Shulou(Shulou.com)06/03 Report--

The current situation is as follows:

Hardware: 2 HP C7000 knife boxes, n blades, n HP rack servers, n physical machines and other equipment.

Storage: FC SAN Stora

Software: vcenter is version 6.0 of windows and version 6.0 of vsphere.

Network: three-tier structure, two class C SUB addresses, management, business, production mixed together.

The things to do are as follows:

1. Upgrade the latest firmware and drivers for the knife box and server.

2. Deploy VCSA6.5,vsphere to upgrade to version 6.5, and deploy vRealize Operations Manager Appliance 6.5 to vRealize Log Insight 4.3.

3. Replan the network to realize the separation of management, business and production network.

The upgrade process requires the cooperation of the people who manage the network and the data center. I manage the network, security and data center of our unit alone. I will configure all the equipment and there is no communication cost.

Vmware has a windows version of vcenter to VCSA upgrade program, I replan the network should be useless, it would be better to start all over again, according to the following plan to implement external service interruption can be controlled within an hour or two.

VCenter Server can be deployed in two ways:

Installing on the Windows platform requires additional Windows operating system and external database system software license, and it is troublesome to deploy it with certain manual steps.

Directly deploy the preset vCenter Server Appliance (VCSA), VCSA is a Linux-based virtual machine with a built-in PostgreSQL database that requires no additional software license at all and is easier to deploy.

Vcenter, which has been using the windows platform before, is mainly because the function of VCSA is not perfect. In the vsphere6.5 version of the integration of Update Manager, built-in backup function, built-in HA support, enhanced Appliance management capabilities. So VCSA is the best choice in version 6.5.

Current switch configuration:

Vlan10 1.1.1.1/24 2.2.2.1/24 sub

Plan the switch configuration:

Vlan10 1.1.1.1Comp24 production network

Vlan20 2.2.2.1Universe 24 service network

Vlan30 3.3.3.1 Universe 24 vsphere network

Vlan40 4.4.4.1 Compact 24 hardware Management Network

5.5.5.1 Upland 24 vmotion network

6.6.6.1 Upland 24 FT network

Note: there is no need to configure vlan for routing in vmotion and FT networks.

Open and adjust in order:

1. Data center arranges network cable and optical fiber, and distinguishes hardware management network interface, vsphere standard switch network interface, vsphere distributed switch network interface, other non-virtualized server and hardware network interface.

This is a very troublesome thing, especially when there are a lot of equipment in a large data center. I have some skills, such as the management network interface of HP ILO is 100 megabytes, which can be distinguished by the status light on the switch, and the optical fiber 10G and 1G networks can also be distinguished by the status light on the switch. there are some network cables that can be plugged in with a short distance from the ground. It is difficult to distinguish between arp and mac information on layer 3 and layer 2 switches.

Patiently and carefully distinguish all networks and record them. It is best to write description information on the switch interface. At this point, after finishing the on-site work of the data center, you can go back to the office to make a cup of coffee.

2. Layer 3 switches add the addresses of vlan30 and 40 to the vlan10 in the form of sub addresses. Create vlan20, 30, 40, and trunk to the layer 2 switch. Layer 2 switches also create vlan20, 30, 40, and trunk to layer 3 switches.

3. Change the hardware management address, HP C7000 OA, VC, iLo address, HP rack iLo address, storage management address.

4. Delete 4.4.4.1 description 24 address from vlan10, add it to vlan40, and change the interface vlan ID according to the information of layer 2 switch vlan ID. At this point, the hardware management network has been distinguished.

5. Clean up several idle servers through vmotion operation. Each type of server needs to be cleaned up. The more servers cleaned up, the better, because the next parallel upgrade can save a lot of time.

6. Log in to HP ILO, load the HP SPP image, restart the server to upgrade the server firmware and software, load the vsphere6.5 image and reinstall vsphere after the upgrade. After installation, assign a new address to vsphere.

7. Install VCSA6.5 on a new vsphere6.5, assign a new address, log in to VCSA, add all servers that upgrade vsphsere6.5 to VCSA, configure standard switch, distributed switch, note that it is best to have two redundant physical setters, configure vmotion and FT networks, and configure new addresses.

Note: distributed switch configuration is the focus, my business and production two networks, my HP C7000 knife box uses 10G uplink, I can create two port groups to distinguish between different vlan. You can also add two 1G uplinks to create a distributed switch. This should be figured out according to the actual use situation, HP to the box to add uplink requires the server shutdown in the HP VC configuration.

So far, half of the work has been done, the software upgrade has been completed, and a new planned address has been configured.

8. The following operation is going to interrupt the business, so when I want to do it, I usually do it at home in the middle of the night.

Let's verify that the configuration is correct:

Shut down a virtual machine in vcenter6.0 and remove it from the list.

Browse the storage in vcsa6.5 to find the location of the virtual machine and add it to the list.

Edit the virtual machine settings and select a new network in the network adapter.

The layer 3 switch adds an address to the vlan20 and modifies the layer 2 switch to connect the vsphere distributed switch port vlan ID.

Enter the virtual machine to verify that the network is open.

Vcenter6.0 can not be accessed at this time. If the virtual machine is verified, change the above network configuration back, shut down all virtual machines in vcenter6.0, remove them from the list, change the network configuration, and add all virtual machines to the list in vcsa6.5. At this point, all virtual machines have been migrated and the vcenter6.0 can be deleted.

9. The vlan30 join address of layer 3 switch, and modify the vlan ID of layer 2 switch connecting to vsphere standard switch interface. At this point, the separation of vsphere networks is complete.

10. Modify the physical machine and other hardware equipment vlan ID.

Continue to upgrade the remaining servers and join vcsa6.5.

12. Distribute the virtual machine to vsphere evenly through vmotion operation.

If steps 8 to 12 go well, it may take 5 to 8 hours, by which time the business has fully recovered and you can get some sleep, and there will be no hurry about the rest.

13. Layer 3 switch configures ACL:

Vlan30 is not allowed to access vlan10, 20, 40, and vlan10, 20, 40 is not allowed to access vlan30

Vlan40 is not allowed to access vlan10, 20, 30, and vlan10, 20, 30 is not allowed to access vlan40

Firewall configuration only allows administrator IP to access vlan30, 40

14. Deploy vRealize Operations Manager Appliance 6.5 and vRealize LogInsight 4.3

15. Configure vcenter backup and do vcenter HA, cluster and so on according to your needs. Awesome people can also try to deploy NSX.

The above steps can be done in three steps:

Step 1: implement articles 1-7

Step 2: implement Article 8-12

Step 3: implement articles 13-15

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.