In the previous article, I talked about the installation of VMware vSphere Update Manager (VUM) 5.0. In this article, I want to explain the basic configuration options that we can play with and how we can apply patches to host machines via VUM. In previous version of VUM, virtual machines can be patched also. But in this version, we can only patch hosts, upgrade hosts and perform VMware Tools / Virtual Machine hardware upgrade operations. So lets begin with the basic configuration options we have.
When I open the “Admin View” of VUM, I see 8 tabs that I can move around. These are; “Getting Started”, “Baseline and Groups”, “Configuration”, “Events”, “Notifications”, “Patch Repository”, “ESXi Images” and “VA Upgrades”.
The first tab you have to visit is “Configuration” (Figure 1). Here, we have seven different menu options / links on the lefthand side. First one is the “Network Connectivity”. We define the communication ports and IP address of the patch store here. If you want to change the port settings for security resasons (for example), you can do it here. The second link is “Download Settings” (Figure 2). In this section, we can define the internet connection settings for Update Manager Server and also we define the patch download sources. By default, four of the download sources are listed here but you can add more sources according to your need. As you can see in the figure, I added a third party source for my HP-branded ESXi hosts. You can also manually download patches to a shared folder and define that shared folder as an update repository. This is mostly useful if you don’t want your Update Manager Server to connect to the internet directly. After we configure the settings we can download the updates for the first time by pressing the “Download Now” button. This action will connect the Update Manager Server to the download sources and started the download process of the new updates (the updates from the selected sources). After the download process completes, we can check which patches are downloaded via “Patch Repository” tab.
“Download Schedule” is self explanatory I think. You can schedule the download process here and therefore you don’t have to do it manually. You can also configure an email account so that after a successful download process, you can be informed about the new patches you got (Figure 3). “Notification Check Schedule” is the section that we schedule the Update Manager Server to control the new notifications from Vmware web site (Figure 4). At scheduled time intervals, Update Manager contacts VMware to download information (notifications) about patch recalls, new fixes, and alerts. In case patches with issues or potential issues are released, the patch metadata is updated, and Update Manager marks the patches as recalled. If you try to install a recalled patch, Update Manager notifies you that the patch is recalled and does not install it on the host. If you have already installed such a patch, Update Manager notifies you that the recalled patch is installed on certain hosts. Update Manager also deletes all the recalled patches from the Update Manager patch repository.
In “Virtual Machine Settings” section, you can specify the remediation rollback options. If the remediation of a virtual machine fails, you can use the snapshot to return the virtual machine to the state before the remediation, by this configuration (Figure 5). “ESX Host / Cluster Settings” section is the place where you can configure the “Maintenance Mode Settings” of ESX host and “Cluster Settings”. I don’t want to get into detail for this section but my customized settings are as it is seen in Figure 6. By the way, this settings are running well in my environment.
In “vApp Settings” section, you can enable smart rebooting. Smart rebooting selectively restarts the virtual appliances and virtual machines in the vApp to maintain startup dependencies. You can enable and disable smart rebooting of virtual appliances and virtual machines in a vApp after remediation.
After we finish our job on the configuration tab, we will create baselines (Figure 7). With baselines we can filter the patches for an (i.e) ESXi host. Therefore unnecessary patches will not be tried to apply to these ESXi hosts. Similarly, we can create baselines for VMs/VAs also. To create a new baseline for ESX hosts, I select the “Create…” link when “Hosts” is selected under “Baselines and Group” tab. This opens “New Baseline” wizard (Figure 8).
On the first screen of the wizard, I give a name to my new baseline and select the baseline type. As you can see in the figure, baseline type can be host based or VA based. I select “Host patch” here and press the Next button. The second screen is “Patch Options” screen (Figure 9). Here I can select fixed or dynamic patch options. I will select Dynamic patch option therefore in the future, new patches will be populated in this baseline dynamically as they will be released. The following screen is “Dynamic Baseline Criteria” screen (Figure 10). On this screen I select embeddedEsx5.0.0 and Esx5.0.0 products, because I will only have ESXi 5.0 host machines in my environment. If you have earlier versions, you can select the related product versions from the list.
On the following two screens, I can exclude or include patches that I don’t want or want in my baseline (Figure 11 and 12). I install Finish button on the last screen.
After that I create a new Baseline Group (which is very simple and I won’t explain here) from the same “Baselines and Group” tab. During the creation process, I select my newly created baseline for doing it a member of this baseline group. You can use this baseline group for other additional baselines therefore you can group different kinds of baselines in one group and apply them to related hosts.
Now I have a baseline and a baseline group so I can apply the patches to my ESXi 5 host machines. For this purpose, I open “Hosts and Clusters” interface and select one of my ESXi hosts. You can also select a whole cluster. But for this article,I keep the things simple and open the “Update Manager” tab for my single ESXi host. I select the Attach… link on the right upper corner (Figure 13). I select the baseline group on the opening screen and press the Attach button (Figure 14).
After attaching the baseline group, I select the Scan… link under “Update Manager” tab. Scanning is the process in which attributes of a set of hosts, virtual machines, or virtual appliances are evaluated against the patches, extensions, and upgrades included in the attached baselines and baseline groups. After the scan is completed, host compliance is learned according to the baseline. I can see the compliance level of the host on the same screen on the upper right corner (Figure 15).
The last thing we have to do is pressing the “Remediate…” button. This opens the “Remediate” wizard. Throughout the wizard, we can select/deslect the patches to apply, schedule the remediation time, change the host and cluster remediation options. When the remediation begins, the running virtual machines are vMotioned on to the other hosts in the cluster automatically and the host enters into the maintenance mode. “Update Manager” installs the updates/patches to the host and restarts the host machine. At the end, we have an up-to-date ESXi 5 host machine (Figure 15). If we applied the patches directly to the cluster, “Update Manager” would update the host machines one-by-one. It is integrated with HA and DRS features.
And that is it! In this article, I talked about the basic configuration of VMware vSphere Update Manager 5 and tried to explain how we can update a host machine. I hope it will be helpful in your Vmware adventure. Bye for now.