Home Β» Virtualisation Β» vSphere patches install using VMware Update Manager

vSphere patches install using VMware Update Manager

Here we are with the final steps about upgrading our homelab to the latest VMware release. In this stage we are going to install the latest vSphere patches. In the past we have previously seen the steps on how to do this using the command line with vSphere 6.0. In this case we are going to use VMware Update Manager now built into the VCSA 6.7 appliance. And everything is a lot easier.

So to do a quick recap of the previous steps to get to the latest VMware version here it is a quick list with links:

At this point we are ready to install latest VMware vSphere patches with VMware Update Manager. How does it work? Pretty simple. Similarly to what we have already seen for the vSphere Hosts upgrade, it’s a matter of creating a new Baseline for patches. By default the VMware Update Manager is already shipping with 2 default Baselines which cover both critical and non-critical patches. These are not customisable.

The idea is to create custom Baseline with specific vSphere patches. For example since we have already upgraded the Host to version 6.7 and considering the vSphere patches are cumulative there is no need to install all of them but just the latest ones. This is interesting because it is possible to create a Baseline Group which couples a specific Host version with the very latest vSphere patches.

In this article we are going to see this vSphere updateΒ  process including the changes to an existing custom Baseline.

 

 

How to install latest VMware vSphere patches

VMware Update Manager (VUM) is the module we’ll use to create the Baseline and remediate the vSphere Hosts with the latest patches. Let’s navigate to Home > Update Manager from the vSphere Client and choose a vSphere Host. From here we can review the current build installed. Let’s hit on Update Manager Home and create / review the Baselines.

domalab.com install vSphere Patches VUM

In the Home tab there is a view of information like Hosts, Non-compliant ones and attached Baselines.

domalab.com install vSphere Patches vmware update manager

Let’s move to the Baselines to review and eventually create new custom ones. In my example I have already created a couple of these to cover the vSphere patches and Host upgrades. At the time of writing the patch Baseline automatically includes 7 patch definitions showing in the lower part of the screen.

domalab.com install vSphere Patches baselines

Let’s edit this Baseline and review settings. Everything is wizard driven and all we need to do is to initially provide name and description. I would advise using a naming convention as the overall will look a lot cleaner especially in big environments with many Baselines for several purposes.

domalab.com install vSphere Patches baseline definition

In the automatic patches selection we can define the criteria for which downloaded patch definitions will be automatically added to the Baseline. It is one of the reason why constant internet access from the VUM is important in order to get the latest definitions. In particular the ones that are more frequent are the ones for vSAN environments. At the time of writing with the configuration as per screenshot below reveals 7 patches in total for VMware ESXi 6.7.0.

domalab.com install vSphere Patches baseline selection

In the next step we can also manually include other patches to the Baseline. I find this option useful when creating Baselines for Extensions instead as we can add for example patches to drivers and other VIBs installed on the vSphere Hosts.

domalab.com install vSphere Patches manual selection

And a final summary with the option to review and amend changes.

domalab.com install vSphere Patches baseline summary

At this point from the Updates tab for each definition we can also see the associated Baselines.

domalab.com install vSphere Patches baseline updates

From the Baseline tab we can associate a vSphere Host to start the staging and remediation process.

When browsing the Host > Updates section we can see the associated Baselines. Ideally we can initiate the staging process and then remediate the Host.

domalab.com install vSphere Patches review baseline

Thing is this Baseline includes all patches (7) and knowing these are cumulative updates should we really need to install all of them? What we can do instead is to edit the custom Baseline to include only vSphere patches published on or after a specific date. In this case I’m choosing the date of 26th of July 2018 in order to get the latest cumulative updates only. The Baseline now shows 3 vSphere patches out of 7.

domalab.com install vSphere Patches edit baseline

Let’s start by staging locally the patches onto the vSphere Host.

The process will run in the background and visible from the recent tasks panel.

domalab.com install vSphere Patches staging

At this point we are ready to remediate the vSphere Host. In addition the wizard shows the remediation settings with default values:

Host Settings

  • Allow Quick Boot Yes
  • VM Power state –
  • Disable removable media devices that might prevent a host from entering maintenance mode No
  • Retry entering maintenance mode in case of failure Yes
  • Retry delay (minutes) 5
  • Number of retries 3
  • Allow installation of additional software on PXE booted hosts No

Cluster Settings

  • Disable Distributed Power Management (DPM) Yes
  • Disable High Availability Admission Control No
  • Disable Fault Tolerance (FT) No
  • Enable parallel remediation for hosts in cluster No
  • Migrate powered off and suspended VMs to other hosts in the cluster, if a host must enter maintenance mode

According to the remediation settings the installation will:

  • Enter Host in maintenance mode
  • Install vSphere patches
  • Check patches
  • Initiate Host reboot
  • Exit maintenance mode

domalab.com install vSphere Patches baseline remediation

At this point we are now ready to install vSphere patches on the remaining Hosts and make them compliant as well.

domalab.com install vSphere Patches baseline compliance

Tags

About the author

Michele Domanico

Passionate about Virtualization, Storage, Data Availability and Software Defined Data Center technologies. The aim of Domalab.com is sharing with the Community the knowledge and experience gained with customers, industry leaders and like minded peers. Always open to constructive feedback and new challenges.

4 Comments

Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Hi,
    Thanks for the guide.
    In the picture whwre you show remediation settings, you forgot to “orange out” your domain name πŸ™‚

    I have a question for you. How do I upgrade the host running the VCSA, if I am to use the UM ?

    Regards
    Flemming

    • Hi Flemming,
      thanks a lot for the shout out! It should be fixed now πŸ™‚
      For the VCSA upgrade there is a built-in update utility. I don’t recall the option to use VUM for VCSA upgrades as well.
      BTW the VCSA upgrade is super easy. Take a backup (now mandatory!) of the appliance first. If you want can take a look at these below:

      VCSA upgrade https://domalab.com/vmware-vcsa-6-7-update-3b/
      VCSA backup https://domalab.com/vmware-vcsa-backup-synology-ftps/

      Hope this helps and thanks a lot for reading:)
      Michele

      • Goodmorning.
        Thanks for your fast reply.
        Maybe my danish-english is not accurate enough, but I have 2 hosts and one of them is running the VCSA. It is as you point out easy to update VCSA and if I migrate or shut down the VMs on the host NOT running the VCSA it should be straight forward to patch that one as well.
        BUT the host running VCSA I canΒ΄t shotdown or migrate the VCSA cause then I of course cant use UM.
        Will I have to unregistre and reregistre it on the other host, power up and run UM from that host ?

        Regards
        Flemming

      • Hi Flemming,
        no worries your english is fine πŸ™‚
        A safe way to patch/upgrade the Host and VCSA is:
        1. Take a backup of the VCSA
        2. Upgrade the VCSA using built-in update module
        3. Migrate/Shutdown VMs from the other Host were VCSA is NOT running
        4. Upgrade/Reboot the Host with VUM
        5. vMotion VCSA to upgraded Host
        6. Migrate/Shutdown VMs from the other Host
        7. Upgrade/Reboot the Host with VUM
        8. vMotion VCSA back to the original Host

        These steps do not take into account any Cluster/DRS/HA configuration.

        Hope this helps,
        Michele

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Browse articles

December 2023
M T W T F S S
 123
45678910
11121314151617
18192021222324
25262728293031

Articles by Category

Archives

About Domalab

Welcome to my personal Blog. Feedback is welcome and in case of questions you can also contact me at 

doma-blog@outlook.com

error: Content is protected !!
%d