6.0.2
Table Of Contents
- vSphere Migration
- Contents
- About vSphere Migration
- System Requirements for Migrating vCenter Server Deployments to vCenter Server Appliance Deployments
- vCenter Server Appliance Requirements
- vCenter Server Appliance Hardware Requirements
- vCenter Server Appliance Storage Requirements
- Software Included in the vCenter Server Appliance
- vCenter Server Appliance Software Requirements
- vCenter Server Appliance Database Requirements
- vSphere Web Client Software Requirements
- Required Ports for vCenter Server and Platform Services Controller
- Pre-migration Checks
- Known Limitations
- Preparing for Migration
- Moving Update Manager to a New Host Machine When Migrating vCenter Server to vCenter Server Appliance
- Synchronizing Clocks on the vSphere Network
- Preparing vCenter Server Certificates for Migration
- Preparing vCenter Server Databases for Migration
- Prepare Managed ESXi Hosts for Migration
- Install the Client Integration Plug-In
- Required Information for Migrating vCenter Server and vCenter Single Sign-On from Windows to an Appliance
- Migration of vCenter Server with an Embedded vCenter Single Sign-On to an Appliance
- Migration of vCenter Server with an External vCenter Single Sign-On to an Appliance
- After Migrating vCenter Server
- Troubleshooting
- Index
Host Upgrades and Certificates
If you upgrade an ESXi host to ESXi 6.0 or later, the upgrade process replaces the self-signed (thumbprint)
certicates with VMCA-signed certicates. If the ESXi host uses custom certicates, the upgrade process
retains those certicates even if those certicates are expired or invalid.
If you decide not to upgrade your hosts to ESXi 6.0 or later, the hosts retain the certicates that they are
currently using even if the host is managed by a vCenter Server system that uses VMCA certicates.
The recommended upgrade workow depends on the current certicates.
Host Provisioned with
Thumbprint Certificates
If your host is currently using thumbprint certicates, it is automatically
assigned VMCA certicates as part of the upgrade process.
N You cannot provision legacy hosts with VMCA certicates. You must
upgrade those hosts to ESXi 6.0 later.
Host Provisioned with
Custom Certificates
If your host is provisioned with custom certicates, usually third-party CA-
signed certicates, those certicates remain in place during upgrade. Change
the certicate mode to Custom to ensure that the certicates are not replaced
accidentally during a certicate refresh later.
N If your environment is in VMCA mode, and you refresh the
certicates from the vSphere Web Client, any existing certicates are
replaced with certicates that are signed by VMCA.
Going forward, vCenter Server monitors the certicates and displays
information, for example, about certicate expiration, in the
vSphere Web Client.
Hosts Provisioned with
Auto Deploy
Hosts that are being provisioned by Auto Deploy are always assigned new
certicates when they are rst booted with ESXi 6.0 or later software. When
you upgrade a host that is provisioned by Auto Deploy, the Auto Deploy
server generates a certicate signing request (CSR) for the host and submits it
to VMCA. VMCA stores the signed certicate for the host. When the Auto
Deploy server provisions the host, it retrieves the certicate from VMCA and
includes it as part of the provisioning process.
You can use Auto Deploy with custom certicates.
Change the Certificate Mode
In most cases, using VMCA to provision the ESXi hosts in your environment is the best solution. If corporate
policy requires that you use custom certicates with a dierent root CA, you can edit the vCenter Server
advanced options so that the hosts are not automatically provisioned with VMCA certicates when you
refresh certicates. You are then responsible for the certicate management in your environment.
You can use the vCenter Server advanced seings to change to thumbprint mode or to custom CA mode.
Use thumbprint mode only as a fallback option.
Procedure
1 Select the vCenter Server that manages the hosts and click .
2 Click Advanced , and click Edit.
3 In the Filter box, enter certmgmt to display only certicate management keys.
Chapter 5 Preparing for Migration
VMware, Inc. 29