To upgrade your VMware Cloud Director to a new version, shut down the VMware Cloud Director services on all cells in the server group, install the new version on each server, upgrade the VMware Cloud Director database, and restart the VMware Cloud Director cells.

If your existing VMware Cloud Director server group consists of VMware Cloud Director installations on Linux, you can use the VMware Cloud Director installer for Linux to upgrade your environment.

For VMware Cloud Director installations on Linux, you can either perform an orchestrated upgrade, or manually upgrade VMware Cloud Director. See Perform an Orchestrated Upgrade of Your VMware Cloud Director on Linux Installation or Manually Upgrade Your VMware Cloud Director on Linux Installation. With the orchestrated upgrade, you run a single command which upgrades all cells in the server group and the database. With the manual upgrade, you upgrade each cell and the database in a sequence.

Starting with version 10.3, VMware Cloud Director no longer allows administrator and tenant LDAP servers to bypass SSL certificate validation. Before you upgrade VMware Cloud Director, you must test your connection. If any of the organizations have these invalid configurations, for each one, you must turn off the Accept all certificates setting for the LDAP server and import the certificates in the LDAP settings UI.

In recent releases, when you update the LDAP settings to turn off the Accept all certificates setting, a trust on first use dialog box automates the import of the certificate for the LDAP server of an organization. However, in earlier releases, it is a two-step process of turning the Accept all certificates setting off, and then, using the UI to upload the certificate of the LDAP server.

Support notices:
  • Oracle databases are unsupported. If your existing VMware Cloud Director installation uses an Oracle database, see the Upgrade and Migration Paths table.
  • Activating and deactivating ESXi hosts is unsupported. Before starting the upgrade, you must activate all ESXi hosts. You can place the ESXi hosts in maintenance mode by using the vSphere Client.
  • Microsoft SQL Server databases are unsupported.

VMware Cloud Director uses Java with an improved LDAP support. If you are using an LDAPS server, to avoid LDAP login failures, you must verify that you have a properly constructed certificate. For information, see the Java 8 Release Changes at https://www.java.com.

When you are upgrading VMware Cloud Director, the new version must be compatible with the following components of your existing installation:
  • The database software you are currently using for the VMware Cloud Director database. For more information, see the Upgrade and Migration Paths table.
  • The VMware vSphere ® release you are currently using.
  • The VMware NSX® release that you are currently using.
  • Any third-party components that directly interact with VMware Cloud Director.

For information about the compatibility of VMware Cloud Director with other VMware products and with third-party databases, refer to the VMware Product Interoperability Matrices at http://partnerweb.vmware.com/comp_guide/sim/interop_matrix.php. If you plan to upgrade your vSphere or NSX components as part of the VMware Cloud Director upgrade, you must upgrade them after the upgrade of VMware Cloud Director. See After You Upgrade Your VMware Cloud Director.

After you upgrade at least one VMware Cloud Director server, you can upgrade the VMware Cloud Director database. The database stores information about the runtime state of the server, including the state of all VMware Cloud Director tasks it is running. To ensure that no invalid task information remains in the database after an upgrade, you must verify that no tasks are active on any server before you begin the upgrade.

The upgrade also preserves the local and global properties files which are copied to the new installation and are not stored in the VMware Cloud Director database.

The upgrade requires sufficient VMware Cloud Director downtime to upgrade all servers in the server group and the database. If you are using a load balancer, you can configure it to a return a message, for example, The system is offline for upgrade.

Service providers and tenants can use the VMware Cloud Director API to test connections to remote servers, and to verify the server identity as part of an SSL handshake. To protect VMware Cloud Director network connections, configure a deny list of internal hosts that are unreachable to tenants who are using the VMware Cloud Director API for connection testing. Configure the deny list after the VMware Cloud Director installation or upgrade and before granting tenants access to VMware Cloud Director. See Configure a Test Connection Denylist.

Important: VMware Cloud Director always verifies certificates for any infrastructure endpoints connected to it. If you do not import your certificates into VMware Cloud Director before the upgrade, the vCenter Server and NSX connections might show failed connection errors due to SSL verification issues. In this case, after upgrading, you have two options:
  1. Run the cell management tool trust-infra-certs command to import automatically all certificates into the centralized certificate store. See Import Endpoints Certificates from vSphere Resources.
  2. In the Service Provider Admin Portal UI, select each vCenter Server and NSX instance, and reenter the credentials while accepting the certificate.

Upgrade Paths and Workflows

Source environment Target environment
VMware Cloud Director 10.5 on Linux with an external PostgreSQL database
VMware Cloud Director 10.2 and later on Linux with an external PostgreSQL database Upgrade your environment to VMware Cloud Director 10.5 on Linux. See Perform an Orchestrated Upgrade of Your VMware Cloud Director on Linux Installation or Manually Upgrade Your VMware Cloud Director on Linux Installation.
VMware Cloud Director appliance 10.2 and later with an embedded PostgreSQL database Not supported