How to upgrade vShield manager
As part of my lab upgrade process of updating all the vCloud parts I wanted to document the vShield Manager update steps. Since vShield manager is a VMware appliance it has a database that holds your rules and settings that are distributed out to the various vShield App and Edge devices that you are using. So if you just did a rip and replace with the appliance to get to the new version you would break a lot of things and have to recreate your rules and re-deploy the agents to hosts. This would be a very bad thing in a production install. This is why you should use the update feature built in the vShield manager console. You can review my post on upgrading the vCloud appliance also.
To update vShield manager you need to download the gZip package from VMware. When you look at the download options for vShield there is an OVF package that deploys a fresh version of the appliance or there is a zipped package that you use for updates. Grab the update package and use for the next step.
In Figure 1 below you can see that after logging into the management page of the vShield Manager appliance you need to navigate to the “Settings & Reports” option in the left tree. Then choose the updates tab and then upload settings. This will present you with the option to upload the zipped update file that you downloaded earlier.
Once the upload process starts you will see a progress indicator like the one shown in Figure 2 below. If you have any issue in uploading the update package I would suggest restarting the vShield Manager appliance and maybe trying Internet Explorer.
Once the update package has been installed you will see an Install option on the Update Status page in vShield manager shown below in Figure 3. This screen shows you the installed release of vShield and if you click the arrow next to the install button you will get more details about the release version that the upgrade package contains. Once you are ready to update click the Install button to proceed. Note that this is at least some what disruptive to your network traffic, I have not fully investigated. But the vShield manager appliance does reboot and then below I will discuss how this affects the App appliances.
Before the actual upgrade starts you will be asked to confirm the Install before proceeding, example below in Figure 4.
Once the upgrade process begins you will see a status page like the one shown below in Figure 5. The page appears to show you the stages for the update. I must admit that I was impatient and hit refresh part way through the process and it happen to be when the vShield manager appliance was about to reboot and the page did not refresh. I then was not able to reconnect to the the page until the update had completed, so I’m not sure if this page updates you very well to the status of the process.
After vShield manager has finished it’s own upgrade process it then needs to update the appliances that sit on each of your hosts for vShield App or Edge if you are using them. In my case I was using vShield App to test out some items. You can see from Figure 6 below that each VM had been updated and powered on VMs were suspended and updated. The process was pretty quick but does affect your VMs. I would say that this process would require some serious planning in a production environment and I would look to see if there is a method of delaying this part of the update so that you could have specific control of the timing and order of your hosts and clusters that are updated.
Lastly I looked at the vShield App device that was running on my host to see if it was restarted in the update process. After taking a quick look at the events of the VM it was not restarted (Figure 7), just appears that the update was pushed to it by vShield manager.
Now that the entire upgrade has finished you can view the updated version in the vShield manager console as show in Figure 8. You should confirm that it matches the build version of the package that you were installing.
Hopefully these steps shed some light on the process of upgrading vShield manager, but I suggest that before executing in your production environment you do some lab testing of the process yourself. To make sure that you account for things that unique to your environment.