I'm a huge fan of VMWare. Been using it since 3.5 and introduced it in every place I've been in since then.
I decided to upgrade from 5.0 to 5.1 mostly because I have 2 huge VMs that I needed to Storage vMotion to reconfigure a SAN.
First, the vCentre upgrade blew up. I had te reload vCentre from scratch. Which means re-doing my VEEAM backups.
Then in came SSO.
First, it does not do what one would assume. It will not use your Windows credentials to automatically log you in. OK, disapointed, but i CAN LIVE WITH IT.
Then you need additional software to use the "Use Windows Session Authentication". Not optimal.
Lastly, that option does not work in a multi domain environment. What???
I have an evvironment with 2 forests, one of wich has multi domain.
Imagine: dom.local, sub.dom.local with a forest trust to olddom.local.
I click the check box to use my windows credentials, the user box fills with "dom\me". Which is correct and works with the thin client.
The Web client does not work. The logs show that it is trying to authenticate with firstname.lastname@example.org. No solution.
Then comes the hypervisor upgrade.
I tend to apply every updates. So my hosts have everything loaded on them. Including the Cisco Nexus 1000v. The upgrade won't work because the Nexus 5.1 software is not compatible with ESXi 5.1. The Nexus 5.2 update will not load on Esxi 5.0. The ISO does not include the Nexus 5.2 VIB. I had to create my own update CD.
So i start with my 2 local hosts and everything goes well. Next I try a host at my co-lo, accross town. The update will not go through because I have a NIC assigned to a vSwitch that has no wire. That's right, i have a server across twon that has 4 NICs assigned to a vSwitch, one of which is disconnected and the update fails on that.
Overall great software, but the update/install does not seem ready for prime time.
Why would you need to rebuild your vcenter from scratch after a failed upgrade?
You should have taken a snapshot or backup beforehand. Oh hang on, you've got your vcenter on one of your domain controllers don't you? If your server has other functions you will have to figure out how to file level restore vcenter. Veeam should make this easy. VCSA is free but if you require Windows vcenter this is classic cost trading: you save a Windows server license but it costs you time as you can't just restore the whole system.
Vcenter upgrades do not always work. It is misleading to have web gui upgrades as people assume they are seamless whereas they aren't.
You have highlighted two excellent points here:
1) You need to be ready to rollback when you upgrade vcenter.
2) Multi domain environments require in-house counselling.
vCentre is stand-alone. I simply did not snapshot it first. That's my bad. It's still frustrating.
Multi domain is nothing new. Not when you deal with enterprise grade software. When the back end defines a single LDAP source and when when the process explicitely says to take my Windows credentials, which includes the domain I'm logged in to, I expect the software to use just that.. Just like the thick client does. That is not rocket science.
No amount of in house counseling woill fix it. The client just does not work. They already have a ticket in development for it. But it should have worked out of the box.