You can upgrade the Workspace ONE Access virtual appliance online. The virtual appliance must be able to connect to the Internet for an online upgrade.

Prerequisites for a Workspace ONE Access Online Upgrade

Before you upgrade the 20.01 or 19.03 virtual appliance online, perform the prerequisite tasks.

Important: Citrix, Horizon, Horizon Cloud, and ThinApp integrations are not available with the Workspace ONE Access 20.10 or 20.01 connectors.
  • To use ThinApp packaged applications, use VMware Identity Manager connector (Linux) version 2018.8.1.0.
  • To use other Virtual Apps, such as Horizon desktops and applications or Citrix published resources, use VMware Identity Manager connector (Windows) version 19.03.0.1.

Perform the following prerequisite tasks.

  • Verify that at least 10 GB of free disk space (/dev/sda) are available on the virtual appliance.
  • Verify that at least 4 GB of disk space are available on the primary root partition of the virtual appliance.
  • Back up the virtual appliance by taking a snapshot. For information about how to take snapshots, see the vSphere documentation.
  • To ensure that Elasticsearch data is not deleted, prepare Elasticsearch for the upgrade.
    • Determine if multiple instances of Elasticsearch have ever run on any of the service nodes and, if so, consolidate the data directories of the multiple instances.
      1. View the contents of the /db/elasticsearch/horizon/nodes directory.

        The goal is for one subdirectory named 0 to exist. If only the 0 subdirectory exists, you do not need to consolidate directories.

        If a second copy of Elasticsearch has run at any time, a second directory named 1 also exists. Continue with the steps to consolidate directories.

      2. If multiple Elasticsearch instances exist, stop Elasticsearch and verify all processes are stopped.

        For example, to stop Elasticsearch, run the following command.

        service elasticsearch stop

        For example, to verify all Elasticsearch processes are stopped, run the following command.

        ps -ef | grep elasticsearch

        If the grep command shows that additional Elasticsearch processes are running, kill those processes.

      3. To determine which directory within each node contains the data, search for the data in the indices directory of each node, such as the following directory: /db/elasticsearch/horizon/nodes/1/indices/.
      4. Remove the directory that does not contain the data and, if necessary, rename the remaining directory.

        If the 0 directory contains the data, remove the 1 directory.

        If the 1 directory contains the data, remove the 0 directory and rename the 1 directory 0.

      5. Restart Elasticsearch.
        service elasticsearch start
      6. Search the /opt/vmware/elasticsearch/logs/horizon.log for a message like the following:

        recovered xx indices into cluster_state

        The message indicates that the system can read the renamed data directory, where xx represents the number of directories, or indices, in the /db/elasticsearch/horizon/nodes/0/indices/ directory.

    • Remove sysconfig.cloneprep and sysconfig.iamaclone files from all cloned service nodes.
      For example, log into each service node and run the following commands as root.
      rm -f /usr/local/horizon/conf/flags/sysconfig.cloneprep
      rm -f /usr/local/horizon/conf/flags/sysconfig.iamaclone
  • To shut down the entire Elasticsearch cluster, run the service elasticsearch stop command on each node.

    Shutting down the entire Elasticsearch cluster allows the Elasticsearch version to upgrade while preventing mismatched versions from running.

  • If you revoked the db_owner role on the Microsoft SQL database, you must add it back before performing the upgrade, otherwise the upgrade fails.

    Add the db_owner role to the same user that was used during installation:

    1. Log in to the Microsoft SQL Server Management Studio as a user with sysadmin privileges.
    2. Connect to the database instance for the service.
    3. Enter the following commands.

      If you are using Windows Authentication mode, use the following commands:

      USE <saasdb>;
      ALTER ROLE db_owner ADD MEMBER <domain\username>; GO 
      						  

      Make sure that you replace <saasdb> with your database name and <domain\username> with the relevant domain and user name.

      If you are using SQL Server Authentication mode, use the following commands:
      USE <saasdb>;
      ALTER ROLE db_owner ADD MEMBER <loginusername>; GO 
      						  

      Make sure that you replace <saasdb> with your database name and <loginusername> with the relevant username.

  • Take a snapshot or backup of the external database.
  • Verify that the service is properly configured.
  • Verify that the virtual appliance can resolve and reach vapp-updates.vmware.com on ports 80 and 443 over HTTP.
  • If an HTTP proxy server is required for outbound HTTP access, configure the proxy server settings for the virtual appliance. See Configure Proxy Server Settings for the 20.01 or 19.03 Workspace ONE Access Appliance.
  • Confirm that a Workspace ONE Access upgrade exists. Run the appropriate command to check for upgrades. See Check for the Availability of a Workspace ONE Access Upgrade Online.
  • Ensure that following directory space requirements are met.
    Directory Minimum Available Space
    / 4 GB
    Directory where you download the dualbootupdate.tar.gz file, if applicable 2 GB
  • Download Photon Migration Support Tools from the Workspace ONE Access 20.10 download page on my.vmware.com and save the file to any directory in the service virtual appliance.

    Workspace ONE Access 20.10 switches from the SUSE Linux Enterprise Server (SLES) operating system to the VMware Photon™ operating system. The Photon Migration Support Tools download contains the dualbootupdate.tar.gz file, which includes the Photon operating system and its packages. The upgrade process uses the dualbootupdate.tar.gz file when migrating the operating system from SLES to Photon.

Configure Proxy Server Settings for the 20.01 or 19.03 Workspace ONE Access Appliance

The Workspace ONE Access service virtual appliance accesses the VMware update servers through the Internet. If your network configuration provides Internet access using an HTTP proxy, you must adjust the proxy settings for the appliance.

To use a proxy server with the service, Workspace ONE Access or VMware Identity Manager, when you install the service, you configure it using the YaST utility. To upgrade the service, you must now edit the proxy server settings by running specific vami commands in the service virtual appliance.

Note: Enable your proxy to handle only Internet traffic. To ensure that the proxy is set up correctly, set the parameter for internal traffic to no-proxy within the domain.

Prerequisites

  • Verify that you have the root password for the virtual appliance. See Installing and Configuring VMware Workspace ONE Access for information about creating passwords for administrator accounts.
  • Verify that you have the proxy server information.
  1. Log in to the existing version of the service virtual appliance, 20.01 or 19.03, as the root user.
  2. Run the following command to set the proxy.
    /opt/vmware/share/vami/vami_set_proxy proxyServer proxyPort

    For example:

    /opt/vmware/share/vami/vami_set_proxy proxy.mycompany.com 3128
  3. Run the following command to verify the proxy settings.
    /opt/vmware/share/vami/vami_proxy
  4. If your proxy sever requires authentication, edit the /etc/environment configuration file and add the user name and password. For example:
    http_proxy=http://username:password@proxy.mycompany.com:3128
  5. Restart the Tomcat server on the service virtual appliance to use the new proxy settings.
    service horizon-workspace restart

Results

The VMware update servers are now available to the service virtual appliance.

Check for the Availability of a Workspace ONE Access Upgrade Online

If your existing service virtual appliance, 20.01 or 19.03, has Internet connectivity, you can check for the availability of upgrades online from the appliance.

  1. Log in to the virtual appliance as the root user.
  2. Run the following command to check for an online upgrade.

    Example

    /usr/local/horizon/update/updatemgr.hzn check