There are three ways to update VMware vCenter Server Appliance (VCSA): offline update, via the internet, or via the command line (CLI).

VMware vCenter Server Appliance (VCSA) is a vCenter Server application running on a Linux machine. VCSA is based on Photon OS, which is VMware's own maintained and secured Linux distro.

Previously VMware VCSA was based on SUSE Linux Enterprise Server (SLES), but the patching and security updates were dependent on SUSE. For VMware to own the whole infrastructure stack, it is now faster, more secure, and easier to update the VCSA.

Today we'll have a look at three different ways to patch and update VMware VCSA.

Offline update of VMware VCSA

The offline update is useful in situations where VMware VCSA does not have a direct connection to the internet. It can be in secure environments where direct internet access just isn't recommended due to security risks. But we may even need to patch these environments.

You can download the latest patch from the VMware product patches page. On the web page, select the drop-down menu VC > Select 6.7, click the checkbox, and download the latest file.

Download the latest VCSA patch

Download the latest VCSA patch

Note: You only need the latest patch because the updates are cumulative. It is a large ISO file, which contains all the patches.

First connect to your vSphere infrastructure and upload this ISO to a data store visible by the ESXi host where the VCSA runs. Then select the VCSA VM and connect the ISO to the VM.

Connect the update ISO to the VCSA virtual machine

Connect the update ISO to the VCSA virtual machine

Next, use your web browser and connect to https://<vCSA IP Address or hostname>:5480 and log in as root. We're accessing the appliance itself and not the vCenter Server. Note the port number (5480), which is a specific port destined for management of the vCenter Server application.

We are connecting to what's called a VAMI user interface. VAMI means vCenter Server Appliance Management Interface for VCSA.

VAMI performs basic administrative tasks such as monitoring the VCSA, changing the host name and the network configuration, or applying patches and updates. The VAMI was included in the early versions of VCSA, but VMware removed it in vSphere 6.0 and then again brought it back in vSphere 6.0 U1.

Now the VAMI uses HTML 5 and has a new look and feel.

Connect to the VCSA appliance

Connect to the VCSA appliance

Go to the update menu and click Check Updates > Check CD‑ROM. Several patches may show up, and depending on your version, you might need (or not) to apply them in a special order. If not specified otherwise, always apply the latest patch, which is cumulative.

Check updates via CD ROM

Check updates via CD ROM

You can click Run Pre-update checks, which gives you an estimate of a downtime, but if you don't need vCenter for several hours, you can simply go and click the stage and install link.

The assistant will walk you through the update process.

Update via internet

This option is the "mainstream" option. Most of today's environments are connected to the internet. So the most convenient option is to patch VCSA online.

To do this, there are just few simple steps. First, log in to the VCSA and go to Update, where you'll select the CD-ROM + URL link, which will check the internet location of updates at VMware first.

Select CD ROM + URL

Select CD ROM + URL

Once you have selected the latest update, clicked the stage and install link, follow the assistant, which will guide you through the patch process.

First, you must accept the end-user license agreement, then you might want to join the CEIP (customer experience improvement program).

And then you only have the third screen where you must check a box saying "I have backed up vCenter and its associated databases."

Backup your vCenter Server first

Backup your vCenter Server first

After doing this, the installation process will start. Now you can do something else because the process takes time to complete.

At first, all the patches are staged (downloaded) to the appliance itself, and then the process will start.

Update and patch the VCSA via CLI (command line)

This method is still possible; however, we don't use it much nowadays. This is because everybody is using either the direct internet-patching option or the offline option.

Over the years, VMware improved the patching process greatly. Now even on slow internet connections, you can stage the patches prior to the update to reduce downtime.

And also, not every VMware patch requires a reboot, and you can see this in the notes of each patch whether a reboot is required or not.

Using the pre-update checks gives you quite a precise estimate of how long the patching process will take and thus how long you'll be without vCenter server.

Now let's get back and see the last, the CLI method for patching. Attach the VMware-vCenter-Server-Appliance-6.7.0.xxxxx-xxxxxxxx-patch-FP.iso​ file to a vCenter Server Appliance CD or DVD drive.

Use your favorite SSH client (PuTTY for example) and SSH to the appliance as root and run the the commands below:


software-packages stage --iso


software-packages list --staged


software-packages install --staged

These commands are quite self-explanatory. The first command stages (downloads) all patches to the appliance.

The second command will show you all the patches staged, while the third command will proceed with the install.

Final words

VMware VCSA nearly hits perfection—a nice HTML 5 web-based interface that does not require any plug-ins to install. It is fast and easy to use and has a nice design. It's all you need to manage, monitor, and patch the vCenter server product successfully on a Linux VM.

The vCenter Server on Windows is slowly phasing out, and the next major release of VMware vSphere will no longer have the possibility to install vCenter server on Windows server.

Subscribe to 4sysops newsletter!

By improving the Photon OS Linux distribution and especially the management of VCSA through VAMI, VMware is pushing to adopt the VCSA, and it seems that it works with a great success.

  1. Avatar
    William 5 years ago

    Thank you for this. Would you mind discussing the best process to upgrade a vCSA that is in vCenter HA mode? 

  2. Avatar Author

    Yeah sure, 

    There are several methods but it seems that for me, the following procedure is much safer and makes less work:

    – Destroy HA configuration in the GUI
    – Make a snapshot of the remaining VCSA node
    – Update VCSA
    – Check if everything is okay
    – Delete snapshot
    – Reconfigure HA again


  3. Avatar
    William 5 years ago

    Thank you. That's the method I have been using. 

    I have run into an error re-deploying vCenter HA after the upgrade. After selecting the Basic deployment there's an error complaining about a missing management NIC on the vCSA. VMware support walked me through renaming the tmp directory on the vCSA to clear old configs, then restart the management services. This resolved the error and allowed me to deploy HA.

  4. Avatar
    Bill 3 years ago

    For a CLI install, the software-packages command wasn’t that easy to find. It needs the BASH shell enabled, and then change directory to /usr/lib/applmgmt/support/scripts. When running the script, the arguments require a double dash, not a single dash as shown above, e.g.

    software-packages stage –iso
    software-packages list –staged
    software-packages install –staged

    • Avatar Author
      Vladan SEGET 3 years ago

      True, it's because WordPress "cuts" sometimes the double dash and make it a "simple" dash only. Originally there was a double dash. Thanks for pointing this out.

  5. Avatar
    Paul 3 years ago

    If doing it by the GUI, it kicks you out – how do you know when it’s completed, or do you just check back in 2 hours or so ?

    • Avatar Author
      Vladan SEGET 3 years ago

      Yeah, basically just go and get a coffee. Then came back to check.

  6. Avatar
    Marc 3 years ago

    Nice article, thank you!

    However the commands at the bottom have a typo

    software-packages stage –iso (with two dashes)

    same for the otehr commands.

  7. Avatar
    Fred 2 years ago


    Does the vCenter upgrade impact production? 


    • Avatar Author

      Yes and no. Yes if you want to use vCenter during the upgrade (provisionning new VMs, cloning, vMotioning). No because your VMs continue to run. HA and DRS continue to function without vCenter.

      • Avatar
        Mouli chandra 6 months ago

        HA will not impact but, DRS will impact, cause it Completely depends on Vcenter.

Leave a reply

Please enclose code in pre tags

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account