Keeping your VMware ESXi servers up-to-date is crucial for ensuring security, stability, and access to the latest features. However, the process can seem daunting at first. In this guide, we’ll demystify the update process, focusing on the difference between upgrades and patches, and the importance of using depot files for carrying these patches.
Understanding ESXi Updates: Upgrades vs. Patches
Upgrades involve moving from one major or minor version of ESXi to another (e.g., from 8.0 to 8.0U1). Upgrades typically include new features, improvements, and fixes. They’re more substantial changes that require planning and testing to ensure compatibility with your environment.
Patches, on the other hand, are smaller updates within the same version. They focus on fixing specific issues, closing security vulnerabilities, and offering minor improvements. Patches are essential for maintaining the health and security of your ESXi hosts.
The Role of Depot Files
Depot files are archives containing everything needed for an ESXi update—whether it’s an upgrade or a patch. These files include the VIBs (VMware Installation Bundles) and image profiles that define what’s installed on the host. You can think of a depot file as a package or a kit that contains all the parts for your update.
How to Apply ESXi Updates and Patches
- Preparation: Always start by backing up your ESXi host and virtual machines. It’s crucial to have a rollback plan in case something goes awry.
- Choose Your Method: Decide whether you’re performing an upgrade or applying a patch. This decision will affect how you proceed.
- Obtain the Depot File: Download the depot file for your desired update or patch from the VMware website. Ensure it’s compatible with your ESXi version.
- Upload the Depot File: Transfer the depot file to a datastore accessible to your ESXi host or to a location reachable via HTTP/HTTPS.
- Apply the Update or Patch:
- For upgrades, use the
esxcli software profile updatecommand, specifying the depot file and the image profile name you wish to apply. - For patches, the process can be similar, though you’re typically applying a smaller set of changes.
- For upgrades, use the
- Reboot and Verify: After applying the update or patch, reboot your ESXi host. Then, verify the installation by checking the ESXi version and build number to ensure it matches what you expected to install.
Maintenance Mode
Remember to put your ESXi host into maintenance mode before applying updates or patches. This step is crucial for preventing any impact on your virtual machines and workloads.
Image Profiles: Standard vs. No-Tools
When updating, you might encounter different image profiles, such as “standard” and “no-tools.” The “standard” profile typically includes VMware Tools, which are useful for enhanced performance and management of virtual machines. The “no-tools” profile omits VMware Tools, which might be preferred in certain scenarios.
Example Upgrade Command Routine:
ssh root@<ESXi-host-IP>
esxcli system maintenanceMode set --enable true
esxcli software profile update -d /vmfs/volumes/<datastore-name>/<upgrade-depot-file>.zip -p <image-profile-name>
reboot esxcli system maintenanceMode set --enable false
Example Patch Command Routine:
esxcli system maintenanceMode set --enable true
esxcli software vib update -d /vmfs/volumes/<datastore-name>/<patch-depot-file>.zip
OR
esxcli software vib update -d http://<URL-to-depot-file>
reboot
esxcli system maintenanceMode set --enable false
Conclusion
Keeping your VMware ESXi hosts updated is a key part of managing a secure and efficient virtual environment. By understanding the differences between upgrades and patches, and how depot files facilitate these updates, you’re well-equipped to maintain your infrastructure. Always plan, backup, and test your updates to ensure a smooth and successful upgrade or patching process.
