Upgrading VMware Horizon is going to be a fun task for the weekend. It means upgrading 3 connection servers, a security server, the vcenter server and the composer server. This is all so we can disable SSLv3 on the ESXi hosts they all run on.
Migration was originally planned from 5.3 to 6.2, as this is the earliest version that resolves the SSLv3 problem. But if we’re going to have to upgrade, why not go all the way to v7?
There’s lot’s of help and instruction to be had on the net on how to plan and deploy, but the plan we’re aiming for gives us an easy backout plan that then resolves all of the version upgrades required by Windows and MSSQL on the current infrastructure.
The plan is simply to turn off the old systems, reinstall new ones and migrate data. This way if we need to chicken out we turn off all the new and turn on all the old. So all the new servers will have the same IP addresses and names as the ones they are replacing. This way we have no concerns about the various firewalls and rules that relate to Horizon.
Plan of attack
- Install 6 new virtual servers with Windows 2012R2
- Install a new v7 connection server as a replica server to be able to manage Horizon from
- Turn off the Windows 2008 security server
- Turn off the Windows 2008 connection servers
- Check composer server by managing Horizon using the “new” connection server
- Stop composer and database services on composer server*
- Take a snap shot of the composer server
- Restart the composer and database services on composer server
- Run the v7 upgrade of composer services on the composer server
- Test the new composer services using the connection server
- Stop the composer services (leave database running)
- Backup the composer database putting it somewhere safe
- Turn off the composer server
- Bring up a new Windows server for composer
- Install MSSQL 2012 onto “new” composer server
- Install v7 composer services
- Restore composer database backup to new server
- Test the new composer server and services using the connection server
- Use the VMware migration tool to migrate the Windows vcenter server to a vcenter appliance
- Turn off the Windows vcenter server
- Install the remaining connection servers
- Install the security server
All being well everything should be pretty much live. Now all that needs taking care of is VMware tools on the gold images and the Group Policy ADM updates.
The certificate on the security server needs to be an external certificate with a friendly name of “vdm”
The certificate on the composer server can be an internal certificate and has a friendly name of “vrm”
- We’ve decided that as we only operate 4 pools from 4 “gold” images that we’re just going to drop the existing composer server from the configuration and install a new v7 one. Then just recreate the pools based on the settings we have from the existing pools.
Update sequence for vSphere 6.0 https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2109760
Migrating composer database https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2051921
Upgrading to Horizon 6.0 https://elgwhoppo.com/2014/09/07/upgrading-to-horizon-6-part-1-prepwork/