VCP – VMware update Manager (VUM)

      2 Comments on VCP – VMware update Manager (VUM)

VUM is a tool that can be used to keep the VMware components of both hosts as well as VMs up to date.  It provides a means and process to check for compliance of items against predefined baselines. 

To install VUM, follow the same process you used to install vCenter.  VUM will be an install option off the same menu…

image 
Click the Install button to start the install.  Click Next…

image 
Click Next…

image 
Click Next…

image 
Uncheck the ‘Download updates…’ box and click Next…

image 
Fill in your vCenter information and click Next…

image 
Leave the default option for a new SQL instance and click Next…

image 
Leave the default options for VUM connectivity and click Next…

image 
Click Next…

image 
Click on on the warning about low free space (if you get it)…

image 
Click Install…

image

Once the install finishes, fire up vCenter and select ‘Plug-ins’ from the top menu bar, then select ‘Manage Plug-ins’ option.  This loads the plug-in manager…

image 
Under the available Plug-ins header, you should see VUM.  Under status, click the ‘Download and Install…’ hyperlink.  This will download and kick off the VUM client installer.  I’m not going to walk through the installer since nothing is configurable.  When it’s done, you should see that VUM has moved into the ‘Installed Plug-ins’ category…

image

If you close the plug-in manager, you should now see it listed on the home page…

image
Click on the Update Manger link to load VUM.  Now, first things first.  We told VUM not to automatically download updates.  So let’s get some updates downloaded.  Click on the configuration tab in VUM, then select Download Settings from the left hand menu.  Hit the ‘Download now’ button to download the patch definitions. 

image

Once the task is completed, you should be able to click on the Patch Repository tab and see all of the patches and updates that have been downloaded…

image

Now, the next step is to create baselines that can be applied to hosts and VMs.  Click on the Baselines and Groups tab at the top…

image

VMware has some default baselines that break the patches into critical and non-critical updates.  The baselines can be tuned to search the patch repository for almost anything you want.  For instance, we are going to edit each one of the pre-made baselines and tell them to only search for ESXi5 patches.  Click the first baseline and then click edit…

image

Click Next…

image

Click Next to leave the baseline in dynamic mode.  Dynamic mode means that if any new patches are downloaded they’ll still work as part of this baseline…

image

On the next page change the setting for product from ‘Any’ to the ESXi5 option.  Then click Next…

image

We don’t want to exclude any patches so click Next…

image

There aren’t any additional patches we want to add so click Next again…

image

And on the last page click Finish to wrap things up…

image

Make the same changes to the other predefined baseline.  Now we are going to create a baseline group which is essentially an object that holds multiple baseline policies.  On the right hand side of the screen under ‘Baseline Groups’ select the create option…

image

Call the group ‘Hosts – Windows Servers’ and click Next…

image

There are no upgrade baselines so click Next…

image

On the patches page click to check both of the existing baselines.  Then just click Finish to end the wizard.  Now we’ve just created a host baseline.  If you noticed, along the top of the ‘Baselines and Groups’ tab there’s an options for Hosts (default) and one for VMs/VAs.  Now let’s click on the VMs button and create another baseline group that has all of the predefined VM baselines as members.

Ok, so I know I rushed through that, but that’s because I want to get to the interesting stuff.  So right now, we should have a host baseline group…

image

and a VM baseline group…

image

Now, we can apply these baselines to hosts and VMs.  Let’s start with the VMs.  Go to home, then ‘VMs and Templates’ view.  Select your data center out on the left hand side of the screen..

image

Then scroll the tabs all the way to the left.  The last one should be for ‘Update Manager’….

image

Now, we want to attach our baseline to the entire data center so that it get’s attached to all of our VMs.  So click the attach link at the top…

image

Then select the baseline group we created at the bottom and click ‘Attach’.  Once that’s attached, click the ‘Scan’ button to start a scan….

image

Make sure that all three boxes are check and click the ‘Scan’ button.  Once the scan is completed we should see our results…

image

So let’s see what it found.  Not surprisingly, my two windows server 2K8 boxes are showing as non-compliant.  They were created a long time ago and then moved over to these new lab boxes.  On the other hand, my 2K3 server is showing as compliant since that was a totally fresh install.  So let’s take a look at remediating one of the 2K8 boxes.  To work on 1 individual box, I click on it’s virtual machine name…

image

Now the screen has updated to show my stats on that one single VM.  If we click on ‘Details’ link under the upgrades column it will tell us why the host isn’t compliant….

image

Looks like we are running an older version of virtual hardware.  Close this out, and then go ahead and click the remediate button…

image

Select the baseline group from the options on the left, then click next…

image 
The next screen allows us to schedule the update.  Since this is a virtual hardware upgrade, go ahead and leave the default options.  Then click next…

image

On the next screen uncheck the option for taking a snapshot.  Then click next…

image

Lastly, click Finish.  Now if you are watching your tasks, you should notice at this point that the VM is being powered off.  Virtual hardware can’t be upgraded unless the machine is powered off, so in order to complete the task, VUM had to power off the VM.  Now if you are like me, you might be thinking "hey,  it didn’t say it was going to reboot the machine at all".  This is where is pays to know a little bit about the upgrade requirements for each piece of VUM.  VUM doesn’t warn you about everything so you need to know what you can and can’t do at certain times.  Nonetheless, the process should finish..

image

And your VM should come back online.  A quick look at the data center as whole and we can see that particular server is now off the non-compliant list…

image

Now let’s take a quick look at host upgrades. Go ahead and change your view to hosts and clusters and select the Windows Server cluster object we created earlier.  Then scroll the tabs all the way to the right to find VUM.  Same deal, click the attach link and select the baseline group we created…

image

Then click Attach and hit the scan button right away.  When it’s done we can take a look at our host status…

image

As you can see, both of our host are not in compliance.  Let’s take a look at the 10.20.30.6 host and see why.  Click on the individual host, and then click on the details link the shows up underneath the patches column…

image

As you can see, the host is missing quite a few patches.  Close this window out, then click the ‘Stage’ link in the bottom right….

image

On the next screen click Next…

 image

Click Next…

image

Then click finish.  This will kick off the staging process that actually pushes the updates to the host.  When it’s done, you can see that it staged 12 out of the 33 patches to the host. 

image

Let’s go ahead and tell it to remediate this host. Go ahead and click the remediate button. 

image

Click Next…

image

Click Next…

image

Have it run immediately, and click Next…

image

I check the box to tell it to disable removable media since I’ve seen it hang on that before with DRS.  Then click Next…

image

Click Next…

image

Click Finish and watch the magic happen.  You should see the host enter maintenance mode and migrate any VMs off of it.  This is the beauty of doing this with DRS clusters…

image

Now you should see the updates being applied, and the host being rebooted…

image

When the host comes back online, it should exit maintenance mode and rejoin the DRS cluster.  Now let’s check and see what it’s current compliance status is…

image

As you can see, our host is now fully compliant. 

So I know this was a quick run through but it’s the best that can be done for a general VUM post.  As you can hopefully see, VUM is a powerful tool.

2 thoughts on “VCP – VMware update Manager (VUM)

Leave a Reply

Your email address will not be published. Required fields are marked *