This section contains the upgrade sequence and information for single instance topologies.
Supported Topologies |
Supported Architecture Models |
---|---|
Single Instance - Single Availability Zone |
|
Single Instance - Multiple Availability Zones |
|
Upgrade Plan for VMware Cloud Foundation Single Instance Topologies
This section describes the tasks required to perform a VMware Cloud Foundation upgrade with a single instance topology. Depending on your source VMware Cloud Foundation version, you may need to perform certain tasks multiple times before proceeding to the next task.
VMware Cloud Foundation Upgrade Preparation
Task |
Additional Information |
---|---|
Allocate a temporary IP address for each vCenter Server upgrade |
[Conditional] When upgrading from VMware Cloud Foundation 4.x. Required for each vCenter Server upgrade. Must be allocated from the management subnet. The same IP can be reused. |
Obtain updated licenses |
[Conditional] When upgrading from VMware Cloud Foundation 4.x. New licenses required for:
|
Verify there are no expired or expiring passwords |
Review the password management dashboard in SDDC Manager. |
Verify there are no expired or expiring certificates |
Review the certificates tab for each workload domain. |
Verify ESXi host TPM module status |
[Conditional] If ESXi hosts have TPM modules in use, verify they are running the latest 2.0 firmware. If not in use they must be disabled in the BIOS. |
Download Bundles Using SDDC Manager |
[Conditional] Online depot connectivity required |
Configure a Proxy Server for Downloading Bundles |
[Conditional] If a proxy server is required for online depot connectivity |
Download Bundles with the Bundle Transfer Utility |
[Conditional] For offline bundle download |
Download Specific Bundles with the Bundle Transfer Utility |
[Conditional] For offline bundle download of a specific bundle |
Management Domain Upgrade
Task |
Applies When |
Additional Information |
---|---|---|
VMware Cloud Foundation Upgrade Prerequisites |
||
|
||
Apply the VMware Cloud Foundation Upgrade Bundle |
|
If the current version of VMware Cloud Foundation is 4.4.x, 4.5.x, or 5.x Upgrade SDDC Manager to 5.1.1. |
Apply the VMware Cloud Foundation Configuration Updates |
|
|
Update Compatibility Data with the Bundle Transfer Utility |
[Conditional] Required when using offline bundle download |
Task |
Additional Information |
---|---|
Upgrade VMware Aria Suite Lifecycle for VMware Cloud Foundation |
[Conditional] If VMware Aria Suite Lifecycle is present |
Upgrade VMware Aria Suite products for VMware Cloud Foundation |
[Conditional] If VMware Aria Suite products are present |
Task |
Applies When |
Additional Information |
---|---|---|
Upgrade NSX from 3.1.3 |
|
|
Upgrade NSX from 3.2.x, 4.1.0.2, or 4.1.2.1 |
|
|
Task |
Additional Information |
---|---|
Upgrade vCenter Server for VMware Cloud Foundation |
|
Task |
Additional Information |
---|---|
Upgrade vSAN Witness Host for VMware Cloud Foundation |
[Conditional] If the vSphere cluster is a stretched vSAN cluster |
Skip Hosts During vSphere clusters Update |
[Conditional] If you need to skip hosts |
Upgrade vSphere clusters with Custom ISOs or Upgrade vSphere clusters with VMware Cloud Foundation Stock ISO and Async Drivers or Upgrade vSphere clusters with vSphere Lifecycle Manager Baselines for VMware Cloud Foundation |
|
Task |
Additional Information |
---|---|
Update Licenses for a Workload Domain |
[Conditional] If upgrading from a VMware Cloud Foundation version prior to 5.0 Update licenses for:
|
Apply Configuration Updates |
[Conditional] If there are configuration updates required |
Upgrade vSphere Distributed Switch versions |
|
Upgrade vSAN on-disk format versions |
|
VI Workload Domain Upgrade
Task |
Additional Information |
---|---|
Perform an upgrade precheck |
Task |
Applies When |
Additional Information |
---|---|---|
Upgrade NSX from 3.1.3 |
|
|
Upgrade NSX from 3.2.x, 4.1.0.2, or 4.1.2.1 |
|
|
Task |
Additional Information |
---|---|
Upgrade vCenter Server for VMware Cloud Foundation |
|
Task |
Additional Information |
---|---|
Upgrade vSAN Witness Host for VMware Cloud Foundation |
[Conditional] If the vSphere cluster is a stretched vSAN cluster |
Skip Hosts During vSphere clusters Update |
[Conditional] If you need to skip hosts |
Upgrade vSphere clusters with Custom ISOs or Upgrade vSphere clusters with VMware Cloud Foundation Stock ISO and Async Drivers or Upgrade vSphere clusters with vSphere Lifecycle Manager Baselines for VMware Cloud Foundation or Upgrade ESXi with vSphere Lifecycle Manager Images for VMware Cloud Foundation |
|
Post Upgrade Steps for NFS-Based VI Workload Domains |
Task |
Additional Information |
---|---|
Update Licenses for a Workload Domain |
[Conditional] If upgrading from a VMware Cloud Foundation version prior to 5.0 Update licenses for:
|
Apply Configuration Updates |
[Conditional] If there are configuration updates required |
Upgrade vSphere Distributed Switch versions |
|
Upgrade vSAN on-disk format versions |
|
VMware Cloud Foundation Upgrade Prerequisites
Before you upgrade VMware Cloud Foundation, make sure that the following prerequisites are met.
Prerequisite |
Additional Information |
---|---|
Allocate a temporary IP address for each vCenter Server upgrade |
[Conditional][Conditional] When upgrading from VMware Cloud Foundation 4.x. Required for each vCenter Server upgrade. Must be allocated from the management subnet. The same IP can be reused. |
Obtain updated licenses |
New licenses required for: vSAN 8.x vSphere 8 |
Verify there are no expired or expiring passwords |
Review the password management dashboard in SDDC Manager |
Verify there are no expired or expiring certificates |
Review the certificates tab for each workload domain |
Verify ESXi host TPM module status |
[Conditional] If ESXi hosts have TPM modules in use, verify they are running the latest 2.0 firmware. If not in use they must be disabled in the BIOS |
Verify ESXi hardware is compatible with target version |
See ESXi Requirements and VMware Compatibility Guide at http://www.vmware.com/resources/compatibility/search.php. |
Manually update the vSAN HCL database to ensure that it is up-to-date. |
See KB 2145116 |
Backup SDDC Manager, all vCenter Servers, and NSX Managers. |
Take File based backups or image-level backups of SDDC Manager, all vCenter Servers, and NSX Managers. Take a Cold Snapshot of SDDC Manager. |
Make sure that there are no failed workflows in your system and none of the VMware Cloud Foundation resources are in activating or error state. |
Caution:
If any of these conditions are true, contact VMware Support before starting the upgrade. |
Review the Release Notes for known issues related to upgrades. |
|
Deactivate all 4.x async patches and run an inventory sync before upgrading to VMware Cloud Foundation 5.0 |
VMware Cloud Foundation 5.0 and later no longer require using the Async Patch Tool to enable upgrades from an async-patched VMware Cloud Foundation instance. See VCF Async Patch Tool Options for more information |
Run the NSX Upgrade Evaluation Tool before starting the upgrade process. |
The tool is designed to ensure success by checking the health and readiness of your NSX Manager prior to upgrading. |
Review Operational Impacts of NSX Upgrade in NSX Upgrade Guide to understand the impact that each component upgrade might have on your environment. |
|
Ensure there are no active alarms on hosts or vSphere clusters using the vSphere Client. |
Downloading VMware Cloud Foundation Upgrade Bundles
Before you can upgrade VMware Cloud Foundation, you must download the upgrade bundles for each VMware Cloud Foundation component that requires an upgrade.
Online and Offline Downloads
If the SDDC Manager appliance can connect to the internet, you can download upgrade bundles from the VMware Depot using your VMware Customer Connect account.
If the SDDC Manager appliance cannot connect to the internet, you can use the Bundle Transfer Utility to download the bundles to a computer that has internet access and then copy the bundles to the SDDC Manager appliance.
Other Bundle Types
- Install Bundles
An install bundle includes software binaries to install VI workload domains (vCenter Server and NSX) and VMware Aria Suite Lifecycle. You download install bundles using the same process that you use for upgrade bundles.
- Async Patch Bundles
An async patch bundle allows you to apply critical patches to certain VMware Cloud Foundation components (NSX Manager, vCenter Server, and ESXi) when an update or upgrade bundle is not available. To download an async patch bundle, you must use the Async Patch Tool. See Async Patch Tool.
Download Bundles Using SDDC Manager
If SDDC Manager does not have direct internet access, configure a proxy server or use the Bundle Transfer Utility for offline bundle downloads.
- Configure a Proxy Server for Downloading VMware Cloud Foundation Bundles
- Offline Bundle Download for VMware Cloud Foundation
If SDDC Manager is already connected to the VMware Depot, you can skip the first step below.
When you download bundles, SDDC Manager verifies that the file size and checksum of the downloaded bundles match the expected values.
Procedure
Configure a Proxy Server for Downloading VMware Cloud Foundation Bundles
If SDDC Manager does not have direct internet access, you can configure a proxy server to download bundles. VMware Cloud Foundation only supports proxy servers that do not require authentication.
Procedure
What to do next
Offline Bundle Download for VMware Cloud Foundation
Prerequisites
- A Windows or Linux computer with internet connectivity for downloading the bundles.
- You need a system with internet access to download the manifest file and VMware Compatibility Data.
- The computer must have Java 8 or later.
- A Windows or Linux computer with access to the SDDC Manager appliance for uploading the bundles.
- To upload the manifest file from a Windows computer, you must have OpenSSL installed and configured.
- Configure TCP keepalive in your SSH client to prevent socket connection timeouts when using the Bundle Transfer Utility for long-running operations.
Procedure
Download Specific Bundles from the VMware Depot with the Bundle Transfer Utility
The Bundle Transfer Utility is a command line tool used to identify bundles applicable to your environment and download the bundles from the VMware Depot to a computer that has internet access.
This procedure provides information about downloading specific bundles to a computer with internet access. When the bundle downloads complete, copy the output directory to a computer with access to the SDDC Manager appliance, and then copy the directory to the SDDC Manager appliance. After you copy the directory to the SDDC Manager appliance, upload the bundle files to the internal LCM repository. See Offline Bundle Download for VMware Cloud Foundation for more information.
Run the following commands from the Bundle Transfer Utility directory (for example, lcm-tools-prod/bin/) on a computer with internet access.
Download Bundles for a Product Version
- Display a list of the bundles for a specific product version.
./lcm-bundle-transfer-util --depotUser depotUser --listBundles --productVersion product_version (OR) ./lcm-bundle-transfer-util --du depotUser -l -p product_version
For example:./lcm-bundle-transfer-util --du [email protected] -l -p 5.0.0.0
- Download bundles based on a specific product version.
./lcm-bundle-transfer-util --download --outputDirectory absolute-path-output-dir --depotUser depotUser --productVersion product_version (OR) ./lcm-bundle-transfer-util -d -op absolute-path-output-dir --du depotUser -p product_version
For example, to download all the bundles for the 5.0.0.0 version:./lcm-bundle-transfer-util --download --depotUser [email protected] --outputDirectory /Users/fruyven/downloadedBundles -p 5.0.0.0
Download a Single Bundle
Download a single bundle.
./lcm-bundle-transfer-util --download --outputDirectory absolute-path-output-dir --depotUser depotUser --bundle bundle_name (OR) ./lcm-bundle-transfer-util --download --outputDirectory absolute-path-output-dir --depotUser depotUser -b bundle_name
For example:
./lcm-bundle-transfer-util --download --outputDirectory /Users/fruyven/downloadedBundles --depotUser [email protected] --bundle bundle-50721
HCL Offline Download for VMware Cloud Foundation
If the SDDC Manager appliance does not have access to the VMware Depot, you can use the Bundle Transfer Utility to manually download the HCL file from the depot on your local computer and then upload them to the SDDC Manager appliance.
Prerequisites
- A Windows or Linux computer with internet connectivity for downloading the HCL.
- You need a system with internet access to download the HCL file.
- The computer must have Java 8 or later.
- A Windows or Linux computer with access to the SDDC Manager appliance for uploading the HCL file.
- To upload the HCL file from a Windows computer, you must have OpenSSL installed and configured.
- Configure TCP keepalive in your SSH client to prevent socket connection timeouts when using the Bundle Transfer Utility for long-running operations.
Procedure
Upgrade the Management Domain to VMware Cloud Foundation 5.1.1
You must upgrade the management domain before upgrading VI workload domains in your environment. To upgrade to VMware Cloud Foundation 5.1.1, the management domain must be at VMware Cloud Foundation 4.4.x or higher. If your environment is at a version lower than 4.4.x, you must upgrade the management domain to 4.4.x or later and then upgrade to 5.1.1.
Upgrade the components in the management domain in the following order:
SDDC Manager and VMware Cloud Foundation services.
VMware Aria Suite Lifecycle, VMware Aria Suite products, and Workspace ONE Access.
NSX.
vCenter Server.
ESXi
After all upgrades have completed successfully:
Remove the VM snapshots you took before starting the update.
Take a backup of the newly installed components.
Perform Update Precheck - Versions Prior to SDDC Manager 5.0
If you have not yet upgraded to SDDC Manager 5.0, these are the steps to run a Precheck. You must perform a precheck before applying an update or upgrade bundle to ensure that your environment is ready for the update.
- Custom ISO is compatible with your environment.
- Custom ISO size is smaller than the boot partition size.
- Third party VIBs are compatible with the environment.
Procedure
Results
The precheck result is displayed at the top of the Upgrade Precheck Details window. If you click Exit Details, the precheck result is displayed at the top of the Precheck section in the Updates/Patches tab.
Ensure that the precheck results are green before proceeding. A failed precheck may cause the update to fail.
Apply the VMware Cloud Foundation Upgrade Bundle
The VMware Cloud Foundation Upgrade bundle upgrades the SDDC Manager appliance and VMware Cloud Foundation services. This task is required if the source VMware Cloud Foundation version before starting the upgrade is 4.4.x, 4.5.x, or 5.x.
Prerequisites
- Download the VMware Cloud Foundation update bundle for your target release. See Downloading VMware Cloud Foundation Upgrade Bundles.
- Ensure you have a recent successful backup of SDDC Manager using an external SFTP server.
- Ensure you have taken a snapshot of the SDDC Manager appliance.
- Ensure you have recent successful backups of the components managed by SDDC Manager.
- Perform Update Precheck in SDDC Manager and resolve any issues.
Procedure
Perform Update Precheck in SDDC Manager
You must perform a precheck in SDDC Manager before applying an update bundle to ensure that your environment is ready for the update.
Bundle-level pre-checks for vCenter are available in VMware Cloud Foundation.
Because ESXi bundle-level pre-checks only work in minor-version upgrades (for example: from ESXi 7.x through 7.y, or from ESXi 8.x through 8.y), these prechecks do not run in VMware Cloud Foundation.
If you silence a vSAN Skyline Health alert in the vSphere Client, SDDC Manager skips the related precheck and indicates which precheck it skipped. Click RESTORE PRECHECK to include the silenced precheck. For example:
You can also silence failed vSAN prechecks in the SDDC Manager UI by clicking Silence Precheck. Silenced prechecks do not trigger warnings or block upgrades.
Only silence alerts if you know that they are incorrect. Do not silence alerts for real issues that require remediation.
Procedure
Results
The precheck result is displayed at the top of the Upgrade Precheck Details window. If you click Exit Details, the precheck result is displayed at the top of the Precheck section in the Updates tab.
Ensure that the precheck results are green before proceeding. Although a failed precheck will not prevent the upgrade from proceeding, it may cause the update to fail.
Apply VMware Cloud Foundation Configuration Updates
VMware Cloud Foundation Configuration Updates identifies and resolves any discrepancies between the intended/prescribed configuration and the actual configuration, ensuring that the deployment aligns with the recommended configuration for the VCF 5.0 release and above. This process includes reconciling the configuration for 2nd party software components listed in the VMware Cloud Foundation Bill of Materials (BOM).
As the upgrades for 2nd party components complete for the domain, additional Configuration Updates may become available. You have the option to apply the relevant drifts as they become available or apply them collectively at the end of the upgrade process for all 2nd party software components.
Configuration Updates can be applied to multiple domains in parallel. However, if a Configuration Update is in progress, another configuration update on the same domain should not be attempted.
Procedure
Upgrade VMware Aria Suite Lifecycle for VMware Cloud Foundation
The process for upgrading VMware Aria Suite Lifecycle depends on your current version of VMware Cloud Foundation and VMware Aria Suite Lifecycle.
If you have an earlier version of VMware Aria Suite Lifecycle, use the process below to upgrade to VMware Aria Suite Lifecycle 8.6.2 and then use the VMware Aria Suite Lifecycle UI to upgrade to later supported versions.
Prerequisites
- Ensure that you have a recent successful backup of the VMware Aria Suite Lifecycle appliance.
- Download the VMware Software Update bundle(s) for VMware Aria Suite Lifecycle. See Downloading VMware Cloud Foundation Upgrade Bundles.
Note: You may have to download and apply multiple bundles, depending on the current product versions in your environment. If your environment is using VMware Cloud Foundation 4.4 or later and VMware Aria Suite Lifecycle 8.6.2 and later, you do not need to download any bundles, since all upgrades are performed from the VMware Aria Suite Lifecycle UI.
Procedure
Upgrade VMware Aria Suite Products for VMware Cloud Foundation
If you had VMware Aria Operations for Logs, VMware Aria Automation, VMware Aria Operations, or Workspace ONE Access in your pre-upgrade environment, you must upgrade them from VMware Aria Suite Lifecycle.
- Download upgrade binaries
- Create snapshots of the virtual appliances
- Run pre-upgrade checks
- Upgrade VMware Aria Suite products
Prerequisites
Upgrade to VMware Aria Suite Lifecycle 8.6.2 or later.
Procedure
Upgrade NSX from 3.1.3
Additional Information for Upgrading NSX from 3.1.3
The following additional information is applicable to the following upgrade.
[Conditional] If source NSX version is 3.1.3
Upgrade NSX to 3.2.1.2 using SDDC Manager
Upgrade NSX for VMware Cloud Foundation
Upgrade NSX in the management domain before you upgrade VI workload domains.
Upgrading NSX involves the following components:
Upgrade Coordinator
NSX Edges/Clusters (if deployed)
Host clusters
NSX Manager cluster
Procedure
Results
When all NSX workload components are upgraded successfully, a message with a green background and check mark is displayed.
Upgrade NSX from 3.2.1.2
Additional Information for Upgrading NSX from 3.2.1.2
The following additional information is applicable to the following upgrade.
[Conditional] If source NSX version is 3.2.1.2
Upgrade NSX to 4.1.2.3 using SDDC Manager
[Conditional] If NSX Federation is present, upgrade the NSX Local Manager in both VMware Cloud Foundation instances before proceeding
Upgrade NSX for VMware Cloud Foundation
Upgrade NSX in the management domain before you upgrade VI workload domains.
Upgrading NSX involves the following components:
Upgrade Coordinator
NSX Edges/Clusters (if deployed)
Host clusters
NSX Manager cluster
Procedure
Results
When all NSX workload components are upgraded successfully, a message with a green background and check mark is displayed.
Upgrade NSX from 3.2.2.x / 3.2.3.x
Additional Information for Upgrading NSX from 3.2.2.x / 3.2.3.x
The following additional information is applicable to the following upgrade.
[Conditional] If source NSX version is 3.2.2.x or 3.2.3.x
Upgrade NSX to 4.1.2.3 using SDDC Manager
[Conditional] If NSX Federation is present, upgrade the NSX Local Manager in both VMware Cloud Foundation instances before proceeding
Upgrade NSX for VMware Cloud Foundation
Upgrade NSX in the management domain before you upgrade VI workload domains.
Upgrading NSX involves the following components:
Upgrade Coordinator
NSX Edges/Clusters (if deployed)
Host clusters
NSX Manager cluster
Procedure
Results
When all NSX workload components are upgraded successfully, a message with a green background and check mark is displayed.
Upgrade NSX from 4.1.x
Additional Information for Upgrading NSX from 4.1.x
The following additional information is applicable to the following upgrade.
[Conditional] If source NSX version is 4.1.0.2 or 4.1.2.1
Upgrade NSX to 4.1.2.3 using SDDC Manager
[Conditional] If NSX Federation is present, upgrade the NSX Local Manager in both VMware Cloud Foundation instances before proceeding
Upgrade NSX for VMware Cloud Foundation
Upgrade NSX in the management domain before you upgrade VI workload domains.
Upgrading NSX involves the following components:
Upgrade Coordinator
NSX Edges/Clusters (if deployed)
Host clusters
NSX Manager cluster
Procedure
Results
When all NSX workload components are upgraded successfully, a message with a green background and check mark is displayed.
Upgrade vCenter Server for VMware Cloud Foundation
The upgrade bundle for VMware vCenter Server is used to upgrade the vCenter Servers managed by SDDC Manager. Upgrade vCenter Server in the management domain before upgrading vCenter Server in VI workload domains.
Prerequisites
Download the VMware vCenter Server upgrade bundle. See Downloading VMware Cloud Foundation Upgrade Bundles.
Take a file-based backup of the vCenter Server appliance before starting the upgrade. See Manually Back Up vCenter Server.
Note:After taking a backup, do not make any changes to the vCenter Server inventory or settings until the upgrade completes successfully.
If your workload domain contains Workload Management (vSphere with Tanzu) enabled clusters, the supported target release depends on the version of Kubernetes (K8s) currently running in the cluster. Older versions of K8s may require a specific upgrade sequence. See KB 88962 for more information.
Procedure
What to do next
Once the upgrade successfully completes, use the vSphere Client to change the vSphere DRS Automation Level setting back to the original value (before you took a file-based backup) for each vSphere cluster that is managed by the vCenter Server. See KB 87631 for information about using VMware PowerCLI to change the vSphere DRS Automation Level.
Upgrade ESXi with vSphere Lifecycle Manager Baselines for VMware Cloud Foundation
The management domain uses vSphere Lifecycle Manager baselines for ESXi host upgrades. VI workload domains can use vSphere Lifecycle Manager baselines or vSphere Lifecycle Manager images. The following procedure describes upgrading ESXi hosts in workload domains that use vSphere Lifecycle Manager baselines.
For information about upgrading ESXi in VI workload domains that use vSphere Lifecycle Manager images, see Upgrade ESXi with vSphere Lifecycle Manager Images for VMware Cloud Foundation.
By default, the upgrade process upgrades the ESXi hosts in all clusters in a workload domain in parallel. If you have multiple clusters in a workload domain, you can select the clusters to upgrade.
If you want to skip any hosts while applying an ESXi update a workload domain, you must add these hosts to the application-prod.properties file before you begin the update. See "Skip Hosts During ESXi Update".
To perform ESXi upgrades with custom ISO images or async drivers see "Upgrade ESXi with Custom ISOs" and "Upgrade ESXi with Stock ISO and Async Drivers".
If you are using external (non-vSAN) storage, the following procedure updates the ESXi hosts attached to the external storage. However, updating and patching the storage software and drivers is a manual task and falls outside of SDDC Manager lifecycle management. To ensure supportability after an ESXi upgrade, consult the vSphere HCL and your storage vendor.
Prerequisites
Validate that the ESXi passwords are valid.
Download the ESXi bundle. See Downloading VMware Cloud Foundation Upgrade Bundles.
Ensure that the domain for which you want to perform cluster-level upgrade does not have any hosts or clusters in an error state. Resolve the error state or remove the hosts and clusters with errors before proceeding.
Procedure
What to do next
Upgrade the vSAN Disk Format for vSAN clusters. The disk format upgrade is optional. Your vSAN cluster continues to run smoothly if you use a previous disk format version. For best results, upgrade the objects to use the latest on-disk format. The latest on-disk format provides the complete feature set of vSAN. See Upgrading vSAN Disk Format Using vSphere Client.
Upgrade vSAN Witness Host for VMware Cloud Foundation
If your VMware Cloud Foundation environment contains stretched clusters, update and remediate the vSAN witness host.
Prerequisites
Download the ESXi ISO that matches the version listed in the the Bill of Materials (BOM) section of the VMware Cloud Foundation Release Notes.
Procedure
- In a web browser, log in to vCenter Server at https://vcenter_server_fqdn/ui.
- Upload the ESXi ISO image file to vSphere Lifecycle Manager.
- Click .
- Click the Imported ISOs tab.
- Click Import ISO and then click Browse.
- Navigate to the ESXi ISO file you downloaded and click Open.
- After the file is imported, click Close.
- Create a baseline for the ESXi image.
- On the Imported ISOs tab, select the ISO file that you imported, and click New baseline.
- Enter a name for the baseline and specify the Content Type as Upgrade.
- Click Next.
- Select the ISO file you had imported and click Next.
- Review the details and click Finish.
- Attach the baseline to the vSAN witness host.
- Click .
- In the Inventory panel, click .
- Select the vSAN witness host and click the Updates tab.
- Under Attached Baselines, click .
- Select the baseline that you had created in step 3 and click Attach.
- Click Check Compliance.
After the compliance check is completed, the Status column for the baseline is displayed as Non-Compliant.
- Remediate the vSAN witness host and update the ESXi hosts that it contains.
- Right-click the vSAN witness and click .
- Click OK.
- Click the Updates tab.
- Select the baseline that you had created in step 3 and click Remediate.
- In the End user license agreement dialog box, select the check box and click OK.
- In the Remediate dialog box, select the vSAN witness host, and click Remediate.
The remediation process might take several minutes. After the remediation is completed, the Status column for the baseline is displayed as Compliant.
- Right-click the vSAN witness host and click .
- Click OK.
Skip Hosts During ESXi Update
You can skip hosts while applying an ESXi update to a workload domain. The skipped hosts are not updated.
You cannot skip hosts that are part of a VI workload domain that is using vSphere Lifecycle Manager images, since these hosts are updated at the cluster-level and not the host-level.
Procedure
Results
The hosts added to the application-prod.properties are not updated when you update the workload domain.
Upgrade ESXi with Custom ISOs
For clusters in workload domains with vSphere Lifecycle Manager baselines, you can upgrade ESXi with a custom ISO from your vendor. VMware Cloud Foundation 4.4.1.1 and later support multiple custom ISOs in a single ESXi upgrade in cases where specific clusters or workload domains require different custom ISOs.
Prerequisites
Download the appropriate vendor-specific ISOs on a computer with internet access. If no vendor-specific ISO is available for the required version of ESXi, then you can create one. See Create a Custom ISO Image for ESXi.
Procedure
Upgrade ESXi with VMware Cloud Foundation Stock ISO and Async Drivers
For clusters in workload domains with vLCM baselines, you can apply the stock ESXi upgrade bundle with specified async drivers.
Prerequisites
Download the appropriate async drivers for your hardware on a computer with internet access.
Procedure
Upgrade vSphere Distributed Switch versions
[Optional] Upgrade the distributed switch to take advantage of features that are available only in the later versions.
Prerequisites
ESXi and vCenter Upgrades are completed.
Procedure
- On the vSphere Client Home page, click Networking and navigate to the distributed switch.
- Right-click the distributed switch and select
- Select the vSphere Distributed Switch version that you want to upgrade the switch to and click Next
Results
The vSphere Distributed Switch is successfully upgraded.
Upgrade vSAN on-disk format versions
[Optional] Upgrade the vSAN on-disk format version to take advantage of features that are available only in the later versions.
The upgrade may cause temporary resynchronization traffic and use additional space by moving data or rebuilding object components to a new data structure.
Prerequisites
ESXi and vCenter Upgrades are completed
Verify that the disks are in a healthy state. Navigate to the Disk Management page to verify the object status.
Verify that your hosts are not in maintenance mode. When upgrading the disk format, do not place the hosts in maintenance mode.
Verify that there are no component rebuilding tasks currently in progress in the vSAN cluster. For information about vSAN resynchronization, see vSphere Monitoring and Performance
Procedure
- Navigate to the vSAN cluster.
- Click the Configure tab.
- Under vSAN, select Disk Management.
- Click Pre-check Upgrade. The upgrade pre-check analyzes the cluster to uncover any issues that might prevent a successful upgrade. Some of the items checked are host status, disk status, network status, and object status. Upgrade issues are displayed in the Disk pre-check status text box.
- Click Upgrade.
- Click Yes on the Upgrade dialog box to perform the upgrade of the on-disk format.
Results
vSAN successfully upgrades the on-disk format. The On-disk Format Version column displays the disk format version of storage devices in the cluster
Update License Keys for a Workload Domain
If upgrading from a VMware Cloud Foundation version prior to 5.0, you need to update your license keys to support vSAN 8.x and vSphere 8.x.
You first add the new component license key to SDDC Manager. This must be done once per license instance. You then apply the license key to the component on a per workload domain basis.
Prerequisites
You need a new license key for vSAN 8.x and vSphere 8.x. Prior to VMware Cloud Foundation 5.1.1, you must add and update the component license key for each upgraded component in the SDDC Manager UI as described below.
With VMware Cloud Foundation 5.1.1 and later, you can add a component license key as described below, or add a solution license key in the vSphere Client. See Managing vSphere Licenses for information about using a solution license key for VMware ESXi and vCenter Server. If you are using a solution license key, you must also add a VMware vSAN license key for vSAN clusters. See Configure License Settings for a vSAN Cluster.
Procedure
- Add a new component license key to the SDDC Manager inventory.
- In the navigation pane, click .
- On the Licensing page, click + License Key.
- Select a product from the drop-down menu.
- Enter the license key.
- Enter a description for the license key.
- Click Add.
- Repeat for each license key to be added.
- Update a license key for a workload domain component.
- In the navigation pane, click .
- On the Workload Domains page, click the domain you are upgrading.
- On the Summary tab, expand the red error banner, and click Update Licenses.
- On the Update Licenses page, click Next.
- Select the products to update and click Next.
- For each product, select a new license key from the list, and select the entity to which the licensekey should be applied and click Next.
- On the Review pane, review each license key and click Submit.
The new license keys will be applied to the workload domain. Monitor the task in the Tasks pane in SDDC Manager.
Upgrade VI Workload Domains to VMware Cloud Foundation 5.1.1
The management domain in your environment must be upgraded before you upgrade VI workload domains. To upgrade to VMware Cloud Foundation 5.1.1, all VI workload domains in your environment must be at VMware Cloud Foundation 4.4.x or higher. If your environment is at a version lower than 4.4, you must upgrade the workload domains to 4.4.x and then upgrade to 5.1.1.
- NSX.
- vCenter Server.
- ESXi.
- Workload Management on clusters that have vSphere with Tanzu. Workload Management can be upgraded through vCenter Server. See Updating the vSphere with Tanzu Environment.
- If you suppressed the Enter Maintenance Mode prechecks for ESXi or NSX, delete the following lines from the /opt/vmware/vcf/lcm/lcm-app/conf/application-prod.properties file and restart the LCM service:
lcm.nsxt.suppress.dry.run.emm.check=true
lcm.esx.suppress.dry.run.emm.check.failures=true
- If you have stretched clusters in your environment, upgrade the vSAN witness host. See Upgrade vSAN Witness Host for VMware Cloud Foundation.
- For NFS-based workload domains, add a static route for hosts to access NFS storage over the NFS gateway. See Post Upgrade Steps for NFS-Based VI Workload Domains.
- Remove the VM snapshots you took before starting the update.
- Take a backup of the newly installed components.
Plan VI Workload Domain Upgrade
Before proceeding with a VI workload domain upgrade you must first plan the upgrade to your target version.
Prerequisites
Procedure
Results
Bundles applicable to the chosen release will be made available to the VI workload domain.
Perform Update Precheck in SDDC Manager
You must perform a precheck in SDDC Manager before applying an update bundle to ensure that your environment is ready for the update.
Bundle-level pre-checks for vCenter are available in VMware Cloud Foundation.
Because ESXi bundle-level pre-checks only work in minor-version upgrades (for example: from ESXi 7.x through 7.y, or from ESXi 8.x through 8.y), these prechecks do not run in VMware Cloud Foundation.
If you silence a vSAN Skyline Health alert in the vSphere Client, SDDC Manager skips the related precheck and indicates which precheck it skipped. Click RESTORE PRECHECK to include the silenced precheck. For example:
You can also silence failed vSAN prechecks in the SDDC Manager UI by clicking Silence Precheck. Silenced prechecks do not trigger warnings or block upgrades.
Only silence alerts if you know that they are incorrect. Do not silence alerts for real issues that require remediation.
Procedure
Results
The precheck result is displayed at the top of the Upgrade Precheck Details window. If you click Exit Details, the precheck result is displayed at the top of the Precheck section in the Updates tab.
Ensure that the precheck results are green before proceeding. Although a failed precheck will not prevent the upgrade from proceeding, it may cause the update to fail.
Upgrade NSX from 3.1.3
Additional Information for Upgrading NSX from 3.1.3
The following additional information is applicable to the following upgrade.
[Conditional] If source NSX version is 3.1.3
Upgrade NSX to 3.2.1.2 using SDDC Manager
Upgrade NSX for VMware Cloud Foundation
Upgrade NSX in the management domain before you upgrade VI workload domains.
Upgrading NSX involves the following components:
Upgrade Coordinator
NSX Edges/Clusters (if deployed)
Host clusters
NSX Manager cluster
Procedure
Results
When all NSX workload components are upgraded successfully, a message with a green background and check mark is displayed.
Upgrade NSX from 3.2.1.2
Additional Information for Upgrading NSX from 3.2.1.2
The following additional information is applicable to the following upgrade.
[Conditional] If source NSX version is 3.2.1.2
Upgrade NSX to 4.1.2.3 using SDDC Manager
[Conditional] If NSX Federation is present, upgrade the NSX Local Manager in both VMware Cloud Foundation instances before proceeding
Upgrade NSX for VMware Cloud Foundation
Upgrade NSX in the management domain before you upgrade VI workload domains.
Upgrading NSX involves the following components:
Upgrade Coordinator
NSX Edges/Clusters (if deployed)
Host clusters
NSX Manager cluster
Procedure
Results
When all NSX workload components are upgraded successfully, a message with a green background and check mark is displayed.
Upgrade NSX from 3.2.2.x / 3.2.3.x
Additional Information for Upgrading NSX from 3.2.2.x / 3.2.3.x
The following additional information is applicable to the following upgrade.
[Conditional] If source NSX version is 3.2.2.x or 3.2.3.x
Upgrade NSX to 4.1.2.3 using SDDC Manager
[Conditional] If NSX Federation is present, upgrade the NSX Local Manager in both VMware Cloud Foundation instances before proceeding
Upgrade NSX for VMware Cloud Foundation
Upgrade NSX in the management domain before you upgrade VI workload domains.
Upgrading NSX involves the following components:
Upgrade Coordinator
NSX Edges/Clusters (if deployed)
Host clusters
NSX Manager cluster
Procedure
Results
When all NSX workload components are upgraded successfully, a message with a green background and check mark is displayed.
Upgrade NSX from 4.1.x
Additional Information for Upgrading NSX from 4.1.x
The following additional information is applicable to the following upgrade.
[Conditional] If source NSX version is 4.1.0.2 or 4.1.2.1
Upgrade NSX to 4.1.2.3 using SDDC Manager
[Conditional] If NSX Federation is present, upgrade the NSX Local Manager in both VMware Cloud Foundation instances before proceeding
Upgrade NSX for VMware Cloud Foundation
Upgrade NSX in the management domain before you upgrade VI workload domains.
Upgrading NSX involves the following components:
Upgrade Coordinator
NSX Edges/Clusters (if deployed)
Host clusters
NSX Manager cluster
Procedure
Results
When all NSX workload components are upgraded successfully, a message with a green background and check mark is displayed.
Upgrade vCenter Server for VMware Cloud Foundation
The upgrade bundle for VMware vCenter Server is used to upgrade the vCenter Servers managed by SDDC Manager. Upgrade vCenter Server in the management domain before upgrading vCenter Server in VI workload domains.
Prerequisites
Download the VMware vCenter Server upgrade bundle. See Downloading VMware Cloud Foundation Upgrade Bundles.
Take a file-based backup of the vCenter Server appliance before starting the upgrade. See Manually Back Up vCenter Server.
Note:After taking a backup, do not make any changes to the vCenter Server inventory or settings until the upgrade completes successfully.
If your workload domain contains Workload Management (vSphere with Tanzu) enabled clusters, the supported target release depends on the version of Kubernetes (K8s) currently running in the cluster. Older versions of K8s may require a specific upgrade sequence. See KB 88962 for more information.
Procedure
What to do next
Once the upgrade successfully completes, use the vSphere Client to change the vSphere DRS Automation Level setting back to the original value (before you took a file-based backup) for each vSphere cluster that is managed by the vCenter Server. See KB 87631 for information about using VMware PowerCLI to change the vSphere DRS Automation Level.
Upgrade ESXi with vSphere Lifecycle Manager Baselines for VMware Cloud Foundation
The management domain uses vSphere Lifecycle Manager baselines for ESXi host upgrades. VI workload domains can use vSphere Lifecycle Manager baselines or vSphere Lifecycle Manager images. The following procedure describes upgrading ESXi hosts in workload domains that use vSphere Lifecycle Manager baselines.
For information about upgrading ESXi in VI workload domains that use vSphere Lifecycle Manager images, see Upgrade ESXi with vSphere Lifecycle Manager Images for VMware Cloud Foundation.
By default, the upgrade process upgrades the ESXi hosts in all clusters in a workload domain in parallel. If you have multiple clusters in a workload domain, you can select the clusters to upgrade.
If you want to skip any hosts while applying an ESXi update a workload domain, you must add these hosts to the application-prod.properties file before you begin the update. See "Skip Hosts During ESXi Update".
To perform ESXi upgrades with custom ISO images or async drivers see "Upgrade ESXi with Custom ISOs" and "Upgrade ESXi with Stock ISO and Async Drivers".
If you are using external (non-vSAN) storage, the following procedure updates the ESXi hosts attached to the external storage. However, updating and patching the storage software and drivers is a manual task and falls outside of SDDC Manager lifecycle management. To ensure supportability after an ESXi upgrade, consult the vSphere HCL and your storage vendor.
Prerequisites
Validate that the ESXi passwords are valid.
Download the ESXi bundle. See Downloading VMware Cloud Foundation Upgrade Bundles.
Ensure that the domain for which you want to perform cluster-level upgrade does not have any hosts or clusters in an error state. Resolve the error state or remove the hosts and clusters with errors before proceeding.
Procedure
What to do next
Upgrade the vSAN Disk Format for vSAN clusters. The disk format upgrade is optional. Your vSAN cluster continues to run smoothly if you use a previous disk format version. For best results, upgrade the objects to use the latest on-disk format. The latest on-disk format provides the complete feature set of vSAN. See Upgrading vSAN Disk Format Using vSphere Client.
Upgrade vSAN Witness Host for VMware Cloud Foundation
If your VMware Cloud Foundation environment contains stretched clusters, update and remediate the vSAN witness host.
Prerequisites
Download the ESXi ISO that matches the version listed in the the Bill of Materials (BOM) section of the VMware Cloud Foundation Release Notes.
Procedure
- In a web browser, log in to vCenter Server at https://vcenter_server_fqdn/ui.
- Upload the ESXi ISO image file to vSphere Lifecycle Manager.
- Click .
- Click the Imported ISOs tab.
- Click Import ISO and then click Browse.
- Navigate to the ESXi ISO file you downloaded and click Open.
- After the file is imported, click Close.
- Create a baseline for the ESXi image.
- On the Imported ISOs tab, select the ISO file that you imported, and click New baseline.
- Enter a name for the baseline and specify the Content Type as Upgrade.
- Click Next.
- Select the ISO file you had imported and click Next.
- Review the details and click Finish.
- Attach the baseline to the vSAN witness host.
- Click .
- In the Inventory panel, click .
- Select the vSAN witness host and click the Updates tab.
- Under Attached Baselines, click .
- Select the baseline that you had created in step 3 and click Attach.
- Click Check Compliance.
After the compliance check is completed, the Status column for the baseline is displayed as Non-Compliant.
- Remediate the vSAN witness host and update the ESXi hosts that it contains.
- Right-click the vSAN witness and click .
- Click OK.
- Click the Updates tab.
- Select the baseline that you had created in step 3 and click Remediate.
- In the End user license agreement dialog box, select the check box and click OK.
- In the Remediate dialog box, select the vSAN witness host, and click Remediate.
The remediation process might take several minutes. After the remediation is completed, the Status column for the baseline is displayed as Compliant.
- Right-click the vSAN witness host and click .
- Click OK.
Skip Hosts During ESXi Update
You can skip hosts while applying an ESXi update to a workload domain. The skipped hosts are not updated.
You cannot skip hosts that are part of a VI workload domain that is using vSphere Lifecycle Manager images, since these hosts are updated at the cluster-level and not the host-level.
Procedure
Results
The hosts added to the application-prod.properties are not updated when you update the workload domain.
Upgrade ESXi with Custom ISOs
For clusters in workload domains with vSphere Lifecycle Manager baselines, you can upgrade ESXi with a custom ISO from your vendor. VMware Cloud Foundation 4.4.1.1 and later support multiple custom ISOs in a single ESXi upgrade in cases where specific clusters or workload domains require different custom ISOs.
Prerequisites
Download the appropriate vendor-specific ISOs on a computer with internet access. If no vendor-specific ISO is available for the required version of ESXi, then you can create one. See Create a Custom ISO Image for ESXi.
Procedure
Upgrade ESXi with VMware Cloud Foundation Stock ISO and Async Drivers
For clusters in workload domains with vLCM baselines, you can apply the stock ESXi upgrade bundle with specified async drivers.
Prerequisites
Download the appropriate async drivers for your hardware on a computer with internet access.
Procedure
Upgrade ESXi with vSphere Lifecycle Manager Images for VMware Cloud Foundation
VI workload domains can use vSphere Lifecycle Manager baselines or vSphere Lifecycle Manager images for ESXi host upgrade. The following procedure describes upgrading ESXi hosts in workload domains that use vSphere Lifecycle Manager images.
For information about upgrading ESXi in workload domains that use vSphere Lifecycle Manager baselines, see Upgrade ESXi with vSphere Lifecycle Manager Baselines for VMware Cloud Foundation.
You create a vSphere Lifecycle Manager image for upgrading ESXi hosts using the vSphere Client. During the creation of the image, you define the ESXi version and can optionally add vendor add-ons, components, and firmware. After you extract the vSphere Lifecycle Manager image into SDDC Manager, the ESXi update will be available for the relevant VI workload domains.
Prerequisites
- Validate that the ESXi passwords are valid.
- Ensure that the domain for which you want to perform cluster-level upgrade does not have any hosts or clusters in an error state. Resolve the error state or remove the hosts and clusters with errors before proceeding.
- You must upgrade NSX and vCenter Server before you can upgrade ESXi hosts with a vSphere Lifecycle Manager image.
- If you want to add firmware to the vSphere Lifecycle Manager image, you must install the Hardware Support Manager from your vendor. See Firmware Updates.
- To use an async patch version of ESXi, you must enable the patch with the Async Patch Tool. See the Async Patch Tool documentation.
Procedure
Firmware Updates
You can use vSphere Lifecycle Manager images to perform firmware updates on the ESXi hosts in a cluster. Using a vSphere Lifecycle Manager image simplifies the host update operation. With a single operation, you update both the software and the firmware on the host.
To apply firmware updates to hosts in a cluster, you must deploy and configure a vendor provided software module called hardware support manager. The deployment method and the management of a hardware support manager is determined by the respective OEM. For example, the hardware support manager that Dell EMC provides is part of their host management solution, OpenManage Integration for VMware vCenter (OMIVV), which you deploy as an appliance. See Deploying Hardware Support Managers.
You must deploy the hardware support manager appliance on a host with sufficient disk space. After you deploy the appliance, you must power on the appliance virtual machine, log in to the appliance as an administrator, and register the appliance as a vCenter Server extension. Each hardware support manager has its own mechanism of managing firmware packages and making firmware add-ons available for you to choose.
For detailed information about deploying, configuring, and managing hardware support managers, refer to the vendor-provided documentation.
Upgrade vSphere Distributed Switch versions
[Optional] Upgrade the distributed switch to take advantage of features that are available only in the later versions.
Prerequisites
ESXi and vCenter Upgrades are completed.
Procedure
- On the vSphere Client Home page, click Networking and navigate to the distributed switch.
- Right-click the distributed switch and select
- Select the vSphere Distributed Switch version that you want to upgrade the switch to and click Next
Results
The vSphere Distributed Switch is successfully upgraded.
Upgrade vSAN on-disk format versions
[Optional] Upgrade the vSAN on-disk format version to take advantage of features that are available only in the later versions.
The upgrade may cause temporary resynchronization traffic and use additional space by moving data or rebuilding object components to a new data structure.
Prerequisites
ESXi and vCenter Upgrades are completed
Verify that the disks are in a healthy state. Navigate to the Disk Management page to verify the object status.
Verify that your hosts are not in maintenance mode. When upgrading the disk format, do not place the hosts in maintenance mode.
Verify that there are no component rebuilding tasks currently in progress in the vSAN cluster. For information about vSAN resynchronization, see vSphere Monitoring and Performance
Procedure
- Navigate to the vSAN cluster.
- Click the Configure tab.
- Under vSAN, select Disk Management.
- Click Pre-check Upgrade. The upgrade pre-check analyzes the cluster to uncover any issues that might prevent a successful upgrade. Some of the items checked are host status, disk status, network status, and object status. Upgrade issues are displayed in the Disk pre-check status text box.
- Click Upgrade.
- Click Yes on the Upgrade dialog box to perform the upgrade of the on-disk format.
Results
vSAN successfully upgrades the on-disk format. The On-disk Format Version column displays the disk format version of storage devices in the cluster
Post Upgrade Steps for NFS-Based VI Workload Domains
After upgrading VI workload domains that use NFS storage, you must add a static route for hosts to access NFS storage over the NFS gateway. This process must be completed before expanding the workload domain.