Skip to main content
ONTAP tools for VMware vSphere 9.13

Upgrade to the latest release of ONTAP tools

Contributors Netapp-shabaana

You can perform an in-place upgrade to the latest release of ONTAP tools from your existing 9.10 or later release following the instructions provided here.

What you will need

  • You must have downloaded the .iso file for the latest release of ONTAP tools.

  • You must have reserved at least 12 GB of RAM for the ONTAP tools to work optimally after the upgrade.

  • You must clean the vSphere Client browser cache.

    Clear the vSphere cached downloaded plug-in packages

Perform the following steps to validate the .iso file if required. This is an optional step:

  1. Extract the public key from the code signing certificate you got issued from Entrust (OTV_ISO_CERT.pem) openssl x509 -in OTV_ISO_CERT.pem -pubkey -noout > csc-prod-OTV-SRA-TGZ.pub

  2. Verify the signature in the digest using the public key (this step should happen in end user system prior to installing the binary. Certificate bundle should be included in the deployment package)

    openssl dgst -sha256 -verify csc-prod-OTV-SRA-TGZ.pub -signature netapp-ontap-tools-for-vmware-vsphere-9.12-9327-upgrade-iso.sig netapp-ontap-tools-for-vmware-vsphere-9.12-9327-upgrade.iso

The status of VASA Provider from the existing deployment is retained after the upgrade. You should manually enable or disable VASA Provider based on your requirement after you upgrade. However, it is best to enable VASA Provider even if VMware Virtual Volumes (vVols) are not in use, as it enables storage capability profiles for traditional datastore provisioning, and storage alarms.

Note You can perform an in-place upgrade to the latest release of ONTAP tools only from your existing 9.10 or later versions.
Note From ONTAP tools 9.12 upgrade all storage systems authentication and communication process is changed from basic authentication to certificate based authentication by auto trusting the ONTAP storage certificates. No action required from the user.

Adding a Storage system without certificate authentication is restricted.

If the storage system is added with custom created cluster scoped user using the json file and you want to upgrade to 9.12 and later versions, then run the below commands on the ONTAP CLI before you upgrade to enable the certificate based communication between ONTAP tools for VMware vSphere and ONTAP.

  1. security login role create -role <existing-role-name> -cmddirname "security login show" -access all

  2. security login role create -role <existing-role-name> -cmddirname "security certificate show" -access all

  3. security login role create -role <existing-role-name> -cmddirname "security certificate install" -access all

If the storage system is added with custom created SVM scoped user using the json file and you want to upgrade to 9.12 and later versions, then run the below commands on the ONTAP CLI with cluster admin access before upgrade to enable the certificate based communication between ONTAP tools for VMware vSphere and ONTAP:

  1. security login role create -role <existing-role-name> -cmddirname "security certificate install" -access all -vserver <vserver-name>

  2. security login role create -role <existing-role-name> -cmddirname "security certificate show" -access all -vserver <vserver-name>

  3. security login create -user-or-group-name <user> -application http -authentication-method cert -role <existing-role-name> -vserver <vserver-name>

  4. security login create -user-or-group-name <user> -application ontapi -authentication-method cert -role <existing-role-name> -vserver <vserver-name>

Steps

  1. Mount the downloaded .iso file to the ONTAP tools:

    1. Click Edit Settings > DVD/CD-ROM Drive.

    2. Select Datastore ISO file from the drop-down list.

    3. Browse to and select the downloaded .iso file, and then select the Connect at power on checkbox.

  2. Access the Summary tab of your deployed ONTAP tools.

  3. Start the maintenance console.

  4. At the “Main Menu” prompt, enter option 2 for System Configuration, and then enter option 8 for Upgrade.

    After the upgrade finishes, the ONTAP tools restarts. ONTAP tools is registered to the vCenter Server with the same IP address as before the upgrade.

  5. If you want ONTAP tools to be registered with the vCenter Server with the IPv6 address, then you must perform the following:

    1. Unregister ONTAP tools.

    2. Register the IPv6 address of ONTAP tools to vCenter Server using the Register page.

    3. Regenerate ONTAP tools and VASA Provider certificates after the registration.

    Important IPv6 is supported only with vCenter Server 6.7 and later.

  6. Log out and re-login to the vSphere Client to view the deployed ONTAP tools.

    1. Log out from your existing vSphere web client or vSphere Client and close the window.

    2. Log in to the vSphere Client.

      It might take a few minutes for the plug-in to be updated in the vSphere Client.

Note

  • From ONTAP tools for VMware vSphere 9.12 onwards, the authentication with ONTAP is done through certificate. You can either add CA signed certificate or a self-signed certificate. See, Modify storage systems for instructions.

  • If upgrading from the 7.0 version of ONTAP tools to the latest version of ONTAP tools, you must first create storage capability profiles before attempting to edit an existing VM Storage Policy or you might get an error that there are incorrect or missing values.

  • If upgrading from an earlier version to the latest release of ONTAP tools, it is found that the vvol.rebalance.threshold property is missing in the `vvol.properties file.

    The default value of the property is set to 85%.* After you upgrade to the latest ONTAP tools release that has FIPS enabled but you have a older version of vCenter where FIPS is not supported, the deployment will still work. But if you upgrade your vCenter to the latest FIPS supported version and you have an earlier version of ONTAP tools, then the deployment will work only if FIPS is disabled on the vCenter.