Learn how to perform a complete configuration of Update Manager with the vCenter Server Appliance. Configure download settings and notification checks. Modify remediation and rollback settings. Configure DRS, HA, and other cluster settings during Update Manager remediation.
how to configure update manager in the vSphere Web Client. Now you may notice I'm not actually walking you through the process of installing Update Manager. And the reason I'm not walking you through that process is because if you deploy the vCenter Server Appliance, Update Manager is built right in. So you really don't have a whole lot to think about there. I've already got Update Manager installed and ready to go the Update Manager installer and run it on Windows. But at this point I'm not really sure what the driver for this is in most cases. Ideally, you should be starting to eye migrating away from the Windows version of vCenter and towards the vCenter Server Appliance. So that being said let's take a look at some of the tabs here for my Update Manager. And you can see some events and notifications. There's not a whole lot going on here. I'm going to go to Manage, and in a production environment you might see a lot more stuff happening here, but at the moment this is just a lab, and there's really not a whole lot happening. So first off, we have our port that the clients use to communicate with the Update Manager server. I'm not going to modify any of the ports at all. And here is the IP address or host name for our patch store. And leave that as is. The first setting that I really want to take a look at is the download settings. And so the download connection method that we're using is the download new updates directly from the internet. You do not have to use that method. You can actually deploy a second server as a proxy, place it in your dmz, and have a proxy server bring all those updates in and then Update Manager can download them from that proxy. But in this case, I'm just using a single vCenter instance with Update Manager on it. And here we can see all of the download sources. So these are all the places that Update Manager is going to grab new updates from. And these ones are built right into it. So there's three locations that Update Manager is going to use to reach out and download updates from. And you can see here the first two are for ESXi patches. The third one is for virtual appliance upgrades so those are my download sources. I can create new custom download sources as well if I want. So if there are other things that I need to download updates from, and I'm going to deploy using Update Manager, I can do that here. So I'm not going to modify my download settings, my download sources. I'm going to leave them as is. If I did want to use a proxy server to actually download those updates, I could identify that here. That's really good in a highly secure environment where you don't want your vCenter server downloading stuff directly from the internet. And here's my Download Schedule. I've got a scheduled download for Update Manager to reach out with download sources and download all of the appropriate software updates from them. And you can see it ran at 10:06 p.m. last night. It's scheduled to run again at 10:06 p.m. tonight. We can modify that scheduled task if we want. I set it up for 10:06. I could set it up for 2 a.m. or whatever time I feel is appropriate. But I'm just going to leave it at 10:06. So that's when update manager is going to reach out to its download sources and see what new updates are available. It'll also reach out once per day and check for notifications. So notifications are basically things that haven't worked right. Like if there's a bad patch that VMWare puts out they will put out a notification. And at that point Update Manager will receive this notification. It will no longer deploy that patch anymore. It'll stop sending it out. So that's the purpose of a notification check is to allow VMWare to recall patches. Now the patches aren't actually removed when these notifications come out, but Update Manager will no longer deploy them and VMWare will put out a new patch to resolve whatever the problem was with the old patch. So you can see this is running every hour at seven minutes after the hour, checking for notifications. automatically take a snapshot of it. Keep that snapshot for 12 hours, let's say. And at that point if we haven't already rolled back to it, we can go ahead and have the snapshot get automatically deleted. I don't really recommend this in most cases, but if it is something that you're interested in, I strongly suggest having the snapshots get automatically deleted after a certain number of hours. Because you don't want snapshots just hanging out there. You want to make sure that you're cleaning up those snapshots. So what I'm going to do is I'm actually going to disable this. I don't want to take a snapshot of virtual machines. I'm going to go ahead and hit OK here. I'm going to change that setting. Then on my host and clusters settings, there's a whole bunch of stuff here that I have to concern myself with when I have an ESXi host cluster. So let's review some of these settings. Before host remediation, host might need to enter maintenance mode. So if a patch is getting pushed out, that requires a host reboot. That host is going to have to go into maintenance mode, and it cannot go into maintenance mode if there are running virtual machines on the host. So what should Update Manager do? Should it Power Off virtual machines? Should it suspend VMs? Or should it do nothing? Should it Not Change the VM Power State? This is probably the most common configuration, especially if you're using DRS. If you're using DRS, that's going to evacuate all of the VMs off of the host for you anyhow, so there's no need to change the VM power state if you're using DRS. If a host cannot enter maintenance mode, how many times should it retry? And how long should it wait before it retries again? So you can tweak these settings a little bit if you want. If you do have an ESXi host cluster, how 'about some of the features that are enabled on that cluster? Do you want to temporarily disable distributed power management? Yeah, you probably do. DPM is going to place hosts into a standby mode. It's going to essentially power off your hosts when they're not needed. So for example, if it's 2 a.m. and the workload is really low in your cluster, DPM is going to use DRS to consolidate those VMs on as few hosts as possible and then power off the hosts you don't need. You don't want this running during Update Manager. You don't want hosts in standby as Update Manager is trying to update them. You may also want to disable HA Admission Control. That can create some problems with Update Manager. So Admission Control basically serves to reserve spare resources. It's going to set aside some memory. It's going to set aside some CPU in your cluster, just in case the host fails, to make sure there's enough extra in case a host does fail. Now, as Update Manager is updating the ESXi hosts, you may have hosts down. So you're probably not going to have the same amount of spare resources as you normally would. And this may cause some issues if you have Admission Control and you're already relatively close to that threshold. And you can also disable Fault Tolerance if you want to as well. Here's an interesting option. Do you want to enable parallel remediation for hosts in the cluster? So for example, let's say you have a cluster of 10 hosts. Do you want Update Manager to just go one host at a time and only move on to the next host once the last host is complete? If so, you leave this unchanged. But if you want to give Update Manager the ability to update multiple hosts simultaneously, that's when we check this box. And then you can have Update Manager migrate powered off and suspended VMs to other hosts in a cluster. Most of the time again I don't really leave that checked. If the VMs are powered off or suspended, I don't really mind if they have some downtime because they're already down to begin with. So I'm just going to hit OK here and essentially leave most of my settings as they were at the default. So those are my basic settings for Update Manager as a whole. Kind of like the global settings for Update Manager. And you just want to be careful and make sure you properly configure these so that Update Manager operates in a very predictable manner for you.
- Using VMware clients for vSphere 6.5
- Configuring settings using Update Manager
- Installing and updating VMware Tools
- Updating virtual machines
- Upgrading ESXi
- Upgrading Windows vCenter