host lifecycle for publication update manager, vmworld 2017€¦ · host lifecycle management...

Eric Gray

SER1963BE

#VMworld #SER1963BE

Technical Overview of VMware ESXiHost Lifecycle Management with Update Manager, Auto Deploy, and Host Profiles

@eric_gray

VMworld 2017 Content: Not fo

r publication or distri

bution

3

Are ESXi patches

cumulative?

How do I patch

custom OEM

images?

With Auto Deploy, is

DHCP a single point

of failure?

Do stateless hosts

keep SSH & SSL

identities after

reboot?

When do I need to

upgrade a host

profile?

#SER1963BE CONFIDENTIAL



bution

Update Sequence for vSphere 6.5 and Compatible Products

4

KB 2147289Mastering the VMware Tools Lifecycle in

Your vSphere Data Center

[SER1957BE] Wednesday 11:00




bution

End of General Support Is Here for ESXi Releases Prior to 5.5

5

ESXi 6.5 Recently Extended!




bution

VMware ESXi – Despite the CLI, It’s NOT Linux

6#SER1963BE CONFIDENTIAL



bution

Understanding the ESXi Disk Partitioning Scheme

7

bootbank

store

scratch

VMFS

altbootbank

250 MB

250 MB

286 MB

4 GB

n GB




bution

Host Updates Are Applied to the Unused Bootbank

8

bootbank

altbootbank

:~] cat bootbank/boot.cfg

bootstate=0

build=6.0.0-2.37.3825889

updated=10

:~] cat altbootbank/boot.cfg

bootstate=0

build=6.0.0-2.34.3620759

updated=9




bution




bution

VIB Details are Available Through esxcli




bution

Build numbers and versions of VMware ESXi

11

KB 2143832




bution

Access My.VMware to Download Patch Releases

12

Only the latest download is required –

ESXi patches are cumulative




bution

Demystifying VMware ESXi Patch Release Contents

13

• VIB #1

• VIB #2

• VIB #3

• VIB #1

• VIB #2

• VIB #3

ESXi650-201703401-BGCategory: BugfixSeverity: Critical

Patch Release: ESXi650-201703001

Bulletins Image Profiles

• VIB #1• VIB #2• VIB #3

ESXi-6.5.0-20170304001-standard

• VIB #1• VIB #2• VIB #3

• VIB #4• VIB #5• VIB #6

• VIB #7• VIB #8• VIB #9

ESXi650-201703001.zip

Each item above has a corresponding KB article#SER1963BE CONFIDENTIAL



bution

Optimized OEM Custom Images from VMware Partners

14

ISO or offline bundle from

your favorite server vendor

Optimized drivers and

management agents

From My.VMware or

partner support sites




bution

But how can I patch OEM images?

15

Create new image with PowerCLI

or GUI Image Builder

Update Manager applies

patches to all images




bution

16



bution

17



bution

But how can patches be cumulative with such varying sizes?




bution

Security-only Profiles Without Other Enhancements or Fixes




bution

These “s” Profiles Include Two Variations of Certain VIBs

20

Same release dates,

Different versions




bution

Select an Update Approach Based on Desired Optimizations

21

Scalable

Automated

Interactive

Simple

Auto

Deploy

ISO

KS

VUM

CLI

Scripts




bution

Update Manager Automates the Patching Process

• VUM downloads ESXi patches via the Internet

• Administrators create and attach patch baselines

• DRS enables rolling updates with zero downtime




bution

Intelligent Integration with vSAN Clusters in vSphere 6.5 U1

23

VUM Determines Best

vSAN Upgrade

Generates Baseline and

Downloads Software



bution

Update Manager Patches are Bulletins, not Image Profiles




bution

25

UPGRADE

UPGRADE

VUM Can Patch or Upgrade Multiple ESXi Releases

5.5

6.0

6.5

Remediation Supported by VUM 6.5

or

or

PATCH

PATCH

PATCH




bution

VUM Architecture Improvements in vSphere 6.5

26

vCenter Server

6.0 or 6.5

on Windows

Update

Manager

on Windows

VCSA 6.5 with

Integrated VUM

Additional Windows VM for VUM

Extra configuration & DB dependency

Sizing and latency considerations

No inherent backup or failover

Integrated and enabled by default

Zero setup; embedded DB

Scalable and low impact on resources

Leverages VCSA HA and backup

Migration

Support!




bution

2-3x

increase

Update Manager Scalability Increased in vSphere 6.5

27

Concurrent Operations 6.0 6.5

ESXi host scan 75 232

ESXi host patch / upgrade 71 232

VMware Tools / VM hw scan 90 200

VMware Tools / VM hw upgrade 75 200




bution

Why Stateless Compute Infrastructure?

28

Unified Workflow

Install Patch Upgrade

Consistency

Faster deploymentsReduced effort

Speed

Centralized ControlImagesConfigurationDiagnostics

Efficiency




bution

Configure Auto Deploy Hosts with Host Profiles

29

• Use any combination of configuration tools:

PowerCLI, esxcli, graphical interfaces

• Modified elements are part of profile

• Names and values are case-sensitive

Extract settings

from a

configured host

CREATE

Copy from a host

-or-

Edit via GUI

UPDATE




bution

Host Profiles are Forward Compatible

30

6.0

VMware ESXi

Host Profile

6.5




bution

Upgrade Hosts First, then Update the Host Profile

31

6.0

VMware ESXi

Host Profile

6.5

VMware ESXi

Host Profile




bution

Hosts Also Require Unique Configuration Settings

32

vmk0

vmk1

root pass

hostname




bution

Mandatory Customizations Must be Provided for Compliance

33

vmk0

vmk1

root pass

10.197.34.86

255.255.255.0

172.24.10.86

255.255.0.0

**********

hostname

Ho

st

Cu

sto

miz

ati

on

s

host86.vcritical.com




bution

34

Provide host

customizations

in CSV file




bution

35

Boost

efficiency and

maintain a

config record!




bution

Unique Identifiers are Properly Handled for Stateless Hosts

36

SSL Certificates

SSH Keys




bution

Catch a Glimpse of Zero-Touch Cluster Deployments




bution

Side-by-Side Compliance Results

38

Quickly determine

course of action!




bution

Rolling or Parallel Profile Remediation

39

Reduces time

spent

monitoring

remediation!




bution

Easily Copy Settings From One Profile to Many

40

Manage

Multiple Host

Profiles More

Effectively!




bution

If you want uptime, prepare for downtime

41

Photo: Luis García

Boot storms

Infrastructure

dependencies

Auto Deploy backup




bution

Auto Deploy Reverse Proxy Caching in vSphere 6.5

42

Improve host boot time &

reduce impact on vCenter Server




bution

Take Regular Backups of Auto Deploy Configuration

43

New PowerCLI cmdlet in

vSphere 6.5 – exports config,

database, SSL certs, cache,

and more




bution

Stateless Hosts Often Rely on Dynamic IP Addressing

44

NIC ● MAC Address ● Switch

Single points of failure?

Three

approaches to

improve DHCP

resiliency




bution

Configure Redundant Physical Boot Interfaces and Switches




bution

1) Redundant DHCP Reservations

46

Associate two MAC addresses

with one IP address

VMkernel uses the boot MAC




bution

2) DHCP Boot & Transition to Static IPs

47

Use pool of DHCP addresses,

No reservations

Configure Host Profile with

Static IP addresses




bution

3) Dedicated DHCP Boot Network – Operational Traffic on vDS

48

VLAN dedicated for PXE booting

on-board NICs

Host management interface is

on vDS – DHCP or static




bution

Multiple Approaches to vSphere Host Lifecycle Management




bution

Host Lifecycle Management Takeaways

• VMware ESXi patches are cumulative!

– Patches, upgrades, and fresh installs result in a similar state

• Develop workflows to keep OEM images secure from exploits

• Choose the lifecycle management approach that is best for your data center

– Stateful with Update Manager applies patch bulletins

– Auto Deploy uses complete ESXi image profiles for all operations

• vSphere 6.5 enhancements boost manageability and reliability

– Embedded Update Manager with increased scale

– Bulk host customizations

– Simple reverse proxy setup

– Quick Auto Deploy configuration backup




bution

Additional Resources and Opportunities to Interact


UX Design Studio – ESXi Lifecycle

https://calendy.com/vsphere-lifecycle/eu/

“Meet the Experts”

[MTE4718E] Wednesday 13:15VMworld 2017 Content: N

ot for publicatio

n or distribution



bution

host lifecycle for publication update manager, vmworld 2017€¦ · host lifecycle management...

Documents