Updating firmware and OS on ESXi 6.5 hosts

Afternoon all,

So, after finding out how bad it was at this new role when it came to updating their firmware and hosts, I've now got the pleasure of doing it. They have accepted that it's pretty bad but we're also running a version of 6.5 from November 2016........

So, my question is this, I need to know the best way to update these boxes, I'm doing the entire firmware stack for all the hardware and then grabbing the latest esx 6.5 version and then bashing through the entire cluster.

I'm thinking this

Drop the server into maintenance mode, actually, manually move off the VM's and then go to Maintenance mode. I put one in 3 days ago and it purple screened.

NExt up, update the hardware BIOS

Then update the OS

Bring it out of maintenance mode

Move the VM's back, move onto the next host. Rinse and Repeat.

Is this is the best way to do it or is there a better way?

Thanks
Alex
LVL 17
Alex Green3rd Line Server SupportAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
BEFORE we discuss your "plan" you will want to check what firmware you are updating and does this include

Spectre and Meltdown, and also the latest Intel CPU fix...(Intel Foreshadow)

and create a PLAN....(also including vCenter Server, all VMs, ALL VMware Tools, and ALL Virtual Machine versions)....

because it ALL has a performance impact on your Cluster!

So WHY and WHAT do you want to achieve with patching ?

I've already answered, questions about this...

latest fix...

https://www.experts-exchange.com/questions/29114650/Intel-Vulnerability-Foreshadow-L1-Terminal-Fault.html

https://www.experts-exchange.com/questions/29115252/Configuration-issue-on-host-after-vSphere-updates-applied-in-vsn-6-0.html

Spectre and Meltdown

https://www.experts-exchange.com/questions/29106689/Check-ESXi-status-against-Meltdown-and-Spectre.html

https://www.experts-exchange.com/questions/29079163/ESXI-6-Meltdown-and-Spectra-patches.html



DO NOT RANDOMLY APPLY VMWARE VSPHERE PATCHES WITHOUT A PLAN!!!!


If you want to fully apply patches for Spectre and Meltdown, also includes BIOS in Host, vCenter Server update, ESXi updates, VMware Tools per VM, Virtual Machine version Upgrade, and then Guest OS VM.

and also check performance impact! (which may require more Hosts after CPU microcode change).

and then there is Latest....which requires a script running
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Alex Green3rd Line Server SupportAuthor Commented:
Well currently they are using an OS which was withdrawn from public availability due to instability issues.

Essentially, I want it updated to a stable version. I'd like to get the spectre and meltdown patches as well. Updating to ESX 6.5 update 2 would be fine to be honest. However if you have a more reliable option I'd happily take a look.
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
With the current Intel flaws, all need to be addressed, otherwise you might as well not bother with anything!

You'll need to start with Upgrading vCenter Server anyway, if present.

and then... look at posts above, but update firmwares and BIOS first.

Rotation can be done, e.g. move/migrate/turn off/maintenance mode - apply fixes to host, then repeat.

BUT read all above, as to what you need to do....it's not really just apply fix and run away at preset....
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Alex Green3rd Line Server SupportAuthor Commented:
OK so lets say I'll get everything updated including all the firmware, OS and spectre/meltdown etc. What would be the best way to do it? I'm thinking BIOS first, then the OS.

Thanks
Alex
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
cross posted.. see above.
0
Alex Green3rd Line Server SupportAuthor Commented:
Oh wonderful :D thank you so much as always :D

Legend..... wait for it..... DARY!!!!!
0
Alex Green3rd Line Server SupportAuthor Commented:
Would it be an idea to push through to VCSA 6.7 or is that licenced separately from 6.5
0
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Andrew said it best, "DO NOT RANDOMLY APPLY VMWARE VSPHERE PATCHES WITHOUT A PLAN!!!!"
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
All 6.x use the same license.

Unless you have a valid reason for moving up to 6.7, I would stick with VCSA 6.5 for the time being, plenty of life in 6.5, which has the same end of support date as 6.7.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Operating Systems

From novice to tech pro — start learning today.