VSICM51 M13 PatchManagement

2012 VMware Inc.
All rights reserved

Patch Management
Module 13
13-2
2012 VMware Inc. All rights reserved
VMware vSphere: Install, Configure, Manage Revision A
Course Introduction
Introduction to Virtualization
Creating Virtual Machines
VMware vCenter Server
Configuring and Managing Virtual Networks
Configuring and Managing vSphere Storage
Virtual Machine Management
Data Protection
Access and Authentication Control
Resource Management and Monitoring
High Availability and Fault Tolerance
Host Scalability
Patch Management
Installing VMware vSphere Components
You Are Here
13-3
Over time, your VMware vSphere environment might undergo
change in its hardware or software configuration, or in the form of
software updates or patches.
From a manageability and scalability perspective, you should
implement changes to your vSphere environment in an orderly,
controlled, and systematic fashion.
Importance
13-4
After this module, you should be able to do the following:
Describe VMware vSphere Update Manager.
List the steps to install Update Manager.
Use Update Manager:
Create and attach a baseline.
Scan an inventory object.
Remediate an inventory object.

Learner Objectives
13-5
Update Manager enables centralized, automated patch and version
management for VMware vSphere ESXi hosts, virtual machine
hardware, VMware Tools, and virtual appliances.
Update Manager reduces security risks:
Reduces the number of vulnerabilities.
Eliminates many security breaches that exploit older vulnerabilities.
Update Manager reduces the diversity of systems in an environment:
Makes management easier
Reduces security risks
Update Manager keeps machines running more smoothly:
Patches include bug fixes
Makes troubleshooting easier

Update Manager
13-6
Enables cross-platform upgrade from VMware ESX to ESXi
Automated patch downloading:
Begins with information-only downloading
Is scheduled at regular configurable intervals
Contacts the following sources for patching ESXi hosts:
For VMware patches: https://hostupdate.vmware.com
For third-party patches: URL of third-party source
Creation of baselines and baseline groups
Scanning:
Inventory systems are scanned for baseline compliance.
Remediation:
Inventory systems that are not current can be automatically patched.
Reduces the number of reboots required after VMware Tools updates
Update Manager Capabilities
13-7
Update Manager Components
VMware vCenter
Server system
Update Manager
server
database
server

vCenter Server
database

patch
database
VMware
patch source
hosts
optional
download
server
VMware vSphere
Client with
Update Manager
plug-in

Internet

patch
database
third-party
patch source
13-8
Update Manager must be installed on a Windows 64-bit machine.
To install, start the VMware vCenter Installer and click VMware
vSphere Update Manager.
Information needed during the installation:
vCenter Server host name, user name, and password
Choice of database: use default or existing database
Update Manager port settings:
Host name, ports, proxy settings (if necessary)
Destination folder and location for downloading patches
To install the Update Manager client:
Install the Update Manager Extension plug-in into the vSphere Client.
Installing Update Manager
13-9
Configuring Update Manager Settings
Modify
Update
Manager
configuration
properties.
By default, all patch sources
are enabled. Additional
patch sources can be added
if necessary.
13-10
A baseline consists of one or more patches, extensions, or upgrades.
Five types of
baselines:
Host patch
Host extension
Host upgrade
Virtual machine upgrade
for hardware or VMware Tools
Virtual appliance upgrade
Update Manager includes a
number of default baselines.
A baseline group consists of multiple baselines:
Can contain one upgrade baseline per type and
one or more patch and extension baselines
Baseline and Baseline Groups
example of default baselines for hosts
13-11
To create a baseline:
1. Click Create.
2. Specify name and description.
3. Choose a baseline type.
4. For a patch baseline, select a patch option: Fixed or Dynamic.
5. Select patches to add to the baseline.

Creating a Baseline
A host patch is
added to this
baseline.
13-12
To view compliance information and remediate inventory objects, first attach
a baseline or baseline group to an object.
For improved efficiency, attach a baseline to a container object instead of to
an individual object.

Attaching a Baseline
13-13
Scanning evaluates the inventory object against the baseline or baseline
group.
A scan can be performed manually or automatically, using a scheduled task.
Scanning for Updates
13-14
Viewing Compliance
In this example,
the scan found two
noncompliant
hosts.
After the scan, patches and
updates can be staged first and
then remediated at a later time.
13-15
You can remediate virtual machines, templates, virtual appliances,
and hosts.
You can perform the remediation immediately or schedule it for a
later date.
Remediating Objects
13-16
Maintenance Mode and Remediation
Power off or suspend
virtual machines
Option for
PXE-booted
ESXi 5.0
13-17
Remediation Options for a Cluster
When remediating hosts in a cluster, you must
temporarily disable certain cluster features:
VMware vSphere Distributed Power
Management, VMware vSphere High
Availability, and VMware vSphere Fault
Tolerance.
You can generate a
report that
identifies problems
before remediation
occurs.
13-18
At regular intervals, Update Manager contacts VMware to download
notifications about patch recalls, new fixes, and alerts.
Notification Check Schedule is selected by default.
On receiving patch recall notifications, Update Manager:
Generates a notification in the notification tab
No longer applies the recalled patch to any host:
Patch is flagged as recalled in the database.
Deletes the patch binaries from its patch repository
Does not uninstall recalled patches from ESXi hosts:
Instead, it waits for a newer patch and applies that to make a host
compliant.
Patch Recall Notification
13-19
Eliminate downtime for virtual
machines when patching ESXi
hosts:
1. Update Manager puts host in
maintenance mode.
2. VMware vSphere Distributed
Resource Scheduler moves
virtual machines to available
host.
3. Update Manager patches host
and then exits maintenance
mode.
4. DRS moves virtual machines
back per rule.
Remediation Enabled for DRS
maintenance mode
UM + DRS
!
13-20
In this lab, you will install, configure, and use Update Manager.
1. Install Update Manager.
2. Install the Update Manager plug-in into the vSphere Client.
3. Modify cluster settings.
4. Configure Update Manager.
5. Create a patch baseline.
6. Attach a baseline and scan for updates.
7. Stage the patches onto the ESXi hosts.
8. Remediate the ESXi hosts.
Lab 23
13-21
You should be able to do the following:
Describe Update Manager.
List the steps to install Update Manager.
Use Update Manager:
Create and attach a baseline.
Scan an inventory object.
Remediate an inventory object.
Review of Learner Objectives
13-22
Update Manager patches and updates ESXi 5.1 hosts as well earlier
versions of hosts, virtual machines, templates, and virtual appliances.
Update Manager reduces security vulnerabilities by keeping systems
up to date and by reducing the diversity of systems in an environment.
Update Manager no longer patches guest operating systems or the
applications running within guest operating systems.

Questions?
Key Points

VSICM51 M13 PatchManagement

Cargado por

Información del documento

Descripción original:

Título original

Derechos de autor

Formatos disponibles

Compartir este documento

Compartir o incrustar documentos

Opciones para compartir

¿Le pareció útil este documento?

¿Este contenido es inapropiado?

Copyright:

Formatos disponibles

VSICM51 M13 PatchManagement

Cargado por

Copyright:

Formatos disponibles

2012 VMware Inc.

All rights reserved

También podría gustarte