VS5ICM M13 PatchManagement

2011 VMware Inc.
All rights reserved

Patch Management
Module 13
13-2
2011 VMware Inc. All rights reserved
You Are Here
Course Introduction
Introduction to Virtualization
Virtual Machines
VMware vCenter Server
Configure and Manage Virtual Networks
Configure and Manage Virtual Storage
Managing Virtual Machines
Data Protection
Access & Authentication Control
Resource Management and Monitoring
High Availability
Scalability
Patch Management
Installing vSphere Components
VMware vSphere: Install, Configure, Manage Revision A
13-3
Importance
Over time, your VMware vSphere environment might undergo
change in its hardware or software configuration, or in the form of
software updates or patches. From a manageability and scalability
perspective, you should implement changes to your vSphere
environment in an orderly, controlled, and systematic fashion.
13-4
Learner Objectives
After this lesson, you should be able to do the following:
Describe VMware vCenter Update Manager.
List the steps to install Update Manager.
Use Update Manager:
Create and attach a baseline.
Scan an inventory object.
Remediate an inventory object.

13-5
Update Manager
Update Manager enables centralized, automated patch and version
management for VMware ESXi hosts, virtual machine hardware,
VMware Tools, and virtual appliances.
Update Manager reduces security risks:
Keeping systems up to date reduces the number of vulnerabilities.
Eliminating many security breaches that exploit older vulnerabilities.
Reducing the diversity of systems in an environment:
Makes management easier
Reduces security risks
13-6
Update Manager Capabilities
Enables cross-platform upgrade from VMware ESX to ESXi
Automated patch downloading:
Begins with information-only downloading
Is scheduled at regular configurable intervals
Contacts the following sources:
For ESXi patching: https://hostupdate.vmware.com
For third-party patches: URL of third-party source
Creation of baselines and baseline groups
Scanning:
Inventory systems are scanned for baseline compliance.
Remediation:
Inventory systems that are not current can be automatically patched.
Reduces the number of reboots required after VMware Tools updates
13-7
Update Manager Components
VMware vCenter
Server system
Update Manager
server
database
server

vCenter Server
database

patch
database
VMware
patch source
hosts
optional
download
server
VMware vSphere
Client with
Update Manager
plug-in

Internet

patch
database
A
A
A
A
A
A
A
A
A
third-party
patch source
13-8
Installing Update Manager
Update Manager must be installed on a 64-bit machine.
To install, start the VMware vCenter Installer and click VMware
vSphere Update Manager.
Information needed during the installation:
vCenter Server host name, user name, and password
Choice of database: use default or existing database
Update Manager port settings:
Host name, ports, proxy settings (if necessary)
Destination folder and location for downloading patches
To install the Update Manager client:
Install the Update Manager Extension plug-in into the vSphere Client.
13-9
Configuring Update Manager Settings
Modify
Update
Manager
configuration
properties.
By default, all patch sources
are enabled. Additional
patch sources can be added
if necessary.
13-10
Baseline and Baseline Groups
A baseline consists of one or more patches, extensions, or
upgrades.
There are five types of
baselines:
Host patch
Host extension
Host upgrade
Virtual machine patch
Virtual appliance
upgrade
Update Manager includes a
number of default baselines.
A baseline group consists of multiple baselines:
Can contain one upgrade baseline per type and
one or more patch and extension baselines
example of default baselines for hosts
13-11
Creating a Baseline
To create a baseline:
1. Click Create.
2. Specify name and description.
3. Choose a baseline type.
4. For a patch baseline, select a patch option: Fixed or Dynamic.
5. Select patches to add to the baseline.

A host patch is
added to this
baseline.
13-12
Attaching a Baseline
To view compliance information and remediate inventory objects,
first attach a baseline or baseline group to an object.
For improved efficiency, attach a baseline to a container object
instead of to an individual object.

13-13
Scanning for Updates
Scanning evaluates the inventory object against the baseline or
baseline group.
A scan can be performed manually or automatically, using a
scheduled task.
13-14
Viewing Compliancy
In this example,
the scan found
two noncompliant
hosts.
After the scan, patches and
updates can be staged first and
then remediated at a later time.
13-15
Remediating Objects
You can remediate virtual machines, templates, virtual appliances,
and hosts.
You can perform the remediation immediately or schedule it for a
later date.
13-16
Maintenance Mode and Remediation
Power off or suspend
virtual machines
Option for
PXE booted
ESXi 5.0
13-17
Remediation Options for a Cluster
When remediating hosts in a cluster, you must
temporarily disable certain cluster features:
vSphere Distributed Power Management,
vSphere HA, FT.
You can generate a
report that
identifies problems
before remediation
occurs.
13-18
Patch Recall Notification
At regular intervals, Update Manager contacts VMware to download
notifications about patch recalls, new fixes, and alerts.
Notification Check Schedule is selected by default.
On receiving patch recall notifications, Update Manager:
Generates a notification in the notification tab
No longer applies the recalled patch to any host:
Patch is flagged as recalled in the database.
Deletes the patch binaries from its patch repository
Does not uninstall recalled patches from ESXi hosts:
Instead, it waits for a newer patch and applies that to make a host
compliant.
13-19
Remediation Enabled for DRS
Eliminate downtime for virtual
machines when patching ESXi
hosts:
1. Update Manager puts host in
maintenance mode.
2. vSphere Distributed Resource
Scheduler (DRS) moves virtual
machines to available host.
3. Update Manager patches host
and then exits maintenance
mode.
4. DRS moves virtual machines
back per rule.
maintenance mode
UM + DRS
!
13-20
Lab 20
In this lab, you will install, configure, and use Update Manager.
1. Install Update Manager.
2. Install the Update Manager plug-in into the vSphere Client.
3. Modify cluster settings.
4. Configure Update Manager.
5. Create a patch baseline.
6. Attach a baseline and scan for updates.
7. Stage patches onto ESXi hosts.
8. Remediate ESXi hosts.
13-21
Review of Learner Objectives
You should be able to do the following:
Describe Update Manager.
List the steps to install Update Manager.
Use Update Manager:
Create and attach a baseline.
Scan an inventory object.
Remediate an inventory object.
13-22
Key Points
Update Manager patches and updates ESXi 5.0 hosts as well earlier
versions of ESX/ESXi, virtual machines, templates, and virtual
appliances.
Update Manager reduces security vulnerabilities by keeping systems
up to date and by reducing the diversity of systems in an environment.
Update Manager no longer patches guest operating systems or the
applications running within guest operating systems.

VS5ICM M13 PatchManagement

Cargado por

Información del documento

Descripción original:

Título original

Derechos de autor

Formatos disponibles

Compartir este documento

Compartir o incrustar documentos

Opciones para compartir

¿Le pareció útil este documento?

¿Este contenido es inapropiado?

Copyright:

Formatos disponibles

VS5ICM M13 PatchManagement

Cargado por

Copyright:

Formatos disponibles

2011 VMware Inc.

All rights reserved

También podría gustarte