VMware Cloud Community
AndyShine
Enthusiast
Enthusiast
‎03-15-2009 04:21 AM

Any way for Update Manager to generate an alert?

I have a scheduled scan of my ESX hosts that runs every sunday. It scans to see if any critical or non-critical patches should be applied to my esx servers ( also have a weekly task that donwloads any new esx updates).

Due to advanced senility I forget to check regularly to see if I need to remediate any of the hosts and I don't want to let them update themselves without an OK from me (yes I'm paraniod as well)

Is there a way for Update Manager to generate an alert (prefrably e-mail) to tell me when there are patches that need to be applied?

Thanks

Andrew

0 Kudos
6 Replies
patrickds
Expert
Expert
‎03-15-2009 04:36 AM

You can set e-mail alerts in the scheduled job properties of your download and scan tasks.

You'll have to set the e-mail server to be used in the Virtual Center configuration first.

0 Kudos
AndyShine
Enthusiast
Enthusiast
‎03-15-2009 05:21 AM

I agree that you can alert on the download task, but I can't find that option on the scan task Smiley Sad

0 Kudos
patrickds
Expert
Expert
‎03-18-2009 08:49 AM

Finally had some time to check this out in my test lab, and you're right.

There's no e-mail notification on the scan task, or any other way of generating a non-compliance alert, as far as i can see.

On the other hand, if the download task gets new updates, this automatically implies that your hosts are no longer compliant.

0 Kudos
AndyShine
Enthusiast
Enthusiast
‎03-18-2009 09:16 AM

I'm not sure about the new updates implying non-compliance. I'm downloading ESX updates (only) but I'm pretty sure the task downloads patches that aren't relevant to my ESX 3.5 servers e.g. updated drivers for hba's I don't have.

0 Kudos
patrickds
Expert
Expert
‎03-18-2009 09:51 AM

I'm sure a lot of the updates do not really apply to all setups, but i don't think update manager cares about that.

It only sees an update package for the configured version(s) of ESX, and does no checking on whether it applies to your ESX host or not.

So any update it downloads will be added to the baseline (if it's dynamic)

A scan will just compare the installed packages with the baseline, again without checking whether the contents of the packages actually apply to the scanned hosts.

Scanning will just change the status of the host in Update Manager to non-compliant (make UM aware of the non-compliance)

The moment any package gets downloaded and added to the baseline, your host will become non-compliant, although UM won't know it without scanning.

If your baseline is not dynamic, even a scheduled scan will not make the hosts non-compliant, because you have to manually add the updates to the baseline first.

So either way, getting a notification when new updates are downloaded should be enough.

The only way to really test this is creating a new baseline with drivers that do not apply to your hosts, and seeing if a scan will make your hosts non-compliant to this baseline. (this should be done on a clean installation, otherwise the updated drivers may well be installed already)

AndyShine
Enthusiast
Enthusiast
‎03-19-2009 03:20 AM

It seems that neither the update download nor scanning parts to the update process is as smart as I thought it was Smiley Sad

I haven't got the resources (time\hardware) to setup a clean install right now to test this but I supect your right.

Thanks for your help

0 Kudos