Updating your ESXi patches helps eliminate security vulnerabilities that cybercriminals could exploit. When you have multiple ESXi hosts, patches can be installed via the command-line interface using the ESXCLI command suite.
If you monitor a lot of ESXi hosts, installing patches via ESXCLI commands takes too long. It can get even more complicated with different versions of ESXi hosts that need to be upgraded.
Yo download patches, the ESXi version must be in accordance with multiple patches that are corresponding with the ESXi release image and ESXi images tab.
While repairing ESXi is an integral part of VMware vSphere security, it’s not the only thing you need to do to keep your data safe. To ensure that your VMs, applications, and data are intact and available on-demand, regularly back them up with a proven third-party provider.
Manage ESXi updates
Suppose you use a standalone individual host or a small number of hosts not managed by the vCenter Server. In that case, you can use all available methods to install ESXi updates except the VUM method, as this method is only available when the vCenter Server manages ESXi hosts.
For this purpose, there are several methods for upgrading and patching the VMware ESXi hypervisor. VMware administrators prefer this method because it enables automated upgrades.
Each host in the VMware cluster is upgraded once and then automatically restarted until each host is upgraded and restarted. Since vSphere 6.5, VMware has provided the vCenter Server Appliance (vCSA), a Linux version of vCenter Server.
This version integrates vSphere Update Manager (VUM), so you do not need to install it as an add-on as you would on the Windows version of the vCenter Server.
Regular software updates are essential for fixing security holes and bugs, and keeping track of ESXi updates is no different.
VMware periodically releases updates and patches for ESXi Supervisor throughout the year and significant updates at least once a year. The latest of these major updates is ESXi 6.5 Update 1.
Upgrade with the offline command-line interface
Your ESXi host may not always have a secure internet connection or be disconnected entirely from the outside world. In this case, you can first download the updated VMware patch file.
This file is then placed in the data store visible to the ESXi host you want to upgrade. You can then run a command to upgrade the host.
Go to the VMware patch download center and get the latest ESXi patch. Once connected there, select ESXi (Embedded and installable) and press Search.
Once you have downloaded the latest patch, place the zip file in a data store visible to your ESXi-host, VMware vSphere Client, or ESXi-host.
For this example, we chose to use the ESXi host client as this is a new process and will become standard as VMware releases the old vSphere Windows Client.
Enter the following command to upgrade:
esxcli software vib update -d /vmfs/volumes/<your_datastore>/update-from-esxi6.5-6.5_update01
Reboot the host, and disable maintenance mode.
VMware ESXi Patch Download
You must create a Vmware Free account to download the Vmware ESXi Patches. On the Vmware Patch download portal, you will need to select the correct version of Vmware ESXi. Select the desired package and click on the Download button.
In our example at VMware-ESXi.com, we downloaded the Patch named ESXi670-201808001. The patch file name was ESXi670-201808001.zip.
First, you need to access the VMware web interface. Open browser software, enter the IP address of your VMware server and access the web interface.
On the prompt screen, enter the login administrative information.
Upon successful login, the VMware Dashboard will be displayed.
On the VMware Dashboard, Access the Storage menu and click on the Datastore browser button.
On the Datastore browser screen, click on the Create Directory button and enter the name: PATCH
Select the PATCH folder, click on the Upload button and locate the ESXi Patch on your computer.
Now, you need to enable the SSH service.
Access the Manage menu, access the Services tab, and locate the SSH service.
Manage > Services > TSM-SSH
Right-click on the SSH service and select the Start option.
Use the open-source software and connect to the VMware ESXi server.
In our example, we will use open-source software and a Windows computer.
After finishing the download, run the software and wait for the following screen.
Select the SSH option and enter the IP address of the VMware ESXi server.
On the prompt screen, enter the administrative login information.
Factory default access information:
Password: your password
After a successful login, the console command line will be displayed.
Use the following command to enter the Maintenance mode.
esxcli system maintenanceMode set –enable true
Navigate to the directory on the datastore where you uploaded the patch file.
Use the following commands to install the VMware Patch or update the bundle.
esxcli software vib install -d “https://d1ny9casiyy5u5.cloudfront.net/vmfs/volumes/datastore1/PATCH/ESXi670-201808001.zip”
Exit the maintenance mode and reboot your VMware ESXi server.
esxcli system maintenanceMode set –enable false
And finally, congratulations! You successfully installed a VMware ESXi Patch!
Upgrade with VMware Update Manager
Download the full VMware ESXi 6.5 U1 ISO from VMware.
Connect via vSphere Client, and select Home > Update manager.
Under the Manage tab, select ESXi Images > Import, and import the VMware ESXi 6.5 U1 ISO.
Understanding VMware patches
In terms of VMware patches, there are several different types offered for ESXi. You can get a better understanding of them by simply taking a look at the Update Manager and the patches available in it. There are patches and compounds available for ESXi.
We prefer collections because they include all patches. You may apply a specific patch if you are trying to resolve a particular issue and have received instructions from VMware Support or if the latest patch available does not include a collection.
ESXi patching is an integral part of every organization’s vSphere operations. This can be done quickly and easily with VMware vSphere Update Manager.
The process consists of reading the basics for your VMware patches, attaching your baseline to a vSphere object like the ESXi cluster, and optionally setting up your patches before patching your ESXi hosts to meet their baseline.