vShield App Upgrade Tips for the Paranoid*

 

If you haven’t yet upgraded vShield App to version 5.1.2, here are a few tips not included in the instructions that could save you some pain during the process.

Before you do anything, the obvious first step would be to snapshot your vShield Manager VM.

Right after that, I recommend going in and setting the FailSafe policy to Allow.

 

 

This setting ensures that if the vShield Manager is not available, or has failed, go ahead and allow all traffic.  If you’re in an environment where security is absolutely paramount, and this setting is unacceptable, you will want to ensure you have a maintenance window that would allow for the loss of connectivity in case of problems.

This next step may be unnecessary, but if you weren’t paranoid, you wouldn’t have read this far.  😉

I go to every host and force a resync in vShield Manager so that the service VM knows about the setting I just changed.

 

 

Now you’re ready to start the upgrade procedures on page 37 of the vShield Installation and Upgrade Guide.

Once you get your vShield Manager upgraded, go ahead and test an update on a host.  Once it finishes, migrate a VM back to it while pinging, to ensure connectivity is there.  If it’s successful, finish the rest of your hosts.

You can do multiple hosts at once, but sometimes the web client can be unreliable, so I recommend opening multiple browser windows if you’re going to do multiple host updates simultaneously.

Make sure you wait until the first host is already into maintenance mode before starting a subsequent one.  This will ensure you don’t have any conflicts where a VM is trying to migrate to a host going INTO maintenance mode.  Here’s a pic showing what I’m talking about.

 

 

 

*Disclaimer: Author makes no inference that the reader has any actual psychological disorder, nor does the author intend any slight or affront to actual patients being treated for paranoia.  Author is merely inferring that if one has been in IT long enough, in an environment where downtime is measured in dollars, one could be considered to have the characteristics of the aforementioned patients.  Author is not engaged in practicing mental health, dispensing, or prescribing actual mental health conditions.  Virtual Insanity, its principals, and their employers are not responsible for the content of this blog post.  Please drink responsibly.  Qualified buyers only.  I crack myself up.  Use only as directed.  Restrictions may apply.

Leave a Reply

Your email address will not be published. Required fields are marked *