You can upgrade the Workspace ONE Access virtual appliance online. The virtual appliance must be able to connect to the Internet for an online upgrade.

Prerequisites for a Workspace ONE Access Online Upgrade

Before you upgrade the 21.08.X virtual appliance online, perform the prerequisite tasks.

  • Verify that at least 4 GB of disk space are available on the primary root partition of the virtual appliance. To see the disk space, run the df -h command.
  • Verify the health of the Elasticsearch service. Go to the System Diagnostic Dashboard in the Workspace ONE Access console and review the Integrated Components section. Confirm that the values for the Elasticsearch items are green. If the state displays as red, fix the Elasticsearch issues before upgrading. See the Troubleshooting Elasticsearch Cluster Health: VMware Workspace ONE Access Operational Tutorial guide.

    When you upgrade to Workspace ONE Access 22.09, Elasticsearch is migrated to OpenSearch version 1.3.5 which is embedded in the Workspace ONE appliance for auditing, reports, and directory sync logs. During the migration all closed indices, search indices (which will be rebuilt) and Elasticsearch version 5.6.15 audit indices containing multiple document types, which are not supported in OpenSearch, are deleted.

  • Back up the virtual appliance by taking a snapshot. For information about how to take a snapshot. See KB article 2032907, Managing snapshots in vSphere Web Client.
  • Microsoft SQL server 2014 updated with the Microsoft SQL patch to support TLS1.2.
  • If you revoked the db_owner role on the Microsoft SQL database, you must add the role back before performing the upgrade, otherwise the upgrade fails. Add the db_owner role to the same user that was used during installation:
      1. Log in to the Microsoft SQL Server Management Studio as a user with sysadmin privileges.
      2. Connect to the database instance for the service.
      3. Enter the following commands.

        If you are using Windows Authentication mode, use the following commands: 

        USE <saasdb>;
ALTER ROLE db_owner ADD MEMBER <domain\username>; GO

        Make sure that you replace <saasdb> with your database name and <domain\username> with the relevant domain and user name.

        If you are using SQL Server Authentication mode, use the following commands. 
        USE <saasdb>;
ALTER ROLE db_owner ADD MEMBER <loginusername>; GO

        Make sure that you replace <saasdb> with your database name and <loginusername> with the relevant user name.

      For information about revoking the database-level role, see Change Database-Level Roles After Upgrade to Workspace ONE Access.

  • Take a snapshot or backup of the external database.
  • Verify that the service is properly configured.
  • Verify that the virtual appliance can resolve and reach vapp-updates.vmware.com on ports 80 and 443 over HTTP.
  • If an HTTP proxy server is required for outbound HTTP access, configure the proxy server settings for the virtual appliance. See Configure Proxy Server Settings before upgrading Workspace ONE Access Appliance.
  • Run the appropriate command to check for upgrades. See Check for the Availability of a Workspace ONE Access Upgrade Online.
  • Before you run the upgrade, download the update-fix.tgz file from the MyVMware Downloads site at my.vmware.com and copy the file to the appliance, extract the file, and set the permissions.
    • Use the scp command to copy the update-fix.tgz file to the appliance's /tmp location.
    • Run tar -xvzf update-fix.tgz to extract the files.
    • Run the following command to copy the extracted file. 
      cp configureupdate.hzn /usr/local/horizon/update/configureupdate.hzn
    • Change permissions and ownership of the files. 
      chmod 500 /usr/local/horizon/update/configureupdate.hzn 
      chown root:root /usr/local/horizon/update/configureupdate.hzn
  • Ensure that following directory space requirements is met.
    Directory Minimum Available Space
    / 4 GB

Configure Proxy Server Settings before upgrading Workspace ONE Access Appliance

The Workspace ONE Access virtual appliance accesses the VMware update servers through the Internet. If your network configuration provides Internet access using an HTTP proxy, you must adjust the proxy settings for the appliance.

Enable your proxy to handle internet traffic only. To ensure that the proxy is set up correctly, in the Workspace ONE Access service version 21.08, set the parameter for internal traffic to no-proxy within the domain.

Prerequisites

  • Verify that you have the proxy server information.
  1. Log in to the Workspace ONE Access console and navigate to the Appliance Settings > VA Configuration page.
  2. Click Manage Configuration, log in with the admin user password, and click Proxy Configuration.
  3. Enable Proxy.
  4. In the Proxy host with port text box, enter the proxy name and port number. For example, proxyhost.example.com:3128.
  5. In the Non-Proxied hosts text box, enter the non-proxy hosts that are accessed without going through the proxy server.

    Use a comma to separate a list of host names.

  6. Click Save.

Results

The VMware update servers are now available to the Workspace ONE Access virtual appliance.

Check for the Availability of a Workspace ONE Access Upgrade Online

If your existing Workspace ONE Access 21.08.X virtual appliance has Internet connectivity, you can check for the availability of upgrades online from the appliance.

  1. Log in to the virtual appliance as the root user.
  2. Run the following command to check for an online upgrade. 
    /usr/local/horizon/update/updatemgr.hzn check