Chris Colotti's Blog Thoughts and Theories About…
This only came about because I got a call today about a customer that had vCloud up and running then realized they have the 4.1 build of vShield Manager installed (Build #287872) instead of the 4.1 Update 1 Version (Build #310451). Build #287872 is a valid GA version for 4.1, but if you go to the VMware download site for vCloud Director 1.0.1 you will notice the new .OVA is Build #310451. It seems a common mistake people are making is they are grabbing the new .OVA from the vCloud Director download site. Once folks grab the new .OVA they are deleting their existing vShield Manager VM and deploying the new one only to discover…..everything BROKE!
Well here is a little background for you to understand why that is. the vShield Manager runs a locl MySQL database inside the appliance. When vCloud director deploys a vShield Edge for a NAT routed network, it is tracked by vSphere VM-ID in that MySQL Database. When you delete the vSHield Manager VM, you in turn deleted the MySQL Database. Now, you can backup the database using FTP as shown in the screenshot, however I personally have not tried to restore it to a newly deploy vShield Manager of the same version let alone a new version.
So you ask…..where and how do I go from the GA build to the latest version of vShield manager? Well that is easy for the most part. First you need to download the upgrade files from the vShield Edge Download page. Provided the version you are grabbing is supported with vCloud Director of course. Notice there is not only the .OVA but the .tar.gz file as well!
Now the rest is pretty easy. From the UI go to Settings and Reports –> Updates and select upload file. You want to upload the TAR file as is, and once you do you will be presented with an install screen.
After that the system will load the update and reboot. There is some additional items you may need to do like reconnecting to vCenter but generally that will still work. The bottom line here is you can upgrade vShield Manager and you DO NOT want to just delete it and re-deploy it. There is a lot of information stored on that Virtual Machine.
Stay tuned for specifics in a few months on upgrading to vShield 5.0. The new vCloud 1.5 download site does have both the TAR and the OVA versions listed now as well to minimize confusion.
Hi Chris,
Small cosmetic fixes : “locl MySQL” -> “local MySQL”.
I have tried once the restore from ftp backup and it worked great (same vSM version), but I would need to retest it on a vCloud 1.0.1 -> 1.5 context to see how it behaves and document it.
Therefore I really like your method, it’s simple and efficient in the different vCloud lab deployments I’ve tried.
I still take the FTP backup before the in place upgrade……just in case 🙂
Yes, we should never let your guard down ;-).
Always have multiple ways to restore, only those who didn’t fail on such *stupid* topic would think differently.
I’ve seen many companies backing up data, without testing the restore process, and just when they need it, it never works the way they expected.
What about upgrading shield manager from ver4.1 to ver 5.0 with out losing a ping from the vm
Tommy, vShield Manager needs to reboot on the upgrade and restart the Java services so it will do offline for a couple minutes. However that does not affect running vShield Edges and their deployed rules, it just means you can not update vSE’s or deploy new ones until the vSM is back online. Has not proven to be a big deal yet for most people. Cheers!