Patches and Updates – Usefull Resources for Lifecyle Management
Updates, patches and more updates. How do you keep track? How do you decide if a patch is critical for you and when you need to install it? How do you even know there is an update? In the field I see a lot of admins struggling to keep track. I am aware that it’s not just the VMware products you guys need to update. There also is “the rest”. OS updates, backup software updates, firmware updates and so on. This post however is focussed on handing you a few useful resources you can subscribe to or take a look at when you need to keep up to date about VMware products.
Of course we cannot tell you when to update. Only you can decide if a patch or fix is important enough to update immediately or if it can wait until you do your periodical update round. You do need to know if there are bugs worth knowing about, even though they have not been patched yet. The VMware Security Advisory is a service that will send out an email message as soon as there is a bug reported. You can subscribe here to be kept up to date. As soon as an official bug is reported, it will send out an email that will tell you what the bug is, what products are affected and how to fix or work around it if already known. A typical email will look like this.
As soon as new advisories are posted, you will be notified. This helps you to keep track of severe issues and their impact. You can also follow VMware’s security blog that can be found here. The security blog will offer a bit more background and explanation to security advisories and sometimes other updates. Take a look at their website for more content.
Patch and build numbers
“What’s that number again?”. A lot of times admins don’t know what patchlevel they are on by heart and let’s be honest, VMware isn’t making it easy. There is a KB number describing an update. An update generally has a patch number and sometimes a CVE number when it is a security issue. But a patch also has a build number. The build number, however, does not reflect the product version it is for. Basically, there are a lot of numbers you need to be aware of to make sure you exactly know where you are right now and where you want to go. Our friends at V-Front.de have been keeping a buildnumber repository for years and it has helped me more times than I can count.
They link build numbers to patches and bulletins so you can check where you are right now, what patches have since been released, how many of them are critical and what that means. You can check their website here.
Who in the infrastructure world does not know the VMware Knowledge Base? If you run VMware and you run into trouble, it’s one of the first places to look for answers. Over the years it has become huge and it receives daily updates. Some articles describe how to enable or disable a feature. Some describe how to circumvent a potential problem or a bug. Some describe how you should install a product in a specific scenario. Whatever you are looking for, it’s impossible to keep track what articles are posted and updated every day. So there’s a site for that! You can either subscribe to it via RSS but it can also send you a weekly digest of all the articles that have been posted or updated, per VMware product. Personally, I find it brilliant to keep up to date. You can look at the page here, but if you want to receive the email with the digest, you can enter your email address here and you will receive the weekly digest like the one below.
No product stands alone. It has to work with others. Does ESX 6.5 work with your version of the hardware? That’s an easy one. VMware has the Hardware Compatibility Guide for that. If you have never seen it, check it out here.
But there is more. How about “Does this version of vRealize Network Insight work with that version of NSX?”. The further along you come in the VMware products and ecosystem, the harder it becomes to keep track. That’s where the VMware InterOp Matrix comes in. It can tell you the answer to the above question.
But that’ is not all. It can also tell you if your VDI environment is compatible with the new SQL servicepack by Microsoft. Or what versions of SQL you can use with the specific product version so you can maybe use only one SQL server instance instead of 2 or 3. The InterOp Matrix has you covered. The answers provided here are officially supported by VMware, so if you stick to this, you can be sure you are in the green.
Last but not least, it can also show you if upgrades to the newest version of a specific product are supported from your current version so you can plan your upgrades accordingly. You can find the InterOp Matrix here.
There are a number of sites you can use to keep track of what the latest version is, what patches you should install, how you should install them, what these patches fix and if the version will work with the rest of your environment. Of course it does not guarantee you will stay out of trouble but that bit of background information can help you steer clear of the obvious traps and problems you would otherwise run into.
- vCenter Server appliance 6.0 URL-based patching by Sander Martijn
- Microsoft’s Convenience Update breaks VMware… by Alex Muetstege
- VMware releases first ShellShock patch by Alex Muetstege
- Trend Micro to help tackle Shellshock vulnerability by Edwin Weijdema
- End of Support for old OS-es in VMware Horizon by Erik Scholten
Alex Muetstege works as a Technical Account Manager for VMware. In the past he worked presales and technical consultancy for several systems integrators. He has been involved in virtualization, especially with VMware, since the early days.
Alex is a certified VMware VCP, VSP and VTSP.
5 time VMware vExpert (2011-2017) and one time Cisco Champion (2015).