1 2 Previous Next 25 Replies Latest reply on Nov 22, 2019 4:17 AM by larstr Go to original post
      • 15. Re: Patches for spectre
        ashwin_prakash Expert
        VMware EmployeesGS Skyline Support Skyline Community 2/2

        The Process that I have shared is for the components that needs to be upgraded before upgrading ESXi and components that needs to be upgraded post upgrading the vCenter.

        You could use either the Update manager or manually download and use the command to patch the host. Which ever process you are comfortable.

        • 16. Re: Patches for spectre
          jprovine7 Hot Shot

          Looks to me that the update manager is the most simple way to do it.

          • 17. Re: Patches for spectre
            jprovine7 Hot Shot

            This went fine I just updated using the update manager

             

            -----------------------------------------

             

            Was it helpful? Let us know by completing this short survey here.

            • 18. Re: Patches for spectre
              cypherx Hot Shot

              Using VUM, it took us up to ESXi 6.0.0, 7967664.  No issues yet.

               

              Yes we did early adopt the patches in January.  So this one just overwrote those I guess.

              • 19. Re: Patches for spectre
                jprovine7 Hot Shot

                Yeah we adopted the patches in January too and as far as I could tell they did not help or hurt.  According to our crowstrike monitoring of our devices it does not appear as thought there is a fix for spectre yet.

                • 20. Re: Patches for spectre
                  silus Enthusiast
                  vExpert

                  I am surprised update manager will push out these patches if vCenter has not been updated to be compatible. If you push out these patches without updating vcenter, it will break any EVC enabled clusters, as I understand it.

                   

                  I would have thought vmware would disallow unpatched vcenters/update managers to push these out, I can see a lot of people just including them in a monthly/quarterly baseline without having updated vcenter.

                  • 21. Re: Patches for spectre
                    bf1967 Lurker

                    I have installed this on 3 ESXi 5.5 and 3 ESXi 6.0 hosts. No issues so far.

                     

                    If you do the BIOS Update that includes the recent microcode update of the processore of the server vendor (in my case HP with DL380 Gen 8 and Gen 10) you do some kind of double installation.

                     

                    As far as I can overview it the latest VMWare update does not contain much more than the processor microcode update. So if you have been up to date before the BIOS update of the server should be enough. However in case of the VMWare update you need to do the update to see what actually has been changed.

                     

                    I updated from the commandline with the zip file.

                    • 22. Re: Patches for spectre
                      Ravinred Novice

                      We installed SM patches on my environment as of now we don't see any issues.

                      I updated using vmware update manger (VUM).

                      • 23. Re: Patches for spectre
                        JuniorJenny Lurker

                        I put a patch on the host when the first issues one shortly after the issue was brought to light and then they recall it. I do not want be in that same situation where they release and recall the patch. So are you saying that you have applied these patches yourself and have seen no issues? That they have not be recalled?

                        • 24. Re: Patches for spectre
                          JuniorJenny Lurker

                          I can overview it the latest VMWare update does not contain much more than the processor microcode update. So if you have been up to date before the wella BIOS update of the server should be enough. However in case of the VMWare update you need to do the update to see what actually has been changed.

                          • 25. Re: Patches for spectre
                            larstr Virtuoso
                            vExpert

                            JuniorJenny,

                            Keep in mind that these patches alone might not be enough. You should also consider changing the scheduler to SCAv1 or SCAv2.

                             

                            SCAv1 vs SCAv2.PNG

                             

                            Lars

                            1 2 Previous Next