VMware vSphere includes a nifty updating utility that can update VMs, hosts and appliances. The updates include OS upgrades for ESX, hardware upgrades for the VM hardware and OS and application updates for the VMs.
Note:The guest OS and application updates will no longer be supported after VUM 4.1 and Win7/2008R2 are not supported now, so enjoy it while it lasts.
The most common usage is just to update your ESX/ESXi hosts and it works great for that, but its pretty slick for applying Microsoft and 3rd party updates to running, powered off and suspended Virtual Machines including the ability to make and automatically commit snapshots and schedule the updates.
Make sure Update Manager is installed and the plug in has been added to your vSphere client.
My example will use the default VM baselines: “Critical VM Patches” and “Non-Critical VM patches”.
Note: To see what is included in the patches, use the vSphere client to navigate to Solutions and Applications / Update Manager
Select the “Baseline and Groups” tab and hit the button for “VMs/VAs”
click the number in the “Content” column to open a window listing all the updates contained in that baseline.
To apply the baseline to a single VM, select to the VM using the Inventory /VMs and Templates and click the Update Manager tab.
Click Attach… and select the “Critical VM Patches” and “Non-Critical VM patches”. baselines then click attach.
Click Scan to open the Confirm Scan windows
Click Scan again …
and wait for the patch scan to complete.
Once the scan is complete the # of updates needed will be displayed.
Click “Remediate” to open the Remediation window. Make sure the baselines you want are selected and hit next.
All the patches to be install will be listed and selected by default. Hit next.
To make the update run now, hit Next. (note the choices – you have different scheduling options for on, off and suspended VMs)
Typically you’ll want to take a snapshot of the VM first. You might also set the snapshot to automatically commit after a certain period of time. hit Next
Confirm your options and hit Finish
A “hidden'” iso (CD) image will be built containing the patches to be installed. The iso will be attached to the VM and the patches will be kicked off via VMTools
In the vSphere client you’ll only see the remediation task status (note it can take quite a while to get actually started, for this test the whole procedure took 45+ minutes for the one XP machine).
If you connect to the client (try after 40%) “explore” the CD in the VM and you should see all the executables to be installed.
Note that the CD iso is “hidden” if you look in the VM settings nothing is there.
The VMtools utility (or,rather the VMware Guest Agent it installs first) manages the installations and kicks them off one at a time.
For powered off, suspended or template VMs the procedure is the same, but behind the scenes is a little different. The machines are scanned while powered off, but they are started (or in the case of templates, converted to VMs then started) in order to remediate.
