VCAP5-DCA Objective 5.2 -Deploy and Manage complex Update Manager environments

Objectives

  • Install and configure Update Manager Download Service
  • Configure a shared repository
  • Configure smart rebooting
  • Manually download updates to a repository
  • Perform orchestrated vSphere upgrades
  • Create and modify baseline groups
  • Troubleshoot Update Manager problem areas and issues
  • Generate database reports using MS Excel or MS SQL
  • Upgrade vApps using Update Manager
  • Utilize Update Manager PowerCLI to export baselines for testing
  • Utilize the Update Manager Utility to reconfigure vUM settings

Install and configure Update Manager Download Service

Official Documentation:
Installing and Administering VMware vSphere Update Manager 5.0, Chapter 9 “Installing, Setting Up, and Using Update Manager Download Service”, page 57.

Summary:
Short Recap: Update Manager enables centralized, automated patch and version management for VMware vSphere and offers support for VMware ESX/ESXi hosts, virtual machines, and virtual appliances.
With Update Manager, you can perform the following tasks:

  • Upgrade and patch ESX/ESXi hosts.
  • Install and update third-party software on hosts.
  • Upgrade virtual machine hardware, VMware Tools, and virtual appliances.

Update Manager requires network connectivity with VMware vCenter Server. Each installation of Update Manager must be associated (registered) with a single vCenter Server instance. The Update Manager module consists of a plug-in that runs on the vSphere Client, and of a server component, which you can install either on the same computer as the vCenter Server system or on a different computer.

You can deploy Update Manager in a secured network without Internet access. In such a case, you can use the VMware vSphere Update Manager Download Service (UMDS) to download update metadata and update binaries.

Upgrading vSphere objects and applying patches or extensions with Update Manager is a multistage process

in which procedures must be performed in a particular order. VMware recommends following this procedure.

A Baseline is a group of patches and extensions. A Baseline Group is a set of nonconflicting baselines.

  1. Configure the Update Manager Download Source
  2. Download Updates and Related Metadata
  3. Import ESXi Images
  4. Create Baselines and Baseline groups

Figure 1 – Create a Baseline and baseline Types.

  1. Attach Baselines and Baseline groups to vSphere Objects

Figure 2

  1. Scan selected vSphere Objects

Figure 3

  1. Review Scan results
  2. Stage Patches and Extensions to Hosts
  3. Remediate selected vSphere Objects

Chapter 9 discusses the Installation and Configuration of the Update Manager Download Service (UMDS from now on).

VMware is not very clear concerning the requirements. Prerequisites seem to be:

  • Machine on which you install UMDS, must have Internet access
  • Uninstall previous versions of UMDS
  • UMDS can only be installed on a (Windows) 64 bit OS.
  • UMDS needs a database, configured with an 32-bit DSN. If you are using Microsoft SQL Server 2008 R2 Express, you can install and configure the database when you install UMDS.
  • UMDS must be of a version compatible with the Update Manager server
  • UMDS and Update Manager server cannot run on the same server

Note on the latest version (time of writing) 5.0: Because Update Manager 5.0 does not support guest operating system patching, UMDS 5.0 does not download patches for guest operating systems. UMDS 5.0 is compatible and can work with Update Manager 5.0 only.

UMDS can be found on the media that also contains the vCenter Server.

  1. Mount the installation media
  2. Browse to the umds folder on the DVD and run VMware-UMDS.exe.
  3. Click OK in the Warning message notifying you that .NET Framework 3.5 SP1 is not installed. The installation is pretty straight forward, as other vSphere Components.
  4. Select the database options and click Next.
    If you do not have an existing database, select “Install a Microsoft SQL Server 2008 R2 Express instance” (for small scale deployments).
    If you want to use an existing database, select Use an existing supported database and select your database from the list of DSNs.

Figure 4

  1. Enter the Update Manager Download Service proxy settings and click Next.

Figure 5

  1. Select the Update Manager Download Service installation and patch download directories and click Next.

Figure 6

  1. You can select the patch store to be an existing download directory from a previous UMDS 4.x installation and reuse the applicable downloaded updates in UMDS 5.0. After you associate an existing download directory with UMDS 5.0, you cannot use it with earlier UMDS versions.
  2. Click Install to begin the installation.
  3. Click Finish.

Configuring UMDS

UMDS does not come with a GUI, all configuration is done by using the CLI.

To start using UMD:

  1. Log in to the machine where UMDS is installed, and open a Command Prompt window.
  2. Navigate to the directory where UMDS is installed, default location is:
    C:\Program Files (x86)\VMware\Infrastructure\Update Manager
  3. The one and only command is: vmware-umds.

To get help on the command, in case you forgot the options:

> vmware-umds

Before we change anything, we want to know our current config. Out-of-the-box, UMDS comes with this:

c:\Program Files (x86)\VMware\Infrastructure\Update Manager>vmware-umds -G
[2012-08-14 11:35:40:082 '' 2036 ALERT]  [logUtil, 265] Product = VMware Update Manager, Version = 5.0.0, Build = 432001
Configured URLs
URL Type Removable URL
HOST     NO       https://www.vmware.com/PatchManagementSystem/patchmanagement
HOST     NO       https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml
HOST     NO       https://hostupdate.vmware.com/software/VUM/PRODUCTION/csco-main/csco-depot-index.xml
VA       NO       http://vapp-updates.vmware.com/vai-catalog/index.xml

Patch store location  : e:\UMDSdata\
Export store location :
Proxy Server          : Not configured

Host patch content download: enabled
Host Versions for which patch content will be downloaded:
embeddedEsx-4.0.0-INTL
embeddedEsx-4.1.0-INTL
esx-4.1.0-INTL
embeddedEsx-5.0.0-INTL
esx-3.5.0-INTL
embeddedEsx-3.5.0-INTL
esx-4.0.0-INTL

Virtual appliance content download: enabled

Now we can see:

  • The UMDS version, 5.0.0
  • The configure URLs, compare with Update Manager:

Figure 7

  • Patch store and proxy settings
  • What content will be downloaded, Host patches and Virtual Appliance content.

In my case, I am only interested in downloading patches for ESXi 5.x. Do the following:

> vmware-umds –S --disable-host

> vmware-umds –S –e embeddedEsx-5.0.0

The –G (Get config), -S (Set config).

Adding a new URL for an Host or Virtual Appliance goes as (do not forget to specify url-type):

>vmware-umds -S --add-url https://host_URL/index.xml --url-type HOST

or:

> vmware-umds -S --add-url https://VA_URL/index.xml --url-type VA

To start the download of the selected updates:

vmware-umds -D

You can export downloaded upgrades, patches, and notifications to a specific location that serves as a shared repository for Update Manager. You can configure Update Manager to use the shared repository as a patch download source. The shared repository can also be hosted on a Web server.
When the download is finished, it is time to export the data, use this command:

> vmware-umds –E –-export-store

Example:

> vmware-umds –E –-export-store F:\Export-data

Note: do not complete folder name with a backslash!

While installing the UMDS, another utility called the “Update Manager Utility” (UMU) is also installed.

Figure 8

The usage of UMU is described in Chapter 3 of the Reconfiguring VMware vSphere Update Manager 5.0. UMU allows you the adjust the following UMDS settings:

  • Proxy settings;
  • Database user name and password

UMU allows you to perform identical action for the Update Manager and also perform:

  • vCenter Server IP address change;
  • SSL Certificate replacement.

Other references:

  • A

 

Configure a shared repository

Official Documentation:
Installing and Administering VMware vSphere Update Manager 5.0, Chapter 10 “Configuring Update Manager”, Section “Use a Shared Repository as a Download Source”, page 70.

Summary:
You can configure Update Manager to use a shared repository as a source for downloading virtual appliance upgrades, as well as ESX/ESXi patches, extensions, and notifications.

Prerequisites:

  • You must create the shared repository using UMDS
  • Shared Repository can be:
    • Hosted it on a Web server (https://repository_path/)
    • Local folder (C:\repository_path\).
      Note: You cannot use a shared folder or mapped network drive!
    • The UMDS version you use must be of a version compatible with your Update Manager installation.

Configuring a Shared repository:

Figure 9

  • Enter the URL to the shared repository;
  • Click “Validate URL” to validate the path, this must be successful to continue;
  • Click “Apply”
  • Click “Download Now” to run the download.

Other references:

  • A

 

Configure smart rebooting

Official Documentation:
Installing and Administering VMware vSphere Update Manager 5.0, Chapter 10 “Configuring Update Manager”, Section “Configure Smart Rebooting”, page 79.

Summary:
Smart rebooting selectively restarts the virtual appliances and virtual machines in the vApp to maintain startup dependencies. You can enable and disable smart rebooting of virtual appliances and virtual machines in a vApp after remediation.

Smart rebooting is enabled by default.

Figure 10

Other references:

  • A

 

Manually download updates to a repository

Official Documentation:
Installing and Administering VMware vSphere Update Manager 5.0, Chapter 10 “Configuring Update manager”, Section “Import Patches Manually”, page 71.

Summary:
Instead of using a shared repository or the Internet as a download source for patches and extensions, you can import patches and extensions manually by using an offline bundle.
You can import offline bundles only for hosts that are running ESX/ESXi 4.0 or later.

Prerequisites:

  • Patches and extensions must be in .ZIP format;
  • You must have Upload File privilege.

Figure 11

Other references:

  • A

 

Perform orchestrated vSphere upgrades

Official Documentation:
Installing and Administering VMware vSphere Update Manager 5.0, Chapter 16 “Common User Goals”, Section “Orchestrated Datacenter Upgrades”, page 159.

Summary:
Orchestrated upgrades allow you to upgrade the objects in your vSphere inventory in a two-step process: host upgrades followed by virtual machine upgrades.

Orchestrated Upgrade of Hosts

You can perform orchestrated upgrades of the ESX/ESXi hosts in your vSphere inventory by using a single upgrade baseline.

You can perform orchestrated upgrades of hosts at three levels:

  • Datacenter level
  • Cluster level
  • Folder level.

Update Manager 5.0 supports only:

  • upgrade from ESXi 4.x to ESXi 5.x
  • migration from ESX 4.x to ESXi 5.x.
  • You cannot use Update Manager to upgrade a host to ESXi 5.0 if the host was upgraded from ESX 3.x to ESX 4.x.

The steps in this workflow:

  1. Configure the Update Manager host and cluster settings.

Figure 12

  1. Import an ESXi image (which is distributed as an ISO file) and create a host upgrade baseline.

Figure 13

  1. Attach the host upgrade baseline to a container object containing the hosts that you want to upgrade.
  2. Scan the container object.
  3. Review the scan results displayed in the Update Manager Client Compliance view.
  4. Remediate the container object.

Orchestrated Upgrade of Virtual Machines

An orchestrated upgrade allows you to upgrade VMware Tools and the virtual hardware for the virtual machines in your vSphere inventory at the same time. You can perform an orchestrated upgrade of virtual machines at the folder or datacenter level.

  1. Create a virtual machine baseline group.
  2. Attach the baseline group to an object containing the virtual machines that you want to upgrade.

Figure 14

  1. Scan the container object.
  2. Review the scan results displayed in the Update Manager Client Compliance view.

Figure 15

  1. Remediate the non-compliant virtual machines in the container object to make them compliant with the attached baseline group.

During upgrade of VMware Tools and Virtual Machine hardware, Update Manager, Powers down (VM Hardware) and Powers on (VMware Tools) VMs as needed. VMs are brought back in their original Power State.

Other references:

  • A

 

Create and modify baseline groups

Official Documentation:
Installing and Administering VMware vSphere Update Manager 5.0, Chapter 11 “Working with Baselines and baseline Groups”, page 83.

Summary:
Baselines can be of the following types:

  • Upgrade;
  • Extension or
  • Patch

Baselines contain a collection of one or more patches.

Baseline Groups are assembled from existing baselines and might contain:

  • one upgrade baseline per type and one or more patch and extension baselines

Figure 16

  • a combination of multiple patch and extension baselines.

Figure 17

Figure 16 shows the 3 kinds of Host Baselines (Patches, Extensions and Upgrade). Also note, Host Patch Baselines can be Dynamic. The other types are always Fixed.

A Dynamic Baseline is based on available patches that meet the specified criteria. As the set of available patches changes, dynamic baselines are updated as well. You can explicitly include or exclude any patches.

A Fixed Baseline, you specify which patches to include patch baseline from the total set of patches available in the Update Manager repository.

Other references:

  • A

 

Troubleshoot Update Manager problem areas and issues

Official Documentation:
Installing and Administering VMware vSphere Update Manager 5.0, Chapter 17 “Troubleshooting”, page 173.

Summary:
Chapter 17 is completely dedicated to troubleshooting Update Manager  and discusses the following topics:

  • “Connection Loss with Update Manager Server or vCenter Server in a Single vCenter Server System,”
  • “Connection Loss with Update Manager Server or vCenter Server in a Connected Group in vCenter
  • “Linked Mode,”
  • “Gather Update Manager Log Bundles,”
  • “Gather Update Manager and vCenter Server Log Bundles,”
  • “Log Bundle Is Not Generated,”
  • “Host Extension Remediation or Staging Fails Due to Missing Prerequisites,”
  • “No Baseline Updates Available,”
  • “All Updates in Compliance Reports Are Displayed as Not Applicable,”
  • “All Updates in Compliance Reports Are Unknown,”
  • “VMware Tools Upgrade Fails if VMware Tools Is Not Installed,”
  • “ESX/ESXi Host Scanning Fails,”
  • “ESXi Host Upgrade Fails,”
  • “The Update Manager Repository Cannot Be Deleted,”
  • “Incompatible Compliance State,”

Other references:

  • A

 

Generate database reports using MS Excel or MS SQL

Official Documentation:
Installing and Administering VMware vSphere Update Manager 5.0, Chapter 16 “Common User Goals”, Section “Generating Common Database Reports”, page 169.

Summary:
Update Manager uses Microsoft SQL Server and Oracle databases to store information. Update Manager does not provide a reporting capability, but you can use:

  • Excel 2003 or
  • MS SQL Server Query to query the database views to generate reports.

Note: The Update Manager database does not contain information about the objects in the inventory, but contains internal inventory entity IDs. To get the original IDs for virtual machines, virtual appliances, and hosts, you must have access to the vCenter Server system database. From the vCenter Server system database, you can retrieve the ID of the objects that you want to access. To obtain the Update Manager database IDs of the objects, Update Manager adds these prefixes:

  • vm- (for virtual machines),
  • va- (for virtual appliances),
  • host- (for hosts).

Generate Common Reports Using MS Excel

  • You must have an ODBC connection with Update Manager Database
  • This section presents an example how to setup a report using Excel. I got this up and running, but I do not consider it very User friendly. If you are interested how to set-up, please add a Comment below. The result is something like this:

Figure 18

Generate Common Reports Using Microsoft SQL Server Query

Probably, the easiest way to get some information is running a query, directly in MS SQL Server Management Studio. Again VMware presents a sample query for generating a report containing the latest scan results.
Figure 17 shows the output.

Figure 19

In case you want to experiment and run queries on the Update Manager database, have a look at Installing and Administering VMware vSphere Update Manager 5.0, Chapter 18 “Database Views”, page 183. This chapter provides information regarding the database views.

Other references:

  • A

 

Upgrade vApps using Update Manager

Official Documentation:

Summary:
I am not quite sure on this topic. I would expect a topic on upgrading Virtual Appliances instead of vApps. Anyway, some information on both topics.

vApps are container objects (like Folders, Clusters and Datacenters) and can even contain Virtual Appliances.
You can attach a Baseline or Baseline Group to a vApp, just like you do to other container objects. Smart rebooting is a feature specific to vApps and has been covered in a previous topic in this objective.

Upgrading Virtual Appliances is covered in Installing and Administering VMware vSphere Update Manager 5.0, Chapter 16 “Common User Goals”, Section “Upgrading Virtual Appliances”, page 163. An upgrade remediation of a virtual appliance upgrades the entire software stack in the virtual appliance, including the operating system and applications.

You can view available virtual appliance upgrades in the Update Manager Administration view.

Figure 20

For certain product you must accept the EULA. EULAs need to be accepted once.

The steps does not differ much from upgrading a host (create baseline, attach baseline, scan container, review scan results and remediate the VA in the container).

A predefined Baseline “VA Upgrade to Latest” is available.

Figure 21

Example, we want to upgrade our  vMA to a newer version:

Figure 22 – current vMA on 5.0.0.0

  1. Create a new Baseline for vMA objects.

Figure 23

  1. Create a rule

Figure 24 – Select Add Multiple Rules

  1. Select Vendor, Product and Version

Figure 25

  1. Finish creating this Baseline

Figure 26

  1. Finish

Figure 27

  1. vMA is placed in a Folder object, Attach the new Baseline and run a Scan

Figure 28

  1. Make sure you run the correct scan

Figure 29

  1. After running scan, choose “Remediate”, to start the actual Upgrade.

Figure 30

  1. Choose time of action and Snapshot settings.

Figure 31

  1. The result.

Figure 32

Other references:

  • A

 

Utilize Update Manager PowerCLI to export baselines for testing

Official Documentation:
Installing and Administering VMware vSphere Update Manager 5.0, Chapter 16 “Common User Goals”, Section “Testing Patches or Extensions and Exporting Baselines to Another Update Manager Server”, page 155.

Summary:
Before you apply patches or extensions to ESX/ESXi hosts, you might want to test the patches and extensions by applying them to hosts in a test environment. You can then use Update Manager PowerCLI to export the tested baselines to another Update Manager server instance and apply the patches and extensions to the other hosts.

This section describes how to how to test patches by using one Update Manager instance and how to export the patch baseline containing the tested patches to another Update Manager instance.

  1. Create fixed host patch baselines.
    Fixed Baselines are recommended as they do not change their content.
  2. Attach the patch baselines to a container object containing the hosts that you want to scan or remediate.
  3. Scan the container object.
  4. Review the scan results displayed in the Update Manager Client Compliance view.
  5. (Optional) Stage the patches in the attached baselines to the hosts that you want to update.
  6. Remediate the container object.
  7. Export the patch baselines from the Update Manager server that you used to test the patches, and import them to another Update Manager server.
    At this stage the PowerCLI  script comes in action. VMware presents a script that will export and import a baseline from one Update Manager server to another.
    You can copy and paste the example script and adjust the IP addresses and probably the name of the Baseline.
  8. Apply the patches to your ESX/ESXi hosts by using the Update Manager server instance to which you exported the tested patch baseline.

Other references:

  • A

 

Utilize the Update Manager Utility to reconfigure vUM settings

Official Documentation:
Reconfiguring VMware vSphere Update Manager 5.0

Summary:
Is discussed in the first topic.

Other references:

  • A

3 Responses to VCAP5-DCA Objective 5.2 -Deploy and Manage complex Update Manager environments

  1. Sandy Tieku-Apawu says:

    Thanks for this detailed study guides, I have my exams booked for next month and you are helping a great deal. I have a question, will the exam be based on vsphere 5.0.0 or 5.1.0. I installed 5.1.0 in my lab today and UMDS has changed a great deal. I am a bit concerned about it

    • paulgrevink says:

      Hello Sandy,

      Thanks for the feedback. Best advice is to check for updates on the Blueprint. I do a check on a regularly basis.
      Good luck preparing for your exam.

      Regards,

      Paul

  2. […] way is using the VMware Update Manager. For detailed instructions, see my post on “VCAP5-DCA Objective 5.2 -Deploy and Manage complex Update Manager environments”, section on “Upgrade vApps using Update […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: