As part of HCX update planning, and to ensure that HCX components are updated successfully, review the service update considerations and requirements.
Service Update Requirements for Locally Activated Sites
- HCX Connector and HCX Cloud Manager update bundles must be downloaded manually from support.broadcom.com.
- HCX site pairs must display healthy connections before applying the update.
- Unless directed by VMware Support to upgrade to resolve a known issue, HCX components reporting degraded state must be restored to a healthy state before the update.
Service Update Requirements for Connected Sites
Sites running in Connected Mode maintain a connection to VMware for update notifications and downloads.
- These HCX Manager systems periodically connect to connect.hcx.vmware.com and query the server for published service updates. A continuous connection is required. The VMware HCX UI displays a banner when an updated HCX release is available.
VMware HCX client systems must be able to reach connect.hcx.vmware.com using HTTPS throughout the entire lifecycle of the system. When this connection is not available, the VMware HCX client system cannot display updates available to other VMware HCX systems.
If the connection is not maintained, the client system can miss a published update.
A client system without a maintained connection to connect.hcx.vmware.com is placed out of support if the connection is not restored. Also, the system displays a banner stating that the system will be deactivated.
If the HCX service update is not reflected on all site paired HCX systems, contact VMware Support. Partial updates are not supported.
VMware HCX client systems must be able to reach hybridity-depot.vmware.com using HTTPS for the download of update files, without connectivity to the depot, the Update Download fails.
HCX site pairs must reflect healthy connections before applying the service update.
Unless directed by VMware Support to upgrade to resolve a known issue, HCX components reporting degraded state must be restored to a healthy state before the update.
Service Update Considerations
-
Apply service updates during a maintenance window where no new HCX operations are queued up.
- The HCX Manager and Service Mesh can be upgraded independently, during separate maintenance windows.
- The upgrade window accounts for a brief disruption to the Network Extension service, while the appliances are redeployed with the updated code.
- Apply service updates during a maintenance window where no new HCX operations are queued up. During the window, the Interconnect service components are updated to the new release.
Component upgrades are triggered for each Service Mesh at the source HCX Manager, but run in parallel at each site.
The HCX service update file can be downloaded to the HCX Manager systems before the upgrade to reduce the time of the maintenance windows.
If Site A is paired with Site B, and Site A is also paired with Site C, plan the updates for Site A, B and C for the maximum compatibility across all environments. The environments can be updated in separate windows.
Applying a service update causes the HCX Manager system to be rebooted:
Existing Network Extensions continue to work during the HCX Manager reboot. New Network Extensions cannot be configured while the HCX Manager is rebooting.
Existing VM Protections continue to work during the HCX Manager reboot. New replications cannot be configured while the manager is rebooting.
Because upgrading the HCX Managers does not disrupt the Interconnect Service Mesh, the HCX team encourages installing updated releases when they become available to ensure that systems have the most recent fixes and security patches.
HCX Interconnect (Migration, WAN Optimization, and Network Extension) service component upgrades are performed independently to the manager upgrades:
Upgrade the Service Mesh appliances only after all Site Paired HCX Managers are upgraded.
Updating the Interconnect service components disrupts those services while the updates are being applied.
Ensure that migrations are not running or new migrations or replications are scheduled when updating the IX/CGW or WAN-OPT appliances.
Updating the HCX-NE (L2C) appliances disrupts connectivity that crosses the Network Extension path. The tunnel state re-converges in less than one minute after triggering the update.
Update the Network Extension components during a maintenance window.
HCX client systems to be running within the latest three releases to be eligible for support.
Service Update Sequence
When an update is available:
Identify the environments connected through HCX Site Pairing. The paired systems are displayed in the two tables in the Administration tab.
Download the update for all the paired HCX Managers.
Ensure that no new migrations, protections, or network extensions are configured during the update.
Ensure that all ongoing migrations have finished.
Ongoing synchronizations for Disaster Recovery are supported.
Ensure that there are no failovers scheduled during the upgrade.
Initiate the upgrade task on all paired HCX Connector and HCX Cloud systems:
The HCX Manager system reboots during the upgrade procedure.
Allow the system several minutes to complete the initialization process.
Use the System Updates view to verify that the current version is updated.
The HCX Service Mesh can be upgraded once all paired HCX Manager systems are updated and all services have returned to a fully converged state.
HCX Interconnect service components can be upgraded from the source HCX system. Use the Service Mesh interface to redeploy or upgrade the VMware HCX Interconnect service appliances:
Upgrade or redeploy the HCX Interconnect (HCX-IX) and WAN Optimization (HCX-WAN-OPT) appliances together.
Verify that the required tunnels are functional before resuming services or proceeding to the next component.
Upgrade or redeploy the Network Extension (HCX-NE) appliance.
Verify that the required tunnels are functional before resuming services or proceeding to the next component.
If the HCX topology has multiple source sites paired to a destination environment, the components upgrade has to be triggered at each source site.