Jump to content

VMware Declines to Endorse Azure as a vSphere Platform

Microsoft's Azure technology publicly competes against Amazon Web Services as a VMware vSphere platform.
Read more

VCP6.5 Blueprint

Each blueprint entry contains links to top research sources. More links can be found at the bottom of each page.
VCP6.5-DCV Objective 1.2: Secure ESXi and vCenter Server VCP 6.5 Objectives
Sign in to follow this  
Eric

VCP6.5-DCV Objective 4.1: Perform ESXi Host and Virtual Machine Upgrades

Recommended Posts

Blueprint for VCP6.5-DCV Objective 4.1 Perform ESXi Host and Virtual Machine Upgrades

Configure download source(s) Set up UMDS to set up download repository  |  Import ESXi images Create Baselines and/or Baseline groups  |  Attach Baselines to vSphere objects  |  Scan vSphere objects  Stage Patches and Extensions  |  Remediate an object Upgrade a vSphere Distributed Switch  |  Upgrade VMware Tools Upgrade Virtual Machine hardware  |  Upgrade an ESXi Host using vCenter Update Manager  |  Stage multiple ESXi Host upgrades  |  Align appropriate Baselines with target inventory objects

 

  • Configure download source(s)

VMware vSphere 6.5 Docs. (September 15, 2014). Configuring the Update Manager Download Sources.

The VMware Update Manager (VUM) can be set up to pull patches from the web and a shared repository of UMDS data, but only one type of these download sources can be used concurrently. In this case, UMDS stands for Update Manager Download Service and does not stand for Universal Media Disk. Pulling patches from the web or a repository are the most scalable options as this automates the collection of patches, but for small scale testing and deployments the patches can be imported as a ZIP file. In a secure environment which locks down internet access, this is going to be the necessary route if there is not an internal repository available.

Using a zip file in this way is also known as an offline bundle. When doing this, there is not a risk of submitting the same file twice because "Update Manager extracts it and checks whether the metadata.zip file has already been imported" (Configuring the Update Manager Download Sources). This section of the documentation continues to explain that the composition of an offline bundle is "one metadata.zip file, one or more VIB files, and optionally two .xml files, index.xml and vendor-index.xml". However, at seemingly no point does it stop to explain what a VIB is or what it even stands for, which is VMware Installation Bundle. This is not the same as the zip file which gets imported but instead is in that zip file. A great blog breaking down exactly what a VIB is about is "What's in a VIB?" by Kyle Gleed (September 13, 2011).

As claimed in the 6.5 Documentation, “Downloading host patches from the VMware Web site is a secure process” (Configuring the Update Manager Download Sources). The process of downloading them from the VMware Patch Portal or major updates from the ESXi 6.5 product page is protected by SSL and verified by the VMware account used for the login. Also, patches are digitally signed with VMware private keys. “Before you try to install a patch on a host, the host verifies the signature" (Configuring the Update Manager Download Sources). Therefore, any alteration to the integrity of the data in the patch would be revealed after the host uses VMware’s public key to confirm the digital signature and the hash of the file.

vSphere 6.5 Docs: Configure Update Manager to Use the Internet as a Download Source
.

vSphere 6.5 Docs: Add a New Download Source

.
vSphere 6.5 Docs: Use a Shared Repository as a Download Source

.

  • Set up UMDS to set up download repository

VMware vSphere 6.5 Docs. (September 28, 2017). Installing, Setting Up, and Using Update Manager Download Service.

.

VMware vSphere 6.5 Docs. (October 07, 2016). Compatibility Between UMDS and the Update Manager Server.

.

VMware vSphere 6.5 Docs. (October 24, 2016). Installing UMDS on a Windows Operating System.

.

VMware vSphere 6.5 Docs. (June 29, 2017). Installing and Upgrading UMDS on a Linux-Based Operating System.

.

VMware vSphere 6.5 Docs. (September 28, 2017). Setting Up and Using UMDS.

.

  • Import ESXi images
  • Create Baselines and/or Baseline groups
  • Attach Baselines to vSphere objects
  • Scan vSphere objects
  • Stage Patches and Extensions
  • Remediate an object
  • Upgrade a vSphere Distributed Switch
  • Upgrade VMware Tools
  • Upgrade Virtual Machine hardware
  • Upgrade an ESXi Host using vCenter Update Manager

Backing up and Restoring an ESXi Host

Before upgrading an ESXi host it's important to back up its configuration first. KB 20142141 (September 11, 2017) runs over how to do this using various techniques.

This is the command structure for how to do this on PowerCLI:

Get-VMHostFirmware -VMHost ESXi_host_IP_address -BackupConfiguration -DestinationPath output_directory

In the above command, 'output_directory' is the path to the folder where the configuration will be stored, such as C:/backups/esxi-configs.

After storing the recovery file, the host can then be restored to this saved configuration with the following powerCLI command:

Set-VMHostFirmware -VMHost ESXi_host_IP_address -Restore -SourcePath backup_file -HostUser username -HostPassword password

Before attempting the restore operation, however, the host should be in maintenance mode, which assures that no online VMs are running on it and none will be migrated back to it with vMotion until it is ready and taken out of maintenance mode. This can be done with a simple right click on the host, but since it is more fun to do everything in PowerCLI, the following command can also be used to put the host in maintenance:

Set-VMHost -VMHost ESXi_host_IP_address -State 'Maintenance'

The above operations can also be done on the vSphere CLI or the ESXi CLI. For instructions on how to use those other methods, please see the KB.

  • Stage multiple ESXi Host upgrades
  • Align appropriate Baselines with target inventory objects

 

 

 

Resources

Official Resources Used for Exam Objective 4.1

Technical Papers Specific to vSphere Upgrades

General Links

Internal Links

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×