Recently, I had a customer run into an issue with a bug in the HP agents included within their co-branded installation media, so I came to realize the importance of updating server vendor custom software.
I decided to look into how to manage updating those a little easier since I’m having to update this kind of thing for customers lately. It turns out with Dell and HP, it’s not tough. (And BTW, Cisco and IBM – come on and get with the times on this!)
Did you know you can add a Dell and/or HP download repository for VUM to check for these updates for you? I knew you could, but I’ve never done it until now since we typically have customers maintain their stuff, but I’m involved in a few customers who want me to do it for whatever reason. And hey, I’m lazy, so screw doing this the hard way.
Open the full vSphere Client with the VUM plugin installed and enabled. Open the Update Manager management section. Click on the Configuration tab -> Download Settings. Then, click on Add Download Source.
Next, enter the source URL for your server manufacturer:
Edit: HP’s download locations have changed! Use:
All other components: http://vibsdepot.hpe.com/index.xml
Enter a description like “HP VIB Depot”. Click on Validate URL to ensure that’s good, and OK.
Boom, take a look and make sure the connectivity status is Connected, and you can click Download Now if you want to get the latest updates from them immediately.
Now you need to make a baseline that includes the patches, and you can make a dynamic baseline to automatically update with the latest ones. Go to the baselines tab, create a baseline, name it something with the software vendor name and ESXi version and select the Host Patch type. For Patch Options, select Dynamic. For criteria, select the server vendor, and the specific version of ESXi you’re updating. Note, this baseline will only work for a specific major version of ESXi. If you don’t select a version to include all version patches, you’ll get errors when you remediate.
Next, you can select any patch to exclude anything you don’t want installed. Newer versions supersede the older ones, so there’s no need to exclude anything unless the latest version you know causes problems.
There probably isn’t a reason to add additional Updates manually to this baseline. If you need to add other patches, make another baseline for that, and include everything you want in a baseline group.
Now add the new baseline to the appropriate Baseline groups as needed, scan and remediate, and you’re off to the races.
How cool is that?