Get Hands-on with Amazon EKS - Workshop Event Series

Whether you're taking your first steps with Kubernetes or you're an experienced practitioner looking to sharpen your skills, our Amazon EKS workshop series delivers practical, real-world experience that moves you forward. Learn directly from AWS solutions architects and EKS specialists through hands-on sessions designed to build your confidence with Kubernetes. Register now and start building with Amazon EKS!

Upgrading an Amazon EVS environment from VCF version 5.2.1.x to 5.2.2.0

6 minute read

Content level: Advanced

This article provides guidance for upgrading an Amazon EVS environment from version 5.2.1.x to 5.2.2.x

Background

At launch, Amazon EVS environments are deployed with VMware Cloud Foundation (VCF) version 5.2.1.0. Customers should follow the Broadcom documentation for detailed upgrade procedures.

This article provides general considerations identified during upgrade testing.

Components impacted by the upgrade


Component	Current Version	Current Build	New Version	New Build
SDDC Manager	5.2.1.x	24307856	5.2.2.0	24936865
VMware NSX	4.2.1.0.0	24304122	4.2.3.0.0	24866349
VMware vCenter Server Appliance	8.0.3	24280767	8.0.3.00600	24853646
VMware ESXi	8.0.3.00300	24305161	8.0.3	24859861

Tasks

Review Release Notes
Reconfigure Backups for SDDC Manager, NSX Manager and vCenter
Upgrade SDDC Manager
Run upgrade pre-checks and upgrade NSX, vCenter and ESXi

1: Review Release Notes

Check the official VMware Cloud Foundation 5.2.2 Release Notes for prerequisites, known issues, and specific upgrade steps.

2: Reconfigure Backups for SDDC Manager, NSX Manager and vCenter

Note: By default, the backup repository for the above components is set to the SDDC Manager, which will cause errors during VCF environment upgrades.

Before attempting to upgrade the environment, ensure that backups for SDDC Manager, NSX Manager, and vCenter are configured to use an external SFTP server repository.
Refer to the Broadcom documentation for how to configure backups for SDDC Manager, NSX Manager and vCenter.
Perform a manual backup of SDDC Manager, NSX Manager and vCenter components
For customers who require an easy SFTP server deployment on EC2, refer to the following AWS re:Post article for external SFTP server setup.

3: Upgrade SDDC Manager

Begin by upgrading SDDC Manager to version 5.2.2.0 using Lifecycle Manager within the SDDC Manager web interface to download and install the 5.2.2.0 update file.
Follow the Broadcom documentation for the upgrade process.

4: Run upgrade pre-checks and upgrade NSX, vCenter and ESXi

After upgrading SDDC Manager, run the precheck for the workload domain you plan to upgrade from the Updates tab. Continue to upgrade VCF components or resolve any issues as directed by the Lifecycle Manager.

VCF Updates tab

During the pre-check phase, the following issues or warnings may appear:

1. Default upgrade policy mismatch

Checks if any upgrade policies configured for the cluster match the default SDDC Manager ESXi upgrade policy.
This is a known warning and can be safely ignored. See Broadcom KB for details.

2. Third-party VIBs detected

Amazon EVS includes a custom VIB within the EVS-deployed ESX image. Any warnings related to this within Vendor Addon can be safely disregarded, as any new ESX installation will already contain the latest required custom VIBs.
For customers using NetApp FSx for ONTAP to provide supplemental storage for their EVS environment, you may see this warning if you have not added the NetApp VIB to the vCenter cluster image as a Component. Other third-party VIBs must also be added to vCenter cluster image. See this Broadcom KB for more details about creating new cluster images.

Note: Example command to view list of installed VIBs on an ESXi Host: "esxcli software vib list | grep -i vibname"

3. No backups configured for SDDC Manager, NSX Manager or vCenter

Ensure that backups have been reconfigured as per Task 2: Re-configure Backups for SDDC Manager, NSX Manager and vCenter.

4. ERROR vSphere SHA-1 validation failed

This error may be present in the pre-check output if the EVS environment is using the default self-signed certificates.
To fix this issue customers can either use SDDC Manager to configure the environment to use customer provided signed certificates, or follow this Broadcom KB to resync the vCenter VECS store and continue with the existing self-signed certificates.

5. JDK issue impacting NSX (JDK-8330017)

This is a known issue, follow the workaround in this Broadcom KB to resolve and progress to upgrade NSX components.

6. No image available for ESXi host upgrade

During the ESXi host upgrade section, customers could encounter an issue whereby there is no image available to select to apply to the hosts.
This Broadcom KB provides steps to fix this issue by creating a new vCenter cluster image. Ensure you include all required VIBs as part of the new cluster image.
Ensure when downloading the ESXi image from Broadcom support portal, you import the correct image for Amazon EVS (version 8.0.3 Build 24859861)

Note: Example command to view the currently active image profile from an ESXi Host: "esxcli software profile get"

7. NSX Edge Cluster credentials check failed internally

NSX edges in Amazon EVS are not deployed using SDDC Manager and are instead deployed directly from NSX manager. The edges are fully manageable from with NSX manager.
Additionally the SDDC Manager upgrade should complete successfully since the SDDC Manager runs the upgrade workflow through the NSX built-in upgrade workflow.
Broadcom provides a KB article indicating the warning can be ignored.

Troubleshooting Summary


Issue	Cause	Resolution
Upgrade policy mismatch	Cluster policy differs from default	Safe to ignore; see Broadcom KB
Third-party VIB warning	Custom or vendor VIBs detected	Ensure VIBs are added to vCenter cluster image as component or vendor addon
Backup repository configured to SDDC Manager	SDDC Manager, NSX Manager and vCenter backups pointing to SDDC Manager	Re-configure backups to point to external SFTP server before upgrade following Broadcom KB
SHA-1 certificate error	Default self-signed certificates	Replace with signed certs or follow Broadcom KB to resync VECS store
JDK-8330017 issue	Known NSX bug	Apply workaround from Broadcom KB and perform rolling reboot of NSX Managers
No ESXi image available	Cluster image not created	Create new vCenter cluster image and include required vendor addon and component VIBs following Broadcom KB

Related information

Broadcom VMware Cloud Foundation 5.2 Documentation
Broadcom Knowledge Base
AWS re:Post article: Deploying an SFTP server
Amazon EVS Service Overview

Topics: Compute
Tags: Amazon Elastic VMware Service (EVS)
Language: English

EXPERT

Allan

published 14 days ago119 views

No comments

Relevant content

Using Amazon EC2 as an External Backup Repository for Amazon EVS VCF Management Appliances
EXPERT
James Selwood
published 24 days ago
Running VMware on AWS: Key Takeaways from AWS re:Invent 2024
EXPERT
Niyi Osibeluwo
published a year ago
Host and Cluster Management with Amazon EVS
EXPERT
Ben Lipman
published 2 months ago
Is Rubrik Cloud Cluster certified with EVS
Imre Szabo
asked 5 months ago
Auto Minor Version Upgrade (AMVU) caused downtime — How to ensure seamless upgrade?
Mori
asked 8 months ago
Elastic Beanstalk upgrade major PHP version (e.g. 7.4 > 8.1) without creating new environment
Ben-in-CA
asked 3 years ago
How do I upgrade an Amazon RDS for MySQL database engine version and minimize downtime?
AWS OFFICIALUpdated 7 months ago
How do I upgrade my Amazon Aurora MySQL DB cluster to a new version?
AWS OFFICIALUpdated 2 years ago
How do I upgrade Ubuntu on my Amazon EC2 Linux instance from one LTS version to another?
AWS OFFICIALUpdated 2 months ago
How do I minimize the downtime and optimize the performance of an Amazon RDS for PostgreSQL major version upgrade?
AWS OFFICIALUpdated 2 months ago