In this blog post we will learn about how to patch ESXi hosts and virtual machines using the VMware Update Manager.

* What is VMware Update Manager?
* Installing and configure vCenter update manager.
* Configuring patch download options.
* Creating an update manager baseline.
* Patching ESXi hosts and virtual machines.

What is VMware Update Manager?

VMware Update Manager enables centralized, automated patch and version management for VMware vSphere and offers support for VMware ESX/ESXi hosts, virtual machines, and virtual appliances. Below are the tasks that can be performed using update manager.

* Upgrade and patch ESX/ESXi hosts.
* Install and update third-party software on hosts.
* Upgrade virtual machine hardware, VMware Tools, and virtual appliances.

Installing and configuring vCenter update manager

Step 1: Install the “Update Manager” plug-in on your local machine.

1. Log in to the vCenter Server.
2. From the menu bar click “Plug-ins” and then click “Manage plug-ins.”
3. In the “Plug-in Manager” screen you will see “VMware vCenter Update Manager Extension” under the Available Plug-ins.” Click the link under the status column “Download and Install.” If you don’t have update manager extension listed, then install update manger using the CD or from the ISO image.

4. The plug-in will begin to download from the vCenter server.
5. An installation setup will appear:
a. Select “English” as the language.
b. Click “OK.”
c. On the “Update Manager” splash screen click “Next.”
d. Accept the license agreement and click “Next.”
e. Click “Install.”
f. Complete the Update Manager Client installation, and click “Finish.”
g. The status for the Update Manager extension should be displayed as “Enabled.”

h. The icon for the Update Manager will be displayed on the vSphere Client home page under “Solutions and Applications”.

Configuring patch download options
  1. Log in to vCenter using the VI Client and from “Home” under the “Solutions and Applications” heading, click on “Update Manager.”
  2. Click on the Configuration tab.
  3. From the Settings menu, click the Download Settings hyperlink.
  4. Three options are available in this screen. If the update manager hosted server has a direct connection to the Internet, select the first option, “Direct connection to Internet.” If the patches are stored in a central repository, choose the second option, “Use a shared repository.” The third option can be used if you are using a proxy server; just provide “Proxy settings” details.
  5. If this is the first time you have updated hosts from this “Update Manager,” you can click on the “Test Connection” button to test connectivity.
  6. Click the “Download Now” button to download the patches from the VMware sites.
  7. Click “Download Schedule” link from the “Settings” and verify that
    the “Enabled scheduled download” checkbox is checked
  8. Now select “”Patch Repository” tab to make sure it is populated with patches and updates.
Creating an update manger baseline

1. From the “Update Manager” screen, click on the “Baselines and Groups” tab.
2. Verify that the “Hosts” button is selected.
3. Click on the “Create” link.

4. In the “New Baseline” window, provide a suitable name for the baseline in the Name area and ensure that the “Host Patch” radio button is selected, then click “Next.”

5. In the “Patch Options” screen, select option “Dynamic” and click “Next.”
6. On the “Criteria” screen, keep the defaults or select options based on your requirement and click “Next.”
7. On the “Patches to Exclude” screen you can exclude patches that you know have issues or patches you don’t require. To exclude a patch select the patch and click on the down arrow button.

8. On the “Additional Patches” screen keep the defaults and Click “Next.”
9. On the “Ready to Complete” screen you can review the patch/update criteria by expanding the “Patches matching criteria currently in the repository” heading and clicking the “Finish” button.
10. You will now see a newly created baseline under “Baselines”; in this example, it is “Vcenter—New Baseline.”

Patching ESXi hosts and virtual machines

To patch ESXi hosts, the host needs to be in maintenance mode and make sure you put the DRS setting at “Manual” before commencing the patching activity. The entire cluster can also be patched at once instead of manually performing the task on each node, provided you have all nodes in the cluster set to maintenance mode. This is possible only if it’s a new pre-production cluster with no VMs provisioned.

1. From the “Host and Clusters,” view in vCenter.
2. Select the cluster or the host that you want to patch.
3. Once the host is selected, click on the “Update Manager” tab.

4. Click on the “Attach…” link in the right-hand corner of the update manger tab, select the “Vcenter-New Baseline” option (i.e., the baseline that was created earlier) and click the “Attach” button.

5. Now you need to run a scan of the hosts in the cluster to check compliance: Click the “Scan…” link in the top right-hand corner.

6. In the “Confirm Scan” window, make sure “Patches and Extensions” and “upgrades” is checked
and click “Scan.”

7. To start the patching process, right-click the vSphere host that is in maintenance mode and select “Remediate.”
8. In the “Remediate” screen, select the baseline to use and it will list the number of patches that will be applied to this host; click “Next.”
9. In the screen, the list of patches displayed will be applied to the host; again, click “Next.”

10. In the “Options” screen, you have the ability to schedule this upgrade and name the task. We will proceed by choosing the “Immediate” option.

11. This screen advises that the ESXi host needs to be in maintenance mode before applying patch. Click “Next.”

12. In the “Cluster Remediation Options” screen, make sure that the “DPM” and “High Availability admission control” check boxes are checked and click “Next.”
13. At this step, we can review the options selected and click “Finish” to begin host patching.
14. During the patching process the host needs to reboot’ in the vCenter , the host will report “Not Responding.” After the successful reboot, the ESXi host will connect automatically. Make sure to check the build version change after patching the host.

Patching Virtual machines

In the previous section we have installed and configured the update manager, created base lines, and patched the ESXi host. Now it’s time to patch virtual machines.

VMware Update Manager (VUM) has the following baselines available by default:

  • * Critical Host Patches—Checks ESXi hosts for compliance with all critical patches.
  • * Non-Critical Host Patches—Checks ESXi hosts for compliance with all optional patches.
  • * VMware Tools Upgrade to Match Host—Checks virtual machines for compliance with the latest VMware Tools version on the host. Update Manager supports upgrading of VMware Tools for virtual machines on hosts that are running ESXi 4.0 and later.
  • * VM Hardware Upgrade to Match Host—Checks the virtual hardware of a virtual machine for compliance with the latest version supported by the host. Update Manager supports upgrading to virtual hardware version 8.0 on hosts that are running ESXi 5.x.
  • * VA Upgrade to Latest—Checks virtual appliance compliance with the latest released virtual appliance version.

1. To patch a virtual machine navigate to Inventory-> VMs and Template screen. Select the virtual machine you need to patch.
2. Navigate to Update Manager tab and select the “Attach” option.
3. Select both options under Upgrade Baselines, ” VMware Tools upgrade to Match Host” and
“VM Hardware upgrade to Match Host.” Click the “Attach” button to proceed.

4. Click on “Scan” and select “VMware Tools upgrades” and “VM Hardware upgrades.” Click on the “Scan” button to validate the VM tools and hardware compliance with the host.

5. After the scan, results are displayed as shown below, per our example VMware tools running latest version in compliance with the ESXi host. But VM Hardware requires an upgrade.

6. Similar to ESXi host, the next step is to “Remediate” to apply the patches to the virtual machine. Select the “Remediate” button from the bottom right corner in update manager tab or right-click the virtual machine and select “Remediate.”
7. In the “Remediate” windows under “Baselines,” by default non-compliant options would be checked; verify it and click “Next.”

8. On the schedule screen, the “Immediate” option will be checked by default. Click “Next.”

9. In the Rollback option screen, “Take a snapshot of virtual machine before remediation to enable rollback” will be checked by default; click “Next.”

10. We have now reached the final stage of remediation. Click “Finish.”
11. After the remediation, the compliance status for the virtual machine in update manager tab will be green; in step 5 it was red.

Thank you for reading. More VMware and VCP5 prep topics coming soon.