VMware has released recently the latest patch for ESXi 7. A few weeks earlier (in May) we reported about VMware vCenter Server 7.0 U3e released – another maintenance release fixing vSphere with Tanzu. You can either update your ESXi hosts via vSphere Lifecycle Manager, or if you do not use vCenter for managing your environment, you can apply this patch individually. In this post we'll show you how to patch standalone VMware ESXi 7 to 7u3e latest version.
I don't think that I have to stress enough to keep your ESXi hosts up-to-date, to be protected against viruses and ransomware. Things are getting tough and protection is really necessary. Protection of your backups is N°1 priority! Think of 3-2-1 backup rule.
This ESXi 7U3e release includes mitigations for CVE-2022-21123, CVE-2022-21125, and CVE-2022-21166. For more information on these vulnerabilities including impacted product suites and release lines, please see: VMSA-2022-0016.
Let's get back to ESXi and patching. Many possibilities, here again, you have the possibility to patch via Internet or Offline. Some environments need to be isolated and some of them do not. We have already described the steps of patching ESXi via CLI here.
Note: The are many ways of keeping your infrastructure up to date. You can:
- Patch/Upgrade ESXi via ISO (video) – Note that you can slipstream and build your own latest ESXi iso.
But for the new people learning or new admins, here are the steps.
Patch Standalone VMware ESXi 7 to 7u3e latest version – The steps
Download the latest patch from the VMware patch portal. Go to the Customer Connect Patch Downloads page
then check the box for the latest one (U3e in our case…)
It is a cumulative patch, so you only need to pick the latest one. Download to your hard drive.
The next step is to upload the VMware-ESXi-7.0U3e-19898904-depot.zip file to your VMFS datastore visible by your ESXi host you want to patch. (It can be local datastore, or a shared datastore if you have few ESXi hosts connected to it). You'll do it via the datastore browser of your ESXi host, via HTML5 host client
Next, put your host into a maintenance mode – right-click your host > enter maintenance mode.
Then connect via SSH client (Need to enable SSH in services, if connection refused)
esxcli software sources profile list -d /vmfs/volumes/data/VMware-ESXi-7.0U3e-19898904-depot.zip
This allows us to show the profiles within your depot.
This will show you that you have 2-different “versions” of ESXi. One with and the other one without VMware tools (for autodeploy usage). Let's pick the “standard”.
So I simply type this update command below and I copy pasted the standard profile after the “-p” avoiding typing errors. Here is the full command from the lab.
esxcli software profile update -d “vmfs/volumes/data/VMware-ESXi-7.0U3e-19898904-depot.zip” -p ESXi-7.0U3e-19898904-standard
You should have a message saying that “The update completed successfully, but the sytem needs to be rebooted for the changes to be effective”.
Reboot the server and exit the maintenance mode.
If you're running very small cluster or just individual ESXi hosts, you don't really need to learn how to use vSphere Lifecycle Manager for updating/patching your ESXi hosts. You can use the CLI also in situations where your vCenter server is unavailable.
If you use vSphere Essentials (only about $500) with 3 hosts, you don't have HA or vMotion, so you use only the vCenter to access all your VMs and perhaps some Templates. I've seen small environments where vCenter server was even shut down to save resources, to pack more VMs on the hosts. So yes, vCenter is not necessary for patching of ESXi, but it's nice to have when you have clusters with 5-6 or more hosts and where those repetitive patchings get quickly annoying.
- VMware vSphere 7.0 Essentials PLUS
- VMware vSphere 7.0 Essentials
- VMware vSphere 7.0 Enterprise PLUS
- vSphere Essentials Per Incident Support
- Upgrade to vSphere Enterprise Plus
- VMware Current Promotions
From the docs: The esxcli software profile update command brings the entire content of the ESXi host image to the same level as the corresponding upgrade method using an ISO installer. However, the ISO installer performs a pre-upgrade check for potential problems, such as insufficient memory or unsupported devices. The esxcli upgrade method only performs such checks when upgrading from ESXi 6.7 Update 1 or later to a newer version.
More posts from ESX Virtualization:
- VMware vCenter Server 7.0 U3e released – another maintenance release fixing vSphere with Tanzu
- VMware vCenter Converter Discontinued – what’s your options?
- How to upgrade VMware VCSA 7 Offline via patch ISO
- vSphere 7.0 U3C Released
- vSphere 7.0 Page[All details about vSphere and related products here]
- VMware vSphere 7.0 Announced – vCenter Server Details
- VMware vSphere 7.0 DRS Improvements – What's New
- How to Patch vCenter Server Appliance (VCSA) – [Guide]
- What is The Difference between VMware vSphere, ESXi and vCenter
- How to Configure VMware High Availability (HA) Cluster