Blue Flower

In your VMware vSphere environment, it is compulsory to install the patches released by VMware on regular basis; I have seen cases where all host were on purple screens just because the Network Manager refused to install security updated for the ESXi, leading to the inevitable. Don't let yourself be caught and always stay just a little bit behind in regards to the update, not at the front line (do not install updates the very same day they come out!) and neither too far behind.

Okay, needless to say that prior to install any patches or upgrades on your vSphere environment, you need to have "Update Manager" configured

At the moment "Update Manager" only works with Microsoft Windows, so you should have installed it on a Windows box. In this article I'm not covering the installation of Update Manager, etc, that is quite easy :)

Once you got it install it, open the add-on in vCenter and do as follows:

  1. Visit the Manage tab
  2. Visit the "Host Baselines" tab"
  3. Click on the green  "+"  sign to add a new baseline

Call it "Host Patches" > select Host Patch and click on "Next"

 

Use a "Dynamic" base baseline, so that you don't have to update every time new patches become available

 For the following sections, I would only choose

  • Patch Vendor? = VMware
  • Product? = The ESXi running on your hosts, in this example 6.0.0
  • Severity? = Critical
  • Category? = Leave as any

Note that at the end of your selection a number of patches would have already been selected, on the example below the number is "26"

Don't select anything on the next two screens, that include the "EXCLUDE" and "INCLUDE" selection of additional patches, and when you're ready to complete, just click on Finish.

Before click on "Remediate" there are two things that you need to do:

  1. Ensure the relevant host you want to patch is on maintenance mode
  2. Visit the cluster and untick the option "Host Monitoring"

To remediate the hosts, now click on the "Go to compliance view" section

Then click on "Remediate" and choose the Host Remediation with the Patch Baselines; ensure before that no running VMs are functioning in the selected host, and that you have entered the host on "maintenance mode"

Ensure you disable DPM, FT and HA, even if you don't have the license for it, the "yellow exclamation mark" clearly warns you about this

Job done, once the upgrade is finished go and check the "configuration" page of the host and verify that it has a new build number, thus reflecting that the patches have been successfully installed

 

London, 10 February 2018

 

References:

https://kb.vmware.com/s/article/1024331

 

 

 

 

Print Friendly, PDF & Email