The information below is a living document about the use of VMware’s NSX. As always, double-check the official documentation as this page may be out of date over time.

General Notes

• NSX 6.3.3 converts controllers to Photon OS

NSX Checks

How to check the NSX Controller Status
Login to the console or SSH directly to each controller:

show control-cluster status

• Join status should be Join Complete
• Majority Status should be Connected to cluster majority
• Cluster ID should be equal on all nodes in the cluster.
• Configured Status should all be enabled
• Active Status should all be activated

Upgrade Order and Notes

1. Upgrade other components (View/PSC/VRA/VCM/VRB/VCD). Check the official VMware update sequence KB.
2. Upgrade NSX Manager
   • Upgraded with an update tar file by connecting directly to https on the NSX manager VM. There’s an update option within there. Be sure to restart the vSphere Web Client service so the new NSX web client plugin is updated.
3. Upgrade NSX Controller Cluster
   • vCenter Web Client – Home – Networking & Security – Installation – Management tab. Click Upgrade Available in the Controller Cluster Status.
4. Upgrade other components (VDP/vCenter/vRO/VR/VUM/vROPs/VIN/vCC/vRLI/BDE/SRM/ESXi). Check the official VMware update sequence KB.
5. Upgrade NSX Host Cluster agents on ESXi
   • vCenter Web Client – Home – Networking & Security – Installation – Host preparation Tab. For each cluster click Upgrade Available.
   • Check the status as you may need to maintenance mode the hosts and/or reboot them after the vibs are updated.
6. Upgrade other components (vSAN/VMware Tools).Check the official VMware update sequence KB.
7. Upgrade NSX Edges (Older NSX 6.0.x L2 VPN Config must be deleted before upgraded)
   • vCenter Web Client – Home – Networking & Security – NSX Edges. For each Edge select Actions menu, then Upgrade Version.
8. Upgrade NSX LFw, NSX Guest IDS, View Agent and Clients/vRLI Agents
   • Guest Introspection
   • vCenter Web Client – Home – Networking & Security – Installation – Service Deployments. Click the Upgrade icon on deployment you want to upgrade.
   • Once upgraded you can upgrade partner solutions if needed.
9. Upgrade NSX SSL VPN Clients if needed (Starting 6.2.3 TLS 1.0 deprecated so clients may need upgraded)
10. Post Install
    1. Create a backup of NSX Manager within its https interface.
    2. Check VIBs on ESXi hosts

esxcli software vib get --vibname esx-vxlan

esxcli software vib get --vibname esx-vsip

1. If guest introspection is installed

esxcli software vib get --vibname epsec-mux

1. Resynch the host message bus

URL : https://<nsx-mgr-ip>/api/4.0/firewall/forceSync/<host-id>
HTTP Method : POST
Headers:
Authorization : base64encoded value of username password
Accept : application/xml
Content-Type : application/xml

Sources

• VMware NSX for vSphere 6.3 – Upgrade the NSX Controller Cluster
• Update Sequence for vSphere 6.5 and its compatible VMware products (2147289)