Tuesday, September 22, 2015

Upgrading Workspace Portal to VMware Identity Manager (vIDM)

In this post, we'll be upgrading an HA Cluster of Workspace Portal 2.1.1 to vIDM 2.4 per the official documentation instructions. Some technical knowledge of pgAdmin and other tools is assumed in the official guide, so hopefully this post can help fill the gaps.
Step 1: Break the HA configuration

Upgrading requires us to temporarily revert to a single-node configuration which is a little daunting to hear, but fortunately it's much easier than reverting all the steps it took to create the cluster in the first place. If you don't have Workspace setup in HA mode, then you can move on to Step 2.

  1. Verify you see more than 1 node listed when running curl -XGET 'http://localhost:9200/_cluster/health?pretty=true' // This means there are multiple nodes in the cluster, just like you configured it to be.
    2

  2. Launch pgAdmin and connect to the primary node
    3

  3. Expand Databases > saas > Schemas > saas > Tables
    1

  4. Find the Table called ServiceInstance and right click > View Data > View Top 100 Rows
    4

  5. Your nodes should all be listed here. Go ahead and delete all rows except for the master node
    5

  6. Perform the same steps for the FailoverConfiguration Table, but make sure to delete all rows

  7. Run curl -XGET 'http://localhost:9200/_cluster/health?pretty=true' again and ensure only 1 node is returned
    7

  8. Now we need to update the Load Balancer in place to only use the master node. This will likely be different for most people since not everyone uses the same LB. In my case, I'm using NGINX as a Reverse Proxy. Consult your Load Balancer's documentation to achieve this step.


Step 2: Perform an Online Upgrade


  1. Verify the prereqs. There are actually quite a few but the big ones are:

    1. Verify there is at least 2.5GB of space on root available
      8

    2. Take a snapshot of the Workspace vApp

    3. Take a snapshot of the Workspace Database (if on an external DB server)

    4. Verify you can reach vapp-updates.vmware.com (where the update will be downloaded from)
      9

    5. In the Map User Attributes page, make distinguishedName a required attribute, if you plan to sync Citrix-published resources (XenApp) to vIDM.

    6. Unjoin the master node from the Domain (Required if if coming from Workspace 2.1.0 and if planning on configuring HA cluster... Workspace 2.1.1 does not require this).



  2. On the Appliance Console, run the following commands to verify vIDM 2.4 shows available:
    /usr/local/horizon/update/updatemgr.hzn updateinstaller
    /usr/local/horizon/update/updatemgr.hzn check
    92

  3. Run /usr/local/horizon/update/updatemgr.hzn update to update the appliance
    93

  4. If it completes successfully, you should be prompted to reboot the VM
    Screen Shot 2015-09-15 at 9.02.15 PM


Congratulations! Workspace has now been upgraded to vIDM! You should be able to confirm this in the blue console window.

Screen Shot 2015-09-15 at 9.13.55 PM
Reconfigure the HA Cluster

If you would like to reconfigure the HA cluster, follow the below steps:

  1. In the vSphere console, clone the master node. It may save time if you power down the master node before cloning.

  2. Name the clone whatever you want, and we'll configure it's FQDN after.
    94

  3. Once the clone operation is complete, edit the vAPP properties of the VM to configure it's FQDN (Hostname) and IP. These must be unique values (as in, different than the master node).
    95

  4. Click ok and power on (first power on the master node before powering on the clone if need be).

  5. The initial boot will check for a new hostname and IP and if they're different than the master, it will pass as a clone, then get autoconfigured as necessary. Once the boot is complete and the blue console screen is visible, login as root and type the following commands to ensure you see all the nodes in the cluster (in this case, 2 nodes)
    curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'

    rabbitmqctl cluster_status


  6. Now add the clone back into your Load Balancer's configuration. Once again, you must consult your LB's documentation in order to complete this step.

  7. You can perform this cloning operation as many times as needed to build out your HA cluster. You can also perform these steps at any time - the HA cluster does not have to be built out right away.


What about my old slave-nodes from 2.1.1?  -- These can be deleted or stored for backup/reference use. The new vIDM cluster will not be referencing or using them in any way.

Post-Upgrade Configuration

The official post-upgrade steps can be found here, but here are some additional things to check:

  • Ensure admin users and end-user accounts can both login to the portal. If you have trouble using one of the domain users to log in, then in an upgraded environment, append /SAAS/login/0 to the login URL using the local admin account. For example, if your login URL is https://myco.example.com, you would change it to https://myco.example.com/SAAS/login/0.

  • Re-join the domain if you had left it prior the upgrade

  • Verify apps and desktops launch as expected (a View sync may be a good idea at this point - Keep in mind View Sync should only be enabled on 1 node)

  • Upgrade end-user's Desktop Clients to version 2.4. Be sure to uninstall the current Workspace Desktop Client, then install the 2.4 client.


I hope you've found this post helpful in upgrading your Workspace Portal deployment to vIDM! Let me know in the comments how it went!
Share:

Follow by Email