Skip to main content
Contact Us
Register
Pure Technical Services

How To: Managing vVol Storage Provider Certificates during a FlashArray Hardware NDU or Controller Replacement

  1. Last updated
  2. Save as PDF

Currently viewing public documentation. Please login to access the full scope of documentation.

VMware Virtual Volumes require communication between the vCenter and the FlashArray VASA Provider.  Either the VASA Certificate or VMCA's trusted root certs are stored locally on the Controller.  As a result, after a Hardware NDU or Controller replacement the Storage Provider for that controller will need to be registered again.  This article covers the process to re-register the Storage Provider on the new controller/s.

With the Release of Purity//FA 5.3.12 the issue with certificates not persisting hardware changes has been fixed.  Should the FlashArray be running Purity 5.3.12+ , 6.0.3+ or 6.1.0+ then Pure Storage does not expect any issues with certificate authentication post hardware replacement or upgrade.

Pure Storage does strongly recommend vVols customers to upgrade to Purity 5.3.12 or higher if there is going to be a controller upgrade or replacement. 

If running Purity 5.3+ and any changes need to be made to the VASA Provider Certificate, please refer to the KB on how to manage vasa certificates in Purity 5.3+ with purecert.

Should a new IP be used on the new controller, the certificate will likely need to be regenerated or re-imported, then the Storage Provider will need to be re-registered in vCenter.

Otherwise, if no changes were made to the IP or FQDN of the FlashArray, then only the process of re-registering the storage providers needs to be followed.  The reason that the storage providers need to be reregistered on Purity 5.3 (VASA 1.1.0) is that the trusted root certs from VMCA that are stored with VASA are locally stored currently.  Pure Engineering has identified a fix and has implemented the fix in Purity 5.3.12.

Re-Registering the New Controller's Storage Provider

Essentially the process is as follows.

  1. Remove the storage provider for the controller that's being replaced or upgraded.
  2. Wait for the controller to be upgraded or replaced and the new one is serving IO.
  3. Register the storage provider for the controller that was replaced.
  4. Check that both storage providers are Healthy and Online in vCenter.

Should the FlashArray be running Purity 5.1.6, 5.1.7 or 5.2.0, Support will need to regenerate the VASA certificate on the new Controller before the Storage Provider is re-registered in vCenter or with the Plugin.  This problem has been resolved in Purity 5.2.1+ and 5.1.8+. Please note that on 5.3.0+ these actions are not necessary.  The customer is able to manage the certificate with purecert command/api.  

Here are some guide/examples of the process.

Navigate to either the Host, VM or Datastore View.
Click on the vCenter you need to remove the Storage Provider.
Click on the Configure Tab and select Storage Providers.
HTML5-01.png
HTML5 Web Client
Flash-01.png
Flash Web Client

In this example, we are going to say that CT0 is getting replaced.
Be sure to verify that both Storage Providers are Online.
Then remove the storage provider for the Controller being replaced.

HTML5-02.png
Flash-02.png
Confirm you are removing the correct controller's storage provider and proceed.
HTML5-03.png
Flash-03.png
Here we can see that CT0 is no longer registered. 
The process of upgrading/replacing the controller can continue now.
HTML5-04.png
Flash-04.png
Once the new controller is in place, confirm with Support that everything is online and serving IO.
Then click on the button to add a Storage Provider.
HTML5-05.png
Flash-05.png

Input the previous name and IP address with port 8084 and register with the needed credentials.
HTML5-06.png
Flash-06.png
All done, the Controller's Storage Provider is now Registered
If you are doing a Hardware NDU you will need to repeat this process for the next controller getting upgraded.
HTML5-07.png
Flash-07.png

Using the Plugin to re-register the Storage Provider

Instead of manually registering the Storage Provider for the new Controller, you can use the Pure Storage VMware Plugin. 
You will follow the same steps to remove the controller. 
The plugin will register the missing controllers storage provider.  Here is an example:

Once the new controller is in place, confirm with Support that everything is online and serving IO.

Then click on the Menu button and then select the Pure Storage Plugin.

 Register-Plugin-01.png

Select the FlashArray in the list on the right you need to register again.

Then click the button to register the storage provider.

 Register-Plugin-02.png

Select the vCenter/s you need to re-register the Storage Provider/s.

Provide the Credentials and register.

 Register-Plugin-03.png

Go back to the vCenter Storage Providers under the Configure Tab.

Confirm that both storage providers are Online.

All done.  If you are doing a Hardware NDU you will need to repeat this process for the next controller getting upgraded.

 Flash-07.png