James Thew - Fotolia
Manage ESXi updates to keep your environment running securely
It's in an administrator's best interest to regularly check for ESXi updates and patches to make sure his system runs the most up-to-date version of the hypervisor.
VMware regularly releases updates and patches for the ESXi hypervisor throughout the year, as well as major updates at least once a year. The most recent of these major updates is ESXi 6.5 Update 1. Regularly updating software is an essential step for repairing security holes and fixing bugs, and keeping up with ESXi updates is no different.
In this article, we'll look at different ways to update or upgrade ESXi. No matter which method you choose, you have to shut down all VMs running on your ESXi host machine, put your host into maintenance mode and only then proceed with an upgrade or patch.
Upgrade with installation CD/DVD
The easiest method to install ESXi updates is to use the full installation ISO file, which you can download from the product page. After burning the ISO file to a CD/DVD, you can boot your server from that media and proceed with the upgrade.
Don't worry about what's going to happen with your local/remote data store.
Step 1: Enter the CD/DVD into the server, and reboot. Make sure the basic input/output system settings are correctly set on booting from CD/DVD. Wait for the standard installer to initialize.
Hit Enter to continue and then the F11 key to accept the End-User License Agreement and continue the upgrade. You'll get a prompt for where to install; in my case, it's a local partition.
Note the little star that indicates that there is a Virtual Machine File System (VMFS) partition present. Hit Enter to continue.
Step 2: Follow the instructions on the screen, choose Upgrade ESXi, preserve VMFS datastore -- which is selected by default -- and then hit Enter.
Step 3: Hit the F11 key to complete the ESXi update. A small progress bar indicates the operation, which takes just a few minutes. After that, you'll get a prompt to disconnect the ISO/DVD and reboot the host.
You're done. After the reboot, the ESXi host will show a new build number, which, in the case of ESXi 6.5 Update 1 (U1), is build number 5969303. You can now remove the host from maintenance mode.
Upgrade with online command-line interface
This process requires Secure Socket Shell (SSH) access, which can be activated via the vSphere Client by selecting the host and then clicking Configure > Security profile > Edit > SSH. From there, you need to make sure that the SSH service is running. If it isn't, hit the Start button.
Step 1: Use an SSH client, such as PuTTY, and connect to your host. Use your root login and password combination to identify yourself.
Select the host, and right-click it to put it in maintenance mode, as shown in Figure D.
Step 2: Disable one firewall rule with the following command:
esxcli network firewall ruleset set -e true -r httpClient
Step 3: VMware has several profiles online that do not contain VMware Tools. Those profiles are destined for systems that use AutoDeploy and stateless hosts.
Run the following command to upgrade the host with a standard VMware image profile, including VMware Tools, from the online depot:
esxcli software profile install -p ESXi-6.5.0-20170702001-standard -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml
After a while -- the download is over 200 MB -- you should receive a confirmation message that says, "The update completed successfully, but the system needs to be rebooted for the changes to be effective." Reboot your server to complete the upgrade.
Step 4: Re-enable the firewall with the following command:
esxcli network firewall ruleset set -e false -r httpClient
Step 5: Reboot the host, and disable maintenance mode, as per the previous tip.
Upgrade with offline command-line interface
Your ESXi host might not always have a reliable internet connection, or it might be completely disconnected from the outside world. In this case, you can first download an update patch file from VMware. This file is then uploaded to a data store visible to the ESXi host you intend to upgrade. You can then launch one command to upgrade the host.
Step 1: Go to the VMware patch download center, and get the latest VMware ESXi patch. Once you're connected there, select ESXi (Embedded and installable), and hit Search.
Step 2: After you download the latest patch, upload the zip file to a data store visible to your ESXi host with either the vSphere Client or ESXi host client. For this example, I opted to use the ESXi host client because this is a new process and will become standard as VMware phases out the old vSphere Windows Client.
Enter the following command to upgrade:
esxcli software vib update -d /vmfs/volumes/<your_datastore>/update-from-esxi6.5-6.5_update01
Step 3: Reboot the host, and disable maintenance mode.
Upgrade with VMware Update Manager
VMware administrators tend to prefer this method because it allows for an automated upgrade. Each host within the VMware cluster upgrades one at a time and then automatically reboots, until every host is upgraded and rebooted.
Since vSphere 6.5, VMware has provided vCenter Server Appliance (vCSA), which is a Linux version of vCenter Server. This version integrates vSphere Update Manager (VUM), so there's no need to install it as an additional product as you would on the Windows version of vCenter Server.
Step 1: Download the full VMware ESXi 6.5 U1 ISO from VMware.
Step 2: Connect via vSphere Client, and select Home > Update manager.
Step 3: Under the Manage tab, select ESXi Images > Import, and import the VMware ESXi 6.5 U1 ISO, as shown in Figure E.
Step 4: Select vCenter Server Appliance on the left-hand side of the screen, and then click the plus sign indicated in Figure F to create a new host baseline.
Step 5: Select Host Upgrade, enter a meaningful name so you can recognize this baseline later on and then click Next to continue the assistant.
Step 6: Select the image you previously uploaded to the VUM system, and hit the Next button to upgrade.
Step 7: Reboot the host, and disable maintenance mode.
As you can see, there are quite a few methods to upgrade and patch the VMware ESXi hypervisor. If you're running a stand-alone individual host or a small number of hosts that aren't managed by vCenter Server, you can use all of the methods shown above to install ESXi updates except for the VUM method, as this method is only available when ESXi hosts are managed by vCenter Server.
Explore security features in VMware ESXi hypervisor
Simplify the patching process with vSphere Update Manager
Key structural differences between ESXi and Hyper-V