You must upgrade the management domain before upgrading VI workload domains in your environment. In order to upgrade to VMware Cloud Foundation 5.0, the management domain must be at VMware Cloud Foundation 4.3.x or higher. If your environment is at a version lower than 4.3.x, you must upgrade the management domain to 4.3.x or later and then upgrade to 5.0.

Caution:

VMware Cloud Foundation deployments that include NSX Federation require additional manual upgrade steps, see KB article 92516 for further details.

Upgrade the components in the management domain in the following order:

  1. SDDC Manager and VMware Cloud Foundation services.

  2. VMware Cloud Foundation config drift.

  3. vRealize Suite Lifecycle Manager, vRealize Suite products, and Workspace ONE Access.

  4. NSX.

  5. vCenter Server.

  6. If you have stretched clusters in your environment, upgrade the vSAN witness host. See Upgrade vSAN Witness Host for VMware Cloud Foundation.

  7. VxRail Manager and ESXi.

After all upgrades have completed successfully:

  1. Remove the VM snapshots you took before starting the update.

  2. Take a backup of the newly installed components.

VMware Cloud Foundation Upgrade Prerequisites

Before you upgrade VMware Cloud Foundation, make sure that the following prerequisites are met.

Table 1. Upgrade Prerequisites

Prerequisite

Additional Information

Allocate a temporary IP address for each vCenter Server upgrade

Required for each vCenter Server upgrade. Must be allocated from the management subnet. The same IP can be reused.

Obtain updated licenses

New licenses required for:

vSAN 8.x

vSphere 8

Verify there are no expired or expiring passwords

Review the password management dashboard in SDDC Manager

Verify there are no expired or expiring certificates

Review the certificates tab for each workload domain

Verify ESXi host TPM module states

[Conditional] If ESXi hosts have TPM modules in use, verify they are running the latest 2.0 firmware. If not in use they must be disabled in the BIOS

Verify ESXi hardware is compatible with target version

See ESXi Requirements and VMware Compatibility Guide at http://www.vmware.com/resources/compatibility/search.php.

Manually update the vSAN HCL database to ensure that it is up-to-date.

See KB 2145116

Backup SDDC Manager, all vCenter Servers, and NSX Managers.

Take File based backups or image-level backups of SDDC Manager, all vCenter Servers, and NSX Managers. Take a Cold Snapshot of SDDC Manager.

Make sure that there are no failed workflows in your system and none of the VMware Cloud Foundation resources are in activating or error state.
Caution:

If any of these conditions are true, contact VMware Support before starting the upgrade.

Review the Release Notes for known issues related to upgrades.

Deactivate all 4.x async patches and run an inventory sync before upgrading to VMware Cloud Foundation 5.0

VMware Cloud Foundation 5.0 and later no longer require using the Async Patch Tool to enable upgrades from an async-patched VMware Cloud Foundation instance. See VCF Async Patch Tool Options for more information

Run the NSX Upgrade Evaluation Tool before starting the upgrade process.

The tool is designed to ensure success by checking the health and readiness of your NSX Manager prior to upgrading.

Review Operational Impacts of NSX Upgrade in NSX Upgrade Guide to understand the impact that each component upgrade might have on your environment.

Ensure there are no active alarms on hosts or vSphere clusters using the vSphere Client.

Precheck Update - Versions Prior to SDDC Manager 5.0

If you have not yet upgraded to SDDC Manager 5.0, these are the steps to run a Precheck. You must perform a precheck before applying an update or upgrade bundle to ensure that your environment is ready for the update.

If you silence a vSAN Skyline Health alert in the vSphere Client, SDDC Manager skips the related precheck and indicates which precheck it skipped. Click Restore Precheck to include the silenced precheck. For example:
An example of an alert that was silenced in vSAN Skyline Health.
You can also silence failed vSAN prechecks in the SDDC Manager UI by clicking Silence Precheck. Silenced prechecks do not trigger warnings or block upgrades.
Important: You should only silence alerts if you know that they are incorrect. Do not silence alerts for real issues that require remediation.

Procedure

  1. In the navigation pane, click Inventory > Workload Domains.
  2. On the Workload Domains page, click the workload domain where you want to run the precheck.
  3. On the domain summary page, click the Updates/Patches tab. The image below is a sample screenshot and may not reflect the correct product versions.
    This screenshot is of domian summary page, click the Updates/Patches tab.
  4. Click Precheck to validate that the environment is ready to be upgraded.

    Once the precheck begins, a message appears indicating the time at which the precheck was started.Once the precheck begins, a message appears indicating the time at which the precheck was started on the Precheck page.

  5. Click View Status to see detailed tasks and their status. The image below is a sample screenshot and may not reflect the correct versions.
    This screenshot is of Upgrade Precheck page. Click View Status to see the detailed tasks and their status.
  6. To see details for a task, click the Expand arrow.
    If a precheck task failed, fix the issue, and click Retry Precheck to run the task again. You can also click Precheck Failed Resources to retry all failed tasks.
  7. If the workload domain contains a host that includes pinned VMs, the precheck fails at the Enter Maintenance Mode step. If the host can enter maintenance mode through vCenter Server UI, you can suppress this check for NSX and ESXi in VMware Cloud Foundation by following the steps below.
    1. Log in to SDDC Manager by using a Secure Shell (SSH) client with the user name vcf and password you specified in the deployment parameter workbook.
    2. Open the /opt/vmware/vcf/lcm/lcm-app/conf/application-prod.properties file.
    3. Add the following line to the end of the file:

      lcm.nsxt.suppress.dry.run.emm.check=true

      lcm.esx.suppress.dry.run.emm.check.failures=true

    4. Restart Lifecycle Management by typing the following command in the console window.

      systemctl restart lcm

    5. After Lifecycle Management is restarted, run the precheck again.

Results

The precheck result is displayed at the top of the Upgrade Precheck Details window. If you click Exit Details, the precheck result is displayed at the top of the Precheck section in the Updates/Patches tab.

Ensure that the precheck results are green before proceeding. A failed precheck may cause the update to fail.

Perform Update Precheck in SDDC Manager 5.0

You must perform a precheck in SDDC Manager 5.0 before applying an update bundle to ensure that your environment is ready for the update.

Bundle-level pre-checks for vCenter are available in VMware Cloud Foundation 5.0.

If you silence a vSAN Skyline Health alert in the vSphere Client, SDDC Manager skips the related precheck and indicates which precheck it skipped. Click RESTORE PRECHECK to include the silenced precheck. For example:An example of an alert that was silenced in vSAN Skyline Health.

You can also silence failed vSAN prechecks in the SDDC Manager UI by clicking Silence Precheck. Silenced prechecks do not trigger warnings or block upgrades.

Important:

Only silence alerts if you know that they are incorrect. Do not silence alerts for real issues that require remediation.

Procedure

  1. In the navigation pane, click Inventory > Workload Domains.
  2. On the Workload Domains page, click the workload domain where you want to run the precheck.
  3. On the domain summary page, click the Updates tab.
    (The following image is a sample screenshot and may not reflect current product versions.)
    This screenshot is the management domain summary page. The Updates tab is selected, and the most recent precheck information is shown
    Note:

    It is recommended that you Precheck your workload domain prior to performing an upgrade.

  4. Click RUN PRECHECK to select the components in the workload domain you want to precheck.
    1. You can select to run a Precheck only on vCenter or the vSphere cluster. All components in the workload domain are selected by default. To perform a pre-check on certain components, choose custom selection.
      All components are selected to precheck.
      Note: For VMware Cloud Foundation on Dell EMC VxRail,, you can run prechecks on VxRail Manager.
    2. If there are pending upgrade bundles available, then the "Target Version" dropdown contains "General Upgrade Readiness" and the available VMware Cloud Foundation versions to upgrade to. If there is an available VMware Cloud Foundation upgrade version, there will be extra checks - bundle-level prechecks for hosts, vCenter Server, and so forth. The version specific prechecks will only run prechecks on components that have available upgrade bundles downloaded."Target Version" dropdown
  5. When the precheck begins, a progress message appears indicating the precheck progress and the time when the precheck began.
    Precheck shows In Progress and is 72% completed, along with the date and time when Precheck was started.
  6. Once the Precheck is complete, the report appears. Click through ALL, ERRORS, WARNINGS, and SILENCED to filter and browse through the results.

    Precheck report shows the number of resources that passed, errors, warnings, and silenced.
  7. To see details for a task, click the expander arrow.

    If a precheck task failed, fix the issue, and click Retry Precheck to run the task again. You can also click RETRY ALL FAILED RESOURCES to retry all failed tasks.

  8. If the workload domain contains a host that includes pinned VMs, the precheck fails at the Enter Maintenance Mode step. If the host can enter maintenance mode through vCenter Server UI, you can suppress this check for NSX and ESXi in VMware Cloud Foundation by following the steps below.

    1. Log in to SDDC Manager by using a Secure Shell (SSH) client with the user name vcf and password.

    2. Open the /opt/vmware/vcf/lcm/lcm-app/conf/application-prod.properties file.

    3. Add the following line to the end of the file:

      lcm.nsxt.suppress.dry.run.emm.check=true

      lcm.esx.suppress.dry.run.emm.check.failures=true

    4. Restart Lifecycle Management by typing the following command in the console window.

      systemctl restart lcm

    5. After Lifecycle Management is restarted, run the precheck again.

Results

The precheck result is displayed at the top of the Upgrade Precheck Details window. If you click Exit Details, the precheck result is displayed at the top of the Precheck section in the Updates tab.

Ensure that the precheck results are green before proceeding. Although a failed precheck will not prevent the upgrade from proceeding, it may cause the update to fail.

Apply the VMware Cloud Foundation Upgrade Bundle

The VMware Cloud Foundation Upgrade bundle upgrades the SDDC Manager appliance and VMware Cloud Foundation services.

Prerequisites

Procedure

  1. In the navigation pane, click Inventory > Workload Domains.
  2. On the Workload Domains page, click the management domain and then click the Updates tab.
  3. In the Available Updates section, select the target release.
  4. Click Update Now or Schedule Update next to the VMware Cloud Foundation Upgrade bundle.
  5. If you selected Schedule Update, select the date and time for the bundle to be applied and click Schedule.

    An image showing the UI for scheduling an update.
    If you clicked Update Now, the VMware Cloud Foundation Update Status window displays the components that will be upgraded and the upgrade status. Click View Update Activity to view the detailed tasks. After the upgrade is completed, a green bar with a check mark is displayed.
  6. Click Finish.

Apply the VMware Cloud Foundation Configuration Drift Bundle

The configuration drift bundle applies configuration changes required for 2nd party software components in the VMware Cloud Foundation Bill of Materials for the target release. Configuration changes are applied to the management domain and may also affect VI workload domains in your environment. However, there is no downtime on VI workload domains and they need not be in a maintenance window.

The configuration drifts applied through this mechanism are cumulative configuration drifts from the 4.X versions when performing an upgrade from VMware Cloud Foundation 4.3 to 5.0. To apply configuration updates for VMware Cloud Foundation 5.0, see the Apply Configuration Updates section.

Prerequisites

  • Download the configuration drift bundle for your target release. See Downloading VMware Cloud Foundation Upgrade Bundles.
  • Ensure that you have a recent successful backup of SDDC Manager using an external SFTP server.
  • Ensure all hosts, cluster and workload domains are in a healthy state. See KB article 91954 for any failed/error/deactivating state of hosts, cluster, and domains.
  • Ensure that you have taken a snapshot of the SDDC Manager appliance.
  • Ensure that you have recent successful backups of the components managed by SDDC Manager.
  • If there are disconnected/not-responding hosts in the respective domain, the configuration drift process fails and displays a final status of "COMPLETE_WITH_FAILURE." See KB article 91624 for more information.
  • An SSH authentication error may occur when the SSH service is not running on ESXi hosts, leading to a refusal of the SSH connection and causing the config drift upgrade to fail. See KB article 86240 for more information.

Procedure

  1. In the navigation pane, click Inventory > Workload Domains.
  2. On the Workload Domains page, click the management domain and then click the Updates tab.
  3. Click Precheck to run the upgrade precheck.
    Resolve any issues before proceeding with the upgrade.
    These prechecks are generic and validate the health of the domain and are not specific to the configurations applied.
  4. In the Available Updates section, select the target release.
  5. If you selected Schedule Update, select the date and time for the bundle to be applied and then click Schedule.
    After the upgrade is completed, a green bar with a check mark is displayed.
  6. Click Finish.

Apply VMware Cloud Foundation Configuration Updates

VMware Cloud Foundation Configuration Updates identifies and resolves any discrepancies between the intended/prescribed configuration and the actual configuration, ensuring that the deployment aligns with the recommended configuration for the VCF 5.0 release and above. This process includes reconciling the configuration for 2nd party software components listed in the VMware Cloud Foundation Bill of Materials (BOM).

Configuration Updates must be performed during a maintenance window.

As the upgrades for 2nd party components complete for the domain, additional Configuration Updates may become available. You have the option to apply the relevant drifts as they become available or apply them collectively at the end of the upgrade process for all 2nd party software components.

Configuration Updates can be applied to multiple domains in parallel. However, if a Configuration Update is in progress, another configuration update on the same domain should not be attempted.

Note: Configuration Updates in VCF detects and reconciles configuration to a prescribed configuration for the release. Once reconciled, it does not identify subsequent non-compliance arising from out of band changes.

Procedure

  1. In the navigation pane, click Inventory > Workload Domains.
  2. On the Workload Domains page, click the workload domain name and then click the Updates tab.
  3. Click RUN PRECHECK to run the upgrade precheck.

    Resolve any issues before proceeding with the upgrade.

  4. Expand Available Configuration Updates, click APPLY ALL.
    Available Configuration Updates are shown in the table and the option to "APPLY ALL."

    Configuration updates may be required after you apply software updates. Once a configuration update becomes available, you can apply it immediately or wait until after you have applied all software updates.

    APPLY ALL applies all applicable drifts available at that time. However, more drifts may become applicable later, and a red dot notification is displayed on the Updates tab to indicate availability of new configuration updates.

    The table shows there are now multiple onfiuration updates available to be applied.
  5. Check the progress of the configuration update by clicking the task in the Tasks panel.SDDC Manager Tasks table showing that Config Reconcilation is Running.
  6. After the configuration updates are successfully applied, it will no longer appear in the table.There are noi available Configuration Updates.

    Pending Configuration Updates will not block future BOM upgrades.

Upgrade vRealize Suite Lifecycle Manager for VMware Cloud Foundation

The process for upgrading vRealize Suite Lifecycle Manager depends on your current version of VMware Cloud Foundation and vRealize Suite Lifecycle Manager.

Starting with VMware Cloud Foundation 4.4 and vRealize Suite Lifecycle Manager 8.6.2, upgrade and deployment of the vRealize Suite products is managed by vRealize Suite Lifecycle Manager. You can upgrade vRealize Suite products as new versions become available in your vRealize Suite Lifecycle Manager. vRealize Suite Lifecycle Manager will only allow upgrades to compatible and supported versions of vRealize Suite products.
If you already have vRealize Suite Lifecycle Manager 8.6.2, you can upgrade vRealize Suite Lifecycle Manager to a supported version using the vRealize Suite Lifecycle Manager UI.
Note: See the VMware Interoperability Matrix for information about which versions are supported with your version of VMware Cloud Foundation and KB 88829 for more information about supported upgrade paths using vRealize Suite Lifecycle Manager.

If you have an earlier version of vRealize Suite Lifecycle Manager, use the process below to upgrade to vRealize Suite Lifecycle Manager 8.6.2 and then use the vRealize Suite Lifecycle Manager UI to upgrade to later supported versions.

Important: The VMware Cloud Foundation 5.0 BOM requires vRealize Suite Lifecycle Manager 8.10 or higher.

Prerequisites

Note: VMware has recently renamed vRealize Suite of products to VMware Aria Suite. See the Aria Naming Updates blog post for more details. During the VCF 5.0 upgrade process, you can upgrade directly to VMware Aria Suite Lifecycle 8.12 or higher so long as the paths are supported via the VMware Interop Matrix. You will still see the old name of vRealize Suite on SDDC Manager even when upgrade of all the VMware Aria products have been completed.
  • Ensure that you have a recent successful backup of the vRealize Suite Lifecycle Manager appliance.
  • Download the VMware Software Update bundle(s) for vRealize Suite Lifecycle Manager. See Downloading VMware Cloud Foundation Upgrade Bundles.
    Note: You may have to download and apply multiple bundles, depending on the current product versions in your environment. If your environment is using VMware Cloud Foundation 4.4 or later and vRealize Suite Lifecycle Manager 8.6.2 and later, you do not need to download any bundles, since all upgrades are performed from the vRealize Suite Lifecycle Manager UI.
  • If FIPS Mode Compliance is enabled in vRealize Suite Lifecycle Manager, you must manually turn it off on the vRealize Suite Lifecycle Manager UI. See Enable or Disable FIPS Mode Compliance in vRealize Suite Lifecycle Manager. You can re-enable FIPS Mode Compliance after the upgrade.

Procedure

  1. In the navigation pane, click Inventory > Workload Domains.
  2. On the Workload Domain page, click the management domain.
  3. On the Domain Summary page, click the Updates/Patches tab.
  4. Click Precheck to run the upgrade precheck.
    Resolve any issues before proceeding with the upgrade.
  5. In the Available Updates section, select the target release.
  6. Click Update Now or Schedule Update next to the vRealize Suite Lifecycle Manager upgrade bundle.
  7. If you selected Schedule Update, click the date and time for the bundle to be applied.
  8. Monitor the upgrade progress. See Monitor VMware Cloud Foundation Updates.

    If the upgrade fails, you can revert to the snapshot created by the upgrade workflow. After you resolve the issue, you can retry the upgrade.

    When vRealize Suite Lifecycle Manager is upgraded successfully, a message with a green background and check mark is displayed.
  9. Click Exit Status.

Upgrade vRealize Suite Products for VMware Cloud Foundation

If you had vRealize Log Insight, vRealize Automation, vRealize Operations, or Workspace ONE Access in your pre-upgrade environment, you must upgrade them from vRealize Suite Lifecycle Manager.

Note: VMware recently renamed the vRealize Suite of products to VMware Aria Suite. See the Aria Naming Updates blog post for more details. Even after upgrading all vRealize Suite components to VMware Aria, the SDDC Manager UI will display the old vRealize names.
Use vRealize Suite Lifecycle Manager to:
  • Download upgrade binaries
  • Create snapshots of the virtual appliances
  • Run pre-upgrade checks
  • Upgrade vRealize Suite products

Prerequisites

Upgrade to vRealize Suite Lifecycle Manager 8.6.2 or later.

Procedure

  1. Log in to vRealize Suite Lifecycle Manager at https://<vrealize_suite_lifecycle_manager_fqdn> as the administrator.
  2. Upgrade vRealize Suite products.
    See “Upgrading vRealize Suite Lifecycle Manager and vRealize Suite Products” in the vRealize Suite Lifecycle Manager Installation, Upgrade, and Management Guide for your current version of vRealize Suite Lifecycle Manager.

Upgrade NSX from 3.1.3

Additional Information for Upgrading NSX from 3.1.3

The following additional information is applicable to the following upgrade.

  • [Conditional] If source NSX version is 3.1.3

  • Upgrade NSX to 3.2.1.2.0 using SDDC Manager

  • [Conditional] If NSX Federation is present, upgrade the NSX Local Manager in both VMware Cloud Foundation instances before proceeding with global Manager instances

Upgrade NSX for VMware Cloud Foundation

Upgrade NSX in the management domain before you upgrade VI workload domains.

Upgrading NSX involves the following components:

  • Upgrade Coordinator

  • NSX Edges/Clusters (if deployed)

  • Host clusters

  • NSX Manager cluster

Procedure

  1. In the navigation pane, click Inventory > Workload Domains.
  2. On the Workload Domains page, click the domain you are upgrading and then click the Updates/Patches tab.

    When you upgrade NSX components for a selected VI workload domain, those components are upgraded for all VI workload domains that share the NSX Manager cluster.

  3. Click Precheck to run the upgrade precheck.

    Resolve any issues before proceeding with the upgrade.

    Note:

    The NSX precheck runs on all VI workload domains in your environment that share the NSX Manager cluster.

  4. In the Available Updates section, select the target release.
  5. Click Update Now or Schedule Update next to the VMware Software NSX bundle.
  6. On the NSX Edge Cluster page, select the NSX Edge clusters you want to upgrade and click Next.

    By default, all NSX Edge clusters are upgraded. To select specific NSX Edge clusters, select the Upgrade NSX edge clusters only check box and select the Enable edge selection option. Then select the NSX Edges you want to upgrade.

  7. Click Next.
  8. By default, all vSphere clusters across all workload domains are upgraded. If you want to select specific vSphere clusters to be upgraded, turn off the Upgrade all host clusters setting. Host clusters are upgraded after all Edge clusters have been upgraded.
    Note:

    The NSX Manager cluster is upgraded only if the Upgrade all host clusters setting is enabled.

    • If you have a single cluster in your environment, enable the Upgrade all host clusters setting.

    • If you have multiple host clusters and choose to upgrade only some of them, you must go through the NSX upgrade wizard again until all host clusters have been upgraded. When selecting the final set of clusters to be upgraded, you must enable the Upgrade all host clusters setting so that NSX Manager is upgraded.

    • If you have upgraded all of the host clusters without enabling the Upgrade all host clusters setting, run through the NSX upgrade wizard again and schedule the upgrade to upgrade NSX Manager.

  9. Click Next.
  10. On the Upgrade Options dialog box, select the upgrade optimizations and click Next.

    By default, Edge clusters and host clusters are upgraded in parallel. You can enable sequential upgrade by selecting the relevant check box.

  11. If you selected the Schedule Upgrade option, specify the date and time for the NSX bundle to be applied.
  12. Click Next.
  13. On the Review page, review your settings and click Finish.

    The NSX upgrade begins and the upgrade components are displayed. The upgrade view displayed here pertains to the workload domain where you applied the bundle. Click the link to the associated workload domains to see the components pertaining to those workload domains.

  14. Monitor the upgrade progress. See Monitor VMware Cloud Foundation Updates.

    If a component upgrade fails, the failure is displayed across all associated workload domains. Resolve the issue and retry the failed task.

Results

When all NSX workload components are upgraded successfully, a message with a green background and check mark is displayed.

Upgrade NSX Global Managers from 3.1.3

When NSX Federation is configured between two VMware Cloud Foundation instances, SDDC Manager does not manage the lifecycle of the NSX Global Managers. To upgrade the NSX Global Managers, you must first follow the standard lifecycle of each VMware Cloud Foundation instance using SDDC Manager, and then manually upgrade the NSX Global Managers for each instance.

Prerequisites

Note:

VMware Cloud Foundation deployments that include NSX Federation require additional manual upgrade steps, see KB article 92516 for further details.

Download the interim and final version of NSX from VMware Customer Connect.

Additional Information for Upgrading NSX Global Managers from 3.1.3

The following additional information is applicable to the following upgrade.

  • [Conditional] If source NSX version is 3.1.3

  • [Conditional] If NSX Federation is present

  • Upgrade NSX Global Managers to 3.2.1.2.0 using the Global Manager UI

  • Upgrade standby global manager, followed by active global manager

Download NSX Global Manager Upgrade Bundle

SDDC Manager does not manage the lifecycle of the NSX Global Managers. You must download the NSX upgrade bundle manually to upgrade the NSX Global Managers.

Procedure

  1. In a web browser, go to VMware Customer Connect and browse to the download page for the version of NSX listed in the VMware Cloud Foundation Release Notes BOM.
  2. Locate the NSX version Upgrade Bundle and click Read More.
  3. Verify that the upgrade bundle filename extension ends with .mub.
    The upgrade bundle filename has the following format VMware-NSX-upgrade-bundle-versionnumber.buildnumber.mub.
  4. Click Download Now to download the upgrade bundle to the system where you access the NSX Global Manager UI.

Upgrade the Upgrade Coordinator for NSX Federation

The upgrade coordinator runs in the NSX Manager. It is a self-contained web application that orchestrates the upgrade process of hosts, NSX Edge cluster, NSX Controller cluster, and the management plane.

The upgrade coordinator guides you through the upgrade sequence. You can track the upgrade process and, if necessary, you can pause and resume the upgrade process from the UI.

Procedure

  1. In a web browser, log in to Global Manager for the domain at https://nsx_gm_vip_fqdn/).
  2. Select System > Upgrade from the navigation panel.
  3. Click Proceed to Upgrade.
  4. Navigate to the upgrade bundle .mub file you downloaded or paste the download URL link.
    • Click Browse to navigate to the location you downloaded the upgrade bundle file.
    • Paste the VMware download portal URL where the upgrade bundle .mub file is located.
  5. Click Upload.
    When the file is uploaded, the Begin Upgrade button appears.
  6. Click Begin Upgrade to upgrade the upgrade coordinator.
    Note:

    Upgrade one upgrade coordinator at a time.

  7. Read and accept the EULA terms and accept the notification to upgrade the upgrade coordinator..
  8. Click Run Pre-Checks to verify that all NSX components are ready for upgrade.
    The pre-check checks for component connectivity, version compatibility, and component status.
  9. Resolve any warning notifications to avoid problems during the upgrade.

Upgrade NSX Global Managers for VMware Cloud Foundation

Manually upgrade the NSX Global Managers when NSX Federation is configured between two VMware Cloud Foundation instances.

Prerequisites

Before you can upgrade NSX Global Managers, you must upgrade all VMware Cloud Foundation instances in the NSX Federation, including NSX Local Managers, using SDDC Manager.

Procedure

  1. In a web browser, log in to Global Manager for the domain at https://nsx_gm_vip_fqdn/).
  2. Select System > Upgrade from the navigation panel.
  3. Click Start to upgrade the management plane and then click Accept.
  4. On the Select Upgrade Plan page, select Plan Your Upgrade and click Next.
    The NSX Manager UI, API, and CLI are not accessible until the upgrade finishes and the management plane is restarted.

Upgrade NSX Global Managers from 3.2.1.2.0

When NSX Federation is configured between two VMware Cloud Foundation instances, SDDC Manager does not manage the lifecycle of the NSX Global Managers. To upgrade the NSX Global Managers, you must first follow the standard lifecycle of each VMware Cloud Foundation instance using SDDC Manager, and then manually upgrade the NSX Global Managers for each instance.

Prerequisites

Note:

VMware Cloud Foundation deployments that include NSX Federation require additional manual upgrade steps, see KB article 92516 for further details.

Download the interim and final version of NSX from VMware Customer Connect.

Additional Information for Upgrading NSX Global Managers from 3.2.1.2.0

The following additional information is applicable to the following upgrade.

  • [Conditional] If source NSX version is 3.2.1.2.0

  • [Conditional] If NSX Federation is present

  • Upgrade NSX Global Managers to 4.0.1.1 using the Global Manager UI

  • Upgrade standby global manager, followed by active global manager

Note:

Upgrading global managers to this interim build is required to maintain N±1 between local and global managers

Download NSX Global Manager Upgrade Bundle

SDDC Manager does not manage the lifecycle of the NSX Global Managers. You must download the NSX upgrade bundle manually to upgrade the NSX Global Managers.

Procedure

  1. In a web browser, go to VMware Customer Connect and browse to the download page for the version of NSX listed in the VMware Cloud Foundation Release Notes BOM.
  2. Locate the NSX version Upgrade Bundle and click Read More.
  3. Verify that the upgrade bundle filename extension ends with .mub.
    The upgrade bundle filename has the following format VMware-NSX-upgrade-bundle-versionnumber.buildnumber.mub.
  4. Click Download Now to download the upgrade bundle to the system where you access the NSX Global Manager UI.

Upgrade the Upgrade Coordinator for NSX Federation

The upgrade coordinator runs in the NSX Manager. It is a self-contained web application that orchestrates the upgrade process of hosts, NSX Edge cluster, NSX Controller cluster, and the management plane.

The upgrade coordinator guides you through the upgrade sequence. You can track the upgrade process and, if necessary, you can pause and resume the upgrade process from the UI.

Procedure

  1. In a web browser, log in to Global Manager for the domain at https://nsx_gm_vip_fqdn/).
  2. Select System > Upgrade from the navigation panel.
  3. Click Proceed to Upgrade.
  4. Navigate to the upgrade bundle .mub file you downloaded or paste the download URL link.
    • Click Browse to navigate to the location you downloaded the upgrade bundle file.
    • Paste the VMware download portal URL where the upgrade bundle .mub file is located.
  5. Click Upload.
    When the file is uploaded, the Begin Upgrade button appears.
  6. Click Begin Upgrade to upgrade the upgrade coordinator.
    Note:

    Upgrade one upgrade coordinator at a time.

  7. Read and accept the EULA terms and accept the notification to upgrade the upgrade coordinator..
  8. Click Run Pre-Checks to verify that all NSX components are ready for upgrade.
    The pre-check checks for component connectivity, version compatibility, and component status.
  9. Resolve any warning notifications to avoid problems during the upgrade.

Upgrade NSX Global Managers for VMware Cloud Foundation

Manually upgrade the NSX Global Managers when NSX Federation is configured between two VMware Cloud Foundation instances.

Prerequisites

Before you can upgrade NSX Global Managers, you must upgrade all VMware Cloud Foundation instances in the NSX Federation, including NSX Local Managers, using SDDC Manager.

Procedure

  1. In a web browser, log in to Global Manager for the domain at https://nsx_gm_vip_fqdn/).
  2. Select System > Upgrade from the navigation panel.
  3. Click Start to upgrade the management plane and then click Accept.
  4. On the Select Upgrade Plan page, select Plan Your Upgrade and click Next.
    The NSX Manager UI, API, and CLI are not accessible until the upgrade finishes and the management plane is restarted.

Upgrade NSX from 3.2.1.2.0

Additional Information for Upgrading NSX from 3.2.1.2.0

The following additional information is applicable to the following upgrade.

  • [Conditional] If source NSX version is 3.2.1.2.0

  • Upgrade NSX to 4.1.0.2.0 using SDDC Manager

  • [Conditional] If NSX Federation is present, upgrade the NSX Local Manager in both VMware Cloud Foundation instances before proceeding

Upgrade NSX for VMware Cloud Foundation

Upgrade NSX in the management domain before you upgrade VI workload domains.

Upgrading NSX involves the following components:

  • Upgrade Coordinator

  • NSX Edges/Clusters (if deployed)

  • Host clusters

  • NSX Manager cluster

Procedure

  1. In the navigation pane, click Inventory > Workload Domains.
  2. On the Workload Domains page, click the domain you are upgrading and then click the Updates/Patches tab.

    When you upgrade NSX components for a selected VI workload domain, those components are upgraded for all VI workload domains that share the NSX Manager cluster.

  3. Click Precheck to run the upgrade precheck.

    Resolve any issues before proceeding with the upgrade.

    Note:

    The NSX precheck runs on all VI workload domains in your environment that share the NSX Manager cluster.

  4. In the Available Updates section, select the target release.
  5. Click Update Now or Schedule Update next to the VMware Software NSX bundle.
  6. On the NSX Edge Cluster page, select the NSX Edge clusters you want to upgrade and click Next.

    By default, all NSX Edge clusters are upgraded. To select specific NSX Edge clusters, select the Upgrade NSX edge clusters only check box and select the Enable edge selection option. Then select the NSX Edges you want to upgrade.

  7. Click Next.
  8. By default, all vSphere clusters across all workload domains are upgraded. If you want to select specific vSphere clusters to be upgraded, turn off the Upgrade all host clusters setting. Host clusters are upgraded after all Edge clusters have been upgraded.
    Note:

    The NSX Manager cluster is upgraded only if the Upgrade all host clusters setting is enabled.

    • If you have a single cluster in your environment, enable the Upgrade all host clusters setting.

    • If you have multiple host clusters and choose to upgrade only some of them, you must go through the NSX upgrade wizard again until all host clusters have been upgraded. When selecting the final set of clusters to be upgraded, you must enable the Upgrade all host clusters setting so that NSX Manager is upgraded.

    • If you have upgraded all of the host clusters without enabling the Upgrade all host clusters setting, run through the NSX upgrade wizard again and schedule the upgrade to upgrade NSX Manager.

  9. Click Next.
  10. On the Upgrade Options dialog box, select the upgrade optimizations and click Next.

    By default, Edge clusters and host clusters are upgraded in parallel. You can enable sequential upgrade by selecting the relevant check box.

  11. If you selected the Schedule Upgrade option, specify the date and time for the NSX bundle to be applied.
  12. Click Next.
  13. On the Review page, review your settings and click Finish.

    The NSX upgrade begins and the upgrade components are displayed. The upgrade view displayed here pertains to the workload domain where you applied the bundle. Click the link to the associated workload domains to see the components pertaining to those workload domains.

  14. Monitor the upgrade progress. See Monitor VMware Cloud Foundation Updates.

    If a component upgrade fails, the failure is displayed across all associated workload domains. Resolve the issue and retry the failed task.

Results

When all NSX workload components are upgraded successfully, a message with a green background and check mark is displayed.

Upgrade NSX Global Managers from 4.0.1.1

When NSX Federation is configured between two VMware Cloud Foundation instances, SDDC Manager does not manage the lifecycle of the NSX Global Managers. To upgrade the NSX Global Managers, you must first follow the standard lifecycle of each VMware Cloud Foundation instance using SDDC Manager, and then manually upgrade the NSX Global Managers for each instance.

Prerequisites

Note:

VMware Cloud Foundation deployments that include NSX Federation require additional manual upgrade steps, see KB article 92516 for further details.

Download the interim and final version of NSX from VMware Customer Connect.

Additional Information for Upgrading NSX from 4.0.1.1

The following additional information is applicable to the following upgrade.

  • [Conditional] If source NSX version is 4.0.1.1

  • [Conditional] If NSX Federation is present

  • Upgrade NSX Global Managers to 4.1.0.2.0 using the Global Manager UI

  • Upgrade standby global manager, followed by active global manager

Download NSX Global Manager Upgrade Bundle

SDDC Manager does not manage the lifecycle of the NSX Global Managers. You must download the NSX upgrade bundle manually to upgrade the NSX Global Managers.

Procedure

  1. In a web browser, go to VMware Customer Connect and browse to the download page for the version of NSX listed in the VMware Cloud Foundation Release Notes BOM.
  2. Locate the NSX version Upgrade Bundle and click Read More.
  3. Verify that the upgrade bundle filename extension ends with .mub.
    The upgrade bundle filename has the following format VMware-NSX-upgrade-bundle-versionnumber.buildnumber.mub.
  4. Click Download Now to download the upgrade bundle to the system where you access the NSX Global Manager UI.

Upgrade the Upgrade Coordinator for NSX Federation

The upgrade coordinator runs in the NSX Manager. It is a self-contained web application that orchestrates the upgrade process of hosts, NSX Edge cluster, NSX Controller cluster, and the management plane.

The upgrade coordinator guides you through the upgrade sequence. You can track the upgrade process and, if necessary, you can pause and resume the upgrade process from the UI.

Procedure

  1. In a web browser, log in to Global Manager for the domain at https://nsx_gm_vip_fqdn/).
  2. Select System > Upgrade from the navigation panel.
  3. Click Proceed to Upgrade.
  4. Navigate to the upgrade bundle .mub file you downloaded or paste the download URL link.
    • Click Browse to navigate to the location you downloaded the upgrade bundle file.
    • Paste the VMware download portal URL where the upgrade bundle .mub file is located.
  5. Click Upload.
    When the file is uploaded, the Begin Upgrade button appears.
  6. Click Begin Upgrade to upgrade the upgrade coordinator.
    Note:

    Upgrade one upgrade coordinator at a time.

  7. Read and accept the EULA terms and accept the notification to upgrade the upgrade coordinator..
  8. Click Run Pre-Checks to verify that all NSX components are ready for upgrade.
    The pre-check checks for component connectivity, version compatibility, and component status.
  9. Resolve any warning notifications to avoid problems during the upgrade.

Upgrade NSX Global Managers for VMware Cloud Foundation

Manually upgrade the NSX Global Managers when NSX Federation is configured between two VMware Cloud Foundation instances.

Prerequisites

Before you can upgrade NSX Global Managers, you must upgrade all VMware Cloud Foundation instances in the NSX Federation, including NSX Local Managers, using SDDC Manager.

Procedure

  1. In a web browser, log in to Global Manager for the domain at https://nsx_gm_vip_fqdn/).
  2. Select System > Upgrade from the navigation panel.
  3. Click Start to upgrade the management plane and then click Accept.
  4. On the Select Upgrade Plan page, select Plan Your Upgrade and click Next.
    The NSX Manager UI, API, and CLI are not accessible until the upgrade finishes and the management plane is restarted.

Upgrade vCenter Server for VMware Cloud Foundation

The upgrade bundle for VMware vCenter Server is used to upgrade the vCenter Servers managed by SDDC Manager. Upgrade vCenter Server in the management domain before upgrading vCenter Server in VI workload domains.

Prerequisites

  • Download the VMware vCenter Server upgrade bundle. See Downloading VMware Cloud Foundation Upgrade Bundles.

  • Take a file-based backup of the vCenter Server appliance before starting the upgrade. See Manually Back Up vCenter Server.

    Note:

    After taking a backup, do not make any changes to the vCenter Server inventory or settings until the upgrade completes successfully.

  • If your workload domain contains Workload Management (vSphere with Tanzu) enabled clusters, the supported target release depends on the version of Kubernetes (K8s) currently running in the cluster. Older versions of K8s may require a specific upgrade sequence. See KB 88962 for more information.

Procedure

  1. In the navigation pane, click Inventory > Workload Domains.
  2. On the Workload Domains page, click the domain you are upgrading and then click the Updates tab.
  3. Click Precheck to run the upgrade precheck.

    Resolve any issues before proceeding with the upgrade.

  4. In the Available Updates section, select the target release.
  5. Click Update Now or Schedule Update next to the vCenter upgrade bundle.
  6. If you selected Schedule Update, click the date and time for the bundle to be applied and click Schedule.
  7. Enter the details for the temporary IP address to be used only during the upgrade.
  8. Monitor the upgrade progress. See Monitor VMware Cloud Foundation Updates.

    If the upgrade fails, resolve the issue and retry the failed task. If you cannot resolve the issue, restore vCenter Server using the file-based backup. See Restore vCenter Server.

What to do next

Once the upgrade successfully completes, use the vSphere Client to change the vSphere DRS Automation Level setting back to the original value (before you took a file-based backup) for each vSphere cluster that is managed by the vCenter Server. See KB 87631 for information about using VMware PowerCLI to change the vSphere DRS Automation Level.

Upgrade vSAN Witness Host for VMware Cloud Foundation

If your VMware Cloud Foundation environment contains stretched clusters, update and remediate the vSAN witness host.

Prerequisites

Download the ESXi ISO that matches the version listed in the the Bill of Materials (BOM) section of the VMware Cloud Foundation Release Notes.

Procedure

  1. In a web browser, log in to vCenter Server at https://vcenter_server_fqdn/ui.
  2. Upload the ESXi ISO image file to vSphere Lifecycle Manager.
    1. Click Menu > Lifecycle Manager.
    2. Click the Imported ISOs tab.
    3. Click Import ISO and then click Browse.
    4. Navigate to the ESXi ISO file you downloaded and click Open.
    5. After the file is imported, click Close.
  3. Create a baseline for the ESXi image.
    1. On the Imported ISOs tab, select the ISO file that you imported, and click New baseline.
    2. Enter a name for the baseline and specify the Content Type as Upgrade.
    3. Click Next.
    4. Select the ISO file you had imported and click Next.
    5. Review the details and click Finish.
  4. Attach the baseline to the vSAN witness host.
    1. Click Menu > Hosts and Clusters.
    2. In the Inventory panel, click vCenter > Datacenter.
    3. Select the vSAN witness host and click the Updates tab.
    4. Under Attached Baselines, click Attach > Attach Baseline or Baseline Group.
    5. Select the baseline that you had created in step 3 and click Attach.
    6. Click Check Compliance.
      After the compliance check is completed, the Status column for the baseline is displayed as Non-Compliant.
  5. Remediate the vSAN witness host and update the ESXi hosts that it contains.
    1. Right-click the vSAN witness and click Maintenance Mode > Enter Maintenance Mode.
    2. Click OK.
    3. Click the Updates tab.
    4. Select the baseline that you had created in step 3 and click Remediate.
    5. In the End user license agreement dialog box, select the check box and click OK.
    6. In the Remediate dialog box, select the vSAN witness host, and click Remediate.
      The remediation process might take several minutes. After the remediation is completed, the Status column for the baseline is displayed as Compliant.
    7. Right-click the vSAN witness host and click Maintenance Mode > Exit Maintenance Mode.
    8. Click OK.

Upgrade VxRail Manager and ESXi Hosts for VMware Cloud Foundation

Use the VxRail upgrade bundle to upgrade VxRail Manager and the ESXi hosts in the workload domain. Upgrade the management domain first and then VI workload domains.

By default, the upgrade process upgrades the ESXi hosts in all clusters in a workload domain in parallel. If you have multiple clusters in the management domain or in a VI workload domain, you can select the clusters to upgrade. You can also choose to upgrade the clusters in parallel or sequentially.

If you are using external (non-vSAN) storage, the following procedure updates the ESXi hosts attached to the external storage. However, updating and patching the storage software and drivers is a manual task and falls outside of SDDC Manager lifecycle management. To ensure supportability after an ESXi upgrade, consult the vSphere HCL and your storage vendor.

Prerequisites

  • Validate that the ESXi passwords are valid.
  • Download the VxRail upgrade bundle. See Downloading VMware Cloud Foundation Upgrade Bundles.
  • Ensure that the domain for which you want to perform cluster-level upgrade does not have any hosts or clusters in an error state. Resolve the error state or remove the hosts and clusters with errors before proceeding.

Procedure

  1. Navigate to the Updates/Patches tab of the workload domain.
  2. Click Precheck to run the upgrade precheck.
    Resolve any issues before proceeding with the upgrade.
  3. In the Available Updates section, select the target release.
  4. Click Upgrade Now or Schedule Update.
    If you selected Schedule Update, specify the date and time for the bundle to be applied.
  5. Select the clusters to upgrade and click Next.
    The default setting is to upgrade all clusters. To upgrade specific clusters, click Enable cluster-level selection and select the clusters to upgrade.
  6. Click Next.
  7. Select the upgrade options and click Finish.
    By default, the selected clusters are upgraded in parallel. If you selected more than five clusters to be upgraded, the first five are upgraded in parallel and the remaining clusters are upgraded sequentially. To upgrade all selected clusters sequentially, select Enable sequential cluster upgrade.
    Click Enable Quick Boot if desired. Quick Boot for ESXi hosts is an option that allows Update Manager to reduce the upgrade time by skipping the physical reboot of the host.
  8. Monitor the upgrade progress. See Monitor VMware Cloud Foundation Updates.

Update Licenses for a Workload Domain

After you upgrade a workload domain component, update the license using SDDC Manager.

You first add the new license to SDDC Manager. This must be done once per license instance. You then apply the license to the component on a per workload domain basis.

Prerequisites

A new license for the component to be updated.

Procedure

  1. Add a new license to the SDDC Manager inventory.
    1. In the navigation pane, click Administration > Licensing.
    2. On the Licensing page, click + License Key.
    3. Select a product from the drop-down menu.
    4. Enter the license key.
    5. Enter a description for the license.
    6. Click Add.
    7. Repeat for each license to be added.
  2. Update a license for a workload domain component.
    1. In the navigation pane, click Inventory > Workload Domains.
    2. On the Workload Domains page, click the domain you are upgrading.
    3. On the Summary tab, expand the red error banner, and click Update Licenses.
    4. On the Update Licenses page, click Next.
    5. Select the products to update and click Next.
    6. For each product, select a new license from the list, and select the entity to which the license should be applied and click Next.
    7. On the Review pane, review each license and click Submit.

      The new licenses will be applied to the workload domain. Monitor the task in the Tasks pane in SDDC Manager.