Our final solution looked like this which slightly differs to the steps in the blog by Jon but it worked well for us.
As above we split the install between 2 groups of servers
1. Disable Group 1 servers in the LB so that no new connections from users could be made
2. Run TVT on the still live services to ensure that the Group 2 servers still live in the LB were working properly
3. Uninstall Group 1 and clean up any left over files. Restart servers
4. Install new software
5. Set up new data share config folder for Portal and ArcGIS Server using the service account user
6. Set up Portal and ArcGIS server sites (including ArcGIS Server sites for GeoEvent)
7. Configure Relational and Spatiotemporal data stores (update SSL certs)
8. Register other datastores in ArcGIS Server Manager
9. Install and configure Web Adaptors for Portal and ArcGIS Server
10. Import service config and global settings into GeoEvent and publish output feature services (using connection to ArcGIS server using machine name url and credentials to create the datastore connection in GeoEvent Manager)
11. Publish mxd based services to ArcGIS Server using connection created with machine name url and initial admin user
12. Configure any other ArcGIS Server of Portal settings that don't require a LB URL, eg heap sizes for services that have a higher load, date settings and default user roles in Portal.
13. Run TVT on these new services using machine URLs
14. Switch Groups in LB - Disable Group 2, Enable Group 1 = Start of Outage
15. Update Web Context URL in Group 1 Portal and ArcGIS Server
16. Federate Group 1 ArcGIS Server with Portal and set hosting server. Check that all services have been added as Portal items.
17. Federate GeoEvent and any other servers
18. Set any other Post install config for Portal - eg name, description (we have a script that does this)
19. Enable Windows Auth
20. Update Portal Items (we have a script to do this), Groups and sharing of items.
21. Update GeoEvent datastores and output connections to use lb URL (no credentials or tokens required as federated).
22. Run TVT using LB and windows auth = End of outage (for us this was around 3 hours).
23. Start Uninstall and re-install of Group 2 servers
24. Join Portal into site from Group 1, this will cause a ~2 minute outage.
25. Join ArcGIS Server into site from Group 1
26. Install and configure Web Adaptors for Portal and ArcGIS server using Group 1 machine names
27. Configure Datastores to ArcGIS server machine from Group 1
28. Enable Group 2 servers in LB