Upgrading to vSphere 6.5?

Upgrading. It’s inevitable!

At some point, this is a bridge that all vSphere admins will need to jump off.

As with the capabilities of each release of vSphere (6.5 included), the upgrade process has evolved to become a more refined and simplified process. I’m not saying that an upgrade is a walk in the park, there are simply to many variables to make that statement. What I am saying is that the documentation around the upgrade process, along with the migration and upgrade tools that are available, have led to fewer sleepless nights by those that are tasked with caring for the environment.

If your company is still running a version of vSphere older than 6.0, now would probably be a good time to start thinking about jumping off the proverbial bridge. As you can see from the table below, vSphere 5.5 is end of support in September of this year with 5.1 and earlier nothing more than a fond but distant memory.

Planning a vSphere upgrade or deployment takes a certain amount of time and a fair amount of knowledge, especially if it is to be executed with a successful outcome in mind. The larger and more complex the environment, the more time and experience required by those working on the project.

With the operational stability of potentially the entire data center resting on the outcome of this kind of project, there should be no substitute for thoroughly documenting the environment and the planning of the migration or upgrade process.

Over the years I’ve had my fair share of conversations with customers who prefer to go it alone instead of enlisting the help and guidance of VMware Professional Services or one of our Certified Delivery Partners. For some this route might be feasible.

Personally I’d rather have a seasoned veteran, a VMware Partner that does this kind of thing every day, assisting me with the project to ensure that no step, regardless of how minor or seemingly insignificant, has been over looked.

Regardless of the route you take, here are a few things to start thinking about as you begin planning your upgrade and or migration.

  1. What version of vSphere are you currently running?
    1. If the environment is on a version lower than 5.5, you will need to perform an intermediary upgrade, or upgrades, to get to 5.5. KB2053132 provides some best practice guidelines when upgrading to vCenter 5.5.
    2. If the environment is already at the 5.5 version you can proceed without any additional steps.
  2. Are you currently running the Windows-based deployment of vCenter or the vCenter Server Virtual Appliance (VCSA)?
    1. If the Windows-based vCenter is what you are currently using, you have 2 options available.
      1. You can continue with the Windows version of vCenter and perform an in place upgrade. In this case you lose out on a number of new capabilities introduced in 6.5 that are only available with the vCenter appliance.
      2. Or you could perform a migration of your Windows vCenter and external database server (Oracle or SQL) to the vCenter Server Virtual Appliance with its embedded Postgres database. This route also allows for some cost savings in the form of reducing the number of Windows OS and Oracle or SQL database licenses needed.
    2. If you are already using the vCenter Server Appliance version 5.5 or 6.0, you can perform an in place upgrade to the 6.5 version.
  3. The next step involves upgrading your ESXi hosts to 6.5. There are numerous different ways to achieve this including the old burn the ISO to cd-rom method, using vSphere Update Manager or my personal favorite, via the command line using esxcli.
  4. The final step is to update VMware Tools on all your guest virtual machines to the latest version and update the virtual hardware version for those same virtual machines so that they can take advantage of the new capabilities in the 6.5 version of the hypervisor.

Another web-based tool that I use is the vSphere 6.5 Topology and Upgrade Planning tool. (Output in the image below) It allows you to input certain information about the source environment as well as what the desired architectural state of the completed environment should look like (moving from embedded to external PSC etc). Using this information, the tool will visually and textually map out the process for you to follow to get to the desired outcome.

I’ll leave you with one last thought. vCenter and ESXi are not the only software components in the typical data center. Think about management and automation components. What about network virtualization and security software? What about other non-VMware software such as backup and recovery software that has a dependency on vCenter and ESXi and the version they are running?

Posted in SDDC, vSphere | Leave a comment

vSphere Patch Validation script for Spectre

One of our tech guys wrote a very neat little PowerCLI script to inspect the vCenter and ESXi hosts within a vSphere environment to determine the status of the current build version against the Spectre vulnerability.

I take no credit in any way for the script. All credit goes to Vikas.  Here is a high level overview of what the script does.

  1. Validates vCenter current build against patched build.
  2. Connects to the hosts within the specified cluster.
  3. A small VM is created on each host and powered on and off to determine the host build status.
  4. Output is written to a .csv file for analysis.

The script itself can be downloaded from Vikas’ blog or from his GitHub repository.

Edit: VMware have also released another Security Advisory VMSA-2018-004 that details the patches required for the environment along with additional requirements that need to be met to mitigate the guest OS vulnerability. (apart from the obvious guest OS patches)

One point I’d like to call out is that in all instances, the vCenter server, if used, should be patched first, followed by the ESXi hosts and then the VM hardware version. For details on how to update the VM hardware version please see KB article KB1010675.

Below is a short video of the script in action.

*Please note, this script is provided as is and without support. Use at your own risk.

Posted in Security, vSphere | Leave a comment

VMware Virtual Appliances – Spectre & Meltdown

VMware has released additional information, in the form of KB52264, regarding the impact that the recent CPU flaw has had on its virtual appliances.

Please note that this KB article is a work in progress and new updates will be published, in this same KB article, as the internal review is completed per virtual appliance.

To summarize the current status, the following virtual appliances are not affected.

  • VMware NSX for vSphere
  • VMware Unified Access Gateway
  • VMware vCenter Server 5.5
  • VMware vRealize Log Insight
  • VMware vRealize Operations
  • VMware vRealize Orchestrator

The following virtual appliances have been identified thus far as being affected.

  • VMware Identity Manager
  • VMware vCenter Server 6.5
  • VMware vCenter Server 6.0
  • VMware vSphere Integrated Containers
Posted in Security | Leave a comment