SHIFT-WIKI

--- Sjoerd Hooft's InFormation Technology ---

User Tools

Site Tools


vmwareupdatemanager

VMWare Update Manager

Update Manager Requirements

Hardware Requirements:

  • Processor: Intel or AMD x86 processor with two or more logical cores, each with a speed of 2GHz
  • Network: 10/100 Mbps. For best performance, use a Gigabit connection between Update Manager and the ESX/ESXi hosts
  • Memory: 2GB RAM if Update Manager and vCenter Server are on different machines. 4GB RAM if Update Manager and vCenter Server are on the same machine

OS Requirements:

  • OS: The Update Manager server requires Windows XP, Windows Server 2003, or Windows Server 2008.
  • The Update Manager plug-in requires the vSphere Client, and works with the same operating systems as the vSphere Client.
  • You can install Update Manager 4.1 only on a 64-bit machine.

Scanning and Remediation limitations:

  • Windows: Update Manager scans and remediates Windows guest operating systems.
  • Linux: Update Manager does not support patch remediation of Linux virtual machines and only scans powered-on Linux guest operating machines for patches. Update Manager scans and remediates Linux virtual machines for VMware Tools and virtual hardware upgrades.

Database Requirements:

  • SQL Server 2005, SQL Server 2008, Oracle 10g, or Oracle 11g database.
  • Small-scale environments using the bundled SQL Server 2005 Express
  • Database best practice: You should use a dedicated database for Update Manager, not a database shared with vCenter Server, and should back up the database periodically.

Virtual Center Requirements:

  • Update Manager is compatible with VirtualCenter Server, vCenter Server, VI Client, and vSphere Client of the same version.
  • Update Manager 4.1 is compatible only with vCenter Server 4.1. Although multiple versions of the Update Manager Client plug-in might coexist on the same computer, the Update Manager Client plug-in of version 4.1 can be installed and enabled only on vSphere Client 4.1.

Media: I used this media which will update vCenter to version 4.1 update 1 (released February 2011): VMware-VIMSetup-all-4.1.0-345042.iso

Targets

vSphere Update Manager upgrades multiple VMware vSphere components:

  • VMkernel
  • Service console
    • If present
  • Virtual machine hardware
  • Virtual Machine Tools
  • Guest operating systems
    • For SP and patch releases

Installing Update Manager

Configuring the Database

The server that is going to run Update Manager also runs vCenter with a database on SQL server. In the VMware vCenter Update Manager Installation and Administration guide (see resources) there are a few guidelines about the creation of the database:

I created a new database and only changes the initial settings for the size: updatemanagerdatabase01.jpg
That gives us a database like this: updatemanagerdatabase02.jpg

Configuring the DSN

As clearly stated in the VMware vCenter Update Manager Installation and Administration guide (see resources) Update Manager is a 32 bits application an although it's running on a 64 bits system it needs a 32 bits DSN, so start 'C:\Windows\SysWOW64\odbcad32.exe' go to system DSN and select the 'SQL Native Client': updatemanagerdsn01.jpg
Use some logical names for the database and description, and select the SQL server from the dropdown menu where you created the database: updatemanagerdsn02.jpg
Select to use 'With Integrated Windows Authentication': updatemanagerdsn03.jpg
Set the default database for the DSN to the database you just created and leave the ANSI settings default: updatemanagerdsn04.jpg
After the installation you can test the DSN after which you have a new System DSN in the list: updatemanagerdsn05.jpg
updatemanagerdsn06.jpg
After testing the dsn you can check again in the database properties by clicking on the 'View connection properties' to see the Authentication Method: updatemanagerdsn07.jpg

Now you're ready to proceed with the installation op Update Manager.

Installing Update Manager

After starting the installation wizard for Update Manager and agreeing to the license agreement you have to enter the vCenter information like servername/IP address and authentication credentials: updatemanagerinstall01.jpg
Then you get to select the DSN you just created: updatemanagerinstall02.jpg
Accept the database settings: updatemanagerinstall03.jpg
Check with your database administrators if you get this message. It means you have to make backups or your server will eventually run out of diskspace: updatemanagerinstall04.jpg
Select the IP address Update Manager will be available on and keep the default ports. We'll configure the proxy after the installation: updatemanagerinstall05.jpg
Change the location to where the patches will be downloaded. I checked consumed space and the patches for just ESX 4 did not exceed 1 GB but you should expect more. There is a sizing calculator available from VMware, see the resources: updatemanagerinstall06.jpg
After Update Manager is installed you have to download the plugin into your vCenter/vSphere Client setup. In your vSphere Client connect to the vCenter server, and go to 'Plug-Ins' → Manage Plug-Ins. Click on the link do download and install the plugin. Notice that this will start a small MSI that will take you through a small installation wizard: updatemanagerinstall07.jpg

Configuring Update Manager

After the plugin is installed you can go to 'Home' in vCenter and you'll have an extra 'Solutions and Applications' icon: updatemanagerconfig01.jpg

Downloading and Configuring Updates

In the Update Manager Administration console go to the configuration tab. Here you can configure and test the proxy settings and select what kinds of download you want. I just want ESX 4 downloads so I just need the two sources I enabled: updatemanagerconfig02.jpg
When the proxy works you can simply click the 'Download Now' button to start downloading updates manually. Don't forget to configure a daily download schedule through the configuration link on the left.

Downloading Notifications

If VMware would release an update/patch that should be recalled because there is something wrong with it, they let you know through something called a notification. Because bad patches can seriously impact your environment it's recommended that you keep the default schedule of 1 hour and check if notifications are received properly. You can check for errors in the 'Events' tab.

Updating Hosts using Update Manager

After patches has been downloaded you want to update your hosts with these patches. For administrative and management reasons VMware has created the opportunity for you to create baselines so you can decide which patches should be installed on your hosts in stead of VMware self. I like to create a baseline for a complete update 1 (released February 2011) so I can check my hosts to be compliant with that specific version.

Creating Baseline for ESX 4.1 Update 1

To create a baseline go to the 'Baselines and Groups' tab and click on 'Create' which will present you with a wizard so you can give the baseline a name and a description. Keep in mind that Update 1 is a patch in VMWare terminology so be sure to check the correct baseline type: updatemanagerconfig03.jpg Note that the create button that is marked is the wrong one, sorry about that. The correct one is behind the 'New Baseline' wizard window.
Select the 'fixed' baseline type: updatemanagerconfig04.jpg
Search for the correct patch and add it to the baseline: updatemanagerconfig05.jpg
After clicking finish it will present you with a brand new baseline: updatemanagerconfig06.jpg
updatemanagerconfig07.jpg

Attaching the Baselines

When you created a baseline you want to attach it to your hosts. I did that on datacenter level, just go to Update Manager tab in your datacenter and click 'Attach' which gives you the opportunity to select the baseline you want to attach: updatemanagerconfig08.jpg
This will give you an overview of the hosts. Notice that the compliance level is unknown because the hosts and the baseline are not scanned and compared to each other yet: updatemanagerconfig09.jpg

Scan a Host for Baseline Compliancy

You can scan the hosts by clicking 'Scan' still in the Update Manager tab in your datacenter view: updatemanagerconfig10.jpg
When the scan is complete you see that your host are incompatible, this is a small bug which can be ignored (see the resources - release notes ESX 4.1 Update 1): updatemanagerconfig11.jpg

Staging and Remediating a Host

Because patching a host is a process that requires downtime you want this to take the smallest time possible, to keep your maintenance window low. By staging the updates the patches are already placed on the host so the actual update takes less time. To stage the patches to the host click 'Stage' which will start this wizard to select the appropriate baseline and hosts: updatemanagerconfig12.jpg
Review the staging and click Next: updatemanagerconfig13.jpg
After which the staging will start which you can see in the Recent Tasks panel: updatemanagerconfig14.jpg
updatemanagerconfig15.jpg

When done with staging you can remediate the host by going to the host in vCenter and going to the Update Manager tab again. Click on the 'Remediate' button: updatemanagerconfig16.jpg
Review the remediation wizard and click next again to review the patches and to click next again: updatemanagerconfig17.jpg
updatemanagerconfig18.jpg
In the Host Remediation Options window give the task an description and schedule it. Also configure what the task should do if the host cannot go into maintenance mode: updatemanagerconfig19.jpg
Review the remediation wizard and click 'Finish' to start: updatemanagerconfig20.jpg
You can watch the progress of the remediation in the Recent Tasks panel: updatemanagerconfig21.jpg
updatemanagerconfig22.jpg
updatemanagerconfig23.jpg
When the server has rebooted and the update was successful you'll see the host in compliant now: updatemanagerconfig24.jpg

Resources

vmwareupdatemanager.txt · Last modified: 2021/09/24 00:25 by 127.0.0.1