vSphere Update Manager and Host Maintenance

Module 11

© 2015 VMware Inc. All rights reserved.

You Are Here
1. Course Introduction
2. Software-Defined Data Center
3. Creating Virtual Machines
4. vCenter Server
5. Configuring and Managing
Virtual Networks
6. Configuring and Managing
Virtual Storage
© 2015 VMware Inc. All rights reserved.
7. Virtual Machine Management
8. Resource Management and
Monitoring
9. vSphere HA and vSphere Fault
Tolerance
10. Host Scalability
11. vSphere Update Manager and
Host Maintenance
12. Installing vSphere Components
VMware vSphere: Install, Configure, Manage 11-2
Importance
Over time, your VMware vSphere® environment might undergo changes
in its hardware or software configuration, or in the form of software
updates or patches.
From a manageability and scalability perspective, you should implement
changes to your vSphere environment in an orderly, controlled, and
systematic fashion.

VMware vSphere: Install, Configure, Manage 11-3

© 2015 VMware Inc. All rights reserved.
Module Lessons
Lesson 1: Introducing vSphere Update Manager and Patch
Management
Lesson 2: Host Profiles

VMware vSphere: Install, Configure, Manage 11-4

© 2015 VMware Inc. All rights reserved.
Lesson 1:
Introducing vSphere Update
Manager and Patch Management

11-5
© 2015 VMware Inc. All rights reserved.
Learner Objectives
By the end of this lesson, you should be able to meet the following
objectives:
• Describe VMware vSphere® Update Manager™ functionality
• List the steps to install vSphere Update Manager
• Use vSphere Update Manager to create and attach a baseline

VMware vSphere: Install, Configure, Manage 11-6

© 2015 VMware Inc. All rights reserved.
About vSphere Update Manager
vSphere Update Manager enables centralized, automated patch and
version management for VMware ESXi™ hosts, virtual machine
hardware, VMware Tools™, and virtual appliances.
vSphere Update Manager reduces security risks:
• Reduces the number of vulnerabilities.
• Eliminates many security breaches that exploit older vulnerabilities.

vSphere Update Manager reduces the diversity of systems in an

environment:
• Makes management easier.
• Reduces security risks.

vSphere Update Manager keeps machines running more smoothly:

• Patches include bug fixes.
• Makes troubleshooting easier.

VMware vSphere: Install, Configure, Manage 11-7

© 2015 VMware Inc. All rights reserved.
vSphere Update Manager Capabilities
Automated patch downloading:
• Begins with information-only downloading.
• Is scheduled at regular configurable intervals.

Creation of baselines and baseline groups

Scanning:
• Inventory systems are scanned for baseline compliance.

Remediation:
• Inventory systems that are not compliant can be automatically patched.

Reduces the number of reboots required after VMware Tools updates

VMware vSphere: Install, Configure, Manage 11-8

© 2015 VMware Inc. All rights reserved.
vSphere Update Manager Components
vSphere Update Manager includes several components and requires
network connectivity with VMware vCenter Server™.
vSphere Update Manager server component:
• Install on the same computer as Windows vCenter Server or on a different
computer.
Client components:
• VMware vSphere® Update Manager Client™ runs on the desktop:
– Use the vSphere Update Manager Client to perform patch and version management
of the vSphere inventory.
• Update Manager tab in the VMware vSphere® Web Client plug-in:
– Use to view scan results and compliance states for vSphere inventory objects.

Database:
• Use to store and organize server data.

VMware vSphere: Install, Configure, Manage 11-9

© 2015 VMware Inc. All rights reserved.
Requirements for Installing vSphere Update Manager
vSphere Update Manager has the following installation requirements:
• vCenter Server must be installed before installing vSphere Update Manager.
• Installation of vSphere Update Manager requires network connectivity with an
existing vCenter Server system.
• Each vSphere Update Manager installation must be associated with a single vCenter
Server instance.
• The vSphere Update Manager server can be installed on the same system as
vCenter Server or on a different system.
• vSphere Update Manager 6.0 can be installed only on 64-bit Windows operating
systems. vSphere Update Manager 6 is compatible only with vCenter Server 6.
• vSphere Update Manager provides the following client components:
– vSphere Update Manager Client
– vSphere Update Manager Web Client

• The vSphere Update Manager server requires an SQL Server or an Oracle database.
• Install the vSphere Update Manager components from the vCenter Server installer
for Windows.

VMware vSphere: Install, Configure, Manage 11-10

© 2015 VMware Inc. All rights reserved.
Installing vSphere Update Manager
To use vSphere Update Manager, you must ensure that your vCenter
Server 6 is already installed, and complete the following tasks:
1. Create and prepare a database.
2. Install the vSphere Update Manager server.
3. Install the vSphere Update Manager Client.
4. Enable the vSphere Update Manager plug-in for the vSphere Web
Client.

VMware vSphere: Install, Configure, Manage 11-11

© 2015 VMware Inc. All rights reserved.
Configuring vSphere Update Manager Settings
You can modify the vSphere Update Manager configuration only if you
have the correct privileges:
• Network Connectivity Settings
• Download Settings
• Proxy Settings
• Checking for Updates (Download Schedule) Settings
• Notification Check Schedule Settings
• Virtual Machine Settings
• Host and Cluster Settings

VMware vSphere: Install, Configure, Manage 11-12

© 2015 VMware Inc. All rights reserved.
Baseline and Baseline Groups
A baseline includes one or more patches, extensions, or upgrades:
• vSphere Update Manager includes two default dynamic patch baselines and
three upgrade baselines.
A baseline group includes multiple baselines:
• Can contain one upgrade baseline and one or more patch and extension
baselines.

VMware vSphere: Install, Configure, Manage 11-13

© 2015 VMware Inc. All rights reserved.
Creating and Editing Patch or Extension Baselines
You can create custom patch, extension, and upgrade baselines to meet
the needs of your specific deployment by using the New Baseline wizard:
• Create a fixed patch baseline:
– Fixed baselines consist of a set of patches that do not change as patch availability
changes.
• Create a dynamic patch baseline:
– Dynamic baselines consist of a set of patches that meet certain criteria.

• Create a host extension baseline:

– Extension baselines contain additional software for ESXi hosts. This additional
software might be VMware software or third-party software.
• Filter patches or extensions in the New Baseline wizard:
– When you create a patch or extension baseline, you can filter the patches and
extensions available in the vSphere Update Manager repository to find specific
patches and extensions to exclude or include in the baseline.

VMware vSphere: Install, Configure, Manage 11-14

© 2015 VMware Inc. All rights reserved.
Attaching a Baseline
To view compliance information and scan objects in the inventory against
baselines or baseline groups, you must first attach baselines or baseline
groups to these objects.
You can attach baselines or baseline groups to objects from the Update
Manager Web Client in the vSphere Web Client.
• Click the Monitor > Update Manager > Attach tabs.

VMware vSphere: Install, Configure, Manage 11-15

© 2015 VMware Inc. All rights reserved.
Scanning for Updates
Scanning evaluates the inventory object against the baseline or baseline
group.

VMware vSphere: Install, Configure, Manage 11-16

© 2015 VMware Inc. All rights reserved.
Viewing Compliance for vSphere Objects
You can review compliance information for the virtual machines, virtual
appliances, and hosts against baselines and baseline groups that you
attach.

VMware vSphere: Install, Configure, Manage 11-17

© 2015 VMware Inc. All rights reserved.
Remediating Objects
You can remediate virtual machines, templates, virtual appliances, and
hosts:
• You can perform the remediation immediately or schedule it for a later date.
• Host remediation runs in different ways, depending on the types of baselines
that you attach and whether the host is in a cluster or not.
• For ESXi hosts in a cluster, the remediation process is sequential by default.
• Remediation of hosts in a cluster requires that you temporarily disable cluster
features such as VMware vSphere® Distributed Power Management™ and
VMware vSphere® High Availability admission control.

VMware vSphere: Install, Configure, Manage 11-18

© 2015 VMware Inc. All rights reserved.
Patch Recall Notification
At regular intervals, vSphere Update Manager contacts VMware to
download notifications about patch recalls, new fixes, and alerts:
• Notification Check Schedule is selected by default.

On receiving patch recall notifications, vSphere Update Manager takes

the following actions:
• Generates a notification in the notification tab
• No longer applies the recalled patch to any host:
– Patch is flagged as recalled in the database.

• Deletes the patch binaries from its patch repository

vSphere Update Manager does not uninstall recalled patches from ESXi
hosts. It waits for a newer patch and applies that patch to make a host
compliant.

VMware vSphere: Install, Configure, Manage 11-19

© 2015 VMware Inc. All rights reserved.
Lab 23: Using vSphere Update Manager
Install, configure, and use vSphere Update Manager
• Install the vSphere Update Manager Server
• Install vSphere Update Manager
• Modify the Cluster Settings
• Configure vSphere Update Manager
• Create a Patch Baseline
• Attach a Baseline and Scan for Updates
• Stage the Patches onto the ESXi Hosts
• Remediate the ESXi Hosts

VMware vSphere: Install, Configure, Manage 11-20

© 2015 VMware Inc. All rights reserved.
Review of Learner Objectives
You should be able to meet the following objectives:
• Describe vSphere Update Manager functionality
• List the steps to install vSphere Update Manager
• Use vSphere Update Manager to create and attach a baseline

VMware vSphere: Install, Configure, Manage 11-21

© 2015 VMware Inc. All rights reserved.
Lesson 2:
Host Profiles

11-22
© 2015 VMware Inc. All rights reserved.
Learner Objectives
By the end of this lesson, you should be able to meet the following
objectives:
• Describe the host profiles workflow
• Identify how to create a host profile
• Recognize how to apply a host profile to an ESXi host or cluster
• Use host profiles to perform remediation on an ESXi host

VMware vSphere: Install, Configure, Manage 11-23

© 2015 VMware Inc. All rights reserved.
About Host Profiles
Host profiles provide an automated and centrally managed mechanism
for host configuration and configuration compliance.

VMware vSphere: Install, Configure, Manage 11-24

© 2015 VMware Inc. All rights reserved.
Host Profiles Workflow
The host profile workflow starts with the concept of a reference host. The
reference host serves as the template from which the host profile is
extracted:
1. Set up and configure the reference host.
2. Create a host profile from the reference host.
3. Attach other hosts or clusters to the host profile.
4. Check the compliance of the added hosts to the host profile. If all
hosts are compliant with the reference host, they are correctly
configured.
5. Apply the resulting recommendations to the hosts.

VMware vSphere: Install, Configure, Manage 11-25

© 2015 VMware Inc. All rights reserved.
Creating a Host Profile
You create a host profile by extracting the designated reference host’s
configuration.

VMware vSphere: Install, Configure, Manage 11-26

© 2015 VMware Inc. All rights reserved.
Attaching a Host Profile to a Host or Cluster
After creating a host profile from a reference host, you attach the host or
cluster to the host profile.

VMware vSphere: Install, Configure, Manage 11-27

© 2015 VMware Inc. All rights reserved.
Checking Compliance
You can confirm the compliance of a host or cluster to its attached host
profile and determine which configuration parameters on a host are
different from those specified in the host profile.

VMware vSphere: Install, Configure, Manage 11-28

© 2015 VMware Inc. All rights reserved.
Remediating an ESXi Host
In the event of a compliance failure, use the remediate function to apply
the host profile settings onto the host.
This action changes all host profile-managed parameters to the values
contained in the host profile attached to the host.

VMware vSphere: Install, Configure, Manage 11-29

© 2015 VMware Inc. All rights reserved.
Review of Learner Objectives
You should be able to meet the following objectives:
• Describe the host profiles workflow
• Identify how to create a host profile
• Recognize how to apply a host profile to an ESXi host or cluster
• Use host profiles to perform remediation on an ESXi host

VMware vSphere: Install, Configure, Manage 11-30

© 2015 VMware Inc. All rights reserved.
Key Points
• vSphere Update Manager reduces security vulnerabilities by keeping systems
up to date and by reducing the diversity of systems in an environment.
• Host profiles encapsulate the host configuration and help you manage the host
configuration.
Questions?

VMware vSphere: Install, Configure, Manage 11-31

© 2015 VMware Inc. All rights reserved.