3 Replies Latest reply on Jun 19, 2015 7:07 AM by cwinning

    Scanning ESX servers

    PaulFreedman Apprentice

      Hi

      We have jsut upgraded to 9.0 Patch 1 and would liekt  start patching our ESX servers via Shavlik.

       

      I have added our VC and can see all of the ESX hosts that are connected to it, although when I scan I get an error:

       

           Complete with errors. Check the Hypervisor network configuration firewall settings

       

      I can see the Scan complete successfuly on my VC console.

       

      I have found a previous post adn followed the steps below prior to scanning.

       

      The hypervisors (ESXi hosts) must allow http traffic over ports 80/443.  You can verify and enable this using the vSphere client:

      1.     Select the hypervisor in the inventory.

      2.     Click on the Configuration tab.

      3.     Select ‘Security Profile’ in the Software grouping.

      4.     Click ‘Properties…’ at the top of the Firewall settings.

      5.     Verify or enable ‘httpClient’ in the list of firewall settings.

       

      Thanks

        • 1. Re: Scanning ESX servers
          SupportEmployee

          Hi,

           

          What version of ESXi hosts do you have? Basically the ESXi host itself will need to be able to get out to the VMware update site to download metadata.

           

          For ESXi 5.1 this would be the full URL for the file it tries to download:

           

          https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/esx/vmw/vmw-ESXi-5.1.0-metadata.zip

          1 of 1 people found this helpful
          • 2. Re: Scanning ESX servers
            SatisnetSupport Rookie

            Sorry to resurrect this old thread, and I know this isn't a Shavlik problem, more of a VMware issue...

             

            Why oh why should I have to allow ALL my ESXi hosts to reach that URL?

            This is both bizarre and insecure!

             

            Q. Can we not have our Shavlik console gather the metadata and deliver this to the hosts to check, as with Windows scanning?

            Q. Am I right to assume the Shavlik console IS downloading and delivering patches to the hosts, and the hosts are NOT individually downloading them direct from VMware???

            NO! So I've just patched a host using Shavlik Protect, and the host itself is reaching out to 23.214.143.112

            • 3. Re: Scanning ESX servers
              cwinning CommunityTeam

              Hello,

               

              ESX scanning and patching is different from managing server/workstation clients.

               

              The ESX hosts do ALL of the work.  They scan themselves, download updates and install the updates to themselves.  Shavlik Protect simply uses VMware API calls to start the processes and report back on the current status of the scan, deployment etc.

               

              Thanks,

              Charles