Within an organization, there are many people involved in keeping systems secure, well-maintained and up and running....
From the CIO to the system administrators, each person has her own agenda when it comes to whether or not to upgrade. There are financial reasons, technical reasons, security reasons and political reasons. Ultimately, it all boils down to this: Do users still get what they want and what they need?
In this article we'll discuss why it's generally a good idea to upgrade to newer releases. We'll focus on VMware in particular, with attention to what to keep in mind and where to find information about specific VMware upgrades.
When is upgrading the right choice?
When deciding whether or not to upgrade, many system admins go by the old platitude, "If it's not broke, don't fix it." It's a valid line of thinking -- after all, if your system is working, why change anything?
If your Windows XP desktop is still functioning well and your ESXi 3.5 hypervisor is still doing its job without issue, why upgrade?
In the two instances mentioned, you might want to upgrade for the sake of security and support. Older systems become more vulnerable to security threats, and since vendors will, at some point in time, stop supporting the software -- including no longer creating security patches -- the chance of a security breach increases. Also, if you continue to run older software or hardware versions that vendors no longer support, you'll inevitably run into technical problems without the means to fix them. Due to this, it's usually best to upgrade software to a newer version. Not only does it keep your environment more secure and supported, there's a fair chance that with newer software you will be able to provide users with better performance and new features they can benefit from.
Money may also factor into whether or not you choose to upgrade. Many major upgrades include licensing costs, and depending on your support, subscription and the number of servers or VMs, the price can really add up. However, a security breach could end up being more costly -- not necessarily in terms of money -- than the upgrade price tag.
In these situations, the decision of whether or not to upgrade is usually made at a higher level in the organization. The time investment for a major upgrade will also be significant, which has financial impact. For minor upgrades, also known as updates, there are no licensing costs and the financial impact of the work involved is usually covered from the normal operations expenditures.
New installations vs. upgrades
Some administrators will swear by performing new installations, while other will always lobby for in-place upgrades. Both methods have their pros and cons. With a new installation, there are no proverbial skeletons in the closet to set you back.
On the other hand, they require more work involved because you need to recreate the entire configuration of features in the new version based on the documentation of the current version. Of course, if your documentation is up to date this shouldn't be too much of a problem. Administrators with experience creating configuration scripts should have no issue with a new installation.
When it comes to managing time efficiently, an in-place upgrade is the more obvious choice, but they come with added risks -- upgrades can be temperamental, and complex systems with dependencies tend to have more problems that can affect the upgrade process.
Major vs. minor VMware upgrades
If you've chosen to upgrade rather than go for a new installation, the next thing to take into consideration is whether you should install a major or minor upgrade.
For example, should you stick with vSphere 6.0, or upgrade to version 6.2? Should you keep using Horizon 7.0, or upgrade to 7.0.1? Based on system administrative experience, it's better to keep your system up to date with both major and minor versions. Minor VMware upgrades help make major upgrades easier because they help bridge the gap between your current version and the latest product release. For example, vRealize Automation (vRA) only allows you to upgrade to version 7.0 from version 6.2.1 or higher. There's also a fair chance that new, in-demand features can only be accessed through the latest version of the software.
As with installations, you shouldn't always be on the bleeding edge when it comes to upgrades. It's not a bad idea to wait a few weeks or even months after the release of a new version before implementing it in your environment. This delay can help you avoid issues, since it gives programmers time to work out any kinks in the software. The exception to this rule, however, is security patches, which are so significant that you'll want to deploy them as soon as possible.
Do your due diligence
The most important part of planning an upgrade is doing your due diligence prior to installation. This way you know what your opportunities are well in advance and can identify any vulnerabilities in your plan.
Many organizations have a change management process that requires administrators to not only conduct research while planning, but also document their work so that others can evaluate their plan and decide whether or not to go through with the upgrade or installation. You should also create documentation for what you intend to do if the upgrade fails -- do you have a fallback plan?
When completing VMware upgrades, investigate your possibilities carefully. Some components cannot be updated until you've first upgraded other components. When the number of VMware products installed in your environment increases, the complexity of your upgrades also increases.
There are, of course, dependencies between ESXi and vCenter, but there are also dependencies between vCenter Server and products such as Horizon View, vRA and NSX. Due to this, you might want to run multiple vCenter Server when designing a VMware environment. VMware offers excellent documentation on how certain upgrades should be performed and in what order, as well as information about hardware and software dependencies. VMware also has Product Interoperability Matrixes to help identify whether your other components are compatible.
VMware also provides a few helpful Knowledge Base (KB) articles specific to vSphere that explain the order in which you should conduct VMware upgrades. There are separate articles for versions 5 through 6. Be sure to check the article related to the version of vSphere you're running to make sure you have taken the appropriate steps before upgrading.
The following is an example from the vSphere 6 upgrade KB:
If you have the vRealize Automation solution installed in your environment, the supported patch update sequence is:
- If applicable, upgrade the External vCenter Single Sign-On instance (sequence step 1)
- Upgrade vRealize Automation Center (sequence step 2)
- Upgrade vRealize Automation Application Services (sequence step 3)
- Update vCenter Server (sequence step 7)
- Update ESXi (sequence step 10)
This means that you should upgrade the Platform Services Controller prior to updating vRA to version 6. This does not apply to vRA version 7, as it employs a different Identity Management Solution. This shows how important it is to always check the compatibility matrix for your product and identify what the dependencies are with other VMware products.
Why is change management essential for disaster recovery?
How to keep your vSphere upgrade on time and on budget
Explore the politics of the clean install