Objective 4.3 – Upgrade Existing vCNS/NSX Implementation


  • Verify upgrade prerequisites have been met
    • Vcenter 5.5 required
    • Can only upgrade from vShield 5.5 to NSX Manager, not 6.0
  • Upgrade vCNS 5.5 to NSX 6.x
    • Download the upgrade bundle
    • From within vShield Manager, Settings & Reports, Browse and upload the file
    • Click Install and the appliance will reboot
    • Login to NSX manager to confirm the upgrade
  • Upgrade vCNS Virtual Wires to NSX Logical Switches
    • From vSphere Web Client, open Network & Security
    • Navigate to Host preparation area
    • Click “Update” – status will change from Legacy to Enabled
    • VIBS are pushed to nodes (using DRS and Maintenance Mode)
    • Install NSX Controllers and create Logical Network
  • Upgrade to NSX Components
    • Upgrade to NSX Firewall
    • Prerequisites
      • vShield Manager has been upgraded to NSX Manager.
      • Virtual wires have been upgraded to NSX Logical Switches. For non-VXLAN users, network virtualization components have been installed.
    • Procedure
      • After you update all the clusters in your infrastructure while upgrading to NSX logical switches (or installing network virtualization components), a pop up message indicates that Firewall is ready to be upgraded.
      • Click Upgrade.
      • After the upgrade is complete, the Firewall column displays Enabled.
      • Inspect each upgraded section and rule to ensure it works as intended.
    • What to do next
      • Once you upgrade firewall to NSX, you should move the grouping objects used by firewall rules to global scope. To do this, use NSX APIs to create new grouping objects with the same members and then update the relevant firewall rules with the new IDs.
  • Upgrade to NSX Edge
    • From vSphere Web Client, open Network & Security
    • Navigate to NSX Edge
    • Select Upgrade from Actions
    • Check version number and deploy status
  • Upgrade vShield Endpoint from 5.5 to 6.x
    • Log in to the vSphere Web Client.
    • Click Networking & Security and then click Installation.
    • Click the Service Deployments tab.
    • vShield Endpoint 5.5 deployments are displayed and the Installation Status column says Upgrade Available.
    • In the Installation Status column for vShield Endpoint, click the arrow next to Upgrade Available.
    • Select the Data store and Network and click OK.
  • Upgrade to NSX Data Security
    • NSX Data Security does not support a direct upgrade. You must uninstall the current Data Security software before upgrading to NSX Manager. After NSX Manager is upgraded, you can install NSX Data Security version 6.0. If you upgraded to NSX Manager without uninstalling Data Security, you must do so using a REST call.
    • Pre-NSX Data Security policies and violation reports are carried over to the vSphere Web Client, but you can run a Data Security scan only after installing NSX Data Security version 6.0.
  • Upgrade NSX Manager from 6.0 to 6.x
    • Download upgrade bundle from VMware
    • Open NSX Manager web front end, and navigate to Manage area
    • Click Upgrade
    • Wait for upgrade to finish, login and confirm version number
  • Update vSphere Clusters after NSX upgrade
    • From vSphere Web Client, open Network & Security
    • Navigate to Host preparation, and click Update (remember to post host into Maint Mode)


  • NSX Installation and Upgrade Guide
  • vSphere Web Client

One thought on “Objective 4.3 – Upgrade Existing vCNS/NSX Implementation

  1. Pingback: VMware VCP-NV NSX Study Resources | darrylcauldwell.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s