Best Practices for Patching VMware ESX/ESXi VMware ESX 3.5/ESXi 3.5



Similar documents
ESX 4 Patch Management Guide ESX 4.0

VMware vcenter Update Manager Administration Guide

Installing and Administering VMware vsphere Update Manager

VMware vcenter Update Manager Administration Guide

Solution Brief Availability and Recovery Options: Microsoft Exchange Solutions on VMware

WHITE PAPER. VMware Infrastructure 3 Pricing, Packaging and Licensing Overview

Running VirtualCenter in a Virtual Machine

WHITE PAPER. VMware vsphere 4 Pricing, Packaging and Licensing Overview

VMware vsphere 4. Pricing, Packaging and Licensing Overview W H I T E P A P E R

Oracle Database Solutions on VMware High Availability. Business Continuance of SAP Solutions on Vmware vsphere

Oracle Databases on VMware High Availability

Patch Management. Module VMware Inc. All rights reserved

W H I T E P A P E R. Understanding VMware Consolidated Backup

Getting Started with ESXi Embedded

VirtualCenter Database Maintenance VirtualCenter 2.0.x and Microsoft SQL Server

Upgrading Horizon Workspace

Setup for Failover Clustering and Microsoft Cluster Service

Installing and Administering VMware vsphere Update Manager

VMware Virtual Desktop Manager User Authentication Guide

Top 10 Reasons to Virtualize VMware Zimbra Collaboration Server with VMware vsphere. white PAPER

Configuration Maximums VMware Infrastructure 3

What s New in VMware vsphere 4.1 VMware vcenter. VMware vsphere 4.1

Configuration Maximums VMware vsphere 4.1

vsphere Upgrade vsphere 6.0 EN

W H I T E P A P E R. Optimized Backup and Recovery for VMware Infrastructure with EMC Avamar

Setup for Microsoft Cluster Service ESX Server and VirtualCenter 2.0.1

Guest Operating System. Installation Guide

Managing VMware ESXi INFORMATION GUIDE

Setup for Failover Clustering and Microsoft Cluster Service

VMware vsphere 4.1. Pricing, Packaging and Licensing Overview. E f f e c t i v e A u g u s t 1, W H I T E P A P E R

Basic System Administration ESX Server and Virtual Center 2.0.1

Windows XP Deployment Guide

VMware Virtual Machine File System: Technical Overview and Best Practices

What s New with VMware Virtual Infrastructure

Cisco Nexus 1000V Virtual Ethernet Module Software Installation Guide, Release 4.0(4)SV1(1)

Migrating a Windows PC to Run in VMware Fusion VMware Fusion 2.0

VMware vcenter Configuration Manager SQL Migration Helper Tool User's Guide vcenter Configuration Manager 5.6

Migrating to ESXi: How To

VMware vsphere 5.0 Evaluation Guide

Integration with Active Directory

VMware vsphere Storage Appliance 5.1.x Brownfield Deployments. TECHNICAL MARKETING DOCUMENTATION v 1.0

Using VMware ESX Server with IBM System Storage SAN Volume Controller ESX Server 3.0.2

Using the vcenter Orchestrator Plug-In for vsphere Auto Deploy 1.0

W H I T E P A P E R. Best Practices for Building Virtual Appliances

Legacy Host Licensing with vcenter Server 4.x ESX 3.x/ESXi 3.5 and vcenter Server 4.x

Symantec and VMware: Virtualizing Business Critical Applications with Confidence WHITE PAPER

Microsoft SharePoint 2010 on VMware Availability and Recovery Options. Microsoft SharePoint 2010 on VMware Availability and Recovery Options

VMware Consolidated Backup

vsphere Networking ESXi 5.0 vcenter Server 5.0 EN

vsphere Upgrade Update 1 ESXi 6.0 vcenter Server 6.0 EN

VMware vcloud Air - Disaster Recovery User's Guide

Reconfiguration of VMware vcenter Update Manager

Installing and Configuring vcenter Support Assistant

VMware vcenter Log Insight Getting Started Guide

Virtualizing Business-Critical Applications with Confidence

Using VMware ESX Server With Hitachi Data Systems NSC or USP Storage ESX Server 3.0.2

Configuration Maximums VMware vsphere 4.0

Configuration Maximums

Upgrading VMware Identity Manager Connector

Deploying Dell OpenManage Server Administrator on VMware ESXi Using Dell Online Depot and VMware Update Manager

VMware Auto Deploy GUI. VMware Auto Deploy Gui 5.0 Practical guide

Management of VMware ESXi. on HP ProLiant Servers

Advanced VMware Training

Basic System Administration ESX Server 3.0 and VirtualCenter 2.0

Microsoft Exchange Solutions on VMware

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

Using VMware Player. VMware Player. What Is VMware Player?

Reconfiguring VMware vsphere Update Manager

Configuring Multiple ACE Management Servers VMware ACE 2.0

VMware vsphere Examples and Scenarios

VMware ESXi 3.5 update 2

vsphere Host Profiles

Performance Characteristics of VMFS and RDM VMware ESX Server 3.0.1

Managing Remote Access

Reducing the Cost and Complexity of Business Continuity and Disaster Recovery for

BEST PRACTICES. DMZ Virtualization with VMware Infrastructure

VirtualCenter Monitoring and Performance Statistics

Web Services for Management Perl Library VMware ESX Server 3.5, VMware ESX Server 3i version 3.5, and VMware VirtualCenter 2.5

Configuration Maximums

VMware Data Recovery. Administrator's Guide EN

Managing Multi-Hypervisor Environments with vcenter Server

About the VM-Series Firewall

Deploying and updating VMware vsphere 5.0 on HP ProLiant Servers

Using AnywhereUSB to Connect USB Devices

vsphere Basic System Administration

VMware vsphere-6.0 Administration Training

VMware Remote Console for vrealize Automation

Helping Customers Move Workloads into the Cloud. A Guide for Providers of vcloud Powered Services

Citrix XenApp Server Deployment on VMware ESX at a Large Multi-National Insurance Company

Installing and Configuring vcenter Multi-Hypervisor Manager

VMware vcenter Log Insight Security Guide

VMware vcenter Server 5.5 Deployment Guide TECHNICAL MARKETING DOCUMENTATION V 1.0/NOVEMBER 2013/JUSTIN KING

VMware Data Recovery Administration Guide

VirtualCenter Database Performance for Microsoft SQL Server 2005 VirtualCenter 2.5

Server and Storage Sizing Guide for Windows 7 TECHNICAL NOTES

Getting Started Guide

How To Migrate To Redhat Enterprise Linux 4

vcenter Chargeback User s Guide

WHITE PAPER. IT in the Cloud: Using VMware vcloud for Reliable, Flexible, Shared IT Resources

SAP Solutions on VMware Infrastructure 3: Customer Implementation - Technical Case Study

Transcription:

Best Practices Guide Best Practices for Patching VMware ESX/ESXi VMware ESX 3.5/ESXi 3.5 The ever increasing sophistication of today s software, whether an operating system or an enterprise application, means occasional improvements are needed to defend against new variants of security risks, provide feature enhancements, and correct bugs. These improvements can come in different forms such as patches or updates and are delivered using multiple vehicles. Software complexity may make the patch process seem complex if you are not familiar with the definitions and usage of the patching procedures and options available. VMware ESX is a complex software product that greatly benefits from the patches that VMware offers between ESX version releases. This best practices document gives a brief explanation of patching and the different mechanisms for applying patches for the VMware ESX 3.5 product line. Broadly speaking, there are two kinds of patching: Proactive patch management is intended to prevent unplanned downtime. Reactive patching occurs in response to an issue that is currently affecting the running system and that needs immediate relief. The most common response to an issue is to apply the latest patch or patches, which might seem capable of fixing the issue. Either approach requires detailed investigation of the proposed fix. This paper does not focus on the differences in detail between proactive patch management and reactive patch management. Instead, it focuses on the ESX patching model, patch packaging, and deliverables key topics you need to understand to maintain your ESX systems. To gain the most from this paper, you should: Have a basic understanding about the patching process for ESX 3.5 Know what types of patches are available to you Have access to the related documentation listed in Resources on page 7 This paper covers the following topics: Patch Overview on page 2 Patch Delivery and Packaging on page 2 Patch Preparation on page 4 Understanding the Impact of Patching an ESX Host on page 5 Understanding the Impact of Patching an ESXi Host on page 6 Identifying Build Numbers after Patch Install on page 7 Resources on page 7 Copyright 2008 VMware, Inc. All rights reserved. 1

Patch Overview VMware releases ESX patches using two types of release vehicles: patch releases and update releases. A patch release contains units called patch bundles or, simply, bundles and is issued approximately every month. These bundles contain only bug fixes. An update release also contains units called bundles, but in addition it also includes a roll up bundle. Update releases are issued approximately every quarter. The bundles in update releases contain bug fixes and also new features and hardware support. A roll up bundle is simply an aggregate bundle, or super bundle, that groups together a set of patch bundles. Update releases are delivered to a broader set of users, including end users and OEM vendors. Update releases are delivered as patch bundles and also as upgradeable ISO images, tarball (.tgz) files, and dd images. This paper describes how to use each of these delivery vehicles appropriately. A patch bundle contains a set of software changes for bug fixes, new features, new hardware support, or some combination of these changes. contain two types of data: the metadata in XML format and the binary in RPM format. A patch bundle can contain one or more RPMs and can require you to apply one or more prior patch bundles. To automate patching for a large set of ESX hosts, VMware provides a VMware VirtualCenter Server extension called VMware. enables you to apply updates and patches across ESX hosts and all managed virtual machines. See the release notes for a list of guest operating systems that can scan and remediate. This tool gives you the ability to create user defined security or bug fix baselines that represent a state of compliance. As a security or VMware Infrastructure administrator, you can then compare hosts and virtual machines against these baselines to identify systems that are not in compliance. See the VMware Administration Guide for details. Patch Delivery and Packaging VMware gives you the flexibility of choosing your patch management strategy based on your company business environment or IT master plans. If you have a larger deployment, you might opt to update ESX hosts using update releases to take advantage of additional new features and hardware support. If you have a smaller deployment, you might require only a small set of patches to be applied for known bug fixes or security protection using patch releases. The types of bundles offered in each release are listed below. See the ESX Server 3 Patch Management Guide for details. Pay particular attention to the section on patch naming conventions. Patch releases offer bundles with names that follow the patterns of these examples: ESX350-200801001-BG a bundle for a bug fix ESX350-200801002-SG a bundle for a security fix Update releases offer bundles with names that follow the patterns of these examples: ESX350-200803001-UG a bundle for an update release ESX350-200803002-UG a bundle for an update release ESX350-Update-02 a roll up of bundles to bring a system up to the level of ESX 3.5 Update 2 VMware provides several alternatives to update an ESX 3.5 host to ESX 3.5 Update 1 or ESX 3.5 Update 2. The most straightforward method is to apply the ESX350-Update-02 roll up bundle from the update release. The other two methods involve installing either the ISO or tarball files to perform the upgrade. See the tables below for details. The results are the same whether you use the roll up patch bundle from the update release or the corresponding ISO or tarball. However, if you are not using, it is more convenient to jump start to a fresh ESX host by using ISO installs. Both ISO and tarball files are useful if you are upgrading a prior ESX release to the current ESX release for example, using an ISO image to upgrade a host from ESX Server 3.0.x to ESX 3.5. The ISO image and upgrade tarball are released through the VMware Store, which requires registered customers to log in with their passwords. An ESX host that you patch with the update release roll up patch bundle should be functionally equivalent to and physically the same as if you upgraded it using a CD created from the ISO or using the tarball from the same update release. Copyright 2008 VMware, Inc. All rights reserved. 2

For the URL of the patch download page, see Resources on page 7. Table 1. Deliverables in an ESX 3.5 Update Release and Their Use All patch bundles with suffix -UG One roll up bundle: ESX350-Update<n> -UG bundle can be used individually for fixing specific bugs. Roll up bundle is best used to bring a system up to an update release level. Both are applied by.. esxupdate All patch bundles with suffix -UG One roll up bundle: ESX350-Update<n> contents is not in the environment. Apply individual host updates using esxupdate. ISOs Use the Download page on the VMware Web site Installer Filename similar to this example: esx-3.5.0_update_2-1102 68.iso Fresh Install, CD upgrade. Tarballs Use the Download page on the VMware Web site ESX Server 2.x: upgrade.pl ESX 3.x: esxupdate Filename similar to one of these examples: upgrade-from-esx2.x-3.5.0_update_2-110268.tar.gz upgrade-from-esx3.0.x-3.5.0_update_2-110268 upgrade-from-esx3.5-3.5.0_update_2-110268 Upgrade from previous versions of ESX using esxupdate for ESX 3.x or upgrade.pl for ESX Server 2.x. Table 2. Deliverables in an ESXi 3.5 Update Release and Their Use All three patch bundles with suffix -UG. Examples: ESXe350-200808201-I-UG ESXe350-200808202-T-UG ESXe350-200808203-C-UG used for host VMware Infrastructure Update vihostupdate (RCLI) One offline patch bundles with suffix -O-UG. Example: ESXe350-200808201-O-UG not available. Host updates are applied using esxupdate. ISOs Use the Download page on the VMware Web site Installer Filename similar to this example: VMware-VMvisor-Installe r CD-3.5.0_Update_2-11027 1.i386.iso Fresh install for ESXi installable. dd images Internal only for OEM. esxddi tool dd image delivered to OEM directly. OEMs deliver customized dd in their systems being shipped. Copyright 2008 VMware, Inc. All rights reserved. 3

Table 3. Deliverables of an ESX 3.5 Patch Release and Their Use All patch bundles with suffix -BG or SG used for host esxupdate All patch bundles with suffix -BG or SG or contents not in production. Use esxupdate for host Table 4. Deliverables of an ESXi 3.5 Patch Release and Their Use All three patch bundles with suffix -BG or SG. Examples: ESXe350-200808201-I-BG ESXe350-200808202-T-BG ESXe350-200808203-C-BG used for host VMware Infrastructure Update vihostupdate (RCLI) One offline patch bundle with suffix -O-BG. Example: ESXe350-200808201-O-BG not in production. Use either RCLI or Virtual Infrastructure Update for host Patch Preparation Preparing your environment properly is important for a smooth and quick patching process. The recommended procedures below apply to the esxupdate or VMware methods of patching. Selective Patch Installation Always apply the latest VMware-esx-scripts patch bundle first, before applying other bundles. This type of bundle contains fixes or enhancements for the esxupdate utility. Because esxupdate is invoked by Update Manager when remediating hosts, it is a good practice to patch esxupdate before patching anything else. Effective Outage Planning If you are installing multiple patches simultaneously to one ESX host and more than one patch requires a host reboot, you can minimize the number of host reboots. For installation using esxupdate, you can install patch bundles using the --noreboot option. You can reboot the host at the end of the installation process. For installation using, all bundles within a given baseline are installed prior to a host reboot. Patch install optimization is built in. You can also take advantage of VMware Infrastructure 3 version 3.5 product features for patching. When performing host level remediation with esxupdate or, you can use VMotion to migrate virtual machines before you install patches. When performing DRS cluster level remediation with VMware, patches are installed on each applicable host within the cluster. Virtual machines are automatically migrated using VMotion from the host being patched to other hosts within the cluster. The host being patched automatically enters and exits maintenance mode, and it reboots automatically if required. Copyright 2008 VMware, Inc. All rights reserved. 4

Risk Mitigation It is a good practice to have standby ESX hosts that are VMotion compatible in the event of patch hiccups. If necessary, you can use the standby ESX host as a destination host for virtual machine migration with VMotion or as an alternative host for powering on virtual machines. Understanding the Impact of Patching an ESX Host The normal operations of an ESX host may be affected when you are applying patch bundles. Certain patch bundles may require the reboot of an ESX host. The description of each bundle lists the system impact, specifically the impact to the ESX host and the virtual machines running on that host. These system impacts are defined as follows: VM Shutdown & Host Reboot The virtual machines need to be powered off or migrated to other hosts with VMotion. The ESX host will enter maintenance mode during patch installation, exit maintenance mode upon completion, and then reboot. Both and esxupdate will trigger entering maintenance mode. If you use Update Manager to remediate the ESX host within a DRS enabled cluster, online virtual machines will be migrated to other hosts automatically using VMotion. Otherwise, you must manually migrate these virtual machines or shut them down. No VM Shutdown & No Host Reboot Patch installation does not affect running virtual machines, thus no shutdown nor migration with VMotion is required. The ESX host does not enter maintenance mode during patch installation. VM Shutdown & No Host Reboot Patch installation requires the host to be in maintenance mode. Running virtual machines need to be powered off or migrated to other hosts with VMotion. The ESX host will enter maintenance mode during patch installation and exit maintenance mode when patch installation completes. Both and esxupdate will trigger entering maintenance mode. If the ESX host is within a DRS enabled cluster, online virtual machines will be migrated to other hosts using VMotion. Otherwise, you must manually migrate these virtual machines or shut them down. Patch Dependencies In ESX 3.5 patch bundles, dependencies can exist between patch bundles. A bundle that does not require a host reboot may affect system availability if its dependent bundle requires host reboot. There are two types of bundle dependencies: supersedes and requires. Supersedes A patch bundle may have a listing of other patch bundles that it supersedes and renders obsolete. Bundles in both patch and update releases can supersede other bundles. Also by definition, all fixes contained in the ESX 3.5 Update 2 roll up also contain the fixes from the roll up of Update 1. Requires A patch bundle may also have a hard coded dependency on other bundles because of a bug fix and VMware sometimes needs to release these fixes by binding several RPMs into the same patch bundle. This kind of dependency must be maintained for a period of time, usually between two update releases. This dependency is defined under <IDList field="requires"> in the patch bundle descriptor.xml file. This dependency is enforced by and esxupdate. These dependencies affect only ESX 3.5 patch bundles. ESXi 3.5 patch bundles have no such dependencies. Copyright 2008 VMware, Inc. All rights reserved. 5

For better organization, VMware recommends that you not include roll up bundles and other patch bundles in the same baseline, including any baseline. VMware recommends defining a roll up in its own baseline. Logically a roll up bundle brings an ESX host to a specific update release level (such as ESX 3.5 Update 1 or ESX 3.5 Update 2) and releases usually include new features and hardware support in addition to bug fixes. In large deployments where patch management is more complex, organizing your baselines in this method will increase simplicity and reduce risk. Patching the esxupdate Utility When patching ESX hosts using or esxupdate directly, the patch bundles are applied using the esxupdate utility on the ESX host. Any problems in the esxupdate utility show up as problems with the patching process. In some cases, running esxupdate could potentially result in the patching process being broken into two steps. The only disadvantage of such a two step process is that the overall patch process takes longer and it might require two ESX reboots instead of one. Nevertheless, we recommend that you take precautions against this behavior. Because the esxupdate utility has been fixed in ESX 3.5 Update 2, we recommend that you first update the esxupdate utility by applying the patch bundle that corrects it. The patch bundle that corrects esxupdate has a description of Update to VMware esx scripts, and in this case has a bundle ID of ESX350-200808202-UG. After applying this bundle, you can proceed to apply the roll up bundles for ESX 3.5 Update 2. Because esxupdate is the backbone for patch installation, it is a good practice to patch esxupdate before patching anything else. Understanding the Impact of Patching an ESXi Host ESXi host patching is different from patching an ESX host in that three bundles are delivered in any patch or update release. There are never more than three bundles in a particular release. The three patch bundles generated for an ESXi host update are for: Firmware VMware Tools VI Client. Depending on which components need fixes, these three components might not all be patched in a particular patch release, but all three are included even when some contain no changes. For update releases, all three components are released together with new changes. In the packages that VMware provides, an offline bundle such as ESX350-200806401-O-BG a dash O bundle always contains the latest versions of the three components. There is no dependency mechanism in place for ESXi bundles. You should always apply all three pieces of the latest patch, especially when using. As a best practice for, you should use dynamic baselines, which will ensure the latest copies of these three components are installed. If you prefer to use static baselines, make sure they always include the patches with the latest release date. If you are not using for example, if you can use offline bundle patching a roll up bundle always contains the latest patches for the three ESXi components. This roll up bundle has a name similar to ESX350-200806401-O-BG. VMware commonly refers to such a bundle as a dash O bundle. If your datacenter uses both and offline patching using vihostupdate or VMware Infrastructure Update, you should make sure that the baseline also contains the latest versions of all three bundles. VMware Infrastructure Update always chooses the latest version of all these three components when patching the host. Copyright 2008 VMware, Inc. All rights reserved. 6

Identifying Build Numbers after Patch Install In some cases, after patches have been installed on an ESX 3.x host, different build numbers are reported for different components of ESX Server. VMware ESX hosts are patched according to a model in which each patch bundle updates only a few components (RPMs) of the ESX installation at a time. Not all components of the installation are upgraded during each patch installation. When a patch is applied, the build numbers of the updated components change. As a result, the ESX installation can have different components at different build numbers, depending upon which patch bundles have been applied. You can find details in KB article Determining Detailed Build Number Information for VMware ESX Server 3.5 and ESX Server 3.0.x Hosts. Resources Determining Detailed Build Number Information for VMware ESX Server 3.5 and ESX Server 3.0.x Hosts http://kb.vmware.com/kb/1001179 Download page on the http://www.vmware.com/download/ Download http://support.vmware.com/selfsupport/download ESX Server 3 Patch Management Guide http://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdf ESX Server 3i Configuration Guide http://www.vmware.com/pdf/vi3_35/esx_3i_e/r35u2/vi3_35_25_u2_3i_server_config.pdf ESX Server 3i Embedded Setup Guide http://www.vmware.com/pdf/vi3_35/esx_3i_e/r35u2/vi3_35_25_u2_3i_setup.pdf Introduction to VMware Infrastructure http://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_intro_vi.pdf Product documentation for VMware ESX and VMware ESXi http://www.vmware.com/support/pubs/vi_pubs.html VMware ESX and VMware ESXi Resource Management Guide http://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_resource_mgmt.pdf VMware Infrastructure Upgrade Guide http://www.vmware.com/pdf/vi3_35/esx_3/r35u2/vi3_35_25_u2_upgrade_guide.pdf VMware Administration Guide http://www.vmware.com/pdf/vi3_vum_10_admin_guide.pdf VMware 1.0 Update 3 Release Notes http://www.vmware.com/support/vi3/doc/vi3_vum_10u3_rel_notes.html If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com VMware, Inc. 3401 Hillview Ave., Palo Alto, CA 94304 www.vmware.com Copyright 2008 VMware, Inc. All rights reserved. Protected by one or more of U.S. Patent Nos. 6,397,242, 6,496,847, 6,704,925, 6,711,672, 6,725,289, 6,735,601, 6,785,886, 6,789,156, 6,795,966, 6,880,022, 6,944,699, 6,961,806, 6,961,941, 7,069,413, 7,082,598, 7,089,377, 7,111,086, 7,111,145, 7,117,481, 7,149, 843, 7,155,558, 7,222,221, 7,260,815, 7,260,820, 7,269,683, 7,275,136, 7,277,998, 7,277,999, 7,278,030, 7,281,102, 7,290,253, 7,356,679, 7,409,487, 7,412,492, 7,412,702, 7,424,710, and 7,428,636; patents pending. VMware, the VMware boxes logo and design, Virtual SMP, and VMotion are registered trademarks or trademarks of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. Revision: 20081009 Item: BP-069-PRD-01-01 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information