vCenter Update Manager
VMware vCenter Update Manager is an automated patch management and update solution for VMware ESX hosts, as well as for select Microsoft Windows and Linux virtual machines. This component of VMware vCenter scans the state of the physical VMware ESX Server hosts, as well as select guest operating systems, compares them with baselines set by the administrator and then applies updates and patches to enforce compliance to baselines.
Update Manager is fully integrated with VMware Dynamic Resource Scheduler (DRS) for non-disruptive ESX and ESXi host patching. Update Manager scans and remediates online, as well as offline/suspended virtual machines and online ESX hosts. The software also reduces the risk of virtual machine patch failures with a snapshot feature that can rollback a patched virtual machine to a known working state if there are any problems.
Use of Update Manager in an Enterprise
Patching ESX hosts online and offline
Operating systems and applications require patching, reconfiguration or other solutions to stay secure, perform well and protect against vulnerabilities. Maintaining a consistent set of operating systems and applications with particular patch levels helps reduce the number of vulnerabilities and issues in an IT environment. Reducing the complexity and variation systems in the data center eases management burdens and reduces security risks.
Update Manager is used to make datacenter environments more secure and manageable by helping IT administrators:
Track vulnerabilities within virtual infrastructure comprising ESX Server hosts as well as Microsoft and Linux virtual machines.
Bring any vulnerable ESX Server host or virtual machine into compliance automatically, with user-defined patch standards.
Update Manager enforces compliance to patch standards in four steps:
Step 1: Gather latest patches.
Update Manager automatically gathers the latest patch data via the Internet from VMware, as well as third-party application vendors such as Microsoft, Adobe and Mozilla.
Step 2: Set baselines.
The information collected by Update Manager is used to set baselines. Baselines contain one or more service packs, patches and/or updates. The baseline data that Update Manager gathers gives IT administrators' granular control in defining patch levels. These baselines updates can be static baselines defined manually or dynamic baselines that are set automatically depending on the significance of the patch data from the system vendor.
Step 3: Compare physical hosts and virtual machines against the baselines.
Update Manager scans the state of the physical VMware ESX hosts as well as select Microsoft and Linux guest operating systems and compares it with baselines set by the administrator. Scans can be initiated on entire datacenters, clusters, resource pools, templates, folders or individual hosts and virtual machines. They can be run immediately or scheduled as necessary. After a scan is complete, non-compliant machines are flagged for patch updates.
Step 4: Remediate the selected set of virtual machines and ESX hosts.
Update Manager supports either manual or scheduled patching of the non-compliant virtual machines. If a reboot is required on a manual patch or update, the administrator has the option to reboot immediately or delay system restart by up to 60 minutes.
Virtual machine patching
To reduce the risk of virtual machine patching failures, Update Manager automatically takes a snapshot of the virtual machine state prior to applying a patch. Snapshots are stored for a user-defined period so administrators can rollback a patched virtual machine to a known working state if there are any problems. Update Manager also patches offline or suspended virtual machines. When remediating offline or suspended virtual machines, Update Manager disables their NICs during the patching so the network is not exposed to non-compliant virtual machines.
VMware ESX host patching
Update Manager also enables non-disruptive patching of ESX hosts in conjunction with VMware DRS. Update Manager puts hosts in maintenance mode, one by one and live migrates virtual machines to other hosts while patching. On completion of host patching, the virtual machines are migrated back and Update Manager then moves on to patch the next host in the cluster.
Automated patching of VMware ESX hosts, select Microsoft and Linux virtual machines as well as applications such as Adobe and Mozilla.
Automated scanning of virtual infrastructure for compliance to static or dynamic IT standards.
Automated snapshots prior to patching to enable rollback in case of patching failures.
Secure offline virtual machine patching to reduce the risks associated with noncompliant systems joining the corporate network.
Integration with VMware DRS for non disruptive VMware ESX host patching.