Demo: Update Manager - vSphere Tutorial

- [Rick] In this video, I'll demonstrate how to configure Update Manager and as you can see here, I'm at the Home screen of my vSphere client. So right here at the Home screen, we have a little link here for Update Manager. I'm going to click on that. And at the moment, you can see I don't have any hosts with attached baselines, I don't have any non-compliant clusters. That's because this is my initial configuration of Update Manager. So let's start by taking a look at my baselines and Update Manager comes with a couple of baselines built right in. We've got our Non-Critical Host Patches, and we've got our Critical Host Patches. Two pre-built baselines that are automatically built in to vCenter. And by the way, this is on the vCenter Server Appliance. So there's no separate Update Manager server or anything like that in my environment. It's all baked right into the vCenter server appliance as a vSphere 6.7 or later. So these are the current baselines that exist right now. Here I can see Updates. So I can see the last time my patches were downloaded was 10 hours ago. 10:37 p.m. and the next scheduled download is tonight, in 13 hours. Again at 10:37 p.m. I can also just click on the Download Now icon and find out are there any new patches that we could potentially download and just download them right on the spot? And if I have patches that are locally stored on my machine, I can upload those from a file as well but most of the time, you'll probably just be using patches and updates that you can download. I can also use Update Manager to update the image of an ESXi host. So we're going to do this in a future video. This is where I would go ahead and import a new ESXi image. And here's a screen I really want to focus on in this demo. The Settings screen. So let's start with patch downloads. I'm going to edit the settings for those. I can specify what is my download schedule? How often are these going to occur and at what time? Maybe I want to do downloads every day or maybe I want to set a less frequent window but probably you're in pretty good shape here with the default configurations. Just allow these to automatically download once per day and so I'm not going to modify this pre-defined task. My patches are going to download once per day and every day my Update Manager instance is going to reach out to its download sources to grab the latest updates. And here's the Download Source that we utilized under Patch Setup. So you can potentially add additional download sources. If there are updates you want to get from some other download source that you want to specify, we can add those here. Or we can modify this Download Source if we want to to share them for a Update Manager shared repository. Again, here I'm going to stick with the default and just download the latest patches from VMware once per day. Now, what if there's a bad patch? What if something goes wrong in one of these patches? What happens at that point is when VMware realizes there's a problem with a patch, the patch is not removed from any running system that it was installed in automatically. They're just basically left there until a recall is issued. So these are our notification checks. When these notifications get issued, these are basically patches that VMware is recalling. So once a patch is recalled, once a notification is issued on it, Update Manager will no longer deploy that patch to any new systems. Systems that already have that recalled patch will still have it but it won't be deployed to any new systems. So that's what these recalls do. So if you have a bad patch that you've already pushed out to a number of systems, VMware will release a new patch to repair that problem. The recall will not invoke any kind of removal of that old patch. VMware will release a new patch to take its place and to resolve the issues that were introduced by that bad patch. And then here I can see my Network Connectivity. So I can see the ports and the host name for my Update Manager Patch Store. That's just my vCenter server. I can modify those settings if I want to but I'm just going to leave the ports at the default. Now, how about my Remediation Settings? Let's take a look at these. So as Update Manager tries to remediate which basically means push out patches, let's say, for example, I'm updating a cluster of ESXi hosts, some of those hosts may need to be rebooted. Should Update Manager power off virtual machines in order to accomplish those updates? I typically will leave this at the default settings and if I have DRS enabled on my cluster, then as those hosts enter maintenance mode, DRS will move those virtual machines around for me. So from the perspective of do I want Update Manager automatically powering off my VMs to get these updates done? Probably not. I'm probably much better off enabling fully automated DRS and when those hosts enter maintenance mode, the VMs will just be migrated to other hosts. If Update Manager is trying to place a host into maintenance mode, and it can't seem to get it into maintenance mode, how long should it wait to retry? And how many times should it retry to place that host in maintenance mode? So let's say that our host has a virtual machine running on it and I don't have DRS enabled, Update Manager will not be able to place that host into maintenance mode so eventually it'll just fail. And if I have virtual machines that are powered off, do I want to migrate those to other hosts in the cluster? Typically I will go ahead and check this box. And the reason I'll do that is I'm just worried that something might potentially go wrong and what if I have to rebuild a host or something like that? Well, all of the VMs that are registered to that host will be migrated to other hosts, whether they're powered on or powered off if I check this box. So I'm going to save these settings here and then I'm going to go to Virtual Machines and do I want Snapshot Manager to take snapshots of virtual machines? So let's take a look at this. So if configure this setting, snapshots of VMs are going to be taken before those VMs are upgraded. And those snapshots are going to be kept forever. So it's up to you whether or not you want to enable this. My personal preference is just to turn this feature off. But if I do turn this feature on, I want those snapshots gone in a relatively short timeframe. 24 hours is basically the maximum that I'll go with here. I don't want snapshots hanging around on my virtual machines forever. So that's what I'm going to configure here. I'll set it up to take those automatic snapshots but they'll be deleted after 24 hours. Or I'll just disable this feature all together.