• No results found

Patch Management. Module VMware Inc. All rights reserved

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Patch Management. Module VMware Inc. All rights reserved"

Copied!
22
0
0

Loading.... (view fulltext now)

Download now ( 22 Page )

Full text

(1)

Patch Management

Module 13

(2)

Course Introduction Introduction to Virtualization

Creating Virtual Machines VMware vCenter Server

Configuring and Managing Virtual Networks Configuring and Managing vSphere Storage

Virtual Machine Management

Data Protection

Access and Authentication Control Resource Management and Monitoring

High Availability and Fault Tolerance Host Scalability

Patch Management

Installing VMware vSphere Components

You Are Here

(3)

Over time, your VMware vSphere® environment might undergo change in its hardware or software configuration, or in the form of software updates or patches.

From a manageability and scalability perspective, you should implement changes to your vSphere environment in an orderly, controlled, and systematic fashion.

Importance

(4)

After this module, you should be able to do the following:

Describe VMware vSphere® Update Manager™.

List the steps to install Update Manager.

Use Update Manager:

Create and attach a baseline.

Scan an inventory object.

Remediate an inventory object.

Learner Objectives

(5)

Update Manager enables centralized, automated patch and version management for VMware vSphere® ESXi™ hosts, virtual machine hardware, VMware® Tools™, and virtual appliances.

Update Manager reduces security risks:

Reduces the number of vulnerabilities.

Eliminates many security breaches that exploit older vulnerabilities.

Update Manager reduces the diversity of systems in an environment:

Makes management easier

Reduces security risks

Update Manager keeps machines running more smoothly:

Patches include bug fixes

Makes troubleshooting easier

Update Manager

(6)

Enables cross-platform upgrade from VMware® ESX® to ESXi®

Automated patch downloading:

Begins with information-only downloading

Is scheduled at regular configurable intervals

Contacts the following sources for patching ESXi hosts:

For VMware® patches: https://hostupdate.vmware.com

For third-party patches: URL of third-party source

Creation of baselines and baseline groups Scanning:

Inventory systems are scanned for baseline compliance.

Remediation:

Inventory systems that are not current can be automatically patched.

Reduces the number of reboots required after VMware Tools updates

Update Manager Capabilities

(7)

Update Manager Components

VMware vCenter Server™ system

Update Manager server

database server

vCenter Server database

patch database

VMware patch source hosts

optional download server VMware vSphere®

Client™ with Update Manager

plug-in Internet

patch database

third-party patch source

(8)

Update Manager must be installed on a Windows 64-bit machine.

To install, start the VMware vCenter Installer and click VMware vSphere Update Manager.

Information needed during the installation:

vCenter Server host name, user name, and password

Choice of database: use default or existing database

Update Manager port settings:

Host name, ports, proxy settings (if necessary)

Destination folder and location for downloading patches To install the Update Manager client:

Install the Update Manager Extension plug-in into the vSphere Client.

Installing Update Manager

(9)

Configuring Update Manager Settings

Modify Update Manager configuration

properties.

By default, all patch sources are enabled. Additional patch sources can be added

if necessary.

(10)

A baseline consists of one or more patches, extensions, or upgrades.

Five types of baselines:

Host patch

Host extension

Host upgrade

Virtual machine upgrade

for hardware or VMware Tools

Virtual appliance upgrade Update Manager includes a number of default baselines.

A baseline group consists of multiple baselines:

Can contain one upgrade baseline per type and one or more patch and extension baselines

Baseline and Baseline Groups

example of default baselines for hosts

(11)

To create a baseline:

1. Click Create.

2. Specify name and description.

3. Choose a baseline type.

4. For a patch baseline, select a patch option: Fixed or Dynamic.

5. Select patches to add to the baseline.

Creating a Baseline

A host patch is added to this

baseline.

(12)

To view compliance information and remediate inventory objects, first attach a baseline or baseline group to an object.

For improved efficiency, attach a baseline to a container object instead of to an individual object.

Attaching a Baseline

(13)

Scanning evaluates the inventory object against the baseline or baseline group.

A scan can be performed manually or automatically, using a scheduled task.

Scanning for Updates

(14)

Viewing Compliance

In this example, the scan found two noncompliant

hosts.

After the scan, patches and updates can be staged first and then remediated at a later time.

(15)

You can remediate virtual machines, templates, virtual appliances, and hosts.

You can perform the remediation immediately or schedule it for a later date.

Remediating Objects

(16)

Maintenance Mode and Remediation

Power off or suspend virtual machines

Option for PXE-booted

ESXi 5.0

(17)

Remediation Options for a Cluster

When remediating hosts in a cluster, you must temporarily disable certain cluster features:

VMware vSphere® Distributed Power Management™, VMware vSphere® High Availability, and VMware vSphere® Fault Tolerance.

You can generate a report that identifies problems before remediation

occurs.

(18)

At regular intervals, Update Manager contacts VMware to download notifications about patch recalls, new fixes, and alerts.

Notification Check Schedule is selected by default.

On receiving patch recall notifications, Update Manager:

Generates a notification in the notification tab

No longer applies the recalled patch to any host:

Patch is flagged as recalled in the database.

Deletes the patch binaries from its patch repository

Does not uninstall recalled patches from ESXi hosts:

Instead, it waits for a newer patch and applies that to make a host compliant.

Patch Recall Notification

(19)

Eliminate downtime for virtual machines when patching ESXi hosts:

1. Update Manager puts host in maintenance mode.

2. VMware vSphere® Distributed Resource Scheduler™ moves virtual machines to available host.

3. Update Manager patches host and then exits maintenance mode.

4. DRS moves virtual machines back per rule.

Remediation Enabled for DRS

maintenance mode UM + DRS

!

(20)

In this lab, you will install, configure, and use Update Manager.

1. Install Update Manager.

2. Install the Update Manager plug-in into the vSphere Client.

3. Modify cluster settings.

4. Configure Update Manager.

5. Create a patch baseline.

6. Attach a baseline and scan for updates.

7. Stage the patches onto the ESXi hosts.

8. Remediate the ESXi hosts.

Lab 23

(21)

You should be able to do the following:

Describe Update Manager.

List the steps to install Update Manager.

Use Update Manager:

Create and attach a baseline.

Scan an inventory object.

Remediate an inventory object.

Review of Learner Objectives

(22)

Update Manager patches and updates ESXi 5.1 hosts as well earlier versions of hosts, virtual machines, templates, and virtual appliances.

Update Manager reduces security vulnerabilities by keeping systems up to date and by reducing the diversity of systems in an environment.

Update Manager no longer patches guest operating systems or the applications running within guest operating systems.

Questions?

Key Points

References

Download now ( PDF - 22 Page - 743.74 KB )

Related documents

Literature. I can read, understand, and discuss the fiction stories I read.

RI.7.4 □ I can figure out the meanings of words and phrases in a piece of informational text by thinking about how they are used.. RI.7.4 □ I can analyze the author’s word choice

Evaluating the Balabit Shell Control Box

The evaluation version of the Balabit Shell Control Box (SCB) is available as a pre-installed virtual machine for VMware, vSphere (VMware ESX), and VirtualBox.. You can obtain

VMware VMware Inc. All rights reserved.

x86 + Direct- Attached Storage x86, large scale storage tier Next-gen apps Hypervisor x86, hyper- converged systems Hypervisor + storage SW Hypervisor Shared Datastore Shared

Virtual Machine Mobility with VMware VMotion and Cisco Data Center Interconnect Technologies

VMware VMotion enables data centers to transparently implement virtual machine mobility using the Cisco LAN and storage extension solutions. The VMware vSphere Virtual Data

NEC EXPRESS5800/R320c-E4 Configuration Guide

Refer to the VMware web site for the Supported Guest Operating Systems on VMware vSphere ESXi 5.1. VMware

ASM Educational Center (ASM) Est VMS-ICM v5.5 - VMware vsphere: Install, Configure, Manage Training Program

Use the vSphere Client to Upgrade the VMware Tools Use vSphere Client to Upgrade Virtual Machine Hardware Use Update Manager to Upgrade Virtual Machines Chapter 12 Review. Chapter

How to Add and Remove Virtual Hardware to a VMware ESXi Virtual Machine

If multiple virtual machines have not reached their allocated disk size, and the capacity of the physical disk has been exceeded, disk errors within the operating system may occur

The Service Provider will monitor the VM for the Customer and provide notifications on an opt in basis, which is strongly recommended.

Connectivity to the VMware Virtual Center management console and the virtual machine consoles is made via the ITS bastion hosts