VCAP5-DCA Study Guide Objective 5.2 – Deploy and Manage Complex Update Manager EnvironmentsThe virtual world of Marc O Polo

21 March

VCAP5-DCA Objective 5.2 – Deploy and Manage Complex Update Manager Environments

Written by Marco

Study Guide, VCAP5-DCA VMware Leave a Comment

Knowledge

Identify firewall access rules for Update Manager

Skills and Abilities

Install and configure Update Manager Download Service
Configure a shared repository
Configure smart rebooting
Manually download updates to a repository
Perform orchestrated vSphere upgrades
Create and modify baseline groups
Troubleshoot Update Manager problem areas and issues
Generate database reports using MS Excel or MS SQL
Upgrade vApps using Update Manager
Utilize Update Manager PowerCLI to export baselines for testing
Utilize the Update Manager Utility to reconfigure vUM settings

Install and configure Update Manager Download Service

Official Documentation:

Installing and Administering VMware vSphere Update Manager 5.0, Chapter 9 “Installing, Setting Up, and Using Update Manager Download Service”, page 57.

VMware vSphere Update Manager Download Service (UMDS) is an optional module of Update Manager.

UMDS downloads upgrades for virtual appliances, patch metadata, patch binaries, and notifications that would not otherwise be available to the Update Manager server.

You can install and use UMDS to download virtual appliance upgrades, patch binaries, patch metadata, and notifications if Update Manager does not have access to the Internet. The machine on which you install UMDS must have Internet access.

NOTE You cannot upgrade UMDS 4.x to UMDS 5.0, but under certain conditions you can perform a fresh installation of UMDS 5.0 and use an existing patch store from UMDS 4.x. You can install UMDS only on 64-bit machines.

Before installing UMDS, you must create a database instance and configure it to ensure that all tables are placed in it. You must configure a 32-bit DSN and test the DSN from ODBC. If you are using Microsoft SQL Server 2008 R2 Express, you can install and configure the database when you install UMDS.
Installing UMDS 5.0 in an Environment with Update Manager 5.0 Instances Only

In the UMDS 5.0 installation wizard, you can select the patch store to be an existing download directory from a previous UMDS 4.x installation and reuse the applicable downloaded updates in UMDS 5.0. You should uninstall existing UMDS 4.x instances before reusing the patch store. Once you associate an existing download directory with UMDS 5.0, you cannot use it with earlier UMDS versions.

If you install UMDS with an existing download directory, make sure that you perform at least one download by using UMDS 5.0 before you export updates.
Installing UMDS 5.0 in an Environment with both Update Manager 4.x and Update Manager 5.0 Instances

You should not install UMDS 5.0 with an existing UMDS 4.x download directory if your environment contains both Update Manager 4.x and Update Manager 5.x instances. In such a case, you need a UMDS 4.x and a UMDS 5.x installation on two separate machines, in order to export updates for the respective Update Manager versions.
Compatibility Between UMDS and the Update Manager Server

UMDS must be of a version that is compatible with the Update Manager server.

Update Manager can work with a certain UMDS version if the metadata and structure of the patch store that UMDS exports is compatible with Update Manager, and if the data can be imported and used by the Update Manager server.

Because Update Manager 5.0 does not support guest operating system patching, UMDS 5.0 does not download patches for guest operating systems. UMDS 5.0 is compatible and can work with Update Manager 5.0 only.
Install UMDS

Install UMDS if the machine on which Update Manager is installed does not have access to the Internet.
Prerequisites

Ensure that the machine on which you install UMDS has Internet access, so that UMDS can download upgrades, patch metadata and patch binaries.
Uninstall UMDS 1.0.x or UMDS 4.x if it is installed on the machine. If such a version of UMDS is already installed, the installation wizard displays an error message and the installation cannot proceed.
Before you install UMDS create a database instance and configure it. If you install UMDS on 64-bit machine, you must configure a 32-bit DSN and test it from ODBC. The database privileges and preparation steps are the same as the ones used for Update Manager. For more information, see Chapter 3, “Preparing the Update Manager Database,” on page 27.
UMDS and Update Manager must be installed on different machines.

Procedure

Insert the VMware vSphere Update Manager installation DVD into the DVD drive of the Windows server that will host UMDS.
Browse to the umds folder on the DVD and run VMware-UMDS.exe.
Select the language for the installation and click OK.
(Optional) If the wizard prompts you, install the required items such as Windows Installer 4.5.
This step is required only if Windows Installer 4.5 is not present on your machine and you must perform it the first time you install a vSphere 5.0 product. After the system restarts, the installer launches again.
Review the Welcome page and click Next.
Read the patent agreement and click Next.
Accept the terms in the license agreement and click Next.
Select the database options and click Next.
- If you do not have an existing database, select Install a Microsoft SQL Server 2008 R2 Express instance (for small scale deployments).
- If you want to use an existing database, select Use an existing supported database and select your database from the list of DSNs. If the DSN does not use Windows NT authentication, enter the user name and password for the DSN and click Next.
Enter the Update Manager Download Service proxy settings and click Next.
Select the Update Manager Download Service installation and patch download directories and click Next.
If you do not want to use the default locations, you can click Change to browse to a different directory.
You can select the patch store to be an existing download directory from a previous UMDS 4.x installation and reuse the applicable downloaded updates in UMDS 5.0. After you associate an existing download directory with UMDS 5.0, you cannot use it with earlier UMDS versions.
(Optional) In the warning message about the disk free space, click OK.
Click Install to begin the installation.
Click OK in the Warning message notifying you that .NET Framework 3.5 SP1 is not installed.
The UMDS installer installs the prerequisite before the actual product installation.
Click Finish.

UMDS is installed.
Configure a shared repository

Official Documentation:

Installing and Administering VMware vSphere Update Manager 5.0, Chapter 10 “Configuring Update Manager”, Section “Use a Shared Repository as a Download Source”, page 70.
You can configure Update Manager to use a shared repository as a source for downloading virtual appliance upgrades, as well as ESX/ESXi patches, extensions, and notifications.

Prerequisites

You must create the shared repository using UMDS and host it on a Web server or a local disk. The UMDS version you use must be of a version compatible with your Update Manager installation.

For more information about the compatibility, see “Compatibility Between UMDS and the Update Manager Server,” on page 58. You can find the detailed procedure about exporting the upgrades, patch binaries, patch etadata, and notifications in “Export the Downloaded Data,” on page 62.

Connect the vSphere Client to a vCenter Server system with which Update Manager is registered, and on the Home page, click Update Manager under Solutions and Applications. If your vCenter Server system is part of a connected group in vCenter Linked Mode, you must specify the Update Manager instance to use, by selecting the name of the corresponding vCenter Server system in the navigation bar.
Procedure

On the Configuration tab, under Settings, click Download Settings.
In the Download Sources pane, select Use a shared repository.
Enter the path or the URL to the shared repository.
For example, C:\repository_path\, https://repository_path/, or http://repository_path/
In these examples, repository_path is the path to the folder to which you have exported the downloaded upgrades, patches, extensions, and notifications. In an environment where the Update Manager server does not have direct access to the Internet, but is connected to a machine that has Internet access, the folder can be on a Web server.
You can specify an HTTP or HTTPS address, or a location on the disk on which Update Manager is installed. HTTPS addresses are supported without any authentication.
IMPORTANT You cannot use folders located on a network drive as a shared repository. Update Manager does not download updates from folders on a network share either in the Microsoft Windows Uniform Naming Convention form (such as \\Computer_Name_or_Computer_IP\Shared), or on a mapped network drive (for example, Z:\).
Click Validate URL to validate the path.
IMPORTANT If the updates in the folder you specify are downloaded with a UMDS version that is not compatible with the Update Manager version you use, the validation fails and you receive an error message.
You must make sure that the validation is successful. If the validation fails, Update Manager reports a reason for the failure. You can use the path to the shared repository only when the validation is successful.
Click Apply.
Click Download Now to run the VMware vSphere Update Manager Update Download task and to download the updates immediately.

The shared repository is used as a source for downloading upgrades, patches, and notifications.
Configure smart rebooting

Official Documentation:

Installing and Administering VMware vSphere Update Manager 5.0, Chapter 10 “Configuring Update Manager”, Section “Configure Smart Rebooting”, page 79.
Smart rebooting selectively restarts the virtual appliances and virtual machines in the vApp to maintain startup dependencies. You can enable and disable smart rebooting of virtual appliances and virtual machines in a vApp after remediation.

A vApp is a prebuilt software solution, consisting of one or more virtual machines and applications, which are potentially operated, maintained, monitored, and updated as a unit.

Smart rebooting is enabled by default. If you disable smart rebooting, the virtual appliances and virtual machines are restarted according to their individual remediation requirements, disregarding existing startup dependencies.
Prerequisites

On the Configuration tab, under Settings, click vApp Settings.
Deselect Enable smart reboot after remediation to disable smart rebooting.

Manually download updates to a repository

Official Documentation:

Installing and Administering VMware vSphere Update Manager 5.0, Chapter 10 “Configuring Update manager”, Section “Import Patches Manually”, page 71.
Instead of using a shared repository or the Internet as a download source for patches and extensions, you can import patches and extensions manually by using an offline bundle.

You can import offline bundles only for hosts that are running ESX/ESXi 4.0 or later.
Prerequisites

The patches and extensions you import must be in ZIP format.

To import patches and extensions, you must have the Upload File privilege. For more information about managing users, groups, roles, and permissions, see vCenter Server and Host Management. For a list of Update Manager privileges and their descriptions, see “Update Manager Privileges,” on page 81.

On the Configuration tab, under Settings, click Download Settings.
Click Import Patches at the bottom of the Download Sources pane.
On the Select Patches File page of the Import Patches wizard, browse to and select the .zip file containing the patches you want to import.
Click Next and wait until the file upload completes successfully.
After a successful upload, the Confirm Import page appears.
In case of upload failure, check whether the structure of the .zip file is correct or whether the Update Manager network settings are set up correctly.
On the Confirm Import page of the Import Patches wizard, review the patches that you have selected to import into the Update Manager repository.
Click Finish.

You imported the patches into the Update Manager patch repository. You can view the imported patches on the Update Manager Patch Repository tab.
Perform orchestrated vSphere upgrades

Official Documentation:

Installing and Administering VMware vSphere Update Manager 5.0, Chapter 16 “Common User Goals”, Section “Orchestrated Datacenter Upgrades”, page 159.
Orchestrated upgrades allow you to upgrade the objects in your vSphere inventory in a two-step process: host upgrades followed by virtual machine upgrades. You can configure the process at the cluster level for higher automation, or at the individual host or virtual machine level for granular control.

You can upgrade clusters without powering the virtual machine off as long as VMware Distributed Resource Scheduler (DRS) is available for the cluster. To perform an orchestrated upgrade, you must first remediate a cluster against a host upgrade baseline, and then remediate the same cluster against a virtual machine upgrade baseline group containing the VM Hardware Upgrade to Match Host and VMware Tools Upgrade to Match Host baselines.

Orchestrated Upgrade of Hosts on page 160
You can use Update Manager to perform orchestrated upgrades of the ESX/ESXi hosts in your vSphere inventory by using a single upgrade baseline.
Orchestrated Upgrade of Virtual Machines on page 161
An orchestrated upgrade allows you to upgrade VMware Tools and the virtual hardware for the virtual machines in your vSphere inventory at the same time. You can perform an orchestrated upgrade of virtual machines at the folder or datacenter level.

Orchestrated Upgrade of Hosts

You can use Update Manager to perform orchestrated upgrades of the ESX/ESXi hosts in your vSphere inventory by using a single upgrade baseline.

This workflow describes the overall process to perform an orchestrated upgrade of the hosts in your vSphere inventory.

You can perform orchestrated upgrades of hosts at the folder, cluster, or datacenter level.

Update Manager 5.0 supports only upgrade from ESXi 4.x to ESXi 5.x and migration from ESX 4.x to ESXi 5.x. You cannot use Update Manager to upgrade a host to ESXi 5.0 if the host was upgraded from ESX 3.x to ESX 4.x. Such hosts do not have sufficient free space in the /boot partition to support the Update Manager upgrade process. Use a scripted or interactive upgrade instead.

IMPORTANT After you have upgraded or migrated your host to ESXi 5.x, you cannot roll back to your version 4.x ESX or ESXi software. Back up your host configuration before performing an upgrade or migration. If the upgrade or migration fails, you can reinstall the 4.x ESX or ESXi software that you upgraded or migrated from, and restore your host configuration. For more information about backing up and restoring your ESX/ESXi configuration, see vSphere Upgrade.

Configure the Update Manager host and cluster settings.
You can configure the Update Manager settings from the Configuration tab of the Update Manager Administration view. For more information and the detailed procedures about configuring host and cluster settings by using Update Manager, see “Configuring Host and Cluster Settings,” on page 76.
Import an ESXi image (which is distributed as an ISO file) and create a host upgrade baseline.
Import an ESXi 5.0 image so that you can upgrade the hosts in your vSphere inventory. You can import a host image from the ESXi Images tab of the Update Manager Administration view.
For the complete procedure about importing host upgrade releases, see “Import Host Upgrade Images and Create Host Upgrade Baselines,” on page 89.
Attach the host upgrade baseline to a container object containing the hosts that you want to upgrade.
You can attach baselines and baseline groups to objects from the Update Manager Compliance view. For more information about attaching baselines and baseline groups to vSphere objects, see “Attach Baselines and Baseline Groups to Objects,” on page 97.
Scan the container object.
After you attach baselines to the selected container object, you must scan it to view the compliance state of the hosts in the container. You can scan selected objects manually to start the scanning immediately.
For detailed instructions on how to scan your hosts manually, see “Manually Initiate a Scan of ESX/ESXi Hosts,” on page 101.
You can also scan the hosts in the container object at a time convenient for you by scheduling a scan task. For more information and detailed instructions about scheduling a scan, see “Schedule a Scan,” on page 102.
Review the scan results displayed in the Update Manager Client Compliance view.
For a detailed procedure about viewing scan results and for more information about compliance states, see “Viewing Scan Results and Compliance States for vSphere Objects,” on page 103.
Remediate the container object.
If hosts are in Non-Compliant state, remediate the container object of the hosts to make it compliant with the attached baseline. You can start the remediation process manually or schedule a remediation task. For more information about remediating hosts against an upgrade baseline and for a detailed procedure, see “Remediate Hosts Against an Upgrade Baseline,” on page 124.

Hosts that are upgraded reboot and disconnect for some time during the remediation.
Orchestrated Upgrade of Virtual Machines

An orchestrated upgrade allows you to upgrade VMware Tools and the virtual hardware for the virtual machines in your vSphere inventory at the same time. You can perform an orchestrated upgrade of virtual machines at the folder or datacenter level.

Update Manager makes the process of upgrading the virtual machines convenient by providing baseline groups. When you remediate a virtual machine against a baseline group containing the VMware Tools Upgrade to Match Host baseline and the VM Hardware Upgrade to Match Host baseline, Update Manager sequences the upgrade operations in the correct order. As a result, the guest operating system is in a consistent state at the end of the upgrade.

This workflow describes the overall process to perform an orchestrated upgrade of the virtual machines in your vSphere inventory.

Create a virtual machine baseline group.
To upgrade virtual machines, you must create a virtual machine baseline group containing the VMware Tools Upgrade to Match Host baseline and the VM Hardware Upgrade to Match Host baseline.
You can create baseline groups from the Baselines and Groups tab of the Update Manager Administration view. For more information about creating baseline groups and for detailed instructions, see “Create a Virtual Machine and Virtual Appliance Baseline Group,” on page 95.
Attach the baseline group to an object containing the virtual machines that you want to upgrade.
To scan and remediate the virtual machines, attach the baseline group to a container object that contains the virtual machines that you want to upgrade. The container object can be a folder or a datacenter. For detailed instructions about attaching baselines and baseline groups to objects, see “Attach Baselines and Baseline Groups to Objects,” on page 97.
Scan the container object.
You must scan it to view the compliance state of the virtual machines in the container. You can scan selected objects manually to start the scanning immediately. For detailed instructions on how to scan your virtual machines manually, see “Manually Initiate a Scan of Virtual Machines and Virtual Appliances,” on page 102.
You can also scan the virtual machines in the container object at a time convenient for you by scheduling a scan task. For more information and detailed instructions about scheduling a scan, see “Schedule a Scan,” on page 102.
Review the scan results displayed in the Update Manager Client Compliance view.
For a detailed procedure about viewing scan results and for more information about compliance states, see “Viewing Scan Results and Compliance States for vSphere Objects,” on page 103.
Remediate the non-compliant virtual machines in the container object to make them compliant with the attached baseline group.
If virtual machines are in a Non-Compliant state, you can remediate the container object to make the virtual machines compliant with the baselines in the attached baseline group. You can start the remediation manually or schedule a remediation task. For more information about remediating virtual machines and for detailed instructions, see “Remediate Virtual Machines and Virtual Appliances,” on page 131.
During an upgrade of VMware Tools, the virtual machines must be powered on. If a virtual machine is in a powered off or suspended state before remediation, Update Manager powers on the machine. After the upgrade is completed, Update Manager restarts the machine and restores the original power state of the virtual machine.
During a virtual machine hardware upgrade, the virtual machines must be shut down. After the remediation is completed, Update Manager restores the original power state of the virtual machines. If a virtual machine is powered on, Update Manager powers the machine off, upgrades the virtual hardware, and then powers the virtual machine on.

The virtual machines in the container object become compliant with the attached baseline group.
Upgrading and Patching Hosts Using Baseline Groups

You can use baseline groups to apply upgrade and patch baselines together for upgrading and updating hosts in a single remediation operation.

You can upgrade all ESX/ESXi hosts in your deployment system by using a single upgrade baseline. You can apply patches to the hosts at the same time by using a baseline group containing one upgrade baseline and multiple host patch baselines.

This workflow describes how to upgrade and patch the hosts in your vSphere inventory at the same time. You can upgrade hosts and apply patches to hosts at the folder, cluster, or datacenter level. You can also upgrade and patch a single host. This workflow describes the process to patch and upgrade multiple hosts in a container object.

Configure the Update Manager host and cluster settings.
Some updates might require that the host enters maintenance mode during remediation. You should configure the Update Manager response when a host cannot enter maintenance mode. If you want to apply updates at a cluster level, you should configure the cluster settings as well. You can configure the Update Manager settings from the Configuration tab of the Update Manager Administration view. For more information and the detailed procedure about configuring host and cluster settings by using Update Manager, see “Configuring Host and Cluster Settings,” on page 76.
Import an ESXi image (which is distributed as an ISO file) and create a host upgrade baseline.
You must import an ESXi image, so that you can upgrade the hosts in your vSphere inventory. You can import ESXi images from the ESXi Images tab of the Update Manager Administration view.
For a complete procedure about importing ESXi images, see “Import Host Upgrade Images and Create Host Upgrade Baselines,” on page 89.
Create fixed or dynamic host patch baselines.
Dynamic patch baselines contain a set of patches, which updates automatically according to patch availability and the criteria that you specify. Fixed baselines contain only patches that you select, regardless of new patch downloads.
You can create patch baselines from the Baselines and Groups tab of the Update Manager Administration view. For more information about creating fixed patch baselines, see “Create a Fixed Patch Baseline,” on page 85.
The detailed instructions about creating a dynamic patch baseline are described in “Create a Dynamic Patch Baseline,” on page 85.
Create a baseline group containing the patch baselines as well as the host upgrade baseline that you created.
You can create baseline groups from the Baselines and Groups tab of the Update Manager Administration view. For more information about creating baseline groups for hosts, see “Create a Host Baseline Group,” on page 94.
Attach the baseline group to a container object.
To scan and remediate the hosts in your environment, you must first attach the host baseline group to a container object containing the hosts that you want to remediate. You can attach baseline groups to objects from the Update Manager Compliance view. For more information about attaching baseline groups to vSphere objects, see “Attach Baselines and Baseline Groups to Objects,” on page 97.
Scan the container object.
After you attach the baseline group to the selected container object, you must scan it to view the compliance state of the hosts in the container. You can scan selected objects manually to start the scanning immediately. For detailed instructions on how to scan your hosts manually, see “Manually Initiate a Scan of ESX/ESXi Hosts,” on page 101.
You can also scan the hosts in the container object at a time convenient for you by scheduling a scan task. For more information and detailed instructions about scheduling a scan, see “Schedule a Scan,” on page 102.
Review the scan results displayed in the Update Manager Client Compliance view.
For a detailed procedure about viewing scan results and for more information about compliance states, see “Viewing Scan Results and Compliance States for vSphere Objects,” on page 103.
Remediate the container object.
Remediate the hosts that are in Non-Compliant state to make them compliant with the attached baseline group. For more information about remediating hosts against baseline groups containing patch, extension, and upgrade baselines, see “Remediate Hosts Against Baseline Groups,” on page 127.
During the remediation, the upgrade is performed first. Hosts that need to be both upgraded and updated with patches are first upgraded and then patched. Hosts that are upgraded might reboot and disconnect for a period of time during remediation.
Hosts that do not need to be upgraded are only patched.

The hosts in the container object become compliant with the attached baseline group.
Upgrading Virtual Appliances

An upgrade remediation of a virtual appliance upgrades the entire software stack in the virtual appliance, including the operating system and applications. To upgrade the virtual appliance to the latest released or latest critical version, you can use one of the Update Manager predefined upgrade baselines or create your own.

This workflow describes how to upgrade the virtual appliances in your vSphere inventory. You can upgrade virtual appliances at the folder or datacenter level. You can also upgrade a single virtual appliance. This workflow describes the process to upgrade multiple virtual appliances in a container object.

(Optional) Create a virtual appliance upgrade baseline.
You create virtual appliance baselines from the Baselines and Groups tab in the Update Manager Administration view. For a detailed description of the procedure, see “Create and Edit a Virtual Appliance Upgrade Baseline,” on page 91.
Attach virtual appliance upgrade baselines to an object containing the virtual appliances that you want to upgrade.
To scan and upgrade virtual appliances, attach your virtual appliance upgrade baselines to a container object containing the virtual appliances that you want to upgrade. The container object can be a folder, vApp, or datacenter. For a detailed description of the procedure, see “Attach Baselines and Baseline Groups to Objects,” on page 97.
Scan the container object.
After you attach the virtual appliance upgrade baselines to the selected container object, you must scan it to view the compliance state of the virtual appliances in the container. You can scan selected objects manually to start the scanning immediately. For detailed instructions on how to scan your virtual appliances manually, see “Manually Initiate a Scan of Virtual Machines and Virtual Appliances,” on page 102.
You can also scan the virtual appliances in the container object at a time convenient for you by scheduling a scan task. For more information and detailed instructions about scheduling a scan, see “Schedule a Scan,” on page 102.
Review the scan results displayed in the Update Manager Client Compliance view.
For a detailed procedure about viewing scan results and for more information about compliance states, see “Viewing Scan Results and Compliance States for vSphere Objects,” on page 103.
Remediate the virtual appliances in the container object against the attached virtual appliance upgrade baselines.
If virtual appliances are in a Non-Compliant state, remediate the container object of the virtual appliances to make it compliant with the attached baselines. You can start the remediation process manually or schedule a remediation task. For a detailed description of the procedure, see “Remediate Virtual Machines and Virtual Appliances,” on page 131.
Update Manager directs the virtual appliances to download the missing updates and controls the remediation process of when and how to remediate, but the virtual appliance downloads and installs the updates itself.

The remediated virtual appliances become compliant with the attached baselines.
Keeping the Hosts Compliant With the Most Recent Patches

You can use Update Manager to keep your vSphere inventory updated with the most recent patches.

You can change the frequency of the checks for updates and patches, create dynamic patch baselines, attach the baselines to the objects in the inventory, and perform regular scans and scheduled remediation, to keep your vSphere inventory of hosts and virtual machines updated.

This workflow describes the overall process to keep the hosts and virtual machines in your vSphere inventory updated with the most recent patches.

Configure the patch download schedule.
Update Manager checks for patches at regular intervals. You can modify the schedule for checking and downloading patch data. For a detailed description of the procedure, see “Configure Checking for Updates,” on page 73.
Create dynamic patch baselines.
The contents of dynamic patch baselines are updated when new patches that meet the criteria become available. For information about creating dynamic patch baselines, see “Create a Dynamic Patch Baseline,” on page 85.
Attach the baselines to a container object.
To scan and remediate the objects in your vSphere inventory, attach the baselines to selected objects in the inventory. For a detailed description of the procedure, see “Attach Baselines and Baseline Groups to Objects,” on page 97.
Schedule a scan.
You can schedule periodic scans of the hosts in your vSphere inventory. For a detailed description of the procedure, see “Schedule a Scan,” on page 102.
Schedule remediation for the hosts.
Schedule remediation tasks at times convenient for you for the hosts in your vSphere inventory. For more information about scheduling remediation, see “Scheduling Remediation for Hosts, Virtual Machines, and Virtual Appliances,” on page 133.

Create and modify baseline groups

Official Documentation:

Installing and Administering VMware vSphere Update Manager 5.0, Chapter 11 “Working with Baselines and baseline Groups”, page 83.
Baselines can be upgrade, extension, or patch baselines. Baselines contain a collection of one or more patches, extensions, or upgrades.

Baseline groups are assembled from existing baselines, and might contain one upgrade baseline per type of upgrade baseline and one or more patch and extension baselines, or might contain a combination of multiple patch and extension baselines. When you scan hosts, virtual machines, and virtual appliances, you evaluate them against baselines and baseline groups to determine their level of compliance.

To create, edit, or delete baselines and baseline groups, you must have the Manage Baseline privilege. To attach baselines and baseline groups, you must have the Attach Baseline privilege. Privileges must be assigned on the vCenter Server system with which Update Manager is registered. For more information about managing users, groups, roles, and permissions, see vCenter Server and Host Management. For a list of Update Manager privileges and their descriptions, see “Update Manager Privileges,” on page 81.

Update Manager includes two default dynamic patch baselines and three upgrade baselines.

Critical Host Patches(Predefined)	Checks ESX/ESXi hosts for compliance with all critical patches.
Non-Critical HostPatches (Predefined)	Checks ESX/ESXi hosts for compliance with all optional patches.
VMware Tools Upgradeto Match Host (Predefined)	Checks virtual machines for compliance with the latest VMware Tools versionon the host. Update Manager supports upgrading of VMware Tools for virtual machines on hosts that are running ESX/ESXi 4.0 and later.
VM Hardware Upgrade toMatch Host (Predefined)	Checks the virtual hardware of a virtual machine for compliance with the latestversion supported by the host. Update Manager supports upgrading to virtual hardware version 8.0 on hosts that are running ESXi 5.x.
VA Upgrade to Latest(Predefined)	Checks virtual appliance compliance with the latest released virtual applianceversion.

In the vSphere Client, default baselines are displayed on the Baselines and Groups tab of the Update Manager Client Administration view.

If your vCenter Server system is part of a connected group in vCenter Linked Mode and you have an Update Manager instance for each vCenter Server system in the group, the baselines and baseline groups you create and manage are applicable only to inventory objects managed by the vCenter Server system with which the selected Update Manager instance is registered. You can use an Update Manager instance only with a vCenter Server system on which the instance is registered.
Creating and Managing Baselines

You can create custom patches, extensions, and upgrade baselines to meet the needs of your specific deployment by using the New Baseline wizard. You create and manage baselines in the Update Manager Client Administration view.
Create and Edit Patch or Extension Baselines

You can remediate hosts against baselines that contain patches or extensions. Depending on the patch criteria you select, patch baselines can be either dynamic or fixed.

Dynamic patch baselines contain a set of patches, which updates automatically according to patch availability and the criteria that you specify. Fixed baselines contain only patches that you select, regardless of new patch downloads.

Extension baselines contain additional software modules for ESX/ESXi hosts. This additional software might be VMware software or third-party software. You can install additional modules by using extension baselines, and update the installed modules by using patch baselines.

If your vCenter Server system is part of a connected group in vCenter Linked Mode, and you have more than one Update Manager instance, patch and extension baselines that you create are not applicable to all inventory objects managed by other vCenter Server systems in the group. Baselines are specific for the Update Manager instance you select.
Prerequisites

Ensure that you have the Manage Baseline privilege.

Create a Fixed Patch Baseline on page 85
Fixed baselines consist of a specific set of patches that do not change as patch availability changes.
Create a Dynamic Patch Baseline on page 85
Dynamic baselines consist of a set of patches that meet certain criteria. The contents of a dynamic baseline varies as the available patches change. You can also exclude or add specific patches. Patches you select to add or exclude do not change with new patch downloads.
Create a Host Extension Baseline on page 86
Extension baselines contain additional software for ESX/ESXi hosts. This additional software might be VMware software or third-party software. You create host extension baselines using the New Baseline wizard.
Filter Patches or Extensions in the New Baseline Wizard on page 87
When you create a patch or extension baseline, you can filter the patches and extensions available in the Update Manager repository to find specific patches and extensions to exclude or include in the baseline.
Edit a Patch Baseline on page 88
You can edit an existing host patch baseline.
Edit a Host Extension Baseline on page 88
You can change the name, description, and composition of an existing extension baseline.

Create a Fixed Patch Baseline

Fixed baselines consist of a specific set of patches that do not change as patch availability changes.
Prerequisites

On the Baselines and Groups tab, click Create above the Baselines pane.
Type a name, and optionally, a description of the baseline.
Under Baseline Type, select Host Patch, and click Next.
Select Fixed for the type of baseline and click Next.
Select individual patches to include and click the down arrow to add them to the Fixed Patches to Add list.
(Optional) Click Advanced to find specific patches to include in the baseline.
Click Next.
On the Ready to Complete page, click Finish.

The new baseline is displayed in the Baselines pane of the Baselines and Groups tab.
Create a Dynamic Patch Baseline

Dynamic baselines consist of a set of patches that meet certain criteria. The contents of a dynamic baseline varies as the available patches change. You can also exclude or add specific patches. Patches you select to add or exclude do not change with new patch downloads.
Prerequisites

On the Baselines and Groups tab, click Create above the Baselines pane.
Type a name, and optionally, a description of the baseline.
Under Baseline Type select Host Patch, and click Next.
Select Dynamic as the type of baseline, and click Next.
On the Dynamic Baseline Criteria page, specify criteria to define the patches to include, and then click Next.

Option	Description
Patch Vendor	Specifies which patch vendor to use.
Product	Restricts the set of patches to the selected products or operating systems.The asterisk at the end of a product name is a wildcard character for any version number.
Severity	Specifies the severity of patches to include.
Category	Specifies the category of patches to include.
Release Date	Release Date

The relationship between these fields is defined by the Boolean operator AND.
For example, when you select a product and severity option, the patches are restricted to the ones that are applicable for the selected product and are of the specified severity level.

(Optional) On the Patches to Exclude page, select one or more patches in the list and click the down arrow to permanently exclude them from the baseline.
(Optional) Click Advanced to search for specific patches to exclude from the baseline.
Click Next.
(Optional) On the Other Patches to Add page, select individual patches to include in the baseline and click the down arrow to move them into the Fixed Patches to Add list.
The patches you add to the dynamic baseline stay in the baseline regardless of the new downloaded patches.
(Optional) Click Advanced to search for specific patches to include in the baseline.
Click Next.
On the Ready to Complete page, click Finish.

The new baseline is displayed in the Baselines pane of the Baselines and Groups tab.
Create a Host Extension Baseline

Extension baselines contain additional software for ESX/ESXi hosts. This additional software might be Vmware software or third-party software. You create host extension baselines using the New Baseline wizard.

Extensions can provide additional features, updated drivers for hardware, Common Information Model (CIM) providers for managing third-party modules on the host, improvements to the performance or usability of existing host features, and so on.

Host extension baselines that you create are always fixed. You must carefully select the appropriate extensions for the ESX/ESXi hosts in your environment.

To perform the initial installation of an extension, you must use an extension baseline. After the extension is installed on the host, you can update the extension module with either patch or extension baselines.

NOTE When applying extension baselines by using Update Manager, you must be aware of the functional implications of new modules to the host. Extension modules might alter the behavior of ESX/ESXi hosts. During installation of extensions, Update Manager only performs the checks and verifications expressed at the package level.
Prerequisites

On the Baselines and Groups tab, click Create above the Baselines pane.
Type a name, and optionally, a description of the baseline.
Under Baseline Type, select Host Extension and click Next.
On the Extensions page, select individual extensions to include in the baseline and click the down arrow to add them to the Included Extensions list.
(Optional) Click Advanced to filter the extensions to include specific extensions in the baseline.
Click Next.
On the Ready to Complete page, click Finish.

The new baseline is displayed in the Baselines pane of the Baselines and Groups tab.
Filter Patches or Extensions in the New Baseline Wizard

When you create a patch or extension baseline, you can filter the patches and extensions available in the Update Manager repository to find specific patches and extensions to exclude or include in the baseline.
Procedure

In the New Baseline wizard, click Advanced.
- If you are creating a fixed patch baseline, on the Patches page, click Advanced.
- If you are creating a dynamic patch baseline, on the Patches to Exclude or Additional Patches page, click Advanced.
- If you are creating a host extension baseline, on the Extensions page, click Advanced.
On the Filter Patches or Filter Extensions page, specify the criteria to define the patches or extensions to include or exclude.

Option	Description
Patch Vendor	Specifies which patch or extension vendor to use.
Product	Restricts the set of patches or extensions to the selected products or operatingsystems. The asterisk at the end of a product name is a wildcard character for any version number.
Severity	Specifies the severity of patches or extensions to include.
Category	Specifies the category of patches or extensions to include.
Release Date	Specifies the range for the release dates of the patches or extensions.
Tekst	Restricts the patches or extensions to those containing the text that you enter.

The relationship between these fields is defined by the Boolean operator AND.

Click Find.

The patches or extensions in the New Baseline wizard are filtered with the criteria that you specified.

Edit a Patch Baseline

You can edit an existing host patch baseline.

You edit patch baselines from the Update Manager Client Administration view.
Prerequisites

Ensure that you have the Manage Baseline privilege.

On the Baselines and Groups tab, click Hosts.
Select a patch baseline and click Edit above the Baselines pane.
Edit the name and description of the baseline and click Next.
Go through the Edit Baseline wizard to change the criteria, and select patches to include or exclude.
On the Ready to Complete page, click Finish.

Edit a Host Extension Baseline

You can change the name, description, and composition of an existing extension baseline.

You can edit extension baselines from the Update Manager Client Administration view.
Prerequisites

Ensure that you have the Manage Baseline privilege.

On the Baselines and Groups tab, click the Hosts button.
Select an extension baseline and click Edit above the Baselines pane.
Edit the name and description of the baseline and click Next.
Make your changes by going through the Edit Baseline wizard.
On the Ready to Complete page, click Finish.

Create and Edit Host Upgrade Baselines

You can create an ESX/ESXi host upgrade baseline by using the New Baseline wizard. You can create host baselines with already uploaded ESXi 5.x images.

You can upload and manage ESXi images from the ESXi Images tab of the Update Manager Administration view.

Before uploading ESXi images, obtain the image files from the VMware Web site or another source. You can create custom ESXi images that contain third-party VIBs by using Image Builder. For more information, see Image Builder Administration.

If your vCenter Server system is part of a connected group in vCenter Linked Mode, and you have more than one Update Manager instance, host upgrade files that you upload and baselines that you create are not applicable to the hosts managed by other vCenter Server systems in the group. Upgrade files and baselines are specific for the Update Manager instance you select.

Import Host Upgrade Images and Create Host Upgrade Baselines on page 89
You can create upgrade baselines for ESX/ESXi hosts with ESXi 5.x images that you import to the Update Manager repository.
Create a Host Upgrade Baseline on page 90
To upgrade or migrate the hosts in your vSphere environment, you must create host upgrade baselines.
Edit a Host Upgrade Baseline on page 91
You can change the name, description, and upgrade options of an existing host upgrade baseline. You cannot delete a host upgrade image by editing the host upgrade baseline.
Delete ESXi Images on page 91
You can delete ESXi images from the Update Manager repository if you no longer need them.

Import Host Upgrade Images and Create Host Upgrade Baselines

You can create upgrade baselines for ESX/ESXi hosts with ESXi 5.x images that you import to the Update Manager repository.

You can use ESXi .iso images to upgrade ESXi 4.x hosts to ESXi 5.x or migrate ESX 4.x hosts to ESXi 5.x.

To upgrade or migrate hosts, use the ESXi installer image distributed by VMware with the name format VMware-VMvisor-Installer-5.0.0-build_number.x86_64.iso or a custom image created by using Image Builder.
Prerequisites

Ensure that you have the Upload File privilege. For more information about managing users, groups, roles, and permissions, see vCenter Server and Host Management.

On the ESXi Images tab click Import ESXi Image on the upper-right side.
On the Select ESXi Image page of the Import ESXi Image wizard, browse to and select the ESXi image that you want to upload.
Click Next.
CAUTION Do not close the import wizard. Closing the import wizard stops the upload process.
(Optional) In the Security Warning window, select an option to handle the certificate warning.
A trusted certificate authority does not sign the certificates that are generated for vCenter Server and ESX/ESXi hosts during installation. Because of this, each time an SSL connection is made to one of these systems, the client displays a warning.

Option	Action
Ignore	Click Ignore to continue using the current SSL certificate and start the uploadprocess.
Cancel	Click Cancel to close the window and stop the upload process.
Install this certificate and do notdisplay any security warnings	Select this check box and click Ignore to install the certificate and stopreceiving security warnings.

After the file is uploaded, click Next.
(Optional) Create a host upgrade baseline.
1. Leave the Create a baseline using the ESXi image selected.
2. Specify a name, and optionally, a description for the host upgrade baseline.
Click Finish.

The ESXi image that you uploaded appears in the Imported ESXi Images pane. You can see more information about the software packages that are included in the ESXi image in the Software Packages pane.

If you also created a host upgrade baseline, the new baseline is displayed in the Baselines pane of the Baselines and Groups tab.
What to do next

To upgrade or migrate the hosts in your environment, you must create a host upgrade baseline if you have not already done so.
Create a Host Upgrade Baseline

To upgrade or migrate the hosts in your vSphere environment, you must create host upgrade baselines.
Prerequisites

Upload at least one ESXi image.
Procedure

On the Baselines and Groups tab, click Create above the Baselines pane.
Under Baseline Type, select Host Upgrade and click Next.
On the ESXi Image page, select a host upgrade image and click Next.
Review the Ready to Complete page and click Finish.
The new baseline is displayed in the Baselines pane of the Baselines and Groups tab.

Edit a Host Upgrade Baseline

You can change the name, description, and upgrade options of an existing host upgrade baseline. You cannot delete a host upgrade image by editing the host upgrade baseline.

You can edit upgrade baselines from the Update Manager Client Administration view.
Prerequisites

Ensure that you have the Manage Baseline privilege.

On the Baselines and Groups tab, click the Hosts button.
Select an existing host upgrade baseline and click Edit above the Baselines pane.
Edit the name and description of the baseline, and click Next.
Make your changes by going through the Edit Baseline wizard.
On the Ready to Complete page, click Finish.

Delete ESXi Images

You can delete ESXi images from the Update Manager repository if you no longer need them.

Verify that the ESXi images are not included in baselines. You cannot delete images that are included in a baseline.
Procedure

In the Update Manager Administration view, click the ESXi Images tab.
Under Imported ESXi Images, select the file you want to delete and click Delete.
Click Yes to confirm the deletion.

The ESXi image is deleted and no longer available under Imported ESXi Images.
Create and Edit a Virtual Appliance Upgrade Baseline

A virtual appliance upgrade baseline contains a set of updates to the operating system and to the applications installed in the virtual appliance. The virtual appliance vendor considers these updates an upgrade.

Virtual appliance baselines that you create consist of a set of user-defined rules. If you add rules that conflict, the Update Manager displays an Upgrade Rule Conflict window so that you can resolve the conflicts.

Virtual appliance baselines let you upgrade virtual appliances either to the latest available version or to a specific version number.

Create a Virtual Appliance Upgrade Baseline on page 92
You upgrade virtual appliances by using a virtual appliance upgrade baseline. You can either use the predefined virtual appliance upgrade baseline, or create custom virtual appliance upgrade baselines.
Edit a Virtual Appliance Upgrade Baseline on page 93
You can change the name, description, and upgrade options of an existing upgrade baseline.

Create a Virtual Appliance Upgrade Baseline

You upgrade virtual appliances by using a virtual appliance upgrade baseline. You can either use the predefined virtual appliance upgrade baseline, or create custom virtual appliance upgrade baselines.
Prerequisites

On the Baselines and Groups tab, click Create above the Baselines pane.
Type a name, and optionally, a description of the baseline.
Under Baseline Type, select VA Upgrade, and click Next.
On the Upgrade Options page, select Vendor and Appliance options from the respective drop-down menus.
The options listed in these menus depend on the virtual appliance upgrades that are downloaded in the Update Manager repository. If no upgrades are downloaded in the repository, the available options are All Vendors and All Products, respectively.
Select an option from the Upgrade To drop-down menu.

Option	Description
Latest	Upgrades the virtual appliance to the latest version.
A specific version number	Upgrades the virtual appliance to a specific version. This option is availablewhen you select a specific vendor and appliance name.
Do Not Upgrade	Does not upgrade the virtual appliance.

Click Add Rule.
(Optional) Add multiple rules.
1. Click Add Multiple Rules.
2. Select one or all vendors.
3. Select one or all appliances.
4. Select one Upgrade To option to apply to the selected appliances, and click OK.
  If you create multiple rules to apply to the same virtual appliance, only the first applicable rule in the list is applied.
(Optional) Resolve any conflicts within the rules you apply.
1. In the Upgrade Rule Conflict window, select whether to keep the existing rules, to use the newly created rules, or to manually resolve the conflict.
2. Click OK.
Click Next.
On the Ready to Complete page, click Finish.

The new baseline is displayed in the Baselines pane of the Baselines and Groups tab.
Edit a Virtual Appliance Upgrade Baseline

You can change the name, description, and upgrade options of an existing upgrade baseline.

You can edit upgrade baselines from the Update Manager Client Administration view.
Prerequisites

Ensure that you have the Manage Baseline privilege.

On the Baselines and Groups tab, click VMs/VAs.
Select an existing baseline and click Edit above the Baselines pane.
Edit the name and the description of the baseline and click Next.
Edit the upgrade options and click Next.
On the Ready to Complete page, click Finish.

Delete Baselines

You can delete baselines that you no longer need from Update Manager. Deleting a baseline detaches it from all the objects to which the baseline is attached.

You can delete baselines from the Update Manager Client Administration view.
Prerequisites

In the Baselines pane of the Baselines and Groups tab, select the baselines to remove, and click Delete.
In the confirmation dialog box, click Yes.

The baseline is deleted.
Creating and Managing Baseline Groups

A baseline group consists of a set of nonconflicting baselines. Baseline groups allow you to scan and remediate objects against multiple baselines at the same time.

You can perform an orchestrated upgrade of the virtual machines by remediating the same folder or datacenter against a baseline group containing the following baselines:

VMware Tools Upgrade to Match Host
VM Hardware Upgrade to Match Host

You can perform an orchestrated upgrade of hosts by using a baseline group that contains a single host upgrade baseline and multiple patch or extension baselines.

You can create two types of baseline groups depending on the object type to which you want to apply them:

Baseline groups for hosts
Baseline groups for virtual machines and virtual appliances

Baseline groups that you create are displayed on the Baselines and Groups tab of the Update Manager Client Administration view.

If your vCenter Server system is part of a connected group in vCenter Linked Mode, and you have more than one Update Manager instance, baseline groups you create are not applicable to all inventory objects managed by other vCenter Server systems in the group. Baseline groups are specific for the Update Manager instance that you select.
Create a Host Baseline Group

You can combine one host upgrade baseline with multiple patch or extension baselines, or combine multiple patch and extension baselines in a baseline group.

NOTE You can click Finish in the New Baseline Group wizard at any time to save your baseline group and add baselines to it at a later stage.
Prerequisites

Procedure

On the Baselines and Groups tab, click Create above the Baseline Groups pane.
Enter a unique name for the baseline group.
Under Baseline Group Type, select Host Baseline Group and click Next.
Select a host upgrade baseline to include it in the baseline group.
(Optional) Create a new host upgrade baseline by clicking Create a new Host Upgrade Baseline at the bottom of the Upgrades page and complete the New Baseline wizard.
Click Next.
Select the patch baselines that you want to include in the baseline group.
(Optional) Create a new patch baseline by clicking Create a new Host Patch Baseline at the bottom of the Patches page and complete the New Baseline wizard.
Click Next.
Select the extension baselines to include in the baseline group.
(Optional) Create a new extension baseline by clicking Create a new Extension Baseline at the bottom of the Patches page and complete the New Baseline wizard.
On the Ready to Complete page, click Finish.

The host baseline group is displayed in the Baseline Groups pane.
Create a Virtual Machine and Virtual Appliance Baseline Group

You can combine upgrade baselines in a virtual machine and virtual appliance baseline group.

NOTE You can click Finish in the New Baseline Group wizard at any time to save your baseline group, and add baselines to it at a later stage.
Prerequisites

On the Baselines and Groups tab, click Create above the Baseline Groups pane.
In the New Baseline Group wizard, under Baseline Group Type, select Virtual Machines and Virtual Appliances Baseline Group.
Enter a name for the baseline group and click Next.
For each type of upgrade (virtual appliance, virtual hardware, and VMware Tools), select one of the available upgrade baselines to include in the baseline group.
NOTE If you decide to remediate only virtual appliances, the upgrades for virtual machines are ignored, and the reverse. If a folder contains both virtual machines and virtual appliances, the appropriate upgrades are applied to each type of object.
(Optional) Create a new Virtual Appliance upgrade baseline by clicking Create a new Virtual Appliance Upgrade Baseline at the bottom of the Upgrades page, and complete the New Baseline wizard.
After you complete the New Baseline wizard, you return to the New Baseline Group wizard.
Click Next.
On the Ready to Complete page, click Finish.

The new baseline group is displayed in the Baseline Groups pane.
Edit a Baseline Group

You can change the name and type of an existing baseline group, as well as add or remove the upgrade and patch baselines from a baseline group.

You edit baseline groups from the Update Manager Client Administration view.
Prerequisites

You can edit baseline groups only if you have the Manage Baseline privilege.

On the Baselines and Groups tab, select the type of baseline group to edit by clicking either Hosts or VMs/VAs.
Select a baseline group from the Baseline Groups pane and click Edit above the pane.
Edit the name of the baseline group.
(Optional) Change the included upgrade baselines (if any).
(Optional) Change the included patch baselines (if any).
(Optional) Change the included extension baselines (if any).
Review the Ready to Complete page and click OK.

Add Baselines to a Baseline Group

You can add a patch, extension, or upgrade baseline to an existing baseline group.

You can add baselines to baseline groups from the Update Manager Client Administration view.
Prerequisites

Ensure that you have the Manage Baseline privilege.

On the Baselines and Groups tab, click Hosts or VMs/VAs, depending on the type of baseline that you want to add.
From the Baseline Groups pane, select a baseline group and expand it to view the included baselines.
Select a baseline from the list in the Baselines pane, and click the right arrow.

The baseline is added to the selected baseline group.
Remove Baselines from a Baseline Group

You can remove individual baselines from existing baseline groups.

You can edit the contents of baseline groups from the Update Manager Client Administration view.
Prerequisites

On the Baselines and Groups tab, click Hosts or VMs/VAs, depending on the type of baseline that you want to remove.
From the Baseline Groups pane, select a baseline group and expand it to view the included baselines.
Select a baseline from the Baseline Groups pane on the right and click the left arrow.

The baseline is removed from the selected baseline group.
Delete Baseline Groups

You can delete baseline groups that you no longer need from Update Manager. Deleting a baseline group detaches it from all the objects to which the baseline group is attached.

You can delete baseline groups from the Update Manager Client Administration view.
Prerequisites

On the Baselines and Groups tab, select the baseline group to remove, and click Delete.
In the confirmation dialog box, click Yes.

The baseline group is deleted.
Attach Baselines and Baseline Groups to Objects

To view compliance information and remediate objects in the inventory against specific baselines and baseline groups, you must first attach existing baselines and baseline groups to these objects.

You can attach baselines and baseline groups to objects from the Update Manager Client Compliance view.

Although you can attach baselines and baseline groups to individual objects, a more efficient method is to attach them to container objects, such as folders, vApps, clusters, and datacenters. Individual vSphere objects inherit baselines attached to the parent container object. Removing an object from a container removes the inherited baselines from the object.

If your vCenter Server system is part of a connected group in vCenter Linked Mode, you can attach baselines and baseline groups to objects managed by the vCenter Server system with which Update Manager is registered. Baselines and baseline groups you attach are specific for the Update Manager instance that is registered with the vCenter Server system.
Prerequisites

Ensure that you have the Attach Baseline privilege.
Procedure

Connect the vSphere Client to a vCenter Server system with which Update Manager is registered and select Home > Inventory in the navigation bar.
Select the type of object that you want to attach the baseline to.
For example, Hosts and Clusters or VMs and Templates.
Select the object in the inventory, and click the Update Manager tab.
If your vCenter Server system is part of a connected group in vCenter Linked Mode, the Update Manager tab is available only for the vCenter Server system with which an Update Manager instance is registered.
Click Attach in the upper-right corner.
In the Attach Baseline or Group window, select one or more baselines or baseline groups to attach to the object.
If you select one or more baseline groups, all baselines in the groups are selected. You cannot deselect individual baselines in a group.
(Optional) Click the Create Baseline Group or Create Baseline links to create a baseline group or a baseline and complete the remaining steps in the respective wizard.
Click Attach.

The baselines and baseline groups that you selected to attach are displayed in the Attached Baseline Groups and Attached Baselines panes of the Update Manager tab.
Filter the Baselines and Baseline Groups Attached to an Object

You can filter the baselines and baseline groups attached to a specific inventory object and search within the baselines and baseline groups.

You can filter baselines and baseline groups attached to an object from the Update Manager Client Compliance view.
Procedure

Connect the vSphere Client to a vCenter Server system with which Update Manager is registered and select Home > Inventory.
Select the type of object that you want to view.
For example, Hosts and Clusters or VMs and Templates.
Select an object from the inventory.
This object can be a virtual machine, a virtual appliance, a host, or a container object.
Click the Update Manager tab.
If your vCenter Server system is part of a connected group in vCenter Linked Mode, the Update Manager tab is available only for the vCenter Server systems with which an Update Manager instance is registered.
Type text in the Name contains text box above the Attached Baselines pane.

The baselines and baseline groups containing the text that you entered are listed in the respective panes. If the inventory object you select is a container object, the virtual machines, appliances, or hosts in the bottom pane of the Update Manager tab are also filtered.
Detach Baselines and Baseline Groups from Objects

You can detach baselines and baseline groups from objects to which the baselines or baseline groups were directly attached. Because vSphere objects can have inherited properties, you might have to select the container object where the baseline or baseline group is attached and then detach it from the container object.

You can detach baselines and baseline group from objects from the Update Manager Client Compliance view.
Prerequisites

Ensure that you have the Attach Baseline privilege.
Procedure

Connect the vSphere Client to a vCenter Server system with which Update Manager is registered and select Home > Inventory.
Select the type of object that you want to detach the baseline or group from.
For example, Hosts and Clusters or VMs and Templates.
Select the object in the inventory, and click the Update Manager tab.
If your vCenter Server system is part of a connected group in vCenter Linked Mode, the Update Manager tab is available only for the vCenter Server systems with which an Update Manager instance is registered.
Right-click the baseline or baseline group to remove and select Detach Baseline or Detach Baseline Group.
Select the inventory objects from which you want to detach the baseline or baseline group and click Detach.

The baseline or baseline group you detach remains in the Compliance view until you detach it from all objects.

The baseline or baseline group that you detach is no longer listed in the Attached Baselines or Attached Baseline Groups pane.
Troubleshoot Update Manager problem areas and issues

Official Documentation:

Installing and Administering VMware vSphere Update Manager 5.0, Chapter 17 “Troubleshooting”, page 173.
If you encounter problems when running or using Update Manager, you can use a troubleshooting topic to understand and solve the problem, if there is a workaround.

This chapter includes the following topics:

“Connection Loss with Update Manager Server or vCenter Server in a Single vCenter Server System,” on page 173
“Connection Loss with Update Manager Server or vCenter Server in a Connected Group in vCenter Linked Mode,” on page 174
“Gather Update Manager Log Bundles,” on page 175
“Gather Update Manager and vCenter Server Log Bundles,” on page 175
“Log Bundle Is Not Generated,” on page 175
“Host Extension Remediation or Staging Fails Due to Missing Prerequisites,” on page 176
“No Baseline Updates Available,” on page 176
“All Updates in Compliance Reports Are Displayed as Not Applicable,” on page 177
“All Updates in Compliance Reports Are Unknown,” on page 177
“VMware Tools Upgrade Fails if VMware Tools Is Not Installed,” on page 177
“ESX/ESXi Host Scanning Fails,” on page 178
“ESXi Host Upgrade Fails,” on page 178
“The Update Manager Repository Cannot Be Deleted,” on page 178
“Incompatible Compliance State,” on page 179

Generate database reports using MS Excel or MS SQL

Official Documentation:

Installing and Administering VMware vSphere Update Manager 5.0, Chapter 16 “Common User Goals”, Section “Generating Common Database Reports”, page 169.

Update Manager uses Microsoft SQL Server and Oracle databases to store information. Update Manager does not provide a reporting capability, but you can use a third-party reporting tool to query the database views to generate reports.

IMPORTANT The Update Manager database does not contain information about the objects in the inventory, but contains internal inventory entity IDs. To get the original IDs for virtual machines, virtual appliances, and hosts, you must have access to the vCenter Server system database. From the vCenter Server system database, you can retrieve the ID of the objects that you want to access. To obtain the Update Manager database Ids of the objects, Update Manager adds the prefix vm- (for virtual machines), va- (for virtual appliances), or host-(for hosts).

Generate Common Reports Using Microsoft Office Excel 2003 on page 169
Using Microsoft Excel, you can connect to the Update Manager database and query the database views to generate a common report.
Generate Common Reports Using Microsoft SQL Server Query on page 170
Using a Microsoft SQL Server query, you can generate a common report from the Update Manager database.

Generate Common Reports Using Microsoft Office Excel 2003

Using Microsoft Excel, you can connect to the Update Manager database and query the database views to generate a common report.
Prerequisites

You must have an ODBC connection to the Update Manager database.
Procedure

Log in to the computer on which the Update Manager database is set up.
From the Windows Start menu, select Programs > Microsoft Office > Microsoft Excel.
Click Data > Import External Data > New Database Query.
In the Choose Data Source window, select VMware Update Manager and click OK.
If necessary, in the database query wizard, select the ODBC DSN name and enter the user name and password for the ODBC database connection.
In the Query Wizard – Choose Columns window, select the columns of data to include in your query and click Next.

Option	Description
Available tables and columns	Lists the available tables, views, and columns. Scroll down to select adatabase view beginning with VUMV_, and expand the view to select specific columns by double-clicking them.
Columns in your query	Lists the columns you can select to include in your query.
Preview of data in selected column	Displays the data in a selected column when you click Preview Now.

For example, if you want to get the latest scan results for all objects in the inventory and all patches for an inventory object, select the following database views and their corresponding columns from the Available tables and columns pane:

VUMV_UPDATES
VUMV_ENTITY_SCAN_RESULTS

Click OK in the warning message that the query wizard cannot join the tables in your query.
In the Microsoft Query window, drag a column name from the first view to the other column to join the columns in the tables manually.
For example, join the META_UID column from the VUMV_UPDATES database view with the UPDATE_METAUID column from the VUMV_ENTITY_SCAN_RESULTS database view.
A line between the columns selected indicates that these columns are joined.

The data is automatically queried for all inventory objects in the Microsoft Query window.
Generate Common Reports Using Microsoft SQL Server Query

Using a Microsoft SQL Server query, you can generate a common report from the Update Manager database.
Procedure

To generate a report containing the latest scan results for all objects in the inventory and for all patches for an inventory object, run the query in Microsoft SQL Client.

SELECT r.entity_uid,r.ENTITY_STATUS,

u.meta_uid, u.title, u.description, u.type, u.severity,

(case when u.SPECIAL_ATTRIBUTE is null then ‘false’

else ‘true’

end) as IS_SERVICE_PACK,

r.scanh_id, r.scan_start_time, r.scan_end_time

FROM VUMV_UPDATES u JOIN VUMV_ENTITY_SCAN_RESULTS r ON (u.meta_uid = r.update_metauid)

ORDER BY r.entity_uid, u.meta_uid

The query displays all patches that are applicable to the scanned objects in the inventory.
Upgrade vApps using Update Manager

Official Documentation:

Installing and Administering VMware vSphere Update Manager 5.0, Chapter 11 “Working with Baselines and baseline Groups”, page 83.
See objective Create and modify baseline groups.
Utilize Update Manager PowerCLI to export baselines for testing

Official Documentation:

Installing and Administering VMware vSphere Update Manager 5.0, Chapter 16 “Common User Goals”, Section “Testing Patches or Extensions and Exporting Baselines to Another Update Manager Server”, page 155.

Before you apply patches or extensions to ESX/ESXi hosts, you might want to test the patches and extensions by applying them to hosts in a test environment. You can then use Update Manager PowerCLI to export the tested baselines to another Update Manager server instance and apply the patches and extensions to the other hosts.

Update Manager PowerCLI is a command-line and scripting tool built on Windows PowerShell, and provides a set of cmdlets for managing and automating Update Manager. For more information about installing and using Update Manager PowerCLI, see VMware vSphere Update Manager PowerCLI Installation and Administration Guide.

This workflow describes how to test patches by using one Update Manager instance and how to export the patch baseline containing the tested patches to another Update Manager instance.

Create fixed host patch baselines.
Create fixed patch baselines containing the patches that you want to test. Fixed patch baselines do not change their content when new patches are downloaded into the Update Manager patch repository. You can create a fixed patch baseline from the Baselines and Groups tab of the Update Manager Administration view. For more information and a detailed procedure, see “Create a Fixed Patch Baseline,” on page 85.
Attach the patch baselines to a container object containing the hosts that you want to scan or remediate.
The container object can be a folder, cluster, or datacenter. You can attach baselines and baseline groups to objects from the Update Manager Compliance view. For more information about attaching baselines and baseline groups to vSphere objects, see “Attach Baselines and Baseline Groups to Objects,” on page 97.
Scan the container object.
After you attach baselines to the selected container object, you must scan it to view the compliance state of the hosts in the container. You can scan selected objects manually to start the scanning immediately.
For detailed instructions on how to scan your hosts manually, see “Manually Initiate a Scan of ESX/ESXi Hosts,” on page 101.
You can also scan the hosts in the container object at a time convenient for you by scheduling a scan task. For more information and detailed instructions about scheduling a scan, see “Schedule a Scan,” on page 102.
Review the scan results displayed in the Update Manager Client Compliance view.
For a detailed procedure about viewing scan results and for more information about compliance states, see “Viewing Scan Results and Compliance States for vSphere Objects,” on page 103.
(Optional) Stage the patches in the attached baselines to the hosts that you want to update.
You can stage the patches and copy them from the Update Manager server to the hosts before applying them. Staging patches speeds up the remediation process and helps minimize host downtime during remediation. For a detailed procedure about staging patches and extensions to hosts, see “Stage Patches and Extensions to ESX/ESXi Hosts,” on page 121.
Remediate the container object.
Remediate the hosts that are in Non-Compliant state to make them compliant with the attached baselines. For more information about remediating hosts against patch or extension baselines, see “Remediate Hosts Against Patch or Extension Baselines,” on page 122.
Export the patch baselines from the Update Manager server that you used to test the patches, and import them to another Update Manager server.
You can export and import patch baselines from one Update Manager server to another by using an Update Manager PowerCLI script. The following example script creates a duplicate of the baseline MyBaseline on the $destinationServer.
NOTE The script works for fixed and dynamic patch baselines as well as for extension baselines.
Apply the patches to your ESX/ESXi hosts by using the Update Manager server instance to which you exported the tested patch baseline.

Utilize the Update Manager Utility to reconfigure vUM settings

Official Documentation:

Reconfiguring VMware vSphere Update Manager 5.0

See first objective.

Other exam notes

The Saffageek VCAP5-DCA Objectives http://thesaffageek.co.uk/vcap5-dca-objectives/
Paul Grevink The VCAP5-DCA diaries http://paulgrevink.wordpress.com/the-vcap5-dca-diaries/
Edward Grigson VCAP5-DCA notes http://www.vexperienced.co.uk/vcap5-dca/
Jason Langer VCAP5-DCA notes http://www.virtuallanger.com/vcap-dca-5/
The Foglite VCAP5-DCA notes http://thefoglite.com/vcap-dca5-objective/

VMware vSphere official documentation

VMware vSphere Basics Guide	html	pdf	epub	mobi
vSphere Installation and Setup Guide	html	pdf	epub	mobi
vSphere Upgrade Guide	html	pdf	epub	mobi
vCenter Server and Host Management Guide	html	pdf	epub	mobi
vSphere Virtual Machine Administration Guide	html	pdf	epub	mobi
vSphere Host Profiles Guide	html	pdf	epub	mobi
vSphere Networking Guide	html	pdf	epub	mobi
vSphere Storage Guide	html	pdf	epub	mobi
vSphere Security Guide	html	pdf	epub	mobi
vSphere Resource Management Guide	html	pdf	epub	mobi
vSphere Availability Guide	html	pdf	epub	mobi
vSphere Monitoring and Performance Guide	html	pdf	epub	mobi
vSphere Troubleshooting	html	pdf	epub	mobi
VMware vSphere Examples and Scenarios Guide	html	pdf	epub	mobi

Disclaimer.
The information in this article is provided “AS IS” with no warranties, and confers no rights. This article does not represent the thoughts, intentions, plans or strategies of my employer. It is solely my opinion.

Related articles:

Marco