VMware Cloud Community
asbridgm
Contributor
Contributor

Windows Update on my physical hosts and my vCenter Server; any particular gotchas?

I generally don't touch the physical hosts or vCenter Server, but recent security scares tell me I need to keep these patched.

Is there a recommended way to go about it?

Reply
0 Kudos
9 Replies
daphnissov
Immortal
Immortal

If you aren't periodically touching your ESXi hosts or vCenter until now with the recent Spectre and Meltdown flaws, I'd strongly recommend you begin to touch them on a regular cadence especially if this is in a business environment. Notwithstanding the security vulnerabilities patches regularly address, they also address a large number of stability issues not to mention features. That said, if you're not using VUM that's definitely a way to begin to automate the patching of your ESXi hosts. If you're using the vCenter Server Appliance, patches are even easier to deploy. Whatever methods you choose, you will be in a much better (and safer) position if you incorporate them into your processes.

Reply
0 Kudos
asbridgm
Contributor
Contributor

Ok, I guess that's a start. Never heard of "VUM", so I'll have to Google that.

Meanwhile, can I just login to the physical hosts and patch them the way I do any other server?

Same for the VM running vCenter Server, can I just patch and reboot like any other server?

Reply
0 Kudos
daphnissov
Immortal
Immortal

VUM = vSphere Update Manager.

What version of vSphere are you running here? Are you using the vCenter Appliance or Windows? If you can speak more to what you have it'll be easier to provide advice on how to go about patching it.

Reply
0 Kudos
asbridgm
Contributor
Contributor

vSphere 6.0 , running on Windows.

Reply
0 Kudos
daphnissov
Immortal
Immortal

Reply
0 Kudos
asbridgm
Contributor
Contributor

Hosts are two physical Windows servers.

Dell PowerEdge R730xd

12 CPUs

VMWare vSphere 6 Essentials Plus

Reply
0 Kudos
daphnissov
Immortal
Immortal

What do you mean they are "two physical Windows servers"? These are not running ESXi?

Reply
0 Kudos
asbridgm
Contributor
Contributor

My mistake. I could have sworn earlier that I'd logged into these. Been a long week, digging into what the previous Systems Admin left behind.

Yes, they are both apparently running ESXi 6.0.0

Reply
0 Kudos
daphnissov
Immortal
Immortal

If you're on vSphere 6 and you don't have VUM, something I'd recommend is to upgrade to vSphere 6.5 using the vCenter Server Appliance. This will bring you up to date as well as give you VUM built-in to the appliance allowing you to automate the patching of your hosts. Since you have Essentials Plus, you have the ability to vMotion VMs around as part of maintenance, and this is something VUM will do for you.

Reply
0 Kudos