The vCloud Networking and Security upgrade process can take some time. It is important to understand the operational state of vCloud Networking and Security components during an upgrade.

To upgrade vCloud Networking and Security to NSX 6.2, you must upgrade the NSX components in the following order:

  • vShield Manager

  • vShield Endpoint

VMware recommends that you run the upgrade in a single outage window to minimize downtime and reduce confusion among vCloud Networking and Security users who cannot access certain vCloud Networking and Security management functions during the upgrade. However, if your site requirements prevent you from completing the upgrade in a single outage window, the information below can help your vCloud Networking and Security users understand what features are available during the upgrade.

vCenter Upgrade

If you are using vCenter embedded SSO and you are upgrading vCenter 5.5 to vCenter 6.0, vCenter might lose connectivity with vShield Manager. This happens if vCenter 5.5 was registered with vShield using the root user name. Starting in NSX 6.2, vCenter registration with root is deprecated. As a workaround, re-register vCenter with vShield using the administrator@vsphere.local user name instead of root.

If you are using external SSO, no change is necessary. You can retain the same user name, for example admin@mybusiness.mydomain, and vCenter connectivity will not be lost.

vShield Manager Upgrade


  • vShield Manager configuration is blocked. The vShield API service is unavailable. No changes to the vShield configuration can be made. Existing VM communication continues to function.


  • All vShield and NSX configuration changes are allowed.

vShield Endpoint Migrated to Guest Introspection

In NSX 6.x, vShield Endpoint is renamed Guest Introspection. After you have upgraded NSX Manager, if you navigate to Networking & Security > Installation > Service Deployments the Guest Introspection service will display an Upgrade link. When you upgrade from vCloud Networking and Security to NSX, the Guest Introspection virtual appliance and the host agent for Guest Introspection are deployed on each host in the cluster where Guest Introspection is enabled.


  • There is a loss of protection for VMs in the NSX cluster when there is a change to the VMs, such as VM additions, vMotions, or deletions.


  • VMs are protected during VM additions, vMotions, and deletions.