vSphere 5.1 was greatly anticipated by all of the VMware Customers that watched the VMworld keynote address and attended the early VMworld sessions and today it became generally available for download on the VMware web site. Even though this is a dot release for VMware it brings some important new features and functionality, not just for the core vSphere hypervisor, but also the other products that make up the core of the vCloud Suites, including vCloud Networking and Security, vCloud Director and Site Recovery Manager. This article will cover some important considerations that you need to consider when you are planning to upgrade to vSphere 5.1.
This article won’t go into detail on the new features of vSphere 5.1, but there are many. I will cover some of the key ones in a VMworld wrap up article. This objective of this article is to give you some brief highlights of some of the important things to consider (in my opinion) when planning an upgrade to vSphere 5.1 and highlight some important known issues. I would recommend that you review the What’s New in vSphere 5.1 document for all of the great new features and benefits. These considerations are not exhaustive.
I would like to thank VMware for getting out all of the core vSphere / vCloud suite components at the same time with this release and also getting out the minor compatibility releases for the management tools that integrate into them as well. This will make the upgrade planning and process much easier for customers overall and means that customers can take advantage of the additional benefits in vSphere 5.1 much earlier than was possible with previous releases. Keep up the great work, it is greatly appreciated.
VMware has put in considerable effort to advise customers of the various upgrade scenarios that are supported. The vSphere 5.1 Upgrade Guide is fairly comprehensive at 204 pages. I would highly recommend you read and understand it before attempting the upgrade in addition to going through all the product release notes that are relevant to your environment.
vCloud Suite Licensing
vRAM is gone! Now you have the option of a vCloud Suite License. If you choose this option you will license your environment by CPU socket, with unlimited cores, unlimited memory, and entitlement to run an unlimited number of the included suite software components (based on suite edition) on all licensed CPU sockets. An important thing to note is the vCloud Suite licenses can’t be split and their component parts. There are three suite editions available each with different software components included. I would recommend that you review and compare the editions.
vCenter 5.1
As with vSphere 4.1 and 5.0 vCenter is supported on 64bit OS only. Now though there is the important addition of Single SignOn (SSO). This makes auditing and control of the environment much more robust, and at the same time creates an additional component and design considerations. VMware with the vSphere 5.1 release now allows for the Inventory Service, in addition to the SSO service to be split out for scalability and performance reasons. Note as of View 5.1 the View Composer service can also run on a separate server. However there is no guidance currently as to when it makes sense to run a split install of this nature. I’d recommend you check out my article vSphere 5.1 Gotcha with Single Sign On (SSO).
vCenter 5.1 features the new full function vSphere Next Generation Client, a.k.a. the vSphere Web Client. There is now more functionality in the web client than in the traditional C# client. However not all plug-ins and components are fully integrated to the new client, and not all plug-ins and components work with SSO currently. The scalability and usability of the web client has been greatly improved and this is overall a great improvement in the way vSphere environments are managed. Cisco Nexus 1000V 4.2(1) SV1(5.2) is required for vSphere 5.1 support.
ESXi 5.1
Update Manager can be used to upgrade 4.x and 5.0 hosts to 5.1. Review the important known issues below and all the release notes. The behaviour of lockdown mode has changed again in vSphere 5.1 and there are important enhancements to the way AD Auth for vSphere hosts works, which allows greatly enhanced audit-ability (among other things). Check that you have the drivers you need and that your hosts are compatible and on the HCL as normal. There are some important new deployment possibilities for Auto Deploy, which now includes stateless caching and stateful install (think an easier way to install instead of using Kickstart scripts). Even if you don’t plan on using Auto Deploy my recommendation is to use Image Builder to create your upgrade image and include all the necessary drivers and OEM CIM providers and agent modules (such as vShield App, FDM, Nexus 1000v VEM etc) that you need. Some of the OEM vendors have already released their customized images that you can leverage to save some time, but you might want to pull out some of the modules to trim them down. Regardless if you’re using Auto Deploy or not consider using the image profile that doesn’t include VMware Tools. This will save about 50% storage for the hypervisor image, but beware you will need to create a VMware Tools locker location for all your hosts to be able to grab the VMware tools bundles (see Setting Up a Shared VMware Tools Directory).
Update Manager 5.1
Update Manager and Update Manager Download Service only installs on 64bit Windows OS.
Site Recovery Manager 5.1
There are limited Storage Replication Adapters currently available. Ensure your array is currently supported at the time you go to upgrade your environment. The upgrade of SRM and vCenter Server go hand in hand. As of the date this article is published the product interoperability matrix has not yet been updated.
vCloud Director 5.1
Optionally supports SSO for authentication. Storage Tiering within a single PvDC may change how you want to define your service offerings and pricing/charging within a PvDC. Org vDC Networks constrained within an Org vDC replace Organization wide networks as the default. There is an option to ‘share’ Org VDC networks to maintain compatibility and allow a smooth upgrade. VXLAN now integrated in vCloud Director and part of vSphere Distributed Switch (note name change). RHEL 6.2 now supported as a vCD Cell OS. You will have to upgrade vShield Manager as part of the upgrade process and this may require a change of virtual hardware configuration (see Kernel Panic in vShield Manager after Upgrade to 5.1 and KB 2035939).
vCenter Server Heartbeat 6.5
If using previous version of vCenter Server Heartbeat you will be required to upgrade to 6.5 for vCenter 5.1 support. vCenter Server Heartbeat 6.5 supports the new vCenter components and all vCenter deployment architectures, including split install. vCenter Server Heartbeat is backwards compatible with previous versions of vCenter 4.x and 5.0. vCenter Server Heartbeat also supports protection of View Composer 3.0 in a separate server from vCenter. Consider the operational implications of having vCenter Server Heartbeat pairs for all of the supported components in a split install scenario, initially I would recommend that the components remain on the vCenter Server unless there is a good reason to split them out, and in that case consider if they need to be protected with vCenter Server Heartbeat.
SSL Certificates
VMware has published a separate guide to Replacing SSL Certificates in vCenter 5.1 and ESXi 5.1. I would highly recommend you DO NOT review this document if you are running trusted / CA signed SSL certificates in your environment. It will cause you more trouble than it’ll solve. I have published two articles on SSL certificates in vSphere 5.1 based on work I did with a wider VMware Team that got made into KB articles. We have tested the procedures. I would recommend that you use these articles – Updating CA SSL Certificates in vSphere 5.1 and Updating CA SSL Certificates in vSphere 5.1 vCenter Virtual Appliance. I expect VMware will review their official product documentation as part of the next release so that we don’t have to go through multiple KB’s.
vCenter Operations Manager and Other Components
There are minor point release updates to vCenter Operations Manager, Virtual Infrastructure Navigator, vCenter Configuration Manager, vCenter Chargeback Manager and other VMware management components that introduce compatibility with vSphere 5.1 and are available for download now.
Important Known Issues
Here is a selection of some of the known issues I think are important, there are others that are covered in the release notes, but these ones stood out for me.
You may not be able to access vCenter Server logged into the vSphere Web Client as the default SSO admin (admin@system-domain). This is by design. See my article vSphere 5.1 Gotcha with Single Sign On (SSO) for the reasons why and how to avoid being locked out of your vCenter.
Enabling or Disabling View Storage Accelerator in View 5.1 might cause ESXi 5.1 hosts to lose connectivity to vCenter Server – see vSphere 5.1 Release Notes. vSphere 5.1 does not currently support any version of VMware View. View 5.1 is explicitely not compatible with the GA release of vSphere 5.1. There has been an alert posted on the VMware Downloads page and referenced through to KB 2035268.
Update Manager 5.1 reports the compliance status as Incompatible when scanning or remediating ESXi 5.x hosts that belong to an HA cluster – see Update Manager 5.1 Release Notes
PowerPath/VE 5.7 and 5.7 P01 and vSphere 5.1 are not compatible. If you are using PowerPath/VE in your environment you will need PowerPath/VE 5.7 P02 and a vSphere patch that will be available from support – see VMware KB 2034796
Unicast Flooding with Multi-NIC vMotion – see The Good, The Great, and the Gotcha with Multi-NIC vMotion in vSphere 5
vShield Manager Upgrade Bundle may download as a .gz, which is unsupported in the Upload Upgrade Bundle section in vShield Manager 5.0. The file needs to be renamed .tar.gz to allow the upgrade to succeed. This appears to be a problem only with the Google Chrome Browser. If you don’t wish to rename the file after download you may choose to use an alternative browser.
CA Signed SSL Certificates may cause trouble with the upgrade process of vCenter. I have heard reports of difficulties with the upgrade process of vCenter particularly with registering Inventory Service and SSO with vCenter when using CA Signed SSL Certificates. As I’m using CA Signed Certificates in my lab environment I will update this article when I have completed my upgrade. If you want a way to fully manage the certificate lifecycle and replace certs automatically then you’ll want to check out vCert Manager – Changing VMware SSL Certs Made Easy. When released this aims to support vSphere 5.1 and will make the process as easy as clicking a button. In the meantime you can review Updating CA SSL Certificates in vSphere 5.1 and Updating CA SSL Certificates in vSphere 5.1 vCenter Virtual Appliance, which will guide you through the update process for SSL Certs.
Troubleshooting SSL certificate updates and Single Sign On (2033240)
vCenter Single Sign On installer reports: Error 29155. Identity source discovery error (2034374)
Kernel Panic in vShield Manager after Upgrade to 5.1
Download Links
vCloud Director 5.1 Download Page
vCloud Networking and Security Download Page
Site Recovery Manager 5.1 Download Page
vCenter Server Heartbeat 6.5 Download Page
VMware KB Articles on New Features
Understanding Stateless Caching and Stateful Installs with Auto Deploy (2032881)
Enabling vSphere Distributed Switch Health Check in the vSphere Web Client (2032878)
Understanding vSphere 5.1 Network Rollback and Recovery – Disabling Network Rollback (2032908)
Final Word
vSphere 5.1 offers some great new features and benefits and an upgrade should be seriously considered. There are enhancements in a number of areas including (but not limited to) quality of service, reliability, scalability, audit-ability, management and performance. vSphere 5.1 continues the tradition of being the best place to run Business Critical Applications. But like all major infrastructure upgrades requires some through and planning. I have already completed the upgrade process for multiple clients successfully and for the most part everything has gone well (with proper planning and testing). I wish you luck with your upgrade process.
—
This post first appeared on the Long White Virtual Clouds blog at longwhiteclouds.com, by Michael Webster +. Copyright © 2012 – IT Solutions 2000 Ltd and Michael Webster +. All rights reserved. Not to be reproduced for commercial purposes without written permission.
[…] vCenter Server, ESX/ESXi hosts, and vShield Edge Appliances for vCloud Director 5.1 (KB Article) vSphere 5.1 Generally Available – Important Upgrade Considerations (Long White Virtual […]
Michael, thanks for the timely post and quick rundown of some of the updated products and dependencies.
Great post mate, nice summary of the release and known issues!
[…] (KBTV Video) Installing VMware vCenter Server 5.1 using the Simple Install method (KBTV Video) vSphere 5.1 Generally Available – Important Upgrade Considerations (Long White Virtual […]
Michael,
I' trying to get my lab VCSA 5.0.0.5480 upgraded, also having trouble with a CA Signed cert. Trying to revert to default certs to see if this will do the trick.
Hi Marco, I've updated my article with a couple of useful links including Troubleshooting the CA Signed Certs. That KB in particular is a must read in my opinion. I hope it helps you. Please let me know if it does.
Spent many hours on the phone with VMware support yesterday about an upgrade failure in the vCenter Server installer:
Error 26002. Setup failed to register VMware vCenter Server to VMware vCenter Inventory Service
Here is VMware's analysis so far:
—
%temp%vcregtool.log reports the below error:
[2012-09-11 19:53:57,701 main ERROR com.vmware.vim.dataservices.vcregtool.RegisterVC] Cannot read VC private key file C:ProgramDataVMwareVMware VirtualCenterSSLrui.key
java.lang.NullPointerException
at com.vmware.vim.dataservices.vcregtool.RegisterVC.loadVcPrivateKey(RegisterVC.java:478)
at com.vmware.vim.dataservices.vcregtool.RegisterVC.loadVcProviderInfo(RegisterVC.java:300)
—
Based on early reports I'm hearing of certificate trouble especially with CA signed certs (AD 2008 R2 in my case) I'm thinking this is all related. I'll follow-up this post if I manage to get anywhere. I'm interested in hearing if others are able to bypass issues by restoring the default cert (hope you backed yours up!).
Aaron, I ran into the same problem. I read on one of the communities post that someone was able to workaround it by replacing their CA signed certs with the original self-signed certs. I haven't tried it yet.
I ran into this error trying to get past a different one (http://communities.vmware.com/message/2116952#2116952)
I attempted to create slightly different certs for vCenter and Inventory service by giving each a different Organization name in the subject of the csr. While this worked fine on 5.0 after restarting all the services. I got the 26002 error during the upgrade. Sort of a success because I did get past the 29107 error.
There definitely seems to be an issue with either Windows 2008 R2 CA signed certificates, or the CA itself.
An other issue:
VMware Converter 5.0 will crash when connecting to vCenter 5.1: http://communities.vmware.com/message/2113969
Thanks for the heads up. I'd expect a new version of Converter soon. Also the PowerPath/VE patches are expected shortly too.
I found a workaround:
Make a VM on ESXi 5.1.0 running ESXi 5.0.0, and use that Virtual ESXi 5.0.0 for Converter 5 to P2V your physicle machines. Gotta like VMware 🙂
[…] and are upgrading their lab environments. I wrote about a number of considerations in my article vSphere 5.1 Generally Available – Important Upgrade Considerations. However a specific issue has come up with some upgrades of vShield Manager to 5.1 that you need […]
[…] [Michael Webster Blog] vSphere 5.1 Generally Available – Important Upgrade Considerations […]
[…] source discovery error (2034374), which is one of the errors that I spoke about in my article vSphere 5.1 Generally Available – Important Upgrade Considerations. When you run into this error you will have to sign into vSphere Web Client using the […]
[…] See great article from Michael Webster site about upgrade considerations […]
[…] See great article from Michael Webster site about upgrade considerations […]
[…] See great article from Michael Webster site about upgrade considerations […]
[…] the Simple Install method (KBTV Video) Installing ESXi 5.x in VMware Workstation (KB Article/Video) vSphere 5.1 Generally Available – Important Upgrade Considerations (Long White Virtual Clouds) ESXi 5.1 Upgrade fails with the error: Cannot execute upgrade script on […]
Has anyone figured out how to do this yet? Is it any better with newer versions of 5.1? I am getting ready to upgrade and these comments are making me pretty nervous since I have CA signed certs on Win 2008 also.
Hi Tim, We have figured out how to do the certs. Firstly you'll need to make sure your certs have a bit strength of 2048 or greater. Then you can have a look at the article on changing out certs as relevant at the following location – http://longwhiteclouds.com/2012/10/27/updating-ca…. The upgrade process itself should be better with 5.1b, which has recently come out.
Also thanks for prompting me to update the article. I missed the update when the SSL articles were published. I wish you luck with the upgrade. I would recommend you test it in your lab or offline if you can before doing production. Good luck.
My issues were resolved with the release of 5.1.0a and I have been running vCenter 5.1 smoothly since the release of the updated installer. I suspect 5.1.0b further improves the upgrade situation.
[…] vSphere 5.1 Generally Available – Important Upgrade Considerations […]
[…] http://longwhiteclouds.com/2012/09/12/vsphere-5-1-generally-available-important-upgrade-consideratio… […]