Книга: Mastering VMware® Infrastructure3

VMware Update Manager

VMware Update Manager

VMware Update Manager is a VirtualCenter 2.5 plug-in that offers an automated patch management solution for ESX Server 3.5 and 3i hosts and virtual machines running Windows or Linux. The Update Manager scans hosts and virtual machines and compares them against administrator-defined security baselines to determine if patches are missing. The update process is DRS aware and works in a non-disruptive manner to prevent downtime.

To get started with the VMware Update Manager the plug-in must be installed and enabled from the Plugins menu in VirtualCenter 2.5 as shown in Figure 12.41.


Figure 12.41 VMware Update Manager plugin is installed from the Plugins menu in VirtualCenter 2.5.

Plugin Installation

The installation of plugins is required on each system where the VI Client is being used to connect to VirtualCenter 2.5. 

Once the plugin has been installed it will need to be enabled as shown in Figure 12.42. 

? Once the plug-in is installed and enabled, baselines need to be established. The baselines provide a comparable standard against which an ESX Server host or virtual machine is measured to determine its level of compliance. VirtualCenter 2.5 provides the following default baselines shown in Figure 12.43. Non-critical Virtual Machine Updates

? Non-critical Host Updates

? Critical Virtual Machine Updates

? Critical Host Updates

Creating a custom baseline allows administrators to pick and choose the updates to be delivered. For example, suppose that you wanted to push out all critical and non-critical host and virtual machine updates. A custom baseline can be created for all updates.


Figure 12.42 VMware Update Manager plug-in must be enabled after installation.


Figure 12.43 Default baselines for VMware Update Manager.

Perform the following steps to create a custom baseline.

1. Use the VI Client to connect to VirtualCenter 2.5.

2. Click the Update Manager icon from the menu bar of VirtualCenter.

3. From the Getting Started tab, click the Create a new baseline link. Alternately, you could select the baselines tab and click Add or click the New Baseline.

4. The New Baseline Wizard starts as shown in Figure 12.44.


Figure 12.44 Custom baselines can be established for hosts and virtual machines.

5. Type in a name for the custom baseline and select the Virtual Machine / Guest OS Updates or ESX Server Updates radio button.

6. Click the Next button.

7. Select the baseline type:

 ? Fixed: allows for the selection of specific updates. Selecting this option adds a step in the wizard that allows for the selection of updates to be delivered as part of the baseline.

 ? Dynamic: allows the baseline to be populated automatically with critical, non-critical, or all updates.

8. Select Add or Remove Specific Updates from this Baseline to customize the list of updates and click the Next button. Selecting this option adds another step in the wizard that allows for the selection of updates to be excluded shown in Figure 12.45. If not selecting this option click the Next button to proceed.

9. Click the Finish button.


Figure 12.45 Updates can be excluded from baselines.

Once the appropriate baselines have been configured they can be applied to hosts and virtual machines. Baselines can be attached at various levels in the hierarchy. For example, a baseline for host updates can be applied at the cluster level to affect all servers in the cluster as shown in Figure 12.46. Or baselines can be applied at a more granular level by attaching them directly to a host.


Figure 12.46 Baselines for host updates can be applied at higher levels, like a cluster, to affect multiple hosts.

The Update Manager tab identifies the number of hosts that are compliant, non-compliant, or unknown. By clicking on the number value shown in each column, as shown in Figure 12.47, more details can be obtained about the respective hosts. In this particular case silo3504.vdc.local and silo3506.vdc.local are compliant, leaving silo3505.vdc.local as the lone host in an unknown status.


Figure 12.47 VMware Update Manager makes it easy to identify compliant and non-compliant systems.

From the Update Manager tab at the cluster level you can instantiate a remediation by right-clicking the appropriate baseline and selecting the Remediate option. Otherwise you could navigate to the Update Manager tab for the individual host or hosts that need remediation and perform the update on a host-by-host basis. Selecting the Remediate option will start the Remediate wizard shown in Figure 12.48.


Figure 12.48 Use the Remediation option to install all the updates that are missing according to the defined and attached baseline.

The remediation wizard will provide the option for performing the remediation immediately or scheduled for a later date and time. In order to perform the remediation (install the updates) the host must be put into maintenance mode. Remember that maintenance mode requires all virtual machines to be powered off, suspended, or VMotion'ed off to another host. Therefore the remediation wizard offers the ability to configure failure options as shown in Figure 12.49. The failure options include the response, the retry delay, and the number of retries. Failure response includes a drop-down list with the following options:

? Fail Task

? Retry

? Power off virtual machines and retry

? Suspend virtual machines and retry

DRS and Update Manager

Since the Update Manager requires a host in maintenance mode, this is yet another good reason to set DRS to a fully automated state. This would allow virtual machines to be relocated via VMotion to another host in order to proceed with the remediation of the ESX Server host. Otherwise you may find that the host sits in the Enter Maintenance Mode state until administrative action is taken to power off, suspend, or move the running virtual machines.  


Figure 12.49 Immediate or scheduled remediation of an ESX Server host requires the host to be in maintenance mode.

Once the host has been put into maintenance mode the update process will begin and the Tasks pane will show each of the successive update installations as shown in Figure 12.50. Upon completion of all the updates the host will be rebooted and brought out of maintenance, where virtual machines can then be powered on or relocated back to the host.

Thus far in looking at Update Manager we have seen how host updates are managed through the Hosts & Clusters view in VirtualCenter 2.5. The updates for virtual machines are very similar but are best managed from the Virtual Machines & Templates view. This facilitates managing the updates for virtual machines that are organized into folder structures in the VirtualCenter inventory. The procedure for applying virtual machine patches is nearly identical to the process as discussed for ESX Server host. As shown in Figure 12.51, the remediation wizard for virtual machines allows for distinct schedules for virtual machines in various states; powered on, powered off, or suspended.


Figure 12.50 Host updates are installed while in maintenance mode and then the host is rebooted and brought out of maintenance mode.


Figure 12.51 Virtual Machines in different states can be scheduled for different remediation times.

Perhaps the best feature of virtual machine updates is that VMware has included, by default, the creation of a snapshot prior to the installation of the updates, thereby providing a rollback option. As shown in Figure 12.52, the remediation wizard allows the administrator to define the length of time that the snapshot should be maintained, because as you may know and as stated in the wizard, snapshots can reduce virtual machine performance and hinder VMotion. Ideally the snapshot should be kept only for a duration of time long enough to ensure the system is still functioning normally and then it should be removed.


Figure 12.52 Snapshots taken prior to virtual machine remediation are maintained for a definable period of time.

As the remediation process proceeds, the Tasks pane will identify the entity undergoing remediation as well as the hosts that are managing the virtual machines that are being updated.

The VMware Update Manager provides is a simple tool with significant impact on the virtual infrastructure. Whether you use the tool for updating virtual machines in place of the native Microsoft tools is up to you, but most certainly its use case for updating ESX Server hosts is indisputable. The simplicity of the tool coupled with its existing and seamless integration with VirtualCenter means that patch management for ESX Server hosts can be done in a matter of the few minutes it takes to create a baseline and perform remediation.

Оглавление книги


Генерация: 0.046. Запросов К БД/Cache: 0 / 0
поделиться
Вверх Вниз