This article provides migration instructions to replace CentOS 7 instances with Red Hat Enterprise Linux 9 (RHEL 9). The enrollment and provisioning of new Private Service Edges can be automated in a few steps using Terraform (IaC) or Container Orchestration to further simplify deployment.

Note the following requirements for successfully migrating from CentOS 7 to RHEL 9:

• Use a fresh install for all deployments.
• The EL9 repository must be used with RHEL 9 base OS. Older platform binaries (EL7/EL8) are not supported.
• Ensure that the/opt/zscaler/var folder is empty before install.
• Yum upgrades from EL7/EL8 to RHEL9 are not supported.
• Requires ESXi version 7.0 Update 2 or newer, including ESXi 8.x.

Use the following steps to migrate from CentOS 7 to RHEL 9:

1. Create new Private Service Edge groups and provisioning keys for each location.

Do not reuse existing provisioning keys as this will add the new RHEL 9 Private Service Edges to the old Private Service Edge groups. Mixing different host OS and Zscaler software versions in a single group is not supported.

3. (Optional) If you have old Private Service Edges (el7/el8), use the following commands before clearing the contents of /opt/zscaler/var/

   # systemctl stop zpa-service-edge
   # yum remove zpa-service-edge
   # rm -rf /opt/zscaler/var/service-edge/*

4. Follow the step-by-step guide to deploy new VMs using the RHEL 9 images and newly created provisioning keys. Ensure the yum repository is pointing to the new RHEL 9 link: https://yum.private.zscaler.com/yum/el9

Only RHEL 9 repositories and RPMs are supported on RHEL 9.

5. Add trusted networks and enable Publicly Accessible (if applicable) on the new Private Service Edge groups.
   
6. (Optional) Disable the Private Service Edge groups 15 minutes prior to the regional off-hours maintenance window to allow connections to gradually drain down.
7. During regional off hours, remove trusted networks and disable public access (if applicable) on CentOS 7 Private Service Edge groups.