functiontemporarilyunavailable
VMwarevCloudArchitectureToolkitforServiceProvidersVMwarevCloudNetworkingandSecurityUpgradetoVMwareNSXinVMwarevCloudDirectorEnvironmentsVersion2.
9January2018TomasFojtaVMwarevCloudNetworkingandSecurityUpgradetoVMwareNSXinVMwarevCloudDirectorEnvironments2|VMwarevCloudArchitectureToolkitforServiceProviders2018Inc.
Allrightsreserved.
ThisproductisprotectedbyU.
S.
andinternationalcopyrightandintellectualpropertylaws.
Thisproductiscoveredbyoneormorepatentslistedathttp://www.
vmware.
com/download/patents.
html.
VMwareisaregisteredtrademarkortrademarkofVMware,Inc.
intheUnitedStatesand/orotherjurisdictions.
Allothermarksandnamesmentionedhereinmaybetrademarksoftheirrespectivecompanies.
VMware,Inc.
3401HillviewAvePaloAlto,CA94304www.
vmware.
comVMwarevCloudNetworkingandSecurityUpgradetoVMwareNSXinVMwarevCloudDirectorEnvironments3|VMwarevCloudArchitectureToolkitforServiceProvidersContentsIntroduction5InteroperabilityandUpgradePath62.
1SolutionInteroperability.
62.
2UpgradePaths7ImpactofNetworkVirtualizationTechnology103.
1CiscoNexus1000V.
103.
2vCloudDirectorNetworkIsolation(VCDNI)10MigrationConsiderations114.
1PortRequirements114.
2vCloudDirectorLegacyEdgeCompatibility.
124.
3Management144.
4Licensing154.
5NSXControllerCluster.
154.
6VMwareNSXVIBUpgrade.
164.
7ControlPlaneMode194.
8VMwarevShieldAppandVMwarevShieldEndpoint20MigrationScenariowithMinimalProductionImpact21ReferenceDocuments23VMwarevCloudNetworkingandSecurityUpgradetoVMwareNSXinVMwarevCloudDirectorEnvironments4|VMwarevCloudArchitectureToolkitforServiceProvidersListofTablesTable1.
RequiredNetworkPorts.
11Table2.
NSXControllerClusterRequirements15Table3.
SolutionVersionOverview.
21Table4.
UpgradeScenarioSteps.
21ListofFiguresFigure1.
vCloudDirectortovCloudNetworkingandSecurityandVMwareNSXInteroperability.
6Figure2.
vCloudDirectortovCenterChargebackInteroperability7Figure3.
VMwareNSXUpgradePaths8Figure4.
vCloudDirectorUpgradePaths.
9Figure5.
vCloudNetworkingandSecurityIntegrationwithExternalSwitchProviders.
10Figure6.
VMwareNSXCommunicationRequirements.
11Figure7.
NSXEdgeNodesinLegacyCompatibilityMode12Figure8.
NSXManagerApplianceUserInterface.
14Figure9.
VMwarevCenterSingleSign-OnUserConfiguredinVMwareNSX.
14Figure10.
VMwareNSXUserInterfaceinvSphereWebClient.
15Figure11.
VMwareNSXVIBUpgrade.
16Figure12.
NotReadyStateinVMwareNSXUserInterface17Figure13.
RebootRequiredinvSphere17Figure14.
ChangeofTransportZoneControlPlaneMode(1of2)19Figure15.
ChangeofTransportZoneControlPlaneMode(2of2)19VMwarevCloudNetworkingandSecurityUpgradetoVMwareNSXinVMwarevCloudDirectorEnvironments5|VMwarevCloudArchitectureToolkitforServiceProvidersIntroductionVMwarevCloudDirectorreliesonVMwarevCloudNetworkingandSecurityorVMwareNSXforvSpheretoprovideabstractionofthenetworkingservices.
Untilnow,bothplatformscouldbeusedinterchangeablybecausetheybothprovidethesameAPIsthatvCloudDirectorusestoprovidenetworksandnetworkingservices.
ThevCloudNetworkingandSecurityplatformend-of-support(EOS)dateis19September2016.
OnlyNSXforvSpherewillbesupportedwithvCloudDirectorafterthevCloudNetworkingandSecurityend-of-supportdate.
Tosecurethehighestlevelofsupportandcompatibilitygoingforward,migratefromvCloudNetworkingandSecuritytoNSXforvSphere.
Thisdocumentprovidesguidanceandconsiderationstosimplifytheprocessandtounderstandtheimpactofchangestotheenvironment.
NSXforvSphereprovidesasmooth,in-placeupgradefromvCloudNetworkingandSecurity.
TheupgradeprocessisdocumentedinthecorrespondingVMwareNSXUpgradeGuides(versions6.
01,v6.
12,6.
23).
Thisdocumentisnotmeanttoreplacetheseguides.
Instead,itaugmentsthemwithspecificinformationthatappliestotheusageofvCloudDirectorinserviceproviderenvironments.
1http://pubs.
vmware.
com/NSX-6/topic/com.
vmware.
ICbase/PDF/nsx_6_install.
pdf2http://pubs.
vmware.
com/NSX-61/topic/com.
vmware.
ICbase/PDF/nsx_61_install.
pdf3http://pubs.
vmware.
com/NSX-62/topic/com.
vmware.
nsx.
upgrade.
doc/GUID-4613AC10-BC73-4404-AF80-26E924EF5FE0.
htmlVMwarevCloudNetworkingandSecurityUpgradetoVMwareNSXinVMwarevCloudDirectorEnvironments6|VMwarevCloudArchitectureToolkitforServiceProvidersInteroperabilityandUpgradePathVMwareprovidessolutioninteroperabilityandupgradepathmatrixes4thatlistverifiedandsupportedproductcombinations.
Thesematrixesareupdatedfrequentlyasnewproductversionsarereleased.
Therefore,refertothematrixesbeforetheactualmigrationplanning.
2.
1SolutionInteroperabilityThefollowingfigurehighlightskeyconstraintsandconsiderationsthatarevalidatthetimeofthiswriting.
ThekeyconsiderationfocusesonvCloudDirectorsupportoftheunderlyingnetworkingplatformreleases.
Figure1.
vCloudDirectortovCloudNetworkingandSecurityandVMwareNSXInteroperability4http://partnerweb.
vmware.
com/comp_guide2/sim/interop_matrix.
phpVMwarevCloudNetworkingandSecurityUpgradetoVMwareNSXinVMwarevCloudDirectorEnvironments7|VMwarevCloudArchitectureToolkitforServiceProvidersNotevCloudDirector8.
10supportsonlyVMwareNSXandisnotcompatiblewithvCloudNetworkingandSecurity.
ThismeansmigrationfromvCloudNetworkingandSecuritytoVMwareNSXmustbedonewhilerunningavCloudDirectorversionearlierthan8.
10.
ThenetworkplatformversionisstoredinvClouddatabaseandcheckedduringavCloudDirector8.
10upgrade.
Therearealsoothersolutioninteroperabilityconstraintsbasedonserviceproviderenvironments.
Forexample,whileVMwareNSXprovidesbackwardcompatibilityforVMwarevShieldAPIs(sothatmostofthetoolsusingtheseAPIsstillfunction),serviceprovidersareencouragedtoverifysupportpriortotheiractualproductionupgrade.
Thesetoolsmightincludecustomnetworkmonitoringormeteringsolutions.
Forexample,VMwarevCenterChargebackManagercollectsnetworktransferdatathroughtheVMwarevShieldManagerDataCollectorthatusesavShieldAPI.
NoteAtthetimeofwritingthisdocument,themostrecentversionofvCenterChargebackManager,version2.
7.
1,isnotsupportedwithvSphere6andvCloudDirector8.
10.
Figure2.
vCloudDirectortovCenterChargebackInteroperability2.
2UpgradePathsIngeneral,theupgradefromvCloudNetworkingandSecuritytoNSXforvSphereisachievedbyupgradingvShieldManagerwithaspecialVMware-vShield-Manager-Upgrade-bundle-to-NSXupgradebundle.
CurrentlythisupgradebundleisavailableforallNSXforvSpherereleases,except6.
2.
1.
VMwarerecommendsupgradingtothehighestsupportedVMwareNSXversionbasedonthevarioussolutionsandtoolsincorporatedintheserviceproviderenvironment(vCloudDirector,vSphere,andsoon).
VMwarevCloudNetworkingandSecurityUpgradetoVMwareNSXinVMwarevCloudDirectorEnvironments8|VMwarevCloudArchitectureToolkitforServiceProvidersFigure3.
VMwareNSXUpgradePathsVMwarevCloudNetworkingandSecurityUpgradetoVMwareNSXinVMwarevCloudDirectorEnvironments9|VMwarevCloudArchitectureToolkitforServiceProvidersFigure4.
vCloudDirectorUpgradePathsVMwarevCloudNetworkingandSecurityUpgradetoVMwareNSXinVMwarevCloudDirectorEnvironments10|VMwarevCloudArchitectureToolkitforServiceProvidersImpactofNetworkVirtualizationTechnologyvCloudDirectorcurrentlysupportsvariousnetworkvirtualizationtechnologies,someofwhicharelegacytechnologiesthatarenolongerrecommendedgoingforward.
ThemostscalablerecommendedvirtualizationtechnologyisVirtualExtensibleLAN(VXLAN).
3.
1CiscoNexus1000VvCloudDirectorsupportstheCiscoNexus1000VvirtualdistributedswitchthroughtheExternalSwitchProviderfeatureofvShieldManager.
ThevShieldAPIcallstodeploy,manage,ordeletevirtualnetworksarethentranslatedtoNetworkSegmentationManagerAPIs,whichrunontheCiscoVirtualSupervisorModule—themanagementcomponentofNexus1000Vswitch.
ThelogicalnetworkscanbeVLAN-basedorVXLAN-based.
Figure5.
vCloudNetworkingandSecurityIntegrationwithExternalSwitchProvidersThisfunctionalityisnolongersupportedwithVMwareNSX.
Insuchcases,youmustfirstmigratefromCiscoNexus1000VtoVMwarevSphereDistributedSwitchandthensubsequentlymigratetoVMwareNSX.
Theactualmigrationstepsareoutofscopeforthisdocument.
3.
2vCloudDirectorNetworkIsolation(VCDNI)BeforeVXLANgainedmassadoption,vCloudDirectorreliedonvCloudnetworkisolationtechnologytoprovidealogicalnetworkoverlay.
ThisMAC-in-MACproprietaryencapsulationtechnologyisstillsupported,however,supportforthistechnologyisnowdeprecated.
UnlikeVXLANlogicalnetworks,VCDNIlogicalnetworksarecreateddirectlybyvCloudDirector,whichcommunicateswithVMwareESXihoststhroughthevCloudAgentrunningintheVMkernel.
Therefore,avCloudNetworkingandSecurityupgradehasnoimpactonVCDNInetworksandthereisnolimitationofusingthemtogetherwithVMwareNSX.
Serviceprovidersare,however,encouragedtouseVXLANtechnologybecauseVCDNIisadeprecatedtechnologyandissupportedonlyforlegacydeployments.
ThemigrationstepsfromVCDNItoVXLANareoutofscopeforthisdocument.
VMwarevCloudNetworkingandSecurityUpgradetoVMwareNSXinVMwarevCloudDirectorEnvironments11|VMwarevCloudArchitectureToolkitforServiceProvidersMigrationConsiderations4.
1PortRequirementsNSXforvSphererequiresadditionalportstobeopenedbetweenvariouscomponentsoftheserviceprovider'ssolution.
Thisisduetothenewcontrolplanemechanismaswellasthemanagementplanemessagebus.
Figure6.
VMwareNSXCommunicationRequirementsTable1.
RequiredNetworkPortsSourceTargetPortProtocolNotesESXiHostVMwareNSXManager5671TCPNewrequirement(RabbitMQ)ESXiHostVMwareNSXController1234TCPNewrequirement(UserWorldAgent)NSXManagerNSXController443TCPNewrequirementNSXControllerNSXController2878,2888,3888,7777,30865TCPNewrequirementNSXManagerVMwarevCenterServer443,902TCPSameasvShieldManagervCenterServerNSXManager80TCPSameasvShieldManagerNSXManagerESXiHost443,902TCPSameasvShieldManagerNSXManagerESXiHost8301,8302UDPNewrequirement(DVSSync)VMwarevCloudNetworkingandSecurityUpgradetoVMwareNSXinVMwarevCloudDirectorEnvironments12|VMwarevCloudArchitectureToolkitforServiceProvidersSourceTargetPortProtocolNotesESXiHostNSXManager8301,8302UDPNewrequirement(DVSSync)ESXiHostvCenterServer80TCPSameasvShieldManagervCenterServerESXiHost80TCPSameasvShieldManagerNoteAdditionalportsareneededforNTP(TCP123),DNS(TCP53),andSyslog(TCP514).
4.
2vCloudDirectorLegacyEdgeCompatibilityTherearechangesinbehaviorbetweenvCloudDirector8.
10andpreviousversions.
4.
2.
1vCloudDirector8.
0andEarlierInvCloudDirector8.
0andearlierversions,OrganizationVDCandvAppedgegatewaysaredeployedinvShield(legacy)compatibilitymode(NSXEdgeversion5.
5.
4).
Figure7.
NSXEdgeNodesinLegacyCompatibilityModeItisimportantinvCloudDirector8.
0andearliernottoupgradelegacyedgeservicesgatewaystoVMwareNSXversion6becausethiswillbreakvCloudDirectorcompatibility.
OlderversionsofvCloudDirector5.
5.
xand5.
6.
xhaveabugthatresultsinanedgeupgradeonvCloudDirectorredeployaction.
Topreventthisbehavior,thefollowingvCloudDirectordatabasechangeisnecessarypriortovCloudNetworkandSecuritymigration.
WhenupgradingtoVMwareNSX6.
2,addthefollowinglinetotheconfigtableinthevCloudDirectorSQLServerdatabase:INSERTINTOconfig(cat,name,value,sortorder)VALUES('vcloud','networking.
edge_version_for_vsm6.
2','5.
5',0);NoteUsenetworking.
edge_version_for_vsm6.
1ifNSX6.
1isusedornetworking.
edge_version_for_vsm6.
0ifNSX6.
0isused.
Formoreinformation,seethefollowingVMwareKnowledgeBasearticles:http://kb.
vmware.
com/kb/2096351andhttp://kb.
vmware.
com/kb/2108913.
VMwarevCloudNetworkingandSecurityUpgradetoVMwareNSXinVMwarevCloudDirectorEnvironments13|VMwarevCloudArchitectureToolkitforServiceProviders4.
2.
2vCloudDirector8.
10InvCloudDirector8.
10,edgegatewaysandvAppedgesaredeployedasfullNSXEdgenodes(version6.
x)withthesamefeatureset,accessiblethroughtheuserinterfaceorAPI,aslegacyNSXEdgenodes.
vCloudDirector8.
10alsosupportslegacyedgesdeployedbeforeupgradetovCloudDirector8.
10.
VMwarerecommendsredeployingtheoldedgesinvCloudDirectororupgradingtheminVMwareNSXtoleveragethemoreefficientmessagebuscommunicationmodewithNSXManagerasopposedtothelegacyVIXAPImode.
IftheNSXEdgenodesareupgradeddirectlyinVMwareNSX,verifythatvCloudDirectorisstillrunningbecauseitneedstobenotifiedabouttheNSXEdgeversionchange.
ThefollowingPowerShellscriptshowshowtheVMwareNSXAPIcanbeusedtoautomatetheupgradeofallNSXEdgenodes(shownforinformationalpurposesonly).
$Username="admin"$Password="default"$NSXManager="nsx01.
gcp.
local"$TargetVersion="6.
2.
3"###Createauthorizationstringandstorein$head$auth=[System.
Convert]::ToBase64String([System.
Text.
Encoding]::UTF8.
GetBytes($Username+":"+$Password))$head=@{"Authorization"="Basic$auth"}##Gettotalnumberofedges$Request="https://$NSXManager/api/4.
0/edges"$r=Invoke-WebRequest-Uri($Request+"startIndex=0&pageSize=1")-Headers$head-ContentType"application/xml"-ErrorAction:Stopif($r.
StatusCode-eq"200"){Write-Host-BackgroundColor:Black-ForegroundColor:GreenStatus:Connectedto$NSXManagersuccessfully.
}$TotalNumberOfEdges=([xml]$r.
content).
pagedEdgeList.
edgePage.
pagingInfo.
totalCount##Getalledges$r=Invoke-WebRequest-Uri($Request+"startIndex=0&pageSize="+$TotalNumberOfEdges)-Headers$head-ContentType"application/xml"-ErrorAction:Stop[xml]$rxml=$r.
Content$Edges=@()foreach($EdgeSummaryin$rxml.
pagedEdgeList.
edgePage.
edgeSummary){$n=@{}|selectName,Id,Version$n.
Name=$edgeSummary.
Name$n.
Id=$edgeSummary.
objectId$n.
Version=$edgeSummary.
appliancesSummary.
vmVersion$Edges+=$n}##Upgradealledgesforeach($Edgein$Edges){if($Edge.
Version-ne$TargetVersion){##UpgradeedgeWrite-Host"UpgradingEdge"$Edge.
Name$Uri="https://$NSXManager/api/4.
0/edges"+"/"+$Edge.
Id+"action=upgrade"$r=Invoke-WebRequest-URI$Uri-MethodPost-Headers$head-ContentType"application/xml"-Body$sxml.
OuterXML-ErrorAction:Stop}}Note:Theupgrade(orredeploy)ofanNSXEdgegatewayimpactsnetworktrafficforashorttime.
VMwarevCloudNetworkingandSecurityUpgradetoVMwareNSXinVMwarevCloudDirectorEnvironments14|VMwarevCloudArchitectureToolkitforServiceProviders4.
3ManagementvCloudNetworkingandSecurityismanagedfromauserinterfacethatisaccessedthroughthevShieldManagerapplianceFQDNorthroughtheVMwarevSphereClient(theinstallableversion).
WhenvShieldManagerisupgradedtoNSXManager,itsuserinterfaceisusedonlyformanagementoftheappliance,whiletheVMwareNSXmanagementisperformedfromtheVMwarevSphereWebClientNSXplug-in.
TheNSXManagerapplianceuserinterfaceisaccessedwithalocalaccount.
ThisistheaccountusedforaccessingthevShieldManagerCLI.
Figure8.
NSXManagerApplianceUserInterfaceTheVMwareNSXuserinterfaceinthevSphereWebClient(seeFigure10)isaccessedwiththeVMwarevCenterSingleSign-OnuserwhohasthenecessaryprivilegesinVMwareNSX(seethefollowingfigure).
Figure9.
VMwarevCenterSingleSign-OnUserConfiguredinVMwareNSXVMwarevCloudNetworkingandSecurityUpgradetoVMwareNSXinVMwarevCloudDirectorEnvironments15|VMwarevCloudArchitectureToolkitforServiceProvidersFigure10.
VMwareNSXUserInterfaceinvSphereWebClient4.
4LicensingVMwareNSXusesadifferentlicensekeythanvCloudNetworkingandSecurity.
AfteranupgradeofvShieldManagertoNSXManager,VMwareNSXwillrunundera60-daytriallicense.
YoumustassignaVMwareNSXlicensekeyinthevSphereWebClient.
4.
5NSXControllerClusterTheNSXControllerclusterisacompletelynewcomponent,whichisdeployedaftersuccessfulNSXManagermigration.
TheclustermustbedeployedbeforeanyoftheadvancedVMwareNSXfeaturesthatrequireitcanbeused.
Table2.
NSXControllerClusterRequirementsNSXFeatureNSXControllerClusterRequirementVXLANtransportcontrolplaneMulticastHybridUnicastDistributedfirewall*NSXEdgeservicesgatewaysDistributedLogicalRouter*VXLAN–VLANbridging*ARPsuppressionVMwarevCloudNetworkingandSecurityUpgradetoVMwareNSXinVMwarevCloudDirectorEnvironments16|VMwarevCloudArchitectureToolkitforServiceProviders*ThesefeaturesarenotnativelyexposedthroughthevCloudDirectoruserinterfaceorAPI.
ThefollowingareNSXControllerclusterdesignconsiderations:TheNSXControllerclusterconsistsofNSXControllernodes,whicharedeployedbyNSXManagertothevSphereenvironmentwhichtheNSXManagerispairedwith.
Therefore,theNSXControllerisrunningintheresourcegroup(customerworkload)vSphereclusters.
AnNSXControllerclusteralwaysconsistsofthreenodes(virtualmachines)deployedbyNSXManager.
Forhighavailabilitypurposes,eachNSXControllernodemustbeplacedonadifferenthost.
Thiscanbeachievedwithamanually-created,anti-affinityDRSrulewithinvSphere.
TheNSXControllernodeVMmustbeconnectedtoastandardordistributedportgroup.
ItcannotbeconnectedtoaVXLAN-basedportgroup(logicalswitch).
NSXControllerinstancesmusthavenetworkconnectivitytoNSXManagerandESXimanagementvmknics.
TheydonotneedtobedeployedinthesameL2subnetorvSpherecluster.
4.
6VMwareNSXVIBUpgradeVMwareNSXmustreplacethevShieldVMkernelmodulesandinstallnewVMwareInstallationBundles(VIBs)oneveryvCloudDirectormanagedESXihost.
ThisisdoneintheVMwareNSXuserinterfacebyclickingUpdatenexttoeachvSpherecluster.
Figure11.
VMwareNSXVIBUpgradeTheupgradeofvShieldorVMwareNSXVIBsrequiresareloadofthenewESXiimageand,therefore,arebootoftheESXihost.
VMwareNSXautomaticallytriestoputeachhostintomaintenancemodeandrebootit.
Thisaction,however,isnotrecommendedinvCloudDirectorenvironmentsfortworeasons:BeforeahostisputintoavSpheremaintenancemode,disableitinvCloudDirectorsothatvCloudDirectordoesnottrytoscheduletasksonthehost(forexample,toperformimageuploads).
Allworkloads(notonlyrunningVMs)mustbeevacuatedduringthemaintenancemode.
AcustomerwhodecidestopoweronaVMorcloneaVMthatisregisteredtoarebooting(andtemporarilyunavailable)hostwouldbeotherwiseimpacted.
VMwarevCloudNetworkingandSecurityUpgradetoVMwareNSXinVMwarevCloudDirectorEnvironments17|VMwarevCloudArchitectureToolkitforServiceProvidersTherefore,VMwarerecommendsthefollowingstepsinstead:1.
BeforeaVIBupgrade,changetheVMwarevSphereDistributedResourceScheduler(DRS)automationmodetomanualoneachvSphereclustertopreventVMwareNSXfromattemptingtoputhostsinmaintenancemode.
CautionDonotdisableDRS.
DisablingDRSwilldeleteyourresourcepoolsandcorruptyourvCloudDirectorinstallation.
2.
AftertheVIBinstallationfinishes,changetheDRSautomationmodetotheinitialsetting.
IntheVMwareNSXuserinterface,hostswillbeintheNotReadystateandwillrequirearebootinvSphere.
Figure12.
NotReadyStateinVMwareNSXUserInterfaceFigure13.
RebootRequiredinvSphere3.
MakesurethateachvSphereclusterhasenoughcapacitytotemporarilyrunwithoutonehost.
(ItisverycommontohaveatleastN+1HAredundancy.
)4.
DisablethehostinvCloudDirector.
5.
PutthehostintovSpheremaintenancemodewhileevacuatingallrunning,suspended,andpowered-offVMs.
6.
Rebootthehost.
7.
Whenthehostcomesup,exitthemaintenancemode.
8.
EnablethehostinvCloudDirector.
9.
Repeatwithotherhosts.
Steps4-9canbeeasilyautomatedandscripted,forexample,withVMwarevSpherePowerCLI.
VMwarevCloudNetworkingandSecurityUpgradetoVMwareNSXinVMwarevCloudDirectorEnvironments18|VMwarevCloudArchitectureToolkitforServiceProvidersThefollowingscriptisshownforinformationalpurposesonly.
##ConnecttovCloudDirectorandallvCenterServersitmanagesConnect-CIServer-Servervcloud.
gcp.
local-UserAdministrator-PasswordVMware1!
Connect-VIServer-Servervcenter.
gcp.
local-UserAdministrator-PasswordVMware1!
$ESXiHosts=Search-cloud-QueryTypeHostforeach($ESXiHostin$ESXiHosts){$CloudHost=Get-CIView-SearchResult$ESXiHostWrite-HostWrite-Host"Workingonhost"$CloudHost.
NameWrite-Host"DisablinghostinvCloudDirector"$CloudHost.
Disable()Write-Host"Evacuatinghost"Set-VMHost$CloudHost.
Name-StateMaintenance-Evacuate|Out-NullWrite-Host"Rebootinghost"Restart-VMHost$CloudHost.
Name-Confirm:$false|Out-NullWrite-Host-NoNewline"Waitingforhosttocomeonline"do{sleep15$HostState=(get-vmhost$CloudHost.
Name).
ConnectionStateWrite-Host-NoNewline".
"}while($HostState-ne"NotResponding")do{sleep15$HostState=(get-vmhost$CloudHost.
Name).
ConnectionStateWrite-Host-NoNewline".
"}while($HostState-ne"Maintenance")Write-HostWrite-Host"Hostrebooted"Set-VMHost$CloudHost.
Name-StateConnected|Out-NullWrite-Host"EnablingHostinvCloudDirector"$CloudHost.
Enable()}VMwarevCloudNetworkingandSecurityUpgradetoVMwareNSXinVMwarevCloudDirectorEnvironments19|VMwarevCloudArchitectureToolkitforServiceProviders4.
7ControlPlaneModeWhentheNSXControllerclusterisdeployed,themulticastcontrolplanemodecanoptionallybechangedtounicastorhybridmodestoenablecontroller-basedVXLANoverlays.
Theunicastcontrolplanemodedoesnotrequiremulticastintheunderlyingnetworkatall.
HybridmodedoesnotrequiremulticastroutingacrossL3domains(PIM)butreliesonmulticastineachL2switchingdomain.
ThechangeofthecontrolplanemodeismadeintheVMwareNSXuserinterfaceonthetransportzonescorrespondingtoeachProviderVirtualDataCenter(PVDC)VXLANnetworkpool.
Allexistinglogicalswitches(VXLANlogicalnetworks)mustbemigratedtothenewcontrolplanemodeaswell.
Figure14.
ChangeofTransportZoneControlPlaneMode(1of2)Thechangeofcontrolplanemodeandmigrationofexistinglogicalswitcheshasnoimpactonthenetworkingdataplanetraffic.
Figure15.
ChangeofTransportZoneControlPlaneMode(2of2)VMwarevCloudNetworkingandSecurityUpgradetoVMwareNSXinVMwarevCloudDirectorEnvironments20|VMwarevCloudArchitectureToolkitforServiceProviders4.
8VMwarevShieldAppandVMwarevShieldEndpointvCloudNetworkingandSecurityoffersahypervisor-basedfirewall(VMwarevShieldApp)andantivirusandanti-malwareplatform(VMwarevShieldEndpoint)forthird-partyvirtualappliances.
WhenupgradingtoVMwareNSX,thesetechnologiesaremigratedtotheVMwareNSXDistributedFirewallandVMwareNSXGuestIntrospection.
BecauseneitherofthesetwotechnologiesisprovidedthroughvCloudDirector,descriptionsoftheprocessfortheirmigrationareoutofscopeforthisdocument.
TheVMwareNSXUpgradeGuidesprovideareferenceforthemigrationstepsanddescribetheserviceimpact.
VMwarevCloudNetworkingandSecurityUpgradetoVMwareNSXinVMwarevCloudDirectorEnvironments21|VMwarevCloudArchitectureToolkitforServiceProvidersMigrationScenariowithMinimalProductionImpactThefollowingscenarioshowsanexampleofaserviceprovidermigratingfromvCloudNetworkingandSecurity,whileatthesametimeupgradingtonewversionsofvCloudDirectorandvSphere.
Impactonthedurationofthemaintenancewindow(andthusonendusers)isalsodiscussed.
Table3.
SolutionVersionOverviewSolutionInitialVersionTargetVersionvCloudDirector5.
6.
48.
10vCloudNetworkingandSecurity/VMwareNSXvCloudNetworkingandSecurity5.
5.
4VMwareNSX6.
2.
2vSphere(vCenterServerandESXi)5.
5U26.
0U2vCenterChargebackManager2.
72.
7.
x5TherecommendedpathforthesolutioninstallationandupgradesisdescribedinthefollowingtabletogetherwiththeimpactonthevCloudDirectorportal,theabilitytomanagevCloudDirectorobjectsthroughthevCloudUI/API,andtheimpactoncustomer'srunningworkloads.
Table4.
UpgradeScenarioStepsStepDescriptionvCloudDirectorPortalImpactManageabilityImpactWorkloadImpact1.
UpgradevCenterChargebackManagerfrom2.
7to2.
7.
x.
NoneNoneNone2.
UpgradevCloudDirectorfrom5.
6.
4to8.
0.
1.
ThiscanbedoneasarollingupgradewhenonlythelastcellanddatabaseconfigurescriptactuallyrequiresvCloudDirectordowntime.
Yes(inminutes)Yes(inminutes)None3.
DisableaspecificvCenterServerinstanceinvCloudDirector6.
ThenupgradetherelatedvShieldManagerwiththeVMware-vShield-Manager-Upgrade-bundle-to-NSXupgradebundle.
Aftertheupgradeiscomplete,enablethevCenterServerinvCloudDirector.
NoneYesfortheworkloadsmanagedbythespecificvCenterServer(30-60mins)None5Atthetimeofthiswriting,vCenterChargebackManagerisnotcompatiblewithvSphere6.
6SeeDisabledvCenterServerContinuestoAcceptvCloudDirectorOperations(https://kb.
vmware.
com/kb/2145610)forimportantconsiderations.
VMwarevCloudNetworkingandSecurityUpgradetoVMwareNSXinVMwarevCloudDirectorEnvironments22|VMwarevCloudArchitectureToolkitforServiceProvidersStepDescriptionvCloudDirectorPortalImpactManageabilityImpactWorkloadImpact4.
Repeatstep3forallothervCenterServerinstancesmanagedbyvCloudDirector.
5.
DeploytheNSXControllercluster.
NoneNoneNone6.
UpgradeVMwareNSXVIBsonallhosts(seeSection4.
6).
NoneNoneNone7.
(Optional)ChangethecontrolplanemodeandmigrateallVXLANnetworks.
NoneNoneNone8.
DisableaspecificvCenterServerinstanceinvCloudDirector7.
UpgradethevCenterServerfrom5.
5U2to6.
0U2.
Whencomplete,enablethevCenterServerinvCloudDirector.
NoneYes,fortheworkloadsmanagedbythespecificvCenterServer(30-60mins)None9.
Repeatstep8forallothervCenterServerinstancesmanagedbyvCloudDirector.
10.
UpgradeeachESXihost.
(UseasimilarapproachtothatdiscussedinSection4.
6.
)NoneNoneNone11.
UpgradevCloudDirectorfrom8.
0.
1to8.
10.
ThiscanbedoneasarollingupgradewhenonlythelastcellanddatabaseconfigurescriptactuallyrequiresvCloudDirectordowntime.
Yes(inminutes)Yes(inminutes)None12.
(Optional)UpgradeallNSXEdgegatewaystoversion6.
2.
NoneNoneAfewsecondsofnetworkimpactoneachNSXEdgegateway7SeeDisabledvCenterServerContinuestoAcceptvCloudDirectorOperations(https://kb.
vmware.
com/kb/2145610)forimportantconsiderations.
VMwarevCloudNetworkingandSecurityUpgradetoVMwareNSXinVMwarevCloudDirectorEnvironments23|VMwarevCloudArchitectureToolkitforServiceProvidersReferenceDocumentsItemURLVMwareNSX6.
2UpgradeGuidehttp://pubs.
vmware.
com/NSX-62/index.
jsptopic=%2Fcom.
vmware.
nsx.
upgrade.
doc%2FGUID-C4A1FE0E-7319-494A-A776-BAD3D9208FDA.
htmlVMwareNSX6.
1InstallationandUpgradeGuidehttp://pubs.
vmware.
com/NSX-61/topic/com.
vmware.
ICbase/PDF/nsx_61_install.
pdfVMwareNSX6.
0InstallationandUpgradeGuidehttp://pubs.
vmware.
com/NSX-6/topic/com.
vmware.
ICbase/PDF/nsx_6_install.
pdfVMwareProductInteroperabilityMatrixeshttp://partnerweb.
vmware.
com/comp_guide2/sim/interop_matrix.
phpArchitectingaVMwarevCloudDirectorSolutionfortheVMwareCloudProviderProgramhttp://www.
vmware.
com/content/dam/digitalmarketing/vmware/en/pdf/vcat/vmware-architecting-a-vcloud-director-solution.
pdfVMwarevCloudArchitectureToolkitforServiceProviders(vCAT-SP)http://www.
vmware.
com/solutions/cloud-computing/vcat-sp.
htmlvCloudArchitectureToolkitBloghttp://blogs.
vmware.
com/vcat/
提速啦(www.tisula.com)是赣州王成璟网络科技有限公司旗下云服务器品牌,目前拥有在籍员工40人左右,社保在籍员工30人+,是正规的国内拥有IDC ICP ISP CDN 云牌照资质商家,2018-2021年连续4年获得CTG机房顶级金牌代理商荣誉 2021年赣州市于都县创业大赛三等奖,2020年于都电子商务示范企业,2021年于都县电子商务融合推广大使。资源优势介绍:Ceranetwo...
bgp.to在对日本东京的独立服务器进行6.5折终身优惠促销,低至$120/月;对新加坡独立服务器进行7.5折终身优惠促销,低至$93/月。所有服务器都是直连国内,速度上面相比欧洲、美国有明显的优势,特别适合建站、远程办公等多种用途。官方网站:https://www.bgp.to/dedicated.html主打日本(东京、大阪)、新加坡、香港(CN)、洛杉矶(US)的服务器业务!日本服务器CPU...
近期RAKsmart上线云服务器Cloud Server产品,KVM架构1核1G内存40G硬盘1M带宽基础配置7.59美元/月!RAKsmart云服务器Cloud Server位于美国硅谷机房,下单可选DIY各项配置,VPC网络/经典网络,大陆优化/精品网线路,1-1000Mbps带宽,支持Linux或者Windows操作系统,提供Snap和Backup。RAKsmart机房是一家成立于2012年...
temporarilyunavailable为你推荐
大学生创新实验计划小企业如何做品牌小公司如何创立自己的品牌servererror电脑连接路由登录提示server error:401 N/A,如何处理?http404未找到HTTP 404 - 未找到文件,怎么解决啊企业建网站企业建网站有什么用?企业电子邮局求:什么是企业邮箱?(企业邮箱与普通个人邮箱的区别是什么?)特朗普吐槽iPhone为什么这么多人讨厌苹果呢?iPhone配置不足但是iOS流畅度确实很高很强大,性能领先几乎所有国产字节跳动回应TikTok易主每天每夜要结束了主持人问关于抄袭的问题,权志龙很认真的回答不想说的,想在以后做好的那段话的音乐叫什flashfxp下载求最新无需注册的FlashFXP下载地址资费标准中国移动38元套餐介绍
com域名注册 域名停靠 最便宜的vps 免费二级域名申请 西安电信测速 virpus oneasiahost 合肥鹏博士 申请个人网站 静态空间 卡巴斯基试用版 isp服务商 昆明蜗牛家 万网空间购买 电信托管 中国电信宽带测速器 新加坡空间 可外链的相册 免费个人网页 如何登陆阿里云邮箱 更多