ldelossa
(louis delossantos)
1
Hey guys, I want to propose a question to get some feedback.
I’ve been working with Vmware for a long time now and I’ve come to know the system pretty well, however I’ve always lacked when it came to creating policy - I would like to take this role and keep my esxi environment as healthy as possible.
This brings up the question - how are you guys handling patches for your ESXi hosts? I currently have clusters large enough to be able to patch pretty easily - but in a large enterprise what are your policies around patching? Does Vmware have a patch release date ? Are you guys patching on a certain schedule? And what are your thoughts about keeping fully patch vs staying a few revisions behind?
Thanks a lot guys.
2 Spice ups
We try to keep an empty host so it’s a big vmotion across to the empty host (Which is already patched), then patch the empty host and keep that process rolling.
I also keep an eye on VMware Knowledge Base and when that is updated I grab the new patch.
ldelossa
(louis delossantos)
3
I don’t really need methodology for patching - that I can handle - I’m looking more for what policy you guys are using - are you staying completely up to date? Do you guys have a day you patch out of the month ? One day out of ever 4 months…etc? Keep in mind I’m in a rather large enterprise
So in my situation 5.1 U3 came out in December. I had an awful time with upgrading one of my vCenter servers. VMware support made it even worse. Long story short I am someone leary about attempting to do another one of my clusters. I might just wait for the next version, 6 possibly, before attempting another upgrade. However my patch schedule is to do my best to keep up to date within a few months of release.
Rod-IT
(Rod-IT)
5
Do you mean vCenter servers? and not ESXi hosts?
If you did, are you running more than one, if so why? Linked?
1 Spice up
Rod-IT
(Rod-IT)
6
For my lab I have Update manager configured to email me when new patch definitions are downloaded for my version, once downloaded I will leave it a few weeks to let any problems be known in the wild, then if nothing major affects me, I will patch the hosts. Typically I would put one in maintenance mode and get it updated, get it back in the cluster once done and move on to the next, vMotioning guests to the other hosts to give me the next free host to patch. If your hosts are already heavily used and you do not have capacity you may struggle, so maybe turning off machines that are test or can tolerate half hour or so of downtime to free up resources.
1 Spice up
On the appliance it is point → Click → get tea → reboot → use.
On the ESXi hosts there is VUM Which does all the work for you and includes upgraded drivers.
Rod-IT
(Rod-IT)
8
There is, I was just checking the OP meant vCenter and not the hosts upgrade as they mentioned servers, meaning more than one. So perhaps role split, linked vcenter etc.
1 Spice up
I’ve not used linked mode vcenter and without stealing the op’s topic I am curious to know if it needs to be patched in a different way?
Rod-IT
(Rod-IT)
10
I’m not 100% but I believe they need to be done in a set order, the link may even break (I am not sure though) and have to be re-established after an upgrade. Documentation, not helping me - but I wanted to check with the OP as this maybe a cause of his issues.
1 Spice up
Rod-IT
(Rod-IT)
11
1 Spice up
No I have 5 Essentials Plus Clusters. Each cluster has it’s own vCenter. With the issues I had with the 1st one, I’m debating on whether to upgrade the others. The ESXi patching goes great with VUM, but vCenter needs to be upgraded 1st in major updates/releases.