After you upgrade all VMware Cloud Director servers and the shared database, you can upgrade the NSX Manager instances that provide network services to your cloud. After that, you can upgrade the ESXi hosts and the vCenter Server instances that are registered to your VMware Cloud Director installation.
VMware Cloud Director supports only advanced edge gateways. You must convert any legacy non-advanced edge gateway to an advanced gateway. See https://kb.vmware.com/kb/66767.
Starting with version 10.1, service providers and tenants can use the VMware Cloud Director API to test connections to remote servers, and to verify the server identity as part of an SSL handshake. To protect VMware Cloud Director network connections, configure a deny list of internal hosts that are unreachable to tenants who are using the VMware Cloud Director API for connection testing. Configure the deny list after the VMware Cloud Director installation or upgrade and before granting tenants access to VMware Cloud Director. See Configure a Test Connection Denylist.
- Run the cell management tool
trust-infra-certs
command to import automatically all certificates into the centralized certificate store. See Import Endpoints Certificates from vSphere Resources. - In the Service Provider Admin Portal UI, select each vCenter Server and NSX instance, and reenter the credentials while accepting the certificate.
To enable operations across vCenter Server instances where the source and destination vCenter Server instances are not the same, verify that the vCenter Server instances trust each other independently of VMware Cloud Director. To view the certificates that a vCenter Server instance trusts, see the Explore Certificate Stores Using the vSphere Client in the VMware vSphere Product Documentation. Verify that each vCenter Server instance trusts the other vCenter Server instances that it needs to interact with. See also KB 89906.