vSphere Update Manager
Using the Update Manager Interface to Upgrade from ESXi 6.5 to 6.7
Upgrade VMware ESXi Hosts with the New Update Manager Interface in vSphere 6.7
In VMware vSphere 6.7, the vSphere Update Manger (VUM) interface is now part of the HTML5 vSphere Client.In this demo, we will walk through the workflow to perform a major version upgrade. Click the Update Manager icon to begin.
VMware ESXi Image Repository
Update Manager is capable of host patching as well as major version upgrades. Host upgrade software is delivered in an ISO image. To add an image to the VUM repository, click "Import"
Add ISO Image
An ESXi ISO image can be obtained from VMware or from a server hardware vendor. Either browse the local disk or enter a URL to have VUM download the file directly. Click "Import"
Initiate Baseline Creation
After adding an ESXi ISO image to the VUM repository, it is easy to create an upgrade baseline. Select the desired image and click "New Baseline"
Create Upgrade Baseline
In the new VUM interface, upgrade baselines require just a few clicks to create. After specifying a baseline name, verifying the ESXi image, and reviewing the details, click "Finish"
Confirm Upgrade Baseline
After creating the upgrade baseline, verify that it is listed on the Baselines tab.
To begin the cluster upgrade procedure, click "Hosts and Clusters"
Attach Baseline
VUM is most effective when a baseline is attached to a cluster of ESXi hosts, although it is possible to attach to individual hosts, if necessary. With the cluster selected, click "Attach"
Select Baseline to Attach
In the dialog box, we can choose one or more baselines to attach to this cluster. In this scenario, we want to choose just the ESXi 6.7 upgrade baseline we created earlier. Click OK
Check Cluster Compliance
With the desired baseline now attached to the cluster, we will have Update Manager check each host to see if they are currently compliant or if they will need to be remediated. Click "Check Compliance"
Verify Compliance and Check Remediation Status
Once Update Manager is finished checking each host in the cluster, the results are displayed in the center information card. Here we can see that all four of these hosts are not compliant with the baseline and will need to be remediated. Before we do that, let's run the cluster pre-check to ensure that remediation will be successful. Click "Pre-Check Remediation"
Remediation Pre-Check
The pre-check process will check to see if DRS is enabled so that running VMs can be migrated with zero-downtime across the cluster. The pre-check also displays the status of HA admission control and enhanced vMotion compatibility. Click "Done"
Verify Pre-Check Results
After running the pre-check, verify that the cluster is ready for upgrade. Click "Remediate" to begin.
Streamlined Remediation
In the new Update Manager interface, the remediation wizard from previous releases is gone. Instead, we have a chance to review the actions that will be taken in a very efficient way. Click OK
Upgrade Without Downtime
During the cluster remediation process, hosts are put into maintenance mode after the running VMs are migrated to other cluster nodes. This process is repeated, typically one host at a time, until the entire cluster is upgraded. Click the Refresh link to see the final status.
Verify Cluster Upgrade
When Update Manager is finished upgrading the cluster, the status information cards will show that the cluster is now compliant. This concludes the new Update Manager interface demo.
Using the Update Manager 6.7 Interface to Patch VMware ESXi 6.5 Hosts
Using Update Manager 6.7 to Keep a Cluster of VMware ESXi 6.5 Hosts
Using Update Manager 6.7 to Keep a Cluster of VMware ESXi 6.5 Hosts Patched
VMware vSphere Update Manager is capable of performing major version upgrades, applying patches and updates to supported versions of ESXi host, or installing drivers or other third-party components. In this example, we will walk through the procedure to apply a patch to a cluster of hosts running VMware ESXi 6.5, as the underlying application is not yet certified on VMware ESXi 6.7, so we cannot perform a major version upgrade at this time. Click the Update Manager icon to begin.
Empty Patch Repository
By default, Update Manager will download VMware ESXi patches directly from VMware over the public Internet. For improved security, some environments do not allow Internet access from datacenter management components.In this demonstration, Update Manager does not have Internet access, so we will manually import the specific patches deemed necessary. These patches, sometimes called offline bundles or depots, can be downloaded by logging into My VMware; they are distributed in zip format. Click Import to begin.
Import Patch Bundle
The VMware ESXi patch bundle can either be uploaded from a local drive or from an internal URL, as seen here. Click Import to complete the process.
View the Updates Repository
Once the ESXi patch has finished importing, the individual bulletins can be seen in the repository tab. Everything looks good, click the Baselines tab to continue.
Review Baselines
Update Manager is able to perform major version upgrades, apply patches, or install extensions on managed ESXi hosts. Each of these tasks are enabled via baselines In our patching scenario, we need to create a new baseline to act as a container for the patches we just imported. Click New.
New Baseline
On the Baselines tab, the "New" menu item has two sub-entries, choose "New Baseline"
Baseline Definition Wizard
To create a new baseline, we need to supply a name and an optional description. Since our goal is to apply a patch to VMware ESXi 6.5 hosts, select the Patch option and click next.
Manual Patch Baseline
In this environment, there are tight controls for compliance reasons - we will specify the exact patches to install instead of dynamically matching patterns through the automatic feature - uncheck that option and click next.
Select Patches
For this baseline, we will select the two patch bulletins that are part of the bundle we just uploaded.Since this environment does not have Internet access, only the patches that we import to the repository appear in this list. In a lessrestrictive datacenter, this list would include all possible patch releases and could be filtered as needed by clicking the column headings. Click Next.
Verify Baseline
One final check of the patch baseline... Everything looks good, so click Finish.
Confirm Patch Baseline
After creating the new baseline, it appears in the list. Click Hosts and Clusters
Prepare to Patch the Cluster
With the target cluster selected, click Attach to select the patch baseline we just created.
Select Patch Baseline
We can attach the new patch baseline by checking the corresponding box. Click OK
Check Baseline Compliance
Now that the baseline is attached to the cluster, Update Manager will check each host to see if action is required in order for that host to be considered compliant. Click Check Compliance
Cluster Not Compliant
Once the compliance check is finished, Update Manager will indicate the status of each host in the cluster. In this case, all of the hosts are out of compliance and need to have the patch installed, as expected. Before we begin, we will first check the cluster for any potential blocking issues by using the
pre-check. Click Pre-Check Remediation.
Pre-Check Finished
The pre-check dialog box will show the status of individual items, such as confirming DRS is enabled. Everything is ready for remediation, so click Done.
Begin Remediation
Now that the pre-check is finished, we can proceed with cluster remediation. Click Remediate
New Remediate Interface
Update Manager 6.7 features a new interface with a streamlined flow, and no longer uses the multi-step wizard when remediating. After reviewing the actions that will be taken, click OK.
Remediate With Zero Downtime
Update Manager evacuates hosts one at a time and places them into maintenance mode before applying the patches. Running VMs are moved to other hosts with vMotion. Click Refresh to check the cluster status.
Patching Complete
After Update Manager is finished applying patches to all nodes in the cluster, the status will be updated to show that they are compliant with our chosen patch baseline.Update Manager 6.7 can upgrade hosts to the latest release of VMware ESXi, or it can keep hosts running older versions patched until the time comes to upgrade.
Faster Host Upgrades to vSphere 6.7
Faster Upgrades to vSphere 6.7
VMware vSphere 6.7 incorporates optimizations that speed up major version upgrades, so customers moving from 6.5 to 6.7 will spend less time waiting for hosts to upgrade.
Using the Update Manager 6.7 Interface to Patch VMware ESXi 6.7 Hosts
VMware vSphere Update Manager is capable of performing major version upgrades, applying patches and updates to supported versions of ESXi host, or installing drivers or other third-party components. In this example, we will walk through the procedure to patch a host running VMware ESXi 6.7 using existing baselines.
Click the Update Manager icon to begin.
By default, there are no baselines attached to a cluster. Since we are using precreated baselines we will proceed to attach those baselines to the host for remediation.
As we already have existing baselines, we will choose the option to Attach Baseline or Baseline Group. If we needed to create a custom baseline, we can choose the option to Create and Attach Baseline.
We will select all baseline we choose to attach to our host for remediation.
Once all baselines have been selected we will proceed to choose Attach to associate them with our ESXi host.
The next thing we need to do is Check Compliance of our host against Update Manager. Check Compliance does a check of currently installed patches, updates and upgrades installed on the ESXi host against what is within the Attached Baselines and Baseline Groups. If there are any missing patches, upgrades or updates the object will be in a Non-Compliant state.
Once the Scan is complete, we can see the status of the Compliance check. We can see that this host as 57 patches that need to be applied with 8 critical and 3 security fixes.Let's minimize the Recent tasks to proceed.
A new feature in 6.7 Update 1 and above is the ability to do a Pre-Check Remediation. This will detect and issues that may stop your remediation from completing successfully.Let's run the Pre-Check Remediation and see the results.
Our Remediation Pre-Check has passed, as we have no outstanding issues. Any errors that could impact remediation would be shown here such as DRS being deactivated or attached removable media devices.Lets close the Remediation Pre-Check to proceed.
We are now ready to proceed with Remediation. Lets select All baselines we wish to apply to our host.
With the baselines selected we can now choose Remediate.
During Remediation the Pre-Check Remediation will also run if you did not manually choose it before. We have a few options below so let's explore them, starting with seeing which updates we are installing.
If we expand out the Install Updates, we can see all updates that will be applied to this object. The next section will cover whether or not you wish to remediate the object immediately or schedule for a future date or time.
If you choose to modify the scheduling options you can create a scheduled task to remediate the object at a later date or time. If you uncheck the option it will run immediately. Let's review the remediation settings.
Within this screen we can see the remediation options that have been chosen, these are configured at the vCenter Server level, so if you wish to modify them you need to Close Dialog and Go to Settings. Please note new features introduced with 6.7 Update 2 will allow you to deactivate Quick Boot as well as deactivate the Check Host health after installation for VSAN Hosts. Consult the Release Notes and Documentation for more information on these features.
Once we have reviewed all the options, we can proceed to Remediate our ESXi host.
During an Update Manager remediation, if a host is not already in maintenance mode the first step is to put that host into maintenance mode, moving all running virtual machines to another host within the cluster. If DRS is deactivated you will need to manually migrate or power off VMs.
Once the host is put into maintenance mode, Update Manager will automatically Install the updates and reboot the host.
When remediation is complete, a Check Compliance scan is automatically ran and the host will be removed from maintenance mode. Our remediation is now complete as our host is in Compliance with all the attached baselines.
Thank you for reviewing our walkthrough on patching your VMware ESXi 6.7 host. For more information and walkthroughs please view our VMware Blogs.
vSphere Quick Boot Demo
VMware vSphere 6.7 Quick Boot
VMware vSphere 6.7 introduces a new technology that reduces the time required for hypervisor maintenance tasks. By using vSphere Quick Boot, VMware ESXi restarts without rebooting the underlying physical server. This eliminates the time-consuming device initialization and self-testing procedures, shortening the time required to patch or upgrade a host.
Upgrading a cluster with VUM
vSphere Update Manager Overview & Cluster Upgrade Walkthrough
VMware vSphere 6.5 Embedded Update Manager (VUM) Demo
Terminology Overview
Downloading Updates and Related Metadata
Downloading virtual appliance upgrades, host patches, extensions, and related metadata is a predefined automatic process that you can modify. By default, at regular configurable intervals, Update Manager contacts VMware or third-party sources to gather the latest information (metadata) about available upgrades, patches, or extensions.
VMware provides information about patches for ESXi hosts and virtual appliance upgrades.
Update Manager downloads the following types of information:
- Metadata about all ESXi 5.5 and ESXi 6.x patches, regardless of whether you have hosts of such versions in your environment or not.
- Metadata about ESXi 5.5 and ESXi 6.x patches as well as about extensions from third-party vendor URL addresses.
- Notifications, alerts, and patch recalls for ESXi 5.5 and ESXi 6.x hosts.
- Metadata about upgrades for virtual appliances.
Downloading information about all updates is a relatively low-cost operation in terms of disk space and network bandwidth. The availability of regularly updated metadata lets you add scanning tasks for hosts or appliances at any time.
Update Manager supports the recall of patches for hosts that are running ESXi 5.0 or later. A patch is recalled if the released patch has problems or potential issues. After you scan the hosts in your environment, Update Manager alerts you if the recalled patch has been installed on a certain host. Recalled patches cannot be installed on hosts with Update Manager. Update Manager also deletes all the recalled patches from the Update Manager patch repository. After a patch fixing the problem is released, Update Manager downloads the new patch to its patch repository. If you have already installed the problematic patch, Update Manager notifies you that a fix was released and prompts you to apply the new patch.
If Update Manager cannot download upgrades, patches, or extensions — for example, if it is deployed on an internal network segment that does not have Internet access — you must use UMDS to download and store the data on the machine on which UMDS is installed. The Update Manager server can use the upgrades, patches, and extensions that UMDS downloaded after you export them.
For more information about UMDS, see Installing, Setting Up, and Using Update Manager Download Service.
You can configure Update Manager to use an Internet proxy to download upgrades, patches, extensions, and related metadata.
You can change the time intervals at which Update Manager downloads updates or checks for notifications. For detailed descriptions of the procedures, see Configure Checking for Updates and Configure Notifications Checks.
Types of Software Updates and Related Terms
Update Manager downloads software updates and metadata from Internet depots or UMDS-created shared repositories. You can import offline bundles and host upgrade images from a local storage device into the local Update Manager repository.
VIB | A VIB is a single software package. |
Bulletin | A grouping of one or more VIBs. Bulletins are defined within metadata. |
Depot | A logical grouping of VIBs and associated metadata that is published online. |
Host upgrade image | An ESXi image that you can import in the Update Manager repository and use for upgrading ESXi 5.5 or ESXi 6.0 hosts to ESXi 6.5. |
Extension | A bulletin that defines a group of VIBs for adding an optional component to an ESXi host. An extension is usually provided by a third party that is also responsible for patches or updates to the extension. |
Metadata | Extra data that defines dependency information, textual descriptions, system requirements, and bulletins. |
Offline bundle ZIP | An archive that encapsulates VIBs and corresponding metadata in a self-contained package that is useful for offline patching. You cannot use third-party offline bundles or offline bundles that you generated from custom VIB sets for host upgrade from ESXi 5.5 or ESXi 6.0 to ESXi 6.5. |
Patch | A bulletin that groups one or more VIBs together to address a particular issue or enhancement. |
Roll-up | A collection of patches that is grouped for ease of download and deployment. |
VA upgrade | Updates for a virtual appliance, which the vendor considers an upgrade. |