Browse Category

VMware NSX

VMware NSX 6.3.5 Upgrade Process with Step-by-Step

The VMware NSX 6.3.5 upgrade is fairly straightforward. The NSX Manager does most of the heavy lifting with a little bit of instruction from us and there’s only a small amount of manual interaction to ensure component upgrades are performed at your discretion, in order to maintain edge connectivity during the process. Please use the official VMware NSX 6.3 Upgrade Guide documentation for your efforts. My intentions with this post are for preview purposes only, so you can know what to expect.

As always, ensure your backups are current for NSX Manager before beginning. If you have support, a proactive support ticket to seed the details of your upgrade plan with versions and components greatly speeds up support, should you hit a snag.

VMware NSX 6.3.5 Upgrade Process

Determine the current version of VMware NSX by navigating to the “Installation” section in “Networking & Security”.

Verify that your NSX version is compatible with the latest upgrade in the VMware Interoperability Matrix – Upgrade Path. NSX versions from 6.2 forward are compatible with 6.3.5, as you’ll see below.

Log into the NSX Manager with admin credentials and click “Upgrade” on the home screen. The upgrade process takes about 30-60 minutes overall, so make sure you’ve got the time you need.

Click the “Upgrade” button in the upper right corner of the screen. From here on out, it’s critical that we let the following stages run without interruption.

Click on “Choose File” and navigate to the NSX upgrade bundle that ends in tar.gz. The upgrade bundle is a separate download from the appliance, so make sure you’ve got the correct bits before continuing.

Select the NSX upgrade bundle and click “Open” and then “Continue”. Upon clicking “Continue”, NSX Manager uploads the upgrade bundle and stages it. After staging the build, NSX Manager verifies the upgrade bundle to validate authenticity and payload.

After the verification is complete, you’re presented with the upgrade dialog summary. Ensure you have selected your desired SSH mode and if you wish to participate in the VMware Customer Experience Program. Once you’re prepared to continue, click the “Upgrade” button and the upgrade will begin.

Once the NSX upgrade has begun, you’ll see the status of running.

After verifying the post upgrade version of NSX Manager, log into vCenter, navigate to “Networking & Security”, “Installation” and ensure other NSX Controllers have been upgraded as well.

Finally, navigate to “NSX Edges”, select each Edge, right click and select “Upgrade” to upgrade your NSX Edge nodes.

Verify that the NSX Edge nodes have been upgraded to the correct version.

Once you’ve completed the NSX Edge upgrades the NSX vSphere host upgrades need to be run. Click the “Upgrade available” in NSX Component Installation on Hosts.

After host upgrades, perform a NSX backup and do some general connectivity tests to ensure operation. Having a scripted ping test that pings to and from different components on the network makes testing quite a bit quicker, so it’s not a bad idea to spend some time on that beforehand.

As always, feel free to hit me up with questions and whatever you do, #runNSX.

What’s New in VMware NSX 6.3.5?

With the last few NSX releases, our overall focus has been on compliance and product parity. VMware NSX 6.3.5 primarily delivers improvements and enhancements in Guest Introspection, L2 VPN and the remediation of 32 defects.

VMware NSX 6.3.5 provides improvements in Guest Introspection VM’s, that on deployment, are named Guest Introspection (XX.XX.XX.XX), where XX.XX.XX.XX is the IPv4 address of the host on which the GI machine resides and occurs during the initial deployment of GI. Naming the GI VM with the IP address of it’s host, will provide VMware admins some much needed information, at a glance.

The L2 VPN service now supports changing and/or enabling logging on the fly – without a process restart, enhanced logging, tunnel state and statistics, events for tunnel status changes and a number of CLI enhancements. This provides for greater troubleshooting capabilities for L2 VPN configurations and the like.

Of the 32 defects fixed, Resolved Issue 19879763 that causes NSX Controllers to expire root passwords 90 days after build, is the most notable. The issue is detailed in KB000051144 – Deploying NSX Controller fails in NSX-v 6.3.3 and 6.3.4.

The NSX 6.3.5 Release Notes do not contain the Resolved Issue, as VMware development re-released 6.3.3 and 6.3.4, adding it to the Resolved Issue in those product release notes respectively. Details on the rest of the defects can be found in the release notes as usual, so check there for more details.

As for requirements, they are vSphere 5.5U3, vSphere 6.0U3, as well as, vSphere 6.5U1 and later. All versions of VMware Tools are supported. Some Guest Introspection-based features require newer VMware Tools versions, so see the release notes. As for version compatibility with other VMware products, like vRealize Network Insight and Log Insight, see the VMware Product Interoperability Matrix.

For more information, as always, make sure you read the release notes, contact your VMware account team and engage VMware support proactively.

ADD A VMWARE NSX SECURITY TAG TO A VM IN THE SECONDARY NSX MANAGER VIA API

I recently had a coworker ask how to add a VMware NSX Security Tag to a VM that was under management of the secondary VMware NSX Manager. While NSX provides the ability to create and manage NSX Security Tags via the UI (GUI), only the API can manage Security Tags on VMs managed by the secondary NSX Manager.

After a bit of reading documentation and poking at the API, here’s the how-to:

 

ADD A VMWARE NSX SECURITY TAG TO A VM IN THE SECONDARY NSX MANAGER VIA API

API command:
POST /api/2.0/services/securitytags/tag/{tagId}/vm

*with a BODY REQUST: application.xml replacing the value for the vmname

<securityTagAssignment>
<tagParameter>
<key>vmname</key>
<value>myvmserver1</value>
</tagParameter>
</securityTagAssignment>

*don’t forget to change the solution criteria to vmname from uuid

Source: https://docs.vmware.com/en/VMware-NSX-for-vSphere/6.3/nsx_63_api.pdf (pages 75 and 76)