Workload Domain-Based Upgrade Sequence for VMware Cloud Foundation

This section contains the planning considerations, prerequisites, and tasks for upgrading VMware Cloud Foundation. Depending on your source VMware Cloud Foundation version, you may need to perform certain tasks multiple times before proceeding to the next task.

VMware Cloud Foundation Upgrade Plan

This section describes the tasks required to perform a VMware Cloud Foundation upgrade. Depending on your source VMware Cloud Foundation version, you may need to perform certain tasks multiple times before proceeding to the next task.

Table 1. Prepare for Upgrade
Task	Additional Information
Allocate a temporary IP address for each vCenter Server upgrade	Required for each vCenter Server upgrade. Must be allocated from the management subnet. The same IP can be reused.
Obtain updated licenses	New licenses required for: vSAN 8.x vSphere 8
Verify there are no expired or expiring passwords	Review the password management dashboard in SDDC Manager.
Verify there are no expired or expiring certificates	Review the certificates tab for each workload domain.
Verify ESXi host TPM module states	[Conditional] If ESXi hosts have TPM modules in use, verify they are running the latest 2.0 firmware. If not in use they must be disabled in the BIOS.
Download Bundles Using SDDC Manager	[Conditional] Online depot connectivity required
Configure a Proxy Server for Downloading Bundles	[Conditional] If a proxy server is required for online depot connectivity
Download Bundles with the Bundle Transfer Utility	[Conditional] For offline bundle download
Download Specific Bundles with the Bundle Transfer Utility	[Conditional] For offline bundle download of a specific bundle
Download NSX Global Manager Upgrade Bundle	[Conditional] Required when using NSX Federation

Table 2. Management Domain Upgrade
Task	Additional Information
VMware Cloud Foundation Upgrade Prerequisites
Precheck Update - Versions Prior to SDDC Manager 5.0 Perform Update Precheck in SDDC Manager 5.0
Apply the VMware Cloud Foundation Upgrade Bundle
Apply the VMware Cloud Foundation Configuration Drift Bundle
Update Compatibility Data with the Bundle Transfer Utility	[Conditional] Required when using offline bundle download
Upgrade vRealize Suite Lifecycle Manager for VMware Cloud Foundation	[Conditional] If vRealize Suite Lifecycle Manager is present
Upgrade vRealize Suite Products for VMware Cloud Foundation	[Conditional] If vRealize Suite Products are present
Upgrade NSX from 3.1.3	[Conditional] If source NSX version is 3.1.3 Upgrade NSX to 3.2.1.2.0 using SDDC Manager [Conditional] If NSX Federation is present, upgrade the NSX Local Manager in both VMware Cloud Foundation instances before proceeding
Upgrade NSX Global Managers from 3.1.3	[Conditional] If source NSX version is 3.1.3 [Conditional] If NSX Federation is present Upgrade NSX Global Managers to 3.2.1.2.0 using the Global Manager UI Upgrade standby global manager, followed by active global manager
Upgrade NSX Global Managers from 3.2.1.2.0	[Conditional] If source NSX version is 3.2.1.2.0 [Conditional] If NSX Federation is present Upgrade NSX Global Managers to 4.0.1.1 using the Global Manager UI Upgrade standby global manager, followed by active global manager Note: Upgrading global managers to this interim build is required to maintain N±1 between local and global managers
Upgrade NSX from 3.2.1.2.0	[Conditional] If source NSX version is 3.2.1.2.0 Upgrade NSX to 4.1.0.2.0 using SDDC Manager [Conditional] If NSX Federation is present, upgrade the NSX Local Manager in both VMware Cloud Foundation instances before proceeding
Upgrade NSX Global Managers from 4.0.1.1	[Conditional] If source NSX version is 4.0.1.1 [Conditional] If NSX Federation is present Upgrade NSX Global Managers to 4.1.0.2.0 using the Global Manager UI Upgrade standby global manager, followed by active global manager
Upgrade vCenter Server for VMware Cloud Foundation	Requires a temporary IP address in the management subnet
Upgrade vSAN Witness Host for VMware Cloud Foundation	[Conditional] If the vSAN cluster is stretched
Skip Hosts During ESXi Update	[Conditional] If you need to skip hosts
Upgrade ESXi with Custom ISOs	[Conditional] If you need to use custom ISOs
Upgrade ESXi with VMware Cloud Foundation Stock ISO and Async Drivers	[Conditional] If you need to use the stock ISO and async drivers
Upgrade ESXi with vSphere Lifecycle Manager Baselines for VMware Cloud Foundation
Update Licenses for a Workload Domain	Update licenses for: vSAN 8.x vSphere 8
Apply Configuration Updates	[Conditional] If there are configuration updates required

Table 3. VI Workload Domain Upgrade
Task	Additional Information
Plan VI Workload Domain Upgrade	Required to make appicable bundles available to the VI workload domain
VMware Cloud Foundation Upgrade Prerequisites
Perform Update Precheck in SDDC Manager 5.0
Upgrade NSX from 3.1.3	[Conditional] If source NSX version is 3.1.3 Upgrade NSX from 3.1.3 to 3.2.1.2.0 using SDDC Manager [Conditional] If NSX Federation is present, upgrade the local manager in both VMware Cloud Foundation instances before proceeding
Upgrade NSX Global Managers from 3.1.3	[Conditional] If source NSX version is 3.1.3 [Conditional] If NSX Federation is present Upgrade NSX Global Managers from 3.1.3 to 3.2.1.2.0 using the Global Manager UI Upgrade standby global manager, followed by active global manager
Upgrade NSX Global Managers from 3.2.1.2.0	[Conditional] If source NSX version is 3.2.1.2.0 [Conditional] If NSX Federation is present Upgrade NSX Global Managers from 3.2.1.2.0 to 4.0.1.1 using the Global Manager UI Upgrade standby global manager, followed by active global manager
Upgrade NSX from 3.2.1.2.0	[Conditional] If source NSX version is 3.2.1.2.0 Upgrade NSX from 3.2.1.2.0 to 4.1.0.2.0 using SDDC Manager [Conditional] If NSX Federation is present, upgrade the local manager in both VMware Cloud Foundation instances before proceeding
Upgrade NSX Global Managers from 4.0.1.1	[Conditional] If source NSX version is 4.0.1.1 [Conditional] If NSX Federation is present Upgrade NSX Global Managers from 4.0.1.1 to 4.1.0.2.0 using the Global Manager UI Upgrade standby global manager, followed by active global manager
Upgrade vCenter Server for VMware Cloud Foundation	Requires a temporary IP address in the management subnet
Upgrade vSAN Witness Host for VMware Cloud Foundation	[Conditional] If the vSAN cluster is stretched
Skip Hosts During ESXi Update	[Conditional] If you need to skip hosts
Upgrade ESXi with Custom ISOs	[Conditional] If you need to use custom ISOs
Upgrade ESXi with VMware Cloud Foundation Stock ISO and Async Drivers	[Conditional] If you need to use the stock ISO and async drivers
Upgrade ESXi with vSphere Lifecycle Manager Baselines for VMware Cloud Foundation	[Conditional] If the workload domain is using vSphere Lifecycle Manager Baselines
Upgrade ESXi with vSphere Lifecycle Manager Images for VMware Cloud Foundation	[Conditional] If the workload domain is using vSphere Lifecycle Manager images
Post Upgrade Steps for NFS-Based VI Workload Domains
Update Licenses for a Workload Domain	Update licenses for: vSAN 8.x vSphere 8
Apply Configuration Updates	[Conditional] If there are configuration updates required

VMware Cloud Foundation Upgrade Prerequisites

Before you upgrade VMware Cloud Foundation, make sure that the following prerequisites are met.

Table 4. Upgrade Prerequisites
Prerequisite	Additional Information
Allocate a temporary IP address for each vCenter Server upgrade	Required for each vCenter Server upgrade. Must be allocated from the management subnet. The same IP can be reused.
Obtain updated licenses	New licenses required for: vSAN 8.x vSphere 8
Verify there are no expired or expiring passwords	Review the password management dashboard in SDDC Manager
Verify there are no expired or expiring certificates	Review the certificates tab for each workload domain
Verify ESXi host TPM module states	[Conditional] If ESXi hosts have TPM modules in use, verify they are running the latest 2.0 firmware. If not in use they must be disabled in the BIOS
Verify ESXi hardware is compatible with target version	See ESXi Requirements and VMware Compatibility Guide at http://www.vmware.com/resources/compatibility/search.php.
Manually update the vSAN HCL database to ensure that it is up-to-date.	See KB 2145116
Backup SDDC Manager, all vCenter Servers, and NSX Managers.	Take File based backups or image-level backups of SDDC Manager, all vCenter Servers, and NSX Managers. Take a Cold Snapshot of SDDC Manager.
Make sure that there are no failed workflows in your system and none of the VMware Cloud Foundation resources are in activating or error state.	Caution: If any of these conditions are true, contact VMware Support before starting the upgrade.
Review the Release Notes for known issues related to upgrades.
Deactivate all 4.x async patches and run an inventory sync before upgrading to VMware Cloud Foundation 5.0	VMware Cloud Foundation 5.0 and later no longer require using the Async Patch Tool to enable upgrades from an async-patched VMware Cloud Foundation instance. See VCF Async Patch Tool Options for more information
Run the NSX Upgrade Evaluation Tool before starting the upgrade process.	The tool is designed to ensure success by checking the health and readiness of your NSX Manager prior to upgrading.
Review Operational Impacts of NSX Upgrade in NSX Upgrade Guide to understand the impact that each component upgrade might have on your environment.
Ensure there are no active alarms on hosts or vSphere clusters using the vSphere Client.

Downloading VMware Cloud Foundation Upgrade Bundles

Before you can upgrade VMware Cloud Foundation, you must download the upgrade bundles for each VMware Cloud Foundation component that requires an upgrade.

Online and Offline Downloads

If the SDDC Manager appliance can connect to the internet, you can download upgrade bundles from the VMware Depot using your VMware Customer Connect account.

If the SDDC Manager appliance cannot connect to the internet, you can use the Bundle Transfer Utility to download the bundles to a computer that has internet access and then copy the bundles to the SDDC Manager appliance.

Other Bundle Types

In addition to upgrade bundles, VMware Cloud Foundation includes the following bundle types:

Install Bundles
An install bundle includes software binaries to install VI workload domains (vCenter Server and NSX) and vRealize Suite Lifecycle Manager. You download install bundles using the same process that you use for upgrade bundles.
Configuration Drift Bundles
A configuration drift bundle applies configuration changes across the managed components and detects, remediates, and prevents configuration drift. These policies can help ensure that virtual machines stay in compliance with the intended state, reducing the risk of performance, stability, and security issues.
Async Patch Bundles
An async patch bundle allows you to apply critical patches to certain VMware Cloud Foundation components (NSX Manager, vCenter Server, and ESXi) when an update or upgrade bundle is not available. To download an async patch bundle, you must use the Async Patch Tool. See Async Patch Tool.

Download Bundles Using SDDC Manager

To download upgrade bundles, connect SDDC Manager to the VMware Depot using your VMware Customer Connect account and then select the bundles to download.

If SDDC Manager does not have direct internet access, configure a proxy server or use the Bundle Transfer Utility for offline bundle downloads.

If SDDC Manager is already connected to the VMware Depot, you can skip the first step below.

When you download bundles, SDDC Manager verifies that the file size and checksum of the downloaded bundles match the expected values.

Procedure

Configure credentials for SDDC Manager to connect to the VMware Depot.
1. In the navigation pane, click Administration > Online Depot.
2. Click Authenticate.
3. Type your VMware Customer Connect user name and password.
4. Click Authorize.
In the navigation pane, click Lifecycle Management > Bundle Management.
Click the Bundles tab to view available bundles.

Note:
If you just connected SDDC Manager to the VMware Depot, it can take some time for bundles to appear.

All available bundles are displayed. Install bundles display an Install Only Bundle label. If the bundle can be applied right away, the Bundle Details column displays the workload domains to which the bundle needs to be applied to, and the Availability column says Available. If another bundle must be applied before a particular bundle, the Availability field displays Future.

To view more information about the bundle, click View Details. The Bundle Details section displays the bundle version, release date, and additional details about the bundle.
For the bundle you want to download, do one of the following:
- Click Download Now for an immediate download.
  The bundle download begins right away.
- Click Schedule Download to schedule a download.
  Select the date and time for the bundle download and click Schedule.
Click the Download History tab to see the downloaded bundles.

Configure a Proxy Server for Downloading VMware Cloud Foundation Bundles

If SDDC Manager does not have direct internet access, you can configure a proxy server to download bundles. VMware Cloud Foundation only supports proxy servers that do not require authentication.

Procedure

In the navigation pane, click Administration > Proxy Settings.
Click Edit.
Toggle the Enable Proxy setting to the on position.
Enter the proxy server IP address and port number and click SAVE.

What to do next

You can now download bundles as described in Download Bundles Using SDDC Manager.

Offline Bundle Download for VMware Cloud Foundation

If the SDDC Manager appliance does not have access to the VMware Depot, you can use the Bundle Transfer Utility to download the bundles to a different computer and then upload them to the SDDC Manager appliance.

When you download bundles, the Bundle Transfer Utility verifies that the file size and checksum of the downloaded bundles match the expected values. Additionally, in VMware Cloud Foundation 5.0 and higher, upgrades are made available based on the compatibility data, which tracks the compatible intra-product upgrades and inter-product compatibility across versions. This data is updated before any upgrade operation is planned.

Prerequisites

A Windows or Linux computer with internet connectivity for downloading the bundles.
You need a system with internet access to download the manifest file and VMware Compatibility Data.
The computer must have Java 8 or later.
A Windows or Linux computer with access to the SDDC Manager appliance for uploading the bundles.
To upload the manifest file from a Windows computer, you must have OpenSSL installed and configured.
Configure TCP keepalive in your SSH client to prevent socket connection timeouts when using the Bundle Transfer Utility for long-running operations.

Note: The Bundle Transfer Utility is the only supported method for downloading bundles. Do not use third-party tools or other methods to download bundles.

Procedure

Download the most recent version of the Bundle Transfer Utility on a computer with internet access.
1. Log in to VMware Customer Connect and browse to the Download VMware Cloud Foundation page.
2. In the Select Version field, select the version to which you are upgrading.
3. Click Drivers & Tools.
4. Expand VMware Cloud Foundation Supplemental Tools.
5. Click DOWNLOAD NOW for the Bundle Transfer Utility.
Extract lcm-tools-prod.tar.gz.
Navigate to the lcm-tools-prod/bin/ and confirm that you have execute permission on all folders.
Copy the bundle transfer utility to a computer with access to the SDDC Manager appliance and then copy the bundle transfer utility to the SDDC Manager appliance.
1. SSH in to the SDDC Manager appliance using the vcf user account.
2. Enter su to switch to the root user.
3. Create the lcm-tools directory.
```
mkdir /opt/vmware/vcf/lcm/lcm-tools
```
  Note: If the /opt/vmware/vcf/lcm/lcm-tools directory already exists with an older version of the Bundle Transfer Utility, you need to delete contents of the existing directory before proceeding.
4. Copy the Bundle Transfer Utility file (lcm-tools-prod.tar.gz) that you downloaded in step 1 to the /opt/vmware/vcf/lcm/lcm-tools directory.
5. Extract the contents of lcm-tools-prod.tar.gz.
```
tar -xvf lcm-tools-prod.tar.gz
```
6. Set the permissions for the lcm-tools directory.
```
cd /opt/vmware/vcf/lcm/
```
```
chown vcf_lcm:vcf -R lcm-tools
```
```
chmod 750 -R lcm-tools
```
On the computer with internet access, download the manifest file. This is a structured metadata file that contains information about the VMware product versions included in the release Bill of Materials.
```
./lcm-bundle-transfer-util --download --manifestDownload --depotUser Username 
```
Copy the manifest file and lcm-tools-prod directory to a computer with access to the SDDC Manager appliance.

Upload the manifest file to the SDDC Manager appliance.

./lcm-bundle-transfer-util --update --sourceManifestDirectory Manifest-Downloaded-Directory --sddcMgrFqdn FQDN --sddcMgrUser Username

Use your vSphere SSO credentials for the --sddcMgrUser parameter.

On the computer with internet access, download the compatibility data.
```
./lcm-bundle-transfer-util --download --compatibilityMatrix --depotUser Username
```
To specify a download location, use --outputDirectory followed by the path to the directory.
Copy the compatibility data file (VmwareCompatibilityData.json) to the computer with access to the SDDC Manager appliance.

Upload the compatibility file to the SDDC Manager appliance.

./lcm-bundle-transfer-util --update --compatibilityMatrix --inputDirectory compatibility-file-directory --sddcMgrFqdn FQDN --sddcMgrUser Username

On the computer with internet access, run the following command.

./lcm-bundle-transfer-util --download --outputDirectory absolute-path-output-dir --depotUser depotUser --sv current-vcf-version --p target-vcf-version

where


`absolute-path-output-dir`	Path to the directory where the bundle files should be downloaded. This directory folder must have 777 permissions. If you do not specify the download directory, bundles are downloaded to the default directory with 777 permissions.
`depotUser`	User name for the VMware Depot (VMware Customer Connect). You will be prompted to enter the depot user password. If there are any special characters in the password, specify the password within single quotes.
`current-vcf-version`	Current version of VMware Cloud Foundation. For example, `4.3.1.1`.
`target-vcf-version`	Target version of VMware Cloud Foundation. For example, `5.0.0.0`.

After you enter your VMware Customer Connect password, the utility asks Do you want to download vRealize bundles?. Enter Y or N.

The utility displays a list of the available bundles based on the current and target versions of VMware Cloud Foundation.

Specify the bundles to download.
Enter one of the following options:
- all
- install
- patch
You can also enter a comma-separated list of bundle names to download specific bundles. For example: bundle-38371, bundle-38378.
Download progress for each bundle is displayed. Wait until all bundles are downloaded successfully.
Copy the entire output directory to a computer with access to the SDDC Manager appliance, and then copy it to the SDDC Manager appliance.
You can select any location on the SDDC Manager appliance that has enough free space available. For example, /nfs/vmware/vcf/nfs-mount/.
Example command to copy the output directory to the SDDC Manager appliance:
```
scp -pr /root/upgrade-bundles vcf@SDDC_MANAGER_IP:/nfs/vmware/vcf/nfs-mount/
```
The scp command in the example above copies the output directory ( upgrade-bundles) to the /nfs/vmware/vcf/nfs-mount/ directory on the SDDC Manager appliance.
Upload the directory to the SDDC Manager appliance internal LCM repository.
1. SSH in to the SDDC Manager appliance using the vcf user account.
2. Enter su to switch to the root user.
3. Navigate to /opt/vmware/vcf/lcm/lcm-tools/bin.
4. Run the following command:
```
./lcm-bundle-transfer-util --upload --bundleDirectory absolute-path-bundle-dir
```
  - Replace absolute-path-bundle-dir with the path to the location where you copied the output directory. For example: /nfs/vmware/vcf/nfs-mount/upgrade-bundles.
The utility uploads the bundles and displays upload status for each bundle. Wait for all bundles to be uploaded before proceeding with an upgrade.

Download Specific Bundles from the VMware Depot with the Bundle Transfer Utility

The Bundle Transfer Utility is a command line tool used to identify bundles applicable to your environment and download the bundles from the VMware Depot to a computer that has internet access.

This procedure provides information about downloading specific bundles to a computer with internet access. When the bundle downloads complete, copy the output directory to a computer with access to the SDDC Manager appliance, and then copy the directory to the SDDC Manager appliance. After you copy the directory to the SDDC Manager appliance, upload the bundle files to the internal LCM repository. See Offline Bundle Download for VMware Cloud Foundation for more information.

Note: The Bundle Transfer Utility is the only supported method for downloading bundles. Do not use third-party tools or other methods to download bundles.

Run the following commands from the Bundle Transfer Utility directory (for example, lcm-tools-prod/bin/) on a computer with internet access.

Download Bundles for a Product Version

You can download bundles for a specific product version.

Display a list of the bundles for a specific product version.

./lcm-bundle-transfer-util --depotUser depotUser --listBundles --productVersion product_version
 (OR)
./lcm-bundle-transfer-util --du depotUser -l -p product_version

For example:

./lcm-bundle-transfer-util --du [email protected] -l -p 5.0.0.0

Download bundles based on a specific product version.

./lcm-bundle-transfer-util --download --outputDirectory absolute-path-output-dir --depotUser depotUser --productVersion product_version
 (OR)
 ./lcm-bundle-transfer-util -d -op absolute-path-output-dir --du depotUser -p product_version

For example, to download all the bundles for the 5.0.0.0 version:

./lcm-bundle-transfer-util --download --depotUser [email protected] --outputDirectory /Users/fruyven/downloadedBundles -p 5.0.0.0

Download a Single Bundle

Download a single bundle.

./lcm-bundle-transfer-util --download --outputDirectory absolute-path-output-dir --depotUser depotUser --bundle bundle_name
(OR)
 ./lcm-bundle-transfer-util --download --outputDirectory absolute-path-output-dir --depotUser depotUser -b bundle_name

For example:

./lcm-bundle-transfer-util --download --outputDirectory /Users/fruyven/downloadedBundles --depotUser [email protected] --bundle bundle-50721

Upgrade the Management Domain to VMware Cloud Foundation 5.0

You must upgrade the management domain before upgrading VI workload domains in your environment. In order to upgrade to VMware Cloud Foundation 5.0, the management domain must be at VMware Cloud Foundation 4.3.x or higher. If your environment is at a version lower than 4.3.x, you must upgrade the management domain to 4.3.x or later and then upgrade to 5.0.

Caution:

VMware Cloud Foundation deployments that include NSX Federation require additional manual upgrade steps, see KB article 92516 for further details.

Upgrade the components in the management domain in the following order:

SDDC Manager and VMware Cloud Foundation services.
VMware Cloud Foundation config drift.
vRealize Suite Lifecycle Manager, vRealize Suite products, and Workspace ONE Access.
NSX.
vCenter Server.
ESXi

After all upgrades have completed successfully:

Remove the VM snapshots you took before starting the update.
Take a backup of the newly installed components.

Precheck Update - Versions Prior to SDDC Manager 5.0

If you have not yet upgraded to SDDC Manager 5.0, these are the steps to run a Precheck. You must perform a precheck before applying an update or upgrade bundle to ensure that your environment is ready for the update.

For an ESXi bundle, the system performs a bundle level precheck in addition to the environment precheck. For VI workload domains using vSphere Lifecycle Manager baselines, the ESXi bundle precheck validates the following.

Custom ISO is compatible with your environment.
Custom ISO size is smaller than the boot partition size.
Third party VIBs are compatible with the environment.

If you silence a vSAN Skyline Health alert in the vSphere Client, SDDC Manager skips the related precheck and indicates which precheck it skipped. Click Restore Precheck to include the silenced precheck. For example:
An example of an alert that was silenced in vSAN Skyline Health.

An example of an alert that was silenced in vSAN Skyline Health.

You can also silence failed vSAN prechecks in the SDDC Manager UI by clicking Silence Precheck. Silenced prechecks do not trigger warnings or block upgrades.

Important: You should only silence alerts if you know that they are incorrect. Do not silence alerts for real issues that require remediation.

Procedure

In the navigation pane, click Inventory > Workload Domains.
On the Workload Domains page, click the workload domain where you want to run the precheck.
On the domain summary page, click the Updates/Patches tab. The image below is a sample screenshot and may not reflect the correct product versions.
Click Precheck to validate that the environment is ready to be upgraded.

Once the precheck begins, a message appears indicating the time at which the precheck was started.
Click View Status to see detailed tasks and their status. The image below is a sample screenshot and may not reflect the correct versions.
To see details for a task, click the Expand arrow.
If a precheck task failed, fix the issue, and click Retry Precheck to run the task again. You can also click Precheck Failed Resources to retry all failed tasks.
If ESXi hosts display a driver incompatibility issue when updating a VI workload domain using vSphere Lifecycle Manager baselines, perform the following steps:
1. Identify the controller with the HCL issue.
2. For the given controller, identify the supported driver and firmware versions on the source and target ESXi versions.
3. Upgrade the firmware, if required.
4. Upgrade the driver manually on the ESXi host and retry the task at which the upgrade failed.
If the workload domain contains a host that includes pinned VMs, the precheck fails at the Enter Maintenance Mode step. If the host can enter maintenance mode through vCenter Server UI, you can suppress this check for NSX and ESXi in VMware Cloud Foundation by following the steps below.
1. Log in to SDDC Manager by using a Secure Shell (SSH) client with the user name vcf and password you specified in the deployment parameter workbook.
2. Open the /opt/vmware/vcf/lcm/lcm-app/conf/application-prod.properties file.
3. Add the following line to the end of the file:
  lcm.nsxt.suppress.dry.run.emm.check=true
  lcm.esx.suppress.dry.run.emm.check.failures=true
4. Restart Lifecycle Management by typing the following command in the console window.
  systemctl restart lcm
5. After Lifecycle Management is restarted, run the precheck again.

Results

The precheck result is displayed at the top of the Upgrade Precheck Details window. If you click Exit Details, the precheck result is displayed at the top of the Precheck section in the Updates/Patches tab.

Ensure that the precheck results are green before proceeding. A failed precheck may cause the update to fail.

Perform Update Precheck in SDDC Manager 5.0

You must perform a precheck in SDDC Manager 5.0 before applying an update bundle to ensure that your environment is ready for the update.

Bundle-level pre-checks for vCenter are available in VMware Cloud Foundation 5.0.

Note:

Because ESXi bundle-level pre-checks only work in minor-version upgrades (for example: from ESXi 7.x to 7.y, or from ESXi 8.x to 8.y), these prechecks do not run in VMware Cloud Foundation 5.0.

If you silence a vSAN Skyline Health alert in the vSphere Client, SDDC Manager skips the related precheck and indicates which precheck it skipped. Click RESTORE PRECHECK to include the silenced precheck. For example: An example of an alert that was silenced in vSAN Skyline Health.

You can also silence failed vSAN prechecks in the SDDC Manager UI by clicking Silence Precheck. Silenced prechecks do not trigger warnings or block upgrades.

Important:

Only silence alerts if you know that they are incorrect. Do not silence alerts for real issues that require remediation.

Procedure

In the navigation pane, click Inventory > Workload Domains.
On the Workload Domains page, click the workload domain where you want to run the precheck.
On the domain summary page, click the Updates tab.
(The following image is a sample screenshot and may not reflect current product versions.)

Note:
It is recommended that you Precheck your workload domain prior to performing an upgrade.
Click RUN PRECHECK to select the components in the workload domain you want to precheck.
1. You can select to run a Precheck only on vCenter or the vSphere cluster. All components in the workload domain are selected by default. To perform a precheck on certain components, choose Custom selection.
2. If there are pending upgrade bundles available, then the "Target Version" dropdown contains "General Upgrade Readiness" and the available VMware Cloud Foundation versions to upgrade to. If there is an available VMware Cloud Foundation upgrade version, there will be extra checks - bundle-level prechecks for hosts, vCenter Server, and so forth. The version specific prechecks will only run prechecks on components that have available upgrade bundles downloaded.
When the precheck begins, a progress message appears indicating the precheck progress and the time when the precheck began.

Note: Parallel precheck workflows are supported. If you want to precheck multiple domains, you can repeat steps 1-5 for each of them without waiting for step 5 to finish.
Once the Precheck is complete, the report appears. Click through ALL, ERRORS, WARNINGS, and SILENCED to filter and browse through the results.
To see details for a task, click the expander arrow.

If a precheck task failed, fix the issue, and click Retry Precheck to run the task again. You can also click RETRY ALL FAILED RESOURCES to retry all failed tasks.
If ESXi hosts display a driver incompatibility issue when updating a VI workload domain using vSphere Lifecycle Manager baselines, perform the following steps:
1. Identify the controller with the HCL issue.
2. For the given controller, identify the supported driver and firmware versions on the source and target ESXi versions.
3. Upgrade the firmware, if required.
4. Upgrade the driver manually on the ESXi host and retry the task at which the upgrade failed.
If the workload domain contains a host that includes pinned VMs, the precheck fails at the Enter Maintenance Mode step. If the host can enter maintenance mode through vCenter Server UI, you can suppress this check for NSX and ESXi in VMware Cloud Foundation by following the steps below.
1. Log in to SDDC Manager by using a Secure Shell (SSH) client with the user name vcf and password.
2. Open the /opt/vmware/vcf/lcm/lcm-app/conf/application-prod.properties file.
3. Add the following line to the end of the file:
  lcm.nsxt.suppress.dry.run.emm.check=true
  lcm.esx.suppress.dry.run.emm.check.failures=true
4. Restart Lifecycle Management by typing the following command in the console window.
  systemctl restart lcm
5. After Lifecycle Management is restarted, run the precheck again.

Results

The precheck result is displayed at the top of the Upgrade Precheck Details window. If you click Exit Details, the precheck result is displayed at the top of the Precheck section in the Updates tab.

Ensure that the precheck results are green before proceeding. Although a failed precheck will not prevent the upgrade from proceeding, it may cause the update to fail.

Apply the VMware Cloud Foundation Upgrade Bundle

The VMware Cloud Foundation Upgrade bundle upgrades the SDDC Manager appliance and VMware Cloud Foundation services.

Prerequisites

Download the VMware Cloud Foundation update bundle for your target release. See Downloading VMware Cloud Foundation Upgrade Bundles.
Ensure you have a recent successful backup of SDDC Manager using an external SFTP server.
Ensure you have taken a snapshot of the SDDC Manager appliance.
Ensure you have recent successful backups of the components managed by SDDC Manager.
Perform Update Precheck in SDDC Manager 5.0 and resolve any issues.

Procedure

In the navigation pane, click Inventory > Workload Domains.
On the Workload Domains page, click the management domain and then click the Updates tab.
In the Available Updates section, select the target release.
Click Update Now or Schedule Update next to the VMware Cloud Foundation Upgrade bundle.
If you selected Schedule Update, select the date and time for the bundle to be applied and click Schedule.

If you clicked Update Now, the VMware Cloud Foundation Update Status window displays the components that will be upgraded and the upgrade status. Click View Update Activity to view the detailed tasks. After the upgrade is completed, a green bar with a check mark is displayed.
Click Finish.

Apply the VMware Cloud Foundation Configuration Drift Bundle

The configuration drift bundle applies configuration changes required for 2nd party software components in the VMware Cloud Foundation Bill of Materials for the target release. Configuration changes are applied to the management domain and may also affect VI workload domains in your environment. However, there is no downtime on VI workload domains and they need not be in a maintenance window.

The configuration drifts applied through this mechanism are cumulative configuration drifts from the 4.X versions when performing an upgrade from VMware Cloud Foundation 4.3 to 5.0. To apply configuration updates for VMware Cloud Foundation 5.0, see the Apply Configuration Updates section.

Prerequisites

Download the configuration drift bundle for your target release. See Downloading VMware Cloud Foundation Upgrade Bundles.
Ensure that you have a recent successful backup of SDDC Manager using an external SFTP server.
Ensure all hosts, cluster and workload domains are in a healthy state. See KB article 91954 for any failed/error/deactivating state of hosts, cluster, and domains.
Ensure that you have taken a snapshot of the SDDC Manager appliance.
Ensure that you have recent successful backups of the components managed by SDDC Manager.
If there are disconnected/not-responding hosts in the respective domain, the configuration drift process fails and displays a final status of "COMPLETE_WITH_FAILURE." See KB article 91624 for more information.
An SSH authentication error may occur when the SSH service is not running on ESXi hosts, leading to a refusal of the SSH connection and causing the config drift upgrade to fail. See KB article 86240 for more information.

Procedure

In the navigation pane, click Inventory > Workload Domains.
On the Workload Domains page, click the management domain and then click the Updates tab.
Click Precheck to run the upgrade precheck.
Resolve any issues before proceeding with the upgrade.

These prechecks are generic and validate the health of the domain and are not specific to the configurations applied.
In the Available Updates section, select the target release.
If you selected Schedule Update, select the date and time for the bundle to be applied and then click Schedule.
After the upgrade is completed, a green bar with a check mark is displayed.
Click Finish.

Apply VMware Cloud Foundation Configuration Updates

VMware Cloud Foundation Configuration Updates identifies and resolves any discrepancies between the intended/prescribed configuration and the actual configuration, ensuring that the deployment aligns with the recommended configuration for the VCF 5.0 release and above. This process includes reconciling the configuration for 2nd party software components listed in the VMware Cloud Foundation Bill of Materials (BOM).

Configuration Updates must be performed during a maintenance window.

As the upgrades for 2nd party components complete for the domain, additional Configuration Updates may become available. You have the option to apply the relevant drifts as they become available or apply them collectively at the end of the upgrade process for all 2nd party software components.

Configuration Updates can be applied to multiple domains in parallel. However, if a Configuration Update is in progress, another configuration update on the same domain should not be attempted.

Note: Configuration Updates in VCF detects and reconciles configuration to a prescribed configuration for the release. Once reconciled, it does not identify subsequent non-compliance arising from out of band changes.

Procedure

In the navigation pane, click Inventory > Workload Domains.
On the Workload Domains page, click the workload domain name and then click the Updates tab.
Click RUN PRECHECK to run the upgrade precheck.

Resolve any issues before proceeding with the upgrade.
Expand Available Configuration Updates, click APPLY ALL.

Configuration updates may be required after you apply software updates. Once a configuration update becomes available, you can apply it immediately or wait until after you have applied all software updates.

APPLY ALL applies all applicable drifts available at that time. However, more drifts may become applicable later, and a red dot notification is displayed on the Updates tab to indicate availability of new configuration updates.
Check the progress of the configuration update by clicking the task in the Tasks panel.
After the configuration updates are successfully applied, it will no longer appear in the table.

Pending Configuration Updates will not block future BOM upgrades.

Upgrade vRealize Suite Lifecycle Manager for VMware Cloud Foundation

The process for upgrading vRealize Suite Lifecycle Manager depends on your current version of VMware Cloud Foundation and vRealize Suite Lifecycle Manager.

Starting with VMware Cloud Foundation 4.4 and vRealize Suite Lifecycle Manager 8.6.2, upgrade and deployment of the vRealize Suite products is managed by vRealize Suite Lifecycle Manager. You can upgrade vRealize Suite products as new versions become available in your vRealize Suite Lifecycle Manager. vRealize Suite Lifecycle Manager will only allow upgrades to compatible and supported versions of vRealize Suite products.

If you already have vRealize Suite Lifecycle Manager 8.6.2, you can upgrade vRealize Suite Lifecycle Manager to a supported version using the vRealize Suite Lifecycle Manager UI.

Note: See the VMware Interoperability Matrix for information about which versions are supported with your version of VMware Cloud Foundation and KB 88829 for more information about supported upgrade paths using vRealize Suite Lifecycle Manager.

If you have an earlier version of vRealize Suite Lifecycle Manager, use the process below to upgrade to vRealize Suite Lifecycle Manager 8.6.2 and then use the vRealize Suite Lifecycle Manager UI to upgrade to later supported versions.

Important: The VMware Cloud Foundation 5.0 BOM requires vRealize Suite Lifecycle Manager 8.10 or higher.

Prerequisites

Note: VMware has recently renamed vRealize Suite of products to VMware Aria Suite. See the Aria Naming Updates blog post for more details. During the VCF 5.0 upgrade process, you can upgrade directly to VMware Aria Suite Lifecycle 8.12 or higher so long as the paths are supported via the VMware Interop Matrix. You will still see the old name of vRealize Suite on SDDC Manager even when upgrade of all the VMware Aria products have been completed.

Ensure that you have a recent successful backup of the vRealize Suite Lifecycle Manager appliance.
Download the VMware Software Update bundle(s) for vRealize Suite Lifecycle Manager. See Downloading VMware Cloud Foundation Upgrade Bundles.
Note: You may have to download and apply multiple bundles, depending on the current product versions in your environment. If your environment is using VMware Cloud Foundation 4.4 or later and vRealize Suite Lifecycle Manager 8.6.2 and later, you do not need to download any bundles, since all upgrades are performed from the vRealize Suite Lifecycle Manager UI.
If FIPS Mode Compliance is enabled in vRealize Suite Lifecycle Manager, you must manually turn it off on the vRealize Suite Lifecycle Manager UI. See Enable or Disable FIPS Mode Compliance in vRealize Suite Lifecycle Manager. You can re-enable FIPS Mode Compliance after the upgrade.

Procedure

In the navigation pane, click Inventory > Workload Domains.
On the Workload Domain page, click the management domain.
On the Domain Summary page, click the Updates/Patches tab.
Click Precheck to run the upgrade precheck.
Resolve any issues before proceeding with the upgrade.
In the Available Updates section, select the target release.
Click Update Now or Schedule Update next to the vRealize Suite Lifecycle Manager upgrade bundle.
If you selected Schedule Update, click the date and time for the bundle to be applied.
Monitor the upgrade progress. See Monitor VMware Cloud Foundation Updates.

If the upgrade fails, you can revert to the snapshot created by the upgrade workflow. After you resolve the issue, you can retry the upgrade.

When vRealize Suite Lifecycle Manager is upgraded successfully, a message with a green background and check mark is displayed.
Click Exit Status.

Upgrade vRealize Suite Products for VMware Cloud Foundation

If you had vRealize Log Insight, vRealize Automation, vRealize Operations, or Workspace ONE Access in your pre-upgrade environment, you must upgrade them from vRealize Suite Lifecycle Manager.

Note: VMware recently renamed the vRealize Suite of products to VMware Aria Suite. See the Aria Naming Updates blog post for more details. Even after upgrading all vRealize Suite components to VMware Aria, the SDDC Manager UI will display the old vRealize names.

Use vRealize Suite Lifecycle Manager to:

Download upgrade binaries
Create snapshots of the virtual appliances
Run pre-upgrade checks
Upgrade vRealize Suite products

Prerequisites

Upgrade to vRealize Suite Lifecycle Manager 8.6.2 or later.

Procedure

Log in to vRealize Suite Lifecycle Manager at https://<vrealize_suite_lifecycle_manager_fqdn> as the administrator.
Upgrade vRealize Suite products.
See “Upgrading vRealize Suite Lifecycle Manager and vRealize Suite Products” in the vRealize Suite Lifecycle Manager Installation, Upgrade, and Management Guide for your current version of vRealize Suite Lifecycle Manager.

Upgrade NSX from 3.1.3

Additional Information for Upgrading NSX from 3.1.3

The following additional information is applicable to the following upgrade.

[Conditional] If source NSX version is 3.1.3
Upgrade NSX to 3.2.1.2.0 using SDDC Manager
[Conditional] If NSX Federation is present, upgrade the NSX Local Manager in both VMware Cloud Foundation instances before proceeding with global Manager instances

Upgrade NSX for VMware Cloud Foundation

Upgrade NSX in the management domain before you upgrade VI workload domains.

Upgrading NSX involves the following components:

Upgrade Coordinator
NSX Edges/Clusters (if deployed)
Host clusters
NSX Manager cluster

Procedure

In the navigation pane, click Inventory > Workload Domains.
On the Workload Domains page, click the domain you are upgrading and then click the Updates/Patches tab.

When you upgrade NSX components for a selected VI workload domain, those components are upgraded for all VI workload domains that share the NSX Manager cluster.
Click Precheck to run the upgrade precheck.

Resolve any issues before proceeding with the upgrade.

Note:
The NSX precheck runs on all VI workload domains in your environment that share the NSX Manager cluster.
In the Available Updates section, select the target release.
Click Update Now or Schedule Update next to the VMware Software NSX bundle.
On the NSX Edge Cluster page, select the NSX Edge clusters you want to upgrade and click Next.

By default, all NSX Edge clusters are upgraded. To select specific NSX Edge clusters, select the Upgrade NSX edge clusters only check box and select the Enable edge selection option. Then select the NSX Edges you want to upgrade.
Click Next.
By default, all vSphere clusters across all workload domains are upgraded. If you want to select specific vSphere clusters to be upgraded, turn off the Upgrade all host clusters setting. Host clusters are upgraded after all Edge clusters have been upgraded.
Note:
The NSX Manager cluster is upgraded only if the Upgrade all host clusters setting is enabled.
- If you have a single cluster in your environment, enable the Upgrade all host clusters setting.
- If you have multiple host clusters and choose to upgrade only some of them, you must go through the NSX upgrade wizard again until all host clusters have been upgraded. When selecting the final set of clusters to be upgraded, you must enable the Upgrade all host clusters setting so that NSX Manager is upgraded.
- If you have upgraded all of the host clusters without enabling the Upgrade all host clusters setting, run through the NSX upgrade wizard again and schedule the upgrade to upgrade NSX Manager.
Click Next.
On the Upgrade Options dialog box, select the upgrade optimizations and click Next.

By default, Edge clusters and host clusters are upgraded in parallel. You can enable sequential upgrade by selecting the relevant check box.
If you selected the Schedule Upgrade option, specify the date and time for the NSX bundle to be applied.
Click Next.
On the Review page, review your settings and click Finish.

The NSX upgrade begins and the upgrade components are displayed. The upgrade view displayed here pertains to the workload domain where you applied the bundle. Click the link to the associated workload domains to see the components pertaining to those workload domains.
Monitor the upgrade progress. See Monitor VMware Cloud Foundation Updates.

If a component upgrade fails, the failure is displayed across all associated workload domains. Resolve the issue and retry the failed task.

Results

When all NSX workload components are upgraded successfully, a message with a green background and check mark is displayed.

Upgrade NSX Global Managers from 3.1.3

When NSX Federation is configured between two VMware Cloud Foundation instances, SDDC Manager does not manage the lifecycle of the NSX Global Managers. To upgrade the NSX Global Managers, you must first follow the standard lifecycle of each VMware Cloud Foundation instance using SDDC Manager, and then manually upgrade the NSX Global Managers for each instance.

Prerequisites

Note:

VMware Cloud Foundation deployments that include NSX Federation require additional manual upgrade steps, see KB article 92516 for further details.

Download the interim and final version of NSX from VMware Customer Connect.

Additional Information for Upgrading NSX Global Managers from 3.1.3

The following additional information is applicable to the following upgrade.

[Conditional] If source NSX version is 3.1.3
[Conditional] If NSX Federation is present
Upgrade NSX Global Managers to 3.2.1.2.0 using the Global Manager UI
Upgrade standby global manager, followed by active global manager

Download NSX Global Manager Upgrade Bundle

SDDC Manager does not manage the lifecycle of the NSX Global Managers. You must download the NSX upgrade bundle manually to upgrade the NSX Global Managers.

Procedure

In a web browser, go to VMware Customer Connect and browse to the download page for the version of NSX listed in the VMware Cloud Foundation Release Notes BOM.
Locate the NSX version Upgrade Bundle and click Read More.
Verify that the upgrade bundle filename extension ends with .mub.
The upgrade bundle filename has the following format VMware-NSX-upgrade-bundle-versionnumber.buildnumber.mub.
Click Download Now to download the upgrade bundle to the system where you access the NSX Global Manager UI.

Upgrade the Upgrade Coordinator for NSX Federation

The upgrade coordinator runs in the NSX Manager. It is a self-contained web application that orchestrates the upgrade process of hosts, NSX Edge cluster, NSX Controller cluster, and the management plane.

The upgrade coordinator guides you through the upgrade sequence. You can track the upgrade process and, if necessary, you can pause and resume the upgrade process from the UI.

Procedure

In a web browser, log in to Global Manager for the domain at https://nsx_gm_vip_fqdn/).
Select System > Upgrade from the navigation panel.
Click Proceed to Upgrade.
Navigate to the upgrade bundle .mub file you downloaded or paste the download URL link.
- Click Browse to navigate to the location you downloaded the upgrade bundle file.
- Paste the VMware download portal URL where the upgrade bundle .mub file is located.
Click Upload.
When the file is uploaded, the Begin Upgrade button appears.
Click Begin Upgrade to upgrade the upgrade coordinator.

Note:
Upgrade one upgrade coordinator at a time.
Read and accept the EULA terms and accept the notification to upgrade the upgrade coordinator..
Click Run Pre-Checks to verify that all NSX components are ready for upgrade.
The pre-check checks for component connectivity, version compatibility, and component status.
Resolve any warning notifications to avoid problems during the upgrade.

Upgrade NSX Global Managers for VMware Cloud Foundation

Manually upgrade the NSX Global Managers when NSX Federation is configured between two VMware Cloud Foundation instances.

Prerequisites

Before you can upgrade NSX Global Managers, you must upgrade all VMware Cloud Foundation instances in the NSX Federation, including NSX Local Managers, using SDDC Manager.

Procedure

In a web browser, log in to Global Manager for the domain at https://nsx_gm_vip_fqdn/).
Select System > Upgrade from the navigation panel.
Click Start to upgrade the management plane and then click Accept.
On the Select Upgrade Plan page, select Plan Your Upgrade and click Next.
The NSX Manager UI, API, and CLI are not accessible until the upgrade finishes and the management plane is restarted.

Upgrade NSX Global Managers from 3.2.1.2.0

Prerequisites

Note:

VMware Cloud Foundation deployments that include NSX Federation require additional manual upgrade steps, see KB article 92516 for further details.

Download the interim and final version of NSX from VMware Customer Connect.

Additional Information for Upgrading NSX Global Managers from 3.2.1.2.0

The following additional information is applicable to the following upgrade.

[Conditional] If source NSX version is 3.2.1.2.0
[Conditional] If NSX Federation is present
Upgrade NSX Global Managers to 4.0.1.1 using the Global Manager UI
Upgrade standby global manager, followed by active global manager

Note:

Upgrading global managers to this interim build is required to maintain N±1 between local and global managers

Download NSX Global Manager Upgrade Bundle

SDDC Manager does not manage the lifecycle of the NSX Global Managers. You must download the NSX upgrade bundle manually to upgrade the NSX Global Managers.

Procedure

In a web browser, go to VMware Customer Connect and browse to the download page for the version of NSX listed in the VMware Cloud Foundation Release Notes BOM.
Locate the NSX version Upgrade Bundle and click Read More.
Verify that the upgrade bundle filename extension ends with .mub.
The upgrade bundle filename has the following format VMware-NSX-upgrade-bundle-versionnumber.buildnumber.mub.
Click Download Now to download the upgrade bundle to the system where you access the NSX Global Manager UI.

Upgrade the Upgrade Coordinator for NSX Federation

The upgrade coordinator guides you through the upgrade sequence. You can track the upgrade process and, if necessary, you can pause and resume the upgrade process from the UI.

Procedure

In a web browser, log in to Global Manager for the domain at https://nsx_gm_vip_fqdn/).
Select System > Upgrade from the navigation panel.
Click Proceed to Upgrade.
Navigate to the upgrade bundle .mub file you downloaded or paste the download URL link.
- Click Browse to navigate to the location you downloaded the upgrade bundle file.
- Paste the VMware download portal URL where the upgrade bundle .mub file is located.
Click Upload.
When the file is uploaded, the Begin Upgrade button appears.
Click Begin Upgrade to upgrade the upgrade coordinator.

Note:
Upgrade one upgrade coordinator at a time.
Read and accept the EULA terms and accept the notification to upgrade the upgrade coordinator..
Click Run Pre-Checks to verify that all NSX components are ready for upgrade.
The pre-check checks for component connectivity, version compatibility, and component status.
Resolve any warning notifications to avoid problems during the upgrade.

Upgrade NSX Global Managers for VMware Cloud Foundation

Manually upgrade the NSX Global Managers when NSX Federation is configured between two VMware Cloud Foundation instances.

Prerequisites

Before you can upgrade NSX Global Managers, you must upgrade all VMware Cloud Foundation instances in the NSX Federation, including NSX Local Managers, using SDDC Manager.

Procedure

In a web browser, log in to Global Manager for the domain at https://nsx_gm_vip_fqdn/).
Select System > Upgrade from the navigation panel.
Click Start to upgrade the management plane and then click Accept.
On the Select Upgrade Plan page, select Plan Your Upgrade and click Next.
The NSX Manager UI, API, and CLI are not accessible until the upgrade finishes and the management plane is restarted.

Upgrade NSX from 3.2.1.2.0

Additional Information for Upgrading NSX from 3.2.1.2.0

The following additional information is applicable to the following upgrade.

[Conditional] If source NSX version is 3.2.1.2.0
Upgrade NSX to 4.1.0.2.0 using SDDC Manager
[Conditional] If NSX Federation is present, upgrade the NSX Local Manager in both VMware Cloud Foundation instances before proceeding

Upgrade NSX for VMware Cloud Foundation

Upgrade NSX in the management domain before you upgrade VI workload domains.

Upgrading NSX involves the following components:

Upgrade Coordinator
NSX Edges/Clusters (if deployed)
Host clusters
NSX Manager cluster

Procedure

In the navigation pane, click Inventory > Workload Domains.
On the Workload Domains page, click the domain you are upgrading and then click the Updates/Patches tab.

When you upgrade NSX components for a selected VI workload domain, those components are upgraded for all VI workload domains that share the NSX Manager cluster.
Click Precheck to run the upgrade precheck.

Resolve any issues before proceeding with the upgrade.

Note:
The NSX precheck runs on all VI workload domains in your environment that share the NSX Manager cluster.
In the Available Updates section, select the target release.
Click Update Now or Schedule Update next to the VMware Software NSX bundle.
On the NSX Edge Cluster page, select the NSX Edge clusters you want to upgrade and click Next.

By default, all NSX Edge clusters are upgraded. To select specific NSX Edge clusters, select the Upgrade NSX edge clusters only check box and select the Enable edge selection option. Then select the NSX Edges you want to upgrade.
Click Next.
By default, all vSphere clusters across all workload domains are upgraded. If you want to select specific vSphere clusters to be upgraded, turn off the Upgrade all host clusters setting. Host clusters are upgraded after all Edge clusters have been upgraded.
Note:
The NSX Manager cluster is upgraded only if the Upgrade all host clusters setting is enabled.
- If you have a single cluster in your environment, enable the Upgrade all host clusters setting.
- If you have multiple host clusters and choose to upgrade only some of them, you must go through the NSX upgrade wizard again until all host clusters have been upgraded. When selecting the final set of clusters to be upgraded, you must enable the Upgrade all host clusters setting so that NSX Manager is upgraded.
- If you have upgraded all of the host clusters without enabling the Upgrade all host clusters setting, run through the NSX upgrade wizard again and schedule the upgrade to upgrade NSX Manager.
Click Next.
On the Upgrade Options dialog box, select the upgrade optimizations and click Next.

By default, Edge clusters and host clusters are upgraded in parallel. You can enable sequential upgrade by selecting the relevant check box.
If you selected the Schedule Upgrade option, specify the date and time for the NSX bundle to be applied.
Click Next.
On the Review page, review your settings and click Finish.

The NSX upgrade begins and the upgrade components are displayed. The upgrade view displayed here pertains to the workload domain where you applied the bundle. Click the link to the associated workload domains to see the components pertaining to those workload domains.
Monitor the upgrade progress. See Monitor VMware Cloud Foundation Updates.

If a component upgrade fails, the failure is displayed across all associated workload domains. Resolve the issue and retry the failed task.

Results

When all NSX workload components are upgraded successfully, a message with a green background and check mark is displayed.

Upgrade NSX Global Managers from 4.0.1.1

Prerequisites

Note:

VMware Cloud Foundation deployments that include NSX Federation require additional manual upgrade steps, see KB article 92516 for further details.

Download the interim and final version of NSX from VMware Customer Connect.

Additional Information for Upgrading NSX from 4.0.1.1

The following additional information is applicable to the following upgrade.

[Conditional] If source NSX version is 4.0.1.1
[Conditional] If NSX Federation is present
Upgrade NSX Global Managers to 4.1.0.2.0 using the Global Manager UI
Upgrade standby global manager, followed by active global manager

Download NSX Global Manager Upgrade Bundle

SDDC Manager does not manage the lifecycle of the NSX Global Managers. You must download the NSX upgrade bundle manually to upgrade the NSX Global Managers.

Procedure

In a web browser, go to VMware Customer Connect and browse to the download page for the version of NSX listed in the VMware Cloud Foundation Release Notes BOM.
Locate the NSX version Upgrade Bundle and click Read More.
Verify that the upgrade bundle filename extension ends with .mub.
The upgrade bundle filename has the following format VMware-NSX-upgrade-bundle-versionnumber.buildnumber.mub.
Click Download Now to download the upgrade bundle to the system where you access the NSX Global Manager UI.

Upgrade the Upgrade Coordinator for NSX Federation

The upgrade coordinator guides you through the upgrade sequence. You can track the upgrade process and, if necessary, you can pause and resume the upgrade process from the UI.

Procedure

In a web browser, log in to Global Manager for the domain at https://nsx_gm_vip_fqdn/).
Select System > Upgrade from the navigation panel.
Click Proceed to Upgrade.
Navigate to the upgrade bundle .mub file you downloaded or paste the download URL link.
- Click Browse to navigate to the location you downloaded the upgrade bundle file.
- Paste the VMware download portal URL where the upgrade bundle .mub file is located.
Click Upload.
When the file is uploaded, the Begin Upgrade button appears.
Click Begin Upgrade to upgrade the upgrade coordinator.

Note:
Upgrade one upgrade coordinator at a time.
Read and accept the EULA terms and accept the notification to upgrade the upgrade coordinator..
Click Run Pre-Checks to verify that all NSX components are ready for upgrade.
The pre-check checks for component connectivity, version compatibility, and component status.
Resolve any warning notifications to avoid problems during the upgrade.

Upgrade NSX Global Managers for VMware Cloud Foundation

Manually upgrade the NSX Global Managers when NSX Federation is configured between two VMware Cloud Foundation instances.

Prerequisites

Before you can upgrade NSX Global Managers, you must upgrade all VMware Cloud Foundation instances in the NSX Federation, including NSX Local Managers, using SDDC Manager.

Procedure

In a web browser, log in to Global Manager for the domain at https://nsx_gm_vip_fqdn/).
Select System > Upgrade from the navigation panel.
Click Start to upgrade the management plane and then click Accept.
On the Select Upgrade Plan page, select Plan Your Upgrade and click Next.
The NSX Manager UI, API, and CLI are not accessible until the upgrade finishes and the management plane is restarted.

Upgrade vCenter Server for VMware Cloud Foundation

The upgrade bundle for VMware vCenter Server is used to upgrade the vCenter Servers managed by SDDC Manager. Upgrade vCenter Server in the management domain before upgrading vCenter Server in VI workload domains.

Prerequisites

Download the VMware vCenter Server upgrade bundle. See Downloading VMware Cloud Foundation Upgrade Bundles.
Take a file-based backup of the vCenter Server appliance before starting the upgrade. See Manually Back Up vCenter Server.

Note:
After taking a backup, do not make any changes to the vCenter Server inventory or settings until the upgrade completes successfully.
If your workload domain contains Workload Management (vSphere with Tanzu) enabled clusters, the supported target release depends on the version of Kubernetes (K8s) currently running in the cluster. Older versions of K8s may require a specific upgrade sequence. See KB 88962 for more information.

Procedure

In the navigation pane, click Inventory > Workload Domains.
On the Workload Domains page, click the domain you are upgrading and then click the Updates tab.
Click Precheck to run the upgrade precheck.

Resolve any issues before proceeding with the upgrade.
In the Available Updates section, select the target release.
Click Update Now or Schedule Update next to the vCenter upgrade bundle.
If you selected Schedule Update, click the date and time for the bundle to be applied and click Schedule.
Enter the details for the temporary IP address to be used only during the upgrade.
Monitor the upgrade progress. See Monitor VMware Cloud Foundation Updates.

If the upgrade fails, resolve the issue and retry the failed task. If you cannot resolve the issue, restore vCenter Server using the file-based backup. See Restore vCenter Server.

What to do next

Once the upgrade successfully completes, use the vSphere Client to change the vSphere DRS Automation Level setting back to the original value (before you took a file-based backup) for each vSphere cluster that is managed by the vCenter Server. See KB 87631 for information about using VMware PowerCLI to change the vSphere DRS Automation Level.

Upgrade vSAN Witness Host for VMware Cloud Foundation

If your VMware Cloud Foundation environment contains stretched clusters, update and remediate the vSAN witness host.

Prerequisites

Download the ESXi ISO that matches the version listed in the the Bill of Materials (BOM) section of the VMware Cloud Foundation Release Notes.

Procedure

In a web browser, log in to vCenter Server at https://vcenter_server_fqdn/ui.
Upload the ESXi ISO image file to vSphere Lifecycle Manager.
1. Click Menu > Lifecycle Manager.
2. Click the Imported ISOs tab.
3. Click Import ISO and then click Browse.
4. Navigate to the ESXi ISO file you downloaded and click Open.
5. After the file is imported, click Close.
Create a baseline for the ESXi image.
1. On the Imported ISOs tab, select the ISO file that you imported, and click New baseline.
2. Enter a name for the baseline and specify the Content Type as Upgrade.
3. Click Next.
4. Select the ISO file you had imported and click Next.
5. Review the details and click Finish.
Attach the baseline to the vSAN witness host.
1. Click Menu > Hosts and Clusters.
2. In the Inventory panel, click vCenter > Datacenter.
3. Select the vSAN witness host and click the Updates tab.
4. Under Attached Baselines, click Attach > Attach Baseline or Baseline Group.
5. Select the baseline that you had created in step 3 and click Attach.
6. Click Check Compliance.
  After the compliance check is completed, the Status column for the baseline is displayed as Non-Compliant.
Remediate the vSAN witness host and update the ESXi hosts that it contains.
1. Right-click the vSAN witness and click Maintenance Mode > Enter Maintenance Mode.
2. Click OK.
3. Click the Updates tab.
4. Select the baseline that you had created in step 3 and click Remediate.
5. In the End user license agreement dialog box, select the check box and click OK.
6. In the Remediate dialog box, select the vSAN witness host, and click Remediate.
  The remediation process might take several minutes. After the remediation is completed, the Status column for the baseline is displayed as Compliant.
7. Right-click the vSAN witness host and click Maintenance Mode > Exit Maintenance Mode.
8. Click OK.

Upgrade ESXi with vSphere Lifecycle Manager Baselines for VMware Cloud Foundation

The management domain uses vSphere Lifecycle Manager baselines for ESXi host upgrades. VI workload domains can use vSphere Lifecycle Manager baselines or vSphere Lifecycle Manager images. The following procedure describes upgrading ESXi hosts in workload domains that use vSphere Lifecycle Manager baselines.

For information about upgrading ESXi in VI workload domains that use vSphere Lifecycle Manager images, see Upgrade ESXi with vSphere Lifecycle Manager Images for VMware Cloud Foundation.

By default, the upgrade process upgrades the ESXi hosts in all clusters in a workload domain in parallel. If you have multiple clusters in a workload domain, you can select the clusters to upgrade.

If you want to skip any hosts while applying an ESXi update a workload domain, you must add these hosts to the application-prod.properties file before you begin the update. See "Skip Hosts During ESXi Update".

To perform ESXi upgrades with custom ISO images or async drivers see "Upgrade ESXi with Custom ISOs" and "Upgrade ESXi with Stock ISO and Async Drivers".

If you are using external (non-vSAN) storage, the following procedure updates the ESXi hosts attached to the external storage. However, updating and patching the storage software and drivers is a manual task and falls outside of SDDC Manager lifecycle management. To ensure supportability after an ESXi upgrade, consult the vSphere HCL and your storage vendor.

Prerequisites

Validate that the ESXi passwords are valid.
Download the ESXi bundle. See Downloading VMware Cloud Foundation Upgrade Bundles.
Ensure that the domain for which you want to perform cluster-level upgrade does not have any hosts or clusters in an error state. Resolve the error state or remove the hosts and clusters with errors before proceeding.

Procedure

Navigate to the Updates/Patches tab of the workload domain.
Click Precheck to run the upgrade precheck.

Resolve any issues before proceeding with the upgrade.
In the Available Updates section, select the target release.
Click Upgrade Now or Schedule Update.
If you selected Schedule Update, specify the date and time for the bundle to be applied.
Select the clusters to upgrade and click Next.

The default setting is to upgrade all clusters. To upgrade specific clusters, click Enable cluster-level selection and select the clusters to upgrade.
Click Next.
Select the appropriate upgrade options and click Finish.

By default, the selected clusters are upgraded in parallel. If you selected more than ten clusters to be upgraded, the first ten are upgraded in parallel and the remaining clusters are upgraded sequentially. To upgrade all selected clusters sequentially, select Enable sequential cluster upgrade.

Click Enable Quick Boot if desired. Quick Boot for ESXi hosts is an option that allows vSphere Lifecycle Manager to reduce the upgrade time by skipping the physical reboot of the host.
Monitor the upgrade progress. See Monitor VMware Cloud Foundation Updates.

What to do next

Upgrade the vSAN Disk Format for vSAN clusters. The disk format upgrade is optional. Your vSAN cluster continues to run smoothly if you use a previous disk format version. For best results, upgrade the objects to use the latest on-disk format. The latest on-disk format provides the complete feature set of vSAN. See Upgrading vSAN Disk Format Using vSphere Client.

Skip Hosts During ESXi Update

You can skip hosts while applying an ESXi update to a workload domain. The skipped hosts are not updated.

Note:

You cannot skip hosts that are part of a VI workload domain that is using vSphere Lifecycle Manager images, since these hosts are updated at the cluster-level and not the host-level.

Procedure

Using SSH, log in to the SDDC Manager appliance with the user name vcf and password you specified in the deployment parameter sheet.
Type su to switch to the root account.
Retrieve the host IDs for the hosts you want to skip.
```
curl 'https://SDDC_MANAGER_IP/v1/hosts' -i -u 'username:password' -X GET -H 'Accept: application/json' |json_pp
```
Replace the SDDC Manager FQDN, user name, and password with the information for your environment.
Copy the ids for the hosts you want to skip from the output. For example:
```
...
         "fqdn" : "esxi-2.vrack.vsphere.local",
         "esxiVersion" : "6.7.0-16075168",
         "id" : "b318fe37-f9a8-48b6-8815-43aae5131b94",
...
```
In this case, the id for esxi-2.vrack.vsphere.local is b318fe37-f9a8-48b6-8815-43aae5131b94.
Open the /opt/vmware/vcf/lcm/lcm-app/conf/application-prod.properties file.
At the end of the file, add the following line:

esx.upgrade.skip.host.ids=hostid1,hostid2

Replace the host ids with the information from step 4. If you are including multiple host ids, do not add any spaces between them. For example: esx.upgrade.skip.host.ids=60927f26-8910-4dd3-8435-8bb7aef5f659,6c516864-b6de-4537-90e4-c0d711e5befb,65c206aa-2561-420e-8c5c-e51b9843f93d
Save and close the file.
Ensure that the ownership of the application-prod.properties file is vcf_lcm:vcf.
Restart the LCM server by typing the following command in the console window:

systemctl restart lcm

Results

The hosts added to the application-prod.properties are not updated when you update the workload domain.

Upgrade ESXi with Custom ISOs

For clusters in workload domains with vSphere Lifecycle Manager baselines, you can upgrade ESXi with a custom ISO from your vendor. VMware Cloud Foundation 4.4.1.1 and later support multiple custom ISOs in a single ESXi upgrade in cases where specific clusters or workload domains require different custom ISOs.

Prerequisites

Download the appropriate vendor-specific ISOs on a computer with internet access. If no vendor-specific ISO is available for the required version of ESXi, then you can create one. See Create a Custom ISO Image for ESXi.

Procedure

Download the VMware Software Update bundle for VMware ESXi. See Download Bundles Using SDDC Manager.
To use an async patch version of ESXi, enable the patch with the Async Patch Tool before proceeding to the next step. See the Async Patch Tool documentation.
Using SSH, log in to the SDDC Manager appliance.
Create a directory for the vendor ISO(s) under the /nfs/vmware/vcf/nfs-mount directory. For example, /nfs/vmware/vcf/nfs-mount/esx-upgrade-partner-binaries.
Copy the vendor-specific ISO(s) to the directory you created on the SDDC Manager appliance. For example, you can copy the ISO to the /nfs/vmware/vcf/nfs-mount/esx-upgrade-partner-binaries directory.
Change permissions on the directory where you copied the ISO(s). For example,
chmod -R 775 /nfs/vmware/vcf/nfs-mount/esx-upgrade-partner-binaries/
Change owner to vcf.
chown -R vcf_lcm:vcf /nfs/vmware/vcf/nfs-mount/esx-upgrade-partner-binaries/

Create an ESX custom image JSON using the following template.

{
"esxCustomImageSpecList": [{
"bundleId": "bundle ID of the ESXi bundle you downloaded",
"targetEsxVersion": "ESXi version for the target VMware Cloud Foundation version",
"useVcfBundle": false,
"domainId": "xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx",
"clusterId": "xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx",
"customIsoAbsolutePath": "Path_to_custom_ISO"
}]
}

where


Parameter	Description and Example Value
bundleId	ID of the ESXi upgrade bundle you downloaded. You can retrieve the bundle ID by navigating to the Lifecycle Management > Bundle Management page and clicking View Details to view the bundle ID. For example, `8c0de63d-b522-4db8-be6c-f1e0ab7ef554`. The bundle ID for an async patch looks slightly different. For example: `5dc57fe6-2c23-49fc-967c-0bea1bfea0f1-apTool`. Note: If an incorrect bundle ID is provided, the upgrade will proceed with the VMware Cloud Foundation stock ISO and replace the custom VIBs in your environment with the stock VIBs.
targetEsxVersion	Version of the ESXi bundle you downloaded. You can retrieve the target ESXi version by navigating to the Lifecycle Management > Bundle Management page and clicking View Details to view the "Update to Version".
useVcfBundle	Specifies whether the VMware Cloud Foundation ESXi bundle is to be used for the upgrade. Note: If you want to upgrade with a custom ISO image, ensure that this is set to false.
domainId (optional, VCF 4.4.1.1 and later only)	ID of the specific workload domain for the custom ISO. Use the VMware Cloud Foundation API (GET /v1/domains) to get the IDs for your workload domains.
clusterId (optional, VCF 4.4.1.1 and later only)	ID of the specific cluster within a workload domain to apply the custom ISO. If you do not specify a clusterId, the custom ISO will be applied to all clusters in the workload domain. Use the VMware Cloud Foundation API (GET /v1/clusters) to get the IDs for your clusters.
customIsoAbsolutePath	Path to the custom ISO file on the SDDC Manager appliance. For example, /nfs/vmware/vcf/nfs-mount/esx-upgrade-partner-binaries/VMware-VMvisor-Installer-7.0.0.update01-17325551.x86_64-DellEMC_Customized-A01.iso

Here is an example of a completed JSON template.

{
"esxCustomImageSpecList": [{
"bundleId": "8c0de63d-b522-4db8-be6c-f1e0ab7ef554",
"targetEsxVersion": "8.0.1-xxxxxxxxx",
"useVcfBundle": false,
"customIsoAbsolutePath":
"/nfs/vmware/vcf/nfs-mount/esx-upgrade-partner-binaries/VMware-VMvisor-Installer-8.0.0.update01-xxxxxxxx.x86_64-DellEMC_Customized-A01.iso"
}]
}

Here is an example of a completed JSON template with multiple ISOs using a single workload domain and specified clusters (VCF 4.4.1.1 and later only).

{
    "esxCustomImageSpecList": [
        {
            "bundleId": "aa7b16b1-d719-44b7-9ced-51bb02ca84f4",
            "targetEsxVersion": "8.0.2-xxxxxxxx",
            "useVcfBundle": false,
            "domainId": "1b7b16b1-d719-44b7-9ced-51bb02ca84b2",
            "clusterId": "c37b16b1-d719-44b7-9ced-51bb02ca84f4",
            "customIsoAbsolutePath": "/nfs/vmware/vcf/nfs-mount/esx-upgrade-partner-binaries/VMware-ESXi-7.0.2-17867351-DELL.zip"
        },
        {
            "bundleId": "aa7b16b1-d719-44b7-9ced-51bb02ca84f4",
            "targetEsxVersion": "7.0.1-18150133",
            "useVcfBundle": false,
            "domainId": "1b7b16b1-d719-44b7-9ced-51bb02ca84b2",
            "customIsoAbsolutePath": "/nfs/vmware/vcf/nfs-mount/esx-upgrade-partner-binaries/VMware-ESXi-7.0.2-17867351-HP.zip"
        }
    ]
}

Save the JSON file as esx-custom-image-upgrade-spec.json in the /nfs/vmware/vcf/nfs-mount.

Note: If the JSON file is not saved in the correct directory, the stock VMware Cloud Foundation ISO is used for the upgrade and the custom VIBs are overwritten.
Set the correct permissions on the /nfs/vmware/vcf/nfs-mount/esx-custom-image-upgrade-spec.json file:

chmod -R 775 /nfs/vmware/vcf/nfs-mount/esx-custom-image-upgrade-spec.json

chown -R vcf_lcm:vcf /nfs/vmware/vcf/nfs-mount/esx-custom-image-upgrade-spec.json
Open the /opt/vmware/vcf/lcm/lcm-app/conf/application-prod.properties file.
In the lcm.esx.upgrade.custom.image.spec= parameter, add the path to the JSON file.
For example, lcm.esx.upgrade.custom.image.spec=/nfs/vmware/vcf/nfs-mount/esx-custom-image-upgrade-spec.json
In the navigation pane, click Inventory > Workload Domains.
On the Workload Domains page, click the domain you are upgrading and then click the Updates/Patches tab.
Schedule the ESXi upgrade bundle.
Monitor the upgrade progress. See Monitor VMware Cloud Foundation Updates.
After the upgrade is complete, confirm the ESXi version by clicking Current Versions. The ESXi hosts table displays the current ESXi version.

Upgrade ESXi with VMware Cloud Foundation Stock ISO and Async Drivers

For clusters in workload domains with vLCM baselines, you can apply the stock ESXi upgrade bundle with specified async drivers.

Prerequisites

Download the appropriate async drivers for your hardware on a computer with internet access.

Procedure

Download the VMware Cloud Foundation ESXi upgrade bundle. See Download Bundles Using SDDC Manager.
Using SSH, log in to the SDDC Manager appliance.
Create a directory for the vendor provided async drivers under the /nfs/vmware/vcf/nfs-mount directory. For example, /nfs/vmware/vcf/nfs-mount/esx-upgrade-partner-drivers/drivers.
Copy the async drivers to the directory you created on the SDDC Manager appliance. For example, you can copy the drivers to the /nfs/vmware/vcf/nfs-mount/esx-upgrade-partner-drivers/drivers directory.
Change permissions on the directory where you copied the drivers. For example,
chmod -R 775 /nfs/vmware/vcf/nfs-mount/esx-upgrade-partner-drivers/drivers
Change owner to vcf.
chown -R vcf_lcm:vcf /nfs/vmware/vcf/nfs-mount/esx-upgrade-partner-drivers/drivers

Create an ESX custom image JSON using the following template.

{
"esxCustomImageSpecList": [{
"bundleId": "bundle ID of the ESXi bundle you downloaded",
"targetEsxVersion": "ESXi version for the target VMware Cloud Foundation version",
"useVcfBundle": true,
"esxPatchesAbsolutePaths": ["Path_to_Drivers"]
}]
}

where


Parameter	Description and Example Value
bundleId	ID of the ESXi upgrade bundle you downloaded. You can retrieve the bundle ID by navigating to the Lifecycle Management > Bundle Management page and clicking View Details to view the bundle ID. For example, 8c0de63d-b522-4db8-be6c-f1e0ab7ef554.
targetEsxVersion	Version of the ESXi upgrade bundle you downloaded. You can retrieve the ESXi target version by navigating to the Lifecycle Management > Bundle Management page and clicking View Details to view the "Update to Version".
useVcfBundle	Specifies whether the ESXi bundle is to be used for the upgrade. Set this to true.
esxPatchesAbsolutePaths	Path to the async drivers on the SDDC Manager appliance. For example, /nfs/vmware/vcf/nfs-mount/esx-upgrade-partner-drivers/drivers/VMW-ESX-6.7.0-smartpqi-1.0.2.1038-offline_bundle-8984687.zip

Here is an example of a completed JSON template.

{
"esxCustomImageSpecList": [{
"bundleId": "411bea6a-b26c-4a15-9443-03f453c68752-apTool",
"targetEsxVersion": "7.0.3-21053776",
"useVcfBundle": true,
"esxPatchesAbsolutePaths": ["/nfs/vmware/vcf/nfs-mount/esx-upgrade-partner-drivers/drivers/HPE-703.0.0.10.9.5.14-Aug2022-Synergy-Addon-depot.zip"]
}]
}

Save the JSON file as esx-custom-image-upgrade-spec.json in the /nfs/vmware/vcf/nfs-mount.

Note: If the JSON file is not saved in the correct directory, the stock VMware Cloud Foundation ISO is used for the upgrade and the custom VIBs are overwritten.
Set the correct permissions on the /nfs/vmware/vcf/nfs-mount/esx-custom-image-upgrade-spec.json file:

chmod -R 775 /nfs/vmware/vcf/nfs-mount/esx-custom-image-upgrade-spec.json

chown -R vcf_lcm:vcf /nfs/vmware/vcf/nfs-mount/esx-custom-image-upgrade-spec.json
Open the /opt/vmware/vcf/lcm/lcm-app/conf/application-prod.properties file.
In the lcm.esx.upgrade.custom.image.spec= parameter, add the path to the JSON file.
For example, lcm.esx.upgrade.custom.image.spec=/nfs/vmware/vcf/nfs-mount/esx-custom-image-upgrade-spec.json
In the navigation pane, click Inventory > Workload Domains.
On the Workload Domain page, click the management domain.
On the Domain Summary page, click the Updates/Patches tab.
In the Available Updates section, click Update Now or Schedule Update next to the VMware Software Update bundle for VMware ESXi.
Monitor the upgrade progress. See Monitor VMware Cloud Foundation Updates.
After the upgrade is complete, confirm the ESXi version by clicking Current Versions. The ESXi hosts table displays the current ESXi version.

Update Licenses for a Workload Domain

After you upgrade a workload domain component, update the license using SDDC Manager.

You first add the new license to SDDC Manager. This must be done once per license instance. You then apply the license to the component on a per workload domain basis.

Prerequisites

A new license for the component to be updated.

Procedure

Add a new license to the SDDC Manager inventory.
1. In the navigation pane, click Administration > Licensing.
2. On the Licensing page, click + License Key.
3. Select a product from the drop-down menu.
4. Enter the license key.
5. Enter a description for the license.
6. Click Add.
7. Repeat for each license to be added.
Update a license for a workload domain component.
1. In the navigation pane, click Inventory > Workload Domains.
2. On the Workload Domains page, click the domain you are upgrading.
3. On the Summary tab, expand the red error banner, and click Update Licenses.
4. On the Update Licenses page, click Next.
5. Select the products to update and click Next.
6. For each product, select a new license from the list, and select the entity to which the license should be applied and click Next.
7. On the Review pane, review each license and click Submit.
  
  The new licenses will be applied to the workload domain. Monitor the task in the Tasks pane in SDDC Manager.

Upgrade VI Workload Domains to VMware Cloud Foundation 5.0

The management domain in your environment must be upgraded before you upgrade VI workload domains. In order to upgrade to VMware Cloud Foundation 5.0, all VI workload domains in your environment must be at VMware Cloud Foundation 4.3.x or higher. If your environment is at a version lower than 4.3, you must upgrade the workload domains to 4.3.x and then upgrade to 5.0.

Within a VI workload domain, components must be upgraded in the following order.

NSX.
vCenter Server.
ESXi.
Workload Management on clusters that have vSphere with Tanzu. Workload Management can be upgraded through vCenter Server. See Updating the vSphere with Tanzu Environment.
If you suppressed the Enter Maintenance Mode prechecks for ESXi or NSX, delete the following lines from the /opt/vmware/vcf/lcm/lcm-app/conf/application-prod.properties file and restart the LCM service:
lcm.nsxt.suppress.dry.run.emm.check=true
lcm.esx.suppress.dry.run.emm.check.failures=true
If you have stretched clusters in your environment, upgrade the vSAN witness host. See Upgrade vSAN Witness Host for VMware Cloud Foundation.
For NFS-based workload domains, add a static route for hosts to access NFS storage over the NFS gateway. See Post Upgrade Steps for NFS-Based VI Workload Domains.

After all upgrades have completed successfully:

Remove the VM snapshots you took before starting the update.
Take a backup of the newly installed components.

Plan VI Workload Domain Upgrade

Before proceeding with a VI workload domain upgrade you must first plan the upgrade to your target version.

Prerequisites

Management Domain has been upgraded.

Procedure

In the navigation pane, click Inventory > Workload Domains.
On the Workload Domains page, click the workload domain you want to upgrade and click the Updates tab.
Under Available Updates, click PLAN UPGRADE.
On the Plan Upgrade for VMware Cloud Foundation screen, select the target version from the drop-down, and click CONFIRM.

Caution:
You must upgrade all VI workload domains to VMware Cloud Foundation 5.x. Upgrading to a higher 4.x release once the management domain has been upgraded to 5.x is unsupported.

Results

Bundles applicable to the chosen release will be made available to the VI workload domain.

Target version set and SDDC Manager is refreshing bundles

Perform Update Precheck in SDDC Manager 5.0

You must perform a precheck in SDDC Manager 5.0 before applying an update bundle to ensure that your environment is ready for the update.

Bundle-level pre-checks for vCenter are available in VMware Cloud Foundation 5.0.

Note:

Because ESXi bundle-level pre-checks only work in minor-version upgrades (for example: from ESXi 7.x to 7.y, or from ESXi 8.x to 8.y), these prechecks do not run in VMware Cloud Foundation 5.0.

You can also silence failed vSAN prechecks in the SDDC Manager UI by clicking Silence Precheck. Silenced prechecks do not trigger warnings or block upgrades.

Important:

Only silence alerts if you know that they are incorrect. Do not silence alerts for real issues that require remediation.

Procedure

In the navigation pane, click Inventory > Workload Domains.
On the Workload Domains page, click the workload domain where you want to run the precheck.
On the domain summary page, click the Updates tab.
(The following image is a sample screenshot and may not reflect current product versions.)

Note:
It is recommended that you Precheck your workload domain prior to performing an upgrade.
Click RUN PRECHECK to select the components in the workload domain you want to precheck.
1. You can select to run a Precheck only on vCenter or the vSphere cluster. All components in the workload domain are selected by default. To perform a precheck on certain components, choose Custom selection.
2. If there are pending upgrade bundles available, then the "Target Version" dropdown contains "General Upgrade Readiness" and the available VMware Cloud Foundation versions to upgrade to. If there is an available VMware Cloud Foundation upgrade version, there will be extra checks - bundle-level prechecks for hosts, vCenter Server, and so forth. The version specific prechecks will only run prechecks on components that have available upgrade bundles downloaded.
When the precheck begins, a progress message appears indicating the precheck progress and the time when the precheck began.

Note: Parallel precheck workflows are supported. If you want to precheck multiple domains, you can repeat steps 1-5 for each of them without waiting for step 5 to finish.
Once the Precheck is complete, the report appears. Click through ALL, ERRORS, WARNINGS, and SILENCED to filter and browse through the results.
To see details for a task, click the expander arrow.

If a precheck task failed, fix the issue, and click Retry Precheck to run the task again. You can also click RETRY ALL FAILED RESOURCES to retry all failed tasks.
If ESXi hosts display a driver incompatibility issue when updating a VI workload domain using vSphere Lifecycle Manager baselines, perform the following steps:
1. Identify the controller with the HCL issue.
2. For the given controller, identify the supported driver and firmware versions on the source and target ESXi versions.
3. Upgrade the firmware, if required.
4. Upgrade the driver manually on the ESXi host and retry the task at which the upgrade failed.
If the workload domain contains a host that includes pinned VMs, the precheck fails at the Enter Maintenance Mode step. If the host can enter maintenance mode through vCenter Server UI, you can suppress this check for NSX and ESXi in VMware Cloud Foundation by following the steps below.
1. Log in to SDDC Manager by using a Secure Shell (SSH) client with the user name vcf and password.
2. Open the /opt/vmware/vcf/lcm/lcm-app/conf/application-prod.properties file.
3. Add the following line to the end of the file:
  lcm.nsxt.suppress.dry.run.emm.check=true
  lcm.esx.suppress.dry.run.emm.check.failures=true
4. Restart Lifecycle Management by typing the following command in the console window.
  systemctl restart lcm
5. After Lifecycle Management is restarted, run the precheck again.

Results

The precheck result is displayed at the top of the Upgrade Precheck Details window. If you click Exit Details, the precheck result is displayed at the top of the Precheck section in the Updates tab.

Ensure that the precheck results are green before proceeding. Although a failed precheck will not prevent the upgrade from proceeding, it may cause the update to fail.

Upgrade NSX from 3.1.3

Additional Information for Upgrading NSX from 3.1.3

The following additional information is applicable to the following upgrade.

[Conditional] If source NSX version is 3.1.3
Upgrade NSX to 3.2.1.2.0 using SDDC Manager
[Conditional] If NSX Federation is present, upgrade the NSX Local Manager in both VMware Cloud Foundation instances before proceeding with global Manager instances

Upgrade NSX for VMware Cloud Foundation

Upgrade NSX in the management domain before you upgrade VI workload domains.

Upgrading NSX involves the following components:

Upgrade Coordinator
NSX Edges/Clusters (if deployed)
Host clusters
NSX Manager cluster

Procedure

In the navigation pane, click Inventory > Workload Domains.
On the Workload Domains page, click the domain you are upgrading and then click the Updates/Patches tab.

When you upgrade NSX components for a selected VI workload domain, those components are upgraded for all VI workload domains that share the NSX Manager cluster.
Click Precheck to run the upgrade precheck.

Resolve any issues before proceeding with the upgrade.

Note:
The NSX precheck runs on all VI workload domains in your environment that share the NSX Manager cluster.
In the Available Updates section, select the target release.
Click Update Now or Schedule Update next to the VMware Software NSX bundle.
On the NSX Edge Cluster page, select the NSX Edge clusters you want to upgrade and click Next.

By default, all NSX Edge clusters are upgraded. To select specific NSX Edge clusters, select the Upgrade NSX edge clusters only check box and select the Enable edge selection option. Then select the NSX Edges you want to upgrade.
Click Next.
By default, all vSphere clusters across all workload domains are upgraded. If you want to select specific vSphere clusters to be upgraded, turn off the Upgrade all host clusters setting. Host clusters are upgraded after all Edge clusters have been upgraded.
Note:
The NSX Manager cluster is upgraded only if the Upgrade all host clusters setting is enabled.
- If you have a single cluster in your environment, enable the Upgrade all host clusters setting.
- If you have multiple host clusters and choose to upgrade only some of them, you must go through the NSX upgrade wizard again until all host clusters have been upgraded. When selecting the final set of clusters to be upgraded, you must enable the Upgrade all host clusters setting so that NSX Manager is upgraded.
- If you have upgraded all of the host clusters without enabling the Upgrade all host clusters setting, run through the NSX upgrade wizard again and schedule the upgrade to upgrade NSX Manager.
Click Next.
On the Upgrade Options dialog box, select the upgrade optimizations and click Next.

By default, Edge clusters and host clusters are upgraded in parallel. You can enable sequential upgrade by selecting the relevant check box.
If you selected the Schedule Upgrade option, specify the date and time for the NSX bundle to be applied.
Click Next.
On the Review page, review your settings and click Finish.

The NSX upgrade begins and the upgrade components are displayed. The upgrade view displayed here pertains to the workload domain where you applied the bundle. Click the link to the associated workload domains to see the components pertaining to those workload domains.
Monitor the upgrade progress. See Monitor VMware Cloud Foundation Updates.

If a component upgrade fails, the failure is displayed across all associated workload domains. Resolve the issue and retry the failed task.

Results

When all NSX workload components are upgraded successfully, a message with a green background and check mark is displayed.

Upgrade NSX Global Managers from 3.1.3

Prerequisites

Note:

VMware Cloud Foundation deployments that include NSX Federation require additional manual upgrade steps, see KB article 92516 for further details.

Download the interim and final version of NSX from VMware Customer Connect.

Additional Information for Upgrading NSX Global Managers from 3.1.3

The following additional information is applicable to the following upgrade.

[Conditional] If source NSX version is 3.1.3
[Conditional] If NSX Federation is present
Upgrade NSX Global Managers to 3.2.1.2.0 using the Global Manager UI
Upgrade standby global manager, followed by active global manager

Download NSX Global Manager Upgrade Bundle

SDDC Manager does not manage the lifecycle of the NSX Global Managers. You must download the NSX upgrade bundle manually to upgrade the NSX Global Managers.

Procedure

In a web browser, go to VMware Customer Connect and browse to the download page for the version of NSX listed in the VMware Cloud Foundation Release Notes BOM.
Locate the NSX version Upgrade Bundle and click Read More.
Verify that the upgrade bundle filename extension ends with .mub.
The upgrade bundle filename has the following format VMware-NSX-upgrade-bundle-versionnumber.buildnumber.mub.
Click Download Now to download the upgrade bundle to the system where you access the NSX Global Manager UI.

Upgrade the Upgrade Coordinator for NSX Federation

The upgrade coordinator guides you through the upgrade sequence. You can track the upgrade process and, if necessary, you can pause and resume the upgrade process from the UI.

Procedure

In a web browser, log in to Global Manager for the domain at https://nsx_gm_vip_fqdn/).
Select System > Upgrade from the navigation panel.
Click Proceed to Upgrade.
Navigate to the upgrade bundle .mub file you downloaded or paste the download URL link.
- Click Browse to navigate to the location you downloaded the upgrade bundle file.
- Paste the VMware download portal URL where the upgrade bundle .mub file is located.
Click Upload.
When the file is uploaded, the Begin Upgrade button appears.
Click Begin Upgrade to upgrade the upgrade coordinator.

Note:
Upgrade one upgrade coordinator at a time.
Read and accept the EULA terms and accept the notification to upgrade the upgrade coordinator..
Click Run Pre-Checks to verify that all NSX components are ready for upgrade.
The pre-check checks for component connectivity, version compatibility, and component status.
Resolve any warning notifications to avoid problems during the upgrade.

Upgrade NSX Global Managers for VMware Cloud Foundation

Manually upgrade the NSX Global Managers when NSX Federation is configured between two VMware Cloud Foundation instances.

Prerequisites

Before you can upgrade NSX Global Managers, you must upgrade all VMware Cloud Foundation instances in the NSX Federation, including NSX Local Managers, using SDDC Manager.

Procedure

In a web browser, log in to Global Manager for the domain at https://nsx_gm_vip_fqdn/).
Select System > Upgrade from the navigation panel.
Click Start to upgrade the management plane and then click Accept.
On the Select Upgrade Plan page, select Plan Your Upgrade and click Next.
The NSX Manager UI, API, and CLI are not accessible until the upgrade finishes and the management plane is restarted.

Upgrade NSX Global Managers from 3.2.1.2.0

Prerequisites

Note:

VMware Cloud Foundation deployments that include NSX Federation require additional manual upgrade steps, see KB article 92516 for further details.

Download the interim and final version of NSX from VMware Customer Connect.

Additional Information for Upgrading NSX Global Managers from 3.2.1.2.0

The following additional information is applicable to the following upgrade.

[Conditional] If source NSX version is 3.2.1.2.0
[Conditional] If NSX Federation is present
Upgrade NSX Global Managers to 4.0.1.1 using the Global Manager UI
Upgrade standby global manager, followed by active global manager

Note:

Upgrading global managers to this interim build is required to maintain N±1 between local and global managers

Download NSX Global Manager Upgrade Bundle

SDDC Manager does not manage the lifecycle of the NSX Global Managers. You must download the NSX upgrade bundle manually to upgrade the NSX Global Managers.

Procedure

In a web browser, go to VMware Customer Connect and browse to the download page for the version of NSX listed in the VMware Cloud Foundation Release Notes BOM.
Locate the NSX version Upgrade Bundle and click Read More.
Verify that the upgrade bundle filename extension ends with .mub.
The upgrade bundle filename has the following format VMware-NSX-upgrade-bundle-versionnumber.buildnumber.mub.
Click Download Now to download the upgrade bundle to the system where you access the NSX Global Manager UI.

Upgrade the Upgrade Coordinator for NSX Federation

The upgrade coordinator guides you through the upgrade sequence. You can track the upgrade process and, if necessary, you can pause and resume the upgrade process from the UI.

Procedure

In a web browser, log in to Global Manager for the domain at https://nsx_gm_vip_fqdn/).
Select System > Upgrade from the navigation panel.
Click Proceed to Upgrade.
Navigate to the upgrade bundle .mub file you downloaded or paste the download URL link.
- Click Browse to navigate to the location you downloaded the upgrade bundle file.
- Paste the VMware download portal URL where the upgrade bundle .mub file is located.
Click Upload.
When the file is uploaded, the Begin Upgrade button appears.
Click Begin Upgrade to upgrade the upgrade coordinator.

Note:
Upgrade one upgrade coordinator at a time.
Read and accept the EULA terms and accept the notification to upgrade the upgrade coordinator..
Click Run Pre-Checks to verify that all NSX components are ready for upgrade.
The pre-check checks for component connectivity, version compatibility, and component status.
Resolve any warning notifications to avoid problems during the upgrade.

Upgrade NSX Global Managers for VMware Cloud Foundation

Manually upgrade the NSX Global Managers when NSX Federation is configured between two VMware Cloud Foundation instances.

Prerequisites

Before you can upgrade NSX Global Managers, you must upgrade all VMware Cloud Foundation instances in the NSX Federation, including NSX Local Managers, using SDDC Manager.

Procedure

In a web browser, log in to Global Manager for the domain at https://nsx_gm_vip_fqdn/).
Select System > Upgrade from the navigation panel.
Click Start to upgrade the management plane and then click Accept.
On the Select Upgrade Plan page, select Plan Your Upgrade and click Next.
The NSX Manager UI, API, and CLI are not accessible until the upgrade finishes and the management plane is restarted.

Upgrade NSX from 3.2.1.2.0

Additional Information for Upgrading NSX from 3.2.1.2.0

The following additional information is applicable to the following upgrade.

[Conditional] If source NSX version is 3.2.1.2.0
Upgrade NSX to 4.1.0.2.0 using SDDC Manager
[Conditional] If NSX Federation is present, upgrade the NSX Local Manager in both VMware Cloud Foundation instances before proceeding

Upgrade NSX for VMware Cloud Foundation

Upgrade NSX in the management domain before you upgrade VI workload domains.

Upgrading NSX involves the following components:

Upgrade Coordinator
NSX Edges/Clusters (if deployed)
Host clusters
NSX Manager cluster

Procedure

In the navigation pane, click Inventory > Workload Domains.
On the Workload Domains page, click the domain you are upgrading and then click the Updates/Patches tab.

When you upgrade NSX components for a selected VI workload domain, those components are upgraded for all VI workload domains that share the NSX Manager cluster.
Click Precheck to run the upgrade precheck.

Resolve any issues before proceeding with the upgrade.

Note:
The NSX precheck runs on all VI workload domains in your environment that share the NSX Manager cluster.
In the Available Updates section, select the target release.
Click Update Now or Schedule Update next to the VMware Software NSX bundle.
On the NSX Edge Cluster page, select the NSX Edge clusters you want to upgrade and click Next.

By default, all NSX Edge clusters are upgraded. To select specific NSX Edge clusters, select the Upgrade NSX edge clusters only check box and select the Enable edge selection option. Then select the NSX Edges you want to upgrade.
Click Next.
By default, all vSphere clusters across all workload domains are upgraded. If you want to select specific vSphere clusters to be upgraded, turn off the Upgrade all host clusters setting. Host clusters are upgraded after all Edge clusters have been upgraded.
Note:
The NSX Manager cluster is upgraded only if the Upgrade all host clusters setting is enabled.
- If you have a single cluster in your environment, enable the Upgrade all host clusters setting.
- If you have multiple host clusters and choose to upgrade only some of them, you must go through the NSX upgrade wizard again until all host clusters have been upgraded. When selecting the final set of clusters to be upgraded, you must enable the Upgrade all host clusters setting so that NSX Manager is upgraded.
- If you have upgraded all of the host clusters without enabling the Upgrade all host clusters setting, run through the NSX upgrade wizard again and schedule the upgrade to upgrade NSX Manager.
Click Next.
On the Upgrade Options dialog box, select the upgrade optimizations and click Next.

By default, Edge clusters and host clusters are upgraded in parallel. You can enable sequential upgrade by selecting the relevant check box.
If you selected the Schedule Upgrade option, specify the date and time for the NSX bundle to be applied.
Click Next.
On the Review page, review your settings and click Finish.

The NSX upgrade begins and the upgrade components are displayed. The upgrade view displayed here pertains to the workload domain where you applied the bundle. Click the link to the associated workload domains to see the components pertaining to those workload domains.
Monitor the upgrade progress. See Monitor VMware Cloud Foundation Updates.

If a component upgrade fails, the failure is displayed across all associated workload domains. Resolve the issue and retry the failed task.

Results

When all NSX workload components are upgraded successfully, a message with a green background and check mark is displayed.

Upgrade NSX Global Managers from 4.0.1.1

Prerequisites

Note:

VMware Cloud Foundation deployments that include NSX Federation require additional manual upgrade steps, see KB article 92516 for further details.

Download the interim and final version of NSX from VMware Customer Connect.

Additional Information for Upgrading NSX from 4.0.1.1

The following additional information is applicable to the following upgrade.

[Conditional] If source NSX version is 4.0.1.1
[Conditional] If NSX Federation is present
Upgrade NSX Global Managers to 4.1.0.2.0 using the Global Manager UI
Upgrade standby global manager, followed by active global manager

Download NSX Global Manager Upgrade Bundle

SDDC Manager does not manage the lifecycle of the NSX Global Managers. You must download the NSX upgrade bundle manually to upgrade the NSX Global Managers.

Procedure

In a web browser, go to VMware Customer Connect and browse to the download page for the version of NSX listed in the VMware Cloud Foundation Release Notes BOM.
Locate the NSX version Upgrade Bundle and click Read More.
Verify that the upgrade bundle filename extension ends with .mub.
The upgrade bundle filename has the following format VMware-NSX-upgrade-bundle-versionnumber.buildnumber.mub.
Click Download Now to download the upgrade bundle to the system where you access the NSX Global Manager UI.

Upgrade the Upgrade Coordinator for NSX Federation

The upgrade coordinator guides you through the upgrade sequence. You can track the upgrade process and, if necessary, you can pause and resume the upgrade process from the UI.

Procedure

In a web browser, log in to Global Manager for the domain at https://nsx_gm_vip_fqdn/).
Select System > Upgrade from the navigation panel.
Click Proceed to Upgrade.
Navigate to the upgrade bundle .mub file you downloaded or paste the download URL link.
- Click Browse to navigate to the location you downloaded the upgrade bundle file.
- Paste the VMware download portal URL where the upgrade bundle .mub file is located.
Click Upload.
When the file is uploaded, the Begin Upgrade button appears.
Click Begin Upgrade to upgrade the upgrade coordinator.

Note:
Upgrade one upgrade coordinator at a time.
Read and accept the EULA terms and accept the notification to upgrade the upgrade coordinator..
Click Run Pre-Checks to verify that all NSX components are ready for upgrade.
The pre-check checks for component connectivity, version compatibility, and component status.
Resolve any warning notifications to avoid problems during the upgrade.

Upgrade NSX Global Managers for VMware Cloud Foundation

Manually upgrade the NSX Global Managers when NSX Federation is configured between two VMware Cloud Foundation instances.

Prerequisites

Before you can upgrade NSX Global Managers, you must upgrade all VMware Cloud Foundation instances in the NSX Federation, including NSX Local Managers, using SDDC Manager.

Procedure

In a web browser, log in to Global Manager for the domain at https://nsx_gm_vip_fqdn/).
Select System > Upgrade from the navigation panel.
Click Start to upgrade the management plane and then click Accept.
On the Select Upgrade Plan page, select Plan Your Upgrade and click Next.
The NSX Manager UI, API, and CLI are not accessible until the upgrade finishes and the management plane is restarted.

Upgrade vCenter Server for VMware Cloud Foundation

Prerequisites

Download the VMware vCenter Server upgrade bundle. See Downloading VMware Cloud Foundation Upgrade Bundles.
Take a file-based backup of the vCenter Server appliance before starting the upgrade. See Manually Back Up vCenter Server.

Note:
After taking a backup, do not make any changes to the vCenter Server inventory or settings until the upgrade completes successfully.
If your workload domain contains Workload Management (vSphere with Tanzu) enabled clusters, the supported target release depends on the version of Kubernetes (K8s) currently running in the cluster. Older versions of K8s may require a specific upgrade sequence. See KB 88962 for more information.

Procedure

In the navigation pane, click Inventory > Workload Domains.
On the Workload Domains page, click the domain you are upgrading and then click the Updates tab.
Click Precheck to run the upgrade precheck.

Resolve any issues before proceeding with the upgrade.
In the Available Updates section, select the target release.
Click Update Now or Schedule Update next to the vCenter upgrade bundle.
If you selected Schedule Update, click the date and time for the bundle to be applied and click Schedule.
Enter the details for the temporary IP address to be used only during the upgrade.
Monitor the upgrade progress. See Monitor VMware Cloud Foundation Updates.

If the upgrade fails, resolve the issue and retry the failed task. If you cannot resolve the issue, restore vCenter Server using the file-based backup. See Restore vCenter Server.

What to do next

Upgrade vSAN Witness Host for VMware Cloud Foundation

If your VMware Cloud Foundation environment contains stretched clusters, update and remediate the vSAN witness host.

Prerequisites

Download the ESXi ISO that matches the version listed in the the Bill of Materials (BOM) section of the VMware Cloud Foundation Release Notes.

Procedure

In a web browser, log in to vCenter Server at https://vcenter_server_fqdn/ui.
Upload the ESXi ISO image file to vSphere Lifecycle Manager.
1. Click Menu > Lifecycle Manager.
2. Click the Imported ISOs tab.
3. Click Import ISO and then click Browse.
4. Navigate to the ESXi ISO file you downloaded and click Open.
5. After the file is imported, click Close.
Create a baseline for the ESXi image.
1. On the Imported ISOs tab, select the ISO file that you imported, and click New baseline.
2. Enter a name for the baseline and specify the Content Type as Upgrade.
3. Click Next.
4. Select the ISO file you had imported and click Next.
5. Review the details and click Finish.
Attach the baseline to the vSAN witness host.
1. Click Menu > Hosts and Clusters.
2. In the Inventory panel, click vCenter > Datacenter.
3. Select the vSAN witness host and click the Updates tab.
4. Under Attached Baselines, click Attach > Attach Baseline or Baseline Group.
5. Select the baseline that you had created in step 3 and click Attach.
6. Click Check Compliance.
  After the compliance check is completed, the Status column for the baseline is displayed as Non-Compliant.
Remediate the vSAN witness host and update the ESXi hosts that it contains.
1. Right-click the vSAN witness and click Maintenance Mode > Enter Maintenance Mode.
2. Click OK.
3. Click the Updates tab.
4. Select the baseline that you had created in step 3 and click Remediate.
5. In the End user license agreement dialog box, select the check box and click OK.
6. In the Remediate dialog box, select the vSAN witness host, and click Remediate.
  The remediation process might take several minutes. After the remediation is completed, the Status column for the baseline is displayed as Compliant.
7. Right-click the vSAN witness host and click Maintenance Mode > Exit Maintenance Mode.
8. Click OK.

Upgrade ESXi with vSphere Lifecycle Manager Baselines for VMware Cloud Foundation

For information about upgrading ESXi in VI workload domains that use vSphere Lifecycle Manager images, see Upgrade ESXi with vSphere Lifecycle Manager Images for VMware Cloud Foundation.

By default, the upgrade process upgrades the ESXi hosts in all clusters in a workload domain in parallel. If you have multiple clusters in a workload domain, you can select the clusters to upgrade.

To perform ESXi upgrades with custom ISO images or async drivers see "Upgrade ESXi with Custom ISOs" and "Upgrade ESXi with Stock ISO and Async Drivers".

Prerequisites

Validate that the ESXi passwords are valid.
Download the ESXi bundle. See Downloading VMware Cloud Foundation Upgrade Bundles.
Ensure that the domain for which you want to perform cluster-level upgrade does not have any hosts or clusters in an error state. Resolve the error state or remove the hosts and clusters with errors before proceeding.

Procedure

Navigate to the Updates/Patches tab of the workload domain.
Click Precheck to run the upgrade precheck.

Resolve any issues before proceeding with the upgrade.
In the Available Updates section, select the target release.
Click Upgrade Now or Schedule Update.
If you selected Schedule Update, specify the date and time for the bundle to be applied.
Select the clusters to upgrade and click Next.

The default setting is to upgrade all clusters. To upgrade specific clusters, click Enable cluster-level selection and select the clusters to upgrade.
Click Next.
Select the appropriate upgrade options and click Finish.

By default, the selected clusters are upgraded in parallel. If you selected more than ten clusters to be upgraded, the first ten are upgraded in parallel and the remaining clusters are upgraded sequentially. To upgrade all selected clusters sequentially, select Enable sequential cluster upgrade.

Click Enable Quick Boot if desired. Quick Boot for ESXi hosts is an option that allows vSphere Lifecycle Manager to reduce the upgrade time by skipping the physical reboot of the host.
Monitor the upgrade progress. See Monitor VMware Cloud Foundation Updates.

What to do next

Skip Hosts During ESXi Update

You can skip hosts while applying an ESXi update to a workload domain. The skipped hosts are not updated.

Note:

You cannot skip hosts that are part of a VI workload domain that is using vSphere Lifecycle Manager images, since these hosts are updated at the cluster-level and not the host-level.

Procedure

Using SSH, log in to the SDDC Manager appliance with the user name vcf and password you specified in the deployment parameter sheet.
Type su to switch to the root account.
Retrieve the host IDs for the hosts you want to skip.
```
curl 'https://SDDC_MANAGER_IP/v1/hosts' -i -u 'username:password' -X GET -H 'Accept: application/json' |json_pp
```
Replace the SDDC Manager FQDN, user name, and password with the information for your environment.
Copy the ids for the hosts you want to skip from the output. For example:
```
...
         "fqdn" : "esxi-2.vrack.vsphere.local",
         "esxiVersion" : "6.7.0-16075168",
         "id" : "b318fe37-f9a8-48b6-8815-43aae5131b94",
...
```
In this case, the id for esxi-2.vrack.vsphere.local is b318fe37-f9a8-48b6-8815-43aae5131b94.
Open the /opt/vmware/vcf/lcm/lcm-app/conf/application-prod.properties file.
At the end of the file, add the following line:

esx.upgrade.skip.host.ids=hostid1,hostid2

Replace the host ids with the information from step 4. If you are including multiple host ids, do not add any spaces between them. For example: esx.upgrade.skip.host.ids=60927f26-8910-4dd3-8435-8bb7aef5f659,6c516864-b6de-4537-90e4-c0d711e5befb,65c206aa-2561-420e-8c5c-e51b9843f93d
Save and close the file.
Ensure that the ownership of the application-prod.properties file is vcf_lcm:vcf.
Restart the LCM server by typing the following command in the console window:

systemctl restart lcm

Results

The hosts added to the application-prod.properties are not updated when you update the workload domain.

Upgrade ESXi with Custom ISOs

Prerequisites

Procedure

Download the VMware Software Update bundle for VMware ESXi. See Download Bundles Using SDDC Manager.
To use an async patch version of ESXi, enable the patch with the Async Patch Tool before proceeding to the next step. See the Async Patch Tool documentation.
Using SSH, log in to the SDDC Manager appliance.
Create a directory for the vendor ISO(s) under the /nfs/vmware/vcf/nfs-mount directory. For example, /nfs/vmware/vcf/nfs-mount/esx-upgrade-partner-binaries.
Copy the vendor-specific ISO(s) to the directory you created on the SDDC Manager appliance. For example, you can copy the ISO to the /nfs/vmware/vcf/nfs-mount/esx-upgrade-partner-binaries directory.
Change permissions on the directory where you copied the ISO(s). For example,
chmod -R 775 /nfs/vmware/vcf/nfs-mount/esx-upgrade-partner-binaries/
Change owner to vcf.
chown -R vcf_lcm:vcf /nfs/vmware/vcf/nfs-mount/esx-upgrade-partner-binaries/

Create an ESX custom image JSON using the following template.

{
"esxCustomImageSpecList": [{
"bundleId": "bundle ID of the ESXi bundle you downloaded",
"targetEsxVersion": "ESXi version for the target VMware Cloud Foundation version",
"useVcfBundle": false,
"domainId": "xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx",
"clusterId": "xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx",
"customIsoAbsolutePath": "Path_to_custom_ISO"
}]
}

where


Parameter	Description and Example Value
bundleId	ID of the ESXi upgrade bundle you downloaded. You can retrieve the bundle ID by navigating to the Lifecycle Management > Bundle Management page and clicking View Details to view the bundle ID. For example, `8c0de63d-b522-4db8-be6c-f1e0ab7ef554`. The bundle ID for an async patch looks slightly different. For example: `5dc57fe6-2c23-49fc-967c-0bea1bfea0f1-apTool`. Note: If an incorrect bundle ID is provided, the upgrade will proceed with the VMware Cloud Foundation stock ISO and replace the custom VIBs in your environment with the stock VIBs.
targetEsxVersion	Version of the ESXi bundle you downloaded. You can retrieve the target ESXi version by navigating to the Lifecycle Management > Bundle Management page and clicking View Details to view the "Update to Version".
useVcfBundle	Specifies whether the VMware Cloud Foundation ESXi bundle is to be used for the upgrade. Note: If you want to upgrade with a custom ISO image, ensure that this is set to false.
domainId (optional, VCF 4.4.1.1 and later only)	ID of the specific workload domain for the custom ISO. Use the VMware Cloud Foundation API (GET /v1/domains) to get the IDs for your workload domains.
clusterId (optional, VCF 4.4.1.1 and later only)	ID of the specific cluster within a workload domain to apply the custom ISO. If you do not specify a clusterId, the custom ISO will be applied to all clusters in the workload domain. Use the VMware Cloud Foundation API (GET /v1/clusters) to get the IDs for your clusters.
customIsoAbsolutePath	Path to the custom ISO file on the SDDC Manager appliance. For example, /nfs/vmware/vcf/nfs-mount/esx-upgrade-partner-binaries/VMware-VMvisor-Installer-7.0.0.update01-17325551.x86_64-DellEMC_Customized-A01.iso

Here is an example of a completed JSON template.

{
"esxCustomImageSpecList": [{
"bundleId": "8c0de63d-b522-4db8-be6c-f1e0ab7ef554",
"targetEsxVersion": "8.0.1-xxxxxxxxx",
"useVcfBundle": false,
"customIsoAbsolutePath":
"/nfs/vmware/vcf/nfs-mount/esx-upgrade-partner-binaries/VMware-VMvisor-Installer-8.0.0.update01-xxxxxxxx.x86_64-DellEMC_Customized-A01.iso"
}]
}

Here is an example of a completed JSON template with multiple ISOs using a single workload domain and specified clusters (VCF 4.4.1.1 and later only).

{
    "esxCustomImageSpecList": [
        {
            "bundleId": "aa7b16b1-d719-44b7-9ced-51bb02ca84f4",
            "targetEsxVersion": "8.0.2-xxxxxxxx",
            "useVcfBundle": false,
            "domainId": "1b7b16b1-d719-44b7-9ced-51bb02ca84b2",
            "clusterId": "c37b16b1-d719-44b7-9ced-51bb02ca84f4",
            "customIsoAbsolutePath": "/nfs/vmware/vcf/nfs-mount/esx-upgrade-partner-binaries/VMware-ESXi-7.0.2-17867351-DELL.zip"
        },
        {
            "bundleId": "aa7b16b1-d719-44b7-9ced-51bb02ca84f4",
            "targetEsxVersion": "7.0.1-18150133",
            "useVcfBundle": false,
            "domainId": "1b7b16b1-d719-44b7-9ced-51bb02ca84b2",
            "customIsoAbsolutePath": "/nfs/vmware/vcf/nfs-mount/esx-upgrade-partner-binaries/VMware-ESXi-7.0.2-17867351-HP.zip"
        }
    ]
}

Save the JSON file as esx-custom-image-upgrade-spec.json in the /nfs/vmware/vcf/nfs-mount.

Note: If the JSON file is not saved in the correct directory, the stock VMware Cloud Foundation ISO is used for the upgrade and the custom VIBs are overwritten.
Set the correct permissions on the /nfs/vmware/vcf/nfs-mount/esx-custom-image-upgrade-spec.json file:

chmod -R 775 /nfs/vmware/vcf/nfs-mount/esx-custom-image-upgrade-spec.json

chown -R vcf_lcm:vcf /nfs/vmware/vcf/nfs-mount/esx-custom-image-upgrade-spec.json
Open the /opt/vmware/vcf/lcm/lcm-app/conf/application-prod.properties file.
In the lcm.esx.upgrade.custom.image.spec= parameter, add the path to the JSON file.
For example, lcm.esx.upgrade.custom.image.spec=/nfs/vmware/vcf/nfs-mount/esx-custom-image-upgrade-spec.json
In the navigation pane, click Inventory > Workload Domains.
On the Workload Domains page, click the domain you are upgrading and then click the Updates/Patches tab.
Schedule the ESXi upgrade bundle.
Monitor the upgrade progress. See Monitor VMware Cloud Foundation Updates.
After the upgrade is complete, confirm the ESXi version by clicking Current Versions. The ESXi hosts table displays the current ESXi version.

Upgrade ESXi with VMware Cloud Foundation Stock ISO and Async Drivers

For clusters in workload domains with vLCM baselines, you can apply the stock ESXi upgrade bundle with specified async drivers.

Prerequisites

Download the appropriate async drivers for your hardware on a computer with internet access.

Procedure

Download the VMware Cloud Foundation ESXi upgrade bundle. See Download Bundles Using SDDC Manager.
Using SSH, log in to the SDDC Manager appliance.
Create a directory for the vendor provided async drivers under the /nfs/vmware/vcf/nfs-mount directory. For example, /nfs/vmware/vcf/nfs-mount/esx-upgrade-partner-drivers/drivers.
Copy the async drivers to the directory you created on the SDDC Manager appliance. For example, you can copy the drivers to the /nfs/vmware/vcf/nfs-mount/esx-upgrade-partner-drivers/drivers directory.
Change permissions on the directory where you copied the drivers. For example,
chmod -R 775 /nfs/vmware/vcf/nfs-mount/esx-upgrade-partner-drivers/drivers
Change owner to vcf.
chown -R vcf_lcm:vcf /nfs/vmware/vcf/nfs-mount/esx-upgrade-partner-drivers/drivers

Create an ESX custom image JSON using the following template.

{
"esxCustomImageSpecList": [{
"bundleId": "bundle ID of the ESXi bundle you downloaded",
"targetEsxVersion": "ESXi version for the target VMware Cloud Foundation version",
"useVcfBundle": true,
"esxPatchesAbsolutePaths": ["Path_to_Drivers"]
}]
}

where


Parameter	Description and Example Value
bundleId	ID of the ESXi upgrade bundle you downloaded. You can retrieve the bundle ID by navigating to the Lifecycle Management > Bundle Management page and clicking View Details to view the bundle ID. For example, 8c0de63d-b522-4db8-be6c-f1e0ab7ef554.
targetEsxVersion	Version of the ESXi upgrade bundle you downloaded. You can retrieve the ESXi target version by navigating to the Lifecycle Management > Bundle Management page and clicking View Details to view the "Update to Version".
useVcfBundle	Specifies whether the ESXi bundle is to be used for the upgrade. Set this to true.
esxPatchesAbsolutePaths	Path to the async drivers on the SDDC Manager appliance. For example, /nfs/vmware/vcf/nfs-mount/esx-upgrade-partner-drivers/drivers/VMW-ESX-6.7.0-smartpqi-1.0.2.1038-offline_bundle-8984687.zip

Here is an example of a completed JSON template.

{
"esxCustomImageSpecList": [{
"bundleId": "411bea6a-b26c-4a15-9443-03f453c68752-apTool",
"targetEsxVersion": "7.0.3-21053776",
"useVcfBundle": true,
"esxPatchesAbsolutePaths": ["/nfs/vmware/vcf/nfs-mount/esx-upgrade-partner-drivers/drivers/HPE-703.0.0.10.9.5.14-Aug2022-Synergy-Addon-depot.zip"]
}]
}

Save the JSON file as esx-custom-image-upgrade-spec.json in the /nfs/vmware/vcf/nfs-mount.

Note: If the JSON file is not saved in the correct directory, the stock VMware Cloud Foundation ISO is used for the upgrade and the custom VIBs are overwritten.
Set the correct permissions on the /nfs/vmware/vcf/nfs-mount/esx-custom-image-upgrade-spec.json file:

chmod -R 775 /nfs/vmware/vcf/nfs-mount/esx-custom-image-upgrade-spec.json

chown -R vcf_lcm:vcf /nfs/vmware/vcf/nfs-mount/esx-custom-image-upgrade-spec.json
Open the /opt/vmware/vcf/lcm/lcm-app/conf/application-prod.properties file.
In the lcm.esx.upgrade.custom.image.spec= parameter, add the path to the JSON file.
For example, lcm.esx.upgrade.custom.image.spec=/nfs/vmware/vcf/nfs-mount/esx-custom-image-upgrade-spec.json
In the navigation pane, click Inventory > Workload Domains.
On the Workload Domain page, click the management domain.
On the Domain Summary page, click the Updates/Patches tab.
In the Available Updates section, click Update Now or Schedule Update next to the VMware Software Update bundle for VMware ESXi.
Monitor the upgrade progress. See Monitor VMware Cloud Foundation Updates.
After the upgrade is complete, confirm the ESXi version by clicking Current Versions. The ESXi hosts table displays the current ESXi version.

Upgrade ESXi with vSphere Lifecycle Manager Images for VMware Cloud Foundation

VI workload domains can use vSphere Lifecycle Manager baselines or vSphere Lifecycle Manager images for ESXi host upgrade. The following procedure describes upgrading ESXi hosts in workload domains that use vSphere Lifecycle Manager images.

For information about upgrading ESXi in workload domains that use vSphere Lifecycle Manager baselines, see Upgrade ESXi with vSphere Lifecycle Manager Baselines for VMware Cloud Foundation.

You create a vSphere Lifecycle Manager image for upgrading ESXi hosts using the vSphere Client. During the creation of the image, you define the ESXi version and can optionally add vendor add-ons, components, and firmware. After you extract the vSphere Lifecycle Manager image into SDDC Manager, the ESXi update will be available for the relevant VI workload domains.

Prerequisites

Validate that the ESXi passwords are valid.
Ensure that the domain for which you want to perform cluster-level upgrade does not have any hosts or clusters in an error state. Resolve the error state or remove the hosts and clusters with errors before proceeding.
You must upgrade NSX and vCenter Server before you can upgrade ESXi hosts with a vSphere Lifecycle Manager image.
If you want to add firmware to the vSphere Lifecycle Manager image, you must install the Hardware Support Manager from your vendor. See Firmware Updates.
To use an async patch version of ESXi, you must enable the patch with the Async Patch Tool. See the Async Patch Tool documentation.

Procedure

Create a vSphere Lifecycle Manager image.

Right-click the management domain data center and select New Cluster.
Enter a name for the cluster (for example, ESXi image upgrade) and click Next.
Keep the default settings for everything except the cluster name
Click Finish.
Click the Updates tab for the new cluster.
Click Hosts > Image > Setup Image.

Define the vSphere Lifecycle manager image.

Image Element	Description
ESXi Version	From the ESXi Version drop-down menu, select the ESXi version specified in the VMware Cloud Foundation BOM. If the ESXi version does not appear in the drop-down menu, see Synchronize the vSphere Lifecycle Manager Depot and Import Updates to the vSphere Lifecycle Manager Depot.
Vendor Add-On (optional)	To add a vendor add-on to the image, click Select and select a vendor add-on.
Firmware and Drivers Add-On (optional)	To add a firmware add-on to the image, click Select. In the Select Firmware and Drivers Addon dialog box, specify a hardware support manager and select a firmware add-on to add to the image. Selecting a firmware add-on for a family of vendor servers is possible only if the respective vendor-provided hardware support manager is registered as an extension to the vCenter Server where vSphere Lifecycle Manager runs.
Components	To add components to the image: Click Show details. Click Add Components. Select the components and their corresponding versions to add to the image.

Click Save.
Click Finish Image Setup.
Click Yes, Finish Image Setup.

Extract the vSphere Lifecycle Manager image into SDDC Manager.
1. In the SDDC Manager UI, click Lifecycle Management > Image Management .
2. Click Import Image.
3. In the Option 1 section, select the management domain from the drop-down menu.
4. In the Cluster drop-down, select the cluster from which you want to extract the vSphere Lifecycle manager image. For example, ESXi image upgrade.
5. Enter a name for the cluster image and click Extract Cluster Image.
You can view status in the Tasks panel.
Upgrade ESXi hosts with the vSphere Lifecycle Manager image.
1. Navigate to the Updates/Patches tab of the VI workload domain.
2. In the Available Updates section, click Configure Update.
3. Click Next.
4. Select the clusters to upgrade and click Next.
  The default setting is to upgrade all clusters. To upgrade specific clusters, click Enable cluster-level selection and select the clusters to upgrade.
5. Select the cluster. the cluster image, and optionally the firmware and driver addons.
6. Click Apply Image.
7. Click Next.
8. Select the upgrade options and click Next.
  By default, the selected clusters are upgraded in parallel. If you selected more than five clusters to be upgraded, the first five are upgraded in parallel and the remaining clusters are upgraded sequentially. To upgrade all selected clusters sequentially, select Enable sequential cluster upgrade.
  
  Click Enable Quick Boot if desired. Quick Boot for ESXi hosts is an option that allows Update Manager to reduce the upgrade time by skipping the physical reboot of the host.
  
  Select Migrate Powered Off and Suspended VMs to include any VMs that are powered-off in the chosen cluster for upgrade.
9. Click Next and review the settings.
  VMware Cloud Foundation runs a cluster image hardware compatibility and compliance check. Resolve any reported issues before proceeding.
10. Click Schedule Update and click Next.
11. Select Upgrade Now or Schedule Update and click Finish.

What to do next

Firmware Updates

You can use vSphere Lifecycle Manager images to perform firmware updates on the ESXi hosts in a cluster. Using a vSphere Lifecycle Manager image simplifies the host update operation. With a single operation, you update both the software and the firmware on the host.

To apply firmware updates to hosts in a cluster, you must deploy and configure a vendor provided software module called hardware support manager. The deployment method and the management of a hardware support manager is determined by the respective OEM. For example, the hardware support manager that Dell EMC provides is part of their host management solution, OpenManage Integration for VMware vCenter (OMIVV), which you deploy as an appliance. See Deploying Hardware Support Managers.

You must deploy the hardware support manager appliance on a host with sufficient disk space. After you deploy the appliance, you must power on the appliance virtual machine, log in to the appliance as an administrator, and register the appliance as a vCenter Server extension. Each hardware support manager has its own mechanism of managing firmware packages and making firmware add-ons available for you to choose.

For detailed information about deploying, configuring, and managing hardware support managers, refer to the vendor-provided documentation.

Post Upgrade Steps for NFS-Based VI Workload Domains

After upgrading VI workload domains that use NFS storage, you must add a static route for hosts to access NFS storage over the NFS gateway. This process must be completed before expanding the workload domain.

Procedure

Identify the IP address of the NFS server for the VI workload domain.
Identify the network pool associated with the hosts in the cluster and the NFS gateway for the network pool.
1. Log in to SDDC Manager.
2. Click Inventory > Workload Domains and then click the VI workload domain.
3. Click the Clusters tab and then click an NFS-based cluster.
4. Click the Hosts tab and note down the network pool for the hosts.
5. Click the Info icon next to the network pool name and note down the NFS gateway.
Ensure that the NFS server is reachable from the NFS gateway. If a gateway does not exist, create it.
Identify the vmknic on each host in the cluster that is configured for NFS traffic.
Configure a static route on each host to reach the NFS server from the NFS gateway.
```
esxcli network ip route ipv4 add -g NFS-gateway-IP -n NFS-gateway
```
Verify that the new route is added to the host using the NFS vmknic.
```
esxcli network ip route ipv4 list
```
Ensure that the hosts in the NFS cluster can reach the NFS gateway through the NFS vmkernel.
For example:
```
vmkping -4 -I vmk2 -s 1470 -d -W 5 10.0.22.250
```
Repeat steps 2 through 7 for each cluster using NFS storage.