vSphere 6.7 clean install or upgrade

Your vSphere environment has been around for a few years now and you may have upgraded it all the way from v3 to the latest v6.
Technology both hardware and software have changed so much, with the introduction of many new features that were not around from your original vSphere environment. Added onto that VMware depreciating vSphere Clients in favour of HTML5, going forwards the discontinuation of the Windows based VCSA, and we’ve not even got to the changes to SAN and LAN technologies, all mean that it can be difficult to know on which path to take, upgrade? Or a fresh install?

vSphere 6.7 has many new features that you may have been waiting for such as Quick Boot and Singe Reboot Upgrades which you can read about in one of our other posts,or see below for the key updates, my favourite being Virtual Trusted Platform Modules (vTPM) which performs cryptographic encryption (AES-XTS-256) at the software level (vTPM data being written to the .nvram file), which is much faster than hardware TPM and allows us to get around a number of challenges in a vMotion scenario, meaning we can have an encrypted VM that has the same mobility as an unencrypted VM.

The upgrade path many not be as straight forward as you think, with multiple hops required from 5.5 as you might expect, just to get to v6.5 can be a complicated route.  For this reason it is increasing popular and easier to build a new 6.5 or 6.7 VCSA, and migrate your hosts and VMs over the traditional upgrade.

Each customer has different requirements, environments, change processes etc, so if you decide to upgrade, then you would have to go through the  following process.

One of the main considerations in my opinion about how to handle the Platform Service Controller (PSC)s in your environment as a lot has changed, even between 6.5 and 6.7.  You cannot have embedded PSCs in enhanced linked mode on 6.5 for instance, where as this is possible in 6.7.

Other considerations include:

• No direct upgrade path from vSphere 5.5 to vSphere 6.7
• vSphere 6.0 is the minimum version that can be upgraded to vSphere 6.7
• vSphere 6.7 is the final release that requires customers to specify SSO sites. If you are upgrading from vSphere 5.5, topology changes and SSO Domain Consolidation is supported but must be done so BEFORE upgrading to vSphere 6.x
• vSphere 6.7 TLS 1.2 is enabled by default and is the only option at this time. TLS 1.0 and TLS 1.1 are disabled by default
• In vSphere 6.5 and 6.7, VMFS6 is 4K aligned, meaning you cannot upgrade a VMFS5 datastore inline or offline to VMFS6.  Data needs t o be migrated from VMFS5 to VMFS6 (KB2147824)
• The vSphere 6.7 release is the final release of vCenter Server for Windows. Adios to vCenter Server for Windows
• vCenter Server 6.7 does not support host profiles with version less than 6.0 (See KB52932)
• vCenter Server 6.7 supports Enhanced Linked Mode with an Embedded PSC as mentioned above (Greenfield deployments only)
• At the time of writing (I’m fairly sure this will change) vSphere 6.7 is not compatible with VMware Horizon, NSX, VIO or VIC.  A shameless plug that you can read more about VIO or VIC in our previous posts, these are amongst our favourite products topics right now

It is just my own opinion but I feel the easiest way forward would be to do a clean install of vSphere 6.7, and then purely detach the Virtual Machine from one environment and reattach it to your new 6.7 environment.  You retain your old vCenter should you need to roll back and you can start fresh.  To do this the following process should be followed:

The main benefits of this is that you can build a new clean parallel environment and not have to do a big bang upgrade it can be phased in and migrated over time. This new environment would have the VCSA as a virtual appliance and less complicated security polices using the new features of 6.7 to make your environment more flexible for the future whether is hosted onsite or in the public cloud.