Manualshelf

Installation guide

ManualsBrandsVMware ManualsComputersVSPHERE CLIENT 4.0 - UPGRADE GUIDE UPDATE 1
71727374757677787980
Firewall Configuration Changes After Migration or Upgrade to ESXi 5.0
The migration or upgrade from ESX/ESXi 4.x to ESXi 5.0 results in several changes to the host firewall
configuration.
When you migrate from ESX 4.x to ESXi 5.0, the ESX 4.x rulesets list is replaced by the new rulesets list in ESXi
5.0. The following configuration from the /etc/vmware/esx.conf file is preserved:
n
The existing enabled/disabled status.
n
The allowedip added by esxcfg-firewall.
Ruleset files that are added by the user and customized firewall rules created in ESX 4.x. are not preserved
after the migration. In the first boot after the migration, for those rulesets that don't have entries in the ESX
4.x /etc/vmware/esx.conf file, the ESXi 5.0 firewall loads the default enabled status.
After the migration to ESXi 5.0, the default block policy is set to false (PASS all traffic by default) on ESXi 5.0
only when both blockIncoming and blockOutgoing values of the default policy are false in the ESX
4.x /etc/vmware/esx.conf file. Otherwise the default policy is to deny all traffic.
Custom ports that were opened by using the ESX/ESXi 4.1 esxcfg-firewall command do not remain open
after the upgrade to ESXi 5.0. The configuration entries are ported to the esx.conf file by the upgrade, but the
corresponding ports are not opened. See the information about ESXi firewall configuration in the vSphere
Security documentation.
IMPORTANT The ESXi firewall in ESXi 5.0 does not allow per-network filtering of vMotion traffic. Therefore,
you must install rules on your external firewall to ensure that no incoming connections can be made to the
vMotion socket.
Resource Pool Settings Affected by the Upgrade from ESX 4.x to ESXi 5.0
After the upgrade to ESXi 5.0, ESX 4.x resource pool settings might be insufficient to start all virtual machines
in the pool.
The upgrade to ESXi 5.0 affects the amount of memory available to the host system. As a result, in resource
pools that are set to use nearly all of the resources available, some virtual machines might not have enough
resources to start after the upgrade. When this happens, a system alert will be issued. You can find this alert
by pressing Alt + F11 in the ESXi direct console. Reconfigure the resource pools to solve the problem.
SSH Configuration Affected by Upgrading or Migrating to ESXi 5.0
The host SSH configuration is migrated only for upgrades from ESXi 4.1 to ESXi 5.0
SSH configuration is not migrated for ESX 4.x hosts or ESXi 4.0 hosts. For these hosts, SSH access is disabled
during the upgrade or migration process. You can reenable SSH access in the direct console. See the information
on enabling SSH access in the vSphere Installation and Setup documentation.
Networking Changes in ESXi 5.0
Some ESX 4.x and ESXi 4.x network settings stored in /etc/sysconfig/network are migrated in the upgrade or
migration to ESXi 5.0. In the migration to ESXi 5.0, ESX Service Console virtual NICs (vswifs) are converted to
ESXi virtual NICs (vmks).
The distributed port group or dvPort that the virtual NICs connect to is also migrated. The Service Console
port group is renamed as the Management Network port group. When vswifs are migrated to vmks, they are
numbered to follow any existing vmk in sequence. For example, if the version 4.x ESX host has virtual NICs
vmk0, vmk1, and vswif0, after the migration the new ESXi configuration will be vmk0, vmk1, and vmk2, where
vmk2 is the management interface.
Chapter 6 Upgrading and Migrating Your Hosts
VMware, Inc. 77