Thursday 26 November 2015

vSphere Update Manager

VMware vSphere Update manager provides centralized, patch management for ESXI hosts, Virtual machine hardware, VMware tools and Virtual appliances.

vSphere update manager helps in reducing security risks, vulnerabilities and makes management and troubleshooting easier.

It includes various components (Server Component which can be installed on the same computer as your windows vCenter Server or can be on a different one) and (Client Components which runs on the desktop) and requires connectivity with your vCenter Server.

vSphere update manager server and the vSphere update manager download service requires a database to store data (oracle, SQL server, and SQL 2008 R2 Express 64 Bit) are the supported databases.

Once the update manager is installed we can configure below vSphere update manager settings.

  1. Network Connectivity Settings 
  2. Download Settings Proxy Settings 
  3. Checking for Updates Settings  
  4. Notification Check Schedule Settings
  5. Virtual Machine Settings 
  6. Host and Cluster Settings
  7. vApp Settings

When it comes to patching, updates and extension in update manager there are 5 thumb rules.

1- Creating a Baseline

Baseline contains collection of patches, upgrades and extension before you can create, edit or delete a baseline ensure you have manage baseline privileges. vSphere update Manager includes two default dynamic patch baselines and three upgrade baselines.

Critical Host Patches (Predefined): Checks ESXi hosts for compliance with all critical patches.
Non-Critical Host Patches (Predefined): Checks ESXi hosts for compliance with all optional patches.
VMware Tools Upgrade to Match Host (Predefined): Checks virtual machines for compliance with the latest VMware Tools version on the host.

VM Hardware Upgrade to Match Host (Predefined): Checks the virtual hardware of a virtual machine for compliance with the latest version supported by the host.
VA Upgrade to Latest (Predefined): Checks virtual appliance compliance with the latest released virtual appliance version.

We can create a fixed baseline which consist of a set of patches that do not change as patch availability changes or we can create a Dynamic baseline which contains set of patches which updates automatically based on the availability and the criteria specified.

2- Attaching a Baseline

In order to view the object is compliant or not we need to attach the baseline to objects like virtual machines, virtual appliances, ESXI hosts and can also be attached to folders, vApps, clusters and data center.

3- Scanning

Scanning is the way through which the attributes of your objects (hosts, Virtual machines or appliances) would be evaluated against the baseline you have attached to that specific object. 

Once the object is scanned either it would be compliant (Means the object is in compliance with the baseline you have attached) or non-compliant (Means the object is missing with patches,extensions, upgrades) that is applied in to the object in form of baseline.

4- Staging

If the scanned object is non-compliant we can go ahead and remediate the object but before remediation we can perform an additional step on host objects i.e Staging which allows us to download the patches extensions from the update manager server to the ESXi hosts, without applying the patches and extensions immediately. Staging in helping us in speeding up the remediation process because now we have the patches and extension available locally on ESXi hosts.

5- Remediation

Remediation is last step where we are applying the patch, extension, upgrade to the objects and this step varies based on the object you are remediating for example in case of ESXi hosts which are part of a cluster the process is sequential, however if you have multiple clusters within your data center the remediation process will run in parallel.

For more information on VMware vSphere Update Manager kindly refer