VMware vSphere 8 Update 2 New Upgrade Process for vCenter Server details

Today, during VMware EXPLORE in Las Vegas, VMware will be announcing vSphere 8 Update 2, and as you know, vCenter server as a critical part of vSphere infrastructure has always been a challenge when it comes to patching. In this post we'll unveil a new way of upgrading vCenter server appliances, that with vSphere 8 Update 2, we will have a possibility to use an upgrade via migration, with a switchover. (quicker)

Many times in the past you may or may not experienced downtime due to vCenter server patching problems. As usually, VMware always recommended to have a file-level backup before starting to patch/upgrade process. But it seems that in vSphere 8 Update 2 we might see something different coming from VMware.

This process will basically reduce the downtime to the minimum compared to the usual vCenter server upgrade where you have a half an hour or more downtime, usually. The migration-based upgrade will first proceed with new vCenter server appliance deployment, and then replication of all the necessary datas from the current environment, before finally proceed with the switchover.

Update: Check also VMware vSAN 8 Update 2 with many enhancements announced.

The 5 steps process of upgrade for vCenter Server 8 Update 2 looks like this:

Mount ISO
Backup is required – check whether the file-level backup is done (if not, you'll have to proceed and do a file-level backup first)
vCenter Server Life-Cycle Manager plugin update – this is necessary as this allows orchestration of the new build to be deployed.
Configure the new VCSA appliance (even for minor patch or minor update) – you can inherit all the existing settings (or not), the size of vCenter server, the location, datastore,
Upgrade – first, the Prepare upgrade stage is executed (temporary IP, temporary location…), and then the Switchover stage, where the services are briefly stopped, and all the identity is switched over to the new appliance (vCenter ID, IP address, FQDN etc…)and new services are started, and you're back to business. It'll take 3 to 5 min for the services to start up and that's the only period of downtime!

Note: You'll still have a choice whether to use the traditional upgrade method or the new, migration based method. VMware is not planning to phase out or remove the traditional method of patching.

The overview looks like this, screenshot from VMware briefing.

Interesting fact is that you can use this method starting VCSA 8 (you don't have to be on the U1 for example to start using the migration method to migrate to U2).

Note: this initial release of the new upgrade method does not support Enhanced Linked Mode (ELM) architectures, and also, the on-prem version does not support HA instances either.

Resilient vCenter Patching

Another feature which we'll highlight in this blog post is very interesting because it is able to recover quickly from patch failure. VMware is still working on some naming for this feature, so don't be surprised that you'll see some different wording on the final vCenter Server 8 Update 2 release when it will come out.

Basically, you'll be able to proceed with upgrade even if you don't have file-level base backup. You can click ignore. If you do have a backup, you'll be able to see when this last backup was taken. You'll have the choice to backup just before the patching if your backup scheduler was set to proceed with backup too many days before today.

So if you don't have a file-level backup or VM backup (or VM snapshot), VMware is still proceeding with an automatic, Logical Volume Manager (LVM), which is an OS level snapshot, during the patching process.

The screen looks like this…

When (if) there is a patch failure, you'll have a possibility to Rollback to the last vCenter backup version.

Note: if there is a VM snapshot, the LVM snapshot is done anyway.

Non-Disruptive Certificate Management

In the vSphere 8 Update 2 there is a new way to change certificates without restarting the vCenter services.

Restore from Backup

When you're taking backup, you have a point-in-time of a situation. BUT, if there is a new network created or new VMs has been created, new hosts may have been added (removed). So, when the backup has been restored, there will be some elements missing, right?

In vSphere 8, VMware has introduced a Key Value Store that lives on the host and when vCenter is restored from backup, it recognizes this information. The cluster has more information than the restored vCenter. Information about hosts membership and distributed switch information.

Now when vCenter is restored from backup, the current vDS information found on the hosts, is automatically pushed back to the fresh restored vCenter. The process looks like this.

So you should not have any incontinences about vDS or host presence in cluster dis-information. It also supports NSX segments and port groups if you have NSX installed within your environment.

vSphere 8 Federation with Entra ID/Azure AD

An additional option of identity federation option, to already other different options (OKTA, Microsoft ADFS, Microsoft AD over LDAPS)

If you're not familiar yet with this kind of identity federation method, here is how it basically works. When you try to login to vCenter, the vCenter server never sees the user's credentials, and you're basically redirected to the federation authentication provider's portal, you enter you authentication, and then you're redirected back to vCenter server.

It reduces vCenter potential attack surface.

Enhanced vSAN Witness Support

vLCM lifecycle management support is expanded in vSphere 8 Update 2 and will be able to manage the image of vSAN witness nodes independent of the vSAN cluster. It will support shared witness nodes.

It means that you can have a witness nodes that are shared for several clusters with different builds.

vSphere Configuration Profiles with a possibility to Edit and apply configuration

vSphere configuration profiles introduced in vSphere 8 will now have a possibility to Edit and apply configuration within the UI. The initial release introduced in vSphere 8 had only a possibility toe export the config as a json file. You had to do the edits separately before re-importing the file back. With vSphere 8 U2 this workflow will be possible within the vSphere client UI directly.

As an example we can see the possibility of editing a value (NTP settings in this example).

Small change for Windows Guest Customization

You can now specify the Microsoft Active Directory (AD) Organization Unit path (OU). Previously this had to be scripted.

Descriptive Error messages when files gets locked

You know, it happens that your VM files get locked. Normally, to find which file and its location, you have issue some CLI commands to get further details. It can happens after a storage outage or so.

More vendors for DPU compatible systems

First there was HP and Dell, with U1 it was Lenovo. Now with U2, there is also a Fujitsu on the board.

Improvement of placement for GPU Workloads

There is a new improvement to GPU enabled VMs. While DRS will do the initial placement of workloads, it wasn't a smart placement. Also, DRS would not balance the vGPU enabled VMs. With the vSphere 8 Update 2, the system has changed and now.

When you have a situation where you have 3 hosts with 4 GPU each. There are VMs with 2 vGPUs running on those hosts and we have a new VM with 4 vGPUs comming to the environment. The system will detect it and “make space” for this VM by moving one of those 2vGPU VMs to another host.

Also, another new feature is the give the administrators a possibility to view the Estimated Stun Time…..

You can specify that VMs, for example, that have stun time under 10 sec, they will have the possibility to be moved by DRS to another host. Any VMs greater than 10 sec will be disallowed the vMotion and DRS.

VMware vSphere 8 Update 2 New Upgrade Process for vCenter Server details