What is Required to Use vSphere Update Manager?
VUM is included with every version of vSphere when you purchase vCenter. It doesn't work with the free version of vSphere. You'll find VUM on the vCenter installation media so you don't have to download it separately.
Like vCenter, VUM requires a SQL or Oracle database that can be local or remote to the VUM server. Whether or not your database is local or remote depends on a number of factors such as the size of your virtual infrastructure, the resources of your physical server (likely your vCenter server), and your experience with databases. In my home lab, I installed VUM on top of the same vCenter server database already running.
The Update Manager Process
To use VUM you must first understand how update manager does what it does. The basic process is:
- Create a baseline – this is essentially a "profile" that says that all objects (VMs, hosts, or virtual appliances) should "look like this" or meet these requirements. Those requirements, in the case of VUM, would be specific ESXi operating systems, patches, virtual machine tools, or virtual appliance patches.
- Attach a baseline to vSphere objects – once you have the baseline profile, you connect that baseline profile to a host, VM, or virtual appliance. More than likely, you will attach it to a baseline group, which is just a group of these objects.
- Scan – with the baseline attached to the object, you then scan the infrastructure objects you specified to see if those objects are in compliance with your baseline. From these results, you'll know what needs updating and what doesn't.
- Remediate – once you review the results of the scans, you'll want to remediate. Remediation just means that the ESXi operating system image, ESXi patch, VMware Tools update, or virtual appliance patches are actually applied to those objects. This remediation could be orchestrated such that virtual machines are moved around the cluster, off ESXi hosts that are getting upgraded (and then back) or it could be scheduled to occur after hours.
- Review the Results – after remediation, of course you'll want to review the results to ensure that the patches were actually applied, that there were no errors, and that the vSphere objects are now in compliance with the baselines you created
Of course, as new patches and updates are released all the time, this is a continuous process that you will perform (or schedule to be performed) frequently.
Now let's look at each of these steps (and a few other important configuration changes) in more detail.
Configuring a VUM Download Source & Downloading Updates
By default, update manager will download patches from VMware over the Internet. If that is all that you want to do, you can move on to the next step and use the defaults.
On the other hand, if your VUM server that isn't connected to the Internet is at a branch office location, or you want to import third-party patches you will need to configure a custom download source.
Considering the source for your patches, for the long-term design of vSphere updating is important. Thus, I recommend at least reviewing the download sources, types of patches that will be downloaded, and whether or not you want to do any 3rd party imports or configure shared patch repositories at this time. You can do that under Home | Solutions and Applications | Update Manager | Configuration tab | and Download Settings.
Pic 1: Configuring Download Sources
Whether you make any changes to the default, you should choose to Download Now from the graphic you see above to initiate the patch downloads and build your repository.
Baselines and Baseline Groups
Once you have patches, you need to create baselines and baseline groups –OR—use the default baselines. If you opt to use the defaults then you should just spend some time reviewing them.
When you move from using the default to customs, before you create baseline groups, it's important to first understand baselines, the default baselines and the types of custom baselines you can create. When you gain experience with those, you can move on to baseline groups.
There are 3 types of baselines:
- Upgrade baselines – including those for host, virtual machine, and virtual appliances
- Patch baselines – including dynamic patch baselines and fixed baselines
- Extension baselines – typically including third-party software
VUM has the following baselines available, by default:
- Critical Host Patches - Checks ESX/ESXi hosts for compliance with all critical patches.
- Non-Critical Host Patches - Checks ESX/ESXi hosts for compliance with all optional patches.
- VMware Tools Upgrade to Match Host - Checks virtual machines for compliance with the latest VMware Tools version on the host. Update Manager supports upgrading of VMware Tools for virtual machines on hosts that are running ESX/ESXi 4.0 and later.
- VM Hardware Upgrade to Match Host - Checks the virtual hardware of a virtual machine for compliance with the latest version supported by the host. Update Manager supports upgrading to virtual hardware version 8.0 on hosts that are running ESXi 5.x.
- VA Upgrade to Latest - Checks virtual appliance compliance with the latest released virtual appliance version.
Baselines and baseline groups are administered from the respective tab in the VUM administrator view:
Pic 2: Viewing Baselines
Attaching Baselines in Compliance View
We spent all of our time so far in "admin view" (under "Solutions and Applications"). Now, you need to move to "compliance view", which is found on a new tab inside the hosts or virtual machine inventory. Once in compliance view, there is a very nice Help graphic to walk you through the process of attaching baselines, scanning, and remediating.
Pic 3: Help for the Compliance View
In fact, that's exactly what we need to do.
Attach your baseline.
Pic 4: Assigning Baselines
The attachment of the baseline could be done at the host, VM, or virtual appliance level and inside the vSphere Hosts and Clusters OR over in vSphere Virtual Machines and Templates.
Scanning vSphere Infrastructures with VUM
Now that you have patches and baselines and those baselines are attached, you need to see if your hosts and VMs are in compliance with the baselines. In other words, do the hosts and VMs need updating, or not? In Compliance View,
In the compliance view, you click Scan to begin scanning those objects (hosts and VMs) to compare them against the baselines that you have in use.
Pic 5: Scanning with Update Manager
When you initiate a scan, you'll be asked to confirm if you want to scan for Patches and Extensions or Upgrades or Both.
Figure 6: Confirming the Type of VUM Scan
Once scanned, the results will tell you if you are in compliance with the baseline or if you need to remediate (apply your patches or upgrades).
Pic 7: Virtual Machine Out of Date
As you can see, this virtual machine isn't in compliance with the baseline and need updating!
Updating Hosts and Virtual Machines with Update Manager
Bringing hosts and virtual machines into compliance is usually as easy as pressing the Remediate button.
As a test, let's update a VM with the latest VMware Tools. To do this, we'll go to the virtual machines and templates view, to the Update Manager tab, and click Remediate.
Pic 8: Remediating a VM
You'll have a few questions to answer here about scheduling and rollback but then, very quickly, you'll be ready to click Finish.
Pic 9: Remediating a Desktop
After a few minutes, your update should be applied and it is ready to use again.
You'll see that that the compliance of that VSM has changed to a GREEN color, telling you that mot all the VMs now meets the minimum requirements.
Pic 10: Virtual Machine in Compliance
With our VM (or host or virtual appliance) in the GREEN status, you know that the updates were successful.
No comments:
Post a Comment