Removing VMware Data Security after vShield to NSX upgrade
An existing vShield environment can be upgraded to a full NSX environment, as described in my VCIX post “Upgrade VMware NSX Components”. All vShield components can be upgraded, except for one; vShield Data Security.
The documentation states: NSX Data Security does not support a direct upgrade. You must uninstall the current Data Security software before upgrading to NSX Manager. After NSX Manager is upgraded, you can install NSX Data Security version 6.0. If you upgraded to NSX Manager without uninstalling Data Security, you must do so using a REST call.
A few days ago, someone came to me with an environment where this exact thing happened. They had upgraded to NSX for all its goodness, but had not removed Data Security and could not uninstall it via NSX Manager. The annoying thing is, that the API call to remove Data Security from NSX is not documented in the NSX documentation and there was not a whole lot to be found on the interweb, so I went digging. I found that the vCNS API documentation did have a reference to uninstall Data Security from ESXi hosts. The NSX Manager still supports the old vCNS API version (as it is basically a prettier vShield Manager). So all I had to do was to format the old API call and execute that against the NSX Manager.
This is the vCNS request that we are going to use:
The host-id is the MOID of the ESXi host which can be found with the VirtualCenter Operations Dashboard: https://<vcenter-ip>/vod/index.html?page=hosts. So if you had an ESXi host with a MOID of ‘host-10’ – this would be the API call:
With the host ids discovered and knowing the API call, you could call the API manually for all your ESXi hosts (click here to learn more about doing API calls manually), but if there are too many ESXi hosts for you to do this manually, or like me, you are lazy and want to automate everything, you can also use PowerShell to do all ESXi hosts at once.
You can find this script on my GitHub repository.