Patching Process Of Hypervisors and ESXI Hosts

Version 5

    Hypervisor scanning and deployment


    Scanning and deployment operations are performed by the hypervisor. In order to scan for installed and missing Bulletins, the hypervisor needs the latest patching metadata files. The metadata files are available from VMware inside an archive 9ZIP0 file. There is a different metadata package for each supported version of ESX and ESXi. Protect supplies the target hypervisor with the URL to the proper metadata file, but in this release, the hypervisor must download the file from the internet.


    Hypervisor deployment


    When the user selects the Bulletins to install, Protect will analyze the request and determine the proper bundles to be install by using the same metadata that was used by the hypervisor during the scan.


    Protect gets the URLs for the bundles and passes them to the hypervisor. The hypervisor will download the bundles from VMware and perform the installation. The scan and installation processes are initiated by the Protect Console Service. Once initiated, the Scan or Deployment operation will continue even if the Protect GUI is shut down.


    Deploying patches to the Virtual Environment


    1. The console instructs the hypervisor to download the pertinent bulletins and perform an installation.
    2. The hypervisor downloads the pertinent bulletins from VMware servers.
    3. The hypervisor performs an installation using the downloaded bulletins.
    4. The hypervisor perfroms an assessment using the previously downloaded metadata
    5. The hypervisor sends the assessment results to the console.


    Operation details


    Details of the deployment operation can be found in the following locations:

    • Operation Monitor
    • Event History log
    • vCenter Event and Alert logs
    • ST.ServiceHost.managed.log


    ESX/ESXi Hypervisor deployment requirements


    • The ESX or ESXi Hypervisor must be at one of the following versions :

                ESX - 4.0 or later

                ESXi - 4.1 or later

    • The Shavlik Protect console must be internet connected.
    • The ESX or ESXi Hypervisor must be internet connected.
    • Port 443 must be open on the hypervisor.
    • The latest version of VMware Tools must be installed and running on all virtual machines managed by the hypervisor.
    • You must have previously performed a successful scan of the ESX or ESXi hypervisor.