vSphere Patch application guide

Introduction

Purpose of This Guide

This document is written for customers who have subscription of Enterprise Cloud 2.0 (which will be called ECL2.0 hereinafter) and have some prior experience of using VMware vSphere products.
The steps explained in this guide assumes the following menus have been created.
List of Preliminarily Created Menus

Items

Status

Applying for ECL2.0

Application completion

Logical Network Menu

Completed creating total 4 IDs: For vSphere Management data (Data Plane) / For vSphere virtual server transmission data (Data Plane) /For vSphere vMotion(Data Plane) For Storage Connectivity (Storage Plane)

File Storage

Connection completion

Firewall menu (vUTM)

Completed creating a Firewall

Inretnet Conectivity Menu

Completed creating Internet Gateways

VMware vSphere ESXi

Settings completed

VMware vCenter Server 6.0u2

Configuration completed


Preliminary Items Needed

Customers are required to have vSphere Client installed in their remote terminal ( vSphere Client is needed to control the operations on the ESXi servers except if customers have direct access to the ESXi console)
Customers are advised to refer to VMware’s vSphere Client and vSphere Web Client Software Requirements for further requirements for installation.
  • •Customers are advised to prepare a ECL2.0 network having access to Internet.


Service Descriptions For Reference

Customers are advised to read the following service descriptions for reference:

  • •Service Description: Baremetal Server

  • •Service Description: OS

  • •Service Description: Dedicated Hypervisor vSphere ESXi

At the Usage of This Guide

Customers are noted of the following information as they refer to this guide

  • This document describes the procedure actually used for setup in NTT Communications, as an example. The procedure does not necessarily assure that the procedure works for the environment and configuration of a customer.

  • •This guide focuses on deployment procedure unique to vSphere ESXi configuration in ECL2.0. This guide will not cover general and overall deployment process of vSphere ESXi.

  • •This guide does not cover general operations or instructions for customers to configure Logical Network , firewall or virtual servers utilized in this guide. For general operations related to these product customers are advised to refer to Enterprise Cloud 2.0 service descriptions and other such tutorials available online.

  • •Customers are advised that any published details available in this guide can be changed, modified, or revised without prior notice.


Overview

This section describes the procedure for applying a patch with VMware vSphere.

The overall flow is as follows.

  • Version upgrade of Platform Services Controller (hereafter, PSC)

  • Version upgrade of vCenter Server

  • Applying the patch to ESXi

Note

  • The System Administrator privilege is used for this work.


  • Patch application for dealing with vulnerability

When applying a patch for dealing with vulnerability,
be sure to apply the patch to ESXi after upgrading the version of vCenterServer.
▼Enterprise Cloud Knowlesge Center
Notification of measures against CPU vulnerability (CVE-2017-5754 (Meltdown)/CVE-2017-5715 and CVE-2017-5753 (Spectre))
▼VMware KB
“Security issue regarding speculative execution VMware measures against CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754 (Spectre and Meltdown)”

Patch/binary file acquisition

For binary of this plugin, ask with the support ticket.
We will provide the binary file in the ISO image format, using the image sharing function to the designated tenant.
Fill in the support ticket as follows.

Category

Datacenter / Enterprise Cloud 2.0 NTTCommunications Support /General Inquiry

Type

Inquary

Content

VMware Patch/binary file provision request

Service menu

vSphere

Tebant ID

<Corresponding tenant ID>

Region

Select a region for use.

(For failure occurrence) Date when the problem occurred

No description

(For failure occurrence) Is the operation history present?

No description

(For failure occurrence) Is the problem currently occurring?

No description

Details

Provide the VMware Patch file.
※必要なbuild番号を記述ください。
※ご利用のベアメタルサーバーのフレーバーを記述ください。
Be careful that the patch type to be supplied differs depending on the flavors.

Urgency

Low

Influence rate

Normal request

Attached file

None



**For this procedure, the following configuration and file are used. **

  • Baremetal Flavor:General Purpose 2 v1

  • Build:VMware-VIMSetup-all-6.0.0-7977899
  • Applied Patch:VMware-ESXi-6.5.0-Update1-5969303-HPE-650.U1.10.1.0.14-Jul2017


PSC and vCenter Server version upgrade procedures

Save the acquired binary file in Datastore.

  • **On the left pane of vSphere Web Client , select Storage. **

../_images/1.png

  • **Select “NFS” created in the previous section, and then select “Browse Files”. **

../_images/2.png

  • **After the transition, newly create a folder. Here, “ISO” and “Patch” have been created. **

../_images/3.png

  • Select the “Patch” folder created on the middle pane, and then select “Upload a file to The Datastore”.

../_images/4.png

  • **Save the acquired binary file in the “Patch” folder. **

../_images/6.png

  • **Similarly, save the acquired version upgrade file in the “ISO” folder. **

../_images/15.png

Stopping vCenter and acquiring a snapshot

  • **On vSphere Client, select vCenter, and then click “Shut down the virtual machine”. **

../_images/8.png

  • On vSphere client, select “vCenter” then “Snapshot”.

../_images/9.png

  • On the Take Virtual Machine Snapshot screen, enter an arbitrary name for “Name”, and then click “OK”.

../_images/10.png

  • **After acquisition of Snapshot, select “vCenter”, and then click “Power On The Virtual machine” on the right pane to boot. **

../_images/12.png

  • **After booting, click “Edit Virtual machine settings” on the right pane to start. **

../_images/18.png

  • From “Hardware”, select CD/DVD, and then select “Device Type”, “Datastore ISO File”, and “Browse...” in the order.

../_images/19.png

  • **Select “Browse Datastore” then “NFS”, and click “Open”. **

../_images/20.png

  • **For upgrade of the PSC and vCenter versions, select “ISO” this time, and then click “Open”. **

../_images/21.png

  • Select “VMware-VIMSetup...” in the ISO folder, and then click “OK”. **

../_images/22.png

  • Log into vCenter, and check that the VIM file previously mounted is present in drive D.

../_images/23.png

  • **Expand the file, and then click “autorun”. **

../_images/24.png

  • **Select “vCenter Server for Windows”, and then click “Install”. **

../_images/25.png

  • **After the installer is opened, click “Next”. **

../_images/26.png

  • **After the written consent for use is displayed, confirm the content, check the checkbox, and then click “Next”. **

../_images/27.png

  • **The display is switched to the update screen having a checkbox which asks if backup of vCenter has been taken. Check the checkbox, and then click “Update”. **
    ※現在の6.0のbuild が表示されているのでアップデート後切り替わっているか確認します。
../_images/28.png

  • **Update of PSC and vCenter is executed at a time. **

../_images/29.png

  • **After “Setup Completed” is displayed, click “Finish”. **

../_images/30.png

  • **On vSphere Web Client, select “vCenter” then “summary” to check. If Version Information shows higher built, the update is completed. **

../_images/31.png

Deleting the snapshot

  • After finishing the updade, on vSphere Web Client, select “Hosts and cluster”, “vesxi-22.osaka...”, “Monitor”, then “All Issue” in the order. Check that no errors are shown, and then delete the snapshot. **

../_images/54.png

Note

  • If the snapshot is not deleted and is left, the operation speed can be decreased.


  • **On vSphere Web Client, select “Hosts and cluster”, and then right-click “vCenter”. Then after clicking “Snapshots”, click “Manage Snapshots...”. **

../_images/51.png

  • **Select the snapshot name created with “Manage VM Snapshots for vCenter”, and then click “Delete”. **
    ※確認画面が表示されますので間違いないかご確認のうえ「Yes」をクリックしてください。
../_images/52.png

Applying a patch to the host server

  • **Stop or move VM on the host server to which the patch is to be applied. **

../_images/33.png

  • **After the completion, right-click the target host, and then select “Maintenance Mode” then “Enter Maintenance Mode” to switch to the maintenance mode. **

../_images/39.png

  • **After the confirmation screen is displayed, merely click “OK”. **

../_images/40.png

  • **Check that “esxi-22.osaka...” has been switched to the maintenance mode. **

../_images/41.png

  • **Connect the work terminal to the terminal placed into the maintenance mode, through SHH (in this configuration, use of putty). **


  • **The following command also allows to check if switching to the maintenance mode has been made. **

# vim-cmd hostsvc/hostsummary | grep -i mainte
  inMaintenanceMode = true,

  • **Search for the profile of the patch to be applied. **

# vesxcli software sources profile list -d /vmfs/volumes/NFS/Patch/VMware-ESXi-6.0.0-Update3-6921384-HPE-600.10.2.0.23-Feb2018-depot.zip
  Name                                  Vendor                      Acceptance Level
  ------------------------------------  --------------------------  ----------------
  HPE-ESXi-6.0.0-Update3-600.10.2.0.23  Hewlett Packard Enterprise  PartnerSupported
  • Apply the shown patch.

# esxcli software profile update -d /vmfs/volumes/NFS/Patch/VMware-ESXi-6.0.0-Update3-6921384-HPE-600.10.2.0.23-Feb2018-depot.zip -p HPE-ESXi-6.0.0-Update3-600.10.2.0.23
  • **After a while, the result is displayed. When it is displayed as shown in the red box, the application is completed and reboot is to be performed. **

../_images/47.png
  • **After reboot is finished, check that “6921384” is shown as the built version. **

../_images/49.png
  • **On vSphere Web Client, exit the maintenance mode. **

../_images/54.png
  • For each server, repeat the same work to complete the entire job.