VUM is a tool that can be used to keep the VMware components of both hosts as well as VMs up to date. It provides a means and process to check for compliance of items against predefined baselines.
To install VUM, follow the same process you used to install vCenter. VUM will be an install option off the same menu…
Click the Install button to start the install. Click Next…
Uncheck the ‘Download updates…’ box and click Next…
Fill in your vCenter information and click Next…
Leave the default option for a new SQL instance and click Next…
Leave the default options for VUM connectivity and click Next…
Click on on the warning about low free space (if you get it)…
Once the install finishes, fire up vCenter and select ‘Plug-ins’ from the top menu bar, then select ‘Manage Plug-ins’ option. This loads the plug-in manager…
Under the available Plug-ins header, you should see VUM. Under status, click the ‘Download and Install…’ hyperlink. This will download and kick off the VUM client installer. I’m not going to walk through the installer since nothing is configurable. When it’s done, you should see that VUM has moved into the ‘Installed Plug-ins’ category…
If you close the plug-in manager, you should now see it listed on the home page…
Click on the Update Manger link to load VUM. Now, first things first. We told VUM not to automatically download updates. So let’s get some updates downloaded. Click on the configuration tab in VUM, then select Download Settings from the left hand menu. Hit the ‘Download now’ button to download the patch definitions.
Once the task is completed, you should be able to click on the Patch Repository tab and see all of the patches and updates that have been downloaded…
Now, the next step is to create baselines that can be applied to hosts and VMs. Click on the Baselines and Groups tab at the top…
VMware has some default baselines that break the patches into critical and non-critical updates. The baselines can be tuned to search the patch repository for almost anything you want. For instance, we are going to edit each one of the pre-made baselines and tell them to only search for ESXi5 patches. Click the first baseline and then click edit…
Click Next…
Click Next to leave the baseline in dynamic mode. Dynamic mode means that if any new patches are downloaded they’ll still work as part of this baseline…
On the next page change the setting for product from ‘Any’ to the ESXi5 option. Then click Next…
We don’t want to exclude any patches so click Next…
There aren’t any additional patches we want to add so click Next again…
And on the last page click Finish to wrap things up…
Make the same changes to the other predefined baseline. Now we are going to create a baseline group which is essentially an object that holds multiple baseline policies. On the right hand side of the screen under ‘Baseline Groups’ select the create option…
Call the group ‘Hosts – Windows Servers’ and click Next…
There are no upgrade baselines so click Next…
On the patches page click to check both of the existing baselines. Then just click Finish to end the wizard. Now we’ve just created a host baseline. If you noticed, along the top of the ‘Baselines and Groups’ tab there’s an options for Hosts (default) and one for VMs/VAs. Now let’s click on the VMs button and create another baseline group that has all of the predefined VM baselines as members.
Ok, so I know I rushed through that, but that’s because I want to get to the interesting stuff. So right now, we should have a host baseline group…
and a VM baseline group…
Now, we can apply these baselines to hosts and VMs. Let’s start with the VMs. Go to home, then ‘VMs and Templates’ view. Select your data center out on the left hand side of the screen..
Then scroll the tabs all the way to the left. The last one should be for ‘Update Manager’….
Now, we want to attach our baseline to the entire data center so that it get’s attached to all of our VMs. So click the attach link at the top…
Then select the baseline group we created at the bottom and click ‘Attach’. Once that’s attached, click the ‘Scan’ button to start a scan….
Make sure that all three boxes are check and click the ‘Scan’ button. Once the scan is completed we should see our results…
So let’s see what it found. Not surprisingly, my two windows server 2K8 boxes are showing as non-compliant. They were created a long time ago and then moved over to these new lab boxes. On the other hand, my 2K3 server is showing as compliant since that was a totally fresh install. So let’s take a look at remediating one of the 2K8 boxes. To work on 1 individual box, I click on it’s virtual machine name…
Now the screen has updated to show my stats on that one single VM. If we click on ‘Details’ link under the upgrades column it will tell us why the host isn’t compliant….
Looks like we are running an older version of virtual hardware. Close this out, and then go ahead and click the remediate button…
Select the baseline group from the options on the left, then click next…
The next screen allows us to schedule the update. Since this is a virtual hardware upgrade, go ahead and leave the default options. Then click next…
On the next screen uncheck the option for taking a snapshot. Then click next…
Lastly, click Finish. Now if you are watching your tasks, you should notice at this point that the VM is being powered off. Virtual hardware can’t be upgraded unless the machine is powered off, so in order to complete the task, VUM had to power off the VM. Now if you are like me, you might be thinking "hey, it didn’t say it was going to reboot the machine at all". This is where is pays to know a little bit about the upgrade requirements for each piece of VUM. VUM doesn’t warn you about everything so you need to know what you can and can’t do at certain times. Nonetheless, the process should finish..
And your VM should come back online. A quick look at the data center as whole and we can see that particular server is now off the non-compliant list…
Now let’s take a quick look at host upgrades. Go ahead and change your view to hosts and clusters and select the Windows Server cluster object we created earlier. Then scroll the tabs all the way to the right to find VUM. Same deal, click the attach link and select the baseline group we created…
Then click Attach and hit the scan button right away. When it’s done we can take a look at our host status…
As you can see, both of our host are not in compliance. Let’s take a look at the 10.20.30.6 host and see why. Click on the individual host, and then click on the details link the shows up underneath the patches column…
As you can see, the host is missing quite a few patches. Close this window out, then click the ‘Stage’ link in the bottom right….
On the next screen click Next…
Click Next…
Then click finish. This will kick off the staging process that actually pushes the updates to the host. When it’s done, you can see that it staged 12 out of the 33 patches to the host.
Let’s go ahead and tell it to remediate this host. Go ahead and click the remediate button.
Click Next…
Click Next…
Have it run immediately, and click Next…
I check the box to tell it to disable removable media since I’ve seen it hang on that before with DRS. Then click Next…
Click Next…
Click Finish and watch the magic happen. You should see the host enter maintenance mode and migrate any VMs off of it. This is the beauty of doing this with DRS clusters…
Now you should see the updates being applied, and the host being rebooted…
When the host comes back online, it should exit maintenance mode and rejoin the DRS cluster. Now let’s check and see what it’s current compliance status is…
As you can see, our host is now fully compliant.
So I know this was a quick run through but it’s the best that can be done for a general VUM post. As you can hopefully see, VUM is a powerful tool.
Ausgethsinet
Sehr Gut