If you would like to read the other parts in this article series please go to:
- vSphere Update Manager (VUM) (Part 2) - Installation
- vSphere Update Manager (VUM) (Part 3) - How to use it
Initially called “VMware Update Manager”, the now renamed vSphere Update Manager (or VUM) is used to keep vSphere infrastructures up to date. Every commercial version of vSphere, (all the way down to vSphere Essentials) includes VUM but you’ll also need vCenter. Every VMware Admin should be using VUM. It is, by far, the easiest way to keep vSphere current. And, if you have more than a few hosts, you have to use VUM to have a realistic chance of keeping all those hosts current. If you aren’t keeping vSphere current then you are leaving yourself open to downtime and security breaches caused by software bugs (plus you aren’t doing your job, as a VMware Admin).
Figure 1: Getting Started with vSphere Update Manager
Now, let’s look at the features offered by vSphere Update Manager.
Features of vSphere Update Manager
What does vSphere Update Manager offer you? Here is the list of VUM features along with my own personal commentary on the value of each of those features:
- Automated remediation of patches and upgrades for VMware vSphere hosts, as well as for third-party updates from storage and server vendors. Snapshots ensure the ability to roll back in case of patching failures, and a new automatic notification service makes certain that the most current version of a patch is available on the Update Manager server.
This is really the core functionality of VUM and what you need to keep all those ESXi hosts current.
- A compliance dashboard provides visibility into the patch and upgrade status of hosts and virtual machines for compliance to static or dynamic baselines.
This is used to know the status of your virtual infrastructure’s compliance status.
- Preflight cluster-level checklists report on remediation readiness before you deploy patches.
Before you roll out patches, you need to know if hosts and VMs are ready to accept them and that’s what the “preflight checklist” does.
- Deploy offline bundles. vSphere Update Manager can deploy patches that are downloaded directly from a vendor website, including drivers, CIM and other updates from hardware vendors for VMware vSphere hosts.
You need the ability to deploy not only patches that you download real-time but also patches that you download and then schedule to deploy later.
- Orchestrated datacenter upgrades use a host upgrade baseline at a cluster, folder or datacenter level. A virtual machine upgrade baseline can also be used to upgrade virtual machine hardware and VMware Tools at once. Plus, Integration with vSphere DRS for non-disruptive patching of VMware vSphere hosts.
One of the greatest benefits of vSphere is the ability to update ESXi hosts with no downtime to end user VMs. The Orchestrated datacenter upgrades use vMotion to move VMs from the host that needs to be updated, use VUM to update the host, and then move the VM back using vMotion.
Here’s what it looks like in a graphic from VMware.com
Figure 2: Orchestrated Datacenter Updates with VUM
In fact, you can see how VUM performed this orchestrated datacenter upgrade at a real-world company by reading Scott Lowe’s blog post, Using Update Manager with an HA Cluster.
- Secure offline virtual machine patching to reduce the risks associated with non-compliant systems joining the corporate network.
This is the ability to update a virtual machine without it being on the physical network or even powered on is one of the coolest features of VUM. So many security products attempt to prevent computers from getting on the network. With VUM, computers don’t even have to be powered on (which is great for VDI).
- Patch staging and scheduling for remote sites to reduce bandwidth usage and make patching even easier.
By being able to provide patches to remote sites from central sites and schedule remote patch updates, you make patching across multiple datacenters and branch office possible and even easy.
- Virtual Appliance Upgrades let administrators use pre-defined baselines or create custom baselines to scan and upgrade a virtual appliance to the latest virtual appliance version.
With so many VMware services and third-party companies solutions going to virtual appliances, it’s now necessary for VUM to also update ESXi hosts, virtual machines, and even virtual appliances.
- Integration with the vSphere Power CLI lets administrators use PowerShell commands to automate patch management directly from a command line.
Now VUM can be automated with PowerCLI and, thus, integrated with other processes and appliances.
Best New VUM 5 Features
We covered the general features of VUM above but now let’s talk about the coolest new features that you’ll find in VUM 5 (as part of vSphere 5).
- Cross platform upgrade (ESX to ESXi) – with vSphere 5 there is no more ESX Server, only the thinner ESXi. VUM now has the ability to do a cross-platform upgrade and move you from, let’s say ESX Server 4.1 to ESXi Server 5.
- Optimized Cluster Patching and Upgrade – when orchestrated datacenter upgrade is used (as covered above), VUM 5 now has the ability to understand your HA/DRS cluster capacity and perform ESXi host upgrades faster than ever by remediating the optimum number of hosts at one time – upgrading multiple hosts in parallel.
- VMware Tool Upgrade Improvements – VUM now reduces the amount of time required to upgrade the VMware tools in each VM by reducing the number of reboots and/or scheduling reboots associated with the tools to occur at the next VM reboot.
- Improved Virtual Appliance Updates – not only can VUM update virtual appliances but it can also upgrade them even if VUM doesn’t have Internet access and VUM has insight into the software components inside a VM that are related (such as Linux software package dependencies).
- More Flexible Update Manager Download Service – the UMDS, as it is called, is the process going to VMware.com (and other websites) and downloading the patches that you will apply. In VUM5, UMDS is more flexible, allowing you to specify multiple download URL paths and also to only download patches that are relevant to your environment.
- Update Manager Utility – new in VUM 5 is an update manager utility that helps you to reconfigure the Update Manager setup, change the database password and proxy authentication, re-register Update Manager with vCenter Server, and replace the SSL certificates for Update Manager.
Here’s what the new Update Manager Utility looks like:
Figure 3: New vSphere 5 Update Manager Utility
Unfortunately, you can’t run the Update Manager Utility from the Windows Start menu. Instead, you have to navigate to C:\Program Files (x86)\VMware\Infrastructure\Update Manager and then execute VMwareUpdateManagerUtility.
Once run, you login to your vCenter Server and then here’s what it looks like:
Figure 4: Update Manager Utility
As you can see from the menu on the left, this tool is used to reconfigure the basic setup using with VUM (things like the database name and credentials).
While I wish it had its own Start Menu shortcut, I applaud VMware for creating such a tool that helps to make VUM easier to use.
I should point out the one of the features MISSING from the latest version of VUM is the ability to update Guest OS and applications. In other words, no longer can you update your OS with, let’s say Windows 2008 OS patches, or your application, such as SQL server or MS Office. This functionality has been removed and I don’t believe it will ever return.
Update Manager – In Summary
The raw truth is that if you are using vSphere you MUST use VUM. Perhaps you don’t have to install VUM on the first day you install or use vSphere but, eventually, you will need it. Because of that, why not make it a standard piece that you install on every vCenter server (if you are using vCenter for Windows)? VUM is what allows you to keep vSphere and VMs current and upgrade to future versions of vSphere. No vSphere infrastructure should be without VUM.
In the next 2 parts of this 3 part series, you’ll learn:
- How to Install vSphere Update Manager
- Using vSphere Update Manager to Keep vSphere Current
If you would like to read the other parts in this article series please go to: