Bill_Oyler · ‎04-07-2015

Ramesh,

I tried following the KB on re-pointing our existing vCenter 5.5 server to a new external SSO 5.5 instance, but the scripts ran into all sorts of errors, resulting in the vCenter service continually restarting in an endless loop. What I ended up doing was simply uninstalling vCenter 5.5, Inventory Service 5.5, and Web Client 5.5 (following the KB for uninstalling vCenter), and then re-installing those components, pointing to our existing SQL database for vCenter, and pointing to the newly-installed external SSO 5.5 instance. This worked great and did not require any scripts or other command line work. So far, I don't see any issues. My Distributed vSwitches are just fine, the ESXi hosts were able to re-connect without any issues, and the services start up nice and quick. Is this a reasonable option for customers looking to migrate from an "embedded" SSO 5.5 to an "external" SSO 5.5 deployment, to prepare for the v6.0 upgrade?

Thanks,

Bill

Bill Oyler Systems Engineer

Bill_Oyler · ‎04-20-2015

FYI, it looks like VMware just posted a new KB article on how to repoint a vCenter 6.0 server to a new PSC 6.0:

Repointing the VMware vCenter Server 6.0 to a Platform Services Controller (2113917)

http://kb.vmware.com/kb/2113917

It doesn't clearly state whether this method is supported to switch from the "embedded" PSC model to the "external" PSC model. Does anyone from VMware wish to clarify?

Thanks,

Bill

Bill Oyler Systems Engineer

SeanWhitney · ‎06-02-2015

I know it's a little late, but wrote a blog post on what I feel is the best strategy.

http://www.virtually-limitless.com/vsphere-6-0/upgrading-from-embedded-sso-5-5-to-external-sso-psc-6...

------------------------------------------------------------------------- Sean Whitney Sr. Systems Engineer, NSX Networking and Security Business Unit Check out my Blog @ www.virtually-limitless.com

All

Help on vSphere 6 upgrade strategy with an internal SSO -> external PSC