Visitors

HOW TO: Upgrade VMware vCloud Networking and Security / vShield Manager, vShield Endpoint, vShield App, vShield Edge

In this guide I will take you through the vCloud Networking and Security / vShield Manager and components upgrade to version 5.5.3.1. This release addresses Shellshock vulnerability (VMware KB 2091218).

Before you proceed with the upgrade, please confirm the new version is compatible with the existing VMware and other security products in your environment (Trend Micro Deep Security, for example):

Download VMware vShield Manager Upgrade bundle from my.VMware.com :

You must first upgrade the vShield Manager, then update the other components.

vShield Manager Upgrade

  1. First, take a snapshot of vShield Manager virtual appliance!
  2. Login to vShield Manager, navigate to inventory panel, View: > Host & Clusters, click Settings & Reports.
  3. Click the Updates tab.
  4. Click Upload Upgrade Bundle.
    Upgrade vCNS - Upgrade vShield Manager - 1
  5. Click Browse and select the VMware-vShield-Manager-upgrade_bundle-buildNumber.tar.gz file.
  6. Click Open.
  7. Click Upload File.
  8. After the file is uploaded, click Update Status.
    Upgrade vCNS - Upgrade vShield Manager - 2
  9. Click Install to begin the upgrade process.
  10. Click Confirm Install.
    Upgrade vCNS - Upgrade vShield Manager - 3
    The upgrade process reboots vShield Manager, so you might lose connectivity to the vShield Manager user interface. None of the other vShield components are rebooted.
    Upgrade vCNS - Upgrade vShield Manager - 4Upgrade vCNS - Upgrade vShield Manager - 5
  11. After the reboot, log back in to the vShield Manager.
  12. OPTIONAL: Login to Trend Micro Deep Security Manager and make sure it still can connect to vSM.
    Upgrade vCNS - Upgrade vShield Manager - TM DS M

Although this upgrade looks straightforwards and, in the majority of cases, runs OK, I have a couple of tips for you:

  • ALWAYS take a snap of vShield Manager!
  • vShield Manager upgrade from 5.0.x to 5.1.x is different as you need to upgrade its virtual hardware. See VMware KB 2044458 for detailed instructions.
  • Make sure vShield Manager VA hardware spec is correct (I experienced an issue with the upgrade when someone manually changed vSM VA configuration)
  • A minimum of 2.5 GB free disk space is available in the /common partition. Login to vSM console and run show filesystems:
    FAIL:
    vShield Manager - show filesystems
    OK:
    Upgrade vCNS - Upgrade vShield Manager - 6

 

vShield App and vShield Endpoint Upgrade

You must upgrade vShield App and vShield Endpoint on each host in your datacenter.  Both can can be upgraded either through vSphere Client or vShield Manager interface.  I personally prefer the later.

  1. Login vShield Manager, navigate to inventory panel, select View: > Hosts & Clusters.
  2. Select Inventory > Hosts and Clusters.
  3. Under Datacenters / Your_Datacenter / Your_Cluster click the host on which you want to upgrade vShield App / vShield Endpoint.
  4. The Summary tab displays each vShield component that is installed on the selected host and the available upgrade version.
  5. Select Update next to vShield App or vShield Endpoint.
    Upgrade vCNS - Upgrade vShield App & Endpoint - 0
  6. Select the vShield App or vShield Endpoint checkbox. You can also select both and upgrade them in one go.
    Upgrade vCNS - Upgrade vShield App & Endpoint - 1
  7. Click Install.  During vShield App upgrade, the ESXi host is placed into Maintenance Mode and rebooted. Ensure that virtual machines on the ESXi host are migrated (using DRS or vMotion), or that they are powered off to allow the host to be placed into Maintenance Mode.
    Upgrade vCNS - Upgrade vShield App & Endpoint - 2Upgrade vCNS - Upgrade vShield App & Endpoint - 3
  8. All done:
    Upgrade vCNS - Upgrade vShield App & Endpoint - 4
  9. OPTIONAL: Again, it may be a good idea to check the host in Trend Micro Deep Security Manager…

 vShield Edge Upgrade

  1. Log in to the vShield Manager, navigate to View: > Networks.
  2. Select the Datacenter, Network Vistualization, Edges.
  3. Select the vShield Edge. Notice the up arrow – Upgrade available.
    Upgrade vCNS - Upgrade vShield Edge - 1
  4. Click the Actions and select Upgrade.
    Upgrade vCNS - Upgrade vShield Edge - 2
  5. Click Yes to continue.
    Upgrade vCNS - Upgrade vShield Edge - 3
  6. This is where it gets interesting! vShield Manager will NOT upgrade vShield Edge virtual appliance, instead it will deploy a new appliance, copy the config and then deleted the old appliance.
    Upgrade vCNS - Upgrade vShield Edge - 4

I hope this helps.

3 comments to HOW TO: Upgrade VMware vCloud Networking and Security / vShield Manager, vShield Endpoint, vShield App, vShield Edge

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>