Following on from a post outlining easier release vehicles we recently completed an AOS 7.0 upgrade for a customer, splitting the upgrades over maintenance windows – the last piece of the puzzle being the upgrade of Flow Network Security Next Generation 5.0 to 5.1.
Flow Network Security ‘Next Generation’ (FNS NG) is deployed in a split architecture model, with the control plane being hosted within Prism Central, including the Network Controller, and then the data plane being the responsibility of Prism Element, more accurately the CVM and AHV host.
The upgrade process involves no downtime, in true Nutanix fashion by leveraging LCM, and a Scaled-out Prism Central architecture we maintain quorum at all times during the upgrade of each component.
First though, we check the Compatibility and Interoperability Matrix to confirm we are in a supported position when we upgrade.
FNS & Prism Central
FNS & AOS
Next, we consult the Installation & Upgrade section of the documentation instructing us to download two LCM bundles, one for the Prism Central, and the other for Prism Element which we can upload directly into LCM, or host on a Darksite webserver.
In our case it was fine to just use direct upload, first into Prism Central, and then into Prism Element.
Part 1 – Prism Central & Network Controller
With the bundle uploaded (lcm_flow_pc_5.1.0.tar.gz – 158MB) we were able to run an LCM inventory that correctly identified that we were using Flow PC 5.0 and needed to upgrade to 5.1 which was completed in a small number of minutes – one Prism Central instance at a time without any reboots or interruption in service.
Once this was done, another LCM inventory was run which informed us that Network Controller required an upgrade also, this also was completed promptly and without incident.
Note: Before the upgrade is kicked off, a large warning is displayed advising the admin that the PC FNS NG must be the same or newer than the PE FNS NG, this is much like other products where the control plane is smart enough to manage old and new data planes.
Part 2 – Prism Element
Once Prism Central was updated and completed without incident, we proceeded to upload the LCM bundle (lcm_flow_cvm_5.1.0.tar.gz – 141MB) and carry out an LCM inventory that correctly identified we were running Flow PE on 5.0 and needed to upgrade to 5.1. As you’d expect the upgrades were applied to a host at a time without any loss of service and the task was completed.
End to end this took around 1.5hrs on a 3x Node PC, & 22 node AHV cluster.
Attribution towards https://www.stockio.com/ for the nifty little firewall icon on this post 🙂