VMware Cloud on AWS regularly performs updates on your SDDCs. These updates ensure continuous delivery of new features and bug fixes, and maintain consistent software versions across the SSDC fleet.
Upgrades to even-numbered releases of the SDDC software, such as VMC Version 1.10 or 1.12, will be provided to all SDDCs and are mandatory. Odd-numbered releases, such as 1.11 or 1.13, are available only for new SDDC deployments. These optional releases are not available for upgrades.
When an SDDC update is upcoming, VMware sends a notification email to you. Typically, this occurs 7 days before a regular update and 1-2 days before an emergency update. Delays to upgrades could result in your SDDC running an unsupported software version. See Supported SDDC Versions.
You also receive notifications by email when each phase of the update process starts, completes, is rescheduled, or is canceled. To ensure that you receive these notifications, ensure that firstname.lastname@example.org is added to your email allow list.
Upgrade Process for SDDCs Using NSX-T
The figure below shows the upgrade process for SDDCs with networking based on NSX-T.
The impact of the upgrade on different elements of the SDDC infrastructure is shown in the figure below.
- Do not perform hot or cold workload migrations. Migrations fail if they are started or in progress during maintenance.
- Do not perform workload provisioning (New/Clone VM). Provisioning operations fail if they are started or in progress during maintenance.
- Do not make changes to Storage-based Policy Management settings for workload VMs.
- Ensure that there is enough storage capacity (> 30% slack space) in each cluster.
Maintenance is performed in three phases.
Phase 1: Control Plane Updates. These are the updates to vCenter Server and NSX Edge. A backup of the management appliances is taken during this phase. If a problem occurs, there is a restore point for the SDDC. A management gateway firewall rule is added during this phase. There is an NSX Edge failover during this upgrade phase, resulting in a brief downtime. You do not have access to NSX Manager and vCenter Server during this phase. During this time, your workloads and other resources function as usual subject to the constraints outlined above.
Certificates for vCenter Server and NSX Edge are replaced during Phase 1 if the certificates were last replaced more than 14 days ago. If you are using other software that relies on the vCenter Server certificate, such as Horizon Enterprise, vRealize Operations, vRealize Automation, VMware Site Recovery, and many third-party management applications, you must re-accept the vCenter Server and NSX certificates in that software after Phase 1 of the upgrade.
When Phase 1 is complete, you receive a notification. After Phase 1 is complete, there is a waiting period until Phase 2 starts. Phase 2 is initiated at a designated start time.
Phase 2: Host Updates. These are the updates to the ESXi hosts and host networking software in the SDDC. An additional host is temporarily added to your SDDC to provide enough capacity for the update. You are not billed for these host additions. vMotion and DRS activities occur to facilitate the update. The upgrade process has been improved so that only one NSX Edge migration occurs during the update. During this time, your workloads and other resources function as usual subject to the constraints outlined above. When Phase 2 is complete, the hosts that were temporarily added are removed from each cluster in the SDDC.
When Phase 2 is complete, you receive a notification. After Phase 2 is complete, there is a waiting period until Phase 3 starts. Phase 3 is initiated at a designated start time.
Phase 3: These are the updates to the NSX-T appliances. A backup of the management appliances is taken during this phase. If a problem occurs, there is a restore point for the SDDC. A management gateway firewall rule is added during this phase. You do not have access to NSX Manager and vCenter Server during this phase. During this time, your workloads and other resources function as usual subject to the constraints outlined above.
When Phase 3 is complete, you receive a notification.
For more information on estimating the duration of each phase, see Estimating the Duration of SDDC Maintenance.
When an SDDC upgrade for your SDDC is scheduled, you can see information about upcoming or ongoing maintenance in the Maintenance Tab of the VMC Console. For more information, see View an SDDC Maintenance Schedule Reservation.
Updates for VMware Hybrid Cloud Extension (HCX)
- The VMware Hybrid Cloud Extension (HCX) for the SDDC managers will not be upgraded as part of this release.
- Avoid starting HCX migrations that might overlap with the SDDC upgrade window. HCX bulk migration processes might be halted, and HCX vMotion migrations might fail.
- For more details, see the VMware HCX User Guide at https://docs.vmware.com/en/VMware-NSX-Hybrid-Connect/index.html.
Updates for the VMware vCenter Cloud Gateway
- The VMware vCenter Cloud Gateway will be updated to the latest release.
- The user interface for the VMware vCenter Cloud Gateway might be inaccessible during the upgrade of the appliance.
- For more information, see the documentation for the vCenter Cloud Gateway Appliance at https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vsphere.vmc-aws-manage-data-center.doc/GUID-58C1AC46-3F99-4F93-BB1F-FD1878B49374.html.
Updates for Horizon Enterprise
For information about the impact of an SDDC upgrade on a Horizon Enterprise installation running on VMware Cloud on AWS, see https://kb.vmware.com/s/article/74599.
Impact of Updates on VMware Site Recovery
- You cannot open the Site Recovery UI for the SDDC under maintenance. From the remote SDDC Site Recovery UI, this site will appear as disconnected.
- Recovery plan failover operations towards the SDDC under maintenance cannot be initiated. Failover operations in progress might fail when maintenance starts.
- Incoming replications are interrupted. Depending on RPO settings and the maintenance duration, RPO violations notification for these replications might appear in the remote Site Recovery UI. RPO violations should disappear automatically sometime after the maintenance is completed, depending on when vSphere Replication manages to sync the accumulated delta. Replications outgoing from the SDDC under maintenance are not affected.
- For more information, see the documentation for VMware Site Recovery at https://docs.vmware.com/en/VMware-Site-Recovery/index.html.