Save to My DOJO
In the first post from this series, I talked about vSphere Update Manager and the role it plays in securing vSphere environments by keeping your hosts and resource updated with the latest updates and patches. In today’s post, I’ll be taking you through the actual installation process for VUM 6.0. Some of the topics discussed include baselines and upgrade an ESXi host.
Without further ado, let’s dive in.
How to Install vSphere Update Manager (VUM)
Before you begin, make sure that .NET Framework 3.5 is installed otherwise the VUM installation wizard alerts you to it and will try to install it automatically. There’s a chance this will fail, so you’d be better off installing it manually prior to running the VUM installation wizard.
Next, get hold of the vCenter Server ISO image (ex. VMware-VIMSetup-all-6.0.0-3040890.iso) which you can download from VMware’s site unless you already have it, which is probably the case if you’re reading this. Regardless, copy the ISO image to the server on which you wish to install VUM and mount it as a drive; you can choose to extract it to a folder if this works better for you.
- Click on the autorun.exe file to launch the installation wizard
- Select Server under vSphere Update Manager. Tick on the Use Microsoft SQL … check box right under the Embedded Database Option. We’ll be using the bundled Microsoft SQL Express edition to host the VUM database.
- Installation of the SQL Server proceeds automatically as shown by the following two screenshots.
- Choose the default language after SQL finishes installing.
- Click Next to starting installing VUM
- Accept the EULA and click Next.
- Tick on the Download updates from … check box to force VUM to download updates right after it’s done installing. You can leave the option unchecked if you’re planning on installing the Download Service instead. Click Next.
- Next, type in the IP address or hostname of the vCenter Server, the credentials for an administrative account and the HTTP port. The latter is set to the default value of 80. Click Next.
- From the drop-down list, select the hostname or IP address which identifies VUM on the network. If in doubt, choose the IP address making sure it’s accessible from all the ESXi host VUM will be managing. Leave the network ports set to their default values unless required. If you’re using an Internet proxy, tick on the Yes, I have Internet connection … check box and enter the relevant details. Click Next.
- Specify the location where VUM is installed and the patch repository is created. Click Next.
- In part 1, I showed you how the Sizing Estimator is used to calculate disk space requirements. You can safely ignore the disk space warning if you did your homework! Click OK.
- Click Install to start installing VUM
How to Install the Update Manager Download Service
In part 1, I alluded to the possibility of being asked to install the Update Manage Download Service (UMDS) as a DMZ service to conform with security policies enforced by your organization.
I won’t be listing the steps required to install UMDS, however you will find a complete walk-through here.
Similar to the VUM pre-installation process, you will create a database, a DSN, the ODBC connection as well as making sure that MSI 4.5 is installed on the computer if you plan on using the SQL Express bundle.
Note: UMDS must and cannot not be installed on the same server running VUM (Figure 19).
Enabling VUM when using the thick vSphere client
Having installed the VUM server, it’s now time to install the respective client. You will install the client on whichever workstation you use to manage vCenter Server. Needless to say, the vSphere thick client (C#) needs to be installed first unless you only use the vSphere Web Client, in which case you might as well skip this section.
- Using the vSphere Client (C#), log onto the vCenter Server specified during the VUM install. Change to Home view and in doing so select Plugins and Manage Plugins from the top menu.
- Locate the VMware vSphere Update Manager Extension plug-in as listed in Figure 21. Click on the Download and Install link. The plug-in installer should download and execute automatically.
- Chose the language for the installer and click OK.
- Click Next to move past the Welcome screen.
- Review and accept the EULA and click Next.
- Click Install to finalize the plug-in installation.
- Press Finish to terminate the installation wizard.
- At this point, a security warning may pop up the cause of which is generally the infamous untrusted SSL certificate due to a hostname mismatch. You can safely ignore the warning by clicking Ignore.
- Back in Home view, you should see a new icon called Update Manger listed under Solutions and Applications. Clicking on it will take you to the Update Manager Administration screen.
- You might see a Download patch definitions task running in the status window. This happens when you enable the automatic download of updates once the VUM server finishes installing (see Figure 11).
Enabling VUM when using the vSphere Web client
As mentioned in part 1, the VUM plugin is automatically enabled in vSphere Web Client voiding the need for user intervention. Similarly, you’ll find that an Update Manager icon is created under the Home as is an Update Manager menu item in Navigator.
How to Configure the VUM Server
Now that the clients have been installed and enabled, we can review some of the VUM server settings. To do this, switch over to the “Configuration” tab on the “Update Manager Administration” screen in the vSphere Client. The list of configurable items are grouped under “Settings” amongst which the patch download and schedule settings shown in Figure 33.
You should also double-check that the Take a snapshot … option under Virtual Machine Settings is enabled. I also make it a point to retain snapshots for a couple of days. Any VM or application issues arising after an upgrade or applied patch, may not be immediately apparent so it’s best to be safe than sorry.
Importing an ESXi image and attaching an upgrade baseline
Let’s briefly cover baselines. A baseline is simply a collection of one or more patches, upgrades or extensions. Different baselines may be combined in what are called baseline groups, if need be. Furthermore, they may be static or dynamic with the latter simply meaning that criteria are used to filter out redundant patches. By default, VUM creates the following baselines;
Critical Host Patches (Predefined)
|Checks ESXi hosts for compliance with all critical patches.|
|Non-Critical Host Patches (Predefined)||Checks ESXi hosts for compliance with all optional patches.|
|VMware Tools Upgrade to Match Host (Predefined)||Checks virtual machines for compliance with the latest VMware Tools version on the host. Update Manager supports upgrading of VMware Tools for virtual machines on hosts that are running ESXi 5.0 and later.|
|VM Hardware Upgrade to Match Host (Predefined)||Checks the virtual hardware of a virtual machine for compliance with the latest version supported by the host. Update Manager supports upgrading to virtual hardware version vmx-11 on hosts that are running ESXi 6.0.|
|VA Upgrade to Latest (Predefined)||Checks virtual appliance compliance with the latest released virtual appliance version.|
Make sure to refer to this link for further details. Moving on.
- The first step before upgrading one or more ESXi hosts is to import the respective ESXi ISO image(s) to the patch repository. You do this by clicking on the Import ESXi Image… link under the ESXi Images tab (Figures 35-36).
- Next, create the baseline containing the uploaded ESXi image
- Finally, you will attach the baseline to one or more ESXi servers. You do this by changing to the “Hosts and Clusters” view, selecting the ESXi host you want to attach the baseline to and selecting Attach …
This next video illustrates the process just covered.
Note: The Update Manager Administration screen switches over to the “Compliance” view when working with hosts, VMs and vApps. You’ll also notice the extra Update Manager tab added to all the views when a host, VM or vApp is selected.
Scanning, Staging and Remediation
Now that we’ve created our first upgrade baseline we can proceed to upgrade any non-compliant ESXi host. First, I’ll attach the default baselines to my ESXi hosts just to illustrate the difference between scanning, staging and remediation.
For completeness sake, I’ll define these three tasks and in doing so, I’ll quote directly from VMware’s documentation;
- Scanning is the process in which attributes of a set of hosts, virtual machines, or virtual appliances are evaluated against the patches, extensions, and upgrades included in the attached baselines and baseline groups.
- Staging allows you to download patches and extensions from the Update Manager server to the ESXi hosts without applying the patches and extensions immediately.
- Remediation is the process in which Update Manager applies patches, extensions, and upgrades to ESX/ESXi hosts, virtual machines, or virtual appliances after a scan is complete. Remediation makes the selected vSphere objects compliant with patch, extension, and upgrade baselines.
Any of these tasks are generally carried out by right-clicking on the vSphere object needing remediation (Figure 43). Note that staging is applicable only to ESXi hosts and the containers in which they reside including clusters and datacenters.
In the case of ESXi hosts, these tasks are carried out sequentially. A scan is first carried out to determine which updates and upgrades are applicable. We then stage to make sure that there are no issues impeding VUM from talking to the ESXi hosts and vice-versa. Lastly, we remediate. This is where patching and/or upgrading takes place.
Note: In most cases the ESXi host is put in maintenance mode and rebooted. This is not much of an issue if the host is part of a cluster, since any vms and vApps hosted on it are vMotioned over. It will however become one if you have a single ESXi host and haven’t scheduled planned downtime!
This is turning to be one lengthy article so it’s best if I use another video to illustrate how to upgrade an ESXi host. I’ll be upgrading from ESXi 6.0 U1 to ESXi 6.0 U1a. The host has already been scanned and found to be non-compliant meaning that the upgrade and perhaps some updates apply. I’ll first stage and then remediate. I’m upgrading a nested ESXi host, so mid-way through the video, you can see the upgrade steps being executed on the host’s console. Finally, once the host is upgraded, I scan it once more to verify that it is fully compliant in relation to the attached baselines.
The same principles apply when it comes to upgrading virtual machine hardware and vmtools so I won’t be tackling this today. This concludes this 2-part series on VUM which I hope you enjoyed. For more interesting posts on everything VMware, make sure to check out the complete list of posts on our blog.
[the_ad id=”4738″][the_ad id=”4796″]
Not a DOJO Member yet?
Join thousands of other IT pros and receive a weekly roundup email with the latest content & updates!