- VMware Enhanced Authentication Plug-in—Why do we still need it with vSphere 7.0? - Fri, Jul 3 2020
- VMware VCSA 7 backup - Fri, Jun 26 2020
- vSphere 7.0 unsupported CPUs and ESXi 7.0 hardware requirements - Fri, Jun 12 2020
VMware vCenter Server Appliance (VCSA) is a vCenter Server application running on a Linux machine. VCSA is based on Photon OS, which is VMware's own maintained and secured Linux distro.
Previously VMware VCSA was based on SUSE Linux Enterprise Server (SLES), but the patching and security updates were dependent on SUSE. For VMware to own the whole infrastructure stack, it is now faster, more secure, and easier to update the VCSA.
Today we'll have a look at three different ways to patch and update VMware VCSA.
Offline update of VMware VCSA ^
The offline update is useful in situations where VMware VCSA does not have a direct connection to the internet. It can be in secure environments where direct internet access just isn't recommended due to security risks. But we may even need to patch these environments.
You can download the latest patch from the VMware product patches page. On the web page, select the drop-down menu VC > Select 6.7, click the checkbox, and download the latest file.
Note: You only need the latest patch because the updates are cumulative. It is a large ISO file, which contains all the patches.
First connect to your vSphere infrastructure and upload this ISO to a data store visible by the ESXi host where the VCSA runs. Then select the VCSA VM and connect the ISO to the VM.
Next, use your web browser and connect to https://<vCSA IP Address or hostname>:5480 and log in as root. We're accessing the appliance itself and not the vCenter Server. Note the port number (5480), which is a specific port destined for management of the vCenter Server application.
We are connecting to what's called a VAMI user interface. VAMI means vCenter Server Appliance Management Interface for VCSA.
VAMI performs basic administrative tasks such as monitoring the VCSA, changing the host name and the network configuration, or applying patches and updates. The VAMI was included in the early versions of VCSA, but VMware removed it in vSphere 6.0 and then again brought it back in vSphere 6.0 U1.
Now the VAMI uses HTML 5 and has a new look and feel.
Go to the update menu and click Check Updates > Check CD‑ROM. Several patches may show up, and depending on your version, you might need (or not) to apply them in a special order. If not specified otherwise, always apply the latest patch, which is cumulative.
You can click Run Pre-update checks, which gives you an estimate of a downtime, but if you don't need vCenter for several hours, you can simply go and click the stage and install link.
The assistant will walk you through the update process.
Update via internet ^
This option is the "mainstream" option. Most of today's environments are connected to the internet. So the most convenient option is to patch VCSA online.
To do this, there are just few simple steps. First, log in to the VCSA and go to Update, where you'll select the CD-ROM + URL link, which will check the internet location of updates at VMware first.
Once you have selected the latest update, clicked the stage and install link, follow the assistant, which will guide you through the patch process.
First, you must accept the end-user license agreement, then you might want to join the CEIP (customer experience improvement program).
And then you only have the third screen where you must check a box saying "I have backed up vCenter and its associated databases."
After doing this, the installation process will start. Now you can do something else because the process takes time to complete.
At first, all the patches are staged (downloaded) to the appliance itself, and then the process will start.
Update and patch the VCSA via CLI (command line) ^
This method is still possible; however, we don't use it much nowadays. This is because everybody is using either the direct internet-patching option or the offline option.
Over the years, VMware improved the patching process greatly. Now even on slow internet connections, you can stage the patches prior to the update to reduce downtime.
And also, not every VMware patch requires a reboot, and you can see this in the notes of each patch whether a reboot is required or not.
Using the pre-update checks gives you quite a precise estimate of how long the patching process will take and thus how long you'll be without vCenter server.
Now let's get back and see the last, the CLI method for patching. Attach the VMware-vCenter-Server-Appliance-6.7.0.xxxxx-xxxxxxxx-patch-FP.iso file to a vCenter Server Appliance CD or DVD drive.
Use your favorite SSH client (PuTTY for example) and SSH to the appliance as root and run the the commands below:
software-packages stage –iso
software-packages list –staged
software-packages install –staged
These commands are quite self-explanatory. The first command stages (downloads) all patches to the appliance.
The second command will show you all the patches staged, while the third command will proceed with the install.
Final words ^
VMware VCSA nearly hits perfection—a nice HTML 5 web-based interface that does not require any plug-ins to install. It is fast and easy to use and has a nice design. It's all you need to manage, monitor, and patch the vCenter server product successfully on a Linux VM.
The vCenter Server on Windows is slowly phasing out, and the next major release of VMware vSphere will no longer have the possibility to install vCenter server on Windows server.
By improving the Photon OS Linux distribution and especially the management of VCSA through VAMI, VMware is pushing to adopt the VCSA, and it seems that it works with a great success.