You have to keep your ESXi hosts up to date with the latest patches to keep them secure and to solve bugs. The hardware compatibility of the virtual machines and the version of the VMware Tools in your virtual machines have to be updated as well to be able to use the newest features. All of these updates can be done and managed using the VMware vSphere Update Manager (VUM). This powerful piece of software is included in the VMware vCenter Server license.
vSphere Update Manager uses a local repository in which it stores patches downloaded from VMware and VMware partners, such as Dell and Hewlett Packard Enterprise (HPE). You can create baselines, in which you define the patches that have to be installed on your hosts. Then, you can scan your hosts for compliance with the baselines. If a host has missing patches, you can stage the missing patches to the host. Finally, you can remediate your hosts to install the missing patches. vSphere Update Manager works together with Distributed Resource Scheduler (DRS) to put hosts in the maintenance mode and migrate virtual machines to other hosts before remediation.
The following topics are covered in this chapter:
- Downloading new patches into the Update Manager repository
- Retrieving patches in the Update Manager repository
- Using baselines and baseline groups
- Testing inventory objects for compliance with baselines
- Retrieving baseline compliance data
- Initializing staging of patches
- Remediating inventory objects
Before you can upgrade your ESXi hosts with the latest patches and upgrade the VMware Tools in your virtual machines, you have to download the patches from the enabled patch download sources to the local patch repository on your vSphere Update Manager server.
After installation of vSphere Update Manager, the download sources of VMware are already configured. Other vendors that have download sources are DELL and Hewlett-Packard Enterprise. The download sources of the companies are:
Unfortunately, you cannot use PowerCLI to add download sources to vSphere Update Manager. You have to use the vSphere Web Client to do this. Go to Home | Update Manager | Select your vSphere Update Manager in the left pane | Manage | Settings | Download Settings | Edit... to edit the download sources.
In the following screenshot of the vSphere Web Client, you will see the vSphere Update Manager download settings page:
The Sync-Patch cmdlet downloads patches into the Update Manager repository.
The syntax of the Sync-Patch cmdlet is as follows:
Sync-Patch [-Server <VIServer[]>] [-RunAsync] [<CommonParameters>]
The Sync-Patch cmdlet has no required parameters.
In the following example, we will download patches from the configured download sources into the local vSphere Update Manager patch repository:
PowerCLI C:> Sync-Patch
The output of the preceding command is as follows. Because of the length of the output, we have truncated the output after a few lines:
Name Product Release Date Severity Vendo r Id ---- ------- ------------ -------- ----- Updates esx-base {embeddedEsx... 9/13/2011 10... Important ES... Updates tools-light {embeddedEsx... 9/13/2011 10... Moderate ES... Updates esx-base {embeddedEsx... 11/3/2011 9:... Important ES... Updates esx-base {embeddedEsx... 12/15/2011 9... Important ES... Updates tools-light {embeddedEsx... 12/15/2011 9... Important ES... Updates net-e1000... {embeddedEsx... 12/15/2011 9... Important ES... Updates misc-drivers {embeddedEsx... 12/15/2011 9... Low ES... Updates net-be2net {embeddedEsx... 12/15/2011 9... Low ES... Updates the ESXi ... {embeddedEsx... 3/15/2012 9:... Important ES...