11 vSphereUpdateManager vSphere Update Manager and Host Maintenance Module 11 © 2015 VMware Inc All rights reserved © 2015 VMware Inc All rights reserved VMware vSphere Install, Configure, Manage 11 ‹.
vSphere Update Manager and Host Maintenance Module 11 © 2015 VMware Inc All rights reserved You Are Here Course Introduction Virtual Machine Management Software-Defined Data Center Resource Management and Creating Virtual Machines vCenter Server Configuring and Managing Virtual Networks Configuring and Managing Virtual Storage Monitoring vSphere HA and vSphere Fault Tolerance 10 Host Scalability 11 vSphere Update Manager and Host Maintenance 12 Installing vSphere Components VMware vSphere: Install, Configure, Manage © 2015 VMware Inc All rights reserved 11-2 Importance Over time, your VMware vSphere® environment might undergo changes in its hardware or software configuration, or in the form of software updates or patches From a manageability and scalability perspective, you should implement changes to your vSphere environment in an orderly, controlled, and systematic fashion VMware vSphere: Install, Configure, Manage © 2015 VMware Inc All rights reserved 11-3 Module Lessons Lesson 1: Introducing vSphere Update Manager and Patch Management Lesson 2: Host Profiles VMware vSphere: Install, Configure, Manage © 2015 VMware Inc All rights reserved 11-4 Lesson 1: Introducing vSphere Update Manager and Patch Management 11-5 © 2015 VMware Inc All rights reserved Learner Objectives By the end of this lesson, you should be able to meet the following objectives: • Describe VMware vSphere® Update Manager™ functionality • List the steps to install vSphere Update Manager • Use vSphere Update Manager create and attach a baseline VMware vSphere: Install, Configure, Manage © 2015 VMware Inc All rights reserved 11-6 About vSphere Update Manager vSphere Update Manager enables centralized, automated patch and version management for VMware ESXi™ hosts, virtual machine hardware, VMware Tools™, and virtual appliances vSphere Update Manager reduces security risks: • Reduces the number of vulnerabilities • Eliminates many security breaches that exploit older vulnerabilities vSphere Update Manager reduces the diversity of systems in an environment: • Makes management easier • Reduces security risks vSphere Update Manager keeps machines running more smoothly: • Patches include bug fixes • Makes troubleshooting easier VMware vSphere: Install, Configure, Manage © 2015 VMware Inc All rights reserved 11-7 vSphere Update Manager Capabilities vSphere Update Manager enables cross-platform upgrade from VMware ESX® to ESXi Automated patch downloading: • Begins with information-only downloading • Is scheduled at regular configurable intervals Creation of baselines and baseline groups Scanning: • Inventory systems are scanned for baseline compliance Remediation: • Inventory systems that are not compliant can be automatically patched Reduces the number of reboots required after VMware Tools updates VMware vSphere: Install, Configure, Manage © 2015 VMware Inc All rights reserved 11-8 vSphere Update Manager Components vSphere Update Manager includes several components and requires network connectivity with VMware vCenter Server™ vSphere Update Manager server component: • Install on the same computer as Windows vCenter Server or on a different computer Client components: • vSphere Update Manager Client runs on the desktop: – Use the vSphere Update Manager Client to perform patch and version management of the vSphere inventory ã Update Manager tab in the VMware vSpheređ Web Client plug-in: – Use to view scan results and compliance states for vSphere inventory objects Database: • Use to store and organize server data VMware vSphere: Install, Configure, Manage © 2015 VMware Inc All rights reserved 11-9 Requirements for Installing vSphere Update Manager vSphere Update Manager has the following installation requirements: • vSphere Update Manager must be installed on a Windows 64-bit machine • The vSphere Update Manager server requires an SQL Server or an Oracle database • vCenter Server must be installed • Update Manager is compatible only with vCenter Server You can install the vSphere Update Manager server and vSphere Update Manager Client only on Windows machines VMware vSphere: Install, Configure, Manage © 2015 VMware Inc All rights reserved 11-10 Viewing Compliance for vSphere Objects You can review compliance information for the virtual machines, virtual appliances, and hosts against baselines and baseline groups that you attach VMware vSphere: Install, Configure, Manage © 2015 VMware Inc All rights reserved 11-17 Remediating Objects You can remediate virtual machines, templates, virtual appliances, and hosts: • You can perform the remediation immediately or schedule it for a later date • Host remediation runs in different ways, depending on the types of baselines that you attach and whether the host is in a cluster or not • For ESXi hosts in a cluster, the remediation process is sequential by default • Remediation of hosts in a cluster requires that you temporarily disable cluster features such as VMware vSphere® Distributed Power Management™ and VMware vSphere® High Availability admission control VMware vSphere: Install, Configure, Manage © 2015 VMware Inc All rights reserved 11-18 Patch Recall Notification At regular intervals, vSphere Update Manager contacts VMware to download notifications about patch recalls, new fixes, and alerts: • Notification Check Schedule is selected by default On receiving patch recall notifications, vSphere Update Manager takes the following actions: • Generates a notification in the notification tab • No longer applies the recalled patch to any host: – Patch is flagged as recalled in the database • Deletes the patch binaries from its patch repository vSphere Update Manager does not uninstall recalled patches from ESXi hosts It waits for a newer patch and applies that patch to make a host compliant VMware vSphere: Install, Configure, Manage © 2015 VMware Inc All rights reserved 11-19 Lab 23: Using vSphere Update Manager Install, configure, and use vSphere Update Manager • Install the vSphere Update Manager Server • Install vSphere Update Manager • Modify the Cluster Settings • Configure vSphere Update Manager • Create a Patch Baseline • Attach a Baseline and Scan for Updates • Stage the Patches onto the ESXi Hosts • Remediate the ESXi Hosts VMware vSphere: Install, Configure, Manage © 2015 VMware Inc All rights reserved 11-20 Review of Learner Objectives You should be able to meet the following objectives: ã Describe VMware vSpheređ Update Manager functionality • List the steps to install vSphere Update Manager • Use vSphere Update Manager create and attach a baseline VMware vSphere: Install, Configure, Manage © 2015 VMware Inc All rights reserved 11-21 Lesson 2: Host Profiles 11-22 © 2015 VMware Inc All rights reserved Learner Objectives By the end of this lesson, you should be able to meet the following objectives: • Describe the host profiles workflow • Identify how to create a host profile • Recognize how to apply a host profile to an ESXi host or cluster • Use host profiles to perform remediation on an ESXi host VMware vSphere: Install, Configure, Manage © 2015 VMware Inc All rights reserved 11-23 About Host Profiles Host profiles provide an automated and centrally managed mechanism for host configuration and configuration compliance VMware vSphere: Install, Configure, Manage © 2015 VMware Inc All rights reserved 11-24 Host Profiles Workflow The host profile workflow starts with the concept of a reference host The reference host serves as the template from which the host profile is extracted: Set up and configure the reference host Create a host profile from the reference host Attach other hosts or clusters to the host profile Check the compliance of the added hosts to the host profile If all hosts are compliant with the reference host, they are correctly configured Apply the resulting recommendations to the hosts VMware vSphere: Install, Configure, Manage © 2015 VMware Inc All rights reserved 11-25 Creating a Host Profile You create a host profile by extracting the designated reference host’s configuration VMware vSphere: Install, Configure, Manage © 2015 VMware Inc All rights reserved 11-26 Attaching a Host Profile to a Host or Cluster After creating a host profile from a reference host, you attach the host or cluster to the host profile VMware vSphere: Install, Configure, Manage © 2015 VMware Inc All rights reserved 11-27 Checking Compliance You can confirm the compliance of a host or cluster to its attached host profile and determine which configuration parameters on a host are different from those specified in the host profile VMware vSphere: Install, Configure, Manage © 2015 VMware Inc All rights reserved 11-28 Remediating an ESXi Host In the event of a compliance failure, use the remediate function to apply the host profile settings onto the host This action changes all host profile-managed parameters to the values contained in the host profile attached to the host VMware vSphere: Install, Configure, Manage © 2015 VMware Inc All rights reserved 11-29 Review of Learner Objectives You should be able to meet the following objectives: • Describe the host profiles workflow • Identify how to create a host profile • Recognize how to apply a host profile to an ESXi host or cluster • Use host profiles to perform remediation on an ESXi host VMware vSphere: Install, Configure, Manage © 2015 VMware Inc All rights reserved 11-30 Key Points • vSphere Update Manager reduces security vulnerabilities by keeping systems up to date and by reducing the diversity of systems in an environment • Host profiles encapsulate the host configuration and help you manage the host configuration Questions? VMware vSphere: Install, Configure, Manage © 2015 VMware Inc All rights reserved 11-31