As part of the architectural transition in VMware Cloud Foundation (VCF) 9.1, lifecycle management for management components moves from the deprecated VCF Operations Fleet Management Appliance to the new Fleet Lifecycle service integrated into VMware Cloud Foundation.

A critical change in this version is the strict enforcement of certificate standards.

While previous versions did not strictly require Fully Qualified Domain Names (FQDNs) for internal operations, VCF 9.1 requires that all certificates contain both the FQDN and the IP address for all platform and collector nodes within the Subject Alternative Name (SAN) field.

If certificates are non-compliant (e.g., missing FQDNs), the automated inventory migration and registration into Fleet Lifecycle will fail during the VCF 9.1 upgrade process. This prevents the transition of management services and halts the convergence workflow.

Action Required:

Administrators must validate and, if necessary, replace all platform and collector node certificates to include the FQDN and IP address in the SAN field prior to initiating the upgrade to VCF 9.1.

NOTE:  VCF Operations for Networks was formerly named Aria Operations for Networks (AON), and prior to that was named vRealize Network Insight (vRNI).

Source Version: VCF Operations for Networks 6.14, VMware Cloud Foundation 5.x or VMware Cloud Foundation 9.0

Target Version: VMware Cloud Foundation 9.1

The new Fleet Lifecycle service in VCF 9.1 enforces strict certificate validation. Because previous versions did not require the certificates for VCF Operations for Networks contain the FQDN for certificates, some certificates may only contain the IP Address, resulting in a failure during upgrade.

Before initiating an upgrade to VCF 9.1, you must ensure that the Subject Alternative Name (SAN) field of your certificates includes:

• The FQDN for all Platform and Collector nodes.

• The IP Address for all Platform and Collector nodes.

Upgrading from VCF 5.x to VCF 9.1

• If you are running VMware Aria Operations for Networks 6.x, follow the steps based on your management type:
  
  
  • Managed by Aria Suite Lifecycle: Use the Aria Suite Lifecycle interface to replace the certificate.
    
    
    • Ensure the SAN field is populated with the FQDNs and IP addresses for all nodes.
      
      
    • Refer to the standard product documentation Replace certificate for VMware Aria Suite Lifecycle products for the replacement procedure.
      
      
  • NOT Managed by Aria Suite Lifecycle: Manually replace the certificate.
    
    
    • Follow KB 324471 How to install, renew and replace a custom (CA Signed) certificate on VCF Operations for Networks.
      
      
    • Verify that all DNS names and IP addresses are valid and present in the new certificate.
      
      

Upgrading from VCF 9.0 to VCF 9.1

• If VCF Operations for Networks 9.0 is already deployed, it is managed by the VCF Operations fleet management appliance or OPS LCM.
  
  Note:The Fleet Management Appliance (OPS LCM) has no direct upgrade path. Its functions are absorbed by the Fleet Lifecycle component in VCF 9.1.
  
  
• If your current certificate lacks FQDNs, you must replace it using a CA-signed certificate before starting the VCF 9.1 upgrade using standard product documentation Replace a Certificate with a CA-Signed Certificate. Failure to do so will cause the registration to fail during the Fleet Lifecycle transition.
  
  

Post-Replacement: Once verified, proceed in VCF Operations 9.1 to complete the upgrade.