The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Complete this section before upgrading the VSM software.
The upgrade process is irrevocable. After the software is upgraded, you can downgrade by removing the current installation and reinstalling the software.
Determine the edition of the Cisco Nexus 1000V by using the show switch edition command. Based on the edition, see the following sections:
The upgrade to a current release is supported in the Essential edition. For more information, see the Cisco Nexus 1000V for Microsoft Hyper-V License Configuration Guide.
If you are upgrading the Cisco Nexus 1000V software from Release 5.2(1)SM1(5.1) to the current release:
If you are upgrading the software from Release 5.2(1)SM1(5.2) or later, see Figure 2-1 to check the license details after the upgrade.
Note For information on obtaining a replacement for the Cisco Nexus 1000V Multi-Hypervisor licenses, see “Rehosting a License on a Different VSM” in the Cisco Nexus 1000V for Microsoft Hyper-V License Configuration Guide.
Note The license count is counted as one for each CPU socket.
Figure 2-1 Licensing and Upgrade
Upgrading the VEM software has the following prerequisites:
1. The VSM and virtual switch extension manager (VSEM) need to be upgraded to the current release before you upgrade the VEM software.
– To upgrade the VSM, see Upgrading the VSM to the Current Release.
– To upgrade the VSEM, see Upgrading the Cisco VSEM to the Current Release.
2. You have already obtained a copy of the VEM software file.
3. You have Windows Server 2012 R2 hosts with Microsoft Hotfix KB3014795 applied. For more information, see http://support.microsoft.com/kb/3014795/en-us.
Table 2-1 lists the upgrade paths from the Cisco Nexus 1000V software releases.
|
|
---|---|
Before upgrading to Cisco Nexus 1000V Release 5.2(1)SM3(1.1), ensure that the target environment has Windows 2012 R2 hosts managed by SCVMM 2012 R2. Additionally, make sure that all relevant patches from Microsoft are installed on Windows hosts.
If SCVMM 2012 SP1 is installed, then you need to upgrade it to SCVMM 2012 R2.
If the target setup consists of Windows Server 2012 host, you must uninstall VEM before proceeding.
Upgrade SCVMM 2012 SP1 to SCVMM 2012 R2 by retaining the VMM database from the System Center 2012 SP1 deployment.
Refer to http://technet.microsoft.com/en-us/library/dn469609.aspx for additional details.
Step 1 Uninstall the existing Cisco Nexus 1000V VSEM provider.
Note The uninstallation restarts the SCVMM service.
Step 2 Reinstall the previous Cisco Nexus 1000V VSEM provider.
Note The installation restarts the SCVMM service.
Step 3 Verify that the Cisco provider is installed correctly:
b. Navigate to Settings workspace.
c. On the Settings pane, click Configuration Providers.
d. Verify that the Cisco Systems Nexus 1000V extension is displayed.
Step 4 Refresh the Cisco Nexus 1000V Extension Manager:
b. Navigate to Fabric workspace. On the Fabric pane, expand Networking, and click Switch Extension Manager. If the SCVMM version is 2012 R2, click Network Service instead of Switch Extension Manager.
c. In the results pane, right-click Cisco Systems Nexus 1000V extension and choose Refresh.
Microsoft does not support an upgrade of the third-party extension—for example, Cisco Nexus 1000V VEM—while upgrading Windows Server 2012 to Windows Server 2012 R2. Therefore, you must uninstall Cisco Nexus 1000V VEM before upgrading the host. Later, add the upgraded host to the logical switch after upgrading VSM and VSEM to the current release.
Refer to http://technet.microsoft.com/en-us/library/dn303416.aspx for additional details.
For prerequisites to upgrade the VSM, see Prerequisites for Upgrading the VSM Software. This section includes the following topics:
The software image install procedure depends on the following factors:
Note Performing an In-Service Software Upgrade (ISSU) from Cisco Nexus 1000V Release 5.2(1)SM1(5.1) to the current release of Cisco Nexus 1000V using ISO files is not supported. You must use the kickstart and system files to perform an ISSU upgrade to the current release of Cisco Nexus 1000V.
The Cisco Nexus 1000V software supports in-service software upgrades (ISSUs) for systems with dual VSMs. An ISSU can update the software images on your switch without disrupting data traffic. Only control traffic is disrupted. If an ISSU causes a disruption of data traffic, the Cisco Nexus 1000V software warns you before proceeding so that you can stop the upgrade and reschedule it to a time that minimizes the impact on your network.
Note On systems with dual VSMs, you should have access to the console of both VSMs to maintain connectivity when the switchover occurs during upgrades. If you are performing the upgrade over Secure Shell (SSH) or Telnet, the connection will drop when the system switchover occurs, and you must reestablish the connection.
Figure 2-2 displays the ISSU process.
Figure 2-3 provides an example of the VSM status before and after an ISSU switchover.
Figure 2-3 Example of an ISSU VSM Switchover
The install all command supports an in-service software upgrade (ISSU) on dual VSMs in an HA environment and performs the following actions:
The install all command provides the following benefits:
– After a switchover process, you can see the progress from both the VSMs.
– Before a switchover process, you can see the progress only from the active VSM.
After running the install all command, if any step in the sequence fails, the command completes the step in progress and ends.
Depending on the redundancy status of the VSM, the upgrade procedure differs. The redundancy status of VSM can be determined by the show system redundancy status command.
To upgrade the VSMs in an HA pair using the ISSU process, perform the following steps:
Step 1 Choose and download the Cisco Nexus 1000V zip file and extract the kickstart and system software files to a server.
Step 2 Log in to the active VSM.
Step 3 Ensure that the required space is available for the image file(s) to be copied.
Tip We recommend that you have the kickstart and system image files for at least one previous release of the Cisco Nexus 1000V software on the system to use if the new image files do not load successfully.
Step 4 Verify that there is space available on the standby VSM by entering the dir bootflash://sup-standby/ command.
Step 5 Verify that there is space available on the standby VSM.
Step 6 Delete any unnecessary files to make space available if you need more space on the standby VSM.
Step 7 If you plan to install the images from the bootflash:, copy the Cisco Nexus 1000V kickstart and system images to the active VSM by using a transfer protocol. You can use ftp:, tftp:, scp:, or sftp:. The examples in this procedure copies a kickstart and system image using tftp:.
Step 8 Verify the ISSU upgrade for the kickstart and system images
Step 9 Determine if the Cisco VSG is configured in the deployment using the show nsc-pa status command.
Note If the VSM version is 5.2(1)SM1(5.1), use the command show vnm-pa status instead of show nsc-pa status.
Note If the output shows a successful installation, the Cisco VSG is configured. You must follow the upgrade procedure in the Cisco VSG for Microsoft Hyper-V, Release 5.2(1)VSG2(1.2b) and Cisco Prime NSC, Release 3.4 Installation and Upgrade Guide and later continue to next step. If the output shows that the policy agent did not install, continue to next step.
Step 10 Save the running configuration to startup configuration, bootflash:, and to an external location.
a. Save the running configuration to a startup configuration using c opy running-config startup-config.
b. Save the running configuration to bootflash: using copy running-config bootflash:run-cfg-backup.
c. Save the running configuration to external location using copy running-config tftp://external_backup_location.
Step 11 Perform the upgrade on the active VSM by using the following command:
Step 12 Continue with the installation by pressing Y.
Note If you press N, the installation exits gracefully.
Note As a part of the upgrade process, the standby VSM is reloaded with new images. After it becomes the HA standby, the upgrade process initiates a switchover. The upgrade then continues from the new active VSM.
Step 13 After the installation operation completes, log in and verify that the switch is running the required software version by using the show version command.
Step 14 Copy the running configuration to the startup configuration by using the copy running-config startup-config command.
Step 15 Display the log for the last installation by entering the following commands.
Note If the command show install all status does not exit automatically while the installation is in progress, use Ctrl+C to exit.
The system with a single/standalone VSM can only be upgraded in a disruptive manner using the install all command.
To upgrade the standalone VSM, perform the following steps:
Step 1 Choose and download the Cisco Nexus 1000V zip file and extract the kickstart and system software files to a server. For more information, see Downloading the Cisco Nexus 1000V Package.
Step 3 If you plan to install the images from the bootflash:, copy the Cisco Nexus 1000V kickstart and system images to the active VSM by using a transfer protocol. You can use ftp, tftp, scp, or sftp. The examples in this procedure copy a kickstart and system image using tftp.
Step 4 Determine the VSM status using the show system redundancy status command.
Step 5 Verify the ISSU upgrade for the kickstart and system images.
Step 6 Determine if the Cisco VSG is configured in the deployment using the show nsc-pa status command.
Note If the VSM version is 5.2(1)SM1(5.1), use the command show vnm-pa status instead of show nsc-pa status.
Note If the output shows a successful installation, the Cisco VSG is configured. You must follow the upgrade procedure in the Cisco VSG for Microsoft Hyper-V, Release 5.2(1)VSG2(1.2b) and Cisco Prime NSC, Release 3.4 Installation and Upgrade Guide and later continue to next step. If the output shows that the policy agent did not install, continue to next step.
Step 7 Save the running configuration to startup configuration, bootflash:, and to an external location.
a. Save the running configuration to a startup configuration using c opy running-config startup-config command.
b. Save the running configuration to bootflash: using the copy running-config bootflash:run-cfg-backup command.
c. Save the running configuration to external location using the copy running-config tftp://external_backup_location command.
Step 8 Perform the upgrade on the standalone VSM using the following command:
Step 9 Continue with the installation by pressing Y.
Note If you press N, the installation exits gracefully.
Step 10 After the installation operation completes, log in and verify that the switch is running the required software version by using the show version command.
Step 11 Copy the running configuration to the startup configuration using the copy running-config startup-config command.
Step 12 Enter the following commands to display the log of the previous installation:
Note If the command show install all status does not exit automatically while the installation is in progress, use Ctrl+C to exit.
This section applies only if the VSG is configured in deployment. To determine whether VSG is deployed, run the command show nsc-pa status.
Note If the VSM version is 5.2(1)SM1(5.1), use the command show vnm-pa status instead of show nsc-pa status.
If the output displays a successful installation, you must reregister the policy agent after upgrading the Cisco VSM.
Step 1 Log in to the active VSM.
Step 2 Check the current policy agent version.
Step 3 Copy the PNSC-PA file to bootflash.
Note Determine the file version from the filename and if it is a higher version than the currently installed version, proceed to next step.
Step 4 Enter the configuration mode.
Step 5 Unregister the old policy agent from VSG.
Step 6 Register the new policy agent.
Step 7 Copy the current running configuration to the startup configuration.
Step 8 Verify the updated policy agent version.
This section describes the procedure for upgrading the Cisco VSEM Provider MSI package on the SCVMM server.
To upgrade the Cisco VSEM, perform the following steps:
Step 1 Install the Nexus1000V-NetworkServiceProvider-5.2.1.SM3.1.1.0.msi from the Cisco Nexus1000V zip location on the SCVMM Server.
The installation restarts the SCVMM service.
Step 2 Verify that the Cisco VSEM provider is installed correctly:
b. Navigate to Settings workspace.
c. On the Settings pane, click Configuration Providers.
d. Verify that the Cisco Systems Nexus 1000V - version 2 extension is displayed.
Step 3 Execute the Upgrade-Nexus1000V-Provider.ps1 script to upgrade the Cisco VSEM. On the SCVMM server, the script is located at %ProgramFiles%\Cisco\Nexus1000V\V2\Scripts\ProviderUpgrade. For example, C:\Program Files\Cisco\Nexus1000V\V2\Scripts\ProviderUpgrade. It requires the following inputs as parameters:
– IP address for the Cisco Nexus 1000V VSM
– Username for the Cisco Nexus 1000V VSM
– Password for the Cisco Nexus 1000V VSM
Below is a sample snapshot of the VEM upgrade script:
Step 4 Verify that the Cisco VSEM provider is upgraded correctly:
b. Navigate to the Fabric workspace. On the Fabric pane, expand Networking, and click Network Service.
c. In the Results pane, click the corresponding Cisco Systems Nexus 1000V extension and verify that Cisco Systems Nexus 1000V – Version 2 is displayed in the Provider column.
Step 5 Refresh the Cisco Nexus 1000V Extension Manager:
b. Navigate to the Fabric workspace. On the Fabric pane, expand Networking, and click Network Services.
c. In the Results pane, right-click Cisco Systems Nexus 1000V extension and choose Refresh.
For prerequisites to upgrade the VEM, see Prerequisites for Upgrading the VEM Software. You must complete the following procedures before upgrading the VEM software:
Figure 2-4 displays the VEM upgrade workflow using the WSUS server.
Figure 2-4 Cisco Nexus 1000V VEM Upgrade Workflow
1. Downloading the Cisco Nexus 1000V package.
2. Preparing the Windows Server Update Services (WSUS) Server.
To prepare the WSUS, perform the following steps:
Step 1 Enable and configure the WSUS role on a Windows Server 2012 machine.
For more information, see http://technet.microsoft.com/en-us/library/hh852340.aspx.
Step 2 Install the System Center Update Publisher 2011 (SCUP) on the WSUS server.
For more information, see http://technet.microsoft.com/en-us/library/hh134775.aspx.
Step 3 Generate a self-signed WSUS certificate via the SCUP:
a. Run the SCUP 2011 as a network administrator.
b. Click the Options icon in the upper left corner and then click Options.
c. Check the Enable publishing to an update server check box for Updates Publisher 2011 to publish all software updates.
d. Click the Connect to a local update server radio button as the SCUP was installed locally on the WSUS server.
e. Click Test Connection to validate that the WSUS server name and the port settings are valid.
f. If the connection succeeded, click Create. This creates a new certificate.
g. In the Test Connection dialog box, click OK.
h. In the System Center Updates Publisher Options dialog box, click OK.
Step 4 Configure the certificate store on the WSUS server using the following steps:
For more information, see http://technet.microsoft.com/en-us/library/hh134732.aspx.
a. On the WSUS server, click Start, click Run, and then enter MMC in the text box.
b. Click OK to open the Microsoft Management Console (MMC).
c. Click File and then click Add/Remove Snap-in.
d. In the Add or Remove Snap-ins dialog box, select Certificates and click Add.
e. In the Certificates snap-in dialog box, select Computer account and click Next.
f. Click the Local computer radio button and click Finish.
g. Click OK on the Add or Remove Snap-ins dialog box.
h. On MMC, expand Certificates (Local Computer), expand WSUS, and click Certificates.
i. In the results pane, right-click the desired certificate, click All Tasks, and click Export.
j. In the Certificate Export wizard, use the default settings to create an export file with the name and location specified in the wizard.
k. Right-click Trusted Publishers, click All Tasks, and click Import. Complete the Certificate Import wizard using the exported file from step j .
l. Right-click Trusted Root Certification Authorities, click All Tasks, and click Import. Complete the Certificate Import wizard using the exported file from step j .
Step 5 Copy the VEM MSI file to the local directory on the WSUS server.
Step 6 Publish the VEM MSI file to the WSUS server using the provided PowerShell script.
Step 7 Verify that the MSI published correctly using the following script:
Step 1 Copy the previously exported certificate that was exported earlier (see step 4 j ) to the local directory of the active directory (AD) server.
Step 2 On the AD server, click the Tools tab of the Server Manager, and select Group Policy Management.
Step 3 Do the following to create a new Group Policy Object:
a. In the console tree, navigate to <Forest name>/Domains/<Domain name>/Group Policy Objects and right-click to select New.
b. In the New GPO dialog box, enter a name for the new GPO, and click OK.
c. To link the newly created GPO, navigate to <Forest name>/Domains/<Domain name> and select Link and Existing GPO.
d. From the results pane of the Group Policy Objects in the Select GPO dialog box, select the GPO, and click OK.
Step 4 Navigate to the newly created GPO in <Forest name>/Domains/<Domain name> and right-click to select Edit to open a policy in tje Group Policy Management Editor. Modify the following settings:
a. Windows Update Group Policy settings:
Navigate to Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Update location and modify the following settings for:
1. Specify intranet Microsoft update service location:
– Select Specify intranet Microsoft update service location and right-click to select Edit. Click the Enabled radio button. Navigate to Options>Set the intranet update service for detecting updates and Options>Set the intranet statistics server and enter the location of local update server; for example, http://wsus-2012. Click Apply and click OK.
2. Allow signed updates from an intranet Microsoft update service location:
– Select Allow signed updates from an intranet Microsoft update service location and right-click to select Edit. Click the Enabled radio button. Click Apply and click OK.
b. Public Key Policies Group Policy settings:
Deploy the WSUS Publishers Self-signed certificate to Trusted Publishers and Trusted Root Certification Authorities certificate stores of Public Key Policies of the newly created GPO.
1. On the AD server, using the Group Policy Management Editor, navigate to Computer Configuration\Policies\Windows Settings\Security Settings\Public Key policies of the newly created GPO.
2. Right-click Trusted Publishers, click All Tasks, and click Import. Complete the Certificate Import wizard using the file from Step 1 .
3. Right-click Trusted Root Certification Authorities, click All Tasks, and click Import. Complete the Certificate Import wizard using the file from Step 1 .
Step 5 Identify the hosts on which the VEM upgrade is needed and enter the gpupdate command using an elevated command prompt. This applies the group policy settings to the hosts immediately.
Step 1 Add the WSUS server to the VMM:
a. On the VMM console, in the Fabric workspace, choose the Home tab. Click Add Resources and click Update Server.
b. In the Add Windows Server Update Services Server dialog box, enter the name of the Update server in the Computer name field. Specify the WSUS TCP/IP port in the TCP/IP port field. The default value is 8530.
c. Use or create a Run As account that has administrative rights on the WSUS server.
d. In the Add Windows Server Update Services Server dialog wizard, select Add.
Step 2 Create a new baseline for the Cisco Nexus 1000V:
a. In the Library workspace, on the Library pane, expand Update Catalog and Baselines and right-click Update Baselines to select Create Baseline.
b. In Update Baseline wizard, select the General tab to enter a name and description for the baseline.
c. Click Next to move to the Updates tab. Click Add. Search for the string “Cisco” to select an update for the Cisco Nexus 1000V.
d. Click Next to move to the Assignment Scope tab and select infrastructure servers to add to the baseline.
e. Click Next and then Finish.
Step 1 Scan servers to check compliance with the previously created baseline for the Cisco Nexus 1000V:
a. In the Fabric workspace, on the Fabric pane, expand Servers.
b. Select the Home tab and click Compliance.
c. From the Compliance view, select the host to scan.
d. Right-click the host and select Scan.
After the scan is complete, identify the hosts that are noncompliant.
Step 2 Put the noncompliant host to maintenance mode and perform remediation:
a. Put the noncompliant host in maintenance mode by referring to the following link:
http://technet.microsoft.com/en-us/library/hh882398.aspx
b. In the Fabric workspace, on the Fabric pane, expand Servers.
c. Select the Home tab and click Compliance.
d. From the Compliance view, select the host to remediate.
e. Right-click the host and select Remediate.
f. In the Update remediation wizard, check the Do not restart servers after remediation check box.
Step 3 Bring the host out of maintenance mode. See http://technet.microsoft.com/en-us/library/hh882398.aspx.
Step 4 Perform another remediation to bring the host online in VSM:
a. Navigate to the Fabric workspace. On the Fabric pane, expand Networking and select Logical Switches.
b. In the Home tab, select Hosts.
c. Select the corresponding host and select the Cisco Nexus 1000V on the same host.
d. Right-click the switch and select Remediate.
Step 5 Use the show module command in VSM to verify whether the VEM modules were upgraded. After the upgrade, the software version of the corresponding VEM in the show module output should be 5.2(1)SM3(1.1).
This completes the upgrade process for the Cisco Nexus 1000V.
Step 5 of Upgrade Workflow is performed by this script.
Note Steps 1 to 4 of Upgrade Workflow must be done manually.
Execute the script from the PowerShell console of the SCVMM server. Additionally, complete the following prerequisites before running the script:
On the SCVMM server, the Upgrade-Nexus1000V-VEM.ps1 script is located at %Program Files%\Cisco\Nexus1000V\V2\Scripts\VEMUpgrade. For example, C:\Program Files\Cisco\Nexus1000V\V2\Scripts\VEMUpgrade.
The script requires the following inputs as parameters:
Below is a sample snapshot of the VEM upgrade script:
Verify whether the VEM modules were upgraded using the show module command in VSM. After the upgrade, the software version in the show module output should be 5.2(1)SM3(1.1).
Step 1 Put the Windows Server host in maintenance mode. See http://technet.microsoft.com/en-us/library/hh882398.aspx.
Step 2 Copy the VEM MSI file (for example, Nexus1000V-VEM-5.2.1.SM3.1.1.0.msi) to the host.
Step 3 Run the MSI file to install.
Step 4 Remediate the host to make it available online in VSM:
b. Navigate to the Fabric workspace. On the Fabric pane, expand Networking and select Logical Switches.
c. In the Home tab, click Hosts to list all hosts configured on the server.
d. Navigate to the host where you installed the MSI. Select the Cisco Nexus 1000V on the same host and right-click it.
e. Choose Remediate to make it online in VSM.
Note If the switch status is compliant, the Remediate option is not available. Refresh the corresponding host from the SCVMM console to get the Remediate option.
Step 5 Bring the host out of maintenance mode. See http://technet.microsoft.com/en-us/library/hh882398.aspx.
Step 6 Verify that the VEM module on the corresponding host is upgraded using the show module command in VSM. After the upgrade, the software version in the show module output should be 5.2(1)SM3(1.1).
After all VEMs are upgraded, complete the following procedure so the VSM can support all of the new features in the new software version.
Before beginning this procedure, you must know or do the following:
Step 1 Display the current level of feature support using the command show system vem feature level. For example:
Step 2 Display the current VEM feature and the version of the VEMs using the command system update vem feature level. For example:
Note If all VEMs are upgraded to the new software version, the feature support can be upgraded to the new software version. If an instance of VEM is running an earlier software version, the feature support level cannot be upgraded, and the list is empty.
Step 3 Change the feature level using the command system update vem feature level level_number. For example:
Note After the feature-level upgrade, VEMs with versions older than the feature level can no longer connect to the VSM.
Step 4 Display the updated level of feature support using the command show system vem feature level. For example:
Install Microsoft hotfix KB3014795 on Windows Server 2012 R2 hosts. For more information, see http://support.microsoft.com/kb/3014795/en-us.