vSphere Update Manager

Using the Update Manager Interface to Upgrade from ESXi 6.5 to 6.7

image

Upgrade VMware ESXi Hosts with the New Update Manager Interface in vSphere 6.7

In VMware vSphere 6.7, the vSphere Update Manger (VUM) interface is now part of the HTML5 vSphere Client.In this demo, we will walk through the workflow to perform a major version upgrade. Click the Update Manager icon to begin.

image

VMware ESXi Image Repository

Update Manager is capable of host patching as well as major version upgrades. Host upgrade software is delivered in an ISO image. To add an image to the VUM repository, click "Import"

image

Add ISO Image

An ESXi ISO image can be obtained from VMware or from a server hardware vendor. Either browse the local disk or enter a URL to have VUM download the file directly. Click "Import"

image

Initiate Baseline Creation

After adding an ESXi ISO image to the VUM repository, it is easy to create an upgrade baseline. Select the desired image and click "New Baseline"

image

Create Upgrade Baseline

In the new VUM interface, upgrade baselines require just a few clicks to create. After specifying a baseline name, verifying the ESXi image, and reviewing the details, click "Finish"

image

Confirm Upgrade Baseline

After creating the upgrade baseline, verify that it is listed on the Baselines tab.

To begin the cluster upgrade procedure, click "Hosts and Clusters"

image

Attach Baseline

VUM is most effective when a baseline is attached to a cluster of ESXi hosts, although it is possible to attach to individual hosts, if necessary. With the cluster selected, click "Attach"

image

Select Baseline to Attach

In the dialog box, we can choose one or more baselines to attach to this cluster. In this scenario, we want to choose just the ESXi 6.7 upgrade baseline we created earlier. Click OK

image

Check Cluster Compliance

With the desired baseline now attached to the cluster, we will have Update Manager check each host to see if they are currently compliant or if they will need to be remediated. Click "Check Compliance"

image

Verify Compliance and Check Remediation Status

Once Update Manager is finished checking each host in the cluster, the results are displayed in the center information card. Here we can see that all four of these hosts are not compliant with the baseline and will need to be remediated. Before we do that, let's run the cluster pre-check to ensure that remediation will be successful. Click "Pre-Check Remediation"

image

Remediation Pre-Check

The pre-check process will check to see if DRS is enabled so that running VMs can be migrated with zero-downtime across the cluster. The pre-check also displays the status of HA admission control and enhanced vMotion compatibility. Click "Done"

image

Verify Pre-Check Results

After running the pre-check, verify that the cluster is ready for upgrade. Click "Remediate" to begin.

image

Streamlined Remediation

In the new Update Manager interface, the remediation wizard from previous releases is gone. Instead, we have a chance to review the actions that will be taken in a very efficient way. Click OK

image

Upgrade Without Downtime

During the cluster remediation process, hosts are put into maintenance mode after the running VMs are migrated to other cluster nodes. This process is repeated, typically one host at a time, until the entire cluster is upgraded. Click the Refresh link to see the final status.

image

Verify Cluster Upgrade

When Update Manager is finished upgrading the cluster, the status information cards will show that the cluster is now compliant. This concludes the new Update Manager interface demo.

Using the Update Manager 6.7 Interface to Patch VMware ESXi 6.5 Hosts

image

Using Update Manager 6.7 to Keep a Cluster of VMware ESXi 6.5 Hosts

Using Update Manager 6.7 to Keep a Cluster of VMware ESXi 6.5 Hosts Patched

VMware vSphere Update Manager is capable of performing major version upgrades, applying patches and updates to supported versions of ESXi host, or installing drivers or other third-party components. In this example, we will walk through the procedure to apply a patch to a cluster of hosts running VMware ESXi 6.5, as the underlying application is not yet certified on VMware ESXi 6.7, so we cannot perform a major version upgrade at this time. Click the Update Manager icon to begin.

image

Empty Patch Repository

By default, Update Manager will download VMware ESXi patches directly from VMware over the public Internet. For improved security, some environments do not allow Internet access from datacenter management components.In this demonstration, Update Manager does not have Internet access, so we will manually import the specific patches deemed necessary. These patches, sometimes called offline bundles or depots, can be downloaded by logging into My VMware; they are distributed in zip format. Click Import to begin.

image

Import Patch Bundle

The VMware ESXi patch bundle can either be uploaded from a local drive or from an internal URL, as seen here. Click Import to complete the process.

image

View the Updates Repository

Once the ESXi patch has finished importing, the individual bulletins can be seen in the repository tab. Everything looks good, click the Baselines tab to continue.

image

Review Baselines

Update Manager is able to perform major version upgrades, apply patches, or install extensions on managed ESXi hosts. Each of these tasks are enabled via baselines In our patching scenario, we need to create a new baseline to act as a container for the patches we just imported. Click New.

image

New Baseline

On the Baselines tab, the "New" menu item has two sub-entries, choose "New Baseline"

image

Baseline Definition Wizard

To create a new baseline, we need to supply a name and an optional description. Since our goal is to apply a patch to VMware ESXi 6.5 hosts, select the Patch option and click next.

image

Manual Patch Baseline

In this environment, there are tight controls for compliance reasons - we will specify the exact patches to install instead of dynamically matching patterns through the automatic feature - uncheck that option and click next.

image

Select Patches

For this baseline, we will select the two patch bulletins that are part of the bundle we just uploaded.Since this environment does not have Internet access, only the patches that we import to the repository appear in this list. In a lessrestrictive datacenter, this list would include all possible patch releases and could be filtered as needed by clicking the column headings. Click Next.

image

Verify Baseline

One final check of the patch baseline... Everything looks good, so click Finish.

image

Confirm Patch Baseline

After creating the new baseline, it appears in the list. Click Hosts and Clusters

image

Prepare to Patch the Cluster

With the target cluster selected, click Attach to select the patch baseline we just created.

image

Select Patch Baseline

We can attach the new patch baseline by checking the corresponding box. Click OK

image

Check Baseline Compliance

Now that the baseline is attached to the cluster, Update Manager will check each host to see if action is required in order for that host to be considered compliant. Click Check Compliance

image

Cluster Not Compliant

Once the compliance check is finished, Update Manager will indicate the status of each host in the cluster. In this case, all of the hosts are out of compliance and need to have the patch installed, as expected. Before we begin, we will first check the cluster for any potential blocking issues by using the

pre-check. Click Pre-Check Remediation.

image

Pre-Check Finished

The pre-check dialog box will show the status of individual items, such as confirming DRS is enabled. Everything is ready for remediation, so click Done.

image

Begin Remediation

Now that the pre-check is finished, we can proceed with cluster remediation. Click Remediate

image

New Remediate Interface

Update Manager 6.7 features a new interface with a streamlined flow, and no longer uses the multi-step wizard when remediating. After reviewing the actions that will be taken, click OK.

image

Remediate With Zero Downtime

Update Manager evacuates hosts one at a time and places them into maintenance mode before applying the patches. Running VMs are moved to other hosts with vMotion. Click Refresh to check the cluster status.

image

Patching Complete

After Update Manager is finished applying patches to all nodes in the cluster, the status will be updated to show that they are compliant with our chosen patch baseline.Update Manager 6.7 can upgrade hosts to the latest release of VMware ESXi, or it can keep hosts running older versions patched until the time comes to upgrade.

Faster Host Upgrades to vSphere 6.7

Faster Upgrades to vSphere 6.7

VMware vSphere 6.7 incorporates optimizations that speed up major version upgrades, so customers moving from 6.5 to 6.7 will spend less time waiting for hosts to upgrade.

Using the Update Manager 6.7 Interface to Patch VMware ESXi 6.7 Hosts

image

VMware vSphere Update Manager is capable of performing major version upgrades, applying patches and updates to supported versions of ESXi host, or installing drivers or other third-party components. In this example, we will walk through the procedure to patch a host running VMware ESXi 6.7 using existing baselines.

image

Click the Update Manager icon to begin.

image

By default, there are no baselines attached to a cluster. Since we are using precreated baselines we will proceed to attach those baselines to the host for remediation.

 

image

As we already have existing baselines, we will choose the option to Attach Baseline or Baseline Group. If we needed to create a custom baseline, we can choose the option to Create and Attach Baseline.

 

image

We will select all baseline we choose to attach to our host for remediation.

 

imageOnce all baselines have been selected we will proceed to choose Attach to associate them with our ESXi host.

image

The next thing we need to do is Check Compliance of our host against Update Manager. Check Compliance does a check of currently installed patches, updates and upgrades installed on the ESXi host against what is within the Attached Baselines and Baseline Groups. If there are any missing patches, upgrades or updates the object will be in a Non-Compliant state.

image

Once the Scan is complete, we can see the status of the Compliance check. We can see that this host as 57 patches that need to be applied with 8 critical and 3 security fixes.Let's minimize the Recent tasks to proceed.

image

A new feature in 6.7 Update 1 and above is the ability to do a Pre-Check Remediation. This will detect and issues that may stop your remediation from completing successfully.Let's run the Pre-Check Remediation and see the results.

image

Our Remediation Pre-Check has passed, as we have no outstanding issues. Any errors that could impact remediation would be shown here such as DRS being disabled or attached removable media devices.Lets close the Remediation Pre-Check to proceed.

image

We are now ready to proceed with Remediation. Lets select All baselines we wish to apply to our host.

image

With the baselines selected we can now choose Remediate.

image

During Remediation the Pre-Check Remediation will also run if you did not manually choose it before. We have a few options below so let's explore them, starting with seeing which updates we are installing.

image

If we expand out the Install Updates, we can see all updates that will be applied to this object. The next section will cover whether or not you wish to remediate the object immediately or schedule for a future date or time.

 

image

If you choose to modify the scheduling options you can create a scheduled task to remediate the object at a later date or time. If you uncheck the option it will run immediately. Let's review the remediation settings.

 

image

Within this screen we can see the remediation options that have been chosen, these are configured at the vCenter Server level, so if you wish to modify them you need to Close Dialog and Go to Settings. Please note new features introduced with 6.7 Update 2 will allow you to disable Quick Boot as well as Disable the Check Host health after installation for VSAN Hosts. Consult the Release Notes and Documentation for more information on these features.

 

image

Once we have reviewed all the options, we can proceed to Remediate our ESXi host.

 

image

During an Update Manager remediation, if a host is not already in maintenance mode the first step is to put that host into maintenance mode, moving all running virtual machines to another host within the cluster. If DRS is disabled you will need to manually migrate or power off VMs.

 

image

Once the host is put into maintenance mode, Update Manager will automatically Install the updates and reboot the host.

 

image

When remediation is complete, a Check Compliance scan is automatically ran and the host will be removed from maintenance mode. Our remediation is now complete as our host is in Compliance with all the attached baselines.

 

image

Thank you for reviewing our walkthrough on patching your VMware ESXi 6.7 host. For more information and walkthroughs please view our VMware Blogs.

 

vSphere Quick Boot Demo

VMware vSphere 6.7 Quick Boot

VMware vSphere 6.7 introduces a new technology that reduces the time required for hypervisor maintenance tasks.  By using vSphere Quick Boot, VMware ESXi restarts without rebooting the underlying physical server.  This eliminates the time-consuming device initialization and self-testing procedures, shortening the time required to patch or upgrade a host.

Upgrading a cluster with VUM

vSphere Update Manager Overview & Cluster Upgrade Walkthrough

VMware vSphere 6.5 Embedded Update Manager (VUM) Demo

 

 

Terminology Overview

Downloading Updates and Related Metadata

Downloading virtual appliance upgrades, host patches, extensions, and related metadata is a predefined automatic process that you can modify. By default, at regular configurable intervals, Update Manager contacts VMware or third-party sources to gather the latest information (metadata) about available upgrades, patches, or extensions.

VMware provides information about patches for ESXi hosts and virtual appliance upgrades.

Update Manager downloads the following types of information:

  • Metadata about all ESXi 5.5 and ESXi 6.x patches, regardless of whether you have hosts of such versions in your environment or not.
  • Metadata about ESXi 5.5 and ESXi 6.x patches as well as about extensions from third-party vendor URL addresses.
  • Notifications, alerts, and patch recalls for ESXi 5.5 and ESXi 6.x hosts.
  • Metadata about upgrades for virtual appliances.

Downloading information about all updates is a relatively low-cost operation in terms of disk space and network bandwidth. The availability of regularly updated metadata lets you add scanning tasks for hosts or appliances at any time.

Update Manager supports the recall of patches for hosts that are running ESXi 5.0 or later. A patch is recalled if the released patch has problems or potential issues. After you scan the hosts in your environment, Update Manager alerts you if the recalled patch has been installed on a certain host. Recalled patches cannot be installed on hosts with Update Manager. Update Manager also deletes all the recalled patches from the Update Manager patch repository. After a patch fixing the problem is released, Update Manager downloads the new patch to its patch repository. If you have already installed the problematic patch, Update Manager notifies you that a fix was released and prompts you to apply the new patch.

If Update Manager cannot download upgrades, patches, or extensions — for example, if it is deployed on an internal network segment that does not have Internet access — you must use UMDS to download and store the data on the machine on which UMDS is installed. The Update Manager server can use the upgrades, patches, and extensions that UMDS downloaded after you export them.

For more information about UMDS, see Installing, Setting Up, and Using Update Manager Download Service.

You can configure Update Manager to use an Internet proxy to download upgrades, patches, extensions, and related metadata.

You can change the time intervals at which Update Manager downloads updates or checks for notifications. For detailed descriptions of the procedures, see Configure Checking for Updates and Configure Notifications Checks.

Types of Software Updates and Related Terms

Update Manager downloads software updates and metadata from Internet depots or UMDS-created shared repositories. You can import offline bundles and host upgrade images from a local storage device into the local Update Manager repository.

VIB A VIB is a single software package.
Bulletin A grouping of one or more VIBs. Bulletins are defined within metadata.
Depot A logical grouping of VIBs and associated metadata that is published online.
Host upgrade image An ESXi image that you can import in the Update Manager repository and use for upgrading ESXi 5.5 or ESXi 6.0 hosts to ESXi 6.5.
Extension A bulletin that defines a group of VIBs for adding an optional component to an ESXi host. An extension is usually provided by a third party that is also responsible for patches or updates to the extension.
Metadata Extra data that defines dependency information, textual descriptions, system requirements, and bulletins.
Offline bundle ZIP An archive that encapsulates VIBs and corresponding metadata in a self-contained package that is useful for offline patching. You cannot use third-party offline bundles or offline bundles that you generated from custom VIB sets for host upgrade from ESXi 5.5 or ESXi 6.0 to ESXi 6.5.
Patch A bulletin that groups one or more VIBs together to address a particular issue or enhancement.
Roll-up A collection of patches that is grouped for ease of download and deployment.
VA upgrade Updates for a virtual appliance, which the vendor considers an upgrade.

 

 

Filter Tags