0

VMware vSphere Update Manager 6.0 Process Part3

Update Manager Process

The Update Manager process begins by downloading information (metadata) about a set of patches, extensions, and virtual appliance upgrades. One or more of these patches or extensions are aggregated to form a baseline. You can add multiple baselines to a baseline group.

 A baseline group is a composite object that consists of a set of non-conflicting baselines.

You can use baseline groups to combine different types of baselines, and scan and remediate an inventory object against all of them as a whole.

** If a baseline group contains both upgrade and patch or extension baselines, the upgrade runs first. A collection of virtual machines, virtual appliances, and ESXi hosts or individual inventory objects can be scanned for compliance with a baseline or a baseline group and later remediated. You can initiate these processes manually or through scheduled tasks.

  1. Configuring the Update Manager Download Source
  2. Downloading Updates and Related Metadata
  3. Importing ESXi Images
  4. Creating Baselines and Baseline Groups
  5. Attaching Baselines and Baseline Groups to vSphere Objects
  6. Scanning Selected vSphere Objects
  7. Reviewing Scan Results
  8. Staging Patches and Extensions to Hosts
  9. Remediating Selected vSphere Objects

1. Configuring the Update Manager Download Source

  1. You can download the patch from Internet or from a shared repository.
  2. You can also import patches and extensions manually from a ZIP file.
  3. If your deployment system is connected to the Internet, you can use the default settings and links for downloading upgrades, patches, and extensions to the Update Manager repository.
  4. Third-party patches and extensions are applicable only to hosts that are running ESXi 5.0 and later.
  5. If you’r desktop is not connected with internet then you can use Update Manager Download Service (UMDS)

NOTE: You can use offline bundles for host patching operations only. You cannot use third-party offline bundles or offline bundles that you generated from custom VIB sets for host upgrade from ESXi 5.x to ESXi 6.0.

2. Downloading Updates and Related Metadata

  1. Downloading virtual appliance upgrades, host patches, extensions, and related metadata is a predefined automatic process that you can modify.
  2. By default, at regular configurable intervals, Update Manager contacts VMware or third-party sources to gather the latest information (metadata) about available upgrades, patches, or extensions.
  3. VMware provides information about patches for ESXi hosts and virtual appliance upgrades.

 

Update Manager downloads the following types of information:

  • Metadata about all ESXi 5.x patches regardless of whether you have hosts of such versions in your environment.
  • Metadata about ESXi 5.x patches as well as about extensions from third-party vendor URL addresses.
  • Notifications, alerts, and patch recalls for ESXi 5.x hosts.
  • Metadata about upgrades for virtual appliances.

Downloading information about all updates is a relatively low-cost operation in terms of disk space and network bandwidth. The availability of regularly updated metadata lets you add scanning tasks for hosts or appliances at any time.

 

  1. Importing ESXi Images

You can upgrade the hosts in your environment to ESXi 6.0 by using host upgrade baselines. To create a host upgrade baseline, you must first upload at least one ESXi 6.0 .iso image to the Update Manager repository.

With Update Manager 6.0 you can upgrade hosts that are running ESXi 5.x to ESXi 6.0. Host upgrades to ESXi 5.0, ESXi 5.1 or ESXi 5.5 are not supported.

Before uploading ESXi images, obtain the image files from the VMware Web site or another source. You can create custom ESXi images that contain third-party VIBs by using vSphere ESXi Image Builder.. You can upload and manage ESXi images from the ESXi Images tab of the Update Manager Administration view.

ESXi images that you import are kept in the Update Manager repository. You can include ESXi images in host upgrade baselines. To delete an ESXi image from the Update Manager repository, first you must delete the upgrade baseline that contains it. After you delete the baseline, you can delete the image from the ESXi Images tab.

  1. Staging Patches and Extensions to Hosts

 You can stage patches and extensions before remediation to ensure that the patches and extensions are downloaded to the host. Staging patches and extensions is an optional step that can reduce the time during which hosts are in maintenance mode.

Staging patches and extensions to hosts that are running ESXi 5.0 or later lets you download the patches and extensions from the Update Manager server to the ESXi hosts without applying the patches or extensions immediately. Staging patches and extensions speeds up the remediation process because the patches and extensions are already available locally on the hosts.

 IMPORTANT Update Manager can stage patches to PXE booted ESXi hosts.

  1. Remediating Hosts

 Update Manager 6.0 supports upgrade from ESXi 5.x to ESXi 6.0. Host upgrades to ESXi 5.0, ESXi 5.1 or ESXi 5.5 are not supported.

 IMPORTANT: You can patch PXE booted ESXi hosts if you enable the setting from the ESX Host/Cluster Settings page of the Configuration tab or from the Remediate wizard.

After you upload ESXi images, upgrades for ESXi hosts are managed through baselines and baseline groups. Typically hosts are put into maintenance mode before remediation if the update requires it. Virtual machines cannot run when a host is in maintenance mode. To ensure a consistent user experience, vCenter Server migrates the virtual machines to other hosts within a cluster before the host is put in maintenance mode. vCenter Server can migrate the virtual machines if the cluster is configured for vMotion and if VMware Distributed Resource Scheduler (DRS) and VMware Enhanced vMotion Compatibility (EVC) are enabled. EVC is not a prerequisite for vMotion. EVC guarantees that the CPUs of the hosts are compatible. For other containers or individual hosts that are not in a cluster, migration with vMotion cannot be performed.

IMPORTANT:

After you have upgraded your host to ESXi 6.0, you cannot roll back to your version ESXi 5.x software. Back up your host configuration before performing an upgrade. If the upgrade fails, you can reinstall the ESXi 5.x software that you upgraded from, and restore your host configuration. Remediation of ESXi 5.0, 5.1 and 5.5 hosts to their respective ESXi update releases is a patching process, while the remediation of ESXi hosts from version 5.x to 6.0 is an upgrade process.

 

  1. Remediating Virtual Machines and Virtual Appliances

You can upgrade virtual appliances, VMware Tools, and the virtual hardware of virtual machines to a later version. Upgrades for virtual machines are managed through the Update Manager default virtual machine upgrade baselines. Upgrades for virtual appliances can be managed through both the Update Manager default virtual appliance baselines and custom virtual appliance upgrade baselines that you create.

NOTE Update Manager 6.0 does not support virtual machines patch baselines.

0

VMware vSphere Update Manager 6.0 Part2

After installing VMware Update Manager what’s next?

How to access VMware Update Manager

As you have two interfaces

1. VI client and

2. Web Client.

  1. VI client View

2. Web client View

 

Both client interfaces have two main views, Administration view and Compliance view.

  1. Configure the Update Manager settings
  2. Create and manage baselines and baseline groups
  3. View Update Manager events
  4. Review the patch repository and available virtual appliance upgrades n Review and check notifications
  5. Import ESXi images

In the Update Manager Client Compliance view, you can do the following tasks:

  1. View compliance and scan results for each selected inventory object
  2. Attach and detach baselines and baseline groups from a selected inventory object
  3. Scan a selected inventory object
  4. Stage patches or extensions to hosts
  5. Remediate a selected inventory object

If your vCenter Server system is connected to other vCenter Server systems by a common vCenter Single Sign-On domain, and

  1. You have installed and registered more than one Update Manager instance, you can configure the settings for each Update Manager instance.
  2. Configuration properties that you modify are applied only to the Update Manager instance that you specify and are not propagated to the other instances in the group. You can specify an Update Manager instance by selecting the name of the vCenter Server system with which the Update Manager instance is registered from the navigation bar.

For a vCenter Server system that is connected to other vCenter Server systems by a common vCenter Single Sign-On domain, you can also manage baselines and baseline groups as well as scan and remediate only the inventory objects managed by the vCenter Server system with which Update Manager is registered.

 

0

What is VMware Update Manager?

What is VMware Update Manager ? what’s New?  What is use of VMware Update manager and it’s components.

What is update Manager?

With the help of Update Manager we can do the patching for ESXi host, Update the VM vmware tool version (upgrade) and to fix the bug. So that we can protect our environment from attack.

With Update Manager, you can perform the following tasks:

  1. Upgrade and patch ESX/ESXi hosts.
  2. Install and update third-party software on hosts.
  3. Upgrade virtual machine hardware, VMware Tools, and virtual appliances.

Points need to remember:

  1. Update Manager requires network connectivity with VMware vCenter Server.
  2. Each installation of Update Manager must be associated (registered) with a single vCenter Server instance.
  3. If you have vCenter server in Linked Mode then need to install Update manager in each vCenter server and register with it.

For scanning and remediation, Update Manager works with the following ESXi versions.

  1. For VMware Tools and virtual machine hardware upgrade operations, Update Manager works with ESXi version 5.0 and later.
  2. For ESXi host patching operations, Update Manager works with ESXi 5.0 and later.
  3. For ESXi host upgrade operations, Update Manager works with ESXi 5.0 and later.

 

VUM Components:

Update Manager has two client components, which run in the different vSphere client components.

  1. There is an Update Manager Client plug-in that runs on the vSphere Client (The vSphere Client is a desktop client)
  2. Update Manager Web Client that runs on the vSphere Web Client.( vSphere Web Client is a Web-based client.)

Important: For Desktop Client plugin you have to install it manually in VI client.

 

VUM 5 and 6 Features

  • Support of new embedded database: Update Manager 6.0 and the UMDS 6.0 can be configured to use the new embedded database Microsoft SQL Server 2012. In Update Manager 6.0 release, to install the embedded database, you must select the option to use Microsoft SQL Server 2012 database before starting the Update Manager server or the UMDS installation wizard.
  • Additional database support: The Update Manager 6.0 server and the UMDS 6.0 are compatible with Oracle Database 12c.
  •  Cross platform upgrade (ESX to ESXi) –VUM now has the ability to do a cross-platform upgrade and move you from, let’s say ESXi Server 5.x to ESXi Server 6.
  • Optimized Cluster Patching and Upgrade–VUM 6 has the ability to understand your HA/DRS cluster capacity and perform ESXi host upgrades faster than ever by remediating the optimum number of hosts at one time – upgrading multiple hosts in parallel.
  • VMware Tool Upgrade Improvements– VUM now reduces the amount of time required to upgrade the VMware tools in each VM by reducing the number of reboots and/or scheduling reboots associated with the tools to occur at the next VM reboot.
  • Improved Virtual Appliance Updates –VUM not only update virtual appliances but it can also upgrade them even if VUM doesn’t have Internet access and VUM has insight into the software components inside a VM that are related
  • More Flexible Update Manager Download Service – the UMDS, as it is called, is the process going to VMware.com (and other websites) and downloading the patches that you will apply. In VUM5 & 6, UMDS is more flexible, allowing you to specify multiple download URL paths and also to only download patches that are relevant to your environment.
  • Update Manager Utility–VUM 6 is an update manager utility that helps you to reconfigure the Update Manager setup, change the database password and proxy authentication, re-register Update Manager with vCenter Server, and replace the SSL certificates for Update Manager.

 

 

Patching ESXi with VMware Update Manager

To Keep you environment Up-to-date and Risk free

 

What is Update manager: 
It allows you to manage automatic patch and version management for ESXi Hosts, Virtual machine hardware, VMware tools and Appliances as well.
You can install Patches for these (components) through single console, easy to manage.
It will also help you to keep you infra up to date with latest patches, Hotfix and reduce vulnerabilities. Also low your security breaches risk.

 

Update manager can perform below tasks:
  1. It can scan the infra for checking compliance and apply the updates on selected Hosts, Virtual appliance and also on Virtual Machine Hardware to update them with selected updated or version.
  2. It can also update third party software’s on hosts as well.
  3. It can upgrade Hosts directly from previous version to new one.
  4. It can ( 5.1 update manager) update Hosts: ESXi 4.x and 5.x version.

 

Note:  A Host which is upgraded or migrated from lower version to higher version will not be roll back to old version. To avoid this you should backup your Hosts configurations before any activity so that you can restore to old state.

How to do patching with Update Manager

 

 1. Open VCenter and go to Update Manager

 

2. After that you have to create baseline first

3. A dialog box will be visible here you have to provide Name for this base line. Also select base line type : like a) Host Patch b) Host Extension c) Host Upgrade or if you want to upgrade your virtual appliance then select VA Up grade.

 

4. On the next page you will see Patch Options: Fixed and Dynamic

Recommendation: Always use “Fixed” option for your environment. Dynamic is used in that situation where you have installed New ESXi and want to update all updated which was release till date.

5. Here you have to select which patch you want to install. Select that patch and click on down arrow.

 

6. Ready to complete page will show you summary

 

7. After creation you will see this base line in Baseline and Groups tab.
 Then you have to go to vCenter > host and cluster. Select Host and go to update manager Tab

 

8. Then go to Attach > 9. select the patch Baseline

9. Then you have to scan and get the host status as Non-Compliant or incompatible or compliant.
10. After that you have to click on Stage > this will copy or put all the patches on host repository
11. After that click on Remediate > this will install all the patches to that host.

 

 

Recommendation

Need to put Hosts into Maintenance Mode
Before starting remediate a host needs to be in Maintenance Mode. This ensures that no live virtual machines are running on the system, they have either been vmotion onto other hosts or powered down. The remediation task is able to put the host in maintenance mode for you.