We continue to fill our VCP6.5-DCV Study guide page with one objective per day. Today's chapter is VCP6.5-DCV Objective 4.1 – Perform ESXi Host and Virtual Machine Upgrades. There is no particular order when those chapters are published, but each chapter is a single blog post with a maximum of screenshots. Our previous study guide covering VCP6-DCV exam was, as we heard, very much appreciated.
As you know, the latest vSphere 6.5 has now its certification exam. (since April). Not many guides are online so far, so we thought that it might be (finally) perhaps, a good idea to get things up.
The exam has 70 Questions (single and multiple choices), passing score 300, and you have 105 min to complete the test.
Check our VCP6.5-DCV Study Guide Page.
You can download your free copy via this link – Download Free VCP6.5-DCV Study Guide at Nakivo.
VCP6.5-DCV Objective 4.1 – Perform ESXi Host and Virtual Machine Upgrades
- Configure download source(s)
- Set up UMDS to set up download repository
- Import ESXi images
- Create Baselines and/or Baseline groups
- Attach Baselines to vSphere objects
- Scan vSphere objects
- Stage Patches and Extensions
- Remediate an object
- Upgrade a vSphere Distributed Switch
- Upgrade VMware Tools
- Upgrade Virtual Machine hardware
- Upgrade an ESXi Host using vCenter Update Manager
- Stage multiple ESXi Host upgrades
- Align appropriate Baselines with target inventory objects
Configure download source(s)
You can configure the Update Manager server to download patches and extensions for ESXi hosts or upgrades for virtual appliances from:
- Shared repository of UMDS data.
- Manual import o ZIP file for ESXi upgrade too.
Figure 0: VMware vSphere Update Manager (VUM) adding or modifying download sources
With VMware Update Manager (VUM) it's possible to import VMware patches, but also third-party patches. You can do so by importing those manually from a ZIP file (offline bundle). Import of offline bundles is supported only for hosts that are running ESXi 5.0 and later.
You download the offline bundle ZIP files from the Internet or copy them from a media drive, and save them on a local or a shared network drive. You can import the patches or extensions to the VUM patch repository later. You can download offline bundles from the VMware Web site or from the Web sites of third-party vendors.
Offline bundles contain one metadata.zip file, one or more VIB files, and optionally two .xml files, index.xml and vendor-index.xml. When you import an offline bundle to the VUM patch repository, VUM extracts it and checks whether the metadata.zip file has already been imported.
If the metadata.zip file has never been imported, VUM performs sanity testing and imports the files successfully. After you confirm the import, VUM saves the files into the Update Manager database and copies the metadata.zip file, the VIBs, and the .xml files, if available, into the VUM patch repository.
Set up UMDS to set up download repository
See visual above (Figure 0).
VMware VUM supports both HTTP and HTTPS URL addresses. Use HTTPS URL addresses, so that the data is downloaded securely. The URL addresses that you add must be complete and contain the index.xml file, which lists the vendor and the vendor index
Import ESXi images
It's possible to upgrade the hosts in your environment to ESXi 6.5 by using host upgrade baselines. To create a host upgrade baseline, you must first upload at least one ESXi 6.5 .iso image to the Update Manager repository.
With VUMr 6.5 you can upgrade hosts that are running ESXi 5.5 or ESXi 6.0 to ESXi 6.5. Host upgrades to ESXi 5.0, ESXi 5.1, ESXi 5.5, or ESXi 6.0 are not supported.
You can create custom ESXi images that contain third-party VIBs by using vSphere ESXi Image Builder.
- Tip: How to create a custom ESXi 6.5 ISO with VMware Image Builder GUI
- Tip: How To Create VMware ESXi ISO With Latest Patches
- Tip: How to upgrade an ESXi 6.0 to ESXi 6.5 via VMware Update Manager
Create Baselines and/or Baseline groups
Firs we'll talk about what are baselines and baseline groups. Baselines contain a collection of one or more patches, extensions, service packs, bug fixes, or upgrades, and can be classified as patch, extension, or upgrade baselines. Baseline groups are assembled from existing baselines.
TIP: There are differences between host baselines and VM baselines.
- Host baseline groups can contain a single upgrade baseline, and various patch and extension baselines.
- Virtual machine and virtual appliance baseline groups can contain up to three upgrade baselines: one VMware Tools upgrade baseline, one virtual machine hardware upgrade baseline, and one virtual appliance upgrade baseline.
When you scan hosts, virtual machines, and virtual appliances, you evaluate them against baselines and baseline groups to determine their level of compliance.
VMware VUM has two predefined patch baselines and three predefined upgrade baselines. You cannot edit or delete the predefined virtual machine and virtual appliance upgrade baselines.
You can use the predefined baselines, or create patch, extension, and upgrade baselines that meet your criteria. Baselines you create, and predefined baselines, can be combined in baseline groups. For more information about creating and managing baselines and baseline groups.
Baseline Types – VUM supports different types of baselines that you can use when scanning and remediating objects in your inventory.
Update Manager Default Baselines – Update Manager includes default baselines that you can use to scan any virtual machine, virtual appliance, or host to determine whether the hosts in your environment are updated with the latest patches, or whether the virtual appliances and virtual machines are upgraded to the latest version.
Baseline Groups – Baseline groups can contain patch, extension, and upgrade baselines. The baselines that you add to a baseline group must be non-conflicting.
Attach Baselines to vSphere objects
Figure 1: Host Baselines and baseline groups
In order to see a compliance information (whether the host needs to be patched or not), you need to first attach existing baselines and baseline groups to the objects within your inventory, which needs to be scanned.
You'll need certain privilege for this: VMware vSphere Update Manager > Manage Baselines > Attach Baseline.
Select the type of object in the vSphere Web Client object navigator. (ex Cluster) > go to the Update manager TAB > Attach baseline or baseline group select baseline to attach to the selected object.
Scan vSphere objects
When you're scanning objects (VMs, hosts, clusters), those are compared to patches, extensions, and upgrades included in the attached baselines and baseline groups.
You can configure VUM to scan virtual machines, virtual appliances, and ESXi hosts by manually initiating or scheduling scans to generate compliance information. To generate compliance information and view scan results, you must attach baselines and baseline groups to the objects you scan.
You can scan vSphere objects from the Update Manager Client Compliance view
Stage Patches and Extensions
Staging is a process where you “push” patches and extensions from VUM to the ESXi host. The patches are stored at the ESXi host and wait there to be deployed. It “prepares” the patches at their destination so the remediation process is then faster. It's clever as the maintenance window can be shortened.
To stage patches or extensions to hosts, first, attach a patch or extension baseline or a baseline group containing patches and extensions to the host.
Requirements: Stage Patches and Extensions privilege.
Obsolete patches – VMware VUM can stage only patches that it can install in a “subsequent remediation process“, after a scan of ESXi host. If a patch is obsoleted by patches in the same selected patch set, the obsoleted patch is not staged.
Conflicts – If a patch is in conflict with the patches in VUM patch repository and is not in conflict with the host, after a scan, VUM will report this patch as a conflicting one. You can stage the patch to the host and after the stage operation, Update Manager reports this patch as staged.
Prescan and Postscan – VUM executes prescan and postscan operations to be able to update the compliance state of the baseline.
After Staging – Remediation
When patches or extensions are staged to your hosts, you can remediate the hosts against all staged patches or extensions.
After Remediation, all staged patches or extensions are deleted by the hosts from its cache.
vSphere Web Client > Select Home > Hosts and Clusters > Right-click a datacenter, a cluster, or a host, and select Update Manager > Stage Patches.
The Stage Patches wizard opens.
Select the patch and extension baselines to stage on the Baseline Selection page of the Stage wizard > select hosts > Next. > Review > Finish.
You can also deselect patches and(or) extensions to exclude from the stage operation. It's also possible to search within the list of patches and extensions, enter text in the text box on the righ hand side.
Remediate an object
Remediation can be manual or scheduled. You can remediate VMs, or virtual appliances together if they are inside a container (folder, datacenter or vApp). If you attach a baseline group, it can contain both a virtual machine and virtual appliance baselines. The virtual machine baselines apply to virtual machines only, and the virtual appliance baselines apply to virtual appliances only.
During remediation, virtual appliances must be able to connect to the Update Manager server. You can also remediate templates by using VUM.
VMware tools can be upgraded (updated) as a part of the process, but a restart is necessary.
VUM present in vSphere 6.0 is able to remediate hosts of version ESXi 5.x against offline bundles that has been manually imported.
Upgrade a vSphere Distributed Switch
The upgrade from 5.x to 6.0 or 6.5 is not reversible.
vSphere Web client > Networking > Right-click the distributed switch and select > Upgrade > Upgrade Distributed Switch
It’s non-disruptive operation, so no downtime.
Version 6.0.0 – Compatible with ESXi version 6.0 and later.
Version 5.5.0 – Compatible with ESXi version 5.5 and later. Features released with later vSphere Distributed Switch versions are not supported.
Version 5.1.0 – Compatible with ESXi version 5.1 and later. Features released with later vSphere Distributed Switch versions are not supported.
Upgrade VMware Tools
VMware tools can be upgraded automatically or manually. It's possible to configure VMs to check latest versions of VMware Tools too at power ON.
Within the Guest OS, there is a status bar (Windows) which shows you whether a new version is available. The Yellow (caution) icon shows up when a VMware Tools upgrade is available.
To install a VMware Tools upgrade: Same as clean install.
Automatic configuration of VM tools installation/upgrade – The automatic upgrade will trigger when you power off or restart the virtual machine. The status bar displays the message “Installing VMware Tools”.
Virtual Machines TAB > Select VM(s) Update Manager TAB >
VMware highly recommends that you upgrade to the most updated version of the VMware Tools.
Some features in a particular release of a VMware product might depend on installing or upgrading to the version of VMware Tools included in that release. Upgrading to the latest version of VM tools will assure the particular feature to work.
Upgrade Virtual Machine hardware
You can upgrade the Virtual machine hardware (VMX) to the latest version of ESXi in use.
vSphere Web client > Power Off VM > Right click VM > Options > Upgrade Virtual Hardware.
In the vSphere Web Client > righ click VM > Compatibility > Upgrade VM Compatibility.
Then, the VM's virtual hardware is upgraded to the latest supported version. (you have no choice between version, like in the previous example).
Upgrade an ESXi Host using vCenter Update Manager
During host scan, the host is compared to the VIBs from the upgrade image. The host scanned against an upgrade baseline compares the ISO image referenced in the baseline. If the ISO is the same version as the target host, VUM shows “Compliant” (or Non-compliant if it's not).
You can also use an ISO 6.5 image in an upgrade operation of an ESXi 6.5 host. The remediation process of ESXi 6.5 host by using ESXi 6.5 image with additional VIBs is equivalent to a patching process. Because the upgrade image of the same version as the target host, with completing the upgrade operation the additional VIBs are added to the target host.
Stage multiple ESXi Host upgrade
Within clustered VMware environments, the patching process used by VUM does the remediation one-by-one. Sequentially. Each host goes to maintenance mode > remediation > exit maintenance mode > next host. Etc.
If a host in a DRS enabled cluster runs a virtual machine on which Update Manager or vCenter Server are installed, DRS first attempts to migrate the virtual machine running vCenter Server or Update Manager to another host so that the remediation succeeds. In case the virtual machine cannot be migrated to another host, the remediation fails for the host, but the process does not stop.
Requirements: Disable DPM and HA admission control. Also FT disable, you should.
You can remediate in parallel too:
When you remediate a cluster of hosts in parallel, VUM does the remediate actions on multiple hosts at the same time. During parallel remediation, if VUM finds an error when remediating a host, it ignores the host and the remediation process continues for the other hosts in the cluster. VUM continuously evaluates the maximum number of hosts it can remediate concurrently without disrupting DRS settings. You can limit the number of concurrently remediated hosts to a specific number.
VUM remediates hosts that are part of a vSAN cluster sequentially even if you select the option to remediate them in parallel. The reason is that by design only one host from a vSAN cluster can be in a maintenance mode at any time.
For multiple clusters under a datacenter, the remediation processes run in parallel. If the remediation process fails for one of the clusters within a datacenter, the remaining clusters are still remediated.
Align appropriate Baselines with target inventory objects
VUM baselines are hosts baselines, virtual machine baselines, and virtual appliance baselines. In order to upgrade objects within your environment, it's possible to use:
- Predefines baselines
- System-managed baselines
- Custom baselines that you create.
Depending on the purpose for which you want to use them, host baselines can contain a collection of one or more patches, extensions, or upgrades. Therefore host baselines are upgrade, extension, or patch baselines. To update or upgrade your hosts you can use the Update Manager default baselines, or custom baselines that you create.
The VMs/VAs baselines are predefined. You cannot create custom VMs/VAs baselines.
The default baselines are the predefined and system managed baselines – VUM displays system managed baselines that are generated by vSAN. These baselines appear by default when you use vSAN clusters with ESXi hosts of version 6.0 Update 2 and later in your vSphere inventory. If your vSphere environment does not contain any vSAN clusters, no system managed baselines are created.
The system managed baselines automatically update their content periodically, which requires Update Manager to have constant access to the Internet. The vSAN system baselines are typically refreshed every 24 hours.
You can use the system managed baselines to upgrade your vSAN clusters to recommended critical patches, drivers, updates or latest supported ESXi host version for vSAN.
Predefined Baselines – Predefined baselines cannot be edited or deleted. The only action are:
them to(from) the respective inventory objects. Host Baselines tab in VUM Admin view > predefined baselines:
- Critical Host Patches (Predefined) – Checks ESXi hosts for compliance with all critical patches.
- Non-Critical Host Patches (Predefined) – Checks ESXi hosts for compliance with all optional patches.
Under the VMs/VAs Baselines tab Update Manager Admin view, you can see the following predefined baselines:
- VMware Tools Upgrade to Match Host (Predefined) – Checks virtual machines for compliance with the latest VM Tools version on the host. VUM supports upgrading of VMware Tools for virtual machines on hosts that are running ESXi5.5.x and later.
- VM Hardware Upgrade to Match Host (Predefined) – Checks the virtual hardware of a virtual machine for compliance with the latest version supported by the host. VUM supports upgrading to virtual hardware version vmx-13 on hosts that are running ESXi 6.5 .
- VA Upgrade to Latest (Predefined) – Checks virtual appliance compliance with the latest released virtual appliance version.
More from ESX Virtualization
- VCP6.5-DCV Study Guide
- What is VMware vSphere Update Manager?
- Patch vCenter Server Appliance configured with High Availability (HA)
- How to reset ESXi 6.x root password and under which conditions
- What Is VMware Virtual NVMe Device?
- Configuration Maximums