You can prepare the infrastructure for the NSX Data Center for vSphere upgrade by performing these checks and tasks.

Release Notes

Check the release notes for version-specific information, including known issues that affect your installation and version. See https://docs.vmware.com/en/VMware-NSX-for-vSphere/index.html.

Compatibility Checks

  • Verify that the current vSphere and ESXi versions are compatible with the NSX Data Center for vSphere version you are upgrading to. See the VMware Interoperability Matrix at https://partnerweb.vmware.com/comp_guide2/sim/interop_matrix.php#interop&93=&2=&1=.
  • If any Guest Introspection or Network Extensibility partner services are deployed, verify compatibility before upgrading:
    • In most circumstances, NSX Data Center for vSphere can be upgraded without impacting partner solutions. However, if your partner solution is not compatible with the version of NSX Data Center for vSphere to which you are upgrading, you must upgrade the partner solution to a compatible version before upgrading.
    • Consult the VMware Compatibility Guide for Networking and Security. See http://www.vmware.com/resources/compatibility/search.php?deviceCategory=security.
    • Consult the partner documentation for compatibility and upgrade details.
  • If you have Data Security in your environment, uninstall it before upgrading NSX. Data Security is not supported in NSX 6.3.0 and later. See Uninstall NSX Data Security.

General Infrastructure Preparation

  • Verify that forward and reverse name resolution works and that the following systems can resolve each other's DNS names:
    • NSX Manager appliances
    • vCenter Server systems
    • Platform Services Controller systems
    • ESXi hosts
  • If you are using a vSphere version earlier than vSphere 6.0 U3, and vSphere Update Manager is in use in the environment, ensure that the bypassVumEnabled flag is set to true in vCenter. This setting configures EAM to install the VIBs directly to the ESXi hosts even when VUM is installed or not available. See http://kb.vmware.com/kb/2053782.
  • Verify that you have a current backup of the NSX Manager, vCenter, and vSphere Distributed Switches. See NSX Backup and Restore.
  • Create and download a support bundle. See "Support Bundle Collection Tool" in the NSX Administration Guide.
  • Verify the working state of the NSX environment. See Verify the NSX Working State.
  • Download and stage the upgrade bundle, validate with md5sum. See Download the Upgrade Bundle and Check the MD5.

  • Verify that all vCenter users who manage licenses are in the LicenseService.Administrators group.

NSX Manager Preparation

  • Determine which NSX Managers must be upgraded in the same maintenance window.
    • If you have a cross-vCenter NSX environment, you must upgrade the primary and all secondary NSX Managers to the same NSX version in a single maintenance window.
    • If you have multiple NSX Managers connected to vCenter Server systems that use the same SSO server, not all combinations of NSX Manager version are supported. You must plan the upgrade of your NSX Managers so that you have a supported configuration at the end of the maintenance window
      • All NSX Managers using the same version of NSX is supported.
      • NSX Managers using different version of NSX is supported if at least one NSX Manager has NSX 6.4.0 or later installed, and all other NSX Managers have NSX 6.3.3 or later installed.
  • Validate the NSX Manager file system usage, and perform a cleanup if /common directory usage is at 70 percent or more.
    1. Log in to NSX Manager and run show filesystems to show the filesystem usage.
    2. If the usage is 100 percent, enter privileged (enable) mode, and run the purge log manager and purge log system commands.
    3. Reboot the NSX Manager appliance for the log cleanup to take effect.
  • Verify the NSX Manager virtual appliance reserved memory meets the system requirements before upgrading.

    See System Requirements for NSX Data Center for vSphere.

NSX Controller Preparation

  • The NSX Controller cluster must contain three controller nodes. If it has fewer than three, you must add additional nodes before starting the upgrade. See "Deploy NSX Controller Cluster" in the NSX Installation Guide for steps to add controller nodes.

NSX Edge Preparation

  • If you have any vCloud Networking and Security 5.5 or earlier vShield Edge appliances, you must upgrade them to NSX 6.2.x or later before upgrading to NSX 6.4.
  • Verify the hosts have enough resources to deploy additional NSX Edge Services Gateway appliances during the upgrade, particularly if you are upgrading multiple NSX Edge appliances in parallel. See the System Requirements for NSX Data Center for vSphere for the resources required for each NSX Edge size.
    • For a single NSX Edge instance, there are two NSX Edge appliances of the appropriate size in the poweredOn state during upgrade.
    • For an NSX Edge instance with high availability, both replacement appliances are deployed before replacing the old appliances. This means there are four NSX Edge appliances of the appropriate size in the poweredOn state during upgrade of a given NSX Edge. Once the NSX Edge instance is upgraded, either of the HA appliances could become active.

  • Verify that the host clusters listed in the configured location and live location for all NSX Edge appliances are prepared for NSX and that their messaging infrastructure status is GREEN. If the status is green, the hosts are using the messaging infrastructure to communicate with NSX Manager instead of VIX.

    You must do this even if you do not intend to upgrade all NSX Edge appliances to NSX 6.4.

    If the configured location is not available, for example, because the cluster has been removed since the NSX Edge appliance was created, then verify the live location only.
    • Find the ID of the original configured location (configuredResourcePool > id) and the current live location (resourcePoolId) with the GET https://NSX-Manager-IP-Address/api/4.0/edges/{edgeId}/appliances API request.
    • Find the host preparation status and the messaging infrastructure status for those clusters with the GET https://NSX-Manager-IP-Address/api/2.0/nwfabric/status?resource={resourceId} API request, where resourceId is the ID of the configured and live location of the NSX Edge appliances found previously.
      • Look for the status corresponding to the featureId of com.vmware.vshield.vsm.nwfabric.hostPrep in the response body. The status must be GREEN. 
        <nwFabricFeatureStatus>
  <featureId>com.vmware.vshield.vsm.nwfabric.hostPrep</featureId>
  <featureVersion>6.3.1.5124716</featureVersion>
  <updateAvailable>false</updateAvailable>
  <status>GREEN</status>
  <installed>true</installed>
  <enabled>true</enabled>
  <allowConfiguration>false</allowConfiguration>
</nwFabricFeatureStatus>
      • Look for the status corresponding to the featureId of com.vmware.vshield.vsm.messagingInfra in the response body. The status must be GREEN. 
        <nwFabricFeatureStatus>
  <featureId>com.vmware.vshield.vsm.messagingInfra</featureId>
  <updateAvailable>false</updateAvailable
  <status>GREEN</status>
  <installed>true</installed>
  <enabled>true</enabled>
  <allowConfiguration>false</allowConfiguration>
</nwFabricFeatureStatus>
    If the hosts are not prepared for NSX, do the following:
    • Navigate to Installation and Upgrade > Host Preparation and prepare the hosts for NSX.
    • Verify that the messaging infrastructure is GREEN.
    • Redeploy the NSX Edges on the host.
    If the hosts are not prepared for NSX, do the following:
    • Navigate to Installation > Host Preparation and prepare the hosts for NSX.
    • Verify that the messaging infrastructure is GREEN.
    • Redeploy the NSX Edges on the host.