VMware Update Manager
Patches we're depending on you son
Reviews June 20th, 2008
Verdict:
Makes applying software updates extremely quick and easy, especially for ESX Server systems, where downloading updates individually and working out their dependencies can be time consuming.
Pros:
Flexible architecture handles Linux and Windows VMs and ESX Servers.
Cons:
Linux updates cater only for Red Hat.
Price:
Free with vCenter 2.5
By Roger Howorth

VMware Update Manager v1 comes free with vCenter 2.5 (VC25) and is designed to help IT managers locate and install software patches for ESX Server systems and the Windows and Linux virtual machines (VMs) running on them.

Update Manager (UM) runs as a plugin for VC25, but it is not installed automatically, so a VMware system administrator needs to add it by hand after installing VC25. Having said that, a default installation of VC25 includes a scheduled job to update the signatures used by UM, so a casual observer could be forgiven for thinking UM was in fact installed by default.

In The Hypervisor Lab tests we added Update Manager using the vCenter Plugins menu and the Manage Plugins option. From here we could click on a button to “Download and install” Update Manager. Once installed, we needed to enable the plugin by ticking the appropriate box in the Plugin Manager “Installed” tab.

With these steps complete we found a new UM tab in the main VC25 Inventory display and a new option in the Plugins menu. As part of the initial UM setup we needed to use this menu option to run the “schedule an update download” wizard. From here we could tell UM which types of updates we were interested in. For our tests we configured UM to download all updates for ESX Server systems, and tested UM by updating a freshly installed ESX 3.5.0 build 82663 system with all the 68 patches that were available at the time of writing. This information is grouped into what UM refers to as “baselines.” For example, in our tests we found automatically generated baselines called Critical Host Updates and Non Critical Host Updates. Administrators could also define their own baselines. We defined a baseline that included all updates for host systems.

The next step was to apply a baseline to our host. Our first attempts at remediating our server failed, so we launched some general troubleshooting steps for new ESX Server hosts. For example, we found we had mis-configured the hostname of our ESX Server, which we corrected by editing /etc/sysconfig/network. We also needed to update /etc/resolv.conf with the correct domain search path. Finally, our VC25 system was multi-homed, so we needed to ensure the ESX Server had routes to both VC25 NICs.

With these steps complete we could click the right mouse button on our ESX Server in VC25’s Inventory tab and use the “Remediate…” option to apply a baseline to our host. As some of the updates required our host to be rebooted, UM automatically rebooted our ESX server after applying the updates.

After the first remediation pass we found five “non compliant” updates had not been applied. However, once UM had rebooted the server we again right clicked on the host and used the “Scan for updates” option, which removed those updates from the Baseline for that server. At this point the server was shown to be complaint with the baseline.

As you would expect, UM does not allow you to patch a host unless it is in maintenance mode, which means all the host’s VMs must be suspended, switched off or migrated to other hosts. UM will place a host in maintenance mode for you if necessary.

Having used UM for a few weeks, we were somewhat puzzled to find the UM tabs disappeared from vCenter. It turned out this was because the Update Manager service had failed to start following a reboot of our vCenter system. We needed to shutdown vCenter in order to start the Update Manager service. Once the service had started properly the UM tabs reappeared in the VC25 display.