Rollback Procedure for Transitioning from SCRX (Turbo) to VDPI (Classic) in a VUM (VLCM-Baseline) Cluster
search cancel

Rollback Procedure for Transitioning from SCRX (Turbo) to VDPI (Classic) in a VUM (VLCM-Baseline) Cluster

book

Article ID: 426791

calendar_today

Updated On:

Products

VMware vDefend Firewall VMware vDefend Firewall with Advanced Threat Prevention

Issue/Introduction

This article describes the procedure to roll back Turbo IDPS (SCRX) to Classic IDPS in an NSX environment where the vCenter clusters are based on vLCM Baseline (VUM). The rollback is performed by disabling the SCRX flag and reinstalling NSX on each ESXi host. 

Environment

  • NSX 4.2.2 or higher
  • ESXi 8.0.3 P04 (build 24280767) or higher
  • vCenter 8.0.3 or higher
  • The vCenter cluster is using vLCM Baseline (VUM)
  • IDPS running in Turbo mode (SCRX)
  • ESXi hosts managed by NSX Clusters with TNP

Resolution

1: Disable the Turbo (SCRX) flag
Log in to the NSX Manager and run the following command to disable SCRX:

curl -k -u 'admin' -H 'Content-Type: application/json' -X PATCH --data '{"keyValuePairs": [{"key": "scrx_enabled","value": "false"}]}' https://127.0.0.1/policy/api/v1/system-config

 

2: Verify the SCRX flag status
Confirm that the scrx_enabled flag is set to false:

root@nsx-manager:~# curl -k -u 'admin' -H 'Content-Type: application/json' -X GET  https://127.0.0.1/policy/api/v1/system-config?key=scrx_enabled
Enter host password for user 'admin':
        {
          "keyValuePairs" : [ {
            "key" : "scrx_enabled",
            "value" : "false"              <<<<<<<<<<<<
          } ]
}

3: Place the ESXi host into Maintenance Mode
    • Put one ESXi host into Maintenance Mode.
    • Ensure all VMs, including powered-off and suspended VMs connected to NSX segments, are migrated to another host.

 

4: Remove the host from the cluster
    • Move the host out of the NSX cluster to the root of the datacenter.
    • This action triggers the NSX uninstall on the host.

 

5: Monitor NSX uninstall
    • Wait for the uninstall process to complete.
    • Verify status under: System > Fabric > Hosts > Other Nodes

 

6: Add the host back to the cluster
    • Move the host back into the same or a different cluster.
    • This triggers a fresh NSX installation using Classic IDPS.

 

7: Monitor NSX install
    • Wait for the NSX installation to complete successfully.

 

8: Exit Maintenance Mode
    • Take the host out of Maintenance Mode.

 

9: Repeat for remaining hosts
Repeat Steps 3 through 8 for each ESXi host in the cluster.

Powered by Wolken Software