VMware Update Manager is a tool to automate and streamline the process of applying updates, patches or upgrades to a new version. VUM is fully integrated within vCenter Server and offers the ability to scan and remediate ESX/ESXi hosts, virtual appliances, virtual machine templates, and online and offline virtual machines running certain versions of Windows, Linux, and some Windows applications.
In this post you will learn how to Configure VMware Update Manager.
To install VMware Update manager follow Install VMware Update Manager.
- VUM Configuration
- Create a Baseline
- Create a Baseline Group
- Attach Baseline to Host/Cluster
- Remediate/Patch
1. VUM Configuration
Open Update Manager (Admin View)
Go to Home -> Update Manager
Under the configuration tab, Click on Patch Download Schedule to change the schedule and add an email notification.
Also change the Patch Download Settings to download only what you need, in my case I don’t need windows/linux VM patches or ESX 3.x patches so I am deselecting those.
2. Create a Baseline
There are two types of baselines: Dynamic and Fixed. Fixed baselines are used when you need to apply a specific patch to a system, while dynamic baselines are used to keep the system current with the latest patches. In this guide we will create a Dynamic Baseline.
Go to the Patch Baselines tab and click Create… on the upper right side.
The following screenshots are for a Security patches only baseline:
Give it a name and description
Select Dynamic
Choose Criteria
Review and click Finish
3. Create a Baseline Group
Baseline Groups, are combinations of non conflicting baselines. You can use a Baseline Group to combine multiple dynamic patch baselines, for example the default Critical Patches Baseline and the HostSecurity baseline we created in the previous step
This will create a Baseline Group that includes Critical and Security Patches:
Go to the Patch Baselines tab and click Create… (The Create link that is next to Baseline Groups)
Give it a name and select Host or VM, in this case it is Host
No upgrades, just patches
Select the individual Baselines you want to group
Leave defaults
Review and click Finish
This is how it should look
Now you are all set to attach your Baselines to a Host or to a Cluster.
4. Attach Baseline to Host/Cluster
Go into the Hosts and Clusters View (CTRL+SHIFT+H), select the Host/Cluster you want to attach the baseline to. In this guide I will attach the baseline to the Cluster.
Click on the Cluster, go to the Update Manager tab and click Attach…
Select the Individual or Group Baselines you want to apply to the Cluster and click Attach
You will back at the Hosts and Cluster view, click on Scan…
Once the scan has completed it will show you if you are compliant or not and then you have to remediate (patch).
5. Remediate/Patch
You can remediate the whole cluster or a host at a time, I prefer to do it a host at a time, but it is up to you.
Right click the Cluster/Host you want to patch, and select Remediate…
Select the Baseline you want to remediate
It will list all the patches that will be applied, here you can deselect some patches in case you don’t want them
You can do it immediately or schedule it to happen at a different time
Review the summary and execute
The server will go into maintenance mode and patches will be applied, also, if needed, the server will be rebooted as well.
And that is it, the Host/Cluster is now compliant and patched for Critical and Security patches.
Comments
Leave a comment Trackback