VMware patch updates. How do they work?
Generally speaking patching updates can be a privilege of the “end-user systems” and in particular for Servers and Workstations. The same applies to VMs running on Hypervisors. But what about the Hosts themselves? In this article we’ll review how to install latest VMware patch updates on vSphere ESXi Hosts.
They are not exempt from this process either and of course a particular attention should be dedicated not just at the bug fixes that might occur but also at the security fixes as soon as new vulnerabilities are discovered.
Another scenario can be when you want to test the latest “build or profile” of a particular version of ESXi Server. Or what if your ESXi Server is simply not connected to the internet?
For all these scenarios it is possible to download and apply for VMware patch updates. Updates can be either managed centrally through vCenter and vSphere Update Manager or installed manually through the command line for stand-alone Hosts. The purpose of this article is to cover this part where the ESXi updates are installed manually.
How to install a VMware patch
Let’s do a quick test in our home lab. First thing first. We need to download the latest patches available for our ESXi Host. This can be done from the VMware Portal after a free quick registration. In my case I will select updates for the 6.0.0 version. It is sufficient to download the latest one (ESXi600-201706001) as they are cumulative updates.
Next step is to enable the SSH Shell from the vSphere Web Client.
From the same menu we can set the Host in Maintenance Mode or use the command line as shown later on.
Next is to use the vSphere Client (Web Client available from 6.0u2) to upload the zip file as it is in a Datastore the ESXi Host can see. As an alternative it is also possible to use WinSCP to copy files to the Datastore.
At this point we can use an SSH client like putty for example to login to the ESXi Host console. From here we can invoke the esxcli command to query about the Maintenance status as shown below.
Next is to enter the Host in Maintenance mode as shown below. Before entering this mode it would be best to either evacuate the VMs to other available Hosts or shut them down. During this phase in fact VMs cannot be created, Powered off or even VM configuration changes would not be possible.
We are now ready to install the ESXi update patch as shown below using the command:
esxcli software vib install -d /vmfs/volumes/DatastoreName/ESXi600-timestamp.zip
The process would not take very long and if we scroll up at the beginning of the list of packages updated we can also see the status execution and if a reboot is required.
If there are no issues with this update then we can proceed with a reboot as per command line shown in this screenshot.
After rebooting and looking at the version number we can verify the installed release along with the build number.
Updating an ESXi Host through vib files is really a quick and straight forward process. Moreover the vibs that are coming from VMware are “by default supported”. From the Manage > Acceptance Level option in the Web Client it is possible to change this to the desired level choosing between Partner, VMware certified, VMware accepted and Community. Extra care should be taken before installing Community vibs.
Of course this method might be more suitable for stand-alone Hosts rather than environments consisting of an high number of Hosts members of several clusters. In this case there are more sophisticated options that can help us managing, discovering and run remediation tasks to make sure all member servers are aligned to the same version and configuration. All these examples make a perfect use case scenario for the vSphere Update Manager (VUM) which I will cover in a separate article.