vSphere Upgrade
vSphere 5.5
This document supports the version of each product listed and
supports all subsequent versions until the document is
replaced by a new edition. To check for more recent editions
of this document, see http://www.vmware.com/support/pubs.
EN-001267-01
vSphere Upgrade
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
Copyright © 2009–2013 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and
intellectual property laws. VMware products are covered by one or more patents listed at
http://www.vmware.com/go/patents.
VMware is a registered trademark or trademark of VMware, Inc. in the United States and other jurisdictions. All other marks
and names mentioned herein may be trademarks of their respective companies.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
About vSphere Upgrade 7
Updated Information 9
Overview of the Upgrade Process 11
1
How vSphere 5.x Differs from vSphere 4.x 13
2
System Requirements 15
3
ESXi Hardware Requirements 15
Hardware Requirements for vCenter Server, the vSphere Web Client , vCenter Inventory Service,
and vCenter Single Sign-On 19
vCenter Server Software Requirements 24
vSphere Web Client Software Requirements 24
Providing Sufficient Space for System Logging 25
Required Ports for vCenter Server 25
Required Ports for the vCenter Server Appliance 27
Conflict Between vCenter Server and IIS for Port 80 28
DNS Requirements for vSphere 28
Supported Remote Management Server Models and Minimum Firmware Versions 29
Update Manager Hardware Requirements 29
Preparing for the Upgrade to vCenter Server 31
4
About the vCenter Server Upgrade 32
How vCenter Single Sign-On Affects vCenter Server Upgrades 32
vCenter Single Sign-On Deployment Modes 33
vCenter Single Sign-On and High Availability 35
vCenter Single Sign-On Components 37
Setting the vCenter Server Administrator User 37
Authenticating to the vCenter Server Environment 38
How vCenter Single Sign-On Affects Log In Behavior 38
Identity Sources for vCenter Server with vCenter Single Sign-On 39
vCenter Server Upgrade Summary 40
Required Information for Installing or Upgrading vCenter Single Sign-On, Inventory Service,
vCenter Server, and the vSphere Web Client 41
Best Practices for vCenter Server Upgrades 46
Prerequisites for the vCenter Server Upgrade 48
vCenter Server Database Configuration Notes 51
Upgrading to vCenter Server on a Different Machine 52
Supported Database Upgrades 52
Confirm That vCenter Server Can Communicate with the Local Database 52
VMware, Inc.
3
vSphere Upgrade
Synchronizing Clocks on the vSphere Network 53
JDBC URL Formats for the vCenter Server Database 55
DNS Load Balancing Solutions and vCenter Server Datastore Naming 56
About the vCenter Host Agent Pre-Upgrade Checker 57
Downtime During the vCenter Server Upgrade 59
Download the vCenter Server Installer 59
Microsoft SQL Database Set to Unsupported Compatibility Mode Causes vCenter Server
Installation or Upgrade to Fail 59
Upgrading vCenter Server 61
5
vCenter Server Upgrade and Sign-On Process for Environments that Do Not Include vCenter
Single Sign-On 62
vCenter Server Upgrade and Sign-On Process for Environments with vCenter Single Sign-On 64
Use Simple Install to Upgrade vCenter Server and Required Components 65
Use Custom Install to Upgrade Version 5.0.x and Earlier vCenter Server and Required
Components 69
Use Custom Install to Upgrade a Basic vCenter Single Sign-On Deployment of Version 5.1.x
vCenter Server and Required Components 77
Use Custom Install to Upgrade vCenter Server from a Version 5.1.x High Availability vCenter
Single Sign-On Deployment 83
Use Custom Install to Upgrade vCenter Server from a Version 5.1.x Multisite vCenter Single Sign-
On Deployment 92
Add a vCenter Single Sign-On Identity Source 103
Migrate vCenter Server and Components from a Windows Server 2003 Host 108
vCenter Single Sign-On Installation Fails 117
Updating vCenter Server with Service Packs 117
Upgrading and Updating the vCenter Server Appliance 118
Install or Upgrade vCenter Server Java Components Separately 122
Install or Upgrade vCenter Server tc Server Separately 123
vCenter Server Upgrade Fails When Unable to Stop Tomcat Service 123
After You Upgrade vCenter Server 125
6
Install or Upgrade the vSphere Web Client 126
Install or Upgrade vSphere ESXi Dump Collector 127
Install or Upgrade vSphere Syslog Collector 128
Install or Upgrade vSphere Auto Deploy 129
Install or Upgrade vSphere Authentication Proxy 130
Enable IPv6 Support for vCenter Inventory Service 131
Linked Mode Considerations for vCenter Server 132
Linked Mode Prerequisites for vCenter Server 132
Join a Linked Mode Group After a vCenter Server Upgrade 133
Configuring VMware vCenter Server - tc Server Settings in vCenter Server 134
Set the Maximum Number of Database Connections After a vCenter Server Upgrade 136
Upgrading Update Manager 137
7
Upgrade the Update Manager Server 137
Upgrade the Update Manager Client Plug-In 139
4 VMware, Inc.
Upgrading and Migrating Your Hosts 141
8
Preparing to Upgrade Hosts 141
Performing the Upgrade or Migration 163
After You Upgrade or Migrate Hosts 211
Contents
Upgrading Virtual Machines and VMware Tools 213
9
Example Upgrade Scenarios 215
10
Moving Virtual Machines Using vMotion During an Upgrade 215
Moving Powered Off or Suspended Virtual Machines During an Upgrade with vCenter Server 216
Migrating ESX 4.x or ESXi 4.x Hosts to ESXi 5.5 in a PXE-Booted Auto Deploy Installation 217
Upgrading vSphere Components Separately in a Horizon View Environment 218
Index 219
VMware, Inc. 5
vSphere Upgrade
6 VMware, Inc.
About vSphere Upgrade
vSphere Upgrade describes how to upgrade VMware vSphere™ to the current version.
Tto move to the current version of vSphere by performing a fresh installation that does not preserve existing
configurations, see the vSphere Installation and Setup documentation.
Intended Audience
vSphere Upgrade is for anyone who needs to upgrade from earlier versions of vSphere. These topics are for
experienced Microsoft Windows or Linux system administrators who are familiar with virtual machine
technology and datacenter operations.
VMware, Inc.
7
vSphere Upgrade
8 VMware, Inc.
Updated Information
This vSphere Upgrade is updated with each release of the product or when necessary.
This table provides the update history of vSphere Upgrade.
Revision Description
-01
EN-001267-00 Initial release.
In “Upgrade the VMware vCenter Server Appliance,” on page 118, added note about how vCenter
n
Server Appliance upgrade from version 5.0 to 5.5 differs from upgrade from version 5.1 to 5.5.
Updated link in Prerequisites section of “Upgrade the VMware vCenter Server Appliance,”
n
on page 118 to point to correct Knowledge Base article for version 5.5 vCenter Server SSL certificate
configuration.
Updated Table 3-8.
n
VMware, Inc. 9
vSphere Upgrade
10 VMware, Inc.
Overview of the Upgrade Process 1
Upgrading is a multistage process in which procedures must be performed in a particular order. Follow the
process outlined in this high-level overview to ensure a smooth upgrade with a minimum of system
downtime.
IMPORTANT Make sure that you understand the entire upgrade process before you attempt to upgrade. If
you do not follow the safeguards, you might lose data and access to your servers. Without planning, you
might incur more downtime than is necessary.
If you use vCenter Server Heartbeat in your vSphere deployment, use the vSphere Server Heartbeat
installation and upgrade documentation to upgrade vCenter Server.
vCenter Server 5.5 removes support for Windows Server 2003 as a host operating system. See the VMware
Compatibility Guide at http://www.vmware.com/resources/compatibility/search.php and “Migrate vCenter
Server and Components from a Windows Server 2003 Host,” on page 108.
vCenter Server 5.5 removes support for Windows Server 2008 SP1 as a host operating system. Upgrade
Windows Server 2008 SP1 hosts to SP2 before upgrading vCenter Server to version 5.5. See the VMware
Compatibility Guide at http://www.vmware.com/resources/compatibility/search.php and the Microsoft
Software Lifecycle Policy at http://support.microsoft.com/lifecycle/#ServicePackSupport.
You must complete the upgrade process in a specific order because you can lose data and server access.
Order is also important within each upgrade stage.
VMware, Inc.
You can perform the upgrade process for each component in only one direction. For example, after you
upgrade to vCenter Server 5.x, you cannot revert to vCenter Server 4.x. With backups and planning, you can
restore your original software records.
You must complete one procedure before you move to the next procedure. Follow the directions within each
procedure regarding the required sequence of minor substeps.
Because certain commands can simultaneously upgrade more than one stage, VMware recommends that
you understand the irreversible changes at each stage before you upgrade your production environments.
To ensure that your datacenter upgrade goes smoothly, you can use vCenter Update Manager to manage
the process for you.
vSphere upgrades proceed in the following sequence of tasks.
1 If your vSphere system includes VMware solutions or plug-ins, make sure they are compatible with the
vCenter Server version that you are upgrading to. See the VMware Product Interoperability Matrix at
http://www.vmware.com/resources/compatibility/sim/interop_matrix.php.
2 If you are upgrading vSphere components that are part of a VMware View environment, see
“Upgrading vSphere Components Separately in a Horizon View Environment,” on page 218.
11
vSphere Upgrade
3 Make sure your system meets vSphere hardware and software requirements.
4 Upgrade vCenter Single Sign-On, vCenter Inventory Service, vCenter Server, and the
5 If you use VMware Update Manager, upgrade VMware Update Manager.
6 Upgrade your ESXi hosts.
See Chapter 3, “System Requirements,” on page 15.
vSphere Web Client.
IMPORTANT If you use vCenter Server Heartbeat in your vSphere deployment, use the vSphere Server
Heartbeatinstallation and upgrade documentation to upgrade vCenter Server and related components.
See Chapter 5, “Upgrading vCenter Server,” on page 61. Use the topic “Required Information for
Installing or Upgrading vCenter Single Sign-On, Inventory Service, vCenter Server, and the vSphere
Web Client,” on page 41 to create a worksheet with the information you will need when you install
vCenter Single Sign-On, vCenter Inventory Service, and vCenter Server.
See Chapter 7, “Upgrading Update Manager,” on page 137.
See Chapter 8, “Upgrading and Migrating Your Hosts,” on page 141. vSphere provides several ways to
upgrade hosts:
Use vSphere Update Manager to perform an orchestrated upgrade of your ESXi hosts. See “Using
n
vSphere Update Manager to Perform Orchestrated Host Upgrades,” on page 164.
Upgrade a single host at a time, interactively, from an ESXi ISO installer image stored on a CD,
n
DVD, or USB flash drive. See “Upgrade or Migrate Hosts Interactively,” on page 178.
Use a script to perform an unattended upgrade for multiple hosts. See “Installing, Upgrading, or
n
Migrating Hosts Using a Script,” on page 180
If a host was deployed using vSphere Auto Deploy, you can use Auto Deploy to upgrade the host
n
by reprovisioning it. See “Using vSphere Auto Deploy to Reprovision Hosts,” on page 194.
Upgrade or patch ESXi 5.x hosts by using esxcli commands. See “Upgrading Hosts by Using esxcli
n
Commands,” on page 198.
7 Reapply your host license.
See “Reapplying Licenses After Upgrading to ESXi 5.5,” on page 212.
8 Upgrade virtual machines and virtual appliances, manually or by using VMware Update Manager to
perform an orchestrated upgrade.
See Chapter 9, “Upgrading Virtual Machines and VMware Tools,” on page 213.
12 VMware, Inc.
How vSphere 5.x Differs from
vSphere 4.x 2
vSphere 5.x is a major upgrade from vSphere 4.x.
The following changes from vSphere 4.x affect vSphere installation and setup. For a complete list of new
features in vSphere 5.x, see the release notes for version 5.x releases.
Service Console is
removed
ESXi does not have a
graphical installer
vSphere Auto Deploy
and vSphere ESXi
Image Builder CLI
Changes in the ESXi
installation and upgrade
process
ESXi does not include a Service Console. You can perform most tasks that
you performed in the Service Console by using esxcli commands in the ESXi
Shell, by using vCLI commands, and by using VMware PowerCLI
commands. See Command-Line Management in vSphere 5.0 for Service Console
Users and Getting Started with vSphere Command-Line Interfaces.
The graphical installer relied on the Service Console, which is not a part of
ESXi. ESXi retains the text-based installer.
Before ESXi 5.0, ESXi was installed on the physical disk of each ESXi host.
With ESXi 5.x, you can load an ESXi image directly into memory by using
vSphere Auto Deploy. You can provision and reprovision large numbers of
ESXi hosts efficiently with vCenter Server, and manage ESXi updates and
patching by using an image profile. You can save host configuration such as
network or storage setup as a host profile and apply it to the host by using
Auto Deploy. You can use ESXi Image Builder CLI to create ESXi installation
images with a customized set of updates, patches, and drivers.
For complete information on using vSphere Auto Deploy and ESXi Image
Builder PowerCLI, see the vSphere Installation and Setup documentation.
ESXi 5.x uses a single installer wizard for fresh installations and upgrades.
ESXi 5.x also provides a new option for deploying ESXi directly into the host
memory with vSphere Auto Deploy. The vihostupdate and esxupdate
utilities are not supported for ESXi 5.x. You cannot upgrade or migrate from
earlier ESX or ESXi versions to ESXi 5.x by using any command-line utility.
After you have upgraded or migrated to ESXi 5.x, you can upgrade or patch
ESXi 5.x hosts using vCLI esxcli commands.
IMPORTANT After you upgrade or migrate your host to ESXi 5.x, you cannot
roll back to your version 4.x ESX or ESXi software. Back up your host before
you perform an upgrade or migration, so that, if the upgrade or migration
fails, you can restore your 4.x host.
See “ESXi 5.5 Upgrade Options,” on page 148.
VMware, Inc. 13
vSphere Upgrade
Installer caching
Changes to partitioning
of host disks
VMware vCenter Server
Appliance
vSphere Web Client
Instead of using a binary image to install the system, whatever bits were
used at boot time are cached to the system. This caching reduces installation
problems caused by accessing installation files across networks that are
under load.
NOTE Scripted installations cannot PXE boot a server and then obtain the
binary image from some other form of media.
All freshly installed hosts in vSphere 5.x use the GUID Partition Table format
instead of the MSDOS-style partition label. This change supports ESXi
installation on disks larger than 2TB.
Newly installed vSphere 5.x hosts use VMFS5, an updated version of the
VMware File System for vSphere 5.x. Unlike earlier versions, ESXi 5.x does
not create VMFS partitions in second and successive disks.
Upgraded systems do not use GUID Partition Tables (GPT), but retain the
older MSDOS-based partition label.
As an alternative to installing vCenter Server on a Windows machine,
vSphere 5.x provides the VMware vCenter Server Appliance. The vCenter
Server Appliance is a preconfigured Linux-based virtual machine optimized
for running vCenter Server and associated services.
The vSphere Web Client is a server application that provides a browserbased alternative to the deprecated vSphere Client. You can use a Web
browser to connect to the vSphere Web Client to manage an ESXi host
through a vCenter Server.
vCenter Single Sign-On
vSphere versions 5.1 and later include vCenter Single Sign-On as part of the
vCenter Server management infrastructure. This change affects vCenter
Server installation, upgrading, and operation. Authentication by vCenter
Single Sign-On makes the VMware cloud infrastructure platform more
secure by allowing the vSphere software components to communicate with
each other through a secure token exchange mechanism, instead of requiring
each component to authenticate a user separately with a directory service
like Active Directory. See “How vCenter Single Sign-On Affects vCenter
Server Upgrades,” on page 32
14 VMware, Inc.
System Requirements 3
Systems running vCenter Server and ESXi instances must meet specific hardware and operating system
requirements.
If you are using Auto Deploy to provision ESXi hosts, see also the information about preparing for VMware
Auto Deploy in the vSphere Installation and Setup documentation.
This chapter includes the following topics:
“ESXi Hardware Requirements,” on page 15
n
“Hardware Requirements for vCenter Server, the vSphere Web Client, vCenter Inventory Service, and
n
vCenter Single Sign-On,” on page 19
“vCenter Server Software Requirements,” on page 24
n
“vSphere Web Client Software Requirements,” on page 24
n
“Providing Sufficient Space for System Logging,” on page 25
n
“Required Ports for vCenter Server,” on page 25
n
“Required Ports for the vCenter Server Appliance,” on page 27
n
“Conflict Between vCenter Server and IIS for Port 80,” on page 28
n
“DNS Requirements for vSphere,” on page 28
n
“Supported Remote Management Server Models and Minimum Firmware Versions,” on page 29
n
“Update Manager Hardware Requirements,” on page 29
n
ESXi Hardware Requirements
Make sure the host meets the minimum hardware configurations supported by ESXi 5.5.
Hardware and System Resources
To install and use ESXi 5.5, your hardware and system resources must meet the following requirements:
Supported server platform. For a list of supported platforms, see the VMware Compatibility Guide at
n
http://www.vmware.com/resources/compatibility.
ESXi 5.5 will install and run only on servers with 64-bit x86 CPUs.
n
ESXi 5.5 requires a host machine with at least two cores.
n
ESXi 5.5 supports only LAHF and SAHF CPU instructions.
n
ESXi 5.5 requires the NX/XD bit to be enabled for the CPU in the BIOS.
n
VMware, Inc.
15
vSphere Upgrade
n
n
n
n
n
n
n
ESXi supports a broad range of x64 multicore processors. For a complete list of supported processors,
see the VMware compatibility guide at http://www.vmware.com/resources/compatibility.
ESXi requires a minimum of 4GB of physical RAM. Provide at least 8GB of RAM to take full advantage
of ESXi features and run virtual machines in typical production environments.
To support 64-bit virtual machines, support for hardware virtualization (Intel VT-x or AMD RVI) must
be enabled on x64 CPUs.
One or more Gigabit or 10Gb Ethernet controllers. For a list of supported network adapter models, see
the VMware Compatibility Guide at http://www.vmware.com/resources/compatibility.
Any combination of one or more of the following controllers:
Basic SCSI controllers. Adaptec Ultra-160 or Ultra-320, LSI Logic Fusion-MPT, or most
n
NCR/Symbios SCSI.
RAID controllers. Dell PERC (Adaptec RAID or LSI MegaRAID), HP Smart Array RAID, or IBM
n
(Adaptec) ServeRAID controllers.
SCSI disk or a local, non-network, RAID LUN with unpartitioned space for the virtual machines.
For Serial ATA (SATA), a disk connected through supported SAS controllers or supported on-board
SATA controllers. SATA disks will be considered remote, not local. These disks will not be used as a
scratch partition by default because they are seen as remote.
NOTE You cannot connect a SATA CD-ROM device to a virtual machine on an ESXi 5.5 host. To use the
SATA CD-ROM device, you must use IDE emulation mode.
Storage Systems
For a list of supported storage systems, see the VMware Compatibility Guide at
http://www.vmware.com/resources/compatibility. ESXi 5.5 supports installing on and booting from the
following storage systems:
SATA disk drives. SATA disk drives connected behind supported SAS controllers or supported on-
n
board SATA controllers.
Supported SAS controllers include:
LSI1068E (LSISAS3442E)
n
LSI1068 (SAS 5)
n
IBM ServeRAID 8K SAS controller
n
Smart Array P400/256 controller
n
Dell PERC 5.0.1 controller
n
Supported on-board SATA include:
Intel ICH9
n
NVIDIA MCP55
n
ServerWorks HT1000
n
NOTE ESXi does not support using local, internal SATA drives on the host server to create VMFS
datastores that are shared across multiple ESXi hosts.
Serial Attached SCSI (SAS) disk drives. Supported for installing ESXi and for storing virtual machines
n
on VMFS partitions.
Dedicated SAN disk on Fibre Channel or iSCSI
n
16 VMware, Inc.
Chapter 3 System Requirements
USB devices. Supported for installing ESXi.
n
Software Fibre Channel over Ethernet (FCoE). See “Installing and Booting ESXi with Software FCoE,”
n
on page 163.
ESXi Booting Requirements
vSphere 5.5 supports booting ESXi hosts from the Unified Extensible Firmware Interface (UEFI). With UEFI
you can boot systems from hard drives, CD-ROM drives, or USB media. Network booting or provisioning
with VMware Auto Deploy requires the legacy BIOS firmware and is not available with UEFI.
ESXi can boot from a disk larger than 2TB provided that the system firmware and the firmware on any addin card that you are using support it. See the vendor documentation.
NOTE Changing the boot type from legacy BIOS to UEFI after you install ESXi 5.5 might cause the host to
fail to boot. In this case, the host displays an error message similar to: Not a VMware boot bank. Changing
the host boot type between legacy BIOS and UEFI is not supported after you install ESXi 5.5.
Storage Requirements for ESXi 5.5 Installation
Installing ESXi 5.5 requires a boot device that is a minimum of 1GB in size. When booting from a local disk
or SAN/iSCSI LUN, a 5.2GB disk is required to allow for the creation of the VMFS volume and a 4GB scratch
partition on the boot device. If a smaller disk or LUN is used, the installer will attempt to allocate a scratch
region on a separate local disk. If a local disk cannot be found the scratch partition, /scratch, will be located
on the ESXi host ramdisk, linked to /tmp/scratch. You can reconfigure /scratch to use a separate disk or
LUN. For best performance and memory optimization, VMware recommends that you do not
leave /scratch on the ESXi host ramdisk.
To reconfigure /scratch, see the topic "Set the Scratch Partition from the vSphere Web Client" in the vSphere
Installation and Setup documentation.
Due to the I/O sensitivity of USB and SD devices the installer does not create a scratch partition on these
devices. As such, there is no tangible benefit to using large USB/SD devices as ESXi uses only the first 1GB.
When installing on USB or SD devices, the installer attempts to allocate a scratch region on an available local
disk or datastore. If no local disk or datastore is found, /scratch is placed on the ramdisk. You should
reconfigure /scratch to use a persistent datastore following the installation.
In Auto Deploy installations, the installer attempts to allocate a scratch region on an available local disk or
datastore. If no local disk or datastore is found /scratch is placed on ramdisk. You should
reconfigure /scratch to use a persistent datastore following the installation.
For environments that boot from a SAN or use Auto Deploy, it is not necessary to allocate a separate LUN
for each ESXi host. You can co-locate the scratch regions for many ESXi hosts onto a single LUN. The
number of hosts assigned to any single LUN should be weighed against the LUN size and the I/O behavior
of the virtual machines.
Recommendation for Enhanced ESXi Performance
To enhance performance, install ESXi on a robust system with more RAM than the minimum required and
with multiple physical disks.
For ESXi system requirements, see “ESXi Hardware Requirements,” on page 15. See also the technical
papers on vSphere 5 performance at http://www.vmware.com/resources/techresources/cat/91,203,96.
VMware, Inc. 17
vSphere Upgrade
Table 3‑1. Recommendations for Enhanced Performance
System Element Recommendation
RAM ESXi hosts require more RAM than typical servers. Provide
Dedicated Fast Ethernet adapters for virtual machines Place the management network and virtual machine
Disk location Place all data that your virtual machines use on physical
VMFS5 partitioning The ESXi installer creates the initial VMFS volumes on the
Processors Faster processors improve ESXi performance. For certain
Hardware compatibility Use devices in your server that are supported by ESXi 5.5
at least 8GB of RAM to take full advantage of ESXi features
and run virtual machines in typical production
environments. An ESXi host must have sufficient RAM to
run concurrent virtual machines. The following examples
are provided to help you calculate the RAM required by
the virtual machines running on the ESXi host.
Operating four virtual machines with
Red Hat Enterprise Linux or Windows XP requires at least
3GB of RAM for baseline performance. This figure includes
approximately 1024MB for the virtual machines, 256MB
minimum for each operating system as recommended by
vendors.
Running these four virtual machines with 512MB RAM
requires that the ESXi host have approximately 4GB RAM,
which includes 2048MB for the virtual machines.
These calculations do not take into account possible
memory savings from using variable overhead memory for
each virtual machine. See vSphere Resource Management .
networks on different physical network cards. Dedicated
Gigabit Ethernet cards for virtual machines, such as Intel
PRO 1000 adapters, improve throughput to virtual
machines with high network traffic.
disks allocated specifically to virtual machines.
Performance is better when you do not place your virtual
machines on the disk containing the ESXi boot image. Use
physical disks that are large enough to hold disk images
that all the virtual machines use.
first blank local disk found. To add disks or modify the
original configuration, use the vSphere Web Client. This
practice ensures that the starting sectors of partitions are
64K-aligned, which improves storage performance.
NOTE For SAS-only environments, the installer might not
format the disks. For some SAS disks, it is not possible to
identify whether the disks are local or remote. After the
installation, you can use the vSphere Web Client to set up
VMFS.
workloads, larger caches improve ESXi performance.
drivers. See the Hardware Compatibility Guide at
http://www.vmware.com/resources/compatibility.
18 VMware, Inc.
Chapter 3 System Requirements
Hardware Requirements for vCenter Server, the vSphere Web Client , vCenter Inventory Service, and vCenter Single Sign-On
vCenter Server host machines must meet hardware requirements.
vCenter Single Sign-On, the vSphere Web Client , vCenter Inventory Service,
and vCenter Server Hardware Requirements
You can install vCenter Single Sign-On, the vSphere Web Client, vCenter Inventory Service, and vCenter
Server on the same host machine (as with vCenter Simple Install) or on different machines. See Table 3-2.
The follosing tables list the hardware requirements for vCenter Single Sign-On and Inventory Service,
running on separate host machines.
Table 3-3
n
Table 3-4
n
If you use Custom Install to install vCenter Single Sign-On, vCenter Inventory Service, and vCenter Server
on the same host machine, the vCenter Single Sign-On, and Inventory Service memory and disk storage
requirements are in addition to the requirements for vCenter Server. See Table 3-5.
Table 3‑2. Minimum Hardware Requirements for Simple Install Deployment of vCenter Single Sign-On, the
vSphere Web Client , vCenter Inventory Service, and vCenter Server
Host Hardware for Simple Install Deployment Minimum Requirement
Processor Intel or AMD x64 processor with two or more logical cores,
each with a speed of 2GHz.
Memory 12GB.
Memory requirements are higher if the vCenter Server
database runs on the same machine as vCenter Server.
vCenter Server includes several Java services: VMware
VirtualCenter Management Webservices (tc Server),
Inventory Service, and Profile-Driven Storage Service.
When you install vCenter Server, you select the size of
your vCenter Server inventory to allocate memory for these
services. The inventory size determines the maximum JVM
heap settings for the services. You can adjust this setting
after installation if the number of hosts in your
environment changes. See the recommendations in
Table 3-7.
Disk storage 100GB recommended.
40-60GB of free disk space are required after installation,
depending on the size of your inventory. You should
provide more space to allow for future growth of your
inventory.
Disk storage requirements are higher if the vCenter Server
database runs on the same machine as vCenter Server,
depending on the size of the database.
In vCenter Server 5.x, the default size for vCenter Server
logs is 450MB larger than in vCenter Server 4.x. Make sure
the disk space allotted to the log folder is sufficient for this
increase.
Network speed 1Gbps
VMware, Inc. 19
vSphere Upgrade
Table 3‑3. Minimum Hardware Requirements for vCenter Single Sign-On, Running on a Separate Host
Machine from vCenter Server
vCenter Single Sign-On Hardware Requirement
Processor Intel or AMD x64 processor with two or more logical cores,
Memory 3GB. If vCenter Single Sign-On runs on the same host
Disk storage 2GB.
Network speed 1Gbps
Table 3‑4. Minimum Hardware Requirements for vCenter Inventory Service, Running on a Separate Host
Machine from vCenter Server
vCenter Inventory Service Hardware Requirement
Processor Intel or AMD x64 processor with two or more logical cores,
Memory 3GB. If vCenter Inventory Service runs on the same host
Disk storage If vCenter Inventory Service runs on the same host
Network speed 1Gbps
each with a speed of 2GHz.
machine as vCenter Server, see Table 3-2 or Table 3-5.
each with a speed of 2GHz.
machine as vCenter Server, see Table 3-2 or Table 3-5.
machine as vCenter Server, these requirements are in
addition to the disk space required for vCenter Server and
any other applications running on the vCenter Server host
machine. See Table 3-5.
Disk storage requirements for Inventory Service depend on
inventory size and the amount of activity in the virtual
machines in the inventory. At typical activity rates,
Inventory Service uses 6GB - 12GB of disk space for 15,000
virtual machines distributed among 1,000 hosts.
A high rate of activity (more than 20 percent of your virtual
machines changing per hour) results in write-ahead logs
(WAL) being written to disk to handle updates, instead of
in-line writes into existing disk usage. This high rate of
activity is often associated with Virtual Desktop
Infrastructure (VDI) use cases.
In the following guidelines for required disk space, a small
inventory is 1-100 hosts or 1-1000 virtual machines, and a
large inventory is more than 400 hosts or 4000 virtual
machines.
Small inventory, low activity rate: 5GB.
n
Small inventory, high activity rate: 15GB.
n
Large inventory, low activity rate: 15GB.
n
Large inventory, high activity rate: 40GB-60GB.
n
Table 3‑5. Minimum Hardware Requirements for vCenter Server
vCenter Server Hardware Requirement
CPU Two 64-bit CPUs or one 64-bit dual-core processor.
Processor 2.0GHz or faster Intel 64 or AMD 64 processor. The
Itanium (IA64) processor is not supported. Processor
requirements might be higher if the database runs on the
same machine.
20 VMware, Inc.
Chapter 3 System Requirements
Table 3‑5. Minimum Hardware Requirements for vCenter Server (Continued)
vCenter Server Hardware Requirement
Memory The amount of memory needed depends on your vCenter
Server configuration.
If vCenter Server is installed on a different host
n
machine than vCenter Single Sign-On and vCenter
Inventory Service, 4GB of RAM are required.
If vCenter Server, vCenter Single Sign-On and vCenter
n
Inventory Service are installed on the same host
machine (as with vCenter Simple Install), 10GB of
RAM are required.
Memory requirements are higher if the vCenter Server
database runs on the same machine as vCenter Server.
vCenter Server includes several Java services: VMware
VirtualCenter Management Webservices (tc Server),
Inventory Service, and Profile-Driven Storage Service.
When you install vCenter Server, you select the size of
your vCenter Server inventory to allocate memory for these
services. The inventory size determines the maximum JVM
heap settings for the services. You can adjust this setting
after installation if the number of hosts in your
environment changes. See the recommendations in
Table 3-7.
Disk storage The amount of disk storage needed for the vCenter Server
installation depends on your vCenter Server configuration.
If vCenter Server is installed on a different host
n
machine than vCenter Single Sign-On and vCenter
Inventory Service, 4GB are required.
If vCenter Server, vCenter Single Sign-On and vCenter
n
Inventory Service are installed on the same host
machine (as with vCenter Simple Install), at least
40-60GB of free disk space are required after
installation, depending on the size of your inventory.
You should provide more space to allow for future
growth of your inventory. For guidelines about the
disk space required for vCenter Single Sign-On and
Inventory Service, see Table 3-3 and Table 3-4
Disk storage requirements are higher if the vCenter Server
database runs on the same machine as vCenter Server,
depending on the size of those databases.
In vCenter Server 5.x, the default size for vCenter Server
logs is 450MB larger than in vCenter Server 4.x. Make sure
the disk space allotted to the log folder is sufficient for this
increase.
Microsoft SQL Server 2008 R2 Express disk Up to 2GB free disk space to decompress the installation
archive. Approximately 1.5GB of these files are deleted
after the installation is complete.
Network speed 1Gbps
NOTE Installing vCenter Server on a network drive or USB flash drive is not supported.
For the hardware requirements of your database, see your database documentation. The database
requirements are in addition to the vCenter Server requirements if the database and vCenter Server run on
the same machine.
VMware, Inc. 21
vSphere Upgrade
vSphere Web Client Hardware Requirements
The vSphere Web Client has two components: A Java server and an Adobe Flex client application running in
a browser.
Table 3‑6. Hardware Requirements for the vSphere Web Client Server Component
vSphere Web Client Server Hardware Requirement
Memory At least 2GB: 1GB for the Java heap, and 1GB for
CPU 2.00 GHz processor with 4 cores
Disk Storage At least 2GB free disk space
Networking Gigabit connection recommended
JVM heap settings for vCenter Server
The JVM heap settings for vCenter Server depend on your inventory size. See “Configuring VMware
vCenter Server - tc Server Settings in vCenter Server,” on page 134.
The resident code
n
The stack for Java threads
n
Global/bss segments for the Java process
n
Table 3‑7. JVM Heap Settings for vCenter Server
VMware VirtualCenter
vCenter Server
Inventory
Small inventory (1-100
hosts or 1-1000 virtual
machines)
Medium inventory
(100-400 hosts or
1000-4000 virtual
machines)
Large inventory (More
than 400 hosts or 4000
virtual machines)
Management Webservices (tc
Server) Inventory Service
1GB 3GB 1GB
2GB 6GB 2GB
3GB 12GB 4GB
Profile-Driven
Storage Service
22 VMware, Inc.
Chapter 3 System Requirements
VMware vCenter Server Appliance Hardware Requirements and
Recommendations
Table 3‑8. Hardware Requirements for VMware vCenter Server Appliance
VMware vCenter Server Appliance Hardware Requirement
Disk storage on the host machine For most deployments, the vCenter Server Appliance
requires at least 70GB of disk space, and is limited to a
maximum size of 125GB. The required disk space depends
on the size of your vCenter Server inventory. The vCenter
Server Appliance can be deployed with thin-provisioned
virtual disks that can grow to the maximum size of 125GB.
If the host machine does not have enough free disk space to
accommodate the growth of the vCenter Server Appliance
virtual disks, vCenter Server might cease operation, and
you will not be able to manage your vSphere environment.
Memory in the VMware vCenter Server Appliance Using the embedded PostgreSQL database, the vCenter
Server Appliance supports up to 100 hosts or 3000 virtual
machines, and has the following memory requirements
Very small inventory (10 or fewer hosts, 100 or fewer
n
virtual machines): at least 8GB.
Small inventory (10-50 hosts or 100-1500 virtual
n
machines): at least 16GB.
Medium inventory (the maximum inventory supported
n
with the embedded database; 50-100 hosts or 1500-3000
virtual machines): at least 24GB.
Using an external Oracle database, the vCenter Server
Appliance supports up to 1000 hosts or 10000 registered
virtual machines, and 10000 powered-on virtual machines,
and has the following memory requirements:
Very small inventory (10 or fewer hosts, 100 or fewer
n
virtual machines): at least 4GB.
Small inventory (10-100 hosts or 100-1000 virtual
n
machines): at least 8GB.
Medium inventory (100-400 hosts or 1000-4000 virtual
n
machines): at least 16GB.
Large inventory (More than 400 hosts or 4000 virtual
n
machines): at least 32GB.
For inventory and other configuration limits in the vCenter Server Appliance, see Configuration Maximums.
Table 3‑9. JVM Heap Settings for VMware vCenter Server Appliance
VMware VirtualCenter
vCenter Server
Appliance Inventory
Small inventory (1-100
hosts or 1-1000 virtual
machines)
Medium inventory
(100-400 hosts or
1000-4000 virtual
machines)
Large inventory (More
than 400 hosts or 4000
virtual machines)
Management Webservices (tc
Server) Inventory Service
512MB 3GB 1GB
512MB 6GB 2GB
1GB 12GB 4GB
Profile-Driven
Storage Service
See “Configuring VMware vCenter Server - tc Server Settings in vCenter Server,” on page 134.
VMware, Inc. 23
vSphere Upgrade
vCenter Server Software Requirements
Make sure that your operating system supports vCenter Server. vCenter Server requires a 64-bit operating
system, and the 64-bit system DSN is required for vCenter Server to connect to its database.
For a list of supported operating systems, see the VMware Compatibility Guide at
http://www.vmware.com/resources/compatibility.
vCenter Server requires the Microsoft .NET 3.5 SP1 Framework. If it is not installed on your system, the
vCenter Server installer installs it. The .NET 3.5 SP1 installation might require Internet connectivity to
download more files.
NOTE If your vCenter Server host machine uses a non-English operating system, install both the
Microsoft .NET Framework 3.5 SP1 and Microsoft .NET Framework 3.5 Language Pack through Windows
Update. Windows Update automatically selects the correct localized version for your operating system.
The .NET Framework installed through the vCenter Server installer includes only the English version.
vCenter Server 5.5 removes support for Windows Server 2003 as a host operating system. See the VMware
Compatibility Guide at http://www.vmware.com/resources/compatibility/search.php.
vCenter Server 5.5 removes support for Windows Server 2008 SP1 as a host operating system. Upgrade
Windows Server 2008 SP1 hosts to SP2 before upgrading vCenter Server to version 5.5. See the VMware
Compatibility Guide at http://www.vmware.com/resources/compatibility/search.php and the Microsoft
Software Lifecycle Policy at http://support.microsoft.com/lifecycle/#ServicePackSupport.
If you plan to use the Microsoft SQL Server 2008 R2 Express database that is bundled with vCenter Server,
Microsoft Windows Installer version 4.5 (MSI 4.5) is required on your system. You can download MSI 4.5
from the Microsoft Web site. You can also install MSI 4.5 directly from the vCenter Server autorun.exe
installer.
The VMware vCenter Server Appliance can be deployed only on hosts that are running ESX version 4.x or
ESXi version 4.x or later.
vSphere Web Client Software Requirements
Make sure that your browser supports the vSphere Web Client.
VMware has tested and supports the following guest operating systems and browser versions for the
vSphere Web Client.
Table 3‑10. Supported guest operating systems and browser versions for the vSphere Web Client .
Operating system Browser
Windows 32-bit and 64-bit Microsoft Internet Explorer 8, 9 (64-bit only), and 10.
Mozilla Firefox: the latest browser version, and the one previous version at the time
the vSphere 5.5 is produced.
Google Chrome: the latest browser version, and the one previous version at the time
the vSphere 5.5 is produced.
Mac OS Mozilla Firefox: the latest browser version, and the one previous version at the time
the vSphere 5.5 is produced.
Google Chrome: the latest browser version, and the one previous version at the time
the vSphere 5.5 is produced.
Later versions of these browsers are likely to work, but have not been tested.
The vSphere Web Client requires the Adobe Flash Player version 11.5.0 or later to be installed with the
appropriate plug-in for your browser.
24 VMware, Inc.
Providing Sufficient Space for System Logging
ESXi 5.x uses a new log infrastructure. If your host is deployed with Auto Deploy, or if you set up a log
directory separate from the default location in a scratch directory on the VMFS volume, you might need to
change your current log size and rotation settings to ensure that enough space for system logging exists.
All vSphere components use this infrastructure. The default values for log capacity in this infrastructure
vary, depending on the amount of storage available and on how you have configured system logging. Hosts
that are deployed with Auto Deploy store logs on a RAM disk, which means that the amount of space
available for logs is small.
If your host is deployed with Auto Deploy, reconfigure your log storage in one of the following ways:
Redirect logs over the network to a remote collector.
n
Redirect logs to a NAS or NFS store.
n
You might also want to reconfigure log sizing and rotations for hosts that are installed to disk, if you
redirect logs to nondefault storage, such as a NAS or NFS store.
You do not need to reconfigure log storage for ESXi hosts that use the default configuration, which stores
logs in a scratch directory on the VMFS volume. For these hosts, ESXi 5.x autoconfigures logs to best suit
your installation, and provides enough space to accommodate log messages.
Chapter 3 System Requirements
Table 3‑11. Recommended Minimum Size and Rotation Configuration for hostd, vpxa, and fdm Logs.
Log Maximum Log File Size
Management Agent
(hostd)
VirtualCenter Agent
(vpxa)
vSphere HA agent (Fault
Domain Manager, fdm)
10240KB 10 100MB
5120KB 10 50MB
5120KB 10 50MB
For information about setting up and configuring syslog and a syslog server and installing vSphere Syslog
Collector, see the vSphere Installation and Setup documentation.
Required Ports for vCenter Server
The VMware vCenter Server system must be able to send data to every managed host and receive data from
every vSphere Web Client. To enable migration and provisioning activities between managed hosts, the
source and destination hosts must be able to receive data from each other.
For information about ports required for the vCenter Server Appliance, see “Required Ports for the vCenter
Server Appliance,” on page 27.
VMware uses designated ports for communication. Additionally, the managed hosts monitor designated
ports for data from the vCenter Server system. If a firewall exists between any of these elements and
Windows firewall service is in use, the installer opens the ports during the installation. For custom firewalls,
you must manually open the required ports. If you have a firewall between two managed hosts and you
want to perform source or target activities, such as migration or cloning, you must configure a means for the
managed hosts to receive data.
Number of Rotations to
Preserve Minimum Disk Space Required
NOTE In Microsoft Windows Server 2008, a firewall is enabled by default.
VMware, Inc. 25
vSphere Upgrade
Table 3‑12. Ports Required for Communication Between Components
Port Description
80 vCenter Server requires port 80 for direct HTTP connections. Port 80 redirects requests to HTTPS
389 This port must be open on the local and all remote instances of vCenter Server. This is the LDAP port
636 For vCenter Server Linked Mode, this is the SSL port of the local instance. If another service is
902 The default port that the vCenter Server system uses to send data to managed hosts. Managed hosts
8080 Web Services HTTP. Used for the VMware VirtualCenter Management Web Services.
8443 Web Services HTTPS. Used for the VMware VirtualCenter Management Web Services.
60099 Web Service change service notification port
6501 Auto Deploy service
6502 Auto Deploy management
7005 vCenter Single Sign-On
7009 vCenter Single Sign-On
7080 vCenter Single Sign-On
7444 vCenter Single Sign-On HTTPS
9443 vSphere Web Client HTTPS
9090 vSphere Web Client HTTP
10080 vCenter Inventory Service HTTP
10443 vCenter Inventory Service HTTPS
10109 vCenter Inventory Service Management
10111 vCenter Inventory Service Linked Mode Communication
port 443. This redirection is useful if you accidentally use http://server instead of https://server.
If you use a custom Microsoft SQL database (not the bundled SQL Server 2008 database) that is
stored on the same host machine as the vCenter Server, port 80 is used by the SQL Reporting Service.
When you install vCenter Server, the installer will prompt you to change the HTTP port for vCenter
Server. Change the vCenter Server HTTP port to a custom value to ensure a successful installation.
Microsoft Internet Information Services (IIS) also use port 80. See “Conflict Between vCenter Server
and IIS for Port 80,” on page 28.
number for the Directory Services for the vCenter Server group. The vCenter Server system needs to
bind to port 389, even if you are not joining this vCenter Server instance to a Linked Mode group. If
another service is running on this port, it might be preferable to remove it or change its port to a
different port. You can run the LDAP service on any port from 1025 through 65535.
If this instance is serving as the Microsoft Windows Active Directory, change the port number from
389 to an available port from 1025 through 65535.
running on this port, it might be preferable to remove it or change its port to a different port. You can
run the SSL service on any port from 1025 through 65535.
also send a regular heartbeat over UDP port 902 to the vCenter Server system. This port must not be
blocked by firewalls between the server and the hosts or between hosts.
To have the vCenter Server system use a different port to receive vSphere Web Client data, see the vCenter
Server and Host Management documentation.
For a discussion of firewall configuration, see the vSphere Security documentation.
26 VMware, Inc.
Required Ports for the vCenter Server Appliance
The VMware vCenter Server system must be able to send data to every managed host and receive data from
every vSphere Web Client. For migration and provisioning activities between managed hosts, the source
and destination hosts must be able to receive data from each other.
For information about ports required for vCenter Server on Windows, see “Required Ports for vCenter
Server,” on page 25.
VMware uses designated ports for communication. Additionally, the managed hosts monitor designated
ports for data from the vCenter Server system. The vCenter Server Appliance is preconfigured to use the
ports listed in Table 3-13. For custom firewalls, you must manually open the required ports. If you have a
firewall between two managed hosts and you want to perform source or target activities, such as migration
or cloning, you must configure a means for the managed hosts to receive data.
Table 3‑13. Ports Required for the vCenter Server Appliance
Port Description
80 vCenter Server requires port 80 for direct HTTP connections. Port 80 redirects requests to HTTPS
port 443. This redirection is useful if you accidentally use http://server instead of https://server.
443 The vCenter Server system uses port 443 to monitor data transfer from SDK clients.
902 The default port that the vCenter Server system uses to send data to managed hosts. Managed hosts
also send a regular heartbeat over UDP port 902 to the vCenter Server system. This port must not be
blocked by firewalls between the server and the hosts or between hosts.
8080 Web Services HTTP. Used for the VMware VirtualCenter Management Web Services.
8443 Web Services HTTPS. Used for the VMware VirtualCenter Management Web Services.
10080 vCenter Inventory Service HTTP
10443 vCenter Inventory Service HTTPS
10109 vCenter Inventory Service database
514 vSphere Syslog Collector server
1514 vSphere Syslog Collector server (SSL)
6500 Network coredump server (UDP)
6501 Auto Deploy service
6502 Auto Deploy management
9090 vSphere Web Client HTTP
9443 vSphere Web Client HTTPS
5480 vCenter Server Appliance Web user interface HTTPS
5489 vCenter Server Appliance Web user interface CIM service
22 System port for SSHD
Chapter 3 System Requirements
To have the vCenter Server system use a different port to receive vSphere Web Client data, see the vCenter
Server and Host Management documentation.
For a discussion of firewall configuration, see the vSphere Security documentation.
VMware, Inc. 27
vSphere Upgrade
Conflict Between vCenter Server and IIS for Port 80
vCenter Server and Microsoft Internet Information Service (IIS) both use port 80 as the default port for direct
HTTP connections. This conflict can cause vCenter Server to fail to restart after the installation of vSphere
Authentication Proxy.
Problem
vCenter Server fails to restart after the installation of vSphere Authentication Proxy is complete.
Cause
If you do not have IIS installed when you install vSphere Authentication Proxy, the installer prompts you to
install IIS. Because IIS uses port 80, which is the default port for vCenter Server direct HTTP connections,
vCenter Server fails to restart after the installation of vSphere Authentication Proxy is complete. See
“Required Ports for vCenter Server,” on page 25.
Solution
To resolve a conflict between IIS and vCenter Server for port 80, take one of the following actions.
u
Option Description
If you installed IIS before installing
vCenter Server
If you installed vCenter Server
before installing IIS
Change the port for vCenter Server direct HTTP connections from 80 to
another value.
Before restarting vCenter Server, change the binding port of the IIS default
Web site from 80 to another value.
DNS Requirements for vSphere
You install vCenter Server, like any other network server, on a machine with a fixed IP address and wellknown DNS name, so that clients can reliably access the service.
Assign a static IP address and host name to the Windows server that will host the vCenter Server system.
This IP address must have a valid (internal) domain name system (DNS) registration.
Ensure that the ESXi host management interface has a valid DNS resolution from the vCenter Server and all
vSphere Web Clients. Ensure that the vCenter Server has a valid DNS resolution from all ESXi hosts and all
vSphere Web Clients.
Ensure that the vCenter Server is installed on a machine that has a resolvable fully qualified domain name
(FQDN). To check that the FQDN is resolvable, type nslookup your_vCenter_Server_fqdn at a command line
prompt. If the FQDN is resolvable, the nslookup command returns the IP and name of the domain controller
machine.
Ensure that DNS reverse lookup returns a fully qualified domain name when queried with the IP address of
the vCenter Server. When you install vCenter Server, the installation of the web server component that
supports the vSphere Web Client fails if the installer cannot look up the fully qualified domain name of the
vCenter Server from its IP address. Reverse lookup is implemented using PTR records. To create a PTR
record, see the documentation for your vCenter Server host operating system.
If you use DHCP instead of a static IP address for vCenter Server, make sure that the vCenter Server
computer name is updated in the domain name service (DNS). Ping the computer name to test the
connection. For example, if the computer name is host-1.company.com, run the following command in the
Windows command prompt:
ping host-1.company.com
If you can ping the computer name, the name is updated in DNS.
28 VMware, Inc.
Chapter 3 System Requirements
Supported Remote Management Server Models and Minimum Firmware Versions
You can use remote management applications to install ESXi or for remote management of hosts.
Table 3‑14. Supported Remote Management Server Models and Firmware Versions
Remote Controller Make and
Model Firmware Version Java
Dell DRAC 6 1.54 (Build 15), 1.70 (Build 21) 1.6.0_24
Dell DRAC 5 1.0, 1.45, 1.51 1.6.0_20,1.6.0_203
Dell DRAC 4 1.75 1.6.0_23
HP ILO 1.81, 1.92 1.6.0_22, 1.6.0_23
HP ILO 2 1.8, 1.81 1.6.0_20, 1.6.0_23
IBM RSA 2 1.03, 1.2 1.6.0_22
Update Manager Hardware Requirements
You can run Update Manager on any system that meets the minimum hardware requirements.
Minimum hardware requirements for Update Manager vary depending on how Update Manager is
deployed. If the database is installed on the same machine as Update Manager, requirements for memory
size and processor speed are higher. To ensure acceptable performance, verify that your system meets the
minimum hardware requirements.
Table 3‑15. Minimum Hardware Requirements
Hardware Requirements
Processor Intel or AMD x86 processor with two or more logical cores, each with a speed of 2GHz
Network 10/100 Mbps
For best performance, use a Gigabit connection between Update Manager and the
ESX/ESXi hosts
Memory 2GB RAM if Update Manager and vCenter Server are on different machines
4GB RAM if Update Manager and vCenter Server are on the same machine
Update Manager uses a SQL Server or Oracle database. You should use a dedicated database for
Update Manager, not a database shared with vCenter Server, and should back up the database periodically.
Best practice is to have the database on the same computer as Update Manager or on a computer in the local
network.
Depending on the size of your deployment, Update Manager requires a minimum amount of free space per
month for database usage. For more information about space requirements, see the VMware vSphere Update
Manager Sizing Estimator.
For more information about ESXi 5.x and vCenter Server 5.x hardware requirements, see Chapter 3, “System
Requirements,” on page 15.
VMware, Inc. 29
vSphere Upgrade
Supported Operating Systems and Database Formats
Update Manager works with specific databases and operating systems.
The Update Manager server requires a 64-bit Windows system.
NOTE Make sure the system on which you are installing the Update Manager server is not an Active
Directory domain controller.
The Update Manager plug-in requires the vSphere Client, and works with the same operating systems as
the vSphere Client.
Update Manager scans and remediates Windows and Linux virtual machines for VMware Tools and virtual
hardware upgrades.
The Update Manager server requires SQL Server or Oracle database. Update Manager can handle smallscale environments using the bundled SQL Server 2008 R2 Express. For environments with more than 5
hosts and 50 virtual machines, create either an Oracle or a SQL Server database for Update Manager. For
large scale environments, you should set up the Update Manager database on a different computer than the
Update Manager server and the vCenter Server database.
For detailed information about supported operating systems and database formats, see the vSphere
Compatibility Guide at http://www.vmware.com/resources/compatibility/search.php.
For detailed information about supported database formats, see the VMware Product Interoperability Matrixes
at http://www.vmware.com/resources/compatibility/sim/interop_matrix.php.
30 VMware, Inc.
Preparing for the Upgrade to vCenter
Server 4
Before you upgrade to vCenter Server, make sure your system is properly prepared.
To ensure that your system is prepared for the upgrade, read all the subtopics in this section.
This chapter includes the following topics:
“About the vCenter Server Upgrade,” on page 32
n
“How vCenter Single Sign-On Affects vCenter Server Upgrades,” on page 32
n
“vCenter Single Sign-On Deployment Modes,” on page 33
n
“vCenter Single Sign-On and High Availability,” on page 35
n
“vCenter Single Sign-On Components,” on page 37
n
“Setting the vCenter Server Administrator User,” on page 37
n
“Authenticating to the vCenter Server Environment,” on page 38
n
“How vCenter Single Sign-On Affects Log In Behavior,” on page 38
n
“Identity Sources for vCenter Server with vCenter Single Sign-On,” on page 39
n
“vCenter Server Upgrade Summary,” on page 40
n
“Required Information for Installing or Upgrading vCenter Single Sign-On, Inventory Service,
n
vCenter Server, and the vSphere Web Client,” on page 41
“Best Practices for vCenter Server Upgrades,” on page 46
n
“Prerequisites for the vCenter Server Upgrade,” on page 48
n
“vCenter Server Database Configuration Notes,” on page 51
n
“Upgrading to vCenter Server on a Different Machine,” on page 52
n
“Supported Database Upgrades,” on page 52
n
“Confirm That vCenter Server Can Communicate with the Local Database,” on page 52
n
“Synchronizing Clocks on the vSphere Network,” on page 53
n
“JDBC URL Formats for the vCenter Server Database,” on page 55
n
“DNS Load Balancing Solutions and vCenter Server Datastore Naming,” on page 56
n
“About the vCenter Host Agent Pre-Upgrade Checker,” on page 57
n
“Downtime During the vCenter Server Upgrade,” on page 59
n
“Download the vCenter Server Installer,” on page 59
n
VMware, Inc.
31
vSphere Upgrade
“Microsoft SQL Database Set to Unsupported Compatibility Mode Causes vCenter Server Installation
n
or Upgrade to Fail,” on page 59
About the vCenter Server Upgrade
VMware supports in-place upgrades on 64-bit systems from vCenter Server 4.x, vCenter Server 5.0.x, and
vCenter Server 5.1.x to vCenter Server 5.5.
Unlike versions before vCenter Server 5.1, vCenter Server 5.5 does not support directly migrating an
existing, 5.0.x or earlier vCenter Server to a new machine during an upgrade to version 5.5. You can migrate
such an existing vCenter Server to a new machine during an upgrade to version 5.0.x, and then perform an
in-place upgrade from version 5.0.x to version 5.5. See “Upgrading to vCenter Server on a Different
Machine,” on page 52.
vCenter Server 5.5 can manage ESX 4.x/ESXi 4.x, ESXi 5.0.x, and 5.1 x hosts in the same cluster with ESXi 5.5
hosts. vCenter Server 5.5 cannot manage ESX 2.x or 3.x hosts.
NOTE You cannot upgrade a vCenter Server 4.x instance that is running on Windows XP Professional x64
Edition to vCenter Server 5.5, because vCenter Server 5.5 does not support Windows XP Professional x64.
vSphere 5.1 introduced vCenter Single Sign On service as part of the vCenter Server management
infrastructure. This change affects vCenter Server installation, upgrading, and operation. See “How vCenter
Single Sign-On Affects vCenter Server Upgrades,” on page 32
How vCenter Single Sign-On Affects vCenter Server Upgrades
Which users can log in to vCenter Server after an upgrade depends on the version that you are upgrading
from and the deployment configuration.
In upgrades to vCenter Server 5.0 and earlier, which do not include a vCenter Single Sign-On service, both
the local operating system users and Active Directory users that are registered with vCenter Server continue
to work with the upgraded vCenter Server.
This behavior changes if you are upgrading from a version that does not include vCenter Single Sign-On to
a version that does include vCenter Single Sign-On: vCenter Server version 5.1 or vCenter Server version
5.5.
NOTE With vCenter Single Sign-On, local operating system users become far less important than the users
in a directory service such as Active Directory. As a result, it is not always possible, or even desirable, to
keep local operating system users as authenticated users.
After the upgrade from a version earlier than version 5.1, you might be prompted for the administrator of
the root folder in the vSphere inventory hierarchy during installation. This might happen because of
changes in user stores from pre-5.1 versions to 5.1 and later versions of vSphere. See “Hierarchical
Inheritance of Permissions,” on page 106.
Simple Install Upgrade
A Simple Install upgrade installs or upgrades a single vCenter Server and related components.
If you upgrade to vCenter Server 5.5 from a vCenter Server version that does not include vCenter Single
Sign-On, vCenter Single Sign-On recognizes existing local operating system users. In addition, the user
administrator@vsphere.local can log in as an administrator user to vCenter Single Sign-On and
vCenter Server. If your previous installation supported Active Directory users, you can add the Active
Directory domain as an identity source.
32 VMware, Inc.
Chapter 4 Preparing for the Upgrade to vCenter Server
If you upgrade vCenter Single Sign-On and vCenter Server, vCenter Single Sign-On recognizes existing local
operating system users. In addition, the user administrator@vsphere.local can log in to vCenter Single SignOn and vCenter Server as an administrator user. If your previous installation included an Active Directory
domain as an identity source, that identity source is still available after the upgrade. Because vCenter Server
supports only one default identity source, users might have to specify the domain when they log in
(DOMAIN\user).
Custom Upgrade
A custom upgrade might install different vCenter Server components on different machines or install a
second vCenter Server system on the same machine. You also use Custom Install to upgrade an
environment that is installed in different locations.
If you upgrade to vCenter Server 5.5 from a vCenter Server version that does not include vCenter Single
Sign-On, and you install vCenter Single Sign-On on a different machine than vCenter Server, vCenter Single
Sign-On does not recognize existing local operating system users. The user administrator@vsphere.local can
log in to vCenter Single Sign-On and vCenter Server as an administrator user. If your previous installation
supported Active Directory users, you can add the Active Directory domain as an identity source.
If you are upgrading vCenter Server from a version that includes vCenter Single Sign-On in multisite mode,
and if the different vCenter Server systems use Linked mode, you must resynchronize first. You can then
upgrade all vCenter Single Sign-On instances and maintain Linked Mode functionality. Linked Mode is
required for a single view of all vCenter Server systems. Multisite vCenter Single Sign-On is supported only
if all nodes are the same version.
If you are upgrading vCenter Server from a version that includes vCenter Single Sign-On in high availability
mode, you must upgrade all of the vCenter Single Sign-On high availability instances. Perform the upgrade
first, and configure high availability by protecting both vCenter Server and vCenter Single Sign-On with
VMware HA or VMware Heartbeat after the upgrade is complete.
NOTE When you install the vCenter Single Sign-On component that is included with vCenter Server version
5.5 in multiple locations, the VMware Directory Service is updated for all vCenter Single Sign-On instances
if you make a change in one location.
vCenter Single Sign-On Deployment Modes
vCenter Server provides several ways to deploy vCenter Single Sign-On to best serve your vSphere
environment
You can deploy vCenter Single Sign-On in one of three modes.
To choose the right mode for your environment, consider the way you use vCenter Server.
Table 4‑1. Choosing a vCenter Single Sign-On Deployment Mode
vCenter Server Deployment Single Sign-On Deployment Mode
Single vCenter Server Basic vCenter Single Sign-On
Multiple local vCenter Servers Basic vCenter Single Sign-On
Multiple remote vCenter Servers Basic vCenter Single Sign-On
VMware, Inc. 33
vSphere Upgrade
Table 4‑1. Choosing a vCenter Single Sign-On Deployment Mode (Continued)
vCenter Server Deployment Single Sign-On Deployment Mode
Multiple vCenter Servers in Linked Mode Multisite vCenter Single Sign-On
vCenter Servers with high availability Basic vCenter Single Sign-On with VMware vSphere HA
(provides high availability for vCenter Server and vCenter
Single Sign-On )
Basic vCenter Single Sign-On with vCenter Server
Heartbeat (provides high availability for vCenter Server
and vCenter Single Sign-On )
See “vCenter Single Sign-On and High Availability,” on
page 35.
Basic
Multiple Single Sign-On
instances in the same
location
Basic vCenter Single Sign-On is the most common deployment mode, and
meets the requirements of most vSphere 5.1 and 5.5 users. Typically, this
deployment mode maintains the same architecture as previous vCenter
Server environments. In most cases, you can use vCenter Simple Install to
deploy vCenter Server with vCenter Single Sign-On in basic mode.
In Basic deployment mode, a single standalone instance of the vCenter Single
Sign-On server supports the connectivity of Active Directory, OpenLDAP,
Local Operating System, and vCenter Single Sign-On embedded users and
groups. In most cases, the vCenter Single Sign-On instance is installed on the
same host machine as vCenter Server, as with the vCenter Server Simple
Install option, or the vCenter Server Appliance.
The Basic vCenter Single Sign-On deployment is appropriate in the following
circumstances:
If you have a single vCenter Server of any supported inventory size: up
n
to 1,000 hosts or 10,000 virtual machines.
If you have multiple geographically dispersed locations, each with a
n
local vCenter Server and you do not require a single-pane-of-glass view
as provided by vCenter Linked Mode.
For this deployment mode, you install a vCenter Single Sign-On primary
instance and one or more additional vCenter Single Sign-On nodes. Both the
primary and high availability instances are placed behind a third-party
network load balancer (for example, Apache HTTPD or vCNS). Each vCenter
Single Sign-On has its own VMware Directory Service that replicates
information with other vCenter Single Sign-On servers. vCenter Single SignOn administrator users, when connected to vCenter Server through the
vSphere Web Client, will see the primary vCenter Single Sign-On instance.
This deployment mode has the following limitations:
It provides provides failover only for the vCenter Single Sign-On
n
service. It does not provide failover for the vCenter Single Sign-On host
machine and it does not load balance requests between vCenter Single
Sign-On nodes.
It supports the connectivity of Active Directory, OpenLDAP and
n
vCenter Single Sign-On embedded users and groups, but does not
support the use of local operating system user accounts.
34 VMware, Inc.
Chapter 4 Preparing for the Upgrade to vCenter Server
See “vCenter Single Sign-On and High Availability,” on page 35 for high
availability options.
Multiple Single Sign-On
instances in different
locations
This mode is designed for vCenter Server deployments with multiple
physical locations. Multisite deployment is required when a single
administrator needs to administer vCenter Server instances that are
deployed on geographically dispersed sites in Linked Mode.
Each site is represented by one vCenter Single Sign-On instance, with one
vCenter Single Sign-On server, or a high-availability cluster. The vCenter
Single Sign-On site entry point is the machine that other sites communicate
with. This is the only machine that needs to be visible from the other sites. In
a clustered deployment, the entry point of the site is the machine where the
load balancer is installed.
NOTE This deployment mode is required if you have geographically
dispersed vCenter Servers in Linked Mode. You might also consider this
mode in the following cases:
If multiple vCenter Servers require the ability to communicate with each
n
other.
If you require one vCenter Single Sign-On server security domain for
n
your organization.
This deployment mode has the following limitations:
It supports the connectivity of Active Directory, OpenLDAP and
n
vCenter Single Sign-On embedded users and groups, but does not
support the use of local operating system user accounts.
Secondary vCenter Single Sign-On instances must belong to the same
n
Active Directory or OpenLDAP domain as the primary vCenter Single
Sign-On server and must have a local domain controller available.
You can install the vCenter Single Sign-On nodes in this deployment in any
order. Any node that is installed after the first node can point to any node
that is already installed. For example, the third node can point to either the
first or second node.
vCenter Single Sign-On and High Availability
vSphere provides several ways to ensure availability of your vSphere deployment with vCenter Single SignOn.
vCenter Single Sign-On is merely an authentication component for vCenter Server. Single Sign-On
protection does not provide any benefit without vCenter Server protection. Protecting one without the other
does not provide an effective availability solution. The solution you choose to protect vCenter Server will
provide the same protection for vCenter Single Sign-On without the additional complexity caused by
including third-party technologies.
VMware, Inc. 35
vSphere Upgrade
Options for Protecting vCenter Single Sign-On and vCenter Server
The following options vary in the level of protection afforded, and in the recovery time required.
Backup and restore
vSphere HA
vCenter Server
Heartbeat
Backup and restore should be an essential part of any availability solution,
providing a granular recovery method, by tape, disk, or snapshot. However,
the recovery time is typically measured in hours or days and requires
manual intervention. Any backup solution must be independent of vCenter
Server. Solutions like VMware Data Protection require an operational
vCenter Server with a functioning vCenter Single Sign-On server to restore a
virtual machine.
vSphere HA is an industry standard for maintaining uptime of virtual
machines and for detection of ESXi host failure. Also, with vSphere HA, a
failed response to a configured VMware Tools heartbeat automatically
reboots the virtual machine onto another operational host within the vSphere
cluster. This detection usually occurs within seconds. A virtual machine can
be fully rebooted within minutes, providing redundancy for vSphere host
failures and virtual machine operating system crashes. vSphere HA does not
have any knowledge of the application running inside the virtual machine.
This separately licensed vCenter Server plug-in provides vCenter Server
protection (physical or virtual) and can protect against failure of hosts.
vCenter Server Heartbeat also adds application-level monitoring and
intelligence of all vCenter Server components. vCenter Server Heartbeat is
installed directly onto the vCenter Server or vCenter Server component, and
replicates changes to a cloned virtual machine. The cloned virtual machine
can take over when a failure event is triggered. The recovery can be
accomplished by restarting the component, by restarting the entire
application, or by the entire failover of the component or application to one
or more paired virtual machines. Recovery time is measured in minutes.
vCenter Single Sign-On Deployment Modes and High Availability
To determine the best deployment mode for vCenter Single Sign-On availability, consider the environment
that vCenter Single Sign-On will serve.
Single vCenter Server
with local vCenter
Single Sign-On in Basic
deployment mode
Multiple vCenter
Servers in a single
location
In the simplest deployment of vCenter Single Sign-On for high availability,
you install vCenter Single Sign-On in Basic deployment mode, local to
vCenter Server, and then add the availability solution. If the single machine
that hosts vCenter Server and vCenter Single Sign-On is virtual, you can
place it in a vSphere HA-enabled cluster and protect it with no further
configuration. If you require protection at the application level, you can use
vCenter Server Heartbeat. If vCenter Server and vCenter Single Sign-On are
hosted on a physical server, vCenter Server Heartbeat is the only solution for
availability.
In this environment, a dedicated, standalone vCenter Single Sign-On
instance serves multiple vCenter Server instances in one physical location. If
vCenter Single Sign-On is hosted on a virtual machine, you can place the
standalone vCenter Single Sign-On server in a vSphere HA-enabled cluster
and protect vCenter Single Sign-On with no further configuration. If you
require application-level protection, you can use vCenter Server Heartbeat.
36 VMware, Inc.
Chapter 4 Preparing for the Upgrade to vCenter Server
vCenter Server Heartbeat is the only solution for availability if vCenter
Single Sign-On is on a physical server. With either vSphere HA or vCenter
Server Heartbeat, this deployment provides complete protection of the
centralized vCenter Single Sign-On environment.
Geographically
dispersed vCenter
Servers
If your vSphere deployment includes vCenter Servers in different locations,
it is not advisable to use a remote centralized vCenter Single Sign-On
environment for vCenter Server authentication. Instead, you can provide one
or more vCenter Single Sign-On instances at each location. Depending on the
deployment of vCenter Servers at each location, you can use one of the same
availability strategies described above in the options "Single vCenter Server
with local vCenter Single Sign-On in Basic deployment mode" and "Multiple
vCenter Servers in a single location with one vCenter Single Sign-On server."
vCenter Single Sign-On Components
vCenter Single Sign-On includes the Security Token Service (STS), an administration server, and vCenter
Lookup Service, as well as the VMware Directory Service (vmdir).
The components are deployed as part of installation.
STS (Security Token
Service)
Administration server
STS certificates enable a user who has logged on through vCenter Single
Sign-On to use any vCenter service that vCenter Single Sign-On supports
without authenticating to each one. The STS service issues Security Assertion
Markup Language (SAML) tokens. These security tokens represent the
identity of a user in one of the identity source types supported by vCenter
Single Sign-On.
The administration server allows users with administrator privileges to
vCenter Single Sign-On to configure the vCenter Single Sign-On server and
manage users and groups from the vSphere Web Client. Initially, only the
user administrator@vsphere.local has these privileges.
vCenter Lookup Service
VMware Directory
Service
vCenter Lookup Service contains topology information about the vSphere
infrastructure, enabling vSphere components to connect to each other
securely. Unless you are using Simple Install, you are prompted for the
Lookup Service URL when you install other vSphere components. For
example, the Inventory Service and the vCenter Server installers ask for the
Lookup Service URL and then contact the Lookup Service to find vCenter
Single Sign-On. After installation, the Inventory Service and vCenter Server
system are registered in vCenter Lookup Service so other vSphere
components, like the vSphere Web Client, can find them.
Directory service associated with the vsphere.local domain. This service is a
multi-tenanted, multi-mastered directory service that makes an LDAP
directory available on port 11711. In multisite mode, an update of VMware
Directory Service content in one VMware Directory Service instance results
in the automatic update of the VMware Directory Service instances
associated with all other vCenter Single Sign-On nodes.
Setting the vCenter Server Administrator User
The way you set the vCenter Server administrator user depends on your vCenter Single Sign On
deployment.
In vSphere versions before vSphere 5.1, vCenter Server administrators are the users that belong to the local
operating system administrators group.
VMware, Inc. 37
vSphere Upgrade
In vSphere 5.1.x and 5.5, when you install vCenter Server, you must provide the default (initial)
vCenter Server administrator user or group. For deployments where vCenter Server and vCenter Single
Sign-On are on the same host machine, you can designate the local operating system group Administrators
as vCenter Server administrative users. This option is the default. This behavior is unchanged from
vCenter Server 5.0.
For larger installations, where vCenter Single Sign-On and vCenter Server are deployed on different hosts,
you cannot preserve the same behavior as in vCenter Server 5.0. Instead, assign the vCenter Server
administrator role to a user or group from an identity source that is registered in the vCenter Single Sign-On
server: Active Directory, OpenLDAP, or the system identity source.
Authenticating to the vCenter Server Environment
In vCenter Server versions 5.1 and later, users authenticate through vCenter Single Sign-On.
In vCenter Server versions earlier than vCenter Server 5.1, when a user connects to vCenter Server, vCenter
Server authenticates the user by validating the user against an Active Directory domain or the list of local
operating system users.
The user administrator@vsphere.local has vCenter Single Sign-On administrator privileges by default. When
logged in to the vCenter Single Sign-On server from the vSphere Web Client, the
administrator@vsphere.local user can assign vCenter Single Sign-On administrator privileges to other users.
These users might be different from the users that administer vCenter Server.
Users can log in to vCenter Server with the vSphere Web Client. Users authenticate to vCenter Single SignOn. Users can view all the vCenter Server instances that the user has permissions on. After users connect to
vCenter Server, no further authentication is required. The actions users can perform on objects depend on
the user's vCenter Server permissions on those objects.
For more information about vCenter Single Sign-On, see vSphere Security.
How vCenter Single Sign-On Affects Log In Behavior
vCenter Single Sign-On log in behavior depends on the domain the user belongs to and the identity sources
that you have added to vCenter Single Sign-On.
When a user logs in to a vCenter Server system from the vSphere Web Client, the login behavior depends on
whether the user is in the default domain.
Users who are in the default domain can log in with their user name and password.
n
Users who are in a domain that has been added to vCenter Single Sign-On as an identity source but is
n
not the default domain can log in to vCenter Server but must specify the domain in one of the following
ways.
Including a domain name prefix, for example, MYDOMAIN\user1
n
Including the domain, for example, user1@mydomain.com
n
Users who are in a domain that is not a vCenter Single Sign-On identity source cannot log in to
n
vCenter Server. If the domain that you add to vCenter Single Sign-On is part of a domain hierarchy,
Active Directory determines whether users of other domains in the hierarchy are authenticated or not.
After installation on a Windows system, the user administrator@vsphere.local has administrator privileges
to both the vCenter Single Sign-On server and to the vCenter Server system.
After you deploy the vCenter Virtual Appliance, the user administrator@vsphere.local has administrator
privileges to both the vCenter Single Sign-On server and to the vCenter Server system. The user
root@localos has administrative privileges on the vCenter Single Sign-On server and can authenticate to the
vCenter Server system. Assign permissions to root@localos to allow that user access to the vCenter Server
system.
38 VMware, Inc.
Chapter 4 Preparing for the Upgrade to vCenter Server
Identity Sources for vCenter Server with vCenter Single Sign-On
Identity sources allow you to attach one or more domains to vCenter Single Sign-On. A domain is a
repository for users and groups that the vCenter Single Sign-On server can use for user authentication.
An identity source is a collection of user and group data. The user and group data is stored in Active
Directory, OpenLDAP, or locally to the operating system of the machine where vCenter Single Sign-On is
installed. Upon installation, every instance of vCenter Single Sign-On has the Local OS identity source
identity source vpshere.local. This identity source is internal to vCenter Single Sign-On.
A vCenter Single Sign-On administrator user can create vCenter Single Sign-On users and groups.
Types of Identity Sources
vCenter Server versions earlier than version 5.1 supported Active Directory and local operating system
users as user repositories. As a result, local operating system users could always authenticate to the
vCenter Server system. vCenter Server version 5.1 and version 5.5 uses vCenter Single Sign-On for
authentication. See the vSphere 5.1 documentation for a list of supported identity sources with vCenter
Single Sign-On 5.1. vCenter Single Sign-On 5.5 supports the following types of user repositories as identity
sources, but supports only one default identity source.
Active Directory versions 2003 and later. vCenter Single Sign-On allows you to specify a single Active
n
Directory domain as an identity source. The domain can have child domains or be a forest root domain.
Shown as Active Directory (Integrated Windows Authentication) in the vSphere Web Client.
Active Directory over LDAP. vCenter Single Sign-On supports multiple Active Directory over LDAP
n
identity sources. This identity source type is included for compatibility with the vCenter Single Sign-On
service included with vSphere 5.1. Shown as Active Directory as an LDAP Server in the vSphere Web
Client.
OpenLDAP versions 2.4 and later. vCenter Single Sign-On supports multiple OpenLDAP identity
n
sources. Shown as OpenLDAP in the vSphere Web Client.
Local operating system users. Local operating system users are local to the operating system where the
n
vCenter Single Sign-On server is running. The local operating system identity source exists only in basic
vCenter Single Sign-On server deployments and is not available in deployments with multiple vCenter
Single Sign-On instances. Only one local operating system identity source is allowed. Shown as localos
in the vSphere Web Client.
vCenter Single Sign-On system users. Exactly one system identity source named vsphere.local is created
n
when you install vCenter Single Sign-On. Shown as vsphere.local in the vSphere Web Client.
NOTE At any time, only one default domain exists. If a user from a non-default domain logs in, that user
must add the domain name (DOMAIN\user) to authenticate successfully.
vCenter Single Sign-On identity sources are managed by vCenter Single Sign-On administrator users.
You can add identity sources to a vCenter Single Sign-On server instance. Remote identity sources are
limited to Active Directory and OpenLDAP server implementations.
For more information about vCenter Single Sign-On, see vSphere Security.
Login Behavior
When a user logs in to a vCenter Server system from the vSphere Web Client, the login behavior depends on
whether the user is in the default domain.
Users who are in the default domain can log in with their user name and password.
n
VMware, Inc. 39
vSphere Upgrade
Users who are in a domain that has been added to vCenter Single Sign-On as an identity source but is
n
not the default domain can log in to vCenter Server but must specify the domain in one of the following
ways.
Including a domain name prefix, for example, MYDOMAIN\user1
n
Including the domain, for example, user1@mydomain.com
n
Users who are in a domain that is not a vCenter Single Sign-On identity source cannot log in to
n
vCenter Server. If the domain that you add to vCenter Single Sign-On is part of a domain hierarchy,
Active Directory determines whether users of other domains in the hierarchy are authenticated or not.
vCenter Single Sign-On does not propagate permissions that result from nested groups from dissimilar
identity sources. For example, if you add the Domain Administrators group to the Local Administrators
group, the permissions is not propagated because Local OS and Active Directory are separate identity
sources.
vCenter Server Upgrade Summary
The upgrade to vCenter Server 5.5 affects other software components of your datacenter.
Table 4-2 summarizes the effect on your datacenter components.
Table 4‑2. Upgrading vCenter Server and Related Components
Product or Component Description
vCenter Server Verify support for the upgrade path from your current version of vCenter Server to the
version that you are upgrading to. See the VMware Product Interoperability Matrix at
http://www.vmware.com/resources/compatibility/sim/interop_matrix.php.
vCenter Server database Verify that your database is supported for the vCenter Server version that you are
upgrading to. Upgrade the database if necessary. See the VMware Product
Interoperability Matrix at
http://www.vmware.com/resources/compatibility/sim/interop_matrix.php.
NOTE The version 5.5 vCenter Server Appliance uses PostgreSQL for the embedded
database. For external databases, the vCenter Server Appliance supports only Oracle
databases, in the same versions shown in the VMware Product Interoperability Matrix
for the version of vCenter Server that you are upgrading to.
vSphere Web Client Verify that your vSphere Web Client works with the vCenter Server version that you are
upgrading to. For best performance and compatibility, upgrade your vSphere Web Client
to the same version as your vCenter Server. See the VMware Product Interoperability
Matrix at http://www.vmware.com/resources/compatibility/sim/interop_matrix.php.
ESX and ESXi hosts Verify that your ESX or ESXi host works with the vCenter Server version that you are
upgrading to.Upgrade if necessary. See the VMware Product Interoperability Matrix at
http://www.vmware.com/resources/compatibility/sim/interop_matrix.php.
VMFS2 volumes Supported as read-only (deprecated).
VMFS3 volumes No change.
VMDK2 virtual disk Not supported.
VMDK3 virtual disk Not supported.
Virtual machines Upgrade options depend on your current version. See Chapter 9, “Upgrading Virtual
Machines and VMware Tools,” on page 213.
VMware Tools Upgrade options depend on your current version. See the information about upgrading
VMware Tools in Chapter 9, “Upgrading Virtual Machines and VMware Tools,” on
page 213.
Auto Deploy 5.0.x and 5.1 x To ensure compatibility and best performance, upgrade to Auto Deploy 5.5 when you
upgrade to vCenter Server 5.5.
40 VMware, Inc.
Chapter 4 Preparing for the Upgrade to vCenter Server
Required Information for Installing or Upgrading vCenter Single SignOn, Inventory Service, vCenter Server, and the vSphere Web Client
Prepare for the vCenter Server installation by recording the values that vCenter Server and related
components require.
The vCenter Single Sign-On, vSphere Web Client, vCenter Inventory Service, and vCenter Server
installation wizards prompt you for the installation or upgrade information. Keep a record of the values
entered, in case you must reinstall vCenter Server. You can print this topic as a worksheet to record the
information that you need for the installation or upgrade of vCenter Single Sign-On, the
vSphere Web Client, Inventory Service, and vCenter Server.
The following tables list the required information for installing or upgrading vCenter Single Sign-On, the
vSphere Web Client, vCenter Inventory Service, vCenter Server.
Table 4-3.
n
Table 4-4.
n
Table 4-5.
n
Table 4-6.
n
NOTE Depending on the type of installation or upgrade you are doing, some entries might not be required.
Table 4‑3. Information Required for vCenter Single Sign-On Installation.
Required Information Default Your Entry
Setup Language.
This selection controls the language only for the installer.
vCenter Single Sign-On HTTPS port. 7444
vCenter Single Sign-On deployment type.
Choose from the following options:
vCenter Single Sign-On for your first vCenter Server. Select
n
this option to create a new vCenter Single Sign-On server,
which will become the first vCenter Single Sign-On server in a
new domain..
vCenter Single Sign-On for an additional vCenter Server in an
n
existing
site. Select this option to create an additional vCenter Single
Sign-On server that replicates information from an existing
vCenter Single Sign-On server in the domain.
vCenter Single Sign-On for an additional vCenter Server with a
n
new
site. Select this option to create an additional vCenter Single
Sign-On server that replicates information from an existing
vCenter Single Sign-On server in a different site.
Domain name. vsphere.local You cannot change the
User name. administrator@vsphere
English
.local
domain name from the
default during
installation.
You cannot change the
user name from the
default during
installation.
VMware, Inc. 41
vSphere Upgrade
Table 4‑3. Information Required for vCenter Single Sign-On Installation. (Continued)
Required Information Default Your Entry
Password for the vCenter Single Sign-On administrator account in
the default domain.
You must use the same vCenter Single Sign-On password name
when you install or upgrade vCenter Single Sign-On, Inventory
Service, vCenter Server, and the vSphere Web Client.
IMPORTANT Be sure to record the password. If you need to restore
the vCenter Single Sign-On configuration from a backup, the
restore process requires the password you enter for the original
vCenter Single Sign-On installation, even if you change the
password later.
By default, the password must have at least eight characters, at
least one lowercase character, one uppercase character, one
number, and one special character. See the vSphere Security
documentation for information about changing the password
policy. The following characters are not supported in passwords:
non-ASCII characters, semicolon (;), double quotation mark ("),
single quotation mark ('), circumflex (^), and backslash (\).
Site name.
Your name for the vCenter Single Sign-On site.
Partner host name. Required only if you are installing additional
vCenter Single Sign-On servers.
The partner host name is the DNS name of the existing vCenter
Single Sign-On server to replicate from.
Table 4‑4. Information Required for the vSphere Web Client Installation
Required Information Default Your Entry
Setup Language.
This selection controls the language only for the installer.
Destination folder.
The folder to install the vSphere Web Client in. The installation
path cannot contain the following characters: non-ASCII characters,
commas (,), periods (.), exclamation points (!), pound signs (#), at
signs (@), or percentage signs (%).
If 8.3 name creation is disabled on the host machine, do not install
the vSphere Web Clientin a directory that does not have an 8.3
short name or has a name that contains spaces. This situation will
make the vSphere Web Client inaccessible.
vCenter Single Sign-On HTTPS port. 9090
vCenter Single Sign-On HTTPS port. 9443
vCenter Single Sign-On administrator user name.
The entry is case sensitive, and must match the administrator user
name you enter when you install vCenter Single Sign-On
English
C:\Program
Files\VMware\Infra
structure
administrator@vsphere
.local
42 VMware, Inc.
Chapter 4 Preparing for the Upgrade to vCenter Server
Table 4‑4. Information Required for the vSphere Web Client Installation (Continued)
Required Information Default Your Entry
Password for the vCenter Single Sign-On administrator account in
the default domain.
You must use the same vCenter Single Sign-On password when
you install or upgrade vCenter Single Sign-On, Inventory Service,
vCenter Server, and the vSphere Web Client.
IMPORTANT Be sure to record the password. If you need to restore
the vCenter Single Sign-On configuration from a backup, the
restore process requires the password you enter for the original
vCenter Single Sign-On installation, even if you change the
password later.
Lookup Service URL.
The Lookup Service URL takes the form
https://SSO_host_FQDN_or_IP:7444/lookupservice/sdk, where 7444
is the default vCenter Single Sign-On HTTPS port number. This
entry must match the URL you enter when you install vCenter
Inventory Service.
Table 4‑5. Information Required for vCenter Inventory Service Installation or Upgrade
Required Information Default Your Entry
Setup Language.
This selection controls the language only for the installer.
Destination folder.
The folder to install Inventory Service in. The installation path
cannot contain the following characters: non-ASCII characters,
commas (,), periods (.), exclamation points (!), pound signs (#), at
signs (@), or percentage signs (%).
Fully Qualified Domain Name.
The FQDN for the Inventory Service local system.
vCenter Inventory
Service HTTPS port.
vCenter Inventory
Service management
port.
See “Required Ports for vCenter
Server,” on page 25.
vCenter Inventory
Service Linked Mode
communication port.
Inventory size.
The inventory size of your vCenter Server deployment:
Small (less than 100 hosts or 1000 virtual machines.
n
Medium (100-400 hosts or 1000-4000 virtual machines.
n
Large (more than 400 hosts or 4000 virtual machines.
n
This setting determines the maximum JVM heap settings for
VMware VirtualCenter Management Webservices (Tomcat),
Inventory Service, and Profile-Driven Storage Service. You can
adjust this setting after installation if the number of hosts in your
environment changes. See the recommendations in “Hardware
Requirements for vCenter Server, the vSphere Web Client, vCenter
Inventory Service, and vCenter Single Sign-On,” on page 19.
English
C:\Program
Files\VMware\Infra
structure
10443
10109
10111
VMware, Inc. 43
vSphere Upgrade
Table 4‑5. Information Required for vCenter Inventory Service Installation or Upgrade (Continued)
Required Information Default Your Entry
User name for the vCenter Single Sign-On administrator user
account.
You must use the same vCenter Single Sign-On user name and
password name when you install vCenter Single Sign-On, and
install or upgrade Inventory Service, vCenter Server, and the
vSphere Web Client.
Lookup Service URL.
The Lookup Service URL takes the form
https://SSO_host_FQDN_or_IP:7444/lookupservice/sdk, where 7444
is the default vCenter Single Sign-On HTTPS port number. If you
enter a different port number when you install vCenter Single
Sign-On, use that port number.
Table 4‑6. Information Required for vCenter Server Installation or Upgrade
Required Information Default Your Entry
Setup Language.
This selection controls the language only for the installer.
vCenter Server license key.
If you omit the license key, vCenter Server is installed in
evaluation mode. After you install vCenter Server, you can enter
the vCenter Server license in the vSphere Web Client.
Data source name (DSN).
Required if you use an existing database. Not required if you are
using the bundled Microsoft SQL Server 2008 Express database.
Leading and trailing spaces are not supported. Remove spaces
from the beginning or end of the DSN.
Database user
name.
Database
password.
JDBC URL for database.
Required if you use an existing database. The vCenter Server
installer should generate and validate the JDBC URL for the
vCenter Server database. If the installer fails to connect to the
database by using the generated JDBC URL, the installer prompts
you to specify the JDBC URL.
The format of the JDBC URL depends on the database that you are
using. See “JDBC URL Formats for the vCenter Server Database,”
on page 55.v
vCenter Server Service account information.
Can be the Microsoft Windows system account or a user-specified
account. Use a user-specified account if you plan to use Microsoft
Windows authentication for SQL Server.
Fully qualified domain name (FQDN) for the vCenter Server
machine
The FQDN of the system that you are installing vCenter Server on.
The vCenter Server installer checks that the FQDN is resolvable. If
not, a warning message appears. Change the entry to a resolvable
FQDN. You must enter the FQDN, not the IP address.
Standalone or join group.
Join a Linked Mode group to enable the vSphere Web Client to
view, search, and manage data across multiple vCenter Server
systems.
administrator
English
Required to use an existing database. Not
required if you are using the bundled
database. Non-ASCII characters are not
supported.
Microsoft Windows
system account
Standalone
44 VMware, Inc.
Chapter 4 Preparing for the Upgrade to vCenter Server
Table 4‑6. Information Required for vCenter Server Installation or Upgrade (Continued)
Required Information Default Your Entry
Fully qualified domain name of Directory Services for the vCenter
Server group.
The FQDN of a remote instance of vCenter Server. Required if this
instance of vCenter Server is joining a group. The local and remote
instances will be members of a Linked Mode group.
LDAP port for the Directory Services for the remote vCenter Server
instance.
The LDAP port of the remote instance. Required if this instance of
vCenter Server is joining a Linked Mode group. See “Required
Ports for vCenter Server,” on page 25.
vCenter Server
HTTPS port.
vCenter Server
HTTP port.
Heartbeat port
(UDP) used for
sending data to
ESX/ESXi hosts.
VMware
VirtualCenter
Management
Webservices.
VMware
VirtualCenter
Management
See “Required Ports for vCenter Server,” on
page 25.
Webservices.
Web Services
change service
notification port.
LDAP port for
the Directory
Services for the
local vCenter
Server instance.
SSL port for the
Directory
Services for the
local vCenter
Server instance.
Ephemeral ports.
Select Increase the number of available ephemeral ports if your
vCenter Server manages hosts on which you will power on more
than 2000 virtual machines simultaneously. This option prevents
the pool of available ephemeral ports from being exhausted.
389
443
80
902
8080
8443
60099
389
636
VMware, Inc. 45
vSphere Upgrade
Table 4‑6. Information Required for vCenter Server Installation or Upgrade (Continued)
Required Information Default Your Entry
Inventory size.
The inventory size of your vCenter Server deployment:
n
n
n
This setting determines the maximum JVM heap settings for
VMware VirtualCenter Management Webservices (Tomcat),
Inventory Service, and Profile-Driven Storage Service. You can
adjust this setting after installation if the number of hosts in your
environment changes. See the recommendations in “Hardware
Requirements for vCenter Server, the vSphere Web Client, vCenter
Inventory Service, and vCenter Single Sign-On,” on page 19.
User name for
the vCenter
Single Sign-On
administrator
user account.
Password for the
vCenter Single
Sign-On
administrator
user account.
Lookup Service URL.
The Lookup Service URL takes the form
https://SSO_host_FQDN_or_IP:7444/lookupservice/sdk, where 7444
is the default vCenter Single Sign-On HTTPS port number. If you
enter a different port number when you install vCenter Single
Sign-On, use that port number.
Inventory Service URL.
The inventory Service URL takes the form
https://Inventory_Service_host_FQDN_or_IP:10443. 10443 is the
default Inventory Service HTTPS port number. If you enter a
different port number when you install Inventory Service, use that
port number.
Destination folder.
The folder to install vCenter Server in. The installation path cannot
contain the following characters: non-ASCII characters, commas (,),
periods (.), exclamation points (!), pound signs (#), at signs (@), or
percentage signs (%).
Small (less than 100 hosts or 1000 virtual machines.
Medium (100-400 hosts or 1000-4000 virtual machines.
Large (more than 400 hosts or 4000 virtual machines.
administrator
You must use the same vCenter Single SignOn user name and password name when you
install vCenter Single Sign-On, and install or
upgrade Inventory Service, vCenter Server,
and the vSphere Web Client.
C:\Program
Files\VMware\Infra
structure
Best Practices for vCenter Server Upgrades
When you upgrade vCenter Server, you must understand and follow the best practices process for a
successful upgrade.
To ensure that each upgrade is successful, follow these best practices:
1 Make sure that you understand the vCenter Server upgrade process, the effect of that process on your
existing deployment, and the preparation required for the upgrade.
If your vSphere system includes VMware solutions or plug-ins, make sure they are compatible
n
with the vCenter Server version that you are upgrading to. See the VMware Product
Interoperability Matrix at
http://www.vmware.com/resources/compatibility/sim/interop_matrix.php.
Read all the subtopics in Chapter 4, “Preparing for the Upgrade to vCenter Server,” on page 31.
n
46 VMware, Inc.
Read the VMware vSphere Release Notes for known installation issues.
n
If your vSphere installation is in a VMware View environment, see “Upgrading vSphere
n
Components Separately in a Horizon View Environment,” on page 218.
2 Prepare your system for the upgrade.
Make sure your system meets requirements for the vCenter Server version that you are upgrading
n
to. See Chapter 3, “System Requirements,” on page 15 and the VMware Product Interoperability
Matrix at http://www.vmware.com/resources/compatibility/sim/interop_matrix.php.
Verify that your existing database is supported for the vCenter Server version that you are
n
upgrading to. See the VMware Product Interoperability Matrix at
http://www.vmware.com/resources/compatibility/sim/interop_matrix.php.
Make sure that your vCenter Server database is prepared and permissions are correctly set. See the
n
information about preparing vCenter Server databases in the vSphere Installation and Setup
documentation.
Review the prerequisites for the upgrade. See “Prerequisites for the vCenter Server Upgrade,” on
n
page 48.
3 Back up your vCenter Server databases and SSL certificates
Make a full backup of the vCenter Server database and the vCenter Inventory Service database. For
n
the vCenter Server database, see the vendor documentation for your vCenter Server database type.
For the Inventory Service database, see the topics "Back Up the Inventory Service Database on
Windows" and "Back Up the Inventory Service Database on Linux" in the vSphere Installation and
Setup documentation.
Chapter 4 Preparing for the Upgrade to vCenter Server
Back up the SSL certificates that are on the vCenter Server system before you upgrade to vCenter
n
Server 5.5. The default location of the SSL certificates is %allusersprofile%\Application
Data\VMware\VMware VirtualCenter.
4 Stop the VMware VirtualCenter Server service.
5 Run the vCenter Host Agent Pre-Upgrade Checker, and resolve any issues. See “Run the vCenter Host
Agent Pre-Upgrade Checker,” on page 58.
6 Make sure that no processes are running that conflict with the ports that vCenter Server uses. See
“Required Ports for vCenter Server,” on page 25.
7 Upgrade vCenter Server and required components.
See the appropriate procedure for your existing vCenter Server deployment:
“Use Simple Install to Upgrade vCenter Server and Required Components,” on page 65
n
“Use Custom Install to Upgrade a Basic vCenter Single Sign-On Deployment of Version 5.1.x
n
vCenter Server and Required Components,” on page 77
“Use Custom Install to Upgrade vCenter Server from a Version 5.1.x High Availability vCenter
n
Single Sign-On Deployment,” on page 83
“Use Custom Install to Upgrade vCenter Server from a Version 5.1.x Multisite vCenter Single Sign-
n
On Deployment,” on page 92
8 Configure new vSphere 5.5 licenses.
9 Review the topics in Chapter 6, “After You Upgrade vCenter Server,” on page 125 for postupgrade
requirements and options.
VMware, Inc. 47
vSphere Upgrade
Prerequisites for the vCenter Server Upgrade
Before you begin the upgrade to vCenter Server, make sure you prepare the vCenter Server system and the
database.
Prerequisites for Understanding and Preparing for the Upgrade Process
vCenter Server 5.5 requires vCenter Single Sign-On and Inventory Service. Install or update these
n
components in this order: vCenter Single Sign-On, the vSphere Web Client, Inventory Service, and
vCenter Server. Review the topics in the section “How vCenter Single Sign-On Affects vCenter Server
Upgrades,” on page 32
Review the release notes for known issues or special installation notes.
n
Gather the information that is required to complete the installation wizard. See “Required Information
n
for Installing or Upgrading vCenter Single Sign-On, Inventory Service, vCenter Server, and the vSphere
Web Client,” on page 41.
Download the vCenter Server installer from the VMware Web site.
n
System Prerequisites
Verify that your system meets the requirements listed in “Hardware Requirements for vCenter Server,
n
the vSphere Web Client, vCenter Inventory Service, and vCenter Single Sign-On,” on page 19 and
“vCenter Server Software Requirements,” on page 24, and that the required ports are open, as discussed
in “Required Ports for vCenter Server,” on page 25.
If your vSphere system includes VMware solutions or plug-ins, make sure they are compatible with the
n
vCenter Server version that you are upgrading to. See the VMware Product Interoperability Matrix at
http://www.vmware.com/resources/compatibility/sim/interop_matrix.php.
Before you upgrade any vCenter Server that belongs to a Linked Mode group, remove it from the
n
Linked Mode group. Upgrading vCenter Servers that are members of a Linked Mode group can cause
the upgrade to fail, and can leave vCenter Servers in an unusable state. After you upgrade all members
of a Linked Mode group to version 5.5, you can rejoin them.
If you do not intend to use evaluation mode, make sure that you have valid license keys for all
n
purchased functionality. License keys from vSphere versions prior to version 5.0 are not supported in
vCenter Server 5.x. If you do not have the license key, you can install in evaluation mode and use the
vSphere Web Client to enter the license key later.
Close all instances of the vSphere Web Client.
n
Verify that the system on which you are upgrading vCenter Server is not an Active Directory primary
n
or backup domain controller.
Either remove any ESX Server 2.x or 3.x hosts from the vCenter Server inventory or upgrade these hosts
n
to version 4.0 or later.
Before you install or upgrade any vSphere product, synchronize the clocks of all machines on the
n
vSphere network. See “Synchronizing Clocks on the vSphere Network,” on page 53.
Verify that the fully qualified domain name (FQDN) of the system where you will upgrade vCenter
n
Server is resolvable. To check that the FQDN is resolvable, type nslookup your_vCenter_Server_fqdn at
a command line prompt. If the FQDN is resolvable, the nslookup command returns the IP and name of
the domain controller machine.
Run the vCenter Host Agent Pre-Upgrade Checker.
n
48 VMware, Inc.
Chapter 4 Preparing for the Upgrade to vCenter Server
The installation path of the previous version of vCenter Server must be compatible with the installation
n
requirements for Microsoft Active Directory Application Mode (ADAM/AD LDS). The installation path
cannot contain any of the following characters: non-ASCII characters, commas (,), periods (.),
exclamation points (!), pound signs (#), at signs (@), or percentage signs (%). If your previous version of
vCenter Server does not meet this requirement, you must perform a clean installation of vCenter Server.
Back up the SSL certificates that are on the vCenter Server system before you upgrade to vCenter
n
Server 5.5. The default location of the SSL certificates is %allusersprofile%\Application
Data\VMware\VMware VirtualCenter.
Make sure that SSL certificate checking is enabled for all vSphere HA clusters. If certificate checking is
n
not enabled when you upgrade, HA will fail to configure on the hosts. Select Administration > vCenter
Server Settings > SSL Settings > vCenter requires verified host SSL certificates. Follow the
instructions to verify each host SSL certificate and click OK.
If the vCenter Server 4.x environment that you are upgrading includes Guided Consolidation 4.x,
n
uninstall Guided Consolidation before upgrading to vCenter Server 5.5.
Before the vCenter Server installation, in the Administrative Tools control panel of the vCenter Single
n
Sign-On instance that you will register vCenter Server to, verify that the following services are started:
VMware Certificate Service, VMware Directory service , VMware Identity Manager Service, VMware
KDC service, and tcruntime-C-ProgramData-VMware-cis-runtime-VMwareSTSService.
You must log in as a member of the Administrators group on the host machine, with a user name that
n
does not contain any non-ASCII characters.
Network Prerequisites
Verify that DNS reverse lookup returns a fully qualified domain name when queried with the IP
n
address of the vCenter Server. When you upgrade vCenter Server, the installation of the web server
component that supports the vSphere Web Client fails if the installer cannot look up the fully qualified
domain name of the vCenter Server from its IP address. Reverse lookup is implemented using PTR
records. To create a PTR record, see the documentation for your vCenter Server host operating system.
If you use DHCP instead of a manually assigned (static) IP address for vCenter Server, make sure that
n
the vCenter Server computer name is updated in the domain name service (DNS). Test this is by
pinging the computer name. For example, if the computer name is host-1.company.com, run the
following command in the Windows command prompt:
ping host-1.company.com
If you can ping the computer name, the name is updated in DNS.
Ensure that the ESXi host management interface has a valid DNS resolution from the vCenter Server
n
and all vSphere Web Clients. Ensure that the vCenter Server has a valid DNS resolution from all ESXi
hosts and all vSphere Web Clients.
If you will use Active Directory as an identity source, verify that it is set up correctly. The DNS of the
n
vCenter Single Sign-On Server host machine must contain both lookup and reverse lookup entries for
the domain controller of the Active Directory. For example, pinging mycompany.com should return the
domain controller IP address for mycompany. Similarly, the ping -a command for that IP address
should return the domain controller hostname. Avoid trying to correct name resolution issues by
editing the hosts file. Instead, make sure that the DNS server is correctly set up. For more information
about configuring Active Directory, see the Microsoft Web site. Also, the system clock of the vCenter
Single Sign-On Server host machine must be synchronized with the clock of the domain controller.
VMware, Inc. 49
vSphere Upgrade
Prerequisites for All vCenter Server Databases
If your database server is not supported by vCenter Server, perform a database upgrade to a supported
n
version or import your database into a supported version. See “Supported Database Upgrades,” on
page 52.
Perform a complete backup of the vCenter Server database before you begin the upgrade.
n
To remove the DBO role, you can migrate all objects in the DBO schema to a custom schema. See the
VMware knowledge base article at http://kb.vmware.com/kb/1036331.
You must have login credentials, the database name, and the database server name that will be used by
n
the vCenter Server database. The database server name is typically the ODBC System database source
name (DSN) connection name for the vCenter Server database.
Review “Supported Database Upgrades,” on page 52.
n
Prerequisites for Microsoft SQL Databases
To use a newly supported Microsoft SQL database, such as Microsoft SQL 2008, you do not need to
n
perform a clean installation of vCenter Server if your existing database is also Microsoft SQL Server. For
example, you can upgrade a Microsoft SQL Server 2000 database to Microsoft SQL Server 2005 or
Microsoft SQL Server 2008 and then upgrade vCenter Server 4.0 or higher to vCenter Server 5.5. When
you migrate the database from Microsoft SQL Server 2000 to Microsoft SQL Server 2005 or higher, set
the compatibility level of the database to 90.
JDK 1.6 must be installed on the vCenter Server machine. In addition, sqljdbc4.jar must be added to
n
the CLASSPATH variable on the machine where vCenter Server is to be upgraded. If it is not installed
on your system, the vCenter Server installer installs it. The JDK 1.6 installation might require Internet
connectivity.
Your system DSN must be using the SQL Native Client driver.
n
Grant the following permissions to the vCenter user in the vCenter database:
n
GRANT ALTER ON SCHEMA :: <schema> to <user>;
GRANT REFERENCES ON SCHEMA :: <schema> to <user>;
GRANT INSERT ON SCHEMA :: <schema> to <user>;
GRANT CREATE TABLE to <user>;
GRANT CREATE VIEW to <user>;
GRANT CREATE Procedure to <user>;
Grant the following permissions to the user in the MSDB database:
GRANT SELECT on msdb.dbo.syscategories to <user>;
GRANT SELECT on msdb.dbo.sysjobsteps to <user>;
GRANT SELECT ON msdb.dbo.sysjobs to <user>;
GRANT EXECUTE ON msdb.dbo.sp_add_job TO <user>;
GRANT EXECUTE ON msdb.dbo.sp_delete_job TO <user>;
GRANT EXECUTE ON msdb.dbo.sp_add_jobstep TO <user>;
GRANT EXECUTE ON msdb.dbo.sp_update_job TO <user>;
GRANT EXECUTE ON msdb.dbo.sp_add_category TO <user>;
GRANT EXECUTE ON msdb.dbo.sp_add_jobserver TO <user>;
GRANT EXECUTE ON msdb.dbo.sp_add_jobschedule TO <user>;
50 VMware, Inc.
Prerequisites for Oracle Databases
To use a newly supported Oracle database, such as Oracle 11g, you do not need to perform a clean
n
installation of vCenter Server if your existing database is also Oracle. For example, you can upgrade
your existing Oracle 9i database to Oracle 10g or Oracle 11g and then upgrade vCenter Server 4.x to
vCenter Server 5.5.
The JDBC driver file must be included in the CLASSPATH variable.
n
Either assign the DBA role or grant the following permissions to the user:
n
grant connect to <user>
grant resource to <user>
grant create view to <user>
grant create any sequence to <user>
grant create any table to <user>
grant create materialized view to <user>
grant execute on dbms_job to <user>
grant execute on dbms_lock to <user>
grant unlimited tablespace to <user> # To ensure sufficient space
After the upgrade is complete, you can optionally remove the following permissions from the user
profile: create any sequence and create any table.
Chapter 4 Preparing for the Upgrade to vCenter Server
By default, the RESOURCE role has the CREATE PROCEDURE, CREATE TABLE, and CREATE
SEQUENCE privileges assigned. If the RESOURCE role lacks these privileges, grant them to the
vCenter Server database user.
vCenter Server Database Configuration Notes
After you choose a supported database type, make sure you understand any special configuration
requirements.
Table 4-7 is not a complete list of databases supported with vCenter Server. For information about specific
database versions and service pack configurations supported with vCenter Server, see the VMware Product
Interoperability Matrixes. This topic is intended only to provide special database configuration notes not
listed in the Product Interoperability Matrixes.
NOTE vCenter Update Manager also requires a database. VMware recommends that you use separate
databases for vCenter Server and vCenter Update Manager.
vCenter Server databases require a UTF code set.
See also “Supported Database Upgrades,” on page 52.
Table 4‑7. Configuration Notes for Databases Supported with vCenter Server
Database Type Configuration Notes
Microsoft SQL Server 2008
R2 Express
Microsoft SQL Server 2005 Ensure that the machine has a valid ODBC DSN entry.
Bundled database that you can use for small deployments of up to 5 hosts and 50 virtual
machines.
You cannot install the bundled database during an upgrade to vCenter Server. To use the
bundled database, Microsoft SQL Server 2008 R2 Express must be already installed or you
must perform a clean installation of vCenter Server.
NOTE This database is not supported for the vCenter Server Appliance.
NOTE This database is not supported for the vCenter Server Appliance.
VMware, Inc. 51
vSphere Upgrade
Table 4‑7. Configuration Notes for Databases Supported with vCenter Server (Continued)
Database Type Configuration Notes
Microsoft SQL Server 2008 Ensure that the machine has a valid ODBC DSN entry.
NOTE This database is not supported for the vCenter Server Appliance.
Oracle Ensure that the machine has a valid ODBC DSN entry.
After you complete the vCenter Server installation, take the following steps:
Apply the latest patch to the Oracle client and server.
n
Copy the Oracle JDBC driver (ojdbc14.jar or ojdbc5.jar) to the vCenter Server
n
installation directory, in the tomcat\lib subdirectory: vCenter install
location\Infrastructure\tomcat\lib.
In the Services section of the Windows Administrative Tools control panel, restart the
n
WMware VirtualCenter Management Webservices service.
The vCenter Server installer attempts to copy the Oracle JDBC driver from the Oracle client
location to the vCenter Server installation directory. If the Oracle JDBC driver is not found
in the Oracle client location, the vCenter Server installer prompts you to copy the file
manually. You can download the file from the oracle.com Web site.
Upgrading to vCenter Server on a Different Machine
Instead of performing an in-place upgrade to vCenter Server, you might want to use a different machine for
your upgrade. Because vCenter Server 5.x requires a 64-bit platform, you cannot upgrade from a version of
vCenter Server installed on a 32-bit platform.
The vCenter Server 5.0 installation media include a data migration tool. When you upgrade to version 5.0,
you can use this tool to migrate configuration information such as port settings, SSL certificates, and license
information from your existing vCenter Server host. This data migration tool is not supported for vCenter
Server versions 5.1 and later. You cannot directly migrate an existing vCenter Server to a different machine
during an upgrade to version 5.1.x or 5.5. You can migrate an existing vCenter Server to a different machine
during an upgrade to version 5.0, and then perform an in-place upgrade from version 5.0 to version 5.1.x or
5.5. See the version 5.0 vSphere Upgrade documentation.
Supported Database Upgrades
When you upgrade to vCenter Server 5.5, make sure that the upgraded version supports your database.
For a list of the specific database versions supported for the version of vCenter Server that you are
upgrading to, see the VMware Product Interoperability Matrix at
http://www.vmware.com/resources/compatibility/sim/interop_matrix.php.
NOTE The version 5.5 vCenter Server Appliance uses a PostgreSQL for the embedded database. For external
databases, the vCenter Server Appliance supports only Oracle databases, in the same versions shown in the
VMware Product Interoperability Matrix for the version of vCenter Server that you are upgrading to.
Confirm That vCenter Server Can Communicate with the Local Database
If your database is located on the same machine on which vCenter Server will be installed, and you have
changed the name of this machine, make sure the vCenter Server DSN is configured to communicate with
the new name of the machine.
Changing the vCenter Server computer name impacts database communication if the database server is on
the same computer with vCenter Server. If you changed the machine name, you can verify that
communication remains intact.
The name change has no effect on communication with remote databases. You can skip this procedure if
your database is remote.
52 VMware, Inc.
Chapter 4 Preparing for the Upgrade to vCenter Server
Check with your database administrator or the database vendor to make sure all components of the
database are working after you rename the server.
Prerequisites
Make sure the database server is running.
n
Make sure that the vCenter Server computer name is updated in the domain name service (DNS).
n
Procedure
1 Update the data source information, as needed.
2 Ping the computer name to test this connection.
For example, if the computer name is host-1.company.com, run the following command in the Windows
command prompt:
ping host-1.company.com
If you can ping the computer name, the name is updated in DNS.
Synchronizing Clocks on the vSphere Network
Before you install vCenter Single Sign-On, install the vSphere Web Client, or deploy the vCenter Server
Appliance, make sure that all machines on the vSphere network have their clocks synchronized.
If the clocks on vCenter Server network machines are not synchronized, SSL certificates, which are timesensitive, might not be recognized as valid in communications between network machines. Unsynchronized
clocks can result in authentication problems, which can cause the vSphere Web Client installation to fail or
prevent the vCenter Server Appliance vpxd service from starting.
Synchronize ESX and ESXi Clocks with a Network Time Server
Before you install vCenter Single Sign-On, the vSphere Web Client, or the vCenter Server appliance, make
sure all machines on the vSphere network have their clocks synchronized.
Procedure
1 From the vSphere Web Client, connect to the vCenter Server.
2 Select the host in the inventory.
3 Select the Manage tab.
4 Select Settings.
5 In the System section, select Time Configuration.
6 Click Edit and set up the NTP server.
a Select Use Network Time Protocol (Enable NTP client).
b Set the NTP Service Startup Policy.
c Enter the IP addresses of the NTP servers to synchronize with.
d Click Start or Restart in the NTP Service Status section.
7 Click OK.
The host synchronizes with the NTP server.
VMware, Inc. 53
vSphere Upgrade
Synchronize the vCenter Server Appliance Clock with an NTP Server
Before you deploy thevCenter Server Appliance, make sure all machines on the network have their clocks
synchronized. Unsynchronized clocks can cause installation and authentication errors.
On systems that are joined to a Windows domain, the vCenter Server Appliance clock is synchronized
automatically with the domain controller. On other systems, you can enable synchronizing the clock
through VMware Tools. As an alternative, you can use this procedure.
Procedure
1 Open a Web browser and navigate to thevCenter Server Appliance Management Interface
(https://vCenter-Appliance-Address:5480/).
2 Log in as root.
3 From the vCenter Server tab, select the Time subtab.
4 Select one or more of the available options.
Option Description
No synchronization
NTP synchronization
VMware Tools synchronization
Active Directory synchronization
5 Click Save Settings.
Does not perform synchronization.
Select this option and specify one or more NTP servers to configure the
appliance to synchronize with an NTP server directly.
Select this option to synchronize all virtual machines.
This option becomes available only if you add the appliance to an Active
Directory domain. If you select this option, none of the other options is
available.
The vCenter Server Appliance clock is synchronized with the NTP server.
Configure a Windows NTP Client for Network Clock Synchronization
The clocks of all servers on the vSphere network must be synchronized. You can configure a Windows NTP
client as a source for clock synchronization on Windows servers.
Use the registry editor on the Windows server to make the configuration changes.
Procedure
1 Enable NTP mode.
a Go to the registry setting
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
b Set the Type value to NTP.
2 Enable the NTP client.
a Go to the registry setting
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
b Set the AnnounceFlags value to 5.
54 VMware, Inc.
Chapter 4 Preparing for the Upgrade to vCenter Server
3 Enter the upstream NTP servers to synchronize from.
a Go to the registry setting
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders.
b Set the NtpServer value to a list of at least three NTP servers.
For example, you might set the value to 0x1 1.pool.ntp.org,0x1 2.pool.ntp.org,0x1 3.pool.ntp.org.
4 Specify a 150-minute update interval.
a Go to the registry setting
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\Nt
pClient,
b Set the SpecialPollInterval value to 900.
5 Restart the W32time service for the changes to take effect.
JDBC URL Formats for the vCenter Server Database
The vCenter Server installer generates and validates the JDBC URL for the vCenter Server database. If the
installer fails to connect to the database using the generated JDBC URL, the installer will prompt you to
specify the JDBC URL.
JDBC URL Note for All Databases
NOTE The domain name cannot contain the exclamation point character (!). Java interprets the exclamation
point as a jar file separator.
JDBC URL Formats for Microsoft SQL Server Databases
For Microsoft SQL Server databases, you can use the following example JDBC URLs as a model:
Connect to default (unnamed) SQL Server instance by host name:
n
jdbc:sqlserver://host;databaseName=database
Connect to named instance by host name and instance name:
n
jdbc:sqlserver://host;instanceName=instance;databaseName=database
Connect to SQL Server by host name and port:
n
jdbc:sqlserver://host:port;databaseName=database
Connect by port:
n
jdbc:sqlserver://localhost:1422;databaseName\=VIM_VCDB (user name, password, and database type
to be passed separately)
Connect to local server with integrated security:
n
jdbc:sqlserver://localhost\\SQLEXP_VIM;databaseName=VIM_VCDB;integratedSecurity=true
Connect to local server without integrated security:
n
jdbc:sqlserver://localhost\\SQLEXP_VIM;databaseName\=VIM_VCDB (user name, password, and
database type to be passed separately)
VMware vCenter Server JDBC configuration for Microsoft SQL Server might not work by default with direct
IPv6 addresses. You must use one of the following forms:
Use the host name form for a standard Type-4 JDBC URL (recommended):
n
jdbc:sqlserver://database-fully-qualified-host-name:port
VMware, Inc. 55
vSphere Upgrade
Use direct IPv6 address format:
n
jdbc:sqlserver://;serverName=[IPv6-address]
For more information about JDBC URL formatting for MS SQL databases, including port and instance
configuration options, see the msdn.microsoft.com Web site. At the time of this topic's publication, the
information was available at http://msdn.microsoft.com/en-us/library/ms378428.aspx.
JDBC URL Formats for Oracle Databases
For Oracle databases, you can use the following example JDBC URLs as a model:
This format requires host name and address, port (default 1521) and service name (for example,
n
"oracle.world"):
jdbc:oracle:thin:@host:port/service
This format requires host name and address, port (default 1521) and SID (for example, "ORCL"):
n
jdbc:oracle:thin:@host:port:SID
This format is for a fully configured Oracle client with Oracle Net, which is useful for non-TCP
n
configuration or Oracle RAC (real application clusters):
jdbc:oracle:thin:@tnsname
The following example is for an Oracle RAC with a thin driver, without the full Oracle client installed:
n
jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=rac1-vip)(PORT=1521))
(ADDRESS=(PROTOCOL=TCP)(HOST=rac2-vip)(PORT=1521))(LOAD_BALANCE=yes)(FAILOVER=ON)
(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=RAC.DBTEAM)(FAILOVER_MODE=(BACKUP=rac1)
(TYPE=SELECT)(METHOD=BASIC)))))
In this example, rac1-vip is first node virtual IP, rac2-vip is second node virtual IP, RAC.DBTEAM is RAC
DB service name, and rac1 is name of failover node.
For more information about JDBC URL formatting for Oracle databases, see the oracle.com Web site.
DNS Load Balancing Solutions and vCenter Server Datastore Naming
vCenter Server 5.x uses different internal identifiers for datastores than earlier versions of vCenter Server.
This change affects the way that you add shared NFS datastores to hosts and can affect upgrades to vCenter
Server 5.x.
vCenter Server versions before version 5.0 convert datastore host names to IP addresses. For example, if you
mount an NFS datastore by the name \\nfs-datastore\folder, pre-5.0 vCenter Server versions convert the
name nfs-datastore to an IP address like 10.23.121.25 before storing it. The original nfs-datastore name is
lost.
This conversion of host names to IP addresses causes a problem when DNS load balancing solutions are
used with vCenter Server. DNS load balancing solutions themselves replicate data and appear as a single
logical datastore. The load balancing happens during the datastore host name-to-IP conversion by resolving
the datastore host name to different IP addresses, depending on the load. This load balancing happens
outside vCenter Server and is implemented by the DNS server. In vCenter Server versions before version
5.0, features like vMotion do not work with such DNS load balancing solutions because the load balancing
causes one logical datastore to appear as several datastores. vCenter Server fails to perform vMotion
because it cannot recognize that what it sees as multiple datastores are actually a single logical datastore that
is shared between two hosts.
56 VMware, Inc.
Chapter 4 Preparing for the Upgrade to vCenter Server
To solve this problem, vCenter Server versions 5.0 and later do not convert datastore names to IP addresses
when you add datastores. This enables vCenter Server to recognize a shared datastore, but only if you add
the datastore to each host by the same datastore name. For example, vCenter Server does not recognize a
datastore as shared between hosts in the following cases.
The datastore is added by IP address to host1 and by hostname to host2.
n
The datastore is added by hostname to host1, and by hostname.vmware.com to host2.
n
For vCenter Server to recognize a datastore as shared, you must add the datastore by the same name to
every host.
Datastore Names and Upgrades to vCenter Server 5.x
In vCenter Server versions before version 5.0, vCenter Server database stores datastore paths in the old
format, as IP addresses. The upgrade to vCenter Server 5.x converts these paths to the new format. If you
use a DNS load balancing solution with shared datastores, before you upgrade to vCenter Server 5.x, make
sure that every shared datastore is mounted on each of its hosts with the same name.
The upgrade to vCenter Server 5.x might also fail from a lack of sufficient memory if you use a DNS load
balancing solution with shared datastores. In a large vCenter Server database, the conversion of datastore
paths to the new format can require a large amount of memory. See the VMware Knowledge Base article at
http://kb.vmware.com/kb/2015055.
About the vCenter Host Agent Pre-Upgrade Checker
The vCenter Host Agent Pre-Upgrade Checker produces a report showing known issues that might prevent
a successful upgrade of the vCenter Host Agent software.
To ensure a successful upgrade to vCenter Server 5.x, you must diagnose and fix any potential problems on
the managed ESX/ESXi hosts. You can run the vCenter Host Agent Pre-Upgrade Checker for in-place
upgrades from vCenter Server 4.x to vCenter Server 5.x.
vCenter Host Agent runs on all managed ESX/ESXi hosts. This software coordinates actions received from
vCenter Server. When you add a host to vCenter Server, the agent is installed on the physical ESX/ESXi host.
When you upgrade to vCenter Server 5.x, the agent residing on each ESX/ESXi host must be upgraded as
well.
During a vCenter Server upgrade, the existing agent software is uninstalled and the updated agent software
is installed in its place. If the upgrade fails, the updated agent software might not be installed and the host
might become unreachable by vCenter Server 4.x or 5.x. To avoid this condition, you can run the vCenter
Host Agent Pre-Upgrade Checker before you try to upgrade to vCenter Server 5.x.
The vCenter Host Agent Pre-Upgrade Checker checks to make sure that the agent software is ready to be
upgraded. Some of the checks include checking to make sure that the host is reachable, the disk space is
sufficient, the network is functioning, the file system is intact, and required patches are applied. Each time
you run the tool, the system queries VMware.com and downloads any new updates for the tool. This action
ensures that as new upgrade issues are discovered, the tool remains as useful as possible.
IMPORTANT A successful vCenter Host Agent pre-upgrade check does not guarantee a successful upgrade to
vCenter Server 5.x. An upgrade to vCenter Server involves multiple components, and the tool checks only
one component: the vCenter Host Agent. Also, the tool checks only known issues. Other issues might be
present that the tool does not check.
The vCenter Host Agent Pre-Upgrade Checker does not fix the reported issues. You must resolve the
reported issues manually and rerun the tool to verify that the issues are resolved.
For the procedure to run the vCenter Host Agent Pre-Upgrade Checker, see “Run the vCenter Host Agent
Pre-Upgrade Checker,” on page 58.
VMware, Inc. 57
vSphere Upgrade
Run the vCenter Host Agent Pre-Upgrade Checker
The vCenter Host Agent Pre-Upgrade Checker reports known issues that might prevent a successful
upgrade of the vCenter Host Agent software.
For more information about the vCenter Host Agent Pre-Upgrade Checker, see “About the vCenter Host
Agent Pre-Upgrade Checker,” on page 57.
Prerequisites
Verify that the ESX/ESXi hosts are managed by vCenter Server.
n
Verify that the vCenter Host Agent software is running on each managed ESX/ESXi host.
n
Verify that you have Internet connectivity from the vCenter Server system. This allows new updates to
n
be applied to the tool and allows you to view the reports and the Knowledge Base (KB) articles
associated with the reports.
Download the vCenter Server installer. See “Download the vCenter Server Installer,” on page 59.
n
Procedure
1 In the software installer directory, double-click the autorun.exe file to start the installer.
2 Select Host Agent Pre-Upgrade Checker and click Install.
3 Select the DSN for the vCenter Server system you are upgrading from and select the login credentials
that are appropriate for that DSN.
If you are not sure which credential type to select, check which authentication type is configured for the
DSN (Control Panel > Administrative Tools > ODBC Data Sources > System DSN).
4 If the DSN requires a login for the credential type in use, enter a user name and password and click
Next.
5 Select an option for scanning all hosts or specific hosts.
Option Action
Scan all of the hosts
Specify hosts to scan
Select Standard Mode and click Next.
a Select Custom Mode and click Next.
b Select the hosts to scan and click Next. To select all hosts in a cluster,
double-click the cluster.
6 Click Run Precheck.
The tool takes 30-40 seconds for each host.
7 When the check is complete, click Next.
8 View the pre-upgrade reports.
To view the report for an individual host, click the link next to the host name.
n
To view a summary report for all hosts, click View Report.
n
You have a list of issues to resolve before you upgrade.
What to do next
From the report, use the linked KB articles to research and resolve the issues for each host. After you resolve
the issues, rerun the vCenter Host Agent Pre-Upgrade Checker. Repeat this process until you resolve all the
reported issues, and proceed with your upgrade.
58 VMware, Inc.
Downtime During the vCenter Server Upgrade
When you upgrade vCenter Server, downtime is required for vCenter Server.
Expect downtime for vCenter Server as follows:
The upgrade requires vCenter Server to be out of production for 40-50 minutes, depending on the size
n
of the database. The database schema upgrade takes approximately 10-15 minutes of this time. This
estimate does not include host reconnection after the upgrade.
If Microsoft .NET Framework is not installed on the machine, a reboot is required before starting the
vCenter Server installation.
VMware Distributed Resource Scheduler does not work while the upgrade is in progress. VMware HA
n
does work during the upgrade.
Downtime is not required for the ESX/ESXi hosts that vCenter Server is managing, or for virtual machines
that are running on the hosts.
Download the vCenter Server Installer
Download the installer for vCenter Server, the vSphere Web Client, and associated vCenter components and
support tools.
Chapter 4 Preparing for the Upgrade to vCenter Server
Procedure
1 Download the vCenter Server installer from the VMware downloads page at
http://www.vmware.com/support/.
2 Confirm that the md5sum is correct.
See the VMware Web site topic Using MD5 Checksums at
http://www.vmware.com/download/md5.html.
Microsoft SQL Database Set to Unsupported Compatibility Mode Causes vCenter Server Installation or Upgrade to Fail
vCenter Server installation with a Microsoft SQL database fails when the database is set to compatibility
mode with an unsupported version.
Problem
The following error message appears: The DB User entered does not have the required permissions
needed to install and configure vCenter Server with the selected DB. Please correct the following
error(s): %s
Cause
The database version must be supported for vCenter Server. For SQL, even if the database is a supported
version, if it is set to run in compatibility mode with an unsupported version, this error occurs. For example,
if SQL 2008 is set to run in SQL 2000 compatibility mode, this error occurs.
Solution
Make sure the vCenter Server database is a supported version and is not set to compatibility mode with
u
an unsupported version. See the VMware Product Interoperability Matrixes at
http://partnerweb.vmware.com/comp_guide2/sim/interop_matrix.php?.
VMware, Inc. 59
vSphere Upgrade
60 VMware, Inc.
Upgrading vCenter Server 5
The vCenter Server upgrade includes a database schema upgrade and an upgrade of the vCenter Server
software.
vSphere 5.1 introduced vCenter Single Sign-On as part of the vCenter Server management infrastructure.
This change affects vCenter Server installation, upgrading, and operation. See “How vCenter Single Sign-On
Affects vCenter Server Upgrades,” on page 32.
This chapter includes the following topics:
“vCenter Server Upgrade and Sign-On Process for Environments that Do Not Include vCenter Single
n
Sign-On,” on page 62
“vCenter Server Upgrade and Sign-On Process for Environments with vCenter Single Sign-On,” on
n
page 64
“Use Simple Install to Upgrade vCenter Server and Required Components,” on page 65
n
“Use Custom Install to Upgrade Version 5.0.x and Earlier vCenter Server and Required Components,”
n
on page 69
“Use Custom Install to Upgrade a Basic vCenter Single Sign-On Deployment of Version 5.1.x vCenter
n
Server and Required Components,” on page 77
VMware, Inc.
“Use Custom Install to Upgrade vCenter Server from a Version 5.1.x High Availability vCenter Single
n
Sign-On Deployment,” on page 83
“Use Custom Install to Upgrade vCenter Server from a Version 5.1.x Multisite vCenter Single Sign-On
n
Deployment,” on page 92
“Add a vCenter Single Sign-On Identity Source,” on page 103
n
“Migrate vCenter Server and Components from a Windows Server 2003 Host,” on page 108
n
“vCenter Single Sign-On Installation Fails,” on page 117
n
“Updating vCenter Server with Service Packs,” on page 117
n
“Upgrading and Updating the vCenter Server Appliance,” on page 118
n
“Install or Upgrade vCenter Server Java Components Separately,” on page 122
n
“Install or Upgrade vCenter Server tc Server Separately,” on page 123
n
“vCenter Server Upgrade Fails When Unable to Stop Tomcat Service,” on page 123
n
61
Multiple
locations?
Yes
ID source
Simple Install
upgrade
Custom Install upgrade
Log in SSO and
add domain
Set default identity
source or include
domain in login
No
Yes
Done
Done
1 target
machine?
No
AD
localos
ID source
AD
localos
Add users to localos
or AD domain
vSphere Upgrade
vCenter Server Upgrade and Sign-On Process for Environments that Do Not Include vCenter Single Sign-On
The upgrade process differs based on several factors. Understand the complete upgrade, vCenter Single
Sign-On setup, and permission assignment process before you start. This topic explains how to perform the
upgrade and user management if you upgrade from vSphere 5.0 or earlier, which does not include vCenter
Single Sign-On.
If you are upgrading from vSphere 5.0 or earlier, your original environment does not include a vCenter
Single Sign-On server. How you perform the upgrade, and whether you are required to add identity sources
or assign permissions depends on your current environment and on what you intend to do, as shown in the
following illustration.
NOTE This topic focuses on the most frequently encountered upgrade cases. It does not include a discussion
of upgrading an installation that includes a vCenter Single Sign-On high availability deployment. See “Use
Custom Install to Upgrade vCenter Server from a Version 5.1.x High Availability vCenter Single Sign-On
Deployment,” on page 83..
Figure 5‑1. Upgrade and Sign In Process for Environments that Do Not Include vCenter Single Sign-On
The interaction proceeds as follows.
1 If your current environment is installed on different machines and potentially in different locations, it is
easiest to have the target environment use the same layout.
If your current environment is distributed over several machines or several location, you can
n
perform a Custom Install upgrade. (see step 4)
62 VMware, Inc.
Chapter 5 Upgrading vCenter Server
If your current environment is not distributed over several machines or several locations, you can
n
distribute the upgrade over multiple machines with a custom install (step 4) or continue placing all
vCenter components on the same machine (step 2).
2 If all vCenter Server components are on the same host machine, you can upgrade with Simple Install.
See “Use Simple Install to Upgrade vCenter Server and Required Components,” on page 65. After you
upgrade with the Simple Install process, local operating system users and the user
administrator@vsphere.local can authenticate.
If your environment was using only local operating system users, the localos identity source is
n
sufficient. You can log in to vCenter Server as administrator@vsphere.local or any local operating
system user who previously had permissions.
If your environment was using Active Directory to manage users and permissions, go to Step 3.
n
3 If your pre-upgrade environment used Active Directory to manage users and permissions, the Active
Directory domain is added to vCenter Single Sign-On as an identity source. Users who previously had
permissions to access vCenter Server objects continue to have those permissions.
Only one default identity source is supported with vSphere 5.5, and the Active Directory identity
source is initially not the default identity source. Users can log in only if they include the domain as
part of the login (DOMAIN\user).
You can log in to the vCenter Single Sign-On server as administrator@vsphere.local and make the
Active Directory domain the default identity source.
a Log in to the vCenter Single Sign-On server as administrator@vsphere.local and add the Active
Directory domain as an identity source. See “Add a vCenter Single Sign-On Identity Source,” on
page 103.
b Make the Active Directory domain the default identity source. Only one default identity source is
supported. Users from other domains can include the domain as part of the login (DOMAIN\user).
c Users who previously had permissions to access vCenter Server objects continue to have those
permissions.
4 If you decide to install vCenter Server services on different machines, you can use a Custom Install
upgrade process. See “Use Custom Install to Upgrade Version 5.0.x and Earlier vCenter Server and
Required Components,” on page 69.
a If your current environment supports only local operating system users, you must either make sure
those users are available as localos users on the machine where vCenter Single Sign-On is installed,
or you can add an Active Directory or OpenLDAP domain that includes those users.
b If your current environment supports an Active Directory domain, you can log in to the vCenter
Single Sign-On server as administrator@vsphere.local and add the Active Directory domain to
vCenter Single Sign-On. See “Add a vCenter Single Sign-On Identity Source,” on page 103.
c You can either set the default identity source or users who log in to vCenter Server can include the
domain name when they log in.
VMware, Inc. 63
Multiple
locations?
Yes
Simple Install
upgrade
Resynchronize
Set default identity
source or include
domain in log in
No
Yes
Done
Done
1 target
machine?
Only
localos
localos and AD
No
SSO
Multisite?
Custom Install
upgrade
No
Yes
ID source
vSphere Upgrade
vCenter Server Upgrade and Sign-On Process for Environments with vCenter Single Sign-On
The upgrade process differs based on several factors. Understand the complete upgrade, vCenter Single
Sign-On setup, and permission assignment process before you start. This topic explains how to perform the
upgrade and user management if you upgrade from vSphere 5.1.x, which includes an earlier version of
vCenter Single Sign-On.
If you are upgrading from vSphere 5.1.x, your original environment includes a vCenter Single Sign-On
server. How you perform the upgrade, and whether you are required to add identity sources or assign
permissions, depends on your current environment and on what you intend to do, as shown in the
following illustration.
NOTE This topic focuses on the most frequently encountered upgrade cases. It does not include a discussion
of upgrading an installation that includes a vCenter Single Sign-On high availability deployment. See “Use
Custom Install to Upgrade vCenter Server from a Version 5.1.x High Availability vCenter Single Sign-On
Deployment,” on page 83.
Figure 5‑2. Flowchart of vCenter Upgrade from Environments that Include vCenter Single Sign-On
The interaction proceeds as follows.
1 If your current environment is installed on different machines and potentially in different locations, it is
easiest to have the target environment use a similar layout.
64 VMware, Inc.
Chapter 5 Upgrading vCenter Server
With vSphere 5.5, multiple vCenter Server systems can use a single vCenter Single Sign-On system.
If your current environment uses vCenter Single Sign-On multisite, resynchronize your
n
environment. See Knowledge Base articles http://kb.vmware.com/kb/2042849 and
http://kb.vmware.com/kb/2038677, and start a Custom Install upgrade. See “Use Custom Install to
Upgrade Version 5.0.x and Earlier vCenter Server and Required Components,” on page 69.
Which users can access vCenter Single Sign-On and vCenter Server depends on the identity
sources that are defined before the upgrade. See step 3.
If your current environment does not use vCenter Single Sign-On multisite, you can distribute the
n
upgrade over multiple machines with a Custom Install or continue placing all vCenter services on
the same machine (step 2).
2 If all vCenter Server components are on the same host machine, you can upgrade with Simple Install.
See “Use Simple Install to Upgrade vCenter Server and Required Components,” on page 65. After you
upgrade with the Simple Install process, local operating system users and the user
administrator@vsphere.local can authenticate.
If your environment was using only local operating system users, the localos identity source is
n
sufficient. You can log in to vCenter Server as administrator@vsphere.local, or as any local
operating system user who previously had permissions.
NOTE Local operating users in embedded groups are no longer available. You can add those
groups explicitly.
If your environment was using an Active Directory or OpenLDAP identity source, those identity
n
sources are included with vCenter Single Sign-On after the upgrade, but they are not the default
identity source. Go to Step 3.
3 If your environment was using an Active Directory or OpenLDAP identity source.
Users in the default identity source (localos by default) can log in to vCenter Server if they had
n
permission to do so previously.
Users in other identity sources can log in to vCenter Server if they use the domain name and
n
password, for example, DOMAIN1\user1.
You can log in to vCenter Single Sign-On as administrator@vsphere.local to make the Active
n
Directory or OpenLDAP identity source the default identity source.
Use Simple Install to Upgrade vCenter Server and Required Components
vCenter Server versions 5.1 and later require the vCenter Single Sign-On and vCenter Inventory Service
components. Depending on your existing vCenter Server installation, you can use the Simple Install option
to upgrade to vCenter Server, including vCenter Single Sign-On, the vSphere Web Client, and Inventory
Service, all on a single host machine.
You can use Simple Install to upgrade vCenter Server if you have a version 4.x, 5.0.x, or 5.1.x vCenter Server
installation that is supported for upgrade, and all vCenter Server components in the installation you are
upgrading are on the same host machine. See the VMware Product Interoperability Matrix at
http://www.vmware.com/resources/compatibility/sim/interop_matrix.php. Depending on the version you
are upgrading from, the Simple Install option installs or upgrades Single Sign-On, and upgrades the
vSphere Web Client, Inventory Service, and vCenter Server.
VMware, Inc. 65
vSphere Upgrade
Alternatively, you can upgrade vCenter Server components separately, for installations in which the
location and configuration of the components is customized. See “Use Custom Install to Upgrade a Basic
vCenter Single Sign-On Deployment of Version 5.1.x vCenter Server and Required Components,”
on page 77, “Use Custom Install to Upgrade vCenter Server from a Version 5.1.x High Availability vCenter
Single Sign-On Deployment,” on page 83, or “Use Custom Install to Upgrade vCenter Server from a
Version 5.1.x Multisite vCenter Single Sign-On Deployment,” on page 92.
Prerequisites
See “Prerequisites for the vCenter Server Upgrade,” on page 48.
Procedure
1 Install or Upgrade vCenter Single Sign-On and the vSphere Web Client as Part of a vCenter Server
2 Upgrade vCenter Inventory Service as Part of vCenter Server Simple Install on page 67
3 Upgrade vCenter Server as Part of a Simple Install on page 68
Simple Install on page 66
Create or upgrade the only node in a basic, Simple Install vCenter Single Sign-On installation, and
install or upgrade the vSphere Web Client and vCenter Inventory Service.
You can Install or upgrade vCenter Single Sign-On, the vSphere Web Client, vCenter Inventory
Service, and vCenter Server together on a single host machine using the vCenter Server Simple Install
option.
You can upgrade vCenter Server as part of a Simple Install after you install vCenter Single Sign-On,
upgrade the vSphere Web Client, and upgrade Inventory Service.
Install or Upgrade vCenter Single Sign-On and the vSphere Web Client as Part of a vCenter Server Simple Install
Create or upgrade the only node in a basic, Simple Install vCenter Single Sign-On installation, and install or
upgrade the vSphere Web Client and vCenter Inventory Service.
If you are upgrading a vCenter Server deployment that includes vCenter Single Sign-On, this procedure
upgrades the existing vCenter Single Sign-On instance, and does not include all the steps listed below for a
new installation.
You can use Simple Install for the first vCenter Single Sign-On and vCenter Server in a deployment with
multiple vCenter Servers. Succeeding instances of vCenter Single Sign-On and vCenter Server in the same
deployment must be installed by using Custom Install. For more information about vCenter Single Sign-On,
see “How vCenter Single Sign-On Affects vCenter Server Upgrades,” on page 32 and the vSphere Security
documentation.
NOTE vCenter Server 5.5 supports connection between vCenter Server and vCenter Server components by
IP address only if the IP address is IPv4-compliant. To connect to a vCenter Server system in an IPv6
environment, you must use the fully qualified domain name (FQDN) or host name of the vCenter Server.
The best practice is to use the FQDN, which works in all cases, instead of the IP address, which can change if
assigned by DHCP.
Prerequisites
See “Prerequisites for the vCenter Server Upgrade,” on page 48.
n
Download the vCenter Server installer. See “Download the vCenter Server Installer,” on page 59.
n
Procedure
1 In the software installer directory, double-click the autorun.exe file to start the installer.
2 Select vCenter™ Simple Install, and click Install.
66 VMware, Inc.
Chapter 5 Upgrading vCenter Server
3 Follow the prompts in the installation wizard to choose the installer language, and agree to the end user
patent and license agreements.
4 If the prerequisites check screen shows any problems, cancel the installation, correct the problems, and
restart the installer.
5 Set the password for the vCenter Single Sign-On administrator account.
This is the password for the user administrator@vsphere.local. vsphere.local is a new domain that is
created by vCenter Single Sign-On. After installation, you can log in to vCenter Single Sign-On and in to
vCenter Server as adminstrator@vsphere.local.
By default, the password must have at least eight characters, at least one lowercase character, one
uppercase character, one number, and one special character. See the vSphere Security documentation for
information about changing the password policy. The following characters are not supported in
passwords: non-ASCII characters, semicolon (;), double quotation mark ("), single quotation mark ('),
circumflex (^), and backslash (\).
6 Enter the site name for vCenter Single Sign-On.
Choose your own name for the vCenter Single Sign-On site.
7 Accept or change the HTTPS port for vCenter Single Sign-On.
8 Select the folder in which to install vCenter Single Sign-On.
The installation path cannot contain any of the following characters: non-ASCII characters, commas (,),
periods (.), exclamation points (!), pound signs (#), at signs (@), or percentage signs (%).
9 Review the installation options and click Install.
The vCenter Single Sign-On installation or upgrade begins. When the vCenter Single Sign-On installation or
upgrade is complete, the installer proceeds with the vSphere Web Client and vCenter Inventory Service
installations or upgrades.
No input is required for a Simple Install upgrade of the vSphere Web Client.
NOTE After each component is installed or upgraded, the installer might take a few minutes to start the
installer for the next component.
Upgrade vCenter Inventory Service as Part of vCenter Server Simple Install
You can Install or upgrade vCenter Single Sign-On, the vSphere Web Client, vCenter Inventory Service, and
vCenter Server together on a single host machine using the vCenter Server Simple Install option.
Procedure
1 Choose whether to keep the existing database or replace it with a new empty database.
2 Click Install.
Inventory Service is upgraded, and the vCenter Server upgrade wizard starts.
What to do next
Upgrade vCenter Server. Proceed to “Upgrade vCenter Server as Part of a Simple Install,” on page 68.
VMware, Inc. 67
vSphere Upgrade
Upgrade vCenter Server as Part of a Simple Install
You can upgrade vCenter Server as part of a Simple Install after you install vCenter Single Sign-On,
upgrade the vSphere Web Client, and upgrade Inventory Service.
This procedure continues the vCenter Server upgrade using Simple Install from the subtask “Upgrade
vCenter Inventory Service as Part of vCenter Server Simple Install,” on page 67. If the upgrade fails, no
automatic rollback occurs to the previous vCenter Server version.
NOTE vCenter Server 5.5 supports connection between vCenter Server and vCenter Server components by
IP address only if the IP address is IPv4-compliant. To connect to a vCenter Server system in an IPv6
environment, you must use the fully qualified domain name (FQDN) or host name of the vCenter Server.
The best practice is to use the FQDN, which works in all cases, instead of the IP address, which can change if
assigned by DHCP.
Prerequisites
See “Prerequisites for the vCenter Server Upgrade,” on page 48.
n
Procedure
1 (Optional) Enter your license key.
IMPORTANT If you do not enter a license key, your license will expire. After the installation, you can
connect to the vCenter Server and reenter the license key.
2 Enter or confirm your database credentials.
3 Select whether to upgrade the vCenter Server database.
Select Upgrade existing vCenter Server database to continue with the upgrade to vCenter Server.
n
Select Do not upgrade existing vCenter Server database if you do not have a backup copy of your
n
database.
You cannot continue the upgrade.
4 Click I have taken a backup of the existing vCenter Server database and SSL certificates.
5 Select how to upgrade vCenter Agent.
Option Description
Automatic
Manual
To automatically upgrade vCenter Agent on all the hosts in the vCenter
Server inventory.
If one of the following applies:
You need to control the timing of vCenter Agent upgrades on specific
n
hosts.
vCenter Agent is installed on each host in the inventory to enable
n
vCenter Server to manage the host. vCenter Agent must be upgraded
when vCenter Server is upgraded.
vCenter Agent is installed on each host in the inventory to enable vCenter Server to manage the host.
vCenter Agent must be upgraded when vCenter Server is upgraded.
68 VMware, Inc.
Chapter 5 Upgrading vCenter Server
6 Select the account for the vCenter Service to run in.
Option Description
SYSTEM Account
User-specified account
Select the Use Windows Local System Account check box, type the fully
qualified domain name of the vCenter Server host, and click Next. You
cannot use the Use Windows Local System Account account if you are
using the bundled database or SQL Server with Windows authentication.
Deselect the Use Windows Local System Account check box, type the
account password and the fully qualified domain name of the vCenter
Server host, and click Next.
7 Accept or change the port numbers to connect to vCenter Server.
8 (Optional) Select Increase the number of available ephemeral ports.
9 Select the size of your vCenter Server inventory to allocate memory for several Java services that are
used by vCenter Server.
This setting determines the maximum JVM heap settings for VMware VirtualCenter Management
Webservices (Tomcat), Inventory Service, and Profile-Driven Storage Service. You can adjust this
setting after installation if the number of hosts in your environment changes. See the recommendations
in the topic vCenter Server Hardware Requirements.
10 Click Install.
The vCenter Simple Install is complete.
Use Custom Install to Upgrade Version 5.0.x and Earlier vCenter Server and Required Components
You can upgrade vCenter Server and other vCenter components separately to customize the location and
configuration of each component.
This procedure upgrades vCenter Server versions 5.0.x and earlier, which do not include vCenter Single
Sign-On. If you are upgrading vCenter Server 5.1.x, see one of the following procedures:
“Use Custom Install to Upgrade a Basic vCenter Single Sign-On Deployment of Version 5.1.x vCenter
n
Server and Required Components,” on page 77.
“Use Custom Install to Upgrade vCenter Server from a Version 5.1.x High Availability vCenter Single
n
Sign-On Deployment,” on page 83.
“Use Custom Install to Upgrade vCenter Server from a Version 5.1.x Multisite vCenter Single Sign-On
n
Deployment,” on page 92.
For most basic vCenter Single Sign-On deployments, if all components are on the same host machine, you
can upgrade vCenter Single Sign-On, the vSphere Web Client, Inventory Service, and vCenter Server
together on a single host machine using the vCenter Server Simple Install option.
See “Use Simple Install to Upgrade vCenter Server and Required Components,” on page 65.
NOTE vCenter Server 5.5 supports connection between vCenter Server and vCenter Server components by
IP address only if the IP address is IPv4-compliant. To connect to a vCenter Server system in an IPv6
environment, you must use the fully qualified domain name (FQDN) or host name of the vCenter Server.
The best practice is to use the FQDN, which works in all cases, instead of the IP address, which can change if
assigned by DHCP.
Prerequisites
Review Chapter 4, “Preparing for the Upgrade to vCenter Server,” on page 31.
n
See “Prerequisites for the vCenter Server Upgrade,” on page 48
n
VMware, Inc. 69
vSphere Upgrade
Procedure
1 Install the First or Only vCenter Single Sign-On Instance in a vCenter Server Deployment on page 70
2 (Optional) Install an Additional vCenter Single Sign-On Node at an Existing Site on page 72
3 (Optional) Install an Additional vCenter Single Sign-On Node at a New Site on page 72
4 Install or Upgrade the vSphere Web Client on page 73
5 Upgrade vCenter Inventory Service Separately by Using Custom Install on page 74
Create the only vCenter Single Sign-On instance in a basic vCenter Single Sign-On installation or the
first vCenter Single Sign-On instance in a deployment with multiple vCenter Single Sign-On instances.
Create an additional vCenter Single Sign-On node at an existing vCenter Single Sign-On installation.
An additional vCenter Single Sign-On node might be useful if your deployment includes multiple
vCenter Server instances.
Create an additional vCenter Single Sign-On node for a multisite vCenter Single Sign-On installation.
An additional node can be useful if you need multiple vCenter Server instances in different locations.
Authentication information is replicated between vCenter single Sign-On instances that are related.
The vSphere Web Client lets you connect to a vCenter Server system to manage your vSphere
deployment through a browser.
You can use Custom Install to upgrade vCenter Single Sign-On, vCenter Inventory Service, and
vCenter Server separately to customize the location and configuration of the components.
6 Upgrade vCenter Server Separately by Using Custom Install on page 75
You can upgrade vCenter Server separately after installing vCenter Single Sign-On, and upgrading
Inventory Service.
Install the First or Only vCenter Single Sign-On Instance in a vCenter Server Deployment
Create the only vCenter Single Sign-On instance in a basic vCenter Single Sign-On installation or the first
vCenter Single Sign-On instance in a deployment with multiple vCenter Single Sign-On instances.
These instructions let you install or upgrade vCenter Single Sign-On only. You must install or upgrade
vCenter Single Sign-On and upgrade Inventory Service before upgrading vCenter Server. For most
deployments, you can install vCenter Single Sign-On, the vSphere Web Client, vCenter Inventory Service,
and vCenter Server together on a single host machine by using vCenter Server Simple Install. See “vCenter
Single Sign-On Deployment Modes,” on page 33 and “Use Simple Install to Upgrade vCenter Server and
Required Components,” on page 65.
For more information about vCenter Single Sign-On, see “How vCenter Single Sign-On Affects vCenter
Server Upgrades,” on page 32and the vSphere Security documentation.
NOTE vCenter Server 5.5 supports connection between vCenter Server and vCenter Server components by
IP address only if the IP address is IPv4-compliant. To connect to a vCenter Server system in an IPv6
environment, you must use the fully qualified domain name (FQDN) or host name of the vCenter Server.
The best practice is to use the FQDN, which works in all cases, instead of the IP address, which can change if
assigned by DHCP.
Prerequisites
Review “vCenter Single Sign-On Deployment Modes,” on page 33.
n
Review “How vCenter Single Sign-On Affects vCenter Server Upgrades,” on page 32.
n
See “Prerequisites for the vCenter Server Upgrade,” on page 48
n
Download the vCenter Server installer. See “Download the vCenter Server Installer,” on page 59.
n
70 VMware, Inc.
Chapter 5 Upgrading vCenter Server
Procedure
1 In the software installer directory, double-click the autorun.exe file to start the installer.
2 Select vCenter Single Sign-On and click Install.
3 Follow the prompts in the installation wizard to choose the installer language, and agree to the end user
patent and license agreements.
4 If the prerequisites check screen shows any problems, cancel the installation, correct the problems, and
restart the installer.
5 Set the password for the vCenter Single Sign-On administrator account.
This is the password for the user administrator@vsphere.local. vsphere.local is a new domain that is
created by vCenter Single Sign-On. After installation, you can log in to vCenter Single Sign-On and in to
vCenter Server as adminstrator@vsphere.local.
By default, the password must have at least eight characters, at least one lowercase character, one
uppercase character, one number, and one special character. See the vSphere Security documentation for
information about changing the password policy. The following characters are not supported in
passwords: non-ASCII characters, semicolon (;), double quotation mark ("), single quotation mark ('),
circumflex (^), and backslash (\).
6 Accept or change the HTTPS port for vCenter Single Sign-On.
7 Select the deployment mode vCenter Single Sign-On for your first vCenter Server.
8 Enter the site name for vCenter Single Sign-On.
Choose your own name for the vCenter Single Sign-On site.
9 Review the installation options and click Install.
vCenter Single Sign-On is installed.
After vCenter Single Sign-On is installed or upgraded, the following default identity sources and users are
available:
localos
All local operating system users. These users can be granted permissions to
vCenter Server. If you are upgrading, those users who already have
permissions keep those permissions.
vsphere.local
Contains all users who have administrator access to the vCenter Single SignOn server. Initially, only the user administrator is defined.
What to do next
To deploy vCenter Server with multiple vCenter Single Sign-On instances, install an additional vCenter
Single Sign-On at an existing or new site. See “(Optional) Install an Additional vCenter Single Sign-On Node
at an Existing Site,” on page 72 or “(Optional) Install an Additional vCenter Single Sign-On Node at a New
Site,” on page 72. If your vCenter Server deployment requires only one vCenter Single-Sign-On instance,
install the vSphere Web Client. See “Install or Upgrade the vSphere Web Client,” on page 126.
To add other identity sources, such as a native Active Directory (Integrated Windows Authentication)
domain or an OpenLDAP directory service, see “Add a vCenter Single Sign-On Identity Source,” on
page 103.
VMware, Inc. 71
vSphere Upgrade
(Optional) Install an Additional vCenter Single Sign-On Node at an Existing Site
Create an additional vCenter Single Sign-On node at an existing vCenter Single Sign-On installation. An
additional vCenter Single Sign-On node might be useful if your deployment includes multiple vCenter
Server instances.
Prerequisites
Review “vCenter Single Sign-On Deployment Modes,” on page 33.
n
See “Prerequisites for the vCenter Server Upgrade,” on page 48.
n
Install the first node in the vCenter Single Sign-On installation. See “Install the First or Only vCenter
n
Single Sign-On Instance in a vCenter Server Deployment,” on page 70.
Procedure
1 In the software installer directory, double-click the autorun.exe file to start the installer.
2 Select vCenter Single Sign-On and click Install.
3 Follow the prompts in the installation wizard to choose the installer language, and agree to the end user
patent and license agreements.
4 Accept or change the HTTPS port for vCenter Single Sign-On.
5 Select the deployment mode vCenter Single Sign-On for an additional vCenter Server in an existing
site.
6 Enter the information to point this additional node to the first vCenter Single Sign-On server.
NOTE If the primary node is in a high-availability cluster, enter the address of the primary node load
balancer.
a Enter the Partner host name.
The partner host name is the DNS name of the existing vCenter Single Sign-On server to replicate
from.
b Enter the password for the vCenter Single Sign-On administrator account of the existing vCenter
Single Sign-On server (administrator@vsphere.local).
7 Select an existing site as the partner or enter a new site.
8 Click Install.
(Optional) Install an Additional vCenter Single Sign-On Node at a New Site
Create an additional vCenter Single Sign-On node for a multisite vCenter Single Sign-On installation. An
additional node can be useful if you need multiple vCenter Server instances in different locations.
Authentication information is replicated between vCenter single Sign-On instances that are related.
Prerequisites
Review “vCenter Single Sign-On Deployment Modes,” on page 33.
n
See “Prerequisites for the vCenter Server Upgrade,” on page 48.
n
Install the first node in the vCenter Single Sign-On installation. See “Install the First or Only vCenter
n
Single Sign-On Instance in a vCenter Server Deployment,” on page 70.
Procedure
1 In the software installer directory, double-click the autorun.exe file to start the installer.
72 VMware, Inc.
Chapter 5 Upgrading vCenter Server
2 Select vCenter Single Sign-On and click Install.
3 Follow the prompts in the installation wizard to choose the installer language, and agree to the end user
patent and license agreements.
4 Accept or change the HTTPS port for vCenter Single Sign-On.
5 Select the deployment mode vCenter Single Sign-On for an additional vCenter Server with a new
site.
6 Enter the information to point this additional node to the first vCenter Single Sign-On server.
NOTE If the primary node is in a high-availability cluster, enter the address of the primary node load
balancer.
a Enter the Partner host name.
The partner host name is the DNS name of the existing vCenter Single Sign-On server to replicate
from.
b Enter the password for the vCenter Single Sign-On administrator account of the existing vCenter
Single Sign-On server (administrator@vsphere.local).
7 Select an existing site as the partner or enter a new site.
8 Click Install.
The additional vCenter Single Sign-On server is installed.
What to do next
Repeat this procedure for each additional node.
Install or Upgrade the vSphere Web Client
The vSphere Web Client lets you connect to a vCenter Server system to manage your vSphere deployment
through a browser.
If an earlier version of the vSphere Web Client is installed, this procedure upgrades the vSphere Web Client.
NOTE vCenter Server 5.5 supports connection between vCenter Server and vCenter Server components by
IP address only if the IP address is IPv4-compliant. To connect to a vCenter Server system in an IPv6
environment, you must use the fully qualified domain name (FQDN) or host name of the vCenter Server.
The best practice is to use the FQDN, which works in all cases, instead of the IP address, which can change if
assigned by DHCP.
Prerequisites
Download the vCenter Server installer. See “Download the vCenter Server Installer,” on page 59.
n
Verify that the system has an Internet connection.
n
Verify that the system meets the software requirements for the vSphere Web Client. See “vSphere Web
n
Client Software Requirements,” on page 24.
Before you install or upgrade any vSphere product, synchronize the clocks of all machines on the
n
vSphere network. See “Synchronizing Clocks on the vSphere Network,” on page 53.
Install vCenter Single Sign-On, or upgrade to the current version.
n
Verify that the vSphere Web Client and vCenter Server are registered to the same vCenter Single Sign-
n
On server, to ensure that the vSphere Web Client can access the vCenter Server inventory.
Close all browsers before installing or uninstalling the vSphere Web Client.
n
VMware, Inc. 73
vSphere Upgrade
n
Procedure
1 In the software installer directory, double-click the autorun.exe file to start the installer.
2 Select vSphere Web Client and click Install.
3 Follow the prompts in the installation wizard to choose the installer language, and agree to the end user
4 Either accept the default destination folder or click Change to select another location.
5 Accept or change the default port settings.
6 Enter the information to register the vSphere Web Client with vCenter Single Sign-On.
Log in as a member of the Administrators group on the host machine, with a user name that does not
contain any non-ASCII characters.
patent and license agreements.
The installation path cannot contain any of the following characters: non-ASCII characters, commas (,),
periods (.), exclamation points (!), pound signs (#), at signs (@), or percentage signs (%).
If 8.3 name creation is disabled on the host machine, do not install the vSphere Web Clientin a directory
that does not have an 8.3 short name or has a name that contains spaces. This situation will make the
vSphere Web Client inaccessible.
The vCenter Single Sign-On administrator user name is administrator@vsphere.local, and the password
must match the password you entered for the administrator user when you installed vCenter Single
Sign-On. The Lookup Service URL takes the form https://SSO_host_FQDN_or_IP:
7444/lookupservice/sdk, where 7444 is the default vCenter Single Sign-On HTTPS port number. Your
entry should match the entry you made when you installed vCenter Single Sign-On. If you entered a
different port number when you installed vCenter Single Sign-On, use that port number.
7 Click Install.
8 Start the vSphere Web Client by taking one of the following actions.
If you are starting the vSphere Web Client for the first time, open a supported browser, and go to
n
https://vSphere_Web_Client_host_name_or_IP:9443/vsphere-client.
In subsequent sessions, you can start the vSphere Web Client from the Windows Start menu, by
n
selecting Programs > VMware > VMware vSphere Web Client > vSphere Web Client.
NOTE After you upgrade the vSphere Web Client, when you log in for the first time, you may see the
error message Failed to navigate to desired location. This can happen when a vSphere Web Client
session from the previous version remains open when you upgrade. In this case, refresh the browser
and log in again.
Upgrade vCenter Inventory Service Separately by Using Custom Install
You can use Custom Install to upgrade vCenter Single Sign-On, vCenter Inventory Service, and vCenter
Server separately to customize the location and configuration of the components.
These instructions upgrade vCenter Inventory Service only. You must install or upgrade vCenter Single
Sign-On before upgrading Inventory Service and vCenter Server.
NOTE vCenter Server 5.5 supports connection between vCenter Server and vCenter Server components by
IP address only if the IP address is IPv4-compliant. To connect to a vCenter Server system in an IPv6
environment, you must use the fully qualified domain name (FQDN) or host name of the vCenter Server.
The best practice is to use the FQDN, which works in all cases, instead of the IP address, which can change if
assigned by DHCP.
74 VMware, Inc.
Chapter 5 Upgrading vCenter Server
Prerequisites
Review “vCenter Single Sign-On Deployment Modes,” on page 33.
n
Review “How vCenter Single Sign-On Affects vCenter Server Upgrades,” on page 32.
n
See “Prerequisites for the vCenter Server Upgrade,” on page 48
n
Download the vCenter Server Installer.
n
Upgrade vCenter Single Sign-On.
n
Procedure
1 In the software installer directory, double-click the autorun.exe file to start the installer.
2 Select vCenter Inventory Service and click Install.
3 Follow the prompts in the installation wizard to choose the installer language, and agree to the end user
patent and license agreements.
4 If you are upgrading or reinstalling an existing instance of Inventory Service, choose whether to keep
the existing database or replace it with a new empty database.
5 Click Install.
Inventory Service is upgraded.
Upgrade vCenter Server Separately by Using Custom Install
You can upgrade vCenter Server separately after installing vCenter Single Sign-On, and upgrading
Inventory Service.
Alternatively, you can upgrade vCenter Server as part of a Simple Install. See “Use Simple Install to
Upgrade vCenter Server and Required Components,” on page 65 and “How vCenter Single Sign-On Affects
vCenter Server Upgrades,” on page 32.
This procedure requires downtime for the vCenter Server that you are upgrading. You do not need to turn
off virtual machines.
If an earlier version of vCenter Server is on your machine, the vCenter Server installer detects and upgrades
it. If the upgrade fails, no automatic rollback occurs to the previous vCenter Server version.
NOTE vCenter Server 5.5 supports connection between vCenter Server and vCenter Server components by
IP address only if the IP address is IPv4-compliant. To connect to a vCenter Server system in an IPv6
environment, you must use the fully qualified domain name (FQDN) or host name of the vCenter Server.
The best practice is to use the FQDN, which works in all cases, instead of the IP address, which can change if
assigned by DHCP.
Prerequisites
Review “vCenter Single Sign-On Deployment Modes,” on page 33.
n
Review “How vCenter Single Sign-On Affects vCenter Server Upgrades,” on page 32.
n
See “Prerequisites for the vCenter Server Upgrade,” on page 48
n
Install vCenter Single Sign-On and Inventory Service.
n
Procedure
1 In the software installer directory, double-click the autorun.exe file to start the installer.
2 Select vCenter Server and click Install.
VMware, Inc. 75
vSphere Upgrade
3 Follow the prompts in the installation wizard to choose the installer language, and agree to the end user
4 Enter or confirm your database credentials.
5 Select whether to upgrade the vCenter Server database.
6 Click I have taken a backup of the existing vCenter Server database and SSL certificates.
7 Select how to upgrade vCenter Agent.
patent and license agreements.
Select Upgrade existing vCenter Server database to continue with the upgrade to vCenter Server.
n
Select Do not upgrade existing vCenter Server database if you do not have a backup copy of your
n
database.
You cannot continue the upgrade.
Option Description
Automatic
Manual
To automatically upgrade vCenter Agent on all the hosts in the vCenter
Server inventory.
If one of the following applies:
You need to control the timing of vCenter Agent upgrades on specific
n
hosts.
vCenter Agent is installed on each host in the inventory to enable
n
vCenter Server to manage the host. vCenter Agent must be upgraded
when vCenter Server is upgraded.
vCenter Agent is installed on each host in the inventory to enable vCenter Server to manage the host.
vCenter Agent must be upgraded when vCenter Server is upgraded.
8 Select the account for the vCenter Service to run in.
Option Description
SYSTEM Account
User-specified account
Select the Use Windows Local System Account check box, type the fully
qualified domain name of the vCenter Server host, and click Next. You
cannot use the Use Windows Local System Account account if you are
using the bundled database or SQL Server with Windows authentication.
Deselect the Use Windows Local System Account check box, type the
account password and the fully qualified domain name of the vCenter
Server host, and click Next.
9 Accept or change the port numbers to connect to vCenter Server.
10 (Optional) Select Increase the number of available ephemeral ports.
11 Select the size of your vCenter Server inventory to allocate memory for several Java services that are
used by vCenter Server.
This setting determines the maximum JVM heap settings for VMware VirtualCenter Management
Webservices (Tomcat), Inventory Service, and Profile-Driven Storage Service. You can adjust this
setting after installation if the number of hosts in your environment changes. See the recommendations
in the topic vCenter Server Hardware Requirements.
76 VMware, Inc.
Chapter 5 Upgrading vCenter Server
12 Enter the information to register vCenter Server with vCenter Single Sign-On.
The vCenter Single Sign-On administrator user name is administrator@vsphere.local, and the password
must match the password you entered when you installed vCenter Single Sign-On. The Lookup Service
URL takes the form https://SSO_host_FQDN_or_IP:7444/lookupservice/sdk, where 7444 is the default
vCenter Single Sign-On HTTPS port number. Your entry should match the entry you made when you
installed vCenter Single Sign-On. If you entered a different port number when you installed vCenter
Single Sign-On, use that port number.
NOTE If you installed vCenter Single Sign-On in a vCenter Server Appliance, you can enter the vCenter
Single Sign-On administrator user as root@localos. In this case, the password is the root password of the
vCenter Server Appliance. The Lookup Service URL takes the form
https://vCenter_Appliance_IP_or_host_name:{7444}/lookupservice/sdk.
13 Enter the Inventory Service URL.
The Inventory Service URL takes the form https://Inventory_Service_host_FQDN_or_IP:10443. 10443 is
the default Inventory Service HTTPS port number. If you entered a different port number when you
installed Inventory Service, use that port number here.
14 Click Install.
Installation might take several minutes. Multiple progress bars appear during the installation of the
selected components.
What to do next
Review the topics in Chapter 6, “After You Upgrade vCenter Server,” on page 125 for other postupgrade
actions you might want to take.
Use Custom Install to Upgrade a Basic vCenter Single Sign-On Deployment of Version 5.1.x vCenter Server and Required Components
You can upgrade vCenter and components separately to customize the location and configuration of the
components. The basic vCenter Single Sign-On deployment contains only one vCenter Single Sign-On node.
For most basic vCenter Single Sign-On deployments, with all components on the same host machine, you
can upgrade vCenter Single Sign-On, the vSphere Web Client, vCenter Inventory Service, and vCenter
Server together on a single host machine using the vCenter Server Simple Install option.
See “Use Simple Install to Upgrade vCenter Server and Required Components,” on page 65.
NOTE vCenter Server 5.5 supports connection between vCenter Server and vCenter Server components by
IP address only if the IP address is IPv4-compliant. To connect to a vCenter Server system in an IPv6
environment, you must use the fully qualified domain name (FQDN) or host name of the vCenter Server.
The best practice is to use the FQDN, which works in all cases, instead of the IP address, which can change if
assigned by DHCP.
Prerequisites
Review the topics in Chapter 4, “Preparing for the Upgrade to vCenter Server,” on page 31.
n
See “Prerequisites for the vCenter Server Upgrade,” on page 48
n
Procedure
1 Install or Upgrade vCenter Single Sign-On in a Basic Deployment on page 78
Create or upgrade vCenter Single Sign-On in a vCenter Single Sign-On installation.
VMware, Inc. 77
vSphere Upgrade
2 Install or Upgrade the vSphere Web Client on page 79
The vSphere Web Client lets you connect to a vCenter Server system to manage your vSphere
deployment through a browser.
3 Upgrade vCenter Inventory Service Separately by Using Custom Install on page 81
You can use Custom Install to upgrade vCenter Single Sign-On, vCenter Inventory Service, and
vCenter Server separately to customize the location and configuration of the components.
4 Upgrade vCenter Server Separately by Using Custom Install on page 81
You can upgrade vCenter Server separately after installing vCenter Single Sign-On, and upgrading
Inventory Service.
Install or Upgrade vCenter Single Sign-On in a Basic Deployment
Create or upgrade vCenter Single Sign-On in a vCenter Single Sign-On installation.
These instructions let you install or upgrade vCenter Single Sign-On only. You must install or upgrade
vCenter Single Sign-On and upgrade Inventory Service before upgrading vCenter Server. For most
deployments, you can install vCenter Single Sign-On, the vSphere Web Client, vCenter Inventory Service,
and vCenter Server together on a single host machine by using vCenter Server Simple Install. See “vCenter
Single Sign-On Deployment Modes,” on page 33 and “Use Simple Install to Upgrade vCenter Server and
Required Components,” on page 65.
For more information about vCenter Single Sign-On, see “How vCenter Single Sign-On Affects vCenter
Server Upgrades,” on page 32 and the vSphere Security documentation.
NOTE vCenter Server 5.5 supports connection between vCenter Server and vCenter Server components by
IP address only if the IP address is IPv4-compliant. To connect to a vCenter Server system in an IPv6
environment, you must use the fully qualified domain name (FQDN) or host name of the vCenter Server.
The best practice is to use the FQDN, which works in all cases, instead of the IP address, which can change if
assigned by DHCP.
Prerequisites
Review “vCenter Single Sign-On Deployment Modes,” on page 33.
n
Review “How vCenter Single Sign-On Affects vCenter Server Upgrades,” on page 32.
n
See “Prerequisites for the vCenter Server Upgrade,” on page 48
n
Download the vCenter Server installer. See “Download the vCenter Server Installer,” on page 59.
n
Procedure
1 In the software installer directory, double-click the autorun.exe file to start the installer.
2 Select vCenter Single Sign-On and click Install.
3 Follow the prompts in the installation wizard to choose the installer language, and agree to the end user
patent and license agreements.
4 If the prerequisites check screen shows any problems, cancel the installation, correct the problems, and
restart the installer.
5 If you are installing a new instance of vCenter Single Sign-On, proceed to Step 6Step 7. If you are
upgrading an existing installation of vCenter Single Sign-On, take the following steps:
a Enter the password for the vCenter Single Sign-On administrator account.
b Proceed to Step 10.
78 VMware, Inc.
Chapter 5 Upgrading vCenter Server
6 Set the password for the vCenter Single Sign-On administrator account.
This is the password for the user administrator@vsphere.local. vsphere.local is a new domain that is
created by vCenter Single Sign-On. After installation, you can log in to vCenter Single Sign-On and in to
vCenter Server as adminstrator@vsphere.local.
By default, the password must have at least eight characters, at least one lowercase character, one
uppercase character, one number, and one special character. See the vSphere Security documentation for
information about changing the password policy. The following characters are not supported in
passwords: non-ASCII characters, semicolon (;), double quotation mark ("), single quotation mark ('),
circumflex (^), and backslash (\).
7 Accept or change the HTTPS port for vCenter Single Sign-On.
8 Select the deployment mode vCenter Single Sign-On for your first vCenter Server.
9 Enter the site name for vCenter Single Sign-On.
Choose your own name for the vCenter Single Sign-On site.
10 Review the installation options and click Install.
vCenter Single Sign-On is installed or upgraded.
After vCenter Single Sign-On is installed or upgraded, the following default identity sources and users are
available:
localos
All local operating system users. These users can be granted permissions to
vCenter Server. If you are upgrading, those users who already have
permissions keep those permissions.
vsphere.local
Contains all users who have administrator access to the vCenter Single SignOn server. Initially, only the user administrator is defined.
To add other identity sources, such as a native Active Directory (Integrated Windows Authentication)
domain or an OpenLDAP directory service, see “Add a vCenter Single Sign-On Identity Source,” on
page 103.
What to do next
Upgrade the vSphere Web Client. See “Install or Upgrade the vSphere Web Client,” on page 126.
Install or Upgrade the vSphere Web Client
The vSphere Web Client lets you connect to a vCenter Server system to manage your vSphere deployment
through a browser.
If an earlier version of the vSphere Web Client is installed, this procedure upgrades the vSphere Web Client.
NOTE vCenter Server 5.5 supports connection between vCenter Server and vCenter Server components by
IP address only if the IP address is IPv4-compliant. To connect to a vCenter Server system in an IPv6
environment, you must use the fully qualified domain name (FQDN) or host name of the vCenter Server.
The best practice is to use the FQDN, which works in all cases, instead of the IP address, which can change if
assigned by DHCP.
Prerequisites
Download the vCenter Server installer. See “Download the vCenter Server Installer,” on page 59.
n
Verify that the system has an Internet connection.
n
Verify that the system meets the software requirements for the vSphere Web Client. See “vSphere Web
n
Client Software Requirements,” on page 24.
VMware, Inc. 79
vSphere Upgrade
n
n
n
n
n
Procedure
1 In the software installer directory, double-click the autorun.exe file to start the installer.
2 Select vSphere Web Client and click Install.
3 Follow the prompts in the installation wizard to choose the installer language, and agree to the end user
4 Either accept the default destination folder or click Change to select another location.
Before you install or upgrade any vSphere product, synchronize the clocks of all machines on the
vSphere network. See “Synchronizing Clocks on the vSphere Network,” on page 53.
Install vCenter Single Sign-On, or upgrade to the current version.
Verify that the vSphere Web Client and vCenter Server are registered to the same vCenter Single SignOn server, to ensure that the vSphere Web Client can access the vCenter Server inventory.
Close all browsers before installing or uninstalling the vSphere Web Client.
Log in as a member of the Administrators group on the host machine, with a user name that does not
contain any non-ASCII characters.
patent and license agreements.
The installation path cannot contain any of the following characters: non-ASCII characters, commas (,),
periods (.), exclamation points (!), pound signs (#), at signs (@), or percentage signs (%).
If 8.3 name creation is disabled on the host machine, do not install the vSphere Web Clientin a directory
that does not have an 8.3 short name or has a name that contains spaces. This situation will make the
vSphere Web Client inaccessible.
5 Accept or change the default port settings.
6 Enter the information to register the vSphere Web Client with vCenter Single Sign-On.
The vCenter Single Sign-On administrator user name is administrator@vsphere.local, and the password
must match the password you entered for the administrator user when you installed vCenter Single
Sign-On. The Lookup Service URL takes the form https://SSO_host_FQDN_or_IP:
7444/lookupservice/sdk, where 7444 is the default vCenter Single Sign-On HTTPS port number. Your
entry should match the entry you made when you installed vCenter Single Sign-On. If you entered a
different port number when you installed vCenter Single Sign-On, use that port number.
7 Click Install.
8 Start the vSphere Web Client by taking one of the following actions.
If you are starting the vSphere Web Client for the first time, open a supported browser, and go to
n
https://vSphere_Web_Client_host_name_or_IP:9443/vsphere-client.
In subsequent sessions, you can start the vSphere Web Client from the Windows Start menu, by
n
selecting Programs > VMware > VMware vSphere Web Client > vSphere Web Client.
NOTE After you upgrade the vSphere Web Client, when you log in for the first time, you may see the
error message Failed to navigate to desired location. This can happen when a vSphere Web Client
session from the previous version remains open when you upgrade. In this case, refresh the browser
and log in again.
80 VMware, Inc.
Chapter 5 Upgrading vCenter Server
Upgrade vCenter Inventory Service Separately by Using Custom Install
You can use Custom Install to upgrade vCenter Single Sign-On, vCenter Inventory Service, and vCenter
Server separately to customize the location and configuration of the components.
These instructions upgrade vCenter Inventory Service only. You must install or upgrade vCenter Single
Sign-On before upgrading Inventory Service and vCenter Server.
NOTE vCenter Server 5.5 supports connection between vCenter Server and vCenter Server components by
IP address only if the IP address is IPv4-compliant. To connect to a vCenter Server system in an IPv6
environment, you must use the fully qualified domain name (FQDN) or host name of the vCenter Server.
The best practice is to use the FQDN, which works in all cases, instead of the IP address, which can change if
assigned by DHCP.
Prerequisites
Review “vCenter Single Sign-On Deployment Modes,” on page 33.
n
Review “How vCenter Single Sign-On Affects vCenter Server Upgrades,” on page 32.
n
See “Prerequisites for the vCenter Server Upgrade,” on page 48
n
Download the vCenter Server Installer.
n
Upgrade vCenter Single Sign-On.
n
Procedure
1 In the software installer directory, double-click the autorun.exe file to start the installer.
2 Select vCenter Inventory Service and click Install.
3 Follow the prompts in the installation wizard to choose the installer language, and agree to the end user
patent and license agreements.
4 If you are upgrading or reinstalling an existing instance of Inventory Service, choose whether to keep
the existing database or replace it with a new empty database.
5 Click Install.
Inventory Service is upgraded.
Upgrade vCenter Server Separately by Using Custom Install
You can upgrade vCenter Server separately after installing vCenter Single Sign-On, and upgrading
Inventory Service.
Alternatively, you can upgrade vCenter Server as part of a Simple Install. See “Use Simple Install to
Upgrade vCenter Server and Required Components,” on page 65 and “How vCenter Single Sign-On Affects
vCenter Server Upgrades,” on page 32.
This procedure requires downtime for the vCenter Server that you are upgrading. You do not need to turn
off virtual machines.
If an earlier version of vCenter Server is on your machine, the vCenter Server installer detects and upgrades
it. If the upgrade fails, no automatic rollback occurs to the previous vCenter Server version.
NOTE vCenter Server 5.5 supports connection between vCenter Server and vCenter Server components by
IP address only if the IP address is IPv4-compliant. To connect to a vCenter Server system in an IPv6
environment, you must use the fully qualified domain name (FQDN) or host name of the vCenter Server.
The best practice is to use the FQDN, which works in all cases, instead of the IP address, which can change if
assigned by DHCP.
VMware, Inc. 81
vSphere Upgrade
Prerequisites
n
n
n
n
Procedure
1 In the software installer directory, double-click the autorun.exe file to start the installer.
2 Select vCenter Server and click Install.
3 Follow the prompts in the installation wizard to choose the installer language, and agree to the end user
4 Enter or confirm your database credentials.
5 Select whether to upgrade the vCenter Server database.
Review “vCenter Single Sign-On Deployment Modes,” on page 33.
Review “How vCenter Single Sign-On Affects vCenter Server Upgrades,” on page 32.
See “Prerequisites for the vCenter Server Upgrade,” on page 48
Install vCenter Single Sign-On and Inventory Service.
patent and license agreements.
Select Upgrade existing vCenter Server database to continue with the upgrade to vCenter Server.
n
Select Do not upgrade existing vCenter Server database if you do not have a backup copy of your
n
database.
You cannot continue the upgrade.
6 Click I have taken a backup of the existing vCenter Server database and SSL certificates.
7 Select how to upgrade vCenter Agent.
Option Description
Automatic
Manual
To automatically upgrade vCenter Agent on all the hosts in the vCenter
Server inventory.
If one of the following applies:
You need to control the timing of vCenter Agent upgrades on specific
n
hosts.
vCenter Agent is installed on each host in the inventory to enable
n
vCenter Server to manage the host. vCenter Agent must be upgraded
when vCenter Server is upgraded.
vCenter Agent is installed on each host in the inventory to enable vCenter Server to manage the host.
vCenter Agent must be upgraded when vCenter Server is upgraded.
8 Select the account for the vCenter Service to run in.
Option Description
SYSTEM Account
User-specified account
Select the Use Windows Local System Account check box, type the fully
qualified domain name of the vCenter Server host, and click Next. You
cannot use the Use Windows Local System Account account if you are
using the bundled database or SQL Server with Windows authentication.
Deselect the Use Windows Local System Account check box, type the
account password and the fully qualified domain name of the vCenter
Server host, and click Next.
9 Accept or change the port numbers to connect to vCenter Server.
10 (Optional) Select Increase the number of available ephemeral ports.
82 VMware, Inc.
Chapter 5 Upgrading vCenter Server
11 Select the size of your vCenter Server inventory to allocate memory for several Java services that are
used by vCenter Server.
This setting determines the maximum JVM heap settings for VMware VirtualCenter Management
Webservices (Tomcat), Inventory Service, and Profile-Driven Storage Service. You can adjust this
setting after installation if the number of hosts in your environment changes. See the recommendations
in the topic vCenter Server Hardware Requirements.
12 Enter the information to register vCenter Server with vCenter Single Sign-On.
The vCenter Single Sign-On administrator user name is administrator@vsphere.local, and the password
must match the password you entered when you installed vCenter Single Sign-On. The Lookup Service
URL takes the form https://SSO_host_FQDN_or_IP:7444/lookupservice/sdk, where 7444 is the default
vCenter Single Sign-On HTTPS port number. Your entry should match the entry you made when you
installed vCenter Single Sign-On. If you entered a different port number when you installed vCenter
Single Sign-On, use that port number.
NOTE If you installed vCenter Single Sign-On in a vCenter Server Appliance, you can enter the vCenter
Single Sign-On administrator user as root@localos. In this case, the password is the root password of the
vCenter Server Appliance. The Lookup Service URL takes the form
https://vCenter_Appliance_IP_or_host_name:{7444}/lookupservice/sdk.
13 Enter the Inventory Service URL.
The Inventory Service URL takes the form https://Inventory_Service_host_FQDN_or_IP:10443. 10443 is
the default Inventory Service HTTPS port number. If you entered a different port number when you
installed Inventory Service, use that port number here.
14 Click Install.
Installation might take several minutes. Multiple progress bars appear during the installation of the
selected components.
What to do next
Review the topics in Chapter 6, “After You Upgrade vCenter Server,” on page 125 for other postupgrade
actions you might want to take.
Use Custom Install to Upgrade vCenter Server from a Version 5.1.x High Availability vCenter Single Sign-On Deployment
In high availability mode, two vCenter Single Sign-On nodes work with the same database, data, and user
stores to ensure that vCenter Single Sign-On is not a single point of failure.
This procedure upgrades an existing vCenter Server that was installed with a high availability vCenter
Single Sign-On deployment.
You can upgrade vCenter Single Sign-On in a high availability installation without taking all vCenter Single
Sign-On nodes offline at the same time. While the first Single Sign-On node is being upgraded, the load
balancer will redirect all requests to the second node. After the first node is successfully upgraded, you can
upgrade the second node.
VMware, Inc. 83
vSphere Upgrade
vCenter Server can continue running while you upgrade vCenter Single Sign-On. Logged in users can
continue accessing vCenter Server and related solutions that are connected to vCenter Single Sign-On
during the upgrade. However, vCenter Server, the vSphere Web Client, and vCenter Inventory Service
cannot be started while the first Single Sign-On node is offline.
NOTE vCenter Server 5.5 supports connection between vCenter Server and vCenter Server components by
IP address only if the IP address is IPv4-compliant. To connect to a vCenter Server system in an IPv6
environment, you must use the fully qualified domain name (FQDN) or host name of the vCenter Server.
The best practice is to use the FQDN, which works in all cases, instead of the IP address, which can change if
assigned by DHCP.
Prerequisites
n
n
n
Procedure
1 Upgrade the First vCenter Single Sign-On Node in a High Availability Installation on page 84
Review the topics in Chapter 4, “Preparing for the Upgrade to vCenter Server,” on page 31.
See “Prerequisites for the vCenter Server Upgrade,” on page 48
Verify that the load balancer in your existing vCenter Single Sign-On high availability deployment is
configured as described in VMware Knowledge Base articles 2034157 and 2033588 .
Upgrade the first node in a vCenter Single Sign-On installation for high availability.
2 Upgrade an Additional vCenter Single Sign-On Server for High Availability on page 85
Upgrade an additional vCenter Single Sign-On node for an existing high availability vCenter Single
Sign-On installation.
3 Reconfigure the Load Balancer After Upgrading a vCenter Single Sign-On High Availability
Deployment to Version 5.5 on page 86
After you upgrade both nodes of a 5.1.x vCenter Single Sign-On high availability deployment to
version 5.5, reconfigure the load balancer.
4 Install or Upgrade the vSphere Web Client on page 88
The vSphere Web Client lets you connect to a vCenter Server system to manage your vSphere
deployment through a browser.
5 Upgrade vCenter Inventory Service Separately by Using Custom Install on page 89
You can use Custom Install to upgrade vCenter Single Sign-On, vCenter Inventory Service, and
vCenter Server separately to customize the location and configuration of the components.
6 Upgrade vCenter Server Separately by Using Custom Install on page 90
You can upgrade vCenter Server separately after installing vCenter Single Sign-On, and upgrading
Inventory Service.
Upgrade the First vCenter Single Sign-On Node in a High Availability Installation
Upgrade the first node in a vCenter Single Sign-On installation for high availability.
NOTE vCenter Server 5.5 supports connection between vCenter Server and vCenter Server components by
IP address only if the IP address is IPv4-compliant. To connect to a vCenter Server system in an IPv6
environment, you must use the fully qualified domain name (FQDN) or host name of the vCenter Server.
The best practice is to use the FQDN, which works in all cases, instead of the IP address, which can change if
assigned by DHCP.
For more information about vCenter Single Sign-On, see “How vCenter Single Sign-On Affects vCenter
Server Upgrades,” on page 32 and the vSphere Security documentation.
84 VMware, Inc.
Chapter 5 Upgrading vCenter Server
Prerequisites
Review Prerequisites for the vCenter Server Upgrade.
n
Procedure
1 In the software installer directory, double-click the autorun.exe file to start the installer.
2 Select vCenter Single Sign-On and click Install.
3 Follow the prompts in the installation wizard to choose the installer language, and agree to the end user
patent and license agreements.
4 Enter the password for the vCenter Single Sign-On administrator account.
5 Click Install.
The first high availability vCenter Single Sign-On node is upgraded.
After vCenter Single Sign-On is installed or upgraded, the following default identity sources and users are
available:
localos
All local operating system users. These users can be granted permissions to
vCenter Server. If you are upgrading, those users who already have
permissions keep those permissions.
vsphere.local
Contains all users who have administrator access to the vCenter Single SignOn server. Initially, only the user administrator is defined.
To add other identity sources, such as a native Active Directory (Integrated Windows Authentication)
domain or an OpenLDAP directory service, see “Add a vCenter Single Sign-On Identity Source,” on
page 103.
What to do next
Upgrade the second vCenter Single Sign-On instance. See “Upgrade an Additional vCenter Single Sign-On
Server for High Availability,” on page 85.
Upgrade an Additional vCenter Single Sign-On Server for High Availability
Upgrade an additional vCenter Single Sign-On node for an existing high availability vCenter Single Sign-On
installation.
Prerequisites
See the previous steps in this multitask topic, “Use Custom Install to Upgrade vCenter Server from a
Version 5.1.x High Availability vCenter Single Sign-On Deployment,” on page 83
Procedure
1 In the software installer directory, double-click the autorun.exe file to start the installer.
2 Select vCenter Single Sign-On and click Install.
3 Follow the prompts in the installation wizard to choose the installer language, and agree to the end user
patent and license agreements.
4 Enter the password for the vCenter Single Sign-On administrator account.
5 Accept or change the HTTPS port for vCenter Single Sign-On.
6 Select the deployment mode Additional server in an existing domain.
VMware, Inc. 85
vSphere Upgrade
7 Enter the information to point this additional node to the first vCenter Single Sign-On server.
NOTE If the primary node is in a high-availability cluster, enter the address of the primary node load
balancer.
a Enter the Partner host name.
The partner host name is the DNS name of the existing vCenter Single Sign-On server to replicate
from.
b Enter the password for the vCenter Single Sign-On administrator account of the existing vCenter
Single Sign-On server (administrator@vsphere.local).
8 Select an existing site as the partner or enter a new site.
9 Click Install.
Reconfigure the Load Balancer After Upgrading a vCenter Single Sign-On High Availability Deployment to Version 5.5
After you upgrade both nodes of a 5.1.x vCenter Single Sign-On high availability deployment to version 5.5,
reconfigure the load balancer.
Prerequisites
Upgrade both vCenter Single Sign-On nodes to version 5.5.
Procedure
1 In the httpd.conf file of the load balancer, in the section Configure the STS for clustering, change
values from ims to sts.
Use the following example as a model.
# Configure the STS for clustering
ProxyPass /sts/ balancer://stscluster/ nofailover=On
ProxyPassReverse /sts/ balancer://stscluster/
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/sts"
env=BALANCER_ROUTE_CHANGED
<Proxy balancer://stscluster>
BalancerMember https://sso1.example.com:7444/sts route=node1 loadfactor=100 retry=300
BalancerMember https://sso2.example.com:7444/sts route=node2 loadfactor=1 retry=300
ProxySet lbmethod=byrequests stickysession=ROUTEID failonstatus=500
</Proxy>
2 Configure both vCenter Single Sign-On servers for load balancing.
a In the first vCenter Single Sign-On node, edit the file server.xml to add the entry
jvmRoute="node1".
The default location of the file is
C:\ProgramData\VMware\cis\runtime\VMwareSTService\conf\server.xml.
b Restart TC server.
c In the second vCenter Single Sign-On node, edit the file server.xml to add the entry
jvmRoute="node2".
The default location of the file is
C:\ProgramData\VMware\cis\runtime\VMwareSTService\conf\server.xml.
d Restart TC server.
86 VMware, Inc.
Chapter 5 Upgrading vCenter Server
3 In the first vCenter Single Sign-On node, take the following actions:
a From a command prompt, run ssolscli.cmd listServices to get the service endpoints.
b Edit the files sts_id, admin_id, and gc_id to match the ServerId's from the output of the
ssolscli.cmd listServices command.
Each file should contains single line similar to:
SSO node1 Site name:a03772af-b7db-4629-ac88-ba677516e2b1
4 Edit the file sts.properties to replace the vCenter Single Sign-On hostname with the load balancer
hostname.
Use the following example as a model:
service
friendlyName=The security token service interface of the SSO server
version=1.5
ownerId=
type=urn:sso:sts
description=The security token service interface of the SSO server
productId=product:sso
viSite=SSO node1 site name
endpoint0
uri=https://loadbalancer fqdn.com:7444/sts/STSService/vsphere.local
ssl=C:\updateInfo\cacert.pem
protocol=wsTrust
5 Edit the file admin.properties to replace the vCenter Single Sign-On hostname with the load balancer
hostname.
Use the following example as a model:
service
friendlyName=The administrative interface of the SSO server
version=1.5
ownerId=
type=urn:sso:admin
description=The administrative interface of the SSO server
productId=product:sso
viSite=SSO node1 site name
endpoint0
uri=https://loadbalancer fqdn.com:7444/sso-adminserver/sdk/vsphere.local
ssl=C:\updateInfo\cacert.pem
protocol=vmomi
6 Edit the file gc.properties to replace the vCenter Single Sign-On hostname with the load balancer
hostname.
Use the following example as a model:
service
friendlyName=The group check interface of the SSO server
version=1.5
ownerId=
type=urn:sso:groupcheck
description=The group check interface of the SSO server
productId=product:sso
viSite=SSO node1 site name
VMware, Inc. 87
vSphere Upgrade
7 For each of the service ID, run the command ssolscli.cmd updateService:
8 Restart the first vCenter Single Sign-On node.
9 Restart the second vCenter Single Sign-On node.
10 Restart the load balancer.
What to do next
Upgrade the vSphere Web Client.
endpoint0
uri=https://loadbalancer fqdn.com:7444/sso-adminserver/sdk/vsphere.local
ssl=C:\updateInfo\cacert.pem
protocol=vmomi
ssolscli.cmd updateService -d https://sso1.example.com/lookupservice/sdk -u
Administrator@vsphere.local -p ****** -si sts_id -ip sts.properties
ssolscli.cmd updateService -d https://sso1.example.com/lookupservice/sdk -u
Administrator@vsphere.local -p ****** -si admin_id -ip admin.properties
ssolscli.cmd updateService -d https://sso1.example.com/lookupservice/sdk -u
Administrator@vsphere.local -p ****** -si gc_id -ip gc.properties
Install or Upgrade the vSphere Web Client
The vSphere Web Client lets you connect to a vCenter Server system to manage your vSphere deployment
through a browser.
If an earlier version of the vSphere Web Client is installed, this procedure upgrades the vSphere Web Client.
NOTE vCenter Server 5.5 supports connection between vCenter Server and vCenter Server components by
IP address only if the IP address is IPv4-compliant. To connect to a vCenter Server system in an IPv6
environment, you must use the fully qualified domain name (FQDN) or host name of the vCenter Server.
The best practice is to use the FQDN, which works in all cases, instead of the IP address, which can change if
assigned by DHCP.
Prerequisites
Download the vCenter Server installer. See “Download the vCenter Server Installer,” on page 59.
n
Verify that the system has an Internet connection.
n
Verify that the system meets the software requirements for the vSphere Web Client. See “vSphere Web
n
Client Software Requirements,” on page 24.
Before you install or upgrade any vSphere product, synchronize the clocks of all machines on the
n
vSphere network. See “Synchronizing Clocks on the vSphere Network,” on page 53.
Install vCenter Single Sign-On, or upgrade to the current version.
n
Verify that the vSphere Web Client and vCenter Server are registered to the same vCenter Single Sign-
n
On server, to ensure that the vSphere Web Client can access the vCenter Server inventory.
Close all browsers before installing or uninstalling the vSphere Web Client.
n
Log in as a member of the Administrators group on the host machine, with a user name that does not
n
contain any non-ASCII characters.
Procedure
1 In the software installer directory, double-click the autorun.exe file to start the installer.
88 VMware, Inc.
Chapter 5 Upgrading vCenter Server
2 Select vSphere Web Client and click Install.
3 Follow the prompts in the installation wizard to choose the installer language, and agree to the end user
patent and license agreements.
4 Either accept the default destination folder or click Change to select another location.
The installation path cannot contain any of the following characters: non-ASCII characters, commas (,),
periods (.), exclamation points (!), pound signs (#), at signs (@), or percentage signs (%).
If 8.3 name creation is disabled on the host machine, do not install the vSphere Web Clientin a directory
that does not have an 8.3 short name or has a name that contains spaces. This situation will make the
vSphere Web Client inaccessible.
5 Accept or change the default port settings.
6 Enter the information to register the vSphere Web Client with vCenter Single Sign-On.
The vCenter Single Sign-On administrator user name is administrator@vsphere.local, and the password
must match the password you entered for the administrator user when you installed vCenter Single
Sign-On. The Lookup Service URL takes the form https://SSO_host_FQDN_or_IP:
7444/lookupservice/sdk, where 7444 is the default vCenter Single Sign-On HTTPS port number. Your
entry should match the entry you made when you installed vCenter Single Sign-On. If you entered a
different port number when you installed vCenter Single Sign-On, use that port number.
7 Click Install.
8 Start the vSphere Web Client by taking one of the following actions.
If you are starting the vSphere Web Client for the first time, open a supported browser, and go to
n
https://vSphere_Web_Client_host_name_or_IP:9443/vsphere-client.
In subsequent sessions, you can start the vSphere Web Client from the Windows Start menu, by
n
selecting Programs > VMware > VMware vSphere Web Client > vSphere Web Client.
NOTE After you upgrade the vSphere Web Client, when you log in for the first time, you may see the
error message Failed to navigate to desired location. This can happen when a vSphere Web Client
session from the previous version remains open when you upgrade. In this case, refresh the browser
and log in again.
Upgrade vCenter Inventory Service Separately by Using Custom Install
You can use Custom Install to upgrade vCenter Single Sign-On, vCenter Inventory Service, and vCenter
Server separately to customize the location and configuration of the components.
These instructions upgrade vCenter Inventory Service only. You must install or upgrade vCenter Single
Sign-On before upgrading Inventory Service and vCenter Server.
NOTE vCenter Server 5.5 supports connection between vCenter Server and vCenter Server components by
IP address only if the IP address is IPv4-compliant. To connect to a vCenter Server system in an IPv6
environment, you must use the fully qualified domain name (FQDN) or host name of the vCenter Server.
The best practice is to use the FQDN, which works in all cases, instead of the IP address, which can change if
assigned by DHCP.
Prerequisites
Review “vCenter Single Sign-On Deployment Modes,” on page 33.
n
Review “How vCenter Single Sign-On Affects vCenter Server Upgrades,” on page 32.
n
See “Prerequisites for the vCenter Server Upgrade,” on page 48
n
Download the vCenter Server Installer.
n
VMware, Inc. 89
vSphere Upgrade
Upgrade vCenter Single Sign-On.
n
Procedure
1 In the software installer directory, double-click the autorun.exe file to start the installer.
2 Select vCenter Inventory Service and click Install.
3 Follow the prompts in the installation wizard to choose the installer language, and agree to the end user
patent and license agreements.
4 If you are upgrading or reinstalling an existing instance of Inventory Service, choose whether to keep
the existing database or replace it with a new empty database.
5 Click Install.
Inventory Service is upgraded.
Upgrade vCenter Server Separately by Using Custom Install
You can upgrade vCenter Server separately after installing vCenter Single Sign-On, and upgrading
Inventory Service.
Alternatively, you can upgrade vCenter Server as part of a Simple Install. See “Use Simple Install to
Upgrade vCenter Server and Required Components,” on page 65 and “How vCenter Single Sign-On Affects
vCenter Server Upgrades,” on page 32.
This procedure requires downtime for the vCenter Server that you are upgrading. You do not need to turn
off virtual machines.
If an earlier version of vCenter Server is on your machine, the vCenter Server installer detects and upgrades
it. If the upgrade fails, no automatic rollback occurs to the previous vCenter Server version.
NOTE vCenter Server 5.5 supports connection between vCenter Server and vCenter Server components by
IP address only if the IP address is IPv4-compliant. To connect to a vCenter Server system in an IPv6
environment, you must use the fully qualified domain name (FQDN) or host name of the vCenter Server.
The best practice is to use the FQDN, which works in all cases, instead of the IP address, which can change if
assigned by DHCP.
Prerequisites
Review “vCenter Single Sign-On Deployment Modes,” on page 33.
n
Review “How vCenter Single Sign-On Affects vCenter Server Upgrades,” on page 32.
n
See “Prerequisites for the vCenter Server Upgrade,” on page 48
n
Install vCenter Single Sign-On and Inventory Service.
n
Procedure
1 In the software installer directory, double-click the autorun.exe file to start the installer.
2 Select vCenter Server and click Install.
3 Follow the prompts in the installation wizard to choose the installer language, and agree to the end user
patent and license agreements.
4 Enter or confirm your database credentials.
90 VMware, Inc.
Chapter 5 Upgrading vCenter Server
5 Select whether to upgrade the vCenter Server database.
Select Upgrade existing vCenter Server database to continue with the upgrade to vCenter Server.
n
Select Do not upgrade existing vCenter Server database if you do not have a backup copy of your
n
database.
You cannot continue the upgrade.
6 Click I have taken a backup of the existing vCenter Server database and SSL certificates.
7 Select how to upgrade vCenter Agent.
Option Description
Automatic
Manual
To automatically upgrade vCenter Agent on all the hosts in the vCenter
Server inventory.
If one of the following applies:
You need to control the timing of vCenter Agent upgrades on specific
n
hosts.
vCenter Agent is installed on each host in the inventory to enable
n
vCenter Server to manage the host. vCenter Agent must be upgraded
when vCenter Server is upgraded.
vCenter Agent is installed on each host in the inventory to enable vCenter Server to manage the host.
vCenter Agent must be upgraded when vCenter Server is upgraded.
8 Select the account for the vCenter Service to run in.
Option Description
SYSTEM Account
User-specified account
Select the Use Windows Local System Account check box, type the fully
qualified domain name of the vCenter Server host, and click Next. You
cannot use the Use Windows Local System Account account if you are
using the bundled database or SQL Server with Windows authentication.
Deselect the Use Windows Local System Account check box, type the
account password and the fully qualified domain name of the vCenter
Server host, and click Next.
9 Accept or change the port numbers to connect to vCenter Server.
10 (Optional) Select Increase the number of available ephemeral ports.
11 Select the size of your vCenter Server inventory to allocate memory for several Java services that are
used by vCenter Server.
This setting determines the maximum JVM heap settings for VMware VirtualCenter Management
Webservices (Tomcat), Inventory Service, and Profile-Driven Storage Service. You can adjust this
setting after installation if the number of hosts in your environment changes. See the recommendations
in the topic vCenter Server Hardware Requirements.
VMware, Inc. 91
vSphere Upgrade
12 Enter the information to register vCenter Server with vCenter Single Sign-On.
13 Enter the Inventory Service URL.
14 Click Install.
The vCenter Single Sign-On administrator user name is administrator@vsphere.local, and the password
must match the password you entered when you installed vCenter Single Sign-On. The Lookup Service
URL takes the form https://SSO_host_FQDN_or_IP:7444/lookupservice/sdk, where 7444 is the default
vCenter Single Sign-On HTTPS port number. Your entry should match the entry you made when you
installed vCenter Single Sign-On. If you entered a different port number when you installed vCenter
Single Sign-On, use that port number.
NOTE If you installed vCenter Single Sign-On in a vCenter Server Appliance, you can enter the vCenter
Single Sign-On administrator user as root@localos. In this case, the password is the root password of the
vCenter Server Appliance. The Lookup Service URL takes the form
https://vCenter_Appliance_IP_or_host_name:{7444}/lookupservice/sdk.
The Inventory Service URL takes the form https://Inventory_Service_host_FQDN_or_IP:10443. 10443 is
the default Inventory Service HTTPS port number. If you entered a different port number when you
installed Inventory Service, use that port number here.
Installation might take several minutes. Multiple progress bars appear during the installation of the
selected components.
What to do next
Review the topics in Chapter 6, “After You Upgrade vCenter Server,” on page 125 for other postupgrade
actions you might want to take.
Use Custom Install to Upgrade vCenter Server from a Version 5.1.x Multisite vCenter Single Sign-On Deployment
The vCenter Server 5.1.x multisite deployment enables a single administrator to administer vCenter Server
instances that are deployed on geographically dispersed sites in Linked Mode. when you upgrade to
vCenter Server 5.5, the vCenter Single Sign-On deployment changes.
In vCenter Server 5.5, each vCenter Single Sign-On instance uses the default identity source, and can use
other identity sources if the domain is included when a user logs in.
There are no components in the vSphere suite that communicate with multiple vCenter Single Sign-On
servers. Each vSphere component should be configured to communicate with its local vCenter Single SignOn instance for faster access.
NOTE vCenter Server 5.5 supports connection between vCenter Server and vCenter Server components by
IP address only if the IP address is IPv4-compliant. To connect to a vCenter Server system in an IPv6
environment, you must use the fully qualified domain name (FQDN) or host name of the vCenter Server.
The best practice is to use the FQDN, which works in all cases, instead of the IP address, which can change if
assigned by DHCP.
Prerequisites
Review the topics in Chapter 4, “Preparing for the Upgrade to vCenter Server,” on page 31.
n
See “Prerequisites for the vCenter Server Upgrade,” on page 48
n
When you upgrade from an existing multisite Single Sign-On deployment of vCenter Server, to
n
maintain Linked Mode functionality you must upgrade all Single Sign-On instances to the same version
and manually resynchronize all Single Sign-On instances. See Knowledge Base articles
http://kb.vmware.com/kb/2042849 and http://kb.vmware.com/kb/2038677.
92 VMware, Inc.
Chapter 5 Upgrading vCenter Server
Procedure
1 Install or Upgrade the First vCenter Single Sign-On Server in a Multisite vCenter Single Sign-On
Installation on page 93
Create or upgrade the first vCenter Single Sign-On server for a multisite vCenter Single Sign-On
installation.
2 Install or Upgrade the vSphere Web Client on page 94
The vSphere Web Client lets you connect to a vCenter Server system to manage your vSphere
deployment through a browser.
3 Upgrade vCenter Inventory Service Separately by Using Custom Install on page 96
You can use Custom Install to upgrade vCenter Single Sign-On, vCenter Inventory Service, and
vCenter Server separately to customize the location and configuration of the components.
4 Upgrade vCenter Server Separately by Using Custom Install on page 96
You can upgrade vCenter Server separately after installing vCenter Single Sign-On, and upgrading
Inventory Service.
5 Install or Upgrade an Additional Single Sign-On Server for a Multisite vCenter Single Sign-On
Installation on page 98
Create or upgrade an additional vCenter Single Sign-On server for a multisite vCenter Single Sign-On
installation.
6 Install or Upgrade the vSphere Web Client on page 99
The vSphere Web Client lets you connect to a vCenter Server system to manage your vSphere
deployment through a browser.
7 Upgrade vCenter Inventory Service Separately by Using Custom Install on page 100
You can use Custom Install to upgrade vCenter Single Sign-On, vCenter Inventory Service, and
vCenter Server separately to customize the location and configuration of the components.
8 Upgrade vCenter Server Separately by Using Custom Install on page 101
You can upgrade vCenter Server separately after installing vCenter Single Sign-On, and upgrading
Inventory Service.
Install or Upgrade the First vCenter Single Sign-On Server in a Multisite vCenter Single Sign-On Installation
Create or upgrade the first vCenter Single Sign-On server for a multisite vCenter Single Sign-On installation.
Prerequisites
Review “vCenter Single Sign-On Deployment Modes,” on page 33.
n
Review “How vCenter Single Sign-On Affects vCenter Server Upgrades,” on page 32.
n
See “Prerequisites for the vCenter Server Upgrade,” on page 48
n
Procedure
1 In the software installer directory, double-click the autorun.exe file to start the installer.
2 Select vCenter Single Sign-On and click Install.
3 Follow the prompts in the installation wizard to choose the installer language, and agree to the end user
patent and license agreements.
VMware, Inc. 93
vSphere Upgrade
4 If you are installing a new instance of vCenter Single Sign-On , proceed to Step 5. If you are upgrading
5 Accept or change the HTTPS port for vCenter Single Sign-On.
6 Select the deployment mode vCenter Single Sign-On for your first vCenter Server.
7 Set the password for the vCenter Single Sign-On administrator account.
8 Review the installation options and click Install.
The first vCenter Single Sign-On multisite server is installed or upgraded.
an existing installation of vCenter Single Sign-On , take the following steps:
a Enter the password for the vCenter Single Sign-On administrator account.
b Proceed to Step 8.
This is the password for the user administrator@vsphere.local. vsphere.local is a new domain that is
created by vCenter Single Sign-On. After installation, you can log in to vCenter Single Sign-On and in to
vCenter Server as adminstrator@vsphere.local.
By default, the password must have at least eight characters, at least one lowercase character, one
uppercase character, one number, and one special character. See the vSphere Security documentation for
information about changing the password policy. The following characters are not supported in
passwords: non-ASCII characters, semicolon (;), double quotation mark ("), single quotation mark ('),
circumflex (^), and backslash (\).
After vCenter Single Sign-On is installed or upgraded, the following default identity sources and users are
available:
localos
All local operating system users. These users can be granted permissions to
vCenter Server. If you are upgrading, those users who already have
permissions keep those permissions.
vsphere.local
Contains all users who have administrator access to the vCenter Single SignOn server. Initially, only the user administrator is defined.
To add other identity sources, such as a native Active Directory (Integrated Windows Authentication)
domain or an OpenLDAP directory service, see “Add a vCenter Single Sign-On Identity Source,” on
page 103.
Install or Upgrade the vSphere Web Client
The vSphere Web Client lets you connect to a vCenter Server system to manage your vSphere deployment
through a browser.
If an earlier version of the vSphere Web Client is installed, this procedure upgrades the vSphere Web Client.
NOTE vCenter Server 5.5 supports connection between vCenter Server and vCenter Server components by
IP address only if the IP address is IPv4-compliant. To connect to a vCenter Server system in an IPv6
environment, you must use the fully qualified domain name (FQDN) or host name of the vCenter Server.
The best practice is to use the FQDN, which works in all cases, instead of the IP address, which can change if
assigned by DHCP.
Prerequisites
Download the vCenter Server installer. See “Download the vCenter Server Installer,” on page 59.
n
Verify that the system has an Internet connection.
n
Verify that the system meets the software requirements for the vSphere Web Client. See “vSphere Web
n
Client Software Requirements,” on page 24.
94 VMware, Inc.
Chapter 5 Upgrading vCenter Server
Before you install or upgrade any vSphere product, synchronize the clocks of all machines on the
n
vSphere network. See “Synchronizing Clocks on the vSphere Network,” on page 53.
Install vCenter Single Sign-On, or upgrade to the current version.
n
Verify that the vSphere Web Client and vCenter Server are registered to the same vCenter Single Sign-
n
On server, to ensure that the vSphere Web Client can access the vCenter Server inventory.
Close all browsers before installing or uninstalling the vSphere Web Client.
n
Log in as a member of the Administrators group on the host machine, with a user name that does not
n
contain any non-ASCII characters.
Procedure
1 In the software installer directory, double-click the autorun.exe file to start the installer.
2 Select vSphere Web Client and click Install.
3 Follow the prompts in the installation wizard to choose the installer language, and agree to the end user
patent and license agreements.
4 Either accept the default destination folder or click Change to select another location.
The installation path cannot contain any of the following characters: non-ASCII characters, commas (,),
periods (.), exclamation points (!), pound signs (#), at signs (@), or percentage signs (%).
If 8.3 name creation is disabled on the host machine, do not install the vSphere Web Clientin a directory
that does not have an 8.3 short name or has a name that contains spaces. This situation will make the
vSphere Web Client inaccessible.
5 Accept or change the default port settings.
6 Enter the information to register the vSphere Web Client with vCenter Single Sign-On.
The vCenter Single Sign-On administrator user name is administrator@vsphere.local, and the password
must match the password you entered for the administrator user when you installed vCenter Single
Sign-On. The Lookup Service URL takes the form https://SSO_host_FQDN_or_IP:
7444/lookupservice/sdk, where 7444 is the default vCenter Single Sign-On HTTPS port number. Your
entry should match the entry you made when you installed vCenter Single Sign-On. If you entered a
different port number when you installed vCenter Single Sign-On, use that port number.
7 Click Install.
8 Start the vSphere Web Client by taking one of the following actions.
If you are starting the vSphere Web Client for the first time, open a supported browser, and go to
n
https://vSphere_Web_Client_host_name_or_IP:9443/vsphere-client.
In subsequent sessions, you can start the vSphere Web Client from the Windows Start menu, by
n
selecting Programs > VMware > VMware vSphere Web Client > vSphere Web Client.
NOTE After you upgrade the vSphere Web Client, when you log in for the first time, you may see the
error message Failed to navigate to desired location. This can happen when a vSphere Web Client
session from the previous version remains open when you upgrade. In this case, refresh the browser
and log in again.
VMware, Inc. 95
vSphere Upgrade
Upgrade vCenter Inventory Service Separately by Using Custom Install
You can use Custom Install to upgrade vCenter Single Sign-On, vCenter Inventory Service, and vCenter
Server separately to customize the location and configuration of the components.
These instructions upgrade vCenter Inventory Service only. You must install or upgrade vCenter Single
Sign-On before upgrading Inventory Service and vCenter Server.
NOTE vCenter Server 5.5 supports connection between vCenter Server and vCenter Server components by
IP address only if the IP address is IPv4-compliant. To connect to a vCenter Server system in an IPv6
environment, you must use the fully qualified domain name (FQDN) or host name of the vCenter Server.
The best practice is to use the FQDN, which works in all cases, instead of the IP address, which can change if
assigned by DHCP.
Prerequisites
Review “vCenter Single Sign-On Deployment Modes,” on page 33.
n
Review “How vCenter Single Sign-On Affects vCenter Server Upgrades,” on page 32.
n
See “Prerequisites for the vCenter Server Upgrade,” on page 48
n
Download the vCenter Server Installer.
n
Upgrade vCenter Single Sign-On.
n
Procedure
1 In the software installer directory, double-click the autorun.exe file to start the installer.
2 Select vCenter Inventory Service and click Install.
3 Follow the prompts in the installation wizard to choose the installer language, and agree to the end user
patent and license agreements.
4 If you are upgrading or reinstalling an existing instance of Inventory Service, choose whether to keep
the existing database or replace it with a new empty database.
5 Click Install.
Inventory Service is upgraded.
Upgrade vCenter Server Separately by Using Custom Install
You can upgrade vCenter Server separately after installing vCenter Single Sign-On, and upgrading
Inventory Service.
Alternatively, you can upgrade vCenter Server as part of a Simple Install. See “Use Simple Install to
Upgrade vCenter Server and Required Components,” on page 65 and “How vCenter Single Sign-On Affects
vCenter Server Upgrades,” on page 32.
This procedure requires downtime for the vCenter Server that you are upgrading. You do not need to turn
off virtual machines.
If an earlier version of vCenter Server is on your machine, the vCenter Server installer detects and upgrades
it. If the upgrade fails, no automatic rollback occurs to the previous vCenter Server version.
NOTE vCenter Server 5.5 supports connection between vCenter Server and vCenter Server components by
IP address only if the IP address is IPv4-compliant. To connect to a vCenter Server system in an IPv6
environment, you must use the fully qualified domain name (FQDN) or host name of the vCenter Server.
The best practice is to use the FQDN, which works in all cases, instead of the IP address, which can change if
assigned by DHCP.
96 VMware, Inc.
Chapter 5 Upgrading vCenter Server
Prerequisites
Review “vCenter Single Sign-On Deployment Modes,” on page 33.
n
Review “How vCenter Single Sign-On Affects vCenter Server Upgrades,” on page 32.
n
See “Prerequisites for the vCenter Server Upgrade,” on page 48
n
Install vCenter Single Sign-On and Inventory Service.
n
Procedure
1 In the software installer directory, double-click the autorun.exe file to start the installer.
2 Select vCenter Server and click Install.
3 Follow the prompts in the installation wizard to choose the installer language, and agree to the end user
patent and license agreements.
4 Enter or confirm your database credentials.
5 Select whether to upgrade the vCenter Server database.
Select Upgrade existing vCenter Server database to continue with the upgrade to vCenter Server.
n
Select Do not upgrade existing vCenter Server database if you do not have a backup copy of your
n
database.
You cannot continue the upgrade.
6 Click I have taken a backup of the existing vCenter Server database and SSL certificates.
7 Select how to upgrade vCenter Agent.
Option Description
Automatic
Manual
To automatically upgrade vCenter Agent on all the hosts in the vCenter
Server inventory.
If one of the following applies:
You need to control the timing of vCenter Agent upgrades on specific
n
hosts.
vCenter Agent is installed on each host in the inventory to enable
n
vCenter Server to manage the host. vCenter Agent must be upgraded
when vCenter Server is upgraded.
vCenter Agent is installed on each host in the inventory to enable vCenter Server to manage the host.
vCenter Agent must be upgraded when vCenter Server is upgraded.
8 Select the account for the vCenter Service to run in.
Option Description
SYSTEM Account
User-specified account
Select the Use Windows Local System Account check box, type the fully
qualified domain name of the vCenter Server host, and click Next. You
cannot use the Use Windows Local System Account account if you are
using the bundled database or SQL Server with Windows authentication.
Deselect the Use Windows Local System Account check box, type the
account password and the fully qualified domain name of the vCenter
Server host, and click Next.
9 Accept or change the port numbers to connect to vCenter Server.
10 (Optional) Select Increase the number of available ephemeral ports.
VMware, Inc. 97
vSphere Upgrade
11 Select the size of your vCenter Server inventory to allocate memory for several Java services that are
12 Enter the information to register vCenter Server with vCenter Single Sign-On.
13 Enter the Inventory Service URL.
used by vCenter Server.
This setting determines the maximum JVM heap settings for VMware VirtualCenter Management
Webservices (Tomcat), Inventory Service, and Profile-Driven Storage Service. You can adjust this
setting after installation if the number of hosts in your environment changes. See the recommendations
in the topic vCenter Server Hardware Requirements.
The vCenter Single Sign-On administrator user name is administrator@vsphere.local, and the password
must match the password you entered when you installed vCenter Single Sign-On. The Lookup Service
URL takes the form https://SSO_host_FQDN_or_IP:7444/lookupservice/sdk, where 7444 is the default
vCenter Single Sign-On HTTPS port number. Your entry should match the entry you made when you
installed vCenter Single Sign-On. If you entered a different port number when you installed vCenter
Single Sign-On, use that port number.
NOTE If you installed vCenter Single Sign-On in a vCenter Server Appliance, you can enter the vCenter
Single Sign-On administrator user as root@localos. In this case, the password is the root password of the
vCenter Server Appliance. The Lookup Service URL takes the form
https://vCenter_Appliance_IP_or_host_name:{7444}/lookupservice/sdk.
The Inventory Service URL takes the form https://Inventory_Service_host_FQDN_or_IP:10443. 10443 is
the default Inventory Service HTTPS port number. If you entered a different port number when you
installed Inventory Service, use that port number here.
14 Click Install.
Installation might take several minutes. Multiple progress bars appear during the installation of the
selected components.
What to do next
Review the topics in Chapter 6, “After You Upgrade vCenter Server,” on page 125 for other postupgrade
actions you might want to take.
Install or Upgrade an Additional Single Sign-On Server for a Multisite vCenter Single Sign-On Installation
Create or upgrade an additional vCenter Single Sign-On server for a multisite vCenter Single Sign-On
installation.
Prerequisites
Install or upgrade the first node in the multisite vCenter Single Sign-On installation. See “Install or
n
Upgrade the First vCenter Single Sign-On Server in a Multisite vCenter Single Sign-On Installation,” on
page 93.
Review “vCenter Single Sign-On Deployment Modes,” on page 33.
n
See “Prerequisites for the vCenter Server Upgrade,” on page 48.
n
Procedure
1 In the software installer directory, double-click the autorun.exe file to start the installer.
2 Select vCenter Single Sign-On and click Install.
3 Follow the prompts in the installation wizard to choose the installer language, and agree to the end user
patent and license agreements.
98 VMware, Inc.
Chapter 5 Upgrading vCenter Server
4 If you are installing a new instance of Single Sign-On, proceed to Step 5. If you are upgrading an
existing installation of Single Sign-On, take the following steps:
a Enter the password for the Single Sign-On administrator account.
b Proceed to Step 9.
5 Accept or change the HTTPS port for vCenter Single Sign-On.
6 Select the deployment mode vCenter Single Sign-On for an additional vCenter Server with a new
site.
7 Enter the information to point this additional node to the first vCenter Single Sign-On server.
NOTE If the primary node is in a high-availability cluster, enter the address of the primary node load
balancer.
a Enter the Partner host name.
The partner host name is the DNS name of the existing vCenter Single Sign-On server to replicate
from.
b Enter the password for the vCenter Single Sign-On administrator account of the existing vCenter
Single Sign-On server (administrator@vsphere.local).
8 Select an existing site as the partner or enter a new site.
9 Click Install.
The additional vCenter Single Sign-On server is installed.
What to do next
Repeat this procedure for each additional multisite node.
Install or Upgrade the vSphere Web Client
The vSphere Web Client lets you connect to a vCenter Server system to manage your vSphere deployment
through a browser.
If an earlier version of the vSphere Web Client is installed, this procedure upgrades the vSphere Web Client.
NOTE vCenter Server 5.5 supports connection between vCenter Server and vCenter Server components by
IP address only if the IP address is IPv4-compliant. To connect to a vCenter Server system in an IPv6
environment, you must use the fully qualified domain name (FQDN) or host name of the vCenter Server.
The best practice is to use the FQDN, which works in all cases, instead of the IP address, which can change if
assigned by DHCP.
Prerequisites
Download the vCenter Server installer. See “Download the vCenter Server Installer,” on page 59.
n
Verify that the system has an Internet connection.
n
Verify that the system meets the software requirements for the vSphere Web Client. See “vSphere Web
n
Client Software Requirements,” on page 24.
Before you install or upgrade any vSphere product, synchronize the clocks of all machines on the
n
vSphere network. See “Synchronizing Clocks on the vSphere Network,” on page 53.
Install vCenter Single Sign-On, or upgrade to the current version.
n
Verify that the vSphere Web Client and vCenter Server are registered to the same vCenter Single Sign-
n
On server, to ensure that the vSphere Web Client can access the vCenter Server inventory.
VMware, Inc. 99
vSphere Upgrade
n
n
Procedure
1 In the software installer directory, double-click the autorun.exe file to start the installer.
2 Select vSphere Web Client and click Install.
3 Follow the prompts in the installation wizard to choose the installer language, and agree to the end user
4 Either accept the default destination folder or click Change to select another location.
5 Accept or change the default port settings.
6 Enter the information to register the vSphere Web Client with vCenter Single Sign-On.
Close all browsers before installing or uninstalling the vSphere Web Client.
Log in as a member of the Administrators group on the host machine, with a user name that does not
contain any non-ASCII characters.
patent and license agreements.
The installation path cannot contain any of the following characters: non-ASCII characters, commas (,),
periods (.), exclamation points (!), pound signs (#), at signs (@), or percentage signs (%).
If 8.3 name creation is disabled on the host machine, do not install the vSphere Web Clientin a directory
that does not have an 8.3 short name or has a name that contains spaces. This situation will make the
vSphere Web Client inaccessible.
The vCenter Single Sign-On administrator user name is administrator@vsphere.local, and the password
must match the password you entered for the administrator user when you installed vCenter Single
Sign-On. The Lookup Service URL takes the form https://SSO_host_FQDN_or_IP:
7444/lookupservice/sdk, where 7444 is the default vCenter Single Sign-On HTTPS port number. Your
entry should match the entry you made when you installed vCenter Single Sign-On. If you entered a
different port number when you installed vCenter Single Sign-On, use that port number.
7 Click Install.
8 Start the vSphere Web Client by taking one of the following actions.
If you are starting the vSphere Web Client for the first time, open a supported browser, and go to
n
https://vSphere_Web_Client_host_name_or_IP:9443/vsphere-client.
In subsequent sessions, you can start the vSphere Web Client from the Windows Start menu, by
n
selecting Programs > VMware > VMware vSphere Web Client > vSphere Web Client.
NOTE After you upgrade the vSphere Web Client, when you log in for the first time, you may see the
error message Failed to navigate to desired location. This can happen when a vSphere Web Client
session from the previous version remains open when you upgrade. In this case, refresh the browser
and log in again.
Upgrade vCenter Inventory Service Separately by Using Custom Install
You can use Custom Install to upgrade vCenter Single Sign-On, vCenter Inventory Service, and vCenter
Server separately to customize the location and configuration of the components.
These instructions upgrade vCenter Inventory Service only. You must install or upgrade vCenter Single
Sign-On before upgrading Inventory Service and vCenter Server.
NOTE vCenter Server 5.5 supports connection between vCenter Server and vCenter Server components by
IP address only if the IP address is IPv4-compliant. To connect to a vCenter Server system in an IPv6
environment, you must use the fully qualified domain name (FQDN) or host name of the vCenter Server.
The best practice is to use the FQDN, which works in all cases, instead of the IP address, which can change if
assigned by DHCP.
100 VMware, Inc.
Loading...