vSphere 6.7 Upgrade – PSC’s

I’ve recently upgraded our environment from vSphere 6.0 (shush, it’s still in support until March 2020). Fairly standard setup really, a couple of vCenter’s, a couple of PSC’s (to allow ELM), and several hosts. We also ran the HTML 5 Fling as nobody wants to use that god-awful web client which was forced on us for some reason. Yes, it’s been years. No, I’m not over it.

I won’t go in to how to perform the upgrade, that’s well documented and often repeated already, I’ll just point out a couple of things I noticed.

As soon as the PSC’s were upgraded, the HTML5 Fling stopped being able to authenticate new sessions – Existing sessions seemed fine. We were using version 3.42, which didn’t support vSphere 6.7. Version 4.0 was the latest release and this didn’t support vSphere 6.0. A bit of a rock and a hard place, but oh well no damage done. This is resolved in version 4.1, but this wasn’t available at the time of the PSC upgrades.

A couple of points to note. Firstly, the default TLS versions offered to clients has changed. You are warned about this during the upgrade, and told how you can re-enable the older versions if needed.

Warning that vSphere 6.7 disables TLS 1.0 and TLS 1.1 by default. However, these can be re-enabled if required.
Warning that vSphere 6.7 disables TLS 1.0 and TLS 1.1 by default.

Secondly, you’re offered the chance to take part in the Customer Experience Improvement Program.

Wizard step to join the VMware Customer Experience Improvement Program (CEIP)
Prompt to join the VMware Customer Experience Improvement Program (CEIP)

The CEIP is worth joining, as William Lam points out, this will enable additional health checks in your environment. Health checks can never be a bad thing, right?

Finally, there was a small snag which I hit that was a result of migrating from Windows PSCs to appliance based PSCs. What seemed to happen was that the DNS entries for the PSCs were scavenged as they were dynamic entries and as there was no longer a Windows server to update DNS with a message to say they were still there, the entries were dropped after about a week. When you move to an appliance based setup, make sure you have static DNS entries!

The PSC upgrades went exactly as the documentation said it would, and there was nothing particularly unexpected or surprising about anything that happened (other than DNS, but that’s my oversight more than anything). You can’t ask for more than that really.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.