Scribd Logo
Upload

Welcome to Scribd!

  • Day 8 VUM - Host Profiles

    Uploaded by

    Amine Inptic
    7 views19 pages
    vum day 8 COURS

    Original Title

    Day 8 VUM - Host Profiles

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    vum day 8 COURS

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    7 views19 pages

    Day 8 VUM - Host Profiles

    Uploaded by

    Amine Inptic
    vum day 8 COURS

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 19

    vSphere Update Manager

    About vSphere Update Manager


    • vSphere Update Manager enables centralized, automated patch and version
    management for VMware ESXi™ hosts, virtual machine hardware, VMware
    Tools™, and virtual appliances.
    • vSphere Update Manager reduces security risks:
    o Reduces the number of vulnerabilities.
    o Eliminates many security breaches that exploit older vulnerabilities.

    • vSphere Update Manager reduces the diversity of systems in an environment:


    o Makes management easier.
    o Reduces security risks.

    • vSphere Update Manager keeps machines running more smoothly:


    o Patches include bug fixes.
    o Makes troubleshooting easier.
    vSphere Update Manager Capabilities
    • vSphere Update Manager enables cross-platform upgrade from VMware ESX® to
    ESXi.
    • Automated patch downloading:
    o Begins with information-only downloading.
    o Is scheduled at regular configurable intervals.

    • Creation of baselines and baseline groups


    • Scanning:
    o Inventory systems are scanned for baseline compliance.

    • Remediation:
    o Inventory systems that are not compliant can be automatically patched.

    • Reduces the number of reboots required after VMware Tools updates


    vSphere Update Manager Components
    • vSphere Update Manager includes several components and requires network
    connectivity with VMware vCenter Server™.
    • vSphere Update Manager server component:
    o Install on the same computer as Windows vCenter Server or on a different computer.

    • Client components:
    o vSphere Update Manager Client runs on the desktop:
    • Use the vSphere Update Manager Client to perform patch and version management of the vSphere inventory.
    o Update Manager tab in the VMware vSphere® Web Client plug-in:
    • Use to view scan results and compliance states for vSphere inventory objects.
    • Database:
    o Use to store and organize server data.
    Configuring vSphere Update Manager Settings
    • You can modify the vSphere Update Manager configuration only if you have the
    correct privileges:
    o Network Connectivity Settings
    o Download Settings
    o Proxy Settings
    o Checking for Updates (Download Schedule) Settings
    o Notification Check Schedule Settings
    o Virtual Machine Settings
    o Host and Cluster Settings
    Baseline and Baseline Groups
    A baseline consists of one or more patches, extensions, or upgrades:
    o vSphere Update Manager includes two default dynamic patch baselines and three upgrade baselines.
    • A baseline group consists of multiple baselines:
    o Can contain one upgrade baseline per type and one or more patch and extension baselines.
    Creating and Editing Patch or Extension
    Baselines
    • You can create custom patches, extensions, and upgrade baselines to meet the needs
    of your specific deployment by using the New Baseline wizard:
    o Create a fixed patch baseline:
    • Fixed baselines consist of a set of patches that do not change as patch availability changes.
    o Create a dynamic patch baseline:
    • Dynamic baselines consist of a set of patches that meet certain criteria.
    o Create a host extension baseline:
    • Extension baselines contain additional software for ESXi hosts. This additional software might be VMware software
    or third-party software.
    o Filter patches or extensions in the New Baseline wizard:
    • When you create a patch or extension baseline, you can filter the patches and extensions available in the vSphere
    Update Manager repository to find specific patches and extensions to exclude or include in the baseline.
    Attaching a Baseline
    • To view compliance information and scan objects in the inventory against baselines
    and baseline groups, you must first attach baselines and baseline groups to these
    objects.
    • You can attach baselines and baseline groups to objects in the vSphere Update
    Manager plug-in to the vSphere Web Client: the Update Manager tab.
    Scanning for Updates
    • Scanning evaluates the inventory object against the baseline or baseline group.
    Viewing Compliance for vSphere Objects
    • You can review compliance information for the virtual machines, virtual appliances,
    and hosts against baselines and baseline groups that you attach.
    Remediating Objects

    • You can remediate virtual machines, templates, virtual appliances, and hosts:
    o You can perform the remediation immediately or schedule it for a later date.
    o Host remediation runs in different ways, depending on the types of baselines that you attach and whether the host is in a
    cluster or not.
    o For ESXi hosts in a cluster, the remediation process is sequential by default.
    o Remediation of hosts in a cluster requires that you temporarily disable cluster features such as VMware vSphere®
    Distributed Power Management™ and VMware vSphere® High Availability admission control.
    Patch Recall Notification
    • At regular intervals, vSphere Update Manager contacts VMware to download
    notifications about patch recalls, new fixes, and alerts:
    o Notification Check Schedule is selected by default.

    • On receiving patch recall notifications, vSphere Update Manager takes the following
    actions:
    o Generates a notification in the notification tab
    o No longer applies the recalled patch to any host:
    • Patch is flagged as recalled in the database.
    o Deletes the patch binaries from its patch repository

    • vSphere Update Manager does not uninstall recalled patches from ESXi hosts. It
    waits for a newer patch and applies that patch to make a host compliant.
    Host Profiles
    Host Profiles
    • Host profiles provide an automated and centrally managed mechanism for host
    configuration and configuration compliance.
    Host Profiles Workflow
    • The host profile workflow starts with the concept of a reference host. The reference
    host serves as the template from which the host profile is extracted:
    1. Set up and configure the reference host.
    2. Create a host profile from the reference host.
    3. Attach other hosts or clusters to the host profile.
    4. Check the compliance of the added hosts to the host profile. If all hosts are
    compliant with the reference host, they are correctly configured.
    5. Apply the resulting recommendations to the hosts.
    Creating a Host Profile
    • You create a host profile by extracting the designated reference host’s configuration.
    Attaching a Host Profile to a Host or Cluster
    • After creating a host profile from a reference host, you attach the host or cluster to
    the host profile.
    Checking Compliance
    • You can confirm the compliance of a host or cluster to its attached host profile and
    determine which configuration parameters on a host are different from those
    specified in the host profile.
    Remediating an ESXi Host
    • In the event of a compliance failure, use the remediate function to apply the host
    profile settings onto the host.
    • This action changes all host profile-managed parameters to the values contained in
    the host profile attached to the host.

    You might also like