VMware vCenter Server Update Manager

VMware vCenter Server Update Manager
Product Support Engineering VMware Confidential

Module 2 Lessons Lesson 1 – vCenter Server High Availability
Lesson 2 – vCenter Server Distributed Resource Scheduler Lesson 3 – Fault Tolerance Virtual Machines Lesson 4 – Enhanced vMotion Compatibility Lesson 5 – DPM - IPMI Lesson 6 – vApps Lesson 7 – Host Profiles Lesson 8 – Reliability, Availability, Serviceability ( RAS ) Lesson 9 – Web Access Lesson 10 – vCenter Server Update Manager Lesson 11 – Guided Consolidation Lesson 12 – Health Status Agenda Overview VI4 - Mod Slide

vCenter Update Manager Overview
VMware vCenter Update Manager compares the operating systems and applications running in your VMware Infrastructure deployment against a set of standard updates and patches. Updates you specify can be applied to operating systems, as well as applications on scanned ESX/ESXi hosts, virtual machines, and virtual appliances. vCenter Update Manager works with ESX/ESXi hosts, virtual machines, and virtual appliances. vCenter Update Manager lets you scan for compliance and apply updates for guests, virtual appliances, and hosts. vCenter Update Manager can scan and remediate powered on, suspended, and powered off virtual machines and templates and Scan and Remediate hosts. If the updating or patching fails, you can revert the virtual machines and templates back to their prior condition, without losing data. vSphere Installable Bundles. Or vib’s VI4 - Mod Slide

vCenter Update Manager Overview
You can use vCenter Update Manager to install, patch and update third party software using VI bundles and bulletins available on VMware Patch Portal and third parties’ portals. A VI bundle is a package, the smallest installable unit on an ESX host, while a bulletin defines a specific fix for an ESX 4 host, a roll-up which aggregates previous fixes, or an update release. When a host is compliant with all bundles in a bulletin, it is compliant with the vSphere bulletin that contains the bundles. vSphere Installable Bundles. Or vib’s VI4 - Mod Slide

VMware vCenter Update Manager Sizing Estimator
Database sizing calculator and disk utilization. VI4 - Mod Slide 5

Security Best Practices
Maintaining a consistent set of operating systems and applications, with particular patching levels helps reduce the number of vulnerabilities in an environment. All systems require patching, reconfiguration, or other solutions, but reducing the diversity of systems in an environment eases management burdens and reduces security risks. Benefits of Compliance Many attacks take advantage of existing, well-known issues. vCenter Update Manager provides a way to help ensure that the required patches are applied to the systems in your environment. To make your environment more secure: Be aware of where vulnerabilities exist in your environment. Efficiently bring these machines into compliance with the patching standards. VI4 - Mod Slide

Security Best Practices
Compliance and Security Best Practices To achieve the goal of compliance, with its benefits of increased security and stability, regularly evaluate the following: Operating systems and applications permitted in your environment Patches required for operating systems and applications Determine who is responsible for making these evaluations, when these evaluations are to be made, and what tactics to use to implement the plan that results from the investigation. VI4 - Mod Slide

vCenter Update Manager Processes
vCenter Update Manager uses a set of operations to ensure effective patch and upgrade management. This process begins by downloading information about a set of security patches. One or more of these patches are aggregated to form a baseline. Multiple baselines can be added to a baseline group. A collection of virtual machines, virtual appliances, and ESX hosts can be scanned for compliance with a baseline or a baseline group and remediated (updated or upgraded). These processes can be initiated manually or through scheduled tasks. VI4 - Mod Slide

Patch Downloading vCenter Update Manager uses the Internet to gather information about the latest patches from VMware and Shavlik. VMware provides information about updates to ESX, and Shavlik provides information for all major applications and operating systems. At regular, configurable intervals, vCenter Update Manager contacts Shavlik and VMware to gather the latest information about available patches Information about all patches is downloaded, regardless of whether the application or operating system to which the patch applies is currently in use in your environment. Downloading information about all patches is a relatively low-cost operation in terms of disk space and network bandwidth. VI4 - Mod Slide

Patch Downloading The first time a virtual machine is to be remediated, the applicable patches are downloaded to the vCenter Update Manager server and the patches are applied After a patch is downloaded, it is kept indefinitely in the patch download directory. vCenter Update Manager Download Service downloads and stores patches on the machine on which it is installed, so that vCenter Update Manager servers can use them late You can configure vCenter Update Manager to use an Internet proxy to download patch information and patches. VI4 - Mod Slide

Using Baselines and Baseline Groups
Baselines contain a collection of one or more updates such as service packs, patches, upgrades, or bug fixes. Baseline groups are assembled from existing baselines. When you scan hosts, virtual machines, and virtual appliances, you evaluate them against baselines to determine their level of compliance. vCenter Update Manager provides the following types of baselines: Upgrade Baseline – Defines what version a particular host, virtual machine, or virtual appliance should be. Patch Baseline – Defines a minimum level of updates that must be applied to a given host or virtual machine. VI4 - Mod Slide

vCenter Update Manager queries update repositories that vendors provide to find available patches. The server for patch information and the contents of the patches are authenticated by using a full-featured public key infrastructure A baseline can be either dynamic, modified dynamic, or fixed: Dynamic – The significance of each update determines the content of the baseline. Windows and Linux each categorize their updates into higher and lower significance. For Windows, updates are either critical or optional. In Linux, updates are either important or moderate. Fixed – The user manually specifies all updates included in the baseline from the total set of patches available in vCenter Update Manager. Fixed updates are typically used to check whether systems are prepared to deal with particular issues. VI4 - Mod Slide

Update Manager Default Baselines
Critical VM Patches - Checks virtual machines for compliance with all important Linux updates and all critical Windows updates. Non-Critical VM Patches - Checks virtual machines for compliance with all optional Linux updates and all optional Windows updates. Critical Host Patches - Checks ESX hosts for compliance with all critical updates. Non-Critical Host Patches - Checks ESX hosts for compliance with all optional updates. VMware Tools Upgrade to Match Host - Checks virtual machines for compliance with the latest VMware Tools version on the host. VM Hardware Upgrade to Match Host - Checks virtual hardware of a virtual machine for compliance with the latest version supported by the host. VA Upgrade to Latest - Checks virtual appliance compliance with the latest virtual appliance version. VA Upgrade to Latest Critical - Checks virtual appliance compliance with latest critical virtual appliance version. VI4 - Mod Slide

Several baseline attributes appear in the vCenter Update Manager user interface: Name – Identifies different baselines. The name can be modified, as required. It is established when a baseline is created. Updates – Specifies the number of updates included in the baseline. Some updates, such as service packs, include many smaller patches that might have been distributed individually in the past. The number of updates might indicate how long a scan and remediation might take to complete, but does not indicate the extent of the updates included in the baseline. Last Modified – Specifies the last time updates were added to or removed from the baseline. This date reflects the last time updates changed either because of automatic changes resulting from dynamic updates or from manual user changes. Reviewing the last update information can help provide an idea of whether expected changes were made to baselines. Baseline Type – Identifies the type of the particular baseline. Possible values include Dynamic and Fixed, or Dynamic (modified). VI4 - Mod Slide

Scanning Virtual Machines and ESX Hosts
Scanning is the process in which attributes of a set of hosts or virtual machines are evaluated against a baseline or baseline group. You can scan an ESX/ESXi installation to determine whether the latest patches are applied, or you can scan a virtual machine to determine whether the latest patches are applied to its operating system. In the virtual infrastructure, all objects except resource pools can be scanned. You can perform scans on both online as well as offline virtual machines and templates. VI4 - Mod Slide

Upgrading ESX Hosts, VMs and Virtual Appliances
vCenter Update Manager allows you to upgrade hosts, virtual machines, and virtual appliances to a newer version. You have the option of rolling back the upgrade if it fails. Rollback option is not possible for virtual machine hardware upgrade and VM Tools upgrade. You can also set up custom pre- and post-installation scripts to run before and after an upgrade. Upgrades for hosts, virtual machines, and virtual appliances are managed through baselines and baseline groups. VI4 - Mod Slide

Remediating Objects Remediation is the process in which vCenter Update Manager applies updates to ESX hosts, virtual machines, or virtual appliances after a scan is complete. Remediation helps ensure that machines and appliances are secured against known potential attacks and have greater reliability resulting from the latest fixes. You can remediate machines and appliances in much the same ways that you can scan them. You can also initiate remediation scan on a folder of virtual machines, a cluster, or a datacenter, or all objects in your virtual infrastructure Resource Pools are the only VMware Infrastructure object type that can never be remediated VI4 - Mod Slide

Remediating Objects Remediation is supported for:
Powered on, suspended, or powered off virtual machines and templates for VMware Tools and VM Hardware upgrade, as well as patch installation. Powered on, VMware Studio registered Redhat Linux virtual appliances for virtual appliance upgrade. ESX/ESXi hosts for patch and upgrade remediation. VMware Studio – Tool that you can develop your own Virtual Appliances on. VI4 - Mod Slide

vCenter Update Manager Settings
The virtual machine and ESX remediation process is configurable. Configurable options include: When to check for updated patch information. When to scan or remediate virtual machines or ESX hosts. How to handle preremediation snapshots of virtual machines. vCenter Update Manager can create snapshots of virtual machines before remediation. If you configure vCenter Update Manager to create snapshots, you can configure the snapshots to be kept indefinitely or to be deleted after a specified period. Whether to create snapshots of virtual machines before remediation, whether to store the snapshot, and for how long. How to handle failures to remediate ESX hosts. VI4 - Mod Slide

Preparing the vCenter Update Manager Database
vCenter Update Manager server requires a database to store and organize server data. vCenter Update Manager supports Oracle, Microsoft SQL Server, and Microsoft SQL Server 2005 Express. For an vCenter Update Manager database to be supported, you must create a database instance and configure it to ensure that all vCenter Update Manager database tables are placed in it. NOTE Microsoft SQL Server 2005 Express is intended to be used for small deployments of up to 5 hosts and 50 virtual machines. vCenter Update Manager has the same database requirements as vCenter VI4 - Mod Slide 20

vCenter Update Manager Supported Databases
vCenter Update Manager is supported on the following Databases : Please note there is no DB2 support for this add-on feature (covered in VC Lesson) VI4 - Mod Slide

Maintaining Your vCenter Update Manager Database
After your vCenter Update Manager database instance and vCenter Update Manager are installed and operational, perform standard database maintenance processes. These include: Monitoring the growth of the log file and compacting the database log file, as needed. See the documentation for the database type you are using. Scheduling regular backups of the database. Backing up the database before any vCenter Update Manager upgrade. See your database documentation for information on backing up your database. VI4 - Mod Slide 22

Installing, Upgrading, and Uninstalling vCenter Update Manager
You can install vCenter Update Manager either on the same computer as the vCenter Server or on a different computer. vCenter Update Manager can be installed on computers running the following operating systems: Windows XP SP2 Windows Server 2003 vCenter Update Manager is compatible with other vCenter Server add-ons such as VMware Converter Enterprise for vCenter Server. The vCenter Update Manager disk storage requirements vary depending on your deployment. For more information, see the VMware vCenter Update Manager Sizing Estimator. vCenter Update Manager server and vCenter Update Manager Download Service store patch metadata in Microsoft SQL Server or Oracle databases. VI4 - Mod Slide

Installing vCenter Update Manager
Before you install vCenter Update Manager, gather information about the environment into which you are installing vCenter Update Manager and make sure that there is at least 18GB of free space on your machine. Information to collect includes the following: Networking information about the vCenter Server that vCenter Update Manager will work with. Defaults are provided in some cases, but you might want to ensure that you have the correct information, including: IP address. Port number. The Web service ports (80 and 443 by default) are used. Administrative credentials required to complete the installation, including: The user name for an account with sufficient privileges. This is often root or Administrator. The password for the account that will be used for the installation. VI4 - Mod Slide

You can install Update Manager on the same computer as vCenter Server or on a different computer. You can install it on machines running Windows XP SP2, Windows Server 2003 and Windows Server 2008. Insert the Installer CD into the CD-ROM drive of the server that will host the vCenter Update Manager server. Choose the language the installer will use, and click OK. Review the Welcome page and click Next. Accept the license agreement and click Next. Choose the vCenter Update Manager installation and patch download directories and click Next. You can accept the default locations or click Change to browse to a different directory. VI4 - Mod Slide

Enter information about the vCenter Server and the administrative account that this vCenter Update Manager server will work with: a In the IP text box, enter an IP address of the vCenter Server or accept the default. b In the Port text box, enter a Port number or accept the default. c In the User name text box, enter the name of the vCenter Server administrative account you will use to log in to the vCenter Server. d In the Password text box, enter the password for the administrative account. Click Next. Choose the database that the vCenter Update Manager will work with, and click Next. Enter vCenter Update Manager port settings, select Use Proxy Server and enter the server name and port number. Click Next. Click Install to begin the installation. VI4 - Mod Slide

Installing the Guest Agent
The VMware vCenter Update Manager Guest Agent facilitates vCenter Update Manager processes. For both Linux and Windows operating systems, the Guest Agent is installed the first time a remediation is scheduled or when a scan is initiated on a powered-on virtual machine. For best results, ensure that the latest version of the Guest Agent is installed. If the Guest Agent installation does not complete successfully, operations such as scanning and remediation fail. In such a case, manually install the Guest Agent. VI4 - Mod Slide

Manually installing the Guest Agent
The Guest Agent installation packages for Windows and Linux guests are in a sub-folder of the vCenter Update Manager installation directory. In the vCenter Update Manager installation directory, the Guest Agent installation packages are located in \docroot\vci\guestAgent\ For example, if vCenter Update Manager is installed in C:\Program Files\VMware\Infrastructure\vCenter Update Manager, the Guest Agent installers are at C:\Program Files\VMware\Infrastructure\vCenter Update Manager\docroot\vci\guestAgent\. The Guest Agent requires no user input, and the installation completes silently. For Windows, start the installer by running the VMware-UMGuestAgent.exe file. For Linux, install the VMware-VCIGuestAgent-Linux.rpm file by running the rpm -ivh VMware-VCIGuestAgent-Linux.rpm command. VI4 - Mod Slide

vCenter Update Manager Download Service
vCenter Update Manager Download Service is an optional module of vCenter Update Manager. The Download Service downloads patches that would not otherwise be available to vCenter Update Manager servers. For example if vCenter Update Manager cannot contact the internet The Download Service provides a solution in such situations. Update Manager Download Service downloads patches for: ESX 3i or higher, and ESX 3.5 or higher. All vCenter Update Manager supported versions of Windows virtual machines. To use the vCenter Update Manager Download Service, you must set up a server to be your vCenter Update Manager Download system. This server must have Internet access. After the Download Service downloads patches, the patches can be exported by CD, USB key device, or automatically to a vCenter Server running vCenter Update Manager. VI4 - Mod Slide

Installing the vCenter Update Manager Download Service
The amount of space required to store the patches on the server on which the Download Service is installed Depends on the number of different operating systems and applications you intend to patch the number of years you intend to gather patches on this system. Allocate 50 GB for each year of ESX patching, and 11 GB for each virtual machine operating system and locale combination The Download Service installer requires a database. The installation program includes an option to create a SQL Server 2005 Express database, or you can use an existing Microsoft SQL Server or Oracle database. To install the vCenter Update Manager Download Service Insert the installation CD. Browse to the UMDS folder on the CD and run VMware-UMDS.exe. The VMware vCenter Update Manager Download Service installation wizard appears. Use the wizard to complete the installation. VI4 - Mod Slide

Upgrading the vCenter Update Manager Download Service
Ensure that vCenter Update Manager and vCenter Update Manager Download Service are of the same version. To upgrade vCenter Update Manager Download Service Upgrade vCenter Update Manager. During the vCenter Update Manager upgrade, the database schema will be upgraded, but the data in the database remains the same. Upgrade vCenter Update Manager Download Service. The binaries for the UMDS are located in the UMDS folder on the installation CD. The installation wizard upgrades the UMDS from the older to the newer version. To obtain new update metadata and to update the already existing information in the database, download the ESX patches and import them to the machine on which vCenter Update Manager server is installed. To confirm that the upgrade of vCenter Update Manager Download Service was successful, ensure it can download and import patches to vCenter Update Manager 2.0. VI4 - Mod Slide

Enabling Update Manager on a vSphere Client
vCenter Update Manager clients are delivered as a plug-in for the vSphere Client. The vCenter Update Manager functionality is an integral part of vCenter Server, and the new vSphere Client supersedes previous vSphere Client releases. After installing vCenter Update Manager, update at least one vSphere Client, so you can configure vCenter Update Manager. You must install the vCenter Update Manager plug-in on any vSphere Client that you want to use to manage vCenter Update Manager, but it is not necessary to update all clients. VI4 - Mod Slide

To enable vCenter Update Manager on a vSphere Client Connect the vSphere Client to a vCenter Server on which vCenter Update Manager is installed. Choose Plugins > Manage Plugins. Plugin manager has changed, so there is only one tab now. VI4 - Mod Slide

Complete the vCenter Update Manager client installation and click Finish Click Next on Welcome screen Accept the License Agreement and Click Next Click Install Click Finish VI4 - Mod Slide

Enabling Update Manager on a vSphere vSphere Client
Right-click VMware vCenter Update Manager Extension in the Installed Extensions list on the Extension Manager page, and choose Enable. Click Close. VI4 - Mod Slide

Dismiss any Security Warning dialog boxes that appear by clicking Yes or Ignore, and then click OK. The vCenter Update Manager button might not appear immediately in the vSphere Client. After installing the VMware vCenter Update Manager plug-in, if the button does not appear, restart the vSphere Client. VI4 - Mod Slide

Upgrading vCenter Update Manager
vCenter Update Manager upgrades are available from vCenter Update Manager 1.0 to vCenter Update Manager 2.0 Before you upgrade vCenter Update Manager, be sure to upgrade both vCenter Server and vSphere Client to a compatible version. vCenter Update Manager server and vCenter Update Manager client must be the same version. There is a one to one relationship for what is installed and used. VI4 - Mod Slide

Upgrade vCenter Update Manager
To upgrade vCenter Update Manager to vCenter Update Manager 4.0 Stop the vCenter Server and vCenter Update Manager services. Make a backup copy of the vCenter Update Manager database manually. Upgrade vCenter Server to vCenter Server 4.0. (optional) Upgrade vCenter Update Manager to vCenter Update Manager 4.0. Upon connecting to vCenter Update Manager, the vSphere Client detects the correct vCenter Update Manager version and prompts you to upgrade it. If you have not installed the vCenter Update Manager plug-in, the vSphere Client provides a way to download and install it. VI4 - Mod Slide

Uninstalling vCenter Update Manager
To uninstall the vCenter Update Manager plug-in from the vSphere Client 1 From the Windows Start menu, select Settings > Control Panel > Add or Remove Programs. 2 Select VMware vCenter Update Manager Client and click Remove. VI4 - Mod Slide

Uninstalling vCenter Update Manager
To uninstall vCenter Update Manager From the Windows Start menu, select Settings > Control Panel > Add or Remove Programs. Select VMware vCenter Update Manager and click Remove. If you uninstall vCenter Update Manager, you might also want to uninstall the vCenter Update Manager plug-in from the vSphere Client. After the vCenter Update Manager client is removed, the vCenter Update Manager tab is no longer available in the vSphere Client. However, patch binaries and log data remain on the server where vCenter Update Manager was installed. VI4 - Mod Slide

vCenter Update Manager Network Port Requirements
After you install vCenter Update Manager if the default settings are kept during the installation, the vCenter Update Manager Web server listens on 9084 TCP and the vCenter Update Manager SOAP server listens on 8084 TCP. Both are accessed through a reverse proxy that listens on the standard ports 80 and 443. VI4 - Mod Slide

When vCenter Update Manager and the vCenter Server are installed on the same machine: All incoming connections to vCenter Update Manager are accessed through a reverse proxy provided by the vCenter Server. ESX connects to port 80, and the vCenter Server forwards the request to the vCenter Update Manager Web server listening on port 9084 for host patch downloads. The vCenter Server directly connects to vCenter Update Manager on port 8084 because they are on the same machine. vCenter Update Manager connects to ESX on port 902 for pushing the virtual machines patches. VI4 - Mod Slide

When vCenter Update Manager and the vCenter Server are installed on two different machines: vCenter Update Manager has a reverse proxy listening on ports 80 and 443 if the default is not changed during the installation. The vCenter Server connects to vCenter Update Manager through port 443. The reverse proxy forwards the request to 8084. ESX connects to vCenter Update Manager through port 80. The reverse proxy forwards the request to 9084. vCenter Update Manager connects to ESX on port 902 for pushing the virtual machines patches. To obtain metadata for the patches, vCenter Update Manager must be able to connect to and and requires outbound ports 80 and 443. VI4 - Mod Slide

Configuring vCenter Update Manager
You can modify the administrative settings for vCenter Update Manager before you to use it. The administrative settings determine the following: What action vCenter Update Manager takes if a remediation fails for either a guest virtual machine or an ESX installation How often vCenter Update Manager checks for new patches How vCenter Update Manager works with an Internet proxy How vCenter Update Manager can be configured to work with new port settings How to change the location in which vCenter Update Manager downloads patches VI4 - Mod Slide

Responding to Guest Remediation Failure
You can configure vCenter Update Manager to take snapshots of virtual machines before applying patches. This ensures that if a patch cannot be applied, the state of the virtual machine before the update is easily re-established. You can elect to keep these snapshots indefinitely or for a fixed period. Keep the following guidelines in mind when managing snapshots: Keeping snapshots indefinitely might eventually consume a large amount of disk space and degrade virtual machine performance. Keeping no snapshots saves space in your environment, ensures best virtual machine performance, and might reduce the amount of time it takes to complete remediation. Keeping snapshots for a set period is a compromise between the other two choices. The configuration described in the following procedure determines the default settings for remediation failures. You can specify alternative settings to these defaults when you configure individual remediation tasks. VI4 - Mod Slide

Responding to Guest Remediation Failure
To configure guest snapshot behavior Choose Home > Solutions and Applications > vCenter Update Manager. Click the Configuration tab. Click Guest Settings Select Snapshot the virtual machines before applying updates to enable rollback. Configure snapshots to be kept indefinitely or for a period of time. Click Apply. You can now set the default for UM to take snapshots or not. So it holds true for every remediation. VI4 - Mod Slide

Responding to Failure to put ESX Host in Maintenance Mode
vCenter Update Manager puts ESX hosts in maintenance mode before applying patches. Virtual machines cannot continue to run when an ESX host is in maintenance mode. vCenter Server migrates virtual machines to other ESX hosts within a cluster vCenter Server can migrate the virtual machines, if the cluster is configured for VMotion. If vCenter Server cannot migrate the virtual machines to an alternative host, vCenter Update Manager can take one of the following actions: Fail Task – Log this failure in the vCenter Update Manager logs and take no further action. Retry – Wait for the retry delay period and repeat the attempt to put the server into maintenance mode as many times as you indicate in the Number of retries field. Power Off and Retry – After the failure power off all of the running virtual machines, and try entering the server into maintenance mode as many times as you indicate in the Number of retries field. Suspend and Retry – Suspend all the running virtual machines as per the virtual machine settings specified by the vCenter Server user interface suspend button, and try entering the server into maintenance mode as many times as you indicate in the Number of retries field. VI4 - Mod Slide

Responding to Failure to put ESX Host in Maintenance Mode
To configure how vCenter Update Manager responds to failures to enter maintenance mode Choose Home > Solutions and Applications > vCenter Update Manager. Click the Configuration tab. Under Settings, click ESX Host Settings. Select the Failure response drop-down menu to determine how vCenter Update Manager responds if an ESX host cannot be put in maintenance mode. Choose Retry delay and Number of retries. Click Apply. VI4 - Mod Slide

Checking for Updates vCenter Update Manager is designed to check for new updates at regular intervals. Gathering current information about updates that are applicable to your environment allows vCenter Update Manager to work as expected. Updates are downloaded according to a single schedule. VI4 - Mod Slide

Checking for Updates To modify checking for updates
Choose Home > Solutions and Applications > vCenter Update Manager. Click the Configuration tab. Under Settings, click Update Downloads. Click the Edit Update Downloads link in the upper-right corner VI4 - Mod Slide

Checking for Updates Select the type of updates to be downloaded, and click Next. Specify a task name and description. Specify the Frequency and Start Time of the update download, and click Next. (Optional) Specify addresses Review the Summary page and click Finish VI4 - Mod Slide

Configuring vCenter Update Manager with an Internet Proxy
You can modify vCenter Update Manager configuration settings to work with a proxy server. To modify the proxy configuration through the vCenter Update Manager plug-in Choose Home > Solutions and Applications > vCenter Update Manager. Click the Configuration tab. Click General Edit the default proxy information. If the proxy requires authentication, select the Proxy requires authentication check box and provide user name and password. (Optional) Test the connection. Click Apply. VI4 - Mod Slide

Configuring Update Manager Network Port Settings
After you install vCenter Update Manager, you can configure its port settings to avoid conflicts with other programs installed on the same machine. If vCenter Server is installed on the same machine, you cannot change the HTTP and HTTPS ports. vCenter Update Manager doesn't open these ports, but vCenter Server does. If vCenter Server is not installed on the same machine, vCenter Update Manager starts its own reverse proxy. In this case, you are able to change both the HTTP and HTTPS ports. VI4 - Mod Slide

Configuring Update Manager Network Port Settings
To change the port settings Choose Home > Solutions and Applications > vCenter Update Manager. Click the Configuration tab. Click General Edit the Port Settings Click Apply. VI4 - Mod Slide

Configuring vCenter Update Manager Patch Download Location
When you install vCenter Update Manager, the installation wizard allows you to change the location for downloading patches. To change the location later without reinstalling vCenter Update Manager, you must manually edit the vci-integrity.xml file. To configure the vCenter Update Manager patch download location Log in to the vCenter Update Manager server as an administrator. Stop the vCenter Update Manager service Navigate to the vCenter Update Manager installation directory and locate vci-integrity.xml. The default location is C:\Program Files\VMware\Infrastructure\vCenter Update Manager VI4 - Mod Slide

Configuring vCenter Update Manager Patch Download Location
Create a backup copy of this file in case you need to revert to the previous configuration. Edit the file by changing the following fields: <patchStore>yournewlocation</patchStore> The default patch download location is: C:\Documents and Settings\All Users\Application Data\VMware\VMware vCenter Update Manager\ Data\ The directory path must end with \. Save the file in UTF-8 format, replacing the existing file. Copy the contents from the old patchstore directory to the new folder. Restart the vCenter Update Manager service. Note : You will have to create the directory structure that you specified for <yournewlocation> VI4 - Mod Slide

Using the vCenter Update Manager Download Service
Use the vCenter Update Manager Download Service to initiate downloads of updates and to transfer the updates to vCenter Update Manager. Establish a depot in which to place the updates. After the updates are in the depot, export the newly downloaded updates to some portable storage device such as a CD or USB key and import them to the vCenter Update Manager server. If vCenter Update Manager is installed on a machine that is not connected to the Internet, the scheduled update checks fail. In such a case, disable the scheduled update checks and use the vCenter Update Manager Download Service as the only means to download and transfer updates to vCenter Update Manager. This is used by customers who cannot place Update Manager outside of their network. Setup a download and then import them into the environment. VI4 - Mod Slide

Setting up the vCenter Update Manager Download Service
Log in to the machine where UMDS is installed, and open a terminal window. Change to the directory where Download Service is installed. C:\Program Files\VMware\Infrastructure\vCenter Update Manager. Specify the updates to download: To set up a download of all ESX host updates, enter the following command: vmware-umds --set-config -enable-host 1 --enable-win 0 --enable-lin 0 To set up a download of all Windows updates, enter the following command: vmware-umds --set-config -enable-host 0 --enable-win 1 --enable-lin 0 To set up a download of all Linux updates, enter the following command: vmware-umds --set-config -enable-host 0 --enable-win 0 --enable-lin 1 To set up a download of all available updates, enter the following command: vmware-umds --set-config -enable-host 1 --enable-win 1 --enable-lin 1 4 Run the program to download updates by entering the following command: vmware-umds --download If you want to download the updates released in May 2008, enter the following command: vmware-umds --re-download -start-time T00:00:00 --end-time T23:59:59 VI4 - Mod Slide

Exporting Downloaded Updates You can export the updates you downloaded to a specific location which serves as a shared repository for Update Manager. Then configure Update Manager to use the shared repository as a patch download source. The shared repository can also be hosted on a Web server. VI4 - Mod Slide

To export downloaded updates Log in to the machine where vCenter Update Manager Download Service is installed and open a terminal window. Change to the directory where Download Service is installed. The default folder is C:\Program Files\VMware\Infrastructure\vCenter Update Manager. Specify the export parameters. If you want to export all updates for the year 2007, enter the following command: vmware-umds --export --dest <repository_path> --start-time T00:00:00 --end-time T23:59:59 Here, <repository_path> is the full path to your export directory VI4 - Mod Slide

Working with Baselines and Baseline Groups
vCenter Update Manager includes Four standard Patch Baselines You cannot edit or delete standard baselines. The standard patch baselines are: Non-critical host updates Non-critical virtual machine updates Critical host updates Critical virtual machine updates VI4 - Mod Slide

Working with Baselines and Baseline Groups
vCenter Update Manager includes Six standard Upgrade Baselines for Virtual Machines and Virtual Appliances. The standard upgrade baselines consist of Four dynamic and Two Fixed Baselines: VMware Tools upgrade to match the latest version of the host Virtual machine hardware upgrade to match the latest for the infrastructure Virtual Machine hardware upgrade to version 4 or Version 7 Virtual Appliance Latest or Latest Critical VI4 - Mod Slide

Creating Baselines You can create upgrade and patch baselines to meet the needs of your specific deployment by using the New Baseline wizard. Creating additional, customized baselines allows patches to be grouped into logical sets. You can group different baselines together consisting of BOTH ESX and VM’s VI4 - Mod Slide

Create a Dynamic Host Patch Baseline
Dynamic baselines consist of a set of patches that meet certain criteria. The contents of the set of patches that make up dynamic baselines vary as available patches change. You can create host patch baselines using the New Baseline wizard. VI4 - Mod Slide

To create a dynamic host patch baseline Choose Home > Solutions and Applications > vCenter Update Manager. Click the Baselines and Groups tab. Click the Create link in the upper-right corner of the page. The New Baseline wizard appears. VI4 - Mod Slide

Provide a name and description for the baseline. Under Baseline Type, select Host Patch and click Next. VI4 - Mod Slide

Select Dynamic as the type of baseline, and click Next. VI4 - Mod Slide

Customize the baseline by entering criteria to filter the list of available patches: Text contains – Enter text to restrict the updates displayed. Product – Select operating systems or products for which this baseline includes patches. Severity – Select the severity of updates to be included in this baseline. Language – Select which language versions of patches to include. Released Date – Provide Before and After dates to specify a range for the release dates of the updates. Update Vendor – Select one of the listed update vendors. Add or remove specific updates to/from this baseline – Select the check box to add or remove specific updates. VI4 - Mod Slide

Review the Ready to Complete page and click Finish New Baseline appears in the List VI4 - Mod Slide

Create a Fixed Host Patch Baseline
Fixed baselines are composed of a particular set of patches. The patches included in fixed baselines do not vary as patch availability changes. VI4 - Mod Slide

To create a fixed host patch baseline Choose Home > Solutions and Applications > vCenter Update Manager. Click the Baselines and Groups tab. Click the Create link in the upper-right corner of the page. VI4 - Mod Slide

Provide a name and description for the baseline. Under Baseline Type, select Host Patch and click Next. VI4 - Mod Slide

Select Fixed for the type of baseline, and click Next. VI4 - Mod Slide

Use the Filter to find specific updates to include in the baseline Select individual updates to include in the customized baseline, and click the down arrow to add them to the Included Updates list. Click Next. VI4 - Mod Slide

Review the Ready to Complete page and click Finish VI4 - Mod Slide

The Fixed Baseline appears in the list of Patch Baselines VI4 - Mod Slide

Creating Baselines – Host upgrade
Create a Host Upgrade Baseline Using an Available Upgrade Version You can create an ESX host upgrade baseline by using the New Baseline wizard. Create a baseline with an available ESX upgrade unless you want to use a specific ISO file VI4 - Mod Slide

Create a Host Upgrade Baseline
To create a dynamic host upgrade baseline using an available upgrade version Choose Home > Solutions and Applications > vCenter Update Manager. Click the Baselines and Groups tab. Click the Create link in the upper-right corner of the page. The New Baseline wizard appears. VI4 - Mod Slide

Creating Baselines – Host Upgrade
Provide a name and description for the baseline Under Baseline Type, select Host Upgrade and click Next. VI4 - Mod Slide

Click Upgrade to available version or Upload upgrade file . Click Next. VI4 - Mod Slide

If you are upgrading to ESX 4.0: Specify the location of the service console VMDK or choose to automatically select a location. VI4 - Mod Slide

Specify the rollback behavior for the upgrade. By default, the host will roll back in the event of an upgrade failure. Deselect the roll back check box to change this behavior. VI4 - Mod Slide

Review the Ready to Complete page and click Finish. VI4 - Mod Slide

The Host Upgrade Baseline appears in the list of Upgrade Baselines VI4 - Mod Slide

Creating Baselines – Upgrade File
Create a Host Upgrade Baseline Using an Upgrade File You can create an ESX host upgrade baseline by using the New Baseline wizard. This procedure describes how to create a baseline with a specific upgrade file you upload. To create a host upgrade baseline using an upgrade file Choose Home > Solutions and Applications > vCenter Update Manager. Click the Baselines and Groups tab. Click the Create link in the upper-right corner of the page. The New Baseline wizard appears. Provide a name and description for the baseline. To upgrade an individual patch in your repository. VI4 - Mod Slide

Creating Baselines – Upgrade File
Under Baseline Type, select Host Upgrade and click Next. Select Upload Upgrade File, and click Next. Click Browse to locate an upgrade file (.iso) from your local file system, and click Upload. The file might take several minutes to upload. After the file is uploaded successfully, it will be included in the list of available updates on the Upgrade Options page of the wizard. Click Next. Review the Ready to Complete page and click Finish. VI4 - Mod Slide

Creating Baselines – Dynamic Virtual Machine
Create a Dynamic Virtual Machine Baseline Dynamic baselines consist of a set of patches that meet certain criteria. The contents of the set of patches that make up dynamic baselines vary as available patches change. You can create a dynamic virtual machine patch baselines using the New Baseline wizard. VI4 - Mod Slide

To create a Dynamic virtual machine patch baseline Choose Home > Solutions and Applications > vCenter Update Manager. Click the Baselines and Groups tab. Click the Create link in the upper-right corner of the page. The New Baseline wizard appears. VI4 - Mod Slide

Provide a name and description for the baseline. Under Baseline Type, select VM Patch and click Next. VI4 - Mod Slide

Select Dynamic for the type of baseline and click Next. VI4 - Mod Slide

Customize the baseline by entering criteria to filter the list of available patches: Text contains – Enter text to restrict the updates displayed. Product – Select operating systems or products for which this baseline includes patches. Severity – Select the severity of updates to be included in this baseline. Language – Select which language versions of patches to include. Released Date – Provide a range for the release dates of the updates. Update Vendor – Select one of the listed update vendors. Add or remove specific updates to/from this baseline VI4 - Mod Slide

Review the Ready to Complete page, and click Finish. VI4 - Mod Slide

The Dynamic Virtual Machine Baseline appears in the Patch Baselines list VI4 - Mod Slide

Creating Baselines – Fixed Virtual Machine
Create a Fixed Virtual Machine Baseline Fixed baselines are composed of a particular set of patches. The patches included in fixed baselines do not vary as patch availability changes. VI4 - Mod Slide

To create a fixed virtual machine patch baseline Choose Home > Solutions and Applications > vCenter Update Manager. Click the Baselines and Groups tab. Click the Create link in the upper-right corner of the page. The New Baseline wizard appears. VI4 - Mod Slide

Provide a name and description for the baseline. Under Baseline Type, select VM Patch and click Next. VI4 - Mod Slide

Select Fixed for the type of baseline and click Next. VI4 - Mod Slide

To find specific updates to include in the baseline click Filter Select individual updates to include in the customized baseline, and click the down arrow to add them to the Included Updates list. Click Next. VI4 - Mod Slide

Review the Ready to Complete page, and click Finish. VI4 - Mod Slide

The Fixed Virtual Machine Baseline appears in the Patch Baselines list VI4 - Mod Slide

Creating Baselines – Virtual Appliances
Create a Virtual Appliance Upgrade Baseline You can create a virtual appliance upgrade baseline using the New Baseline wizard. The virtual appliance upgrade baselines consist of a set of user-defined rules. You can add many non-conflicting rules to a virtual appliance at once. If the rules you create are in conflict, the vCenter Update Manager displays an Upgrade Rule Conflict window, which allows you to resolve the conflicts. VI4 - Mod Slide

To create a virtual appliance upgrade baseline Choose Home > Solutions and Applications > vCenter Update Manager. Click the Baselines and Groups tab. Click the Create link in the upper-right corner of the page. The New Baseline wizard appears. VI4 - Mod Slide

Provide a name and description for the baseline. Under Baseline Type, select VA Upgrade and click Next. VI4 - Mod Slide

Select Vendor, Virtual Appliance, and Upgrade To options from the drop-down menus, and click Add Rule. (Optional) To add multiple rules, click Add Multiple Rules: a Select one or more vendors. b Select one or more appliances. c Select one Upgrade To option to apply to the selected appliances. d Click OK. If you create multiple rules to apply to the same virtual appliance, only the first applicable rule in the list is applied. Click Next. VI4 - Mod Slide

The Virtual Appliance Upgrade Baseline appears in the Upgrade Baselines list VI4 - Mod Slide

Create Baseline Groups
A baseline group consists of a set of non-conflicting baselines. Baseline groups allow you to create logical sets of patches. You can create additional baseline groups through the New Baseline wizard. When you create a baseline group, keep the following guidelines in mind: All patch baselines can be included in one baseline group. Only one upgrade baseline can exist in a baseline group. Multiple upgrade baselines cannot be included a baseline group. Baseline groups are displayed in the Baseline Groups pane of the Baselines and Groups tab of the vCenter Update Manager plug-in. VI4 - Mod Slide

Create Host Baseline Groups
To create a host baseline group Choose Home > Solutions and Applications > vCenter Update Manager. Click the Baselines and Groups tab. Click the Create link above the Baseline Groups pane. VI4 - Mod Slide

Provide a unique name for the baseline group, select Host Baseline Group, and click Next. VI4 - Mod Slide

Select a host upgrade baseline to include it in the baseline group. (Optional) To create a new host upgrade baseline, click the Create New Host Upgrade Baseline link at the bottom of the Upgrades page. VI4 - Mod Slide

Select the patch baselines you want to include in the baseline group. (Optional) To create a new patch baseline, click the Create New Host Patch Baseline link at the bottom of the Upgrades page. VI4 - Mod Slide

The Host Baseline Group appears in the Baselines Group list VI4 - Mod Slide

Create VM and VA Baseline Groups
Create Baseline Groups for Virtual Machines and Virtual Appliances You can create baseline groups for virtual machines and virtual appliances by using the Create Baseline Group wizard. VI4 - Mod Slide

To create a virtual machine and virtual appliance baseline group Choose Home > Solutions and Applications > vCenter Update Manager. Click the Baselines and Groups tab. Click the Create link above the Baseline Groups pane. VI4 - Mod Slide

Provide a unique name for the baseline group, select VM/VA Baseline Group, and click Next. NOTE If only virtual appliances are remediated, the virtual machines’ patches and upgrades are ignored. If only virtual machines are remediated, the virtual appliances’ upgrades are ignored. VI4 - Mod Slide

For each type of upgrade (virtual appliance, hardware, and tools), select one of the available upgrade baselines to include in the baseline group. To create a new Virtual Appliance upgrade baseline, click the Create New VA Upgrade Baseline link at the bottom of the Upgrades page. VI4 - Mod Slide

Select the patch baselines you want to include in the baseline group. (Optional) To create a new patch baseline, click the Create New VM Patch Baseline link at the bottom of the Upgrades page. VI4 - Mod Slide

The Virtual Machine / Virtual Appliance Baseline Group appears in the Baselines Group list VI4 - Mod Slide

Editing Baselines and Baseline Groups
You can edit existing baselines and baseline groups by using the Baselines and Groups tab of the vCenter Update Manager plug-in. You can change the name, description, and upgrade options of an existing baseline. VI4 - Mod Slide

Edit an Existing Baseline Group
You can change the name and type of an existing baseline group, as well as add or remove the included upgrade and patch baselines of a baseline group. To edit an existing baseline group Connect the vSphere Client to a vCenter Server on which vCenter Update Manager is installed, and select Home > Solutions and Applications > vCenter Update Manager. On the Baselines and Groups tab, select the type of baselines to edit. For example, to edit the upgrade baselines for ESX hosts, click the Hosts button and the Upgrade Baselines sub-tab. Select an existing baseline group from the Baseline Groups pane and click the Edit link above the pane. The Edit Baseline Group wizard appears. (Optional) Edit the name and group type of the baseline group and click Next. (Optional) Change the included upgrade baseline (if any) and click Next. (Optional) Change the included patch baselines (if any) and click Next. Review the Ready to Complete page and click Finish. VI4 - Mod Slide

Adding Baselines to Baseline Groups
The Baselines and Groups tab provides a convenient way to add baselines to existing baseline groups. To add a baseline to a baseline group Connect the vSphere Client to a vCenter Server on which vCenter Update Manager is installed, and select Home > Solutions and Applications > vCenter Update Manager. On the Baselines and Groups tab, click the Hosts or VMs/VAs button, depending on the type of baselines to view. From the Baseline Groups pane, select an existing baseline group. In the upper Baselines pane, click the Patch Baselines or Upgrade Baselines tab, depending on the type of baseline to add to the selected baseline group, and select a baseline from the list. Click Add Baseline to Group. The baseline is added to the selected baseline group. VI4 - Mod Slide

Removing Baselines from Baseline Groups
The Baselines and Groups tab provides a convenient way to remove baselines from existing baseline groups. To remove a baseline from a baseline group Connect the vSphere Client to a vCenter Server on which vCenter Update Manager is installed, and select Home > Solutions and Applications > vCenter Update Manager. On the Baselines and Groups tab, click the Hosts or VMs/VAs button, depending on the type of baselines to view. In the Baseline Groups pane, select an existing baseline group. In the Baselines in <Name> pane, select a baseline and click the Remove link in the upper right corner of the pane. Here, <Name> is the name of the baseline group. VI4 - Mod Slide

Attaching Baselines and Baseline Groups to Objects
To attach a baseline or a baseline group to an object from the inventory Connect the vSphere Client to a vCenter Server on which vCenter Update Manager is installed, and select Home > Inventory. Select the type of object you want to attach the baseline to. For example, Hosts and Clusters or VMs and Templates. Select the object in the inventory, and click the vCenter Update Manager tab. Click the Attach link in the upper-right corner. The Attach Baseline or Group window appears. From the Baseline Groups and Types pane, select a baseline group, or individual baselines by type. In the Baselines pane, select one or more baselines to attach to the object. If you choose one or more baseline groups to attach, all baselines in the group(s) are selected by default in the Baselines pane. You cannot deselect individual baselines in this case. (Optional) Click the Create Group or Create Baseline links to create a baseline group or a baseline. For more information on how to create baselines and baseline groups Click Attach. VI4 - Mod Slide

Detaching Baselines and Baseline Groups from Objects
You can detach baselines and baseline groups from certain objects in the inventory. To detach a baseline or baseline group Connect the vSphere Client to a vCenter Server on which vCenter Update Manager is installed, and select Home > Inventory. Select the type of object you want to attach the baseline to. For example, Hosts and Clusters or VMs and Templates. Select the object in the inventory, and click the vCenter Update Manager tab. Right-click the baseline or baseline group to remove, and click Detach Baseline or Detach Baseline Group, as applicable. The Detach Baseline or Detach Baseline Group window appears. Select the inventory entity from which you want to detach the baseline or baseline group, and click Detach. The baseline is detached from the VMware Infrastructure inventory object. VI4 - Mod Slide

Removing Baselines and Baseline Groups
You can remove baselines and delete them by using vSphere Client. To remove a baseline or baseline group Connect the vSphere Client to a vCenter Server on which vCenter Update Manager is installed, and select Home > Solutions and Applications > vCenter Update Manager. On the Baselines and Groups tab, select the baselines or baseline groups to remove, and click Delete. In the confirmation dialog, click Yes. VI4 - Mod Slide

Scanning VI Objects You can configure vCenter Update Manager to scan virtual machines, virtual appliances and ESX hosts against baselines and baseline groups by scheduling or manually initiating scans to generate compliance information. You can manually initiate a scan of objects in the vSphere Client inventory. VI4 - Mod Slide

Scanning VI Objects - Manually
To manually initiate a scan Choose Home > Inventory. Select the type of object you want to attach the baseline to. For example, Hosts and Clusters or VMs and Templates. In the left pane, right-click a container object to be scanned, and select Scan for Updates. VI4 - Mod Slide

Scanning VI Objects - Manually
Select the types of updates that the selected object and its child objects will be scanned for. The options are: Patches, Upgrades, and DVS Upgrades. Click Scan. VI4 - Mod Slide

Scanning VI Objects - Scheduled
You can configure the vSphere Client to run scans of objects in the inventory at specific times or intervals. To schedule a scan Choose Home > Management > Scheduled Tasks. Click New in the toolbar to open the Select a Task to Schedule dialog box. Select Scan for Updates, and click OK. VI4 - Mod Slide

Select the type of scan to schedule, and click Next. Select the objects to be scanned, and click Next. For all objects selected, all child objects are scanned as well. Enter a name and optional description for the scan. Set the frequency of the task, and click Next. (Optional) Select the check box to send Review the task summary and click Finish. VI4 - Mod Slide

Scheduled Task is submitted for execution VI4 - Mod Slide

Viewing Scan Results and Compliance States
vCenter Update Manager allows you to determine how machines comply with baselines and baseline groups. You can review compliance either by examining results for a single virtual machine, virtual appliance, template, or ESX host, or by reviewing the results for a grouping of virtual machines or ESX hosts. Baselines interact with virtual machines, virtual appliances, and templates in the following ways: If a user does not have permissions to view an object, an object’s contents, or a virtual machine, the results of those scans are not displayed. Compliance with baselines and baseline groups is assessed at the time of viewing Only information about compliance with relevant baselines and baseline groups is provided. Compliance status is displayed based on permissions. When you scan an ESX host against a fixed baseline, containing both obsolete and newer updates, the old updates are displayed as not compliant. VI4 - Mod Slide

Viewing Compliance Information
Compliance information is available through the vCenter Update Manager tab in the vSphere Client. For ESX hosts, you can view compliance in the Hosts and Clusters view. For virtual machines, virtual appliances, and templates, you can view compliance in the Virtual Machines and Templates view. To view compliance information Connect the vSphere Client to a vCenter Server on which vCenter Update Manager is installed, and select Home > Inventory. Select the type of object you want to attach the baseline to. For example, Hosts and Clusters or VMs and Templates. Click the vCenter Update Manager tab. VI4 - Mod Slide

Reviewing Scan Results for Inventory Objects
You can review how machines comply with baselines and baseline groups either by examining results for a single virtual machine, virtual appliance, template, or ESX host. You can also review the results for a grouping of virtual machines or ESX hosts. VI4 - Mod Slide

To review scan results for inventory objects Select Home > Inventory > object type (for example, Hosts and Clusters or VMs and Templates). Select the object whose scan results you want to view. Click the vCenter Update Manager tab. VI4 - Mod Slide

The results for scans completed on the object you select appear on the vCenter Update Manager tab. The tab is divided in four panes: Baseline Groups – Displays a list of the baseline groups attached to the selected object. Baselines – Displays a list of the baselines attached to the selected object or included in a selected baseline group. Compliance – Contains a compliance graph that changes dynamically depending on the inventory object you select. Below the graph is a list of the following items: All Applicable – Represents the total number of virtual machines or hosts for which compliance is being calculated. Non-Compliant – Number of virtual machines or hosts that are not compliant with the selected set of baselines and baseline groups. Unknown – Number of the virtual machines or hosts that are not scanned and their state is unknown. Compliant – Number of compliant virtual machines or hosts. Virtual Machines/Hosts – Depending on the objects you select, this pane contains different tables. VI4 - Mod Slide

Staging Patches for ESX Hosts
Staging patches for ESX hosts allows you to download the patches from a remote server to a local server, without applying the patches immediately. To stage patches for remediation Choose Home > Inventory > Hosts and Clusters. Right-click a Datacenter or an ESX host, and select Stage Update. Select the patch baselines and baseline groups to stage. VI4 - Mod Slide

Deselect the patches to exclude. To view a short summary of the patch, such as title, vendor, product, details URL, vendor assigned ID, release date, and so on, double-click a patch. VI4 - Mod Slide

Select when to stage the selected hosts, and click Next. Review the Ready to Complete page, and click Finish. VI4 - Mod Slide

Remediating VI Objects
You can remediate machines and virtual appliances either through user-initiated remediation or through regularly scheduled remediation. For the ESX hosts in a cluster, the remediation process is sequential. When you remediate a cluster of ESX hosts and one of the hosts fails to enter maintenance mode, the vCenter Update Manager reports an error and the process fails. The remaining ESX hosts in the same cluster that did get remediated stay at the updated level. The ones that were to be remediated after this host are not updated. For multiple clusters under a datacenter, the remediation processes are parallel. If the remediation process fails for one of the clusters within a datacenter, the remaining clusters are still remediated. VI4 - Mod Slide

Remediating Templates
Templates are a type of virtual machine, so they can be remediated. VMware recommends taking snapshots of templates before remediation, especially if the templates are sealed. A template that is sealed is stopped before operating system installation is completed, and special registry keys are used so that virtual machines created from this template start in setup mode. If errors occur, a template might not be returned to its sealed state. If vCenter Update Manager loses its connection with the vCenter Server during remediation, the template cannot be returned to its sealed state. Creating a snapshot before remediation provides for easy recovery from such issues. VI4 - Mod Slide

Manually Remediating VMs and Virtual Appliances
You can manually remediate virtual machines or virtual appliances. To remediate virtual machines and virtual appliances together, they have to be placed in one container such as a folder or a datacenter. You can then attach a single baseline group, or a set of individual virtual appliance or virtual machine baselines, to the container If you attach a baseline group, it must include both virtual machine and virtual appliance baselines. VI4 - Mod Slide

To manually initiate a remediation
Choose Home > Inventory > Virtual Machines and Templates. Click the vCenter Update Manager tab. Right-click the object to be remediated, and select Remediate. All child objects of the selected object are also remediated. The larger the virtual infrastructure and the higher in the object hierarchy you initiate the remediation, the longer the process takes. VI4 - Mod Slide

Click Attach and Select the baselines and baseline groups to apply. Select the machines and appliances to remediate and click VI4 - Mod Slide

Enter the name and optional description for the task. Select the time to initiate the remediation process and click Next. VI4 - Mod Slide

(Optional) Enable rollback before performing the update: a Select the check box Snapshot the virtual machine(s) before remediation. b Specify when the snapshot should be deleted or select Don’t delete snapshots. c Enter a name and optional description for the snapshot. d (Optional) Select the Snapshot the virtual machine’s memory check box. e Click Next. VI4 - Mod Slide

Review the summary information for the task to be completed. To view the individual baselines, patches, and upgrades, click the arrows appearing beside the items in the summary information. Click Finish. VI4 - Mod Slide

Working with vCenter Update Manager Events
vCenter Update Manager stores data about events. You can review this event data to gather information about the vCenter Update Manager operations that are in progress or have finished. Reviewing Events Use the vCenter Update Manager plug-in to view information about recent events. To review events Choose Home > Solutions and Applications > vCenter Update Manager Click the Events tab. VI4 - Mod Slide

Working with Updates To manage the available patches, use the Update Repository tab. The Update Repository tab allows you to see the new patches that are downloaded, as well as the baselines, if any, that a given update belongs to. You can see a table of all available patches. To review the Update Repository Choose Home > Solutions and Applications > vCenter Update Manager. Click the Update Repository tab. VI4 - Mod Slide

Update Manager Troubleshooting
Gathering Log Files To gather information about recent events on the vCenter Update Manager server for diagnostic purposes, use the Generate vCenter Update Manager log bundle functionality that the support script vum-support.wsf provided. To generate a vCenter Update Manager log bundle Log in to the vCenter Server on which vCenter Update Manager is installed. Choose Start > All Programs > VMware > Generate vCenter Update Manager log bundle. Log files are generated as a ZIP package, which is stored on the current user’s desktop. VI4 - Mod Slide

No Baseline Updates Available Baselines are based on metadata that vCenter Update Manager downloads from the Shavlik and VMware Web sites. Shavlik provides metadata for virtual machines and applications, while VMware provides metadata for ESX Server hosts. A common reason having no updates available for baselines might be that vCenter Update Manager cannot contact the Shavlik servers. The connection between vCenter Update Manager and the Web site includes several links, the failure of any of which might cause updates in baselines to be unavailable. Some possible causes and solutions include: Web server proxy misconfiguration. Shavlik servers being unavailable. Check the Shavlik Web site ( to determine whether it is available. VMware update service being unavailable to provide information about ESX Server updates. Poor network connectivity. Check whether other applications that use networking are functioning as expected. VI4 - Mod Slide

All Updates in Compliance Reports Are Not Applicable The results of a scan might be that all baselines are marked as Not Applicable. Such a condition typically indicates an error in scanning. Examine the server logs for Scan Tasks that are marked as Failed, or retry the scan operation. If problems persist, collect logs and contact VMware support for further assistance. The results of scans are normally composed of a mix of Installed, Missing, and Not Applicable results. For example, it is normal for a baseline composed of Linux patches to be Not Applicable to a Windows machine. Not Applicable entries are typically only a concern when this is the universal result or when it is the result for patches that you know should be applicable. VI4 - Mod Slide

Remediated Updates Continue to Be Not Compliant For Windows virtual machines, check the registry to make sure that the updates were not installed. Search for the Microsoft Knowledge Base (KB) number that pertains to the update in question. These numbers are in: The virtual machine’s registry in: HKLM\Software\Microsoft\Updates\<KB_number> The virtual machine’s file system in: C:\Windows\NTUninstall\<KB_number> Common explanations for this problem include: Insufficient disk space for Service Pack installation. Retry remediation after freeing up disk space. Conflicts with running applications. Reboot the virtual machine and then retry the remediation operation. VI4 - Mod Slide

Remediating Virtual Machines with All Update or All Critical Updates Fails In some instances, remediating virtual machines with the All Updates or All Critical Updates default baselines fails. This typically occurs in one of the following ways: Remediation fails to complete - To resolve the issue, end the patch process from the Task Manager in the guest. vCenter Update Manager posts events to identify the start and completion of a patch installation, along with the error code. Remediation fails for some patches – Patches might not be readily available. Remediation is completed, but the baseline is still not compliant – This condition might occur when applying patches that subsequently make other patches applicable. VI4 - Mod Slide

ESX Server Scanning Fails ESX Server scanning typically fails as a result of insufficient permissions or problems with SSL configuration. Check to make sure that the account being used to do the scanning has sufficient permissions and that your SSL connections are properly configured. Check vCenter Update Manager network port settings. VI4 - Mod Slide

Events vCenter Update Manager produces events that help you monitor the processes that the system is completing. Check the VMware vCenter Update Manager Administration Guide for a list of these events VI4 - Mod Slide

Lesson 2-10 Summary Understand vCenter Update Manager
Creating Baselines and Baseline Groups Scanning Host and Virtual Machines Remediating Hosts and Virtual Machines Understand the vCenter Update Manager Download Service Learn how to troubleshoot vCenter Update Manager VI4 - Mod Slide

Lesson 2-10 – OPTIONAL Lab 10 OPTIONAL LAB
Creating Baselines and Baseline Groups Scanning Hosts and Virtual Machines Remediating Hosts and Virtual Machines Using the vCenter Update Manager Download Service Troubleshooting vCenter Update Manager Not to be done due to time constraints VI4 - Mod Slide

VMware vCenter Server Update Manager

Similar presentations

Presentation on theme: "VMware vCenter Server Update Manager"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

VMware vCenter Server Update Manager

Similar presentations

Presentation on theme: "VMware vCenter Server Update Manager"— Presentation transcript:

Similar presentations

About project

Feedback