mdimunno
Contributor
Contributor

MSP - Applying ESXi and VCenter Updates

I am working with a Managed Services IT Provider, and we are trying to determine the most efficient method of applying patches and updates to VMWare ESXi servers, and VCenter servers and appliances.  As of now, we manually apply updates to each server, but with hundreds and possibly thousands of servers at our various customers throughout the world, doing so in a timely manner is nearly impossible.

Does VMWare have a solution for managed service providers to allow this to happen in an efficient manner?  What is the best way for us to go about this, for all of our customers, without taking up a tremendous amount of time, and also allowing for this to happen on a routine basis, so our customer's VMWare servers are regularly patched?

10 Replies
dineshgoundar
Enthusiast
Enthusiast

I dont think there is a one fits all. Each environment can and will be unique. You will need to check what hardware they are running on, it is compatible with the version you are trying to update to, what other solutions have been implemented and their interoperability. Does the hardware require a firmware upgrade to support the new vSphere updates. What drivers do I need to include in the patches, etc. etc. This can become a long list and if you are not careful, you can cause issues if not outages.

0 Kudos
DavidIsSain
Enthusiast
Enthusiast

Resurrecting from the dead - In the event you are still around...

I work for an MSP also and have not found that VMware supports the MSP working model.  So far, it seems that the only option is one server at a time via the CLI (for our small, single server clients, when it works).  I've had to deal with the ELX_bootbank_elx-esx-libelxima.so conflict a number of times.

For our clients that are running Essentials, there is no vMotion.  If they have 2 physical hosts and 10 guests, there is no moving the vCenter appliance between them unless using the migration tool. I've never been able to remediate the host that has the vCenter appliance running on it.

I'm wondering if VMware is not appropriate for SMBs that need multiple servers.  But I really hate to go with Hyper-V, just because of the stigma.

0 Kudos
nachogonzalez
Commander
Commander

Hey, I'm not familiar with the MSP business model. (I've done some googling but still not quite understand it)
You as the MSP ar responsible for the operations of your customers?

0 Kudos
DavidIsSain
Enthusiast
Enthusiast

I work in an industry where there are thousands of us small providers throughout the world (go to a ConnectWise conference and meet 3000 of us – or a Kaseya conference to meet 1500 of us – those are the few that take the time to attend and only two of the solution vendors).  We are most likely a small business with between 4 and 10 employees and we take care of networks for small and medium business that, 1) cannot afford a dedicated IT staff, or 2) don’t want to be locked to a single IT person (that calls in sick).  We offer Managed IT Services such as monitoring patches, security, backups and agreements to provide support.  Sometimes remote, sometimes onsite.  We also provide virtual CIO services, upgrade/replace hardware and help their business move forward with technology without them being savvy themselves.

https://communities.vmware.com/message/2978565#2978565

https://communities.vmware.com/thread/594649

https://www.networkdepot.com/msp-managed-service-provider/

https://www.darkreading.com/cloud/small-businesses-turn-to-managed-service-providers-for-security/d/...

https://www.onlinecomputers.com/2019/09/finding-the-right-msp-a-smart-guide-for-business-owners/

https://www.msptechnews.com/msp-news/managed-services-small-business/

0 Kudos
nachogonzalez
Commander
Commander

Get it, thanks

Now, if you install vSphere Update Manager Download Service on each customer's vCenter and you can publish an HTTPS:// repository you migth be able to centralize that configuration


Use a Shared Repository as a Download Source

Hope that works

Warm regards

0 Kudos
DavidIsSain
Enthusiast
Enthusiast

Thank you for replying. 

As I understand, Update Manager Download Service is for updating machines that might be otherwise disconnected from LAN/Internet and provides a way of making a package to distribute.

Does that allow the client's local vCenter to apply an update onto the same host it resides upon?  I don't read that.  It just sounds like a private repository.

0 Kudos
nachogonzalez
Commander
Commander

No, It wont allow the guest vCenter to apply an update to it's host.
Mostly because most of the patches require maintenance mode or a restart.

Do you have a single ESXi host?

0 Kudos
DavidIsSain
Enthusiast
Enthusiast

Yes, most of our clients have a single ESXi host.  Those that do not are still limited as they have Essentials license and cannot vMotion the VCSA to the other host.

0 Kudos
nachogonzalez
Commander
Commander

Some thoughts on this:

- Why do you use a vCenter if you are using only a single host? that seems to me like a waste of resources.
In that case, you will need downtime to apply all the patches, you might be able to do it via powercli, but as we said before, not to the esxi host that holds the vCenter (you might stage the patches but not install them)

Is it possible that you centralize all those single host customer's into a big cluster with vCenter, vmotion, and all the nice features?
Just an idea.

0 Kudos
DavidIsSain
Enthusiast
Enthusiast

Cost is a factor when consolidating them.  They are all remote from the office, but that's doable.  Would need a central vCenter server with vCenter standard licensing to support all of the client CPUs.  Then figure out how we bill them out for the platform.

I'm thinking of using PowerCLI and writing some scripts for the RMM platform.  Then I setup access one of three ways:

1) Install PowerCLI on some designated workstation at a client site

2) Poke some pinholes in their firewall and allow PowerCLI commands from my IP on a designated machine

3) P2P VPN from my office to run PowerCLI from a designated machine

Then, with scripts, I can download a specific image, put server into maintenance mode, install update, remove from maint mode.  Work to build out, but should be pretty easy to maintain afterward.  Challenge will be getting some kind of reporting with our RMM as Reporting and Scripting are not tied together (but we are evaluating another platform that is more robust).

It's too bad VMware has no reasonably priced solution for small business that needs virtualization.  Enterprise pricing is just too much for a small ortho clinic or a veterinary clinic, or a welding shop or a small appraisal company, or a shipping company.  It's cheaper and easier to have multiple physical boxes than use VMware.

0 Kudos